summaryrefslogtreecommitdiffstats
path: root/.travis
diff options
context:
space:
mode:
authorPhilip Whineray <phil@firehol.org>2016-12-16 08:50:07 +0000
committerPhilip Whineray <phil@firehol.org>2016-12-16 09:28:14 +0000
commit00a0f2c07ed546ee20a07da043c7b058377fb6f2 (patch)
treed99645fb17e1c0a73caa1e88ed28e6a95b1b9379 /.travis
parentf4827e695a2a67b3c37e316a61e28705f6972dd0 (diff)
Fix pull requests from external repositories
Github/travis integration does not make available the encryption keys for pull requests from remote repositories. Move direct commands from travis into scripts so that we decrypt and deploy only when we can.
Diffstat (limited to '.travis')
-rwxr-xr-x.travis/decrypt-if-have-key35
-rwxr-xr-x.travis/deploy-if-have-key44
2 files changed, 79 insertions, 0 deletions
diff --git a/.travis/decrypt-if-have-key b/.travis/decrypt-if-have-key
new file mode 100755
index 0000000000..b585d12c1e
--- /dev/null
+++ b/.travis/decrypt-if-have-key
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+set -e
+
+# Decrypt our private files; changes to this file should be inspected
+# closely to ensure they do not create information leaks
+
+eval key="\${encrypted_${1}_key}"
+eval iv="\${encrypted_${1}_iv}"
+
+if [ ! "$key" ]
+then
+ echo "No aes key present - skipping decryption"
+ exit 0
+fi
+
+for i in .travis/*.enc
+do
+ u=$(echo $i | sed -e 's/.enc$//')
+ openssl aes-256-cbc -K "$key" -iv "$iv" -in $i -out $u -d
+done
+
+if [ -f .travis/travis_rsa ]
+then
+ echo "ssh key present - loading agent"
+ eval "$(ssh-agent -s)"
+
+ # add key, then remove to prevent leaks
+ chmod 600 .travis/travis_rsa
+ ssh-add .travis/travis_rsa
+ rm -f .travis/travis_rsa
+ touch .travis/travis_rsa.ready
+else
+ echo "No ssh key present - skipping agent start"
+fi
diff --git a/.travis/deploy-if-have-key b/.travis/deploy-if-have-key
new file mode 100755
index 0000000000..6c40e25705
--- /dev/null
+++ b/.travis/deploy-if-have-key
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+set -e
+
+# Deploy tar-files and checksums to the firehol website
+
+if [ ! -f .travis/travis_rsa.ready ]
+then
+ echo "No ssh key decrypted - skipping deployment to website"
+ exit 0
+fi
+
+case "$TRAVIS_BRANCH" in
+ master|stable-*)
+ :
+ ;;
+ *)
+ echo "Not on master or stable-* branch - skipping deployment to website"
+ exit 0
+ ;;
+esac
+
+if [ "$TRAVIS_PULL_REQUEST" = "true" ]
+then
+ echo "Building pull request - skipping deployment to website"
+ exit 0
+fi
+
+if [ "$TRAVIS_TAG" != "" ]
+then
+ echo "Building tag - skipping deployment to website"
+ exit 0
+fi
+
+if [ "$CC" != "gcc" ]
+then
+ echo "Building non-gcc version - skipping deployment to website"
+ exit 0
+fi
+
+ssh-keyscan -H firehol.org >> ~/.ssh/known_hosts
+ssh travis@firehol.org mkdir -p uploads/netdata/$TRAVIS_BRANCH/
+scp -p *.tar.* travis@firehol.org:uploads/netdata/$TRAVIS_BRANCH/
+ssh travis@firehol.org touch uploads/netdata/$TRAVIS_BRANCH/complete.txt
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 17:37:15 +0000