Auto-publish scripts for travis-os-deploy-artifacts

id_rsa.pub.enc

@@ -0,0 +1,2 @@
+D’2Úä¢ß©Û%•¹%R<>±Þ/–/•ñ±-{4>7–<37>·áŒ/ƒC+Õ1õ:`Ž\ï<04>>ÕrMbh]NëD§F3Xógü¼it¢Eñ=<3D>Îà›IŠFžåV?ÁÊÝràt}±9;h½xm¢¶¬Úý5€¡˜Õ&‘ð“<>LžT¤
+@0`µE›qµµ]N˜ÇøB<C3B8>øܤyDÛ%.|²QÛ/ZÛ)nŽº\KjxXùn_í‚Œóf_s"p“Äw/„pËAJ¶‰<C2B6>[#<15>Þ3 œöš ®!Í/–Ö•2ÿ8;±GÐ Š¾:LeÂ<65>B’u&ûýÞ÷)Ô7¨› 6Ä5Êu‘Yl!%ØBv3½­ì*	{9i6­NÙ|m›ïà¦T‹~eF#fÓÞJÿ–¾öú§÷À^ÅÉã^8Û«ÂOÊ}ÕÏ®R´]S
vÔþæC´Á=e¬aJÆgç'H ²ì&Nš6^Â"X4+Àí<Éd88<38>=1Ø~Åß¹<C39F>éã%G=‘

utils/auto-push.sh

@@ -0,0 +1,61 @@
+#!/bin/sh
+set -e
+set +x
+
+official_repo="$1"      # https://github.com/user/repo.git
+deploy_repo="$2"        # git@github.com:user/repo.git
+deploy_branch="$3"      # gh-pages
+deploy_base_commit="$3" # branch name or tag
+key_iv_id="$4"          # 123456789abc, part of encrypted_123456789abc_key and encrypted_123456789abc_iv
+deploy_directory="$5"   # directory to copy on top of deploy_base_commit
+key_env_var_name="encrypted_${key_iv_id}_key"
+iv_env_var_name="encrypted_${key_iv_id}_key"
+key="${!key_env_var_name}"
+iv="${!iv_env_var_name}"
+
+if test "$(git config remote.origin.url)" != "$official_repo"; then
+  echo "Not on official repo, will not deploy to ${deploy_repo}:${deploy_branch}."
+elif test "$TRAVIS_PULL_REQUEST" != "false"; then
+  echo "This is a Pull Request, will not deploy to ${deploy_repo}:${deploy_branch}."
+elif test "$TRAVIS_BRANCH" != "master"; then
+  echo "Not on master branch (TRAVIS_BRANCH = $TRAVIS_BRANCH), will not deploy to ${deploy_repo}:${deploy_branch}."
+elif test -z "${key:-}" -o -z "${iv:-}"; then
+  echo "Travis CI secure environment variables are unavailable, will not deploy to ${deploy_repo}:${deploy_branch}."
+elif test ! -e travis-deploy-key-id_rsa.enc; then
+  echo "travis-deploy-key-id_rsa.enc not present, will not deploy to ${deploy_repo}:${deploy_branch}."
+else
+  set -x
+  echo "Automatic push to ${deploy_repo}:${deploy_branch}"
+
+  # Git configuration:
+  git config --global user.name "$(git log --format="%aN" HEAD -1) (Travis CI automatic commit)"
+  git config --global user.email "$(git log --format="%aE" HEAD -1)"
+
+  # SSH configuration
+  mkdir -p ~/.ssh
+  chmod 700 ~/.ssh
+  set +x
+  if openssl aes-256-cbc -K "$key" -iv "$iv" -in travis-deploy-key-id_rsa.enc -out travis-deploy-key-id_rsa -d >/dev/null 2>&1; then
+    echo "Decrypted key successfully."
+  else
+    echo "Error while decrypting key."
+    exit 1
+  fi
+  mv travis-deploy-key-id_rsa ~/.ssh/travis-deploy-key-id_rsa
+  set -x
+  chmod 600 ~/.ssh/travis-deploy-key-id_rsa
+  set +x
+  eval `ssh-agent -s`
+  set -x
+  ssh-add ~/.ssh/travis-deploy-key-id_rsa
+
+  TRAVIS_GH_PAGES_DIR="$HOME/travis-temp-auto-push-$(date +%s)"
+  if test -e "$TRAVIS_GH_PAGES_DIR"; then rm -rf "$TRAVIS_GH_PAGES_DIR"; fi
+  git clone -b "$deploy_base_commit" --depth 1 --shallow-submodules "$TRAVIS_GH_PAGES_DIR"
+  (cd "$TRAVIS_GH_PAGES_DIR" && git checkout -b "$deploy_branch")
+  rsync "${deploy_directory}/" "${TRAVIS_GH_PAGES_DIR}/"
+  (cd "$TRAVIS_GH_PAGES_DIR" && git add -A . && git commit -m "Auto-publish to $deploy_branch") > commit.log || (cat commit.log && exit 1)
+  (cd "$TRAVIS_GH_PAGES_DIR" && git log --oneline --decorate --graph -10)
+  echo '(cd '"$TRAVIS_GH_PAGES_DIR"' && git push --force --quiet "'"$deploy_repo"'" "master:'"$deploy_branch"'")'
+  (cd "$TRAVIS_GH_PAGES_DIR" && git push --force --quiet "$deploy_repo" "$deploy_branch" >/dev/null 2>&1) >/dev/null 2>&1 # redirect to /dev/null to avoid showing credentials.
+fi

