From c5fa6780d0ddf72610637e5679c1484131bc1064 Mon Sep 17 00:00:00 2001 From: Jason Zaugg Date: Mon, 12 Jan 2015 15:14:32 +1000 Subject: [PATCH] Support tag driven releases Creating a tag via a GitHub release will trigger a Travis CI build that will publish to Sonatype OSS staging. --- .travis.yml | 9 ++++++++- admin/build.sh | 19 +++++++++++++++++++ admin/decrypt.sh | 2 ++ admin/encrypt.sh | 2 ++ admin/encryptAll.sh | 19 +++++++++++++++++++ admin/gpg.sbt | 26 ++++++++++++++++++++++++++ admin/pubring.asc | 18 ++++++++++++++++++ admin/secring.asc.enc | 40 ++++++++++++++++++++++++++++++++++++++++ sensitive.sbt.enc | 7 +++++++ 9 files changed, 141 insertions(+), 1 deletion(-) create mode 100755 admin/build.sh create mode 100755 admin/decrypt.sh create mode 100755 admin/encrypt.sh create mode 100755 admin/encryptAll.sh create mode 100644 admin/gpg.sbt create mode 100644 admin/pubring.asc create mode 100644 admin/secring.asc.enc create mode 100644 sensitive.sbt.enc diff --git a/.travis.yml b/.travis.yml index 7859a69..b964f3c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,13 @@ language: scala +env: + global: + - PUBLISH_JDK=oraclejdk8 # admin/build.sh only publishes when running on this jdk +# Don't commit sensitive files, instead commit a version encrypted with $SECRET, +# this environment variable is encrypted with this repo's private key and stored below: +# (See http://docs.travis-ci.com/user/environment-variables/#Secure-Variables.) + secure: "sGB53QddmPmQ4ftCGYxT0gaJcFt0bpMJoGxJRJCFTxdzg6nNMqJ9qDWbyJo7vDFx30axNQlyBH928pUiS5KfsmvzVdoVHUBEUJlF1lBurlpx06tGLuBdcFDwUF5ybi7SGRNdUPuX/6uLdgK5clpcW16/pcfT5Qr5vo/0mvPY85s=" script: - - sbt ++$TRAVIS_SCALA_VERSION clean test publishLocal + - admin/build.sh scala: - 2.10.4 - 2.11.4 diff --git a/admin/build.sh b/admin/build.sh new file mode 100755 index 0000000..d9e2bce --- /dev/null +++ b/admin/build.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +# prep environment for publish to sonatype staging if the HEAD commit is tagged + +# git on travis does not fetch tags, but we have TRAVIS_TAG +# headTag=$(git describe --exact-match ||:) + +if [ "$TRAVIS_JDK_VERSION" == "$PUBLISH_JDK" ] && [[ "$TRAVIS_TAG" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-[A-Za-z0-9-]+)? ]]; then + echo "Going to release from tag $TRAVIS_TAG!" + myVer=$(echo $TRAVIS_TAG | sed -e s/^v// | sed -e 's/_[0-9]*\.