Gemnasium and CircleCI - GEMNASIUM_TOKEN seems to not get picked up

ruby
envars
circle.yml

#1

Hi,

I’m attempting to integrate Gemnasium into our community project and running into some sort of oddity that I can’t figure out.

We are Ruby 2.4.1 and Rails 5.0.2, mongo, etc…

Gemnasium toolbelt is installed as a part of our build steps through:

dependencies:
  post:
    - bash ./scripts/install_gemnasium.sh

Which runs a simple bash script to install gemnasium (working fine as far as I know)

And then run as such:

- bash ./scripts/gemnasium_autoupdate.sh

Which runs: https://github.com/DarthHater/dcaf_case_management/blob/a1e5fb86dd901111055ae0524ff5473c8c3cd4e5/scripts/gemnasium_autoupdate.sh

As a step in test: post:

The issue I am running into is I’m setting environment variables in CircleCI for GEMNASIUM_TOKEN and it doesn’t appear to be available inside these scripts. Am I missing something?

I’ve done everything I can think of thus far, including a debug statement to output one of the less private env variables I setup.

A build where you can see this is: https://circleci.com/gh/DCAFEngineering/dcaf_case_management/2155

Appreciate any help, I’m sorta curious if the bash scripts are being run under a different user that doesn’t have access to the env variables or something akin? Also I have yet to see any real documentation on getting the two working together, so I figure making a public issue is a good thing. Thanks!


#2

If you take a look at the build output you will see this:

Suppressing export of environment variables DOCKEREMAIL, DOCKERLOGIN, DOCKERPASS, BRAKEMAN_PRO_URL, GEMNASIUM_TESTSUITE, GEMNASIUM_PROJECT_SLUG, GEMNASIUM_TOKEN fork PR builds

On Fork PR builds we do not export ENVARS since this would mean that anyone who opens a fork will be able to see your secrets (i.e. by adding echo $ENVAR to circle.yml)

You can enable ENVARS for forks in project settings, but we do not recommend doing this.


Can't access environment variables in shell scripts
#3