public
Last active — forked from lukewpatterson/gist:4242707

Here is how I allow Git SSH authentication in Travis CI. I'm using it to connect Travis to my repo organization AngularUI. This trick is a fork. The goal is to encode the RSA private deploy key in the .travis.yml as "-secure: xxxxx.....".

  • Download Gist
.travis.yml
YAML
1 2 3 4 5 6 7 8 9 10 11 12 13 14
---
language: node_js
node_js:
- '0.10'
branches:
only:
- master
before_script: .travis/before_script.sh
script: echo -e " >>> Do something... \"grunt\" for example\n"
after_success: .travis/after_success.sh
env:
global:
- REPO="git@github.com:<org>/<repo>.git"
- secure: ! 'Ygr53DnnxZzzKrc/kMBdnVCkiBHNKsIhk7A8kmv7Rcmbx327ATCeEePB8GNd... etc... etc...
before_script.sh
Shell
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
 
 
#
# Authentication
#
echo -e ">>> Authentication !"
 
git remote set-url origin $REPO.git
git config --global user.email "<org@email>"
git config --global user.name "<org> (via TravisCI)"
 
if [ -z "$id_rsa_{1..23}" ]; then echo 'No $id_rsa_{1..23} found !' ; exit 1; fi
 
# Careful ! Put the correct number here !!! (the last line number)
echo -n $id_rsa_{1..23} >> ~/.ssh/travis_rsa_64
base64 --decode --ignore-garbage ~/.ssh/travis_rsa_64 > ~/.ssh/id_rsa
 
chmod 600 ~/.ssh/id_rsa
 
echo -e ">>> Copy config"
mv -fv out/.travis/ssh-config ~/.ssh/config
 
echo -e ">>> Hi github.com !"
ssh -T git@github.com
echo -e "\n"
ssh-config
1 2 3 4 5 6 7
Host github.com
User git
IdentityFile ~/.ssh/id_rsa
StrictHostKeyChecking no
PasswordAuthentication no
CheckHostIP no
BatchMode yes
travis-secure-key.sh
Shell
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
#!/bin/sh
 
# Here, you will need to replace <org@email>, <org> and <repo>
 
# First you create a RSA public/private key pair just for Travis.
ssh-keygen -t rsa -C "<org@email>" -f ~/.ssh/travis_rsa
 
#
# Then following the official doc (https://help.github.com/articles/generating-ssh-keys#step-3-add-your-ssh-key-to-github),
# You add it to your organisation repo : https://github.com/<org>/<repo>/settings/keys
xclip -sel clip < ~/.ssh/travis_rsa.pub
 
#
# Paste your key into the "Key" field ; Click "Add key" ; Confirm the action by entering your GitHub password
#
 
#
# Now comes the 'hard' part...
# Like you want to install it on Travis, you have to give it the key.
# Good thing is that Travis supports environment variables encryption with travis gem.
sudo gem install travis
 
#
# But you I the impression it's only support base64 values...
# So you have to convert our key.
base64 --wrap=0 ~/.ssh/travis_rsa > ~/.ssh/travis_rsa_64
 
# I'll direcly user the option "--add env.global" so let's go to where your ".travis.yml" is
cd <somewhere>
 
# Also, the command "travis encrypt" has a length limit ~=100char.
# So, like I'm lazy. I just brutalize my bash...
bash <(cat ~/.ssh/travis_rsa_64 | perl -pe 's/(.{100})/$1\n/g' | nl | perl -pe 's/\s*(\d+)\s*(.*)/travis encrypt -r <org>\/<repo> id_rsa_$1="$2" --add env.global/')
 
#
# Now you have a lot of lines "- secure: ! 'xxxx...'" in my ".travis.yml"
# But you don't know how many... So just come back to the last command to get the tail of it.
#
cat ~/.ssh/travis_rsa_64 | perl -pe 's/(.{100})/$1\n/g' | nl | tail
 
# The brutal command just made a array of id : id_rsa_[0] to id_rsa_[n] where n is the number of lines. For me 23.
 
# End of the preparations. Now you'll have to decrypt all of this...

Could you give more details regarding this code please? Also does it relate to this question ?

I made it for the Angular UI Docs . Check it out

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.