All geek questions in one place

Auto click on github relay using travis

I have a gitub.io repo that hosts my web page - the source for this web page (uncompiled Jade / Sass code) is in a separate public repo. Travis-CI is configured to view my source repo for changes and run the compiled package, generate HTML / CSS, which will be clicked on imtqy.com repo.

Can I configure Travis to automatically click on the github repository that I own if the compilation went without hard-coding my username and password in my .travis.yml file (obviously this is a security problem)?

I saw this question , but Travis did not answer it - I don’t think I can use authentication with keypair, because I would need to put the private key in a repo or in a travis script, which is as big a security hole as the installation my password.

For someone else who draws here, I found the following information using the answer to roidrage as a springboard:

  • Travis uses public / private key encryption so you can embed sensitive information in a .travis.yml file. You can set your gem called "travis" and use it to encrypt the material, and they will definitely decrypt it at their end. Documentation: http://docs.travis-ci.com/user/encryption-keys/

  • In github you can create a “personal access token” in the settings. This can be used as a password for applications. Encrypt it using the above technique and throw it into your barley.

+5
source share
2 answers

This can be achieved by storing the token for accessing GitHub in an encrypted way in the .travis.yml file. See our docs for examples of how to encrypt data.

As for push on GitHub pages, there is a blog post summarizing the steps pretty well, and it even points to a script that you can use in your build.

The mirror script is here:

 #!/usr/bin/env bash # This script was written to facilitate the deployment process of Pelican # websites using Travis CI. See this blog post for more information: # http://kevinyap.ca/2014/06/deploying-pelican-sites-using-travis-ci/ usage="Usage: $(basename "$0") (deploy | diff | serve) Commands: deploy Upload site to Github Pages diff Compare locally generated site to live site serve Generate and serve site (auto-reloads on changes)" TARGET_REPO="iKevinY/iKevinY.imtqy.com" GH_PAGES_BRANCH="master" DEVELOP_CONF="pelicanconf.py" PUBLISH_CONF="publishconf.py" OUTPUT_DIR="output" REMOTE_DIR="remote" PY_CMD="python3" SERVER="http.server" PORT="8000" rootPath="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" generate_site() { # Based on http://zonca.imtqy.com/2013/09/automatically-build-pelican-and-publish-to-github-pages.html if [ "$TRAVIS" == "true" ]; then # Ensure that builds triggered by pull requests are not deployed if [ "$TRAVIS_PULL_REQUEST" != "false" ]; then echo "Successfully built pull request #$TRAVIS_PULL_REQUEST." exit 0 fi echo "Deploying site to $GH_PAGES_BRANCH branch of $TARGET_REPO." git config --global user.email " travis@travis-ci.org " git config --global user.name "Travis CI" else cd "$rootPath" || exit 1 pelican -s $PUBLISH_CONF fi # Pull hash and commit message of the most recent commit commitHash=$(git rev-parse HEAD) commitMessage=$(git log -1 --pretty=%B) # Clone the GitHub Pages branch and rsync it with the newly generated files GITHUB_REPO=https://${GH_TOKEN:-git}@github.com/${TARGET_REPO}.git git clone --branch $GH_PAGES_BRANCH --depth 1 "$GITHUB_REPO" $REMOTE_DIR &> /dev/null rsync -r --exclude=.git --delete $OUTPUT_DIR/ $REMOTE_DIR/ pushd $REMOTE_DIR > /dev/null git add -A git status -s $1 # execute the function that was passed as an argument } push_changes() { if [ "$TRAVIS" == "true" ]; then longMessage="Generated by $commitHash; pushed by build #$TRAVIS_BUILD_NUMBER." git commit -m "$commitMessage" -m "$longMessage" git push origin $GH_PAGES_BRANCH &> /dev/null || echo "Push failed." else read -rp "Push changes to GitHub Pages? [y/N] " response if [[ "$response" =~ ^[Yy]$ ]]; then git commit -m "$commitMessage" -m "Generated by $commitHash." git push origin $GH_PAGES_BRANCH fi popd > /dev/null rm -rf -- $REMOTE_DIR $OUTPUT_DIR && echo "Removed $REMOTE_DIR and $OUTPUT_DIR." fi } case "$1" in 'deploy') generate_site push_changes ;; 'diff') generate_site 'git --no-pager diff --cached --color-words' ;; 'serve') developPath=${rootPath}/develop local_ip=$(ifconfig | grep 'inet ' | awk 'NR==2 {print $2}') # Seed directory with site content cd "$rootPath" && pelican -s $DEVELOP_CONF > /dev/null echo "Serving HTTP at $(tput bold)${local_ip}:${PORT}$(tput sgr0)." cleanup() { pkill -f $SERVER cd "$rootPath" && rm -r "$developPath" && echo && exit 0 } trap cleanup SIGINT (pelican -rs $DEVELOP_CONF 2> /dev/null) & (cd "$developPath" || exit 1; $PY_CMD -m $SERVER $PORT 1> /dev/null) & wait ;; *) echo "$usage" exit 2 ;; esac
+4
source

Mac OS El Capitan Requires Ruby ^ 2.2

 brew unlink ruby; brew install Ruby gem install travis

Use the travis gem to encrypt your secret PAT and update .travis.yml

 travis encrypt GH_TOKEN=<secret github personal access token> --add
0
source

Source: https://habr.com/ru/post/1203309/

More articles:


All Articles