Skip to content

Instantly share code, notes, and snippets.

@douglasduteil
Forked from lukewpatterson/gist:4242707
Last active February 22, 2021 13:27
Show Gist options
  • Save douglasduteil/5525750 to your computer and use it in GitHub Desktop.
Save douglasduteil/5525750 to your computer and use it in GitHub Desktop.
Here is how I allow Git SSH authentication in Travis CI. I'm using it to connect Travis to my repo organization AngularUI. This trick is a fork. The goal is to encode the RSA private deploy key in the .travis.yml as "-secure: xxxxx.....".
---
language: node_js
node_js:
- '0.10'
branches:
only:
- master
before_script: .travis/before_script.sh
script: echo -e " >>> Do something... \"grunt\" for example\n"
after_success: .travis/after_success.sh
env:
global:
- REPO="git@github.com:<org>/<repo>.git"
- secure: ! 'Ygr53DnnxZzzKrc/kMBdnVCkiBHNKsIhk7A8kmv7Rcmbx327ATCeEePB8GNd... etc... etc...
#
# Authentication
#
echo -e ">>> Authentication !"
git remote set-url origin $REPO.git
git config --global user.email "<org@email>"
git config --global user.name "<org> (via TravisCI)"
if [ -z "$id_rsa_{1..23}" ]; then echo 'No $id_rsa_{1..23} found !' ; exit 1; fi
# Careful ! Put the correct number here !!! (the last line number)
echo -n $id_rsa_{1..23} >> ~/.ssh/travis_rsa_64
base64 --decode --ignore-garbage ~/.ssh/travis_rsa_64 > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
echo -e ">>> Copy config"
mv -fv out/.travis/ssh-config ~/.ssh/config
echo -e ">>> Hi github.com !"
ssh -T git@github.com
echo -e "\n"
Host github.com
User git
IdentityFile ~/.ssh/id_rsa
StrictHostKeyChecking no
PasswordAuthentication no
CheckHostIP no
BatchMode yes
#!/bin/sh
# Here, you will need to replace <org@email>, <org> and <repo>
# First you create a RSA public/private key pair just for Travis.
ssh-keygen -t rsa -C "<org@email>" -f ~/.ssh/travis_rsa
#
# Then following the official doc (https://help.github.com/articles/generating-ssh-keys#step-3-add-your-ssh-key-to-github),
# You add it to your organisation repo : https://github.com/<org>/<repo>/settings/keys
xclip -sel clip < ~/.ssh/travis_rsa.pub
#
# Paste your key into the "Key" field ; Click "Add key" ; Confirm the action by entering your GitHub password
#
#
# Now comes the 'hard' part...
# Like you want to install it on Travis, you have to give it the key.
# Good thing is that Travis supports environment variables encryption with travis gem.
sudo gem install travis
#
# But you I the impression it's only support base64 values...
# So you have to convert our key.
base64 --wrap=0 ~/.ssh/travis_rsa > ~/.ssh/travis_rsa_64
# I'll direcly user the option "--add env.global" so let's go to where your ".travis.yml" is
cd <somewhere>
# Also, the command "travis encrypt" has a length limit ~=100char.
# So, like I'm lazy. I just brutalize my bash...
bash <(cat ~/.ssh/travis_rsa_64 | perl -pe 's/(.{100})/$1\n/g' | nl | perl -pe 's/\s*(\d+)\s*(.*)/travis encrypt -r <org>\/<repo> id_rsa_$1="$2" --add env.global/')
#
# Now you have a lot of lines "- secure: ! 'xxxx...'" in my ".travis.yml"
# But you don't know how many... So just come back to the last command to get the tail of it.
#
cat ~/.ssh/travis_rsa_64 | perl -pe 's/(.{100})/$1\n/g' | nl | tail
# The brutal command just made a array of id : id_rsa_[0] to id_rsa_[n] where n is the number of lines. For me 23.
# End of the preparations. Now you'll have to decrypt all of this...
@tusharmath
Copy link

Could you give more details regarding this code please? Also does it relate to this question ?

@douglasduteil
Copy link
Author

I made it for the Angular UI Docs . Check it out

@show0k
Copy link

show0k commented Jul 18, 2015

Hi,
Thanks for the tip, but note that now, travis can encrypt files directly

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment