From bdeaca482405113271bb20c9f36e55aab651691c Mon Sep 17 00:00:00 2001
From: Paul Gschwendtner <paulgschwendtner@gmail.com>
Date: Fri, 23 Sep 2022 16:18:49 +0000
Subject: [PATCH 1/2] feat(circleci-orb): command for setting up remote bazel
 execution

---
 .circleci/gcp_token                           | Bin 2352 -> 0 bytes
 circleci-orb/BUILD.bazel                      |   3 +-
 .../commands/setup-bazel-remote-exec.yml      |  24 +++++++++
 .../setup-bazel-remote-exec/BUILD.bazel       |  47 ++++++++++++++++++
 .../setup-bazel-remote-exec/constants.ts      |  12 +++++
 .../setup-bazel-remote-exec/encrypt.ts        |  20 ++++++++
 .../setup-bazel-remote-exec/gcp_token.data    | Bin 0 -> 2331 bytes
 .../scripts/setup-bazel-remote-exec/index.ts  |  40 +++++++++++++++
 8 files changed, 145 insertions(+), 1 deletion(-)
 delete mode 100644 .circleci/gcp_token
 create mode 100755 circleci-orb/commands/setup-bazel-remote-exec.yml
 create mode 100644 circleci-orb/scripts/setup-bazel-remote-exec/BUILD.bazel
 create mode 100644 circleci-orb/scripts/setup-bazel-remote-exec/constants.ts
 create mode 100644 circleci-orb/scripts/setup-bazel-remote-exec/encrypt.ts
 create mode 100644 circleci-orb/scripts/setup-bazel-remote-exec/gcp_token.data
 create mode 100644 circleci-orb/scripts/setup-bazel-remote-exec/index.ts

