Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
How to set up TravisCI for projects that push back to github
# Ruby is our language as asciidoctor is a ruby gem.
lang: ruby
before_install:
- sudo apt-get install pandoc
- gem install asciidoctor
script:
- make
after_success:
- .travis/push.sh
env:
global:
secure: hZJlqgOzA2zIUJSWIka0PylqNaTkfHq+kS48RrHmocrK0vLyCW7ECWrzez2f2RVdTNzPi0b+yJq2uCbFfWjImZqg+XY1I75/CVVdSYMk7PJkYZ/iBDixMYY8CAkRRd5yZft9uZAdZzR4KLCPN18n7qfISv/M9VA8989NKcVyiEU=
#!/bin/sh
setup_git() {
git config --global user.email "travis@travis-ci.org"
git config --global user.name "Travis CI"
}
commit_website_files() {
git checkout -b gh-pages
git add . *.html
git commit --message "Travis build: $TRAVIS_BUILD_NUMBER"
}
upload_files() {
git remote add origin-pages https://${GH_TOKEN}@github.com/MVSE-outreach/resources.git > /dev/null 2>&1
git push --quiet --set-upstream origin-pages gh-pages
}
setup_git
commit_website_files
upload_files

Pushing to github from TravisCI

Introduction

I run several repositories that need documentation compiling to distributable formats (e.g. AsciiDoc to HTML, MD to PDF), rather than having to build and commit every time I want to update the distributables, I’d like to automate this process. This is where I use TravisCI as a build server.

Requirements

Build process

The main steps of the process:

  1. Install software necessary for build

  2. Build software

  3. Set up git with username, email, and remote

  4. Add and commit the files you’ve built

  5. Push these files back to github using your personal access token

Guided tutorial

I’ve got a bunch of asciidoc files inside of https://github.com/MVSE-Outreach/resources that I want to build to save people from having to install asciidoctor or pandoc to regenerate these files.

First I go to https://github.com/settings/tokens and generate a token that I call outreach-resources with the permissions public_repo. This secret token needs to be stored somewhere, I don’t want it to be revealed inside my .travis.yml or on the travis build server. Travis supports encrypted environment variables, so I run the command echo GH_TOKEN=my_github_token | travis encrypt --add where you’d replace my_github_token with the access token generated earlier; this command stores the encrypted github token inside the .travis.yml file.

Now that I’ve got an access token available on travis we can write the script that will push things back to github (checkout push.sh). I set up the username and email address of the git user on travis, checkout the branch I wish to push to, add the files I want and commit using the environment variable $TRAVIS_BUILD_NUMBER which helps me identify which commits correspond to which builds (totally optional). I finally push this commit back to the repository which takes the form: https://${GH_TOKEN}@github.com/<user_name>/<repo_name>.git, here GH_TOKEN is substituted inside the build server which acts as a username to the repository with full commit rights!

Travis’s build process is instructed by a file inside your repository named .travis.yml which contains information on the language of the repository, build comamands, dependencies, post build hooks etc. In my YAML file you can see I’m using the hooks before_install, script and after_success, all of which take a command, or a list of commands and execute them. You’ll want to keep the push.sh commands outside of the YAML file (i.e. don’t get rid of push.sh and put them all in after_success as ${GH_TOKEN} won’t be substituted).

@suy

This comment has been minimized.

Copy link

@suy suy commented Jan 2, 2016

This was immensely useful to me. A neat way to get started to use Travis, and get a simple project of mine rendered with the full Asciidoctor instead of "just" what Github serves as README. Thank you!

@dhimmel

This comment has been minimized.

Copy link

@dhimmel dhimmel commented Aug 9, 2016

Regarding this line in push.sh, what's the purpose of > /dev/null 2>&1? I'm guessing it's to prevent leaking the GH_TOKEN to the Travis logs. However, it seems to have the unintended consequence of suppressing output from subsequent commands. For example, I suspect my git push failed because the repo wan't updated, but I don't see any messages in the Travis log.

@zbeekman

This comment has been minimized.

Copy link

@zbeekman zbeekman commented Dec 13, 2016

@dhimmel yes you need to make sure your tokens don't leak. I would also pipe stdout and stderr or all push and clone commands to /dev/null as well, sometimes when they fail git prints the url that was used.

