-
-
Save douglasduteil/5525750 to your computer and use it in GitHub Desktop.
Here is how I allow Git SSH authentication in Travis CI.
I'm using it to connect Travis to my repo organization AngularUI.
This trick is a fork. The goal is to encode the RSA private deploy key in the .travis.yml as "-secure: xxxxx.....".
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
language: node_js | |
node_js: | |
- '0.10' | |
branches: | |
only: | |
- master | |
before_script: .travis/before_script.sh | |
script: echo -e " >>> Do something... \"grunt\" for example\n" | |
after_success: .travis/after_success.sh | |
env: | |
global: | |
- REPO="git@github.com:<org>/<repo>.git" | |
- secure: ! 'Ygr53DnnxZzzKrc/kMBdnVCkiBHNKsIhk7A8kmv7Rcmbx327ATCeEePB8GNd... etc... etc... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Authentication | |
# | |
echo -e ">>> Authentication !" | |
git remote set-url origin $REPO.git | |
git config --global user.email "<org@email>" | |
git config --global user.name "<org> (via TravisCI)" | |
if [ -z "$id_rsa_{1..23}" ]; then echo 'No $id_rsa_{1..23} found !' ; exit 1; fi | |
# Careful ! Put the correct number here !!! (the last line number) | |
echo -n $id_rsa_{1..23} >> ~/.ssh/travis_rsa_64 | |
base64 --decode --ignore-garbage ~/.ssh/travis_rsa_64 > ~/.ssh/id_rsa | |
chmod 600 ~/.ssh/id_rsa | |
echo -e ">>> Copy config" | |
mv -fv out/.travis/ssh-config ~/.ssh/config | |
echo -e ">>> Hi github.com !" | |
ssh -T git@github.com | |
echo -e "\n" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Host github.com | |
User git | |
IdentityFile ~/.ssh/id_rsa | |
StrictHostKeyChecking no | |
PasswordAuthentication no | |
CheckHostIP no | |
BatchMode yes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# Here, you will need to replace <org@email>, <org> and <repo> | |
# First you create a RSA public/private key pair just for Travis. | |
ssh-keygen -t rsa -C "<org@email>" -f ~/.ssh/travis_rsa | |
# | |
# Then following the official doc (https://help.github.com/articles/generating-ssh-keys#step-3-add-your-ssh-key-to-github), | |
# You add it to your organisation repo : https://github.com/<org>/<repo>/settings/keys | |
xclip -sel clip < ~/.ssh/travis_rsa.pub | |
# | |
# Paste your key into the "Key" field ; Click "Add key" ; Confirm the action by entering your GitHub password | |
# | |
# | |
# Now comes the 'hard' part... | |
# Like you want to install it on Travis, you have to give it the key. | |
# Good thing is that Travis supports environment variables encryption with travis gem. | |
sudo gem install travis | |
# | |
# But you I the impression it's only support base64 values... | |
# So you have to convert our key. | |
base64 --wrap=0 ~/.ssh/travis_rsa > ~/.ssh/travis_rsa_64 | |
# I'll direcly user the option "--add env.global" so let's go to where your ".travis.yml" is | |
cd <somewhere> | |
# Also, the command "travis encrypt" has a length limit ~=100char. | |
# So, like I'm lazy. I just brutalize my bash... | |
bash <(cat ~/.ssh/travis_rsa_64 | perl -pe 's/(.{100})/$1\n/g' | nl | perl -pe 's/\s*(\d+)\s*(.*)/travis encrypt -r <org>\/<repo> id_rsa_$1="$2" --add env.global/') | |
# | |
# Now you have a lot of lines "- secure: ! 'xxxx...'" in my ".travis.yml" | |
# But you don't know how many... So just come back to the last command to get the tail of it. | |
# | |
cat ~/.ssh/travis_rsa_64 | perl -pe 's/(.{100})/$1\n/g' | nl | tail | |
# The brutal command just made a array of id : id_rsa_[0] to id_rsa_[n] where n is the number of lines. For me 23. | |
# End of the preparations. Now you'll have to decrypt all of this... |
I made it for the Angular UI Docs . Check it out
Hi,
Thanks for the tip, but note that now, travis can encrypt files directly
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Could you give more details regarding this code please? Also does it relate to this question ?