diff --git a/.circleci/gcp_token b/.circleci/gcp_token
deleted file mode 100644
index 74e0513d8637ebf7d0d6a6eaf2527c94c1bf3647..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2352
zcmV-03D5RZVQh3|WM5xK`&pBto30EKx3T|cd@+|w?aC@8)8cTCYVvIQ4|Ha0a)@Jg
zW-ilCxvbY&+yDXLyD(YL2_<;Sr9^RwvUA7GEUipVfuN7o!5yEBI!Wy=bwrtnffNVt
z$y%Lc)<V=|q8d@kI||<k)hDYBUIetW3Q(C26Kn}l0`R(<d<d7>6%-42GaY?nj&b#m
zHFPVasTNV0TkO{OL{0hHpg*$jLlx=$oKgM~qW=C{gAz*^`2iOa*Le8`Mlq>^2>tlw
zd#rC&U~1#V6E`Q=^uShVY~50|R({Z0OnVl3?-i(bbky)h@m7C)9hi2Txrr)9eJ&S5
zh-`%KgV30}2prWa4d9ZE(=47|=6|*5K~^te9O;g66Mzt!aW!bQJ_sHEBXD#o9g%-t
zuTfF*LOMP~KOU-upF>>c#?$rJ3OyrPhFZe46iq#HzCL{i`gm0lc6APcfFS1ZF8^C)
za)z$G@Pm9m(g|(|A<xPq0MG@VUjtr_6jt(#@j9UYf_Z6bcbLiYl;Rc+SR-H%<9&Y!
zR9%%X4|())H>EPXw#DKbHfOqotBjhzF#{Z|Vhfh(`$&q38?({9;EY5gGfUJoVbCoL
zy`LTb(}FBPbi4h-?@QnJ-0;q$+15f-_4i&3j}TXIk@7y4NIzXpjgXc-NHQdT5n~h_
zqDwZo#uR8wuSPebk&B_uh5s%16yuf~e~8HMm5f%GU%||sikH2@dbZk4zJ89lG<;p6
zqBWF;ICre<)SNXkP}V%oKOp2)#e~T%rI9GlQrx8`5&I>xA=MFRn{5T&4iw-us<lYT
z^o44|u)nMJwieP=hh3sK;8P52ZbOms#8MiIf$n4>Gni_(;6goT-?ei;R36~F^JJEX
zo}dk=NVi6vVrFV!sG<|OR@#ssZ`S;J{U|_D5~+RTr#|NIH&k+9S$(nXNDMgKSq6Y(
z@Hz_FRP@_4L^BQ4fI`fVEEA;xMX>~5|Jo<gDszgcgq7e{&kkK&h7w(;Y}Byrk_I;6
zKd+%?Z|U`Zlw?Z7>Nl|WNJLJd8!g1xuy@rXXza018byV#7GN#>3D}PT`ziV>^c>;l
z4Dgv-0{~P4{QTaJh3FU4h;aO%E~!DaJ6+oiL+ymKiGJto@$`Ou8TM)p5#$($Mw6Jg
zO+XAcRa#%S`{LQq<7Wo}Y|3YbF-*2q>Oo;qnN@J~RH_kkS9iX5{gRjG)OzkQ;o<!s
zi*EAV{?3&uz!=UNh3;NI1vaVD5*B{i=m!Q@<KlWJ;9Ur`*>wrN#6)LTd><n71N~i4
z)o=Tl3)79`LTo|+<9|CT?MZ5y{_z2FlOhG{oWUSN%B*0(9&ZQjdgx^1f5a-(;})Et
z2kihu$rlOT`c`wE0SGEW&OmYW>E!$}4g>+wXb+q_*A$`{F9M|9)!EPRh+ZEjLDB~x