@Gopikrishna19

This comment has been minimized.

Copy link

@Gopikrishna19 Gopikrishna19 commented Jun 1, 2017

travis has a built-in deploy flow: https://docs.travis-ci.com/user/deployment/pages/

@twistedpair

This comment has been minimized.

Copy link

@twistedpair twistedpair commented Jan 7, 2018

First I go to https://github.com/settings/applications and generate a token that I call outreach-resources with the permissions public_repo.

FYI, tokens are really at https://github.com/settings/tokens

@isaachier

This comment has been minimized.

Copy link

@isaachier isaachier commented Feb 26, 2018

@neiljackson1984

This comment has been minimized.

Copy link

@neiljackson1984 neiljackson1984 commented Apr 26, 2018

Thank you for this excellent summary.

@Jezorko

This comment has been minimized.

Copy link

@Jezorko Jezorko commented Jul 21, 2018

Great stuff!

Just to let you know, echo GH_TOKEN=<your_token_here> | travis encrypt --add didn't work for me (probably because I have freshly installed travis), a better alternative is:

travis encrypt GH_TOKEN=<your_token_here> --add

From the docs: https://docs.travis-ci.com/user/environment-variables/#Encrypting-environment-variables

@clementauger

This comment has been minimized.

Copy link

@clementauger clementauger commented Nov 26, 2018

consider using gh_token=... | travis encrypt --add --no-interactive

@FezVrasta

This comment has been minimized.

Copy link

@FezVrasta FezVrasta commented Jan 24, 2019

I think with this approach anyone can do echo $GH_TOKEN | base64 and retrieve your token

@CSchank

This comment has been minimized.

Copy link

@CSchank CSchank commented Feb 2, 2019

@FezVrasta On a PR build do you mean? Those builds disallow the use of encrypted environment variables automatically.

@notedit

This comment has been minimized.

Copy link

@notedit notedit commented Jun 20, 2019

it seems this does not work anymore.

@TobiTenno

This comment has been minimized.

Copy link

@TobiTenno TobiTenno commented Jul 11, 2019

yeah, i've started getting password prompts

@lermana

This comment has been minimized.

Copy link

@lermana lermana commented Jan 2, 2020

Thank you for this great run through! I had to make a couple of changes that I wanted to transmit:

  1. I had to chmod the push script:
chmod +x .push.sh; ./.push.sh
  1. I prefaced the origin addition with a clause that removes an existing origin if it's already there:
  if  git ls-remote --exit-code origin > /dev/null 2>&1; then
	  git remote rm origin
  fi
@Keimeno

This comment has been minimized.

Copy link

@Keimeno Keimeno commented Jan 8, 2020

Doesn't work for me this way anymore.
As @lermana mentioned you have to give travis execute permissions for the push.sh script at first. (Happened to me when creating the file on Windows.).
Also if you want to push it, it only works when entering:

rev=$(git rev-parse --short HEAD)
git push myOrigin HEAD:myBranch

as it would otherwise say, that there were no changes

@capsulecorplab

This comment has been minimized.

Copy link

@capsulecorplab capsulecorplab commented Feb 17, 2020

Has anyone encountered an unbound variable error with GH_TOKEN? https://travis-ci.com/capsulecorplab/code-coffee-compendium/builds/149233745#L214

@kubk

This comment has been minimized.

Copy link

@kubk kubk commented Feb 23, 2020

In 2020 Travis CI provides this functionality out of the box: https://docs.travis-ci.com/user/deployment/pages/
I configured automatic push of my userscript with a minimal effort here: https://github.com/kubk/github-package-links/blob/master/.travis.yml#L16

@Phil-Barber

This comment has been minimized.

Copy link

@Phil-Barber Phil-Barber commented May 20, 2020

In case anyone else experiences issues with this step:
echo GH_TOKEN=my_github_token | travis encrypt --add
(was getting the error The input stream is exhausted 😴 )
I found using travis encrypt --add --interactive sorted me out

@ogerardin

This comment has been minimized.

Copy link

@ogerardin ogerardin commented Jun 20, 2020

I prefaced the origin addition with a clause that removes an existing origin if it's already there

You can also use the full URL directly in place of a remote name in git commands, so you don't have to worry about that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.