utils/make-travis-key.sh

@@ -0,0 +1,59 @@
+#!/bin/sh
+set -e
+set +x
+
+usage() {
+  echo "Usage: $0 built-repo-url deploy-repo-url"
+  echo " - The first argument must be the URL for the repository being built"
+  echo "   with Travis-Ci, e.g."
+  echo "       git@github.com:built-user/built-repo.git"
+  echo " - The second argument must be the URL for the repository to which the"
+  echo "   artifacts will be pushed, e.g."
+  echo "       git@github.com:deploy-user/deploy-repo.git"
+  echo ""
+  echo " It is preferable to create a repository specifically for hosting the"
+  echo " artifacts, so that if the private key is accidentally leaked, only"
+  echo " that repository will be affected."
+  echo ""
+  echo " Furthermore, it is preferable to only push non-executable artifacts"
+  echo " (e.g. screenshots), so that if the repository is compromised, an"
+  echo " attacker may not inject malicious code into what people may consider"
+  echo " trusted artifacts."
+}
+
+if test "$#" -eq 1 && test "$1" = "-h" -o "$1" = "--help"; then
+  usage
+  exit 0
+elif test "$#" -ne 2; then
+  usage
+  exit 1
+fi
+
+built_repo="$1" # git@github.com:built-user/built-repo.git
+deploy_repo="$2" # git@github.com:deploy-user/deploy-repo.git
+
+if ! which travis > /dev/null; then
+  gem install travis || echo "Notice: you need the following packages or their equivalent: ruby ruby-dev"
+fi
+
+ssh_dir="$(mktemp -d --suffix=travis-deploy-ssh-keygen)"
+mkdir -m 700 "${ssh_dir}/permissions/"
+ssh-keygen -N '' -f "${ssh_dir}/permissions/id_rsa"
+
+if test "$(git remote get-url origin)" != "${built_repo}"; then
+    echo "ERROR: The url of the remote \"origin\" in the current repository is"
+    echo "not the same as the one of the built repository specified on the"
+    echo "command-line."
+    echo "origin url:                  $(git remote get-url origin)"
+    echo "command-line built-repo-url: $built_repo"
+  exit 1
+fi
+
+travis login
+travis encrypt-file "${ssh_dir}/permissions/id_rsa.pub"
+git add "id_rsa.pub.enc"
+
+printf "\033[1;32mNow copy the following public SSH key and add it as a\033[m\n"
+printf "\033[1;32mread-write deploy key for the repository \033[1;33m${deploy_repo}\033[1;32m on GitHub.\033[m\n"
+cat "${ssh_dir}/permissions/id_rsa.pub"
+rm -fr "${ssh_dir}"