zr}ZdES&()Lgrx_t+SEmH4|TwjuEf$*zD&zg|My4E3B?v-KBElE53-yT2&@4TbZNA<
zb~=6(DCtf%9#1=-<WBwi`2?3F=!5x*f(##V+kF_swo|-rx58FrjXVUy@XT-G*O3#q
z^#Jk3>G$IJ*NklxorUF9TZseev49p15_+-|3`$LX!2^Hz+fIznQIhFsMzROR3g5x1
z9VMf(!!-_`!OolH|HwrLO5u`xfPh&TILK@qaVCalpWF|zY-z4880WM1ldqjx<CTDq
zQk{!indAdJ_LHO17j!#zaagMFRWu~O-PeC6q4VYL3M)QqIJsxQbu+54={cHoXq>-!
zkE|ObxSj-(;lb9tYAw%mL<hqw7U>`ebT4GYU`SZl33Gs-Xq3^q=uO%u(+(s$jGydF
z5D%*&q8Bop+9<htH)uJO#e<l0s4nrs>G}PFbmf2Po1Va_o&PbojeJUZLaGOpV)tl-
zKqy7M-jvGo+CaimSOO=(*KT}`rR_$r9}<1p#%LmVVBIsG@g<qfY11DXLwAD6r00a(
zOh@vYUe5dI1&?KbPz#<hrs=#1xA7(DTZNhn>}d|1_^A1@;W@nTEhlNy9NOHsl{1J?
zFVFqBG>lsSnV3sn5EY;*9Ti>M^e5`tLq<Pdaxt#kE4#95vB;4AWHs#Frva8v4tk*8
zHXvK~S-J%)N%g<18r=1h$1Sh(T(@JKdszc`!j<s&S&jE{2v(5pDv>ve!6ME?!}jM%
z(I6u+Hma0~vTIVGD}lMnB3i`|P>3zSeM8YSryZfM<iu*8pab17A~1QHrJ<ie<jn2<
zzDO@xGu&X(oU9c#h)9ldpr5&vEr3%2gdf>_GEU1%J#QLf6Xp;s8>j<!Lm5boNpP=l
zyLL+TglxgzF94(-rq$Y@3>{t6W67!>j7?I_CmU_>p6wP&Z6{50z18^G9=H<LL#XB0
zwvCQw5vQq25Y|JWf7K*xFp*nf45W7atZ(!r<g!|XkW^}YdYQQfkR-EAFeC#i|C2G)
z5d%`D;`tP^|LSw}5)##2z%vumNAY(*SfWsRi!C_QE<sj!=nGD2r*Uj<{zp)@xn)kP
zS*Q9-CiV)a`EQg*MNaYHVBmb_{~bmHxmK(G$8?ZaMOei|c1fY-dlW{pgD%nWo0`9n
zxRHI#|2kQNp0_5JPX&=3&)8UlKxe)jv$NDVG9H+0R0*?S4^giun!FIaS$4xKHdRCU
z?>zdZCyf*JR#pZ)O||~Wa!X$dJMSgJS5v?L)_xi#)X&R?&rWE;Xhz*vouluZb_T)S
z2Fynn)Y*DZ{&|N6S|Hlgkk7+ld^kpf4I_wIFw3engW2-g-V)k>dvx*@#zK1Iy*?cD
zQ7o(#ZUAZ8v2#W_;9;SO>wM^4LtCvTq%oUdirv3VIF;-g^M5GCse9}Wv2C%A{9(m#
zkD!29{~RFUc!u)}J?;qTASkO{v6sP!Szl^BDG9~IKB4I&ehRh#@Cb0`&QRP?@X000
z@Sk@}^pK7WvfYG5D<OMt!9s38U0CBXE#|~vd|x_C5<Lz-!h*DI5sBT>xTSq@p!oG1
zLv#1!uWDE{TFw<Sft+zuQO*F;iIld(`A#{#afSilqVnirJ(&{f{q#eIfx?;F?O*Ck
W@GJ=a*?QKsrEH>#DQ|YQ6)l8@^N?Zy

