Why is "export_presets.cfg" in the gitignore?

[greenfox1505]

I've been using this .gitignore for most of my projects. I'm writing a build automation script when I realized this file was the source of some of my issues.

I understand this file was likely writen before GodotHeadless was relevant. Should these lines still be here for projects that automate builds?

Reviewing the formatting of the file has a line called export_path=..., and this line seems to be an absolute path, that might need to be adjusted to be relative path. Otherwise I see no reason to exclude this from a project repo.

godot-demo-projects/.gitignore

Line 3 in b9bca13

export.cfg

[Calinou]

See the discussion in github/gitignore#2827. In short, we need to move sensitive credentials such as the Android keystore information to a separate file that can be added to .gitignore, and remove export_presets.cfg from .gitignore (which would then not include any sensitive credentials).

[greenfox1505]

So export_presets.cfg will be removed from .gitignore at when it no longer has sensitive data in it?

I've only ever built for Windows, Linux, and HTML5, so I don't have any sensitive data in my projects.

What is export.cfg? I've only ever seen export_presets.cfg in my projects. Is that an old name?

[Calinou]

@greenfox1505 I believe export.cfg is the file name that was used before Godot 3.0. In Godot 3.0 or later, it's export_presets.cfg.

[Xrayez]

Note that you can encrypt your scripts now again in 3.1, so export_presets.cfg may surely have sensitive data regardless of platform, also see godotengine/godot#24582.

[greenfox1505]

If that is the case, those encryption keys do not belong in export_presets.cfg. A git repo should not contain such sensitive information.

https://www.freecodecamp.org/news/how-to-securely-store-api-keys-4ff3ea19ebda/

[aaronfranke]

In addition to keys, my export_presets.cfg file contains absolute file paths specific to my own computer. If I move onto another computer, the paths are not relevant anymore. These should not be committed, perhaps they should go in .import/.

export_filter=""
export_path="/home/aaronfranke/workspace/whatever"
patch_list=PoolStringArray(  )

Related: godotengine/godot#29674 (and example of the problem manifesting)

[Calinou]

@aaronfranke Export paths should now be relative as of godotengine/godot#28701. Maybe you need to clear export paths and set them again with a recent build?

The same has also been done for Windows icon paths.

[aaronfranke]

I've been thinking about this recently, even if there is no direct harm in having such files committed, I think it would not make much sense to have them in the demo projects repo.

Should every project get export presets? If so, what platforms? Would each project have presets for different platforms? What export settings should we use? It would be very easy to have this become inconsistent between each of the demo projects.

When it comes to a gitignore file used in other projects, as @greenfox1505 reports in his first sentence, that is its own discussion and would involve changing this file.

If that file is changed to not include export_presets.cfg, then perhaps we could make the file in this repo have a separate section called # Demo projects repository-specific or similar, and we can exclude export_presets.cfg only here?

[Calinou]

@aaronfranke I think it makes sense to avoid committing export_presets.cfg in demo projects indeed.

If that file is changed to not include export_presets.cfg, then perhaps we could make the file in this repo have a separate section called # Demo projects repository-specific or similar, and we can exclude export_presets.cfg only here?

Sounds good to me.

[aaronfranke]

I'm closing this, with the resolution as stated above.

For changing this file, that's another discussion for another place.

[Flash1232]

So what should people that would like to use CI builds do? Can we specify a stripped export_presets_ci.cfg such that Godot on the build runner will take this instead of having to check in the original file containing sensitive data?

[Calinou]

So what should people that would like to use CI builds do? Can we specify a stripped export_presets_ci.cfg such that Godot on the build runner will take this instead of having to check in the original file containing sensitive data?

Not yet, you'll have to wait until godotengine/godot#35930 is merged.

In the meantime, use sed to fill in export_presets.cfg with secrets in your CI job. See this file for an example of doing this with project.godot (which uses the same format).

[Flash1232]

@Calinou Thanks for the reference! I find this example very helpful for the time being but as we just want to build for code review, we just copied our export_presets.cfg and called it export_presets_ci.cfg, stripped sensitive/ machine-specific information, committed it to Git and added a before_script entry in the .gitlab-ci.yml:

...

before_script:
  ...
  - cp export_presets_ci.cfg export_presets.cfg
...

Looking forward to the PR merge. :)