Open rafecolton opened 10 years ago
I care :smiley_cat:
Why can't we accept an API token in the body of the webhook request? In the case of Travis webhooks, the entire .travis.yml
is sent in the payload, so there's an opportunity to read the token from there in the case of private repositories that aren't encrypting the value.
Yeah, that would handle the above case, since it would not be necessary to encrypt the value in a private repo. Are there any standards around where in the .travis.yml
to put the value?
It's nice to namespace your stuff, but that's about it.
If no API token is provided to the build server itself, and the request comes through on a webhook as opposed to a request to
/docker-build
, it wouldn't be possible to clone down a private repo. Do we care? If so, proposed solutions?