diff --git a/circleci-orb/BUILD.bazel b/circleci-orb/BUILD.bazel
index 5cb6a39fe..87b8a4c8a 100644
--- a/circleci-orb/BUILD.bazel
+++ b/circleci-orb/BUILD.bazel
@@ -2,7 +2,7 @@ load("@build_bazel_rules_nodejs//:index.bzl", "nodejs_binary")
 
 ORB_NAME = "angular/dev-infra"
 
-ORB_VERSION = "1.0.2"
+ORB_VERSION = "1.0.5"
 
 nodejs_binary(
     name = "pack_orb_script",
@@ -17,6 +17,7 @@ filegroup(
     name = "orb_generated_files",
     srcs = [
         "//circleci-orb/scripts/rebase-pr-on-target-branch:script",
+        "//circleci-orb/scripts/setup-bazel-remote-exec:script",
     ],
 )
 
diff --git a/circleci-orb/commands/setup-bazel-remote-exec.yml b/circleci-orb/commands/setup-bazel-remote-exec.yml
new file mode 100755
index 000000000..b9fa7cb6e
--- /dev/null
+++ b/circleci-orb/commands/setup-bazel-remote-exec.yml
@@ -0,0 +1,24 @@
+description: Setup Bazel remote execution
+
+parameters:
+  bazelrc:
+    type: string
+    default: ''
+    description: |
+      If specified, the given `bazelrc` file is being updated to always run
+      with the `--config=remote` flag.
+  shell:
+    type: string
+    default: ''
+    description: |
+      Shell to use for executing the command. Useful for Windows where a
+      non-bash shell is the default.
+
+steps:
+  - run:
+      environment:
+        BAZELRC_PATH: << parameters.bazelrc >>
+        NGAT: 'HlA2BJMJAXPDI1UAn5gytw=='
+      name: Setting up Bazel remote execution
+      shell: << parameters.shell >>
+      command: << include(../dist/bin/circleci-orb/scripts/setup-bazel-remote-exec/script.sh) >>
diff --git a/circleci-orb/scripts/setup-bazel-remote-exec/BUILD.bazel b/circleci-orb/scripts/setup-bazel-remote-exec/BUILD.bazel
new file mode 100644
index 000000000..97dbe9550
--- /dev/null
+++ b/circleci-orb/scripts/setup-bazel-remote-exec/BUILD.bazel
@@ -0,0 +1,47 @@
+load("@build_bazel_rules_nodejs//:index.bzl", "copy_to_bin", "nodejs_binary")
+load("//tools:defaults.bzl", "esbuild", "ts_library")
+load("//circleci-orb:index.bzl", "nodejs_script_to_sh_script")
+
+package(default_visibility = ["//circleci-orb:__subpackages__"])
+
+copy_to_bin(
+    name = "gcp_token",
+    srcs = ["gcp_token.data"],
+)
+
+ts_library(
+    name = "setup-bazel-remote-exec",
+    srcs = glob(["*.ts"]),
+    # TODO(devversion): Remove this when `ts_library` supports `.mts` extension.
+    devmode_module = "commonjs",
+    deps = [
+        "@npm//@types/node",
+    ],
+)
+
+nodejs_binary(
+    name = "encrypt",
+    data = [":setup-bazel-remote-exec"],
+    entry_point = ":encrypt.ts",
+)
+
+esbuild(
+    name = "bundle",
+    srcs = [":gcp_token"],
