If you haven't, enable Travis CI for your repository by going to your Travis CI profile page and flicking the repository switch on.
ssh-keygen -t rsa -b 4096 -C "<your_email>" -f github_deploy_key -N ''
This will generate 2 keys in 2 different files:
- public key in
github_deploy_key.pub
- private key in
github_deploy_key
-
Go to
https://github.com/<username>/<repository>/settings/keys
and click onAdd deploy key
: -
Copy the public key (in this case, the content from
github_deploy_key.pub
) -
⚠️ Check theAllow write access
checkbox -
Add the key!
-
Remove the file containing the public key so that it's not accidentally committed
rm github_deploy_key.pub
gem install travis
travis login
-
Use the Travis CLI to encrypt the file containing the private SSL key
travis encrypt-file github_deploy_key
The above will output something like:
encrypting github_deploy_key for <username>/<repository> storing result as github_deploy_key.enc storing secure env variables for decryption openssl aes-256-cbc -K $encrypted_XXXXXXXXXXXX_key -iv $encrypted_XXXXXXXXXXXX_iv -in github_deploy_key.enc -out github_deploy_key -d Pro Tip: You can add it automatically by running with --add. Make sure to add github_deploy_key.enc to the git repository. Make sure not to add github_deploy_key to the git repository. Commit all changes to your .travis.yml.
ℹ️ The values of the
$encrypted_XXXXXXXXXXXX_key
and$encrypted_XXXXXXXXXXXX_iv
environment variables will be automatically uploaded by the Travis CLI to Travis CI, see:https://travis-ci.org/<username>/<repository>/settings
.⚠️ $encrypted_XXXXXXXXXXXX_key
and$encrypted_XXXXXXXXXXXX_iv
are not the real names. XXXXXXXXXXXX are 12 hexa digits.Also, this is the reason why you needed to login to Travis using the Travis CLI at step
2.4.
.⚠️ If Travis is asking forlogin --pro
git config --unset travis.slug
-
Remove the file containing the private key so that it's not accidentally committed
rm github_deploy_key
ℹ️ The encrypted file generated at
step 2.5.
(github_deploy_key.enc
) must be moved to the .travis/
directory from the
root of the project.
Change the environnement variable name in the .travis.yml
file at Line 15-16
to reflect the variable from https://travis-ci.org/<username>/<repository>/settings
.
The travis scrips will use the values of the GH_USER_EMAIL
and
GH_USER_NAME
environment variables as the email and user
name
with which the commits will be made.
You should encrypt these variables by generating a secure key using the Travis CLI:
travis encrypt -r "<username>/<repository>" \
GH_USER_EMAIL="<your_email>" \
GH_USER_NAME="<your_name>"
The above will output something like:
Please add the following to your .travis.yml file:
secure: "<secure_key_value>"
Pro Tip: You can add it automatically by running with --add.
Then, once you have the secure key, change it in .travis.yml
file at line 3.
- secure: "<secure_key_value>"
https://github.com/alrra/travis-scripts/blob/master/docs/github-deploy-keys.md