This is also affecting many of our Windows’ auto-deployment builds. We have some access tokens that are required for deployments, and the Windows builds are failing whenever we add secrets to the builds.
Can confirm my builds fail as well when adding secret environment variables. It’s not an option for me to remove these as my secrets are needed to deploy out to npm and github.
Any encrypted settings for the project in the Travis CI UI or env: global: - secure: cause Windows jobs to hang. For example, this job got in about 19 lines and then on the first command in before_install it just hangs. No error message, nothing. When I removed the env: global: - secure: and project Environment Variables, it would proceed.
It has been suggested in that thread that adding filter_secrets: false can fix the issue. However, doing that seems quite dangerous when bad actors only need to submit a PR containing an env call to see all your secrets.
filter_secrets: false can be used on a per-job basis. I personally use it do disable filtering of secrets for Windows hosts and then unset the specified environment variable first thing in before_install:. When the secret is set, it’s still filtered and secrets are always removed for pull requests. Of course this won’t allow you to use the secret in Windows builds, but for my scenario that was good enough (running Coverity Scan on Linux).