From 9db368c0943d5c9eb9cdf8ce2e8b66a589e08685 Mon Sep 17 00:00:00 2001 From: Alex Muller Date: Fri, 23 Dec 2016 10:57:21 +0000 Subject: [PATCH] Switch from using GOV.UK Jenkins to Travis This project isn't owned by GOV.UK Publishing anymore so it needs to stop using Jenkins to publish changes. Ideally I'd use a deploy key for this, but it turns out that you can't attach the same deploy key to more than one repo. This means that we're going to use a GitHub token attached to the govuk-ci user - this should be moved to a different user in the future. To make that happen: - Add the personal access token as a secure Heroku env var - Change the Git URLs to push over HTTPS, not SSH The gem_publisher gem expects there to be a file at `.gem/credentials`. I've encrypted that file for Travis and added that file to the Travis worker. Same deal for the `npm publish` command. It turns out you can only encrypt one file at a time which means that we need to create a tar archive and then move things around afterwards which is a little bit horrible. In order to do this I made a secrets directory and added 2 files: gem_credentials: ``` --- :rubygems_api_key: redacted ``` npmrc: ``` _auth = redacted email = name@example.com ``` And then ran: ``` tar cvf secrets.tar secrets/npmrc secrets/gem_credentials ``` And encrypted that file. --- .travis.yml | 24 ++++++++++++++++---- .travis/secrets.tar.enc | Bin 0 -> 3088 bytes build_tools/publisher/docs_publisher.rb | 2 +- build_tools/publisher/ejs_publisher.rb | 2 +- build_tools/publisher/jinja_publisher.rb | 2 +- build_tools/publisher/mustache_publisher.rb | 2 +- build_tools/publisher/play_publisher.rb | 2 +- jenkins.sh | 14 ------------ 8 files changed, 25 insertions(+), 23 deletions(-) create mode 100644 .travis/secrets.tar.enc delete mode 100755 jenkins.sh diff --git a/.travis.yml b/.travis.yml index af7a9a50..0226f959 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,11 +1,27 @@ language: ruby sudo: false +env: + global: + - secure: "gxjwgl9l9ZP/1t86odZyMzWyiVBkG1oFzeL+Kb6z9Dtfu954l9RbytlenTTcnRw1KtaDBZVBs0ix3K45b8T2S6JFzLQ88Z/36DmXGIN6vxctfnVD9sqbbyOuP++RhibK+qUqbPRHo6a3wBsMQ87DMj5S6pJe3dxbCKRXa8zcMd0=" +before_install: + - openssl aes-256-cbc -K $encrypted_df4ab1bff570_key -iv $encrypted_df4ab1bff570_iv -in .travis/secrets.tar.enc -out .travis/secrets.tar -d + - tar xvf .travis/secrets.tar + - mkdir -p ~/.gem/ + - mv secrets/gem_credentials ~/.gem/credentials + - mv secrets/npmrc ~/.npmrc + - git config --global user.name "Travis CI" + - git config --global user.email "travis@travis-ci.org" + - rm -f Gemfile.lock + - git clean -fdx install: - # Ensure that Travis install is a no-op because `jenkins.sh` - # installs dependencies. - - echo "Not running Travis installation" + - bundle install script: - - ./jenkins.sh + - bundle exec rake spec integration_tests +deploy: +- provider: script + script: 'bundle exec rake build:and_release_if_updated' + on: + branch: master notifications: email: on_success: never diff --git a/.travis/secrets.tar.enc b/.travis/secrets.tar.enc