Skip to content
This repository has been archived by the owner on Feb 20, 2023. It is now read-only.

No issue: create add_secrets to copy local secrets into correct files #25669

Closed
wants to merge 1 commit into from
Closed

No issue: create add_secrets to copy local secrets into correct files #25669

wants to merge 1 commit into from

Conversation

MatthewTighe
Copy link
Contributor

@MatthewTighe MatthewTighe commented Jun 17, 2022
edited
Loading

During attempts at debugging #25545, we have had some trouble with reproducing the issue regularly. One reason for that might be that builds from different people might include different subsets of features due to the lack of secrets included in the build process.

It's an error-prone and time-consuming process to copy each secret into the appropriate place in our build scripts, so this attempts to remove that obstacle by making it easier to insert all our secrets during a local build.

I deleted the .adjust_token file because it appeared to only contain a placeholder, which was required in local release builds that were lacking the real secret. However, I was concerned that it would get overwritten when this script was used, and since it was already in the source tree it wouldn't be ignored correctly. This could lead to the secret being leaked pretty easily. Instead, the dummy file is created automatically during release builds where it is not present.

Excuse my amateurish python skills 😂

To download an APK when reviewing a PR:

  1. click on Show All Checks,
  2. click Details next to "Taskcluster (pull_request)" after it appears and then finishes with a green checkmark,
  3. click on the "Fenix - assemble" task, then click "Run Artifacts".
  4. the APK links should be on the left side of the screen, named for each CPU architecture

@MatthewTighe MatthewTighe requested review from a team as code owners June 17, 2022 23:45
boek
boek reviewed Jan 4, 2023
View reviewed changes
app/build.gradle
@@ -318,6 +318,8 @@ android.applicationVariants.all { variant ->
buildConfigField 'String', 'ADJUST_TOKEN', '"' + token + '"'
println "(Added from .adjust_token file)"
} catch (FileNotFoundException ignored) {
// Release builds will crash without a dummy file
new File("${rootDir}/.adjust_token").text = "--"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I recall correctly, crashing was intentional to make sure we weren't shipping a build without one?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll re-examine this PR once the repo migration will happen, but I believe this comment was about the actual build process and not the finished artifact. IIRC I had removed the empty .adjust_token file as part of this PR but we still wanted it present and empty during pipeline builds.

boek
boek reviewed Jan 4, 2023
View reviewed changes
tools/add_secrets.py
)
sys.exit(2)

# These mappings are borrowed from taskcluster/transforms/build.py and should be kept in sync.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if there is an easy way if we can share the mapping between the scripts so we don't have to manually keep them in sync 🤔

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suppose a shared text file could be parsed between them. I'll consider if that's worth the effort when I come back to this PR

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@boek boek boek left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MatthewTighe @boek