diff --git a/.travis.yml b/.travis.yml index 40d1bdad..d5b69bb4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,15 @@ language: scala + +env: + global: + - PUBLISH_JDK=openjdk6 # admin/build.sh only publishes when running on this jdk +# Don't commit sensitive files, instead commit a version encrypted with $SECRET, +# this environment variable is encrypted with this repo's private key and stored below: +# (See http://docs.travis-ci.com/user/environment-variables/#Secure-Variables.) + - secure: ZEAhn8ozGqcQxvJD7/G3ifou2Vl7OkNzUXM15aKy0FbqLMOzsx3hAKsWEM6e/6d/7phDkiZisers+HOlt3nLwu75M3QLGm5lo4moJJJyx17omlrBQ7+M/hu3ZxqNRCE8oNI41V3pc+ZJQsY1qA7at4NPJbnAXx9sUUO2lGmc4xI= + script: - - sbt ++$TRAVIS_SCALA_VERSION clean update compile test + - admin/build.sh scala: - 2.11.2 jdk: diff --git a/admin/build.sh b/admin/build.sh new file mode 100755 index 00000000..3c7f4b6c --- /dev/null +++ b/admin/build.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +# prep environment for publish to sonatype staging if the HEAD commit is tagged + +# git on travis does not fetch tags, but we have TRAVIS_TAG +# headTag=$(git describe --exact-match ||:) + +if [ "$TRAVIS_JDK_VERSION" == "$PUBLISH_JDK" ] && [[ "$TRAVIS_TAG" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-[A-Za-z0-9-]+)? ]]; then + echo "Going to release from tag $TRAVIS_TAG!" + myVer=$(echo $TRAVIS_TAG | sed -e s/^v//) + publishVersion='set every version := "'$myVer'"' + extraTarget="publish-signed" + + cat admin/gpg.sbt >> project/plugins.sbt + admin/decrypt.sh sensitive.sbt + (cd admin/ && ./decrypt.sh secring.asc) +fi + +sbt ++$TRAVIS_SCALA_VERSION "$publishVersion" clean update compile test $extraTarget \ No newline at end of file diff --git a/admin/decrypt.sh b/admin/decrypt.sh new file mode 100755 index 00000000..3c3c602f --- /dev/null +++ b/admin/decrypt.sh @@ -0,0 +1,2 @@ +#!/bin/bash +openssl aes-256-cbc -pass "pass:$SECRET" -in $1.enc -out $1 -d -a \ No newline at end of file diff --git a/admin/encrypt.sh b/admin/encrypt.sh new file mode 100755 index 00000000..4bf6c932 --- /dev/null +++ b/admin/encrypt.sh @@ -0,0 +1,2 @@ +#!/bin/bash +openssl aes-256-cbc -pass "pass:$SECRET" -in $1 -out $1.enc -a \ No newline at end of file diff --git a/admin/encryptAll.sh b/admin/encryptAll.sh new file mode 100755 index 00000000..de7016b7 --- /dev/null +++ b/admin/encryptAll.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +# Based on https://gist.github.com/kzap/5819745: + +echo "This will encrypt the cleartext sensitive.sbt and admin/secring.asc, while making the encrypted versions available for decryption on Travis." +echo "Update your .travis.yml as directed, and delete the cleartext versions." +echo "Press enter to continue." +read + +# 1. create a secret, put it in an environment variable while encrypting files -- UNSET IT