+    args = {
+        "loader": {
+            ".data": "binary",
+        },
+    },
+    entry_point = "index.ts",
+    format = "iife",
+    minify = True,
+    sourcemap = "",
+    deps = [":setup-bazel-remote-exec"],
+)
+
+nodejs_script_to_sh_script(
+    name = "script",
+    bundle_file = ":bundle.js",
+    output_file = "script.sh",
+)
diff --git a/circleci-orb/scripts/setup-bazel-remote-exec/constants.ts b/circleci-orb/scripts/setup-bazel-remote-exec/constants.ts
new file mode 100644
index 000000000..01a56d96a
--- /dev/null
+++ b/circleci-orb/scripts/setup-bazel-remote-exec/constants.ts
@@ -0,0 +1,12 @@
+/**
+ * @license
+ * Copyright Google LLC All Rights Reserved.
+ *
+ * Use of this source code is governed by an MIT-style license that can be
+ * found in the LICENSE file at https://angular.io/license
+ */
+
+export const alg = 'aes-256-gcm';
+export const at = process.env.NGAT!;
+export const k = process.env.CIRCLE_PROJECT_USERNAME!.padEnd(32, '<');
+export const iv = '000003213213123213';
diff --git a/circleci-orb/scripts/setup-bazel-remote-exec/encrypt.ts b/circleci-orb/scripts/setup-bazel-remote-exec/encrypt.ts
new file mode 100644
index 000000000..bc04d3aa8
--- /dev/null
+++ b/circleci-orb/scripts/setup-bazel-remote-exec/encrypt.ts
@@ -0,0 +1,20 @@
+/**
+ * @license
+ * Copyright Google LLC All Rights Reserved.
+ *
+ * Use of this source code is governed by an MIT-style license that can be
+ * found in the LICENSE file at https://angular.io/license
+ */
+
+import {createCipheriv} from 'crypto';
+import {k, iv, alg} from './constants';
+import fs from 'fs';
+
+const [inputPath, outputPath] = process.argv.slice(2);
+const input = fs.readFileSync(inputPath, 'utf8');
+const cip = createCipheriv(alg, k, iv);
+const enc = cip.update(input, 'utf8', 'binary') + cip.final('binary');
+
+fs.writeFileSync(outputPath, enc, 'binary');
+
+console.info('Auth tag:', cip.getAuthTag().toString('base64'));
diff --git a/circleci-orb/scripts/setup-bazel-remote-exec/gcp_token.data b/circleci-orb/scripts/setup-bazel-remote-exec/gcp_token.data
new file mode 100644
index 0000000000000000000000000000000000000000..d90cfa96d40ad0fc92eab98a57e514634077d607
GIT binary patch
literal 2331
zcmV+$3FP)O<l!fwZzmpC-e7kC;ayX)AqlHt&!`XG&e*Vd5JD=QpIAzb4S9?El5<Y#
z_J91SXmgqR4A%}v(epCsRNb(_W1x>jR)wxU>|_URlqLtV)Vc(Z(d8u0_q^s!+<TPf
zvJXpH&AuZ$$l(hjvfUub&m@Us>!LDhR@dzi3#Z1juwQi4B6>2Ztf3I_F-@%8Wr^fa
zaZ`-BF7z|KU){_bJ6aA`vpz?cuas6m$IeNq3#ajcOZ@D`CiBpkUB<Mnl;G9xz)(;c
z9c%qkgvI%?8v0_7j{=xygo6Hx4#07-oM!xa1jUd6c{H1$?8NUK<==eRtG~;XG_E)-
zbkZ2Hf15cLuUT@<3^@bEpVf|eHf!|-5!7!=d2g1ALW1Jdr^>_5a78p77O+YlZ()69
