We’re trying to set up our CircleCI environment so we can have all our PRs from contributors build, but not expose our environment variables set up through the Circle web UI.
The settings page and docs are out of sync with each other (docs referencing settings that don’t exist), so we’re getting very confused by the behaviour we’re seeing.
My understanding that by setting “Permissive building of fork pull requests” to “Off”, our PRs would still build, but the exporting of the environment variables would not happen. When we set this to Off, our PRs don’t build at all. Setting it to “On” will trigger builds of PRs, and will not export the environment variables, but previously, without any settings changes, it would export the environment variables.
Can someone please provide some clarity on this? I don’t want to allow permissive building and have it expose our environment variables down the line.
I would like to be able to upload artifacts from a forked PR build to a server. I would like to be able to set an environment variable containing credentials that are used to upload the artifacts to the server in a final deploy step, but are not exposed to the forked build.