new file mode 100644 index 0000000000000000000000000000000000000000..ac1f289661115ac7fe78bf0df9db1a753ec486c7 GIT binary patch literal 3088 zcmV+r4Da)(EPDh%vm!CB+F>pCdn+Ioy49*TAHNoynu-3!b+-6LQw~7RY)lOn4_%KM z78?1klh`pG^(D-hH6C8Q5K1TIB zEB^z|L6ZQOdKOeFtwA}Am4;SNpo^8;x7~^+qmDt>-lR?;g5YZpMZK#s6Mm)g8yDh? zq^2=MZ;dp9i-Iq05X^0}_$zP&1qOPW++}UAqe1Oe%Su52rDL;iEy;AlK?PO5Rzk7N z#{R|0scJf|NGGOF9OaHHi=T3N_#)0PQ&_rV&oyPrVH72bPLO^>?ow0JYK6-Lh;7-^ zV$xNVI%rlk+j#gk8uFz8e@C6uW+lAk!#}kn+^3OPc7l)h*{ZI2CJ5v{j0G}M>TNIj z!aK?Zo~%ykk5StywIMBWYofz0`VCL6p8Odw-USbrj#dW?JRqWv^`D?h@rMoi$`4*5 zZo1_n8y809rhOHH|Jzs|&&7uu0c9NnuF*YFCxir24GFwi~L8DdAX3LZd+AmOy6@tl)DQDA7jMD@&ob+f-Y#n)^)usoS?jQ|v=`EH)V ztw5+>0E~GiBpT|=Q*_QEx9k<}-h_VaPa-ThlDKKzUz&c=fJqmm(AZe6&K=bbFeqtx zS-P=|H;!2Zab{dD=R+sGKbiMi?a$>6O9%VuS7c@xZ62)qQTfa;7`bfK&1k{U82qeC z4@7o@T9jP~H+~_$j0ZB2t~}A%5{^`!+czH)4d>gYrNTTZ6cC7v1)>NN`)F}B(t8-A ztxwg7sr3Rc!uo*Ymy1??acvDF%;;pZ|88*bn3l&MqQOL%@$fVCtEN@g!{a=x4=GH z@}jdxDEiMj#KaU;C>@FiI1!iU?OEQ(2)by9&?CO95S8@ZEtAny&hkFZC2ohrxSw3B zmtgN6fIyZHN5`i%@!1=h8YBk7@#I?AS3iv%`e(V9fZ?1*ttq#e+3!lrZD-4FO9AmH z%rSux$sw8$KhlCvY|UM6;L64d5kss+f#*w$BqEI_dXL{e2&}*ZIrh*$9JI&MucSDhpCt}C-dkAqmTt8 z#1+cKujM7lqqAR%s5nOByZvd80#)Fw95s_)irRr?mNqe$kcf**ndQ9}n0$Zl=rcW? z%`g2inKp#8l#|NlcT8v=kB(Dwm%2pTl+P?JLxO{ z-&V2M-hm62HEqwmve2F-KuEYj+jfFpo>J3qharb7cw>ADJHgH{*!R76;lt|c#`2cM zOnQ>2MjWv}uz6-Yr}}Jha5}9qGo;+x)&2iA+{EK2bXDg|tV*@Qq4#xi%=#Vjo@*JL zbFc=TzE2S^SfRPR&7m#&&#dhSPIV|8*VO++SqxHlDp`Clv2_6Z@QOtZKgug>XPJ>+ z1meS!hCiYA*2cE-OMXPRapKcH6J7&2Vbrs}n#Y@AzGj2Y?Y|_pWJ+XAPSu}>$xfEz zn5<9_eBaM9af^qBy1C8MUTm@qoF3~H18x@Ccj{Fhm0A@h}uPz z)n;=ni20G8zU(#FLD$r$U_YxLa?eEemYH84V5^ImuF@%x5a~lA9V5JLqNjXqS(6ce z{y3W+o_J6e7jS@q-h=69?}KLdEulkP25yzKt%k4Yb3)Ri_HTYiBj1ci&#A2j)YBa@xb}I2q8Q^hb@+S(Kj2`xO=Hb%BvR4T(9&~uui`gS zJ&%`<#fR{G5$(2Kf;WY;N&@GeuN2zu*+ThQzOJHQQ{lBo zGgX|eyviBhr|eQ1i~>8_%-CXNEj~yOR1EO%Yj?2!Vy7-=p2`60AQ$4f0F*{z&3%S) z-lCN}`_ai!qz_XR6Fhq?Koh$+;eozYMAdj66O*o}!2OO0 zzk9n#**pPq6D$u-pwC_IhAiDqoVDr`u-E14$;iLW06oD4q;;I*bAnSc0m)e=4Dd)B z!w-#!d%9}GF}gfoPb=GjQ&1z2?C5&TT&D_sa+u+jsXoO+qB`i+YpQ7tt^rg*>+2*^ z;YHRqECZtTSuig+SLXZ6KqpkDRknps>&&4xIXs$9ma|Lj7hi63t3~ zNcmp7z#q<#oCv3JFM3B-BIlFNS*-qc>gq(6slnDzMFKm}4_ae}&U?!D3bgoD+sra%1s_lIwi*Us$@X|b8X2=rD05?>NbJ94`dX$Rx-o?K|9j; z+Tl>t=Rg36y~0D=u2xOJ>7S`c!t~56;XzHSnjb(2jCN*d>#&O2yWLPi)G?g zwe%wp+Q{hmxx@&|v2a3=A=FFyJ4x!} z^}_8!!R1XueAYp)f6((_2E=8z{e{__fAG0g^T7OSZ-XpT1?@+;2$)40*RdCaq9lkh zifS!RzZyp0fnclybMwf>y+)CRPrM&wRCO$>rH$liT@1Ta16CwHH21VIOCFDgoxet~ zjrY-^n2~}DV%GN`YmC*;3{N}YQc}9ia1R&n3wIfRK3t^_EFA+`big49btgiFx3FDR zjc8#9N_#l!$fBB}`a^N1G3?xz@ee45d>JX^g$5kSdTl4sv6HU(uwA3;80T7JI}VQ{ z9v*ygh_BGef8ayvRH$sQrZf_r-ht-Jsuq*^a9vvYe)RrV8%h2ejI62NwmdAlg0X+* zvUxgvk=dG4Bu$gM^+^E90@U&!nCa~s>mI%9w_~{6O!CsnCf+8rhRTe!Wkzuwk8zb~ z>?m==$WUOxuGIR^nR3^|sJ#SfFm-&jlKl|=iqzJfH(WpQ*)g8Og3jYPgi){|$q9mJ z0%SiAH19b@s21%e75cfxq)eeM$(kp#DNKEgA7EkMps`e9aTWt=II%HapShx-rOPDf+w2G^%%|uGOClWmzp~^e}0DdkRgmM^f9e@>6H&Be2%b zhy{^fi1hc^sHf^vXPN_8H_w;9f}qT;$3&*J-*>>ENLI{dz(3~TT4bY!+@8#@+6s!> zI>IsM@$vpMIj|+H*kcov81VBPT3LOs9tMQcvWBgq+#jI<`zGS%%EY-n*3{oo=Rf$} e0pXZ))E>L)$i8zmz