> On 8 Sep 2018, at 22:47, Spencer Graves <spencer.gra...@effectivedefense.org> > wrote: > > > > On 2018-09-08 14:02, Joshua Ulrich wrote: >> Hi Rainer, >> >> On Wed, Sep 5, 2018 at 2:28 AM, Rainer Krug <rai...@krugs.de> wrote: >>> Hi >>> >>> I have a package at GitHub (https://github.com/rkrug/ROriginStamp) which I >>> am >>> pre[paring for CRAN. >>> >>> It creates a trusted timestamp using the API fro OriginStamp >>> (https://originstamp.org/home) which requires an API key. Now this API >>> should >>> not be made public, as to much traffic through one API key will lead to it’s >>> blocking. >>> >>> I have stored the key encrypted in the travis.yml, and the package passes >>> all >>> tests. >>> >>> But if I send it to CRAN, it would fail the tests, as the api key is not in >>> the package itself. >>> >>> I could disable all tests for CRAN which need the API key, but I think it >>> would be better tu run the tests there as well (as an additional check to >>> travis). >>> >>> My question: >>> >>> Is there a way of storing the API key encrypted, so that only the CRAN test >>> servers can decrypt it, or is there another way can steal with this? >>> >> I have a similar issue with quantmod. I need API keys to test some >> functionality and I would like the tests run regularly, so I can know >> when something breaks without having to wait for a user to report the >> change. >> >> I store the API keys in encrypted environment variable in TravisCI, >> and I check for those environment variables before running the tests >> that require them. >> >> Then I added a cron job on TravisCI to run the build if there hasn't >> been a build in the past 24 hours. That solves the problem adequately >> for my purposes without adding any burden to CRAN. Hopefully it works >> for your purposes too. > > > So those tests don't run if the required environment variables are not > there?
Exactly - that’s how I am doing it at the moment. > > > Rainer's problem was getting a secure time stamp. For his case, rather > than skip the tests if the API keys were not there, one might take the time > stamp from someplace else, perhaps with a note of the source of the time > stamp. Well - for the tests I don’t see much use in returning a canned reply if the API key is not present. It would just add a false sense of “working” if the API changes, which is one main point of the tests. So I’d rather skip the tests which require the API key when it is not set via an environmental variable. I am following Josh’s suggestion to run the tests on TravisCI via a cron job to do regular tests. Thanks Rainer > > > Spencer > >> Best, >> Josh >> >>> Thanks, >>> >>> Rainer >>> >>> >>> >>> -- >>> Rainer M. Krug, PhD (Conservation Ecology, SUN), >>> MSc (Conservation Biology, UCT), Dipl. Phys. (Germany) >>> >>> University of Zürich >>> >>> Cell: +41 (0)78 630 66 57 >>> email: rai...@krugs.de >>> Skype: RMkrug >>> >>> PGP: 0x0F52F982 >>> >>> >>> >>> >>> ______________________________________________ >>> R-package-devel@r-project.org mailing list >>> https://stat.ethz.ch/mailman/listinfo/r-package-devel >>> >> >> > > ______________________________________________ > R-package-devel@r-project.org mailing list > https://stat.ethz.ch/mailman/listinfo/r-package-devel -- Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation Biology, UCT), Dipl. Phys. (Germany) University of Zürich Cell: +41 (0)78 630 66 57 email: rai...@krugs.de Skype: RMkrug PGP: 0x0F52F982
signature.asc
Description: Message signed with OpenPGP
______________________________________________ R-package-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-package-devel
