From c9ce493f83fe9a402048bd0ca64665600dac876c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 30 Apr 2024 12:19:36 +0200 Subject: [PATCH] annotate all secrets, so users do not just copy them in --- examples/master.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/examples/master.nix b/examples/master.nix index 97cc2a5..374aa47 100644 --- a/examples/master.nix +++ b/examples/master.nix @@ -14,7 +14,7 @@ [ { "name": "eve", "pass": "XXXXXXXXXXXXXXXXXXXX", "cores": 16 } ] - ''; + ''; # FIXME: replace this with a secret not stored in the nix store # Users in this list will be able to reload the project list. # All other user in the organization will be able to restart builds or evaluations. admins = [ "Mic92" ]; @@ -22,14 +22,14 @@ # Github user used as a CI identity user = "mic92-buildbot"; # Github token of the same user - tokenFile = pkgs.writeText "github-token" "ghp_000000000000000000000000000000000000"; + tokenFile = pkgs.writeText "github-token" "ghp_000000000000000000000000000000000000"; # FIXME: replace this with a secret not stored in the nix store # A random secret used to verify incoming webhooks from GitHub # buildbot-nix will set up a webhook for each project in the organization - webhookSecretFile = pkgs.writeText "webhookSecret" "00000000000000000000"; + webhookSecretFile = pkgs.writeText "webhookSecret" "00000000000000000000"; # FIXME: replace this with a secret not stored in the nix store # Either create a GitHub app or an OAuth app # After creating the app, press "Generate a new client secret" and fill in the client ID and secret below oauthId = "aaaaaaaaaaaaaaaaaaaa"; - oauthSecretFile = pkgs.writeText "oauthSecret" "ffffffffffffffffffffffffffffffffffffffff"; + oauthSecretFile = pkgs.writeText "oauthSecret" "ffffffffffffffffffffffffffffffffffffffff"; # FIXME: replace this with a secret not stored in the nix store # All github projects with this topic will be added to buildbot. # One can trigger a project scan by visiting the Builds -> Builders page and looking for the "reload-github-project" builder. # This builder has a "Update Github Projects" button that everyone in the github organization can use.