Hi !
Would it be possible to have a file uploaded with secrets allowing jenkins to run against test.wikidata.org using the FLOSSbotCI user ? Here is an example of how it can be done for tools in the lab https://wikitech.wikimedia.org/wiki/User:Russell_Blau/Using_pywikibot_on_Labs . I suppose this involves a mixture of adding to the layout.yaml file and uploading a file in a confidential location ?
Thank in advance for your help :-)
I have seen that task on Sunday, been swamped with other duties though. I am not sure how to handle the secret, then I am pretty sure Pywikibot had a similar use case (run tests against beta cluster), but I could not find it :( Adding @jayvdb , I am pretty sure we had that discussion a couple years ago.
A potential way to pass user/password would be to have the secrets added in Jenkins credential store. Then craft a specific Jenkins job that will have the credentials injected as environment variables. From there we can craft/alter a user-config.py and it should work.
Then anyone dumping the env variables will get access to the credentials. So one can easily send a patch that just dumps all the env or made to retrieve them and the credentials are leaked. For a job that runs after the merge, that is acceptable though.
Probably a real solution would be to have MediaWiki + Wikibase installed in the test environment, populated with tests data then run the test suite against that local env. There might be a task about that for Pywikibot core, I can't find it either though :-(