logo标签列表

自动化推送到 GitHub 仓库通过 Travis

gitgithubautomationcontinuous-integrationtravis-ci
6
我有一个 gitub.io 仓库,用于托管我的网页 - 网页的源代码(未编译的 Jade / Sass 代码)位于另一个公共仓库中。Travis-CI 已设置为监视我的源代码仓库的更改并运行编译套件,生成将推送到 github.io 仓库的 HTML/CSS。
我能否设置 Travis,在编译通过后自动推送到我拥有的 github 仓库,而不需要在我的 .travis.yml 文件中硬编码用户名和密码(这显然是一个安全问题)?
我看到了这个问题,但它没有考虑 Travis - 我不认为我可以使用密钥对身份验证,因为我需要将私钥放在仓库或 travis 脚本中,这与放置密码一样大的安全漏洞。
对于任何其他来到这里的人,我使用 roidrage 的答案作为跳板发现了以下信息:
  1. Travis 使用公钥/私钥加密允许你嵌入敏感信息在一个 .travis.yml 文件中。您可以安装他们的名为 "travis" 的 gem 并使用它来加密内容,他们将在其端安全解密。文档: http://docs.travis-ci.com/user/encryption-keys/

  2. 在 Github 上,你可以在你的应用程序设置 中生成“个人访问令牌”。此令牌可像密码一样被应用程序使用。使用上述技术加密该令牌并将其放入您的 yaml 文件中。
Travis要求一个变量(SOMEVAR)。我应该使用哪个变量? - koppor
1
在我的情况下,我使用Travis gem加密了一个SSH私钥(部署密钥)。我将加密后的私钥存储在仓库中。Travis下载仓库,解密私钥,然后使用解密后的密钥将更改推回仓库。 - Woodrow Barlow
2个回答
4

可以通过在.travis.yml文件中以加密方式存储访问GitHub的令牌来实现此目的。请参阅我们的文档,了解如何加密数据的示例。

至于推送到GitHub Pages,有一篇博客文章很好地总结了步骤,甚至还指向了一个脚本,您可以在构建中使用。

该脚本的镜像在此处:

#!/usr/bin/env bash

# This script was written to facilitate the deployment process of Pelican
# websites using Travis CI. See this blog post for more information:
# http://kevinyap.ca/2014/06/deploying-pelican-sites-using-travis-ci/

usage="Usage: $(basename "$0") (deploy | diff | serve)

Commands:
  deploy     Upload site to Github Pages
  diff       Compare locally generated site to live site
  serve      Generate and serve site (auto-reloads on changes)"

TARGET_REPO="iKevinY/iKevinY.github.io"
GH_PAGES_BRANCH="master"

DEVELOP_CONF="pelicanconf.py"
PUBLISH_CONF="publishconf.py"

OUTPUT_DIR="output"
REMOTE_DIR="remote"

PY_CMD="python3"
SERVER="http.server"
PORT="8000"

rootPath="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

generate_site() {
  # Based on http://zonca.github.io/2013/09/automatically-build-pelican-and-publish-to-github-pages.html
  if [ "$TRAVIS" == "true" ]; then
    # Ensure that builds triggered by pull requests are not deployed
    if [ "$TRAVIS_PULL_REQUEST" != "false" ]; then
      echo "Successfully built pull request #$TRAVIS_PULL_REQUEST."
      exit 0
    fi

    echo "Deploying site to $GH_PAGES_BRANCH branch of $TARGET_REPO."
    git config --global user.email "travis@travis-ci.org"
    git config --global user.name "Travis CI"
  else
    cd "$rootPath" || exit 1
    pelican -s $PUBLISH_CONF
  fi

  # Pull hash and commit message of the most recent commit
  commitHash=$(git rev-parse HEAD)
  commitMessage=$(git log -1 --pretty=%B)

  # Clone the GitHub Pages branch and rsync it with the newly generated files
  GITHUB_REPO=https://${GH_TOKEN:-git}@github.com/${TARGET_REPO}.git
  git clone --branch $GH_PAGES_BRANCH --depth 1 "$GITHUB_REPO" $REMOTE_DIR &> /dev/null
  rsync -r --exclude=.git --delete $OUTPUT_DIR/ $REMOTE_DIR/
  pushd $REMOTE_DIR > /dev/null

  git add -A
  git status -s

  $1  # execute the function that was passed as an argument
}

push_changes() {
  if [ "$TRAVIS" == "true" ]; then
    longMessage="Generated by $commitHash; pushed by build #$TRAVIS_BUILD_NUMBER."
    git commit -m "$commitMessage" -m "$longMessage"
    git push origin $GH_PAGES_BRANCH &> /dev/null || echo "Push failed."
  else
    read -rp "Push changes to GitHub Pages? [y/N] " response
    if [[ "$response" =~ ^[Yy]$ ]]; then
      git commit -m "$commitMessage" -m "Generated by $commitHash."
      git push origin $GH_PAGES_BRANCH
    fi

    popd > /dev/null
    rm -rf -- $REMOTE_DIR $OUTPUT_DIR && echo "Removed $REMOTE_DIR and $OUTPUT_DIR."
  fi
}

case "$1" in
  'deploy')
    generate_site push_changes
    ;;

  'diff')
    generate_site 'git --no-pager diff --cached --color-words'
    ;;

  'serve')
    developPath=${rootPath}/develop
    local_ip=$(ifconfig | grep 'inet ' | awk 'NR==2 {print $2}')

    # Seed directory with site content
    cd "$rootPath" && pelican -s $DEVELOP_CONF > /dev/null
    echo "Serving HTTP at $(tput bold)${local_ip}:${PORT}$(tput sgr0)."

    cleanup() {
      pkill -f $SERVER
      cd "$rootPath" && rm -r "$developPath" && echo && exit 0
    }

    trap cleanup SIGINT

    (pelican -rs $DEVELOP_CONF 2> /dev/null) &
    (cd "$developPath" || exit 1; $PY_CMD -m $SERVER $PORT 1> /dev/null) &
    wait
    ;;

  *)
    echo "$usage"
    exit 2
    ;;

esac
0
Mac OS El Capitan 需要 Ruby ^2.2。
brew unlink ruby; brew install Ruby
gem install travis

使用travis gem加密您的秘密PAT并更新您的.travis.yml文件。
travis encrypt  GH_TOKEN=<secret github personal access token> --add
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接