Last active
January 23, 2021 14:56
-
-
Save evandandrea/c754964bfdfb176844f26f605ebbb8db to your computer and use it in GitHub Desktop.
Automatically publish to the snap store from Travis
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh -e | |
| if [ -z "$SNAPCRAFT_SECRET" ]; then | |
| # Run `sh seed.sh` on your local machine so SNAPCRAFT_SECRET is set. | |
| exit 0 | |
| fi | |
| mkdir -p ".encrypted" | |
| if [ ! -e ".encrypted/snapcraft.cfg.enc" ]; then | |
| echo "Seeding a new macaroon." | |
| echo "$SNAPCRAFT_CONFIG" > ".encrypted/snapcraft.cfg.enc" | |
| fi | |
| mkdir -p "$HOME/.config/snapcraft" | |
| # Decrypt the macaroon (secret). | |
| openssl enc -aes-256-cbc -base64 -pass env:SNAPCRAFT_SECRET -d -in ".encrypted/snapcraft.cfg.enc" -out "$HOME/.config/snapcraft/snapcraft.cfg" | |
| if docker run -v $HOME:/root -v $(pwd):/cwd snapcore/snapcraft sh -c 'cd /cwd; snapcraft'; then | |
| docker run -v $HOME:/root -v $(pwd):/cwd snapcore/snapcraft sh -c "cd /cwd; snapcraft push *.snap --release edge" | |
| fi | |
| # The macaroon (secret) has been refreshed; re-encrypt it. | |
| openssl enc -aes-256-cbc -base64 -pass env:SNAPCRAFT_SECRET -out ".encrypted/snapcraft.cfg.enc" < "$HOME/.config/snapcraft/snapcraft.cfg" | |
| rm -f "$HOME/.config/snapcraft/snapcraft.cfg" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo: required | |
| dist: trusty | |
| services: | |
| - docker | |
| cache: | |
| directories: | |
| - .encrypted | |
| script: | |
| - ./.travis.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # 1. Get a macaroon (secret) from the Store for publishing snaps | |
| # 2. Create a private key that only Travis can decrypt | |
| # 3. Then use it to encrypt the macaroon | |
| # | |
| # As encrypted variables are only available to Travis commit runs, | |
| # pull requests won't be able to steal the macaroon and publish | |
| # under your name. | |
| snapcraft login | |
| export SNAPCRAFT_SECRET=$(pwgen 20 -1) | |
| export SNAPCRAFT_CONFIG="$(openssl enc -aes-256-cbc -base64 -pass env:SNAPCRAFT_SECRET < ~/.config/snapcraft/snapcraft.cfg)" | |
| travis encrypt SNAPCRAFT_SECRET=$SNAPCRAFT_SECRET -a | |
| travis env set SNAPCRAFT_CONFIG "$SNAPCRAFT_CONFIG" | |
| # Don't forget to commit the changes back to your .travis.yml. |
@ElOpio why?
@evandandrea, because on line 14 you are already decrypting it. Unless I'm misunderstanding it, this step in 24 is not doing anything useful.
@ElOpio line 14 decrypts, line 24 re-encrypts (because it's a refreshed macaroon).
I see. A comment in the shell script would be nice.
Good thinking, @ElOpio. Fixed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey @evandandrea, this line should be removed: https://gist.github.com/evandandrea/c754964bfdfb176844f26f605ebbb8db#file-travis-sh-L24