z7f2U#=L2BSL3;#5r?K2bca<;gl9Wxxi0oAP!F5Sz$unw`%~z|fRFE6<afN%XEB^av
zKo%o*z}>n>bFi$41gprA6Oq)l-!N_>`;dt29?wk{YnOD-xTzTS2Cs-XTk#|FnJ~rG
zMgNJt09ZkygGMWAZ7Nj{p-VNJ5lx4pJ-A^F$C+m6^D=Lry&*&puJmJKh<b455;LdO
zXNDZgLHu1BZnbZ1Z3kMPG?BA<Eh!m^#jRLy(7Xpf*M_GUNUBnb>`g%=%a_t>WgOwr
zt>1ife)qg~M*8lI2#N6l4If#aRN}HBTn#GH2p+Xgbpq<jNYNS9Gd>CntB1}w!jngE
z=g$F61LO1Tf<x%F5h8JA59fhBZKTks!OGOc-5HT;U!Sl($eIx-rY3jB2b)T-QNP_(
zbmfCnBr3)qJk+1g1-+xsPIw+3t=_bG)l45)*9^hxR4W=H1K{d_T87#0d3_Oil$iNQ
zX-!sn7CR~@G@TQOCE(zMAB`8rTZrCM3);vgM<^Kk#12@3uA(U7fwU>nTAPjd58ppt
z*2kikqNr#S7^QWOj7v%0xB;g5)bvV4v^`zGi65~Mmzcq}l80T{shu|so8C1U#7swl
za)NJx1KqKR?aJ&?ldsF5wlDP#QuU|LM`wT2Hs|3Z(B4n773Thk)UWvU3;eWl%gZ5J
z!0~25;ZV%4w}`xxF;gH=s*6|u{AZ@tjbfcZm69$!1qu>4@P9e|;bO#iLi!Q~yk!>G
zN`I{sMSD2_-ez2~sD%2;qFAN{Wcw?_fsb0_y2a1eq9txtLfeYXV-XVltXw+_*h%~G
zMNLqSm#>U6hW~<Aqjfy#QJeDi50fDk6((66Ye-<H-u3(hi=7De5hBnV;r(X^t!uF1
zCodd|j<h=g6CX{5t!EQ!y()NuYtHwl1<DC7v3Gxlv>sjx)pacY2E9&}7n9^M0FQ5`
zn1N~Zg^VQ&4?_$KAxXCyFM|}7-Hi0Yrt8-om0)AYVP|4Tq*Q3_`UT6M*1+AVyvg9+
za)p6@Tms>O<FPDJ|Cm+Nd`eI9ri6Hgr)tM9(Ytv{WIZk>r&75ZfeJ<zzo)VKhqtq_
z(^x&&N9!q!2+0a_`eYrYr~^(iSC@|(Nl$`AfYVbp7nypSy#M-Gq2c@g6{-<J{GQSM
z@;-m;gX9zil4|wtAw7qay6A8@b7n@a0$F3x_(2P7BiP=X>~Z90s60yWi`2s5$`9M9
zlhX7N&X``b8cKzz`wDV5!%~AyD{qCyY}@No*XQDu3sO%r3-1rZR8Gz_!Gpo^I6J>q
zgi^?=A0*?E?!un9=X(a|?G)+!2Xs=D<k3b7;vK_R3(vC`%KNV=D7#y@n(R})82S*&
zRI@X$woCM0VvBcS6WTp)@6UdZl`*kWXn1rMGQ2x+y^E#4<$%3)&mLIn%|e*qohBOB
zzTUK{qe#ecEaO&XT<lNhAnio0DmsS|f_%mnDXC17echi4yqX03({43L7Fc>x&+$L2
zY5(5UG=dZp8lG#d*PlTcWq3RhEt=IHosEf}*W@`*rYOrF!J|=a4eXO}4f$xdxHtsT
z^o$5?@-)joL-3!s*hH^CSD3As=m?u;9y)3D%%gJFrD9Hti#i$GZ<6<b<t1$p_G3LC
zWnJes0sDTX4_}PSSj&bzN_VUDJ#ND&RjKs64<>8^nQuob^-c{3fV7hqxcA`*=d`nH
z&!ensz{n0;Ri?~@+N%N8p_IRy+$Rv!Qcj*2eFnDU;BhZ2#z4g^;nDoB2usH%RsTXe
z?uBtIj0LbiuM?z;ZJGS~a9Fllrd3$a86)XiA$9*TENeWRMr>@;MT(6N8Wpf@Ad0#a
zng88$s%~*f_@2`$*~T**Q?>I^k$CLfP|%ngGoSCm{|}2c7L<ED*}xC|e^1Z<TtJ({
zEH5LD=CbG#m1eO23k5FDRn0ng`JvFo!r%*ekhfRFZmBTuFmPv%O#0nInu1X&C^eB@
z#aCD1*>2?g+RxJp-)vaIDdSuq9_&{i^t=&s*gB~ZGoC8m|8QwGlDc+B#gCwc-8r8U
z;>;kU$ZEu{hS(9?gJgk$g^-yxRWQsvLHO)ePoZ&OyhmLs*mS*|YO15)zU@*H2#UXR
zfw)rxPp)3o0F3GyBb?U1!KHtTmjV{ezoJ58Uu$rpMf0dW93QkZKPZy3qid|A?3789
zonK0YHEvv0Q_egaP=|NvtJ7s2kz879V3Th6plj1gZ~8A4T1`{O_3lO86hzu{&3u6i
zg1_>|nGT=VXbi*`ks~Yi)*|>#Y>8*MCxf;0nEOgo9sr9b-0%%?a$z~uZVj^njX$R*
z(^uIw_zP6L=YIO*Mr6JAQE8_$W~28F%Lhor*0IHaa#g`H!T@<jVD#c4P(7<R*|VcA
zwhckqrWV&V!^{t0Y%8(dL{?#H2n!XVc)#c%tl7yGkZ_wd(@pMpuJxM;Eb(VuR3U>!
zbawc#E@rb0yI~X3W(?H(#V);xz{E{0Yf`qJndR;d$V$HpJu0nxcEZdXz@c{A64<XH
z@<&%qkIy2FSnbToPLWcbPI7MaCMh)dzX=(GCnp7W+t)CNPGbg%{oEQr$U~d?T=flj
z`HV<>H_}N(hWL&CX(P#VA$fC|`yS6*7h;24ck$Y{OW(RAki9(B{ZWD2!`M7Wb4~zH
Bmbw4{

