-
Bung
😊
-
Ge0rG
Do we have secrets on Travis? https://travis-ci.community/t/security-bulletin/12081
-
jonas’
news at 11
-
moparisthebest
good thing they totally killed travis-ci for most projects a few months ago or that could have been bad
-
jonas’
why is everyone surprised about this?
-
jonas’
that's exactly how CI tools work
-
jonas’
either you leak secrets to PRs, or you get no meaningful CI?
-
Zash
Hadn't everyone already moved towards the later?
-
moparisthebest
damn this isn't good https://mobile.twitter.com/peter_szilagyi/status/1437646118700175360
-
moparisthebest
jonas’, no it's meant to not leak secrets, because building/checking doesn't need secrets, but deploying master or whatever does
-
jonas’
depends
-
jonas’
my test workflows sometimes require secrets
-
jonas’
if they talk to some IaaS for instance.
-
moparisthebest
this is the only thing I can find on it at the moment https://github.com/travis-ci/travis-ci/issues/10117
-
moparisthebest
but it never shared secrets with PRs from other repositories as far as I know