diff options
author | Philip Whineray <phil@firehol.org> | 2016-12-16 08:50:07 +0000 |
---|---|---|
committer | Philip Whineray <phil@firehol.org> | 2016-12-16 09:28:14 +0000 |
commit | 00a0f2c07ed546ee20a07da043c7b058377fb6f2 (patch) | |
tree | d99645fb17e1c0a73caa1e88ed28e6a95b1b9379 /.travis | |
parent | f4827e695a2a67b3c37e316a61e28705f6972dd0 (diff) |
Fix pull requests from external repositories
Github/travis integration does not make available the encryption keys
for pull requests from remote repositories. Move direct commands from
travis into scripts so that we decrypt and deploy only when we can.
Diffstat (limited to '.travis')
-rwxr-xr-x | .travis/decrypt-if-have-key | 35 | ||||
-rwxr-xr-x | .travis/deploy-if-have-key | 44 |
2 files changed, 79 insertions, 0 deletions
diff --git a/.travis/decrypt-if-have-key b/.travis/decrypt-if-have-key new file mode 100755 index 0000000000..b585d12c1e --- /dev/null +++ b/.travis/decrypt-if-have-key @@ -0,0 +1,35 @@ +#!/bin/bash + +set -e + +# Decrypt our private files; changes to this file should be inspected +# closely to ensure they do not create information leaks + +eval key="\${encrypted_${1}_key}" +eval iv="\${encrypted_${1}_iv}" + +if [ ! "$key" ] +then + echo "No aes key present - skipping decryption" + exit 0 +fi + +for i in .travis/*.enc +do + u=$(echo $i | sed -e 's/.enc$//') + openssl aes-256-cbc -K "$key" -iv "$iv" -in $i -out $u -d +done + +if [ -f .travis/travis_rsa ] +then + echo "ssh key present - loading agent" + eval "$(ssh-agent -s)" + + # add key, then remove to prevent leaks + chmod 600 .travis/travis_rsa + ssh-add .travis/travis_rsa + rm -f .travis/travis_rsa + touch .travis/travis_rsa.ready +else + echo "No ssh key present - skipping agent start" +fi diff --git a/.travis/deploy-if-have-key b/.travis/deploy-if-have-key new file mode 100755 index 0000000000..6c40e25705 --- /dev/null +++ b/.travis/deploy-if-have-key @@ -0,0 +1,44 @@ +#!/bin/bash + +set -e + +# Deploy tar-files and checksums to the firehol website + +if [ ! -f .travis/travis_rsa.ready ] +then + echo "No ssh key decrypted - skipping deployment to website" + exit 0 +fi + +case "$TRAVIS_BRANCH" in + master|stable-*) + : + ;; + *) + echo "Not on master or stable-* branch - skipping deployment to website" + exit 0 + ;; +esac + +if [ "$TRAVIS_PULL_REQUEST" = "true" ] +then + echo "Building pull request - skipping deployment to website" + exit 0 +fi + +if [ "$TRAVIS_TAG" != "" ] +then + echo "Building tag - skipping deployment to website" + exit 0 +fi + +if [ "$CC" != "gcc" ] +then + echo "Building non-gcc version - skipping deployment to website" + exit 0 +fi + +ssh-keyscan -H firehol.org >> ~/.ssh/known_hosts +ssh travis@firehol.org mkdir -p uploads/netdata/$TRAVIS_BRANCH/ +scp -p *.tar.* travis@firehol.org:uploads/netdata/$TRAVIS_BRANCH/ +ssh travis@firehol.org touch uploads/netdata/$TRAVIS_BRANCH/complete.txt |