[0-9]*//') + publishVersion='set every version := "'$myVer'"' + extraTarget="publish-signed" + + cat admin/gpg.sbt >> project/plugins.sbt + admin/decrypt.sh sensitive.sbt + (cd admin/ && ./decrypt.sh secring.asc) +fi + +sbt ++$TRAVIS_SCALA_VERSION "$publishVersion" clean update test publishLocal $extraTarget diff --git a/admin/decrypt.sh b/admin/decrypt.sh new file mode 100755 index 0000000..3c3c602 --- /dev/null +++ b/admin/decrypt.sh @@ -0,0 +1,2 @@ +#!/bin/bash +openssl aes-256-cbc -pass "pass:$SECRET" -in $1.enc -out $1 -d -a \ No newline at end of file diff --git a/admin/encrypt.sh b/admin/encrypt.sh new file mode 100755 index 0000000..4bf6c93 --- /dev/null +++ b/admin/encrypt.sh @@ -0,0 +1,2 @@ +#!/bin/bash +openssl aes-256-cbc -pass "pass:$SECRET" -in $1 -out $1.enc -a \ No newline at end of file diff --git a/admin/encryptAll.sh b/admin/encryptAll.sh new file mode 100755 index 0000000..de7016b --- /dev/null +++ b/admin/encryptAll.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +# Based on https://gist.github.com/kzap/5819745: + +echo "This will encrypt the cleartext sensitive.sbt and admin/secring.asc, while making the encrypted versions available for decryption on Travis." +echo "Update your .travis.yml as directed, and delete the cleartext versions." +echo "Press enter to continue." +read + +# 1. create a secret, put it in an environment variable while encrypting files -- UNSET IT AFTER +export SECRET=$(cat /dev/urandom | head -c 10000 | openssl sha1) + +# 2. add the "secure: ..." line under the env section -- generate it with `` (install the travis gem first) +travis encrypt SECRET=$SECRET + +admin/encrypt.sh admin/secring.asc +admin/encrypt.sh sensitive.sbt + +echo "Remember to rm sensitive.sbt admin/secring.asc -- once you do, they cannot be recovered (except on Travis)!" \ No newline at end of file diff --git a/admin/gpg.sbt b/admin/gpg.sbt new file mode 100644 index 0000000..01157e6 --- /dev/null +++ b/admin/gpg.sbt @@ -0,0 +1,26 @@ + +addSbtPlugin("com.typesafe.sbt" % "sbt-pgp" % "0.8.3") // only added when publishing: + +// There's a companion sensitive.sbt, which was created like this: +// +// 1. in an sbt shell that has the sbt-pgp plugin, create pgp key in admin/: +// +// sbt +// set pgpReadOnly := false +// set pgpPublicRing := file("admin/pubring.asc") +// set pgpSecretRing := file("admin/secring.asc") +// pgp-cmd gen-key // use $passPhrase +// Please enter the name associated with the key: $repoName +// Please enter the email