自动推送与特拉维斯一个GitHub库 [英] automated push to a github repo with travis
问题描述
我有一个gitub.io回购它承载我的网页 - 源为网页(未编译玉/萨斯code)是在一个单独的公开回购。 特拉维斯-CI 的设置看我的源回购更改并运行编译套件,生成HTML / CSS,将被推到github.io回购。
我可以设立特拉维斯自动做一个推到GitHub库我自己,如果编译通过,没有硬编码我的用户名和密码进入我的 .travis.yml 文件(显然这是一个安全问题)?
我见过这个问题,但那一点都不获得解答与特拉维斯记 - 我不认为我可以使用密钥对身份验证,因为我需要把回购或特拉维斯脚本中的私钥,这是一样大的一个安全漏洞是在把我的密码
有关谁比谁这里风时,我发现使用roidrage的回答为跳板以下信息:
-
特拉维斯使用公钥/私钥加密,以便您可以嵌入在
.travis.yml文件敏感信息。您可以安装自己的宝石名为特拉维斯,并用它来加密的东西,他们会安全地将其解密在他们的结局。文档: http://docs.travis-ci.com/user/encryption-keys/ -
在github上,可以生成在申请个人访问令牌设置。这可用于像通过应用一个密码。加密使用上述技术,并把它在你的YAML。
这可以通过存储令牌来访问GitHub上以加密的方式在.travis.yml文件来实现。请参见我们的文档有关如何对数据进行加密的例子。
至于推到GitHub的页面,有一个博客帖子总结的步骤相当不错,它甚至指向的脚本的,你可以在你的编译使用。
I have a gitub.io repo which hosts my webpage -- the source for that webpage (uncompiled Jade / Sass code) is in a separate public repo. Travis-CI is set up to watch my source repo for changes and run the compile suite, generating the HTML/CSS that will get pushed to the github.io repo.
Can I set up Travis to automatically do a push to a github repo I own if the compile passed, without hard-coding my username and password into my .travis.yml file (obviously this is a security concern)?
I've seen this question, but it wasn't answered with Travis in mind -- I don't think I can use keypair authentication because I'd need to put the private key in the repo or in the travis script, which is just as big a security hole as putting in my password.
For anyone else who winds up here, I found the following information using roidrage's answer as a springboard:
Travis uses public/private key encryption to allow you to embed sensitive information in a
.travis.ymlfile. You can install their gem called "travis" and use it to encrypt stuff, and they'll decrypt it securely on their end. Documentation: http://docs.travis-ci.com/user/encryption-keys/On github, you can generate a "personal access token" in your applications settings. This can be used like a password by applications. Encrypt that using the above technique and throw it in your yaml.
This can be achieved by storing a token to access GitHub in an encrypted way in the .travis.yml file. See our docs for examples on how to encrypt data.
As for the push to GitHub Pages, there's a blog post summing up the steps quite well, and it even points to a script that you can use in your build.
这篇关于自动推送与特拉维斯一个GitHub库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
