13 Apr
2016
13 Apr
'16
4:13 p.m.
Not that this really matters a lot since we can probably trust each other right now not to use other's resources, but I noticed many people end up leaking the API key publicly, e.g. https://ci.centos.org/job/bstinson-centpkg-unittests/configure and https://ci.centos.org/job/adb-openshift-vagrantfile-tests/12/console and several others.
The two problems seem to be including the Python script raw as a builder (which Jenkins exposes as public data), or injecting it as an environment variable (which shows up in the Jenkins console logs).
I created: https://github.com/kbsingh/centos-ci-scripts/pull/4 but since there are many forks of this now, multiple groups will need to change their copies too.