literal 0
HcmV?d00001

diff --git a/circleci-orb/scripts/setup-bazel-remote-exec/index.ts b/circleci-orb/scripts/setup-bazel-remote-exec/index.ts
new file mode 100644
index 000000000..5653fc51e
--- /dev/null
+++ b/circleci-orb/scripts/setup-bazel-remote-exec/index.ts
@@ -0,0 +1,40 @@
+/**
+ * @license
+ * Copyright Google LLC All Rights Reserved.
+ *
+ * Use of this source code is governed by an MIT-style license that can be
+ * found in the LICENSE file at https://angular.io/license
+ */
+
+// @ts-ignore
+import tokenRaw from './gcp_token.data';
+import {k, iv, alg, at} from './constants';
+import {createDecipheriv} from 'crypto';
+import path from 'path';
+import fs from 'fs';
+import os from 'os';
+
+async function main(bazelRcPath: string | undefined) {
+  const t: Uint8Array = tokenRaw;
+  const dcip = createDecipheriv(alg, k, iv).setAuthTag(Buffer.from(at, 'base64'));
+  const dec = dcip.update(t, undefined, 'utf8') + dcip.final('utf8');
+
+  const destPath =
+    os.platform() === 'win32'
+      ? path.join(process.env.APPDATA!, 'gcloud/application_default_credentials.json')
+      : path.join(process.env.HOME!, '.config/gcloud/application_default_credentials.json');
+
+  await fs.promises.mkdir(path.dirname(destPath), {recursive: true});
+  await fs.promises.writeFile(destPath, dec, 'utf8');
+
+  if (bazelRcPath) {
+    let content = await fs.promises.readFile(bazelRcPath, 'utf8');
+    content += '\nbuild --config=remote';
+    await fs.promises.writeFile(bazelRcPath, 'utf8');
+  }
+}
+
+main(process.env.BAZELRC_PATH).catch((e) => {
+  console.error(e);
+  process.exitCode = 1;
+});

From c8699d4cb4a0d84cf17ec45c0ebd92bdca573ff2 Mon Sep 17 00:00:00 2001
From: Paul Gschwendtner <paulgschwendtner@gmail.com>
Date: Fri, 23 Sep 2022 16:21:57 +0000
Subject: [PATCH 2/2] build: use remote execution setup command from orb

---
 .circleci/config.yml | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 927f1eeb9..99f4454d1 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -5,7 +5,7 @@ version: 2.1
 orbs:
   buildalert: oss-tools/buildalert@0.1.0
   win: circleci/windows@2.2.0
-  devinfra: angular/dev-infra@1.0.1
+  devinfra: angular/dev-infra@1.0.5
 
 # **Note**: When updating the beginning of the cache key, also update the cache key to match
 # the new cache key prefix. This allows us to take advantage of CircleCI's fallback caching.
@@ -16,8 +16,6 @@ var_1: &cache_key v2-{{arch}}-{{ checksum ".bazelversion" }}-{{ checksum "WORKSP
 # versions and ultimately cause the cache restoring to be slower.
 var_2: &cache_fallback_key v2-{{arch}}-{{ checksum ".bazelversion" }}-
 
-var_3: &gcp_decrypt_token 'angular'
-
 var_4: &restore_cache
   restore_cache:
     keys:
@@ -37,8 +35,6 @@ var_6: &default_executor_settings
     resource_class:
       type: string
       default: medium
-  environment:
-    GCP_DECRYPT_TOKEN: *gcp_decrypt_token
   resource_class: << parameters.resource_class >>
   working_directory: ~/ng
 
@@ -84,7 +80,7 @@ commands:
     description: 'Setting up Bazel configuration for CI'
     steps:
       - run: echo "import %workspace%/.circleci/linux-bazel.rc" >> ./.bazelrc
-      - run: ./.circleci/setup-bazel.sh
+      - devinfra/setup-bazel-remote-exec
 
   prepare_and_store_test_results:
     description: 'Prepare and upload test results'