Closed thegecko closed 7 years ago
Problem here is that I enabled CI tests for PRs (makes sense, no?) but hg SSH checkouts require an SSH key which doesn't get injected into PR builds (security). https checkouts work, but yotta can't tell it's an HG repo using that scheme. Options are:
The user for the bitbucket keys (https://bitbucket.org/yottatest/) is already a bot/has access to nothing else, so I think it should be safe to just share the keys.
(also the corresponding github user is https://github.com/yottatest, I believe)
Github scans for exposed keys and disables them, and possibly bitbucket does the same, but I don't think they'd see them if they're just exposed to builds.
@autopulated In that case, can we move the test repos used under the yottatest accounts?
github.com/autopulated/testing-dummy.git
and bitbucket.org/autopulated/hg-testing-dummy
I've forked the github one under github/yottatest.
I can't fork the bitbucket one because I can't log in with the yottatest account there – Atlasssian have introduced some messed up new One Account To Rule Them All scheme that needs to re-verify the email address 🙄 sooo for that one it might be easier just to create a new account, sorry!
I think the git/hg test repos should ideally be accessed via git/hg, rather than http, otherwise they aren't using the access classes the way that they would be normally (http:// would be ambiguous in package.json?)