douglasduteil · February 22, 2021 13:27 · show0k · Jul 18, 2015
diff --git a/.travis.yml b/.travis.yml
 ---
 language: node_js
 node_js:
 - '0.10'
 branches:
  only:
    - master
 before_script: .travis/before_script.sh
 script: echo -e " >>> Do something... \"grunt\" for example\n"
 after_success:  .travis/after_success.sh
 env:
  global:
  - REPO="[email protected]:<org>/<repo>.git"
  - secure: ! 'Ygr53DnnxZzzKrc/kMBdnVCkiBHNKsIhk7A8kmv7Rcmbx327ATCeEePB8GNd... etc... etc...
diff --git a/before_script.sh b/before_script.sh


 #
 # Authentication
 #
 echo -e ">>> Authentication !"

 git remote set-url origin $REPO.git
 git config --global user.email "<org@email>"
 git config --global user.name "<org> (via TravisCI)"

 if [ -z "$id_rsa_{1..23}" ]; then echo 'No $id_rsa_{1..23} found !' ; exit 1; fi

 # Careful ! Put the correct number here !!! (the last line number)
 echo -n $id_rsa_{1..23} >> ~/.ssh/travis_rsa_64
 base64 --decode --ignore-garbage ~/.ssh/travis_rsa_64 > ~/.ssh/id_rsa

 chmod 600 ~/.ssh/id_rsa

 echo -e ">>> Copy config"
 mv -fv out/.travis/ssh-config ~/.ssh/config

 echo -e ">>> Hi github.com !"
 ssh -T [email protected]
 echo -e "\n"
diff --git a/ssh-config b/ssh-config
 Host github.com
 	User				          	git
 	IdentityFile		      	~/.ssh/id_rsa
 	StrictHostKeyChecking 	no
 	PasswordAuthentication	no
 	CheckHostIP			      	no
 	BatchMode			        	yes
diff --git a/travis-secure-key.sh b/travis-secure-key.sh
 #!/bin/sh 

 # Here, you will need to replace <org@email>, <org> and <repo>

 # First you create a RSA public/private key pair just for Travis.
 ssh-keygen -t rsa -C "<org@email>" -f ~/.ssh/travis_rsa

 #
 # Then following the official doc (https://help.github.com/articles/generating-ssh-keys#step-3-add-your-ssh-key-to-github),
 # You add it to your organisation repo : https://github.com/<org>/<repo>/settings/keys
 xclip -sel clip < ~/.ssh/travis_rsa.pub

 #
 # Paste your key into the "Key" field ; Click "Add key" ; Confirm the action by entering your GitHub password
 #

 #
 # Now comes the 'hard' part...
 # Like you want to install it on Travis, you have to give it the key. 
 # Good thing is that Travis supports environment variables encryption with travis gem.
 sudo gem install travis

 #
 # But you I the impression it's only support base64 values...
 # So you have to convert our key.
 base64 --wrap=0 ~/.ssh/travis_rsa > ~/.ssh/travis_rsa_64

 # I'll direcly user the option "--add env.global" so let's go to where your ".travis.yml" is
 cd <somewhere>

 # Also, the command "travis encrypt" has a length limit ~=100char.
 # So, like I'm lazy. I just brutalize my bash...
 bash <(cat ~/.ssh/travis_rsa_64 | perl -pe 's/(.{100})/$1\n/g' | nl | perl -pe 's/\s*(\d+)\s*(.*)/travis encrypt -r <org>\/<repo> id_rsa_$1="$2" --add env.global/')

 #
 # Now you have a lot of lines "- secure: ! 'xxxx...'" in my ".travis.yml"
 # But you don't know how many... So just come back to the last command to get the tail of it.
 #
 cat ~/.ssh/travis_rsa_64 | perl -pe 's/(.{100})/$1\n/g' | nl | tail

 # The brutal command just made a array of id : id_rsa_[0] to id_rsa_[n] where n is the number of lines. For me 23.

 # End of the preparations. Now you'll have to decrypt all of this...
	---
	language: node_js
	node_js:
	- '0.10'
	branches:
	only:
	- master
	before_script: .travis/before_script.sh
	script: echo -e " >>> Do something... \"grunt\" for example\n"
	after_success: .travis/after_success.sh
	env:
	global:
	- REPO="[email protected]:<org>/<repo>.git"
	- secure: ! 'Ygr53DnnxZzzKrc/kMBdnVCkiBHNKsIhk7A8kmv7Rcmbx327ATCeEePB8GNd... etc... etc...


	#
	# Authentication
	#
	echo -e ">>> Authentication !"

	git remote set-url origin $REPO.git
	git config --global user.email "<org@email>"
	git config --global user.name "<org> (via TravisCI)"

	if [ -z "$id_rsa_{1..23}" ]; then echo 'No $id_rsa_{1..23} found !' ; exit 1; fi

	# Careful ! Put the correct number here !!! (the last line number)
	echo -n $id_rsa_{1..23} >> ~/.ssh/travis_rsa_64
	base64 --decode --ignore-garbage ~/.ssh/travis_rsa_64 > ~/.ssh/id_rsa

	chmod 600 ~/.ssh/id_rsa

	echo -e ">>> Copy config"
	mv -fv out/.travis/ssh-config ~/.ssh/config

	echo -e ">>> Hi github.com !"
	ssh -T [email protected]
	echo -e "\n"
	Host github.com
	User git
	IdentityFile ~/.ssh/id_rsa
	StrictHostKeyChecking no
	PasswordAuthentication no
	CheckHostIP no
	BatchMode yes
	#!/bin/sh

	# Here, you will need to replace <org@email>, <org> and <repo>

	# First you create a RSA public/private key pair just for Travis.
	ssh-keygen -t rsa -C "<org@email>" -f ~/.ssh/travis_rsa

	#
	# Then following the official doc (https://help.github.com/articles/generating-ssh-keys#step-3-add-your-ssh-key-to-github),
	# You add it to your organisation repo : https://github.com/<org>/<repo>/settings/keys
	xclip -sel clip < ~/.ssh/travis_rsa.pub

	#
	# Paste your key into the "Key" field ; Click "Add key" ; Confirm the action by entering your GitHub password
	#

	#
	# Now comes the 'hard' part...
	# Like you want to install it on Travis, you have to give it the key.
	# Good thing is that Travis supports environment variables encryption with travis gem.
	sudo gem install travis

	#
	# But you I the impression it's only support base64 values...
	# So you have to convert our key.
	base64 --wrap=0 ~/.ssh/travis_rsa > ~/.ssh/travis_rsa_64

	# I'll direcly user the option "--add env.global" so let's go to where your ".travis.yml" is
	cd <somewhere>

	# Also, the command "travis encrypt" has a length limit ~=100char.
	# So, like I'm lazy. I just brutalize my bash...
	bash <(cat ~/.ssh/travis_rsa_64 \| perl -pe 's/(.{100})/$1\n/g' \| nl \| perl -pe 's/\s(\d+)\s(.*)/travis encrypt -r <org>\/<repo> id_rsa_$1="$2" --add env.global/')

	#
	# Now you have a lot of lines "- secure: ! 'xxxx...'" in my ".travis.yml"
	# But you don't know how many... So just come back to the last command to get the tail of it.
	#
	cat ~/.ssh/travis_rsa_64 \| perl -pe 's/(.{100})/$1\n/g' \| nl \| tail

	# The brutal command just made a array of id : id_rsa_[0] to id_rsa_[n] where n is the number of lines. For me 23.

	# End of the preparations. Now you'll have to decrypt all of this...