env

This section defines environment variables that are visible throughout a build:

DOCKER_REPO=devopswithkubernetes/okeydokey
BUILD_IMAGE_PATH=${DOCKER_REPO}:build-${TRAVIS_COMMIT}
RELEASE_IMAGE_PATH=${DOCKER_REPO}:${TRAVIS_TAG}

Here, we set some variables that might be changed, such as the Docker registry path where the built image is heading. There's also metadata about a build passed from Travis CI in the form of environment variables, which is documented here: https://docs.travis-ci.com/user/environment-variables/#default-environment-variables. For example, TRAVIS_COMMIT represents the hash of the current commit, and we use it as an identifier to distinguish our images across builds.

The other source of environment variables is configured manually on Travis CI. Because the variables configured there would be hidden from public view, we stored some sensitive data such as credentials for Docker Hub and our GitHub repository there:

Every CI tool has its own best practices to deal with secrets. For instance, some CI tools also allow us to save variables in the CI server, but these are still printed in the building logs, so we're unlikely to save secrets there in such cases.

Key management systems such as Vault (https://www.vaultproject.io/) or similar services by cloud providers such as GCP KMS (https://cloud.google.com/kms/), AWS KMS (https://aws.amazon.com/kms/), and Azure Key Vault (https://azure.microsoft.com/en-us/services/key-vault/), are recommended for storing sensitive credentials.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset