使用 travis 自动推送到 github 存储库 [英] automated push to a github repo with travis

问题描述

我有一个托管我的网页的 gitub.io 存储库——该网页的源代码(未编译的 Jade/Sass 代码)位于一个单独的公共存储库中.Travis-CI 设置为查看我的源代码库的更改并运行编译套件，生成将被推送到 github.io 存储库的 HTML/CSS.

I have a gitub.io repo which hosts my webpage -- the source for that webpage (uncompiled Jade / Sass code) is in a separate public repo. Travis-CI is set up to watch my source repo for changes and run the compile suite, generating the HTML/CSS that will get pushed to the github.io repo.

如果编译通过，我可以将 Travis 设置为自动推送到我拥有的 github 存储库，而无需将我的用户名和密码硬编码到我的 .travis.yml 文件中(显然这是安全问题)?

Can I set up Travis to automatically do a push to a github repo I own if the compile passed, without hard-coding my username and password into my .travis.yml file (obviously this is a security concern)?

我见过这个问题，但不是't 考虑到 Travis - 我不认为我可以使用密钥对身份验证，因为我需要将私钥放在 repo 或 travis 脚本中，这与输入密码一样大的安全漏洞.

I've seen this question, but it wasn't answered with Travis in mind -- I don't think I can use keypair authentication because I'd need to put the private key in the repo or in the travis script, which is just as big a security hole as putting in my password.

对于来到这里的其他人，我使用 roidrage 的答案作为跳板找到了以下信息:

For anyone else who winds up here, I found the following information using roidrage's answer as a springboard:

1. Travis 使用公钥/私钥加密来允许您在 .travis.yml 文件中嵌入敏感信息.你可以安装他们的名为travis"的 gem 并用它来加密东西，他们会在最后安全地解密它.文档:http://docs.travis-ci.com/user/encryption-keys/

1. Travis uses public/private key encryption to allow you to embed sensitive information in a .travis.yml file. You can install their gem called "travis" and use it to encrypt stuff, and they'll decrypt it securely on their end. Documentation: http://docs.travis-ci.com/user/encryption-keys/

在 github 上，您可以在应用程序设置中生成个人访问令牌".这可以像密码一样被应用程序使用.使用上述技术对其进行加密并将其放入您的 yaml 中.

On github, you can generate a "personal access token" in your applications settings. This can be used like a password by applications. Encrypt that using the above technique and throw it in your yaml.

推荐答案

这可以通过在 .travis.yml 文件中以加密方式存储访问 GitHub 的令牌来实现.有关如何加密数据的示例，请参阅我们的文档.

This can be achieved by storing a token to access GitHub in an encrypted way in the .travis.yml file. See our docs for examples on how to encrypt data.

至于推送到 GitHub Pages，有一个 博客文章很好地总结了步骤，它甚至指向您可以在构建中使用的脚本.

As for the push to GitHub Pages, there's a blog post summing up the steps quite well, and it even points to a script that you can use in your build.

脚本的镜像在这里:

#!/usr/bin/env bash

# This script was written to facilitate the deployment process of Pelican
# websites using Travis CI. See this blog post for more information:
# http://kevinyap.ca/2014/06/deploying-pelican-sites-using-travis-ci/

usage="Usage: $(basename "$0") (deploy | diff | serve)

Commands:
  deploy     Upload site to Github Pages
  diff       Compare locally generated site to live site
  serve      Generate and serve site (auto-reloads on changes)"

TARGET_REPO="iKevinY/iKevinY.github.io"
GH_PAGES_BRANCH="master"

DEVELOP_CONF="pelicanconf.py"
PUBLISH_CONF="publishconf.py"

OUTPUT_DIR="output"
REMOTE_DIR="remote"

PY_CMD="python3"
SERVER="http.server"
PORT="8000"

rootPath="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

generate_site() {
  # Based on http://zonca.github.io/2013/09/automatically-build-pelican-and-publish-to-github-pages.html
  if [ "$TRAVIS" == "true" ]; then
    # Ensure that builds triggered by pull requests are not deployed
    if [ "$TRAVIS_PULL_REQUEST" != "false" ]; then
      echo "Successfully built pull request #$TRAVIS_PULL_REQUEST."
      exit 0
    fi

    echo "Deploying site to $GH_PAGES_BRANCH branch of $TARGET_REPO."
    git config --global user.email "travis@travis-ci.org"
    git config --global user.name "Travis CI"
  else
    cd "$rootPath" || exit 1
    pelican -s $PUBLISH_CONF
  fi

  # Pull hash and commit message of the most recent commit
  commitHash=$(git rev-parse HEAD)
  commitMessage=$(git log -1 --pretty=%B)

  # Clone the GitHub Pages branch and rsync it with the newly generated files
  GITHUB_REPO=https://${GH_TOKEN:-git}@github.com/${TARGET_REPO}.git
  git clone --branch $GH_PAGES_BRANCH --depth 1 "$GITHUB_REPO" $REMOTE_DIR &> /dev/null
  rsync -r --exclude=.git --delete $OUTPUT_DIR/ $REMOTE_DIR/
  pushd $REMOTE_DIR > /dev/null

  git add -A
  git status -s

  $1  # execute the function that was passed as an argument
}

push_changes() {
  if [ "$TRAVIS" == "true" ]; then
    longMessage="Generated by $commitHash; pushed by build #$TRAVIS_BUILD_NUMBER."
    git commit -m "$commitMessage" -m "$longMessage"
    git push origin $GH_PAGES_BRANCH &> /dev/null || echo "Push failed."
  else
    read -rp "Push changes to GitHub Pages? [y/N] " response
    if [[ "$response" =~ ^[Yy]$ ]]; then
      git commit -m "$commitMessage" -m "Generated by $commitHash."
      git push origin $GH_PAGES_BRANCH
    fi

    popd > /dev/null
    rm -rf -- $REMOTE_DIR $OUTPUT_DIR && echo "Removed $REMOTE_DIR and $OUTPUT_DIR."
  fi
}

case "$1" in
  'deploy')
    generate_site push_changes
    ;;

  'diff')
    generate_site 'git --no-pager diff --cached --color-words'
    ;;

  'serve')
    developPath=${rootPath}/develop
    local_ip=$(ifconfig | grep 'inet ' | awk 'NR==2 {print $2}')

    # Seed directory with site content
    cd "$rootPath" && pelican -s $DEVELOP_CONF > /dev/null
    echo "Serving HTTP at $(tput bold)${local_ip}:${PORT}$(tput sgr0)."

    cleanup() {
      pkill -f $SERVER
      cd "$rootPath" && rm -r "$developPath" && echo && exit 0
    }

    trap cleanup SIGINT

    (pelican -rs $DEVELOP_CONF 2> /dev/null) &
    (cd "$developPath" || exit 1; $PY_CMD -m $SERVER $PORT 1> /dev/null) &
    wait
    ;;

  *)
    echo "$usage"
    exit 2
    ;;

esac

这篇关于使用 travis 自动推送到 github 存储库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！