Skip to content

@douglasduteil /.travis.yml forked from lukewpatterson/gist:4242707
Last active

Embed URL

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Here is how I allow Git SSH authentication in Travis CI. I'm using it to connect Travis to my repo organization AngularUI. This trick is a fork. The goal is to encode the RSA private deploy key in the .travis.yml as "-secure: xxxxx.....".
---
language: node_js
node_js:
- '0.10'
branches:
only:
- master
before_script: .travis/before_script.sh
script: echo -e " >>> Do something... \"grunt\" for example\n"
after_success: .travis/after_success.sh
env:
global:
- REPO="git@github.com:<org>/<repo>.git"
- secure: ! 'Ygr53DnnxZzzKrc/kMBdnVCkiBHNKsIhk7A8kmv7Rcmbx327ATCeEePB8GNd... etc... etc...
#
# Authentication
#
echo -e ">>> Authentication !"
git remote set-url origin $REPO.git
git config --global user.email "<org@email>"
git config --global user.name "<org> (via TravisCI)"
if [ -z "$id_rsa_{1..23}" ]; then echo 'No $id_rsa_{1..23} found !' ; exit 1; fi
# Careful ! Put the correct number here !!! (the last line number)
echo -n $id_rsa_{1..23} >> ~/.ssh/travis_rsa_64
base64 --decode --ignore-garbage ~/.ssh/travis_rsa_64 > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
echo -e ">>> Copy config"
mv -fv out/.travis/ssh-config ~/.ssh/config
echo -e ">>> Hi github.com !"
ssh -T git@github.com
echo -e "\n"
Host github.com
User git
IdentityFile ~/.ssh/id_rsa
StrictHostKeyChecking no
PasswordAuthentication no
CheckHostIP no
BatchMode yes
#!/bin/sh
# Here, you will need to replace <org@email>, <org> and <repo>
# First you create a RSA public/private key pair just for Travis.
ssh-keygen -t rsa -C "<org@email>" -f ~/.ssh/travis_rsa
#
# Then following the official doc (https://help.github.com/articles/generating-ssh-keys#step-3-add-your-ssh-key-to-github),
# You add it to your organisation repo : https://github.com/<org>/<repo>/settings/keys
xclip -sel clip < ~/.ssh/travis_rsa.pub
#
# Paste your key into the "Key" field ; Click "Add key" ; Confirm the action by entering your GitHub password
#
#
# Now comes the 'hard' part...
# Like you want to install it on Travis, you have to give it the key.
# Good thing is that Travis supports environment variables encryption with travis gem.
sudo gem install travis
#
# But you I the impression it's only support base64 values...
# So you have to convert our key.
base64 --wrap=0 ~/.ssh/travis_rsa > ~/.ssh/travis_rsa_64
# I'll direcly user the option "--add env.global" so let's go to where your ".travis.yml" is
cd <somewhere>
# Also, the command "travis encrypt" has a length limit ~=100char.
# So, like I'm lazy. I just brutalize my bash...
bash <(cat ~/.ssh/travis_rsa_64 | perl -pe 's/(.{100})/$1\n/g' | nl | perl -pe 's/\s*(\d+)\s*(.*)/travis encrypt -r <org>\/<repo> id_rsa_$1="$2" --add env.global/')
#
# Now you have a lot of lines "- secure: ! 'xxxx...'" in my ".travis.yml"
# But you don't know how many... So just come back to the last command to get the tail of it.
#
cat ~/.ssh/travis_rsa_64 | perl -pe 's/(.{100})/$1\n/g' | nl | tail
# The brutal command just made a array of id : id_rsa_[0] to id_rsa_[n] where n is the number of lines. For me 23.
# End of the preparations. Now you'll have to decrypt all of this...
@tusharmath

Could you give more details regarding this code please? Also does it relate to this question ?

@douglasduteil

I made it for the Angular UI Docs . Check it out

@show0k

Hi,
Thanks for the tip, but note that now, travis can encrypt files directly

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.