associated with the key: scala-internals@googlegroups.com +// Please enter the passphrase for the key: $passphrase +// +// 2. create sensitive.sbt with contents: +// +// pgpPassphrase := Some($passPhrase.toArray) +// +// pgpPublicRing := file("admin/pubring.asc") +// +// pgpSecretRing := file("admin/secring.asc") +// +// credentials += Credentials("Sonatype Nexus Repository Manager", "oss.sonatype.org", $sonaUser, $sonaPass) + diff --git a/admin/pubring.asc b/admin/pubring.asc new file mode 100644 index 0000000..4b56eca --- /dev/null +++ b/admin/pubring.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: BCPG v1.49 + +mQENBFSzVhYBCADp261YcgfWCNZ/IrSpvk1LaqnomeDjktUuCy3LD0WQ/B750vpV +gograxIWDfGK3TaHHdiRTV0OmfhhA6Dv/E8wFiHc1psn8mtaL+tQQcFHCLqBnTEe +/VQXZLrHoFsMSBRrFY0rHZGXtCS0DKIxSeqlba4RH9eS4Q35LzBjMBLKewBCwben +mDMOMxLgTS21xqe7OoyrcQGg3nFPLBMM8hgrqmVH9lYc5c2NuTMSHC4/wUozTwMm +SxmEQ1Ga2lEpVAcaJ6r7bz0+QwX62cMs57nkGuf3SP2D5/+igDkkoVb447wESHHG +s3BZw9ThblHXJOZ5Xb64fvQ3/vCjivLqZIepABEBAAG0NXNjYWxhLWphdmE4LWNv +bXBhdCA8c2NhbGEtaW50ZXJuYWxzQGdvb2dsZWdyb3Vwcy5jb20+iQEcBBMBAgAG +BQJUs1YWAAoJEF7zF/88US8Xdw4IAJmPcOka4Tc5s5eYAdwZuNOqUiuNO3/9+Za6 +tdGZQfQxUVN5PdgXhAGiKfRxrtSTjfzN+O/wiF/7NDqOQXBHNEx53Rzucq770WvL +G5hUwr8MJB577OIyU2CQquslva3h2LbOt8lEHplLy0tI00zm6ueJNmxq36C4Mu3h +l6QMs0zd29OqtUjWpkUNRnz+1HSdhRCPZNhX1bjhRaJARrhUtP24+g3wKgjg3H95 +yjPh4951r21w/x7msu+w0vSpdA7j/VJIzql6+2exh14YeLx9AFVDgvkJE6McHXX3 +ccr1eQ0FjYpWWUrBMXpS1Pz4SiwXEOOhs1xtsM7fHuikqhkXfHg= +=oZnQ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/admin/secring.asc.enc b/admin/secring.asc.enc new file mode 100644 index 0000000..1d7d32b --- /dev/null +++ b/admin/secring.asc.enc @@ -0,0 +1,40 @@ +U2FsdGVkX1/DTFr0XPXF8oOHqDacn6gihvunVNWyqTWG2EXA5HNZn59hWeflnCXg +lW+dqKqUDhKrlLmLkOvmHKN4Fx/3T0L5xFWvB4P37YzLlxeApzqRcfIteK6j+1Eh +wib8bRZBRwQJw/Se4UhAaofiHQ4V+j76jIjlolatcBNKf9V8+ceG3iyer4fvBdnB +KnhNqG9rIEiDOcGMScqNuHZFcraJ+FZL/3/dNzfm/A/aB15kJ+ukQs6MyzLh/30+ +ttHBzLf3Hbd7j8AcIweNCbQ5/gOqen3PFxzM59OUUTJe7/JtNbFQBQEZFXH+U/cx +DY65izT3UkrUOJ02eNrYsDiTZdKz8VGEKQImiMeFkqX3LjGNHUGOe0rA33LW25dT +cXCNkWWegdXd3KkUPXUjPvABMAhnC+dU8nl4d87UUEVLZvB5wyOV9P5sFUcvvZaH +k7aHL/IYFqutlvCZ2NFjonFolaeVvf+p33A2UIswCa0zCZwR1rvtkL0irAApCQ5g +LCSP5t1LBP/F/O8AAAd5tm6t3XWoQs7POKv3MMEgFdQHKj6KXtMxpI5Il+WiXlKD +aEGY3AH5kia9UkjclHfbrPJS/NkDyINGw9KzZcr/CO29sgm3oxuy3wRhWp2Gbqi1 +eYccgYw4jJw2gmdTf7bOE9WzGqkq7B2/oP1FoS4KPJS5nj57kRjaJRW/0dkzdQVg +LwcnnTL+pJNGRXiN9rAj1fBXvtj3J/Hx19jKcRoXW6OdemSIJw7M2EpWMaXTRDP3 +iLIL00BnU584IwzAM7AXlio4dxRn+Y/U3czCaaCP22uJuFoJo8+ImjerYnU520qD +lIbFS1eNNA2YcWLMs9THCR8eDvYyjHdTtWU67RQluesFRwFhtiPwz9AOa8NJ0tvP +OnBEklN/o75cNYGlTdEfKBh9Q8Qy+j0ini8W7XkV9lXUNMScRngQ9xfASm19W5Ch +QOQWiqTmjz3kUlJ2KS1xD+GlFP/U+wk1vCdQy0gaheDjO15NvqfugFTCebMj2t9Z +RN5wxou+rJZ7RsOpst5UvS78CuIPGi5zbCXCR3NaQVGy1aQ8zLLHIYzmnd1/kLi5 +pZ0DfIsWlqq8kZmnXr6fHJN0QvrEAlMi+KAvdJvPjKEA+GLKcPNBp8BMWsBDEpwg +kNE6fCj/Hd5jvzHVK32JbB5jldml5Em3wqjuIRkATmF8x9jek3t+5OIeDxoaMeOz +GJU3VL2w+L5GKOdbcIyE0bPkdYaIo5XXs+DQNdceZorRtMk6NDh8fzkI6ePMxbk/ +s6/lIsgsX6niZUjHUtASYOGy/3c8Eh/MJmj0UXjhwmMADUaMalvhxU0HBF/5euoC +/lMje7QT2aIyQW18wC4ouSVJpYRAivPm3Qy1TbqnL/FxK8K1D7ympRM9kyGjwoCv +/35LU0XvQgzsd+f/VdcDRUWWx58Cel8sMHwybiJ7rROPBwdm42CL+fTfSfC9xufS +hrzzV/OApp8eHndwNEg3m5ndFZvq7CcWpJZnr9ParQNvy7AYxRjPGJc8wmoBgcND +a4tGLWLjKaVeZYsFHCIE/uPMqsuO1ROEkBeQc7yxKssW+cyCjEkTuFwrAI89ycgk +nzPWzJtc2vSyYKy5qlZkft1gX1S2icVxMFhppQtx7+LRn0gTPjIXCNtA1icMro58 +cY2Yc5sc0y5MdsPU+gS9lm1jOg2iEEhVv7v3PwLrNYy+XuBh3LxMy8Hwf2qCfFHE +CbWOIM1QMaJAN0NyoWhb6zuLewAj2G4L3fstPo0F/GmsQpV++6hIsaPlqunSx/sR +2BUGth2cAKFlNw25nLJp5xbUG/V8BPlLb+B8635R4ATQfQtXkVJDoG7eZ3J32Isu +nI21JFZOBkriTYcOWnt5KJVCl1TRh+OgXzeK54COVDMUa9L/oSqvRT0TUOEoYieI +w6Ji4KpxqIB3tz3QYN3hEooTg1XxN+QGS3l18GGg7fBFNzDD+Yz61co5WZocV6fh +4yZqHx8XHlh564b+x1jBE5sQ06axHJG0lYX/kesf6kwkYAZhCqLS7zBcxcDDmapc +nNCrUnYlunoSf6nt7AU0QlOre3a7CIaMvVivSbkMbheAHLEqRjww/U77va7oGeFv +ipLi1enMmre+ubjS+/VNpurN7e+qVj6RT1JcnTfyGM7/HIj97OGHEzc0YXoyKgKb +H15LZ2qTq1HjvIfVTZGDMv9m9LKW62DHhp0LTBawALQCZzfPaaI3JwBMgTvhFZcT +Cmv0re9DSpgunsX9N5t7bUQ6C/raChhu7UGUwrFkSOu00+3eYn30hqlCyAyR8QU6 +yA/Wxb+7eNZH5ZM5MCAWcCrgsv1IGOMBFB+4i9Ti/USkHapL4L2jdrJcvbhQjfKP +2ktZTg/Ji7RwqJ3wIJReTCd8N0cNI8H2zAtFST9Vgtwx9tVqluOd7Ldn2hUOhImz +64oMMZq+zS+Vquc+7xs/zpTeMN+2cFlRsye+Jrqac522suwPTw9g07gx+BM2cH98 +pCaY3ZBmWKT5lSx0yURiGg== diff --git a/sensitive.sbt.enc b/sensitive.sbt.enc new file mode 100644 index 0000000..90b6271 --- /dev/null +++ b/sensitive.sbt.enc @@ -0,0 +1,7 @@ +U2FsdGVkX18PW91o6/n5xLjlSIP+q3wKS3jHVWD5fbGyq6eu9milKZ3bl6i3YmQX +t6NiVtuFuJjix9pqlNgSc4SNInGnvI0kfyYTtcp0/CdZsKsmfUL5lRYxyOo2NIM5 +z/yXD7C9eU1ul48CXNgVOAC2F4w25bdI0iQzvUPRYG5gkiofdP7KL6n0yOlGnSJN +M0KhTrqCLcqVG4cRBZ9Q3+Rip8Lr/F00NSBUcSyL06kag/Zd/iCf3xm76eX/WN59 +Wofi5p+nvPqYSCJc+e/8Dx+aiyj0m2aeXYzwiYDdUQlBGUk8f2+CPy1NlEPGMuET +6p2zc60YT/ohUp1YUGxbvIlZ7S1FzMmiJvpT1VcnouIAYAOVGHqW0ClbPmmXiTkW +W/cGjYYDKiZNQ+8qXhfrF7rxJYiJ8LPMioh5mnzlBSk=