diff options
-rw-r--r-- | README.md | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -23,7 +23,7 @@ By automating the process of initiating Travis-based Sauce tests and posting the ## How it works (for the Open Sauce use-case) 1. Use GitHub webhooks to listen for new or updated pull requests in a given GitHub repository. 2. If the pull request does not modify any JavaScript files, ignore it. -3. Ensure that no sensitive build files (e.g. `.travis.yml`, `Gruntfile.js`) have been modified. +3. Ensure that no sensitive build files (e.g. `.travis.yml`, `Gruntfile.js`) have been modified, since these files have the potential to cause leakage/exposure of the Sauce login credentials. 4. Clone the pull request's branch and push it to a test repo under an autogenerated name. 5. Travis CI will automatically run a build on the new branch *under the test repo's user*. Thus, this build will have access to Travis secure environment variables; in particular, it will have access to the Sauce Labs credentials. 6. Use webhooks to track the status of the Travis build. |