On Thu, Mar 23, 2017 at 05:22:51PM +0100, Johannes Schindelin wrote: > > The benefit is that Windows CI does not have to subscribe to the > > GitHub repository to get notified (instead uses Travis as a relay > > for update notification) and the result can be seen at the same > > place as results on other platforms Travis natively support are > > shown? > > Almost... Windows CI *cannot* subscribe to the GitHub repository, as only > owners can install web hooks and give permission to update build status. > > But yeah, you understand correctly: this innocuous change (along with a > ton of work I already finished on my side) allows us to let Travis trigger > Windows build & test and to attach the log in the same place as the > Linux/OSX results are already accessible.
I don't mind adding a webhook if it helps. If I understand correctly that would just handle the notification site. But then if the Windows build status were public, we could have Travis simply fetch it to keep the build reports all together, without having to worry about a secret token. I don't mind proceeding with the secret token, though. You're the owner of the service the token accesses, so if you're comfortable with it, I am. > > > Things, that would need to be done: > > > * Someone with write access to https://travis-ci.org/git/git would need > > > to add the secret token as "GFW_CI_TOKEN" variable in the TravisCI > > > repository setting [1]. Afterwards the build should just work. > > > > We need to make sure this does not leak to the execution log of > > Travis. > [...] > > Right, typically there is a way in CI setups that marks certain strings as > secret and whenever they appear in the log, they will be blotted out. I think both Junio and I have access to the Travis config. Travis does have a "this is secret" flag for setup config. But I think we'd need to verify that running the Travis build does not leak the variable in any other way. For instance, if it's in the environment, can I push up a branch that does "set | grep GFW_CI_TOKEN", open a PR, and see it? I don't know the answer. -Peff