AFTER +export SECRET=$(cat /dev/urandom | head -c 10000 | openssl sha1) + +# 2. add the "secure: ..." line under the env section -- generate it with `` (install the travis gem first) +travis encrypt SECRET=$SECRET + +admin/encrypt.sh admin/secring.asc +admin/encrypt.sh sensitive.sbt + +echo "Remember to rm sensitive.sbt admin/secring.asc -- once you do, they cannot be recovered (except on Travis)!" \ No newline at end of file diff --git a/admin/gpg.sbt b/admin/gpg.sbt new file mode 100644 index 00000000..6ec4213e --- /dev/null +++ b/admin/gpg.sbt @@ -0,0 +1,21 @@ +// only added when publishing: +addSbtPlugin("com.typesafe.sbt" % "sbt-pgp" % "0.8.3") + +/* There's a companion sensitive.sbt, which was created like this: + +1. in an sbt shell when sbt-gpg is loaded, create pgp key in admin/: + + set pgpReadOnly := false + pgp-cmd gen-key // use $passPhrase + pgp-cmd send-key hkp://keyserver.ubuntu.com + +2. create sensitive.sbt with contents: + +pgpPassphrase := Some($passPhrase.toArray) + +pgpPublicRing := file("admin/pubring.asc") + +pgpSecretRing := file("admin/secring.asc") + +credentials += Credentials("Sonatype Nexus Repository Manager", "oss.sonatype.org", $sonaUser, $sonaPass) +*/ diff --git a/admin/pubring.asc b/admin/pubring.asc new file mode 100644 index 00000000..b750e6f9 --- /dev/null +++ b/admin/pubring.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: BCPG v1.49 + +mQENBFSAu20BCACAHC5KEbSM7Dm9+ksU12Y7TIP4rLLg94e/jF29WFNnH8P4rTv/ +8WNX0OF9gNW5Ltj7IzGGkzLX3HjrEKA7SEaFyTqoCQ+FIlqNNYt8YCScMyTSfYbQ +8GOEBUEcS8HPpZoudX7T1IYIAApl46kD0H4zzPPz2QHu51uj4jyjnIGRcDmHat3q +dIeBzdnGinRFY+h/b4elKI0uEAFe/WmrMb9GpUaparkbNwutwof+7gIs5N7wyamg +tErARSBgs00JJtgh+lyRv7y6T9OkL8p8nylxRGjIpUM3cICBZLTg/mA1+FPvQzFm +AvYQ3cLWeFLobIVjuKSxWKwybdxR6ikCZd/LABEBAAG0O3NjYWxhLXBhcnNlci1j +b21iaW5hdG9ycyA8c2NhbGEtaW50ZXJuYWxzQGdvb2dsZWdyb3Vwcy5jb20+iQEc +BBMBAgAGBQJUgLttAAoJEF2pklhwFz7lp+kH/21ydQFQKdIv91iUNkwdbRbFcOoY +1LTZBAg2QaWMgqo9ZqZako09IlHouzMs+8mpgu3iC0spuzt24dn0He7ruKbnUb9F +AvWcyG5Kzw/zy/wvC8IZNtLqMP5RKOJmNZydoMj2DUcfPnldAwKd/UGmOyn4AEvW +ND0Qi59mPcJy/mCCDyjYfu+tJQCRg2DEhKtNX06GskZTaBeuqEVt58ZdE2aAq/X0 +2afs/Pv160NvbzgQ5vroamvwr2Q8E5aCiCcf7DZDyG5Kibt2Z7IvrosdAJsS75xQ +Q+1w7E3af7EdVZicMjkRPEhTbrtOInCRslIfKGp221mNvl7Au/ztfGPMUKY= +=/HZD +-----END PGP PUBLIC KEY BLOCK----- diff --git a/admin/secring.asc.enc b/admin/secring.asc.enc new file mode 100644 index 00000000..9acbd239 --- /dev/null +++ b/admin/secring.asc.enc @@ -0,0 +1,40 @@ +U2FsdGVkX1+FQtnDY5zEKGLoxEcz97shUP9GlOVy7SAuYt3TpxaZGRPhXNK/jWDZ +BQ6AcQq1cgIcn9skFDvRPsA9lRotD9wCZkc5GaGmrKgtdfccHh+58s1C8ufoL6L2 +ujZ4+W8KuwrYcOYevpykKcWfgmZ5RglKm5wUZaJq/khVIp4BmeeXEN7vk6oovZym +ymlFWhFQJDVgNs2zS6pSJD4vnndbc801nV63KZvk86RAD1vBCUKD7OfwqYpg5iCZ +dsMSkCaos+v1lBfHZDwtR0CDTrcg0gwXs3hDG5aX9PstZ/r1r8AXCjqaYtp130Ee +fkpuDA4cPMC0tPAPGAhFbBuieMEaHwZevMo9VQyykYkA841U++GgXfcRjn/IacnH +y1eqs+74JY1CZJzsLmDzGlAT3fHKVBjMnQS1KNZdDRfzC+2UyO/2dbkuGwSlw4aX +sOKz4RFwjNGbd6FUCM90ua/nsyrBlKHfuyeyllL7Q/H10zyaPvetoCpICH3852TZ +l2jnPfMrfxqpBPkDyMclRmo3uz4/zHPHwZatddNo4l7plIQHAi3cviPoZm1ncgCC +t8/O2fVFx0ubfrMKc8xqMwZBllmdTW63gP61j1vv8Xb5ZBDwpJSI4ff04SygEk2s +9Qzhx5f5izCu2+jJDsLH79d+wUeNtl+MXo78zw7lHl9rLb3+Y6L9OIgX15PBIYZx +mQ1oAXAhWK8I8NfpmdHkKSQMQ0Ls8stwVpJGvGUosIyU2COTuJfFWH0GQl8X0jSN +eNHdpthhoYHjwwlvxeGUcUJ11zbP55zCDJLxxCDOZ8lZVf9qqIk4wpquMGXoLpyQ +xIgqG/FTMlNJG5hAR3cJfFCDfjKw/Sza5Uc/BGvnRILxrqELbzgSsluL3AarpgIn +TWyx1Wc8N9Z8vA9XRaDPwh5Xv9uACw6DA37XfVeBoWCht6It0w2UyefjxWMhwmgL +GwS6/Ul6uf5jXGWlkuAlBt4t3XMynBzZJ5GXBLPzTDGzHGgRsi1jmtxOGoxXqv1O +xIXAkOjup5hLYG0B2Zz7yCottBaD9wBULIlFA1ixmNXHwxiaU95v+3jlAaOjYT1A ++QjYr6KZMM/6Jqz5gWhupRghxHx0g1m/xCEexPy4hSm4+g6TTFOx3eVj1sqUd/bV +TnbPUje3lKyXBhmfDNoFOi1VSpe8/PASakqkQqysN30zyXm76rhBrX9X5+DjQb8w +yeaYWZMAEripWGqGC9SyEadAV98elfJO/V/iK1AFZo62Ukl8VZ1OUz50P+8Brvvg +XTG8cvZYF4XTRtGTzQbDghJeyprGB0XY5SS08tms/DiPDklR9bJWzHu3lIh2EIfT +YXBWyKowZ50ih1yi4qXrABJickVLq6SKZ+Mg5X8Q/njxt+Hw9i2Cll7uoHVmGkeY +Nmoy8c3Qa3XTvGnzoMWYLKNz6oTyt/EJihHXkwzZKLgL5tOXnywwpemkTX1XXbIH +OBzz+m6MsWGbE1e57vCsP/c4zzEZ3dM6541WzZOzNdh61uS/XuHWXaBoyKKOH7BN +rXBa5BtDmU9EBQG3eBbl1Juj41mtRtUjSXu5VSWy18mKWtbvsFUC/WTFTF/8+kzd +1Sop8Oy35lb/BHYR+B8IOM/MHIIN+xhmJHlhh3Jah6hsADyRGgocQWceSJX8OQuw +JclveZ8CzSsttW7cB5hlnUp/bRrm99W9cHLda62Q3K1i3l7IyNx43IYFY+yDgnFB +crkFUizItIhYdeB//9NwcIZtM6B+3uDU/zeORhZ83FZnFdcI3u6Lfy4NWRPbecAq +wVkSu6h5xkc6E0mFGbB2228lpOQX6TZBQKP4XeQas1GHMuatFtQy+NCOdzYnW9eT +qTyU+Oku3wAt4uMxIZubZaGAd06WUg5r7L/HmcEavdkT0DHOvzYGTK0yNrlap0yp +jbCPMLXtnXT2HR1jvE483fcfBu3L7+b9R5Tz/VbqV0bEswkmjOHsz+3qUxOL3EFv +9VWrC6Q7aGm93dxAhzek1C+/UQaN9LO9jC+V9gMftJxVfwNt7syv36fV1ww/IyFX +G6HBCeyQ0KBT01/UWSI9JCKL0VP44UamvRos7+8MESuTD/BDHJlEQNxL7Teyw2Tf +xqUcjGzHevqjWJjdEelfBUl/sq8LcqfedDvzJo07sN3lqcZBdGiiyOOqnfUiJdU2 +fuOy3PljALpjvIzgqV1Y6jDiszhl7fwRn91KkWLejZiu/vx0UcwCnWQ1aPMnOydp +F12MSEqgIHpebxJFOv3tYPoUEKqGX1iATlsvTPxRD6RufGnm+pDQoKGf8qn8jfjx +Q666NYVNysJtmN15PxUAjEiJuKhXuLmtwsuhxsaSxpi+M7/k9vmtkliX4+N+XK7H +7VreF04kgzZN0qdzht2AGhoehDqdotkYb5aXqTlEzuv4MF4zVOZQHDQ6A7M6n0Z4 +RgQbhngngdMKHT5brKZm7Atlm1zOtAAexEA+ib6WfaJ0tRAQqJcsKhc7OnYXp8SU +D+cqJqvdRIEQTNuMrwzEBiW9RldYeEsgUBYMoyX4HxQ= diff --git a/sensitive.sbt.enc b/sensitive.sbt.enc new file mode 100644 index 00000000..b3ebdac2 --- /dev/null +++ b/sensitive.sbt.enc @@ -0,0 +1,7 @@ +U2FsdGVkX19ymDGvEeR3Ld7K7e4jzUoCqTw/KfHdPdtZbPDpAc1txKP1i2y8T6hO +y4QJTEhmKXsIJEnDTjyM0wEzh/yYjdE6fGNF43cW4ysSeSEBPy104gNhQXKsyohH +JIb0suQ288cP8kZ9IBq/osXkWU0qe+++PJNMeUATaU+ek/z9f/YfvcWZ2jJIKvIk +aRMYX/Tpkm70ap9Ko9bdDsgV0/OrPnWT7It0ITIK4P7uj+Yyl9AYBRMT1sk0vqfX +oiArljvbeswaS+Ydll4u+kp/hgPMbE1IeYtmey2m9ls6FyLn+D9AfEIpUKg011K2 +kVEU678T3LqTqzJvvYhRfDR+KNw/n4l1EPj/JTubMx4qZLmDkoE69o19/lNffrCj +6B1nj4/2VU79kG+XpXDXEw==