用travis自动推送到github库 [英] automated push to a github repo with travis

问题描述

我有一个gitub.io仓库托管我的网页 - 该网页的源（未编译的Jade / Sass代码）在一个单独的公共仓库。 Travis-CI 设置为观看我的源代码库更改并运行编译套件，生成的HTML / CSS将被推送到github.io repo。

I have a gitub.io repo which hosts my webpage -- the source for that webpage (uncompiled Jade / Sass code) is in a separate public repo. Travis-CI is set up to watch my source repo for changes and run the compile suite, generating the HTML/CSS that will get pushed to the github.io repo.

我可以设置Travis自动做一个github repo我自己的push没有硬编码我的用户名和密码到我的 .travis.yml 文件（显然这是一个安全问题）？

Can I set up Travis to automatically do a push to a github repo I own if the compile passed, without hard-coding my username and password into my .travis.yml file (obviously this is a security concern)?

我已经看过这个问题，但它是没有回答Travis - 我不认为我可以使用密钥对身份验证，因为我需要把私钥在repo或travis脚本，这是一样大的安全漏洞作为我的

I've seen this question, but it wasn't answered with Travis in mind -- I don't think I can use keypair authentication because I'd need to put the private key in the repo or in the travis script, which is just as big a security hole as putting in my password.

对于在这里卷起的任何人，我使用roidrage的回答作为跳板找到了以下信息： p>

For anyone else who winds up here, I found the following information using roidrage's answer as a springboard:

1. Travis使用公开/私人密钥加密，以便将敏感信息嵌入到 .travis.yml 文件。你可以安装他们的名为travis的gem并使用它来加密东西，他们会在它们的末端安全地解密它。文档： http://docs.travis-ci.com/user/encryption-keys/

1. Travis uses public/private key encryption to allow you to embed sensitive information in a .travis.yml file. You can install their gem called "travis" and use it to encrypt stuff, and they'll decrypt it securely on their end. Documentation: http://docs.travis-ci.com/user/encryption-keys/

在github上，您可以在应用程序设置。这可以像应用程序的密码一样使用。

On github, you can generate a "personal access token" in your applications settings. This can be used like a password by applications. Encrypt that using the above technique and throw it in your yaml.

推荐答案

这可以通过存储令牌在.travis.yml文件中以加密方式访问GitHub来实现。有关如何加密数据的示例，请参阅我们的文档。

This can be achieved by storing a token to access GitHub in an encrypted way in the .travis.yml file. See our docs for examples on how to encrypt data.

至于推送到GitHub Pages，有一个 blog post 总结了很好的步骤，甚至指向您可以在构建中使用的脚本。

As for the push to GitHub Pages, there's a blog post summing up the steps quite well, and it even points to a script that you can use in your build.

脚本的镜像在这里： / p>

A mirror of the script is here:

#!/usr/bin/env bash

# This script was written to facilitate the deployment process of Pelican
# websites using Travis CI. See this blog post for more information:
# http://kevinyap.ca/2014/06/deploying-pelican-sites-using-travis-ci/

usage="Usage: $(basename "$0") (deploy | diff | serve)

Commands:
  deploy     Upload site to Github Pages
  diff       Compare locally generated site to live site
  serve      Generate and serve site (auto-reloads on changes)"

TARGET_REPO="iKevinY/iKevinY.github.io"
GH_PAGES_BRANCH="master"

DEVELOP_CONF="pelicanconf.py"
PUBLISH_CONF="publishconf.py"

OUTPUT_DIR="output"
REMOTE_DIR="remote"

PY_CMD="python3"
SERVER="http.server"
PORT="8000"

rootPath="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

generate_site() {
  # Based on http://zonca.github.io/2013/09/automatically-build-pelican-and-publish-to-github-pages.html
  if [ "$TRAVIS" == "true" ]; then
    # Ensure that builds triggered by pull requests are not deployed
    if [ "$TRAVIS_PULL_REQUEST" != "false" ]; then
      echo "Successfully built pull request #$TRAVIS_PULL_REQUEST."
      exit 0
    fi

    echo "Deploying site to $GH_PAGES_BRANCH branch of $TARGET_REPO."
    git config --global user.email "travis@travis-ci.org"
    git config --global user.name "Travis CI"
  else
    cd "$rootPath" || exit 1
    pelican -s $PUBLISH_CONF
  fi

  # Pull hash and commit message of the most recent commit
  commitHash=$(git rev-parse HEAD)
  commitMessage=$(git log -1 --pretty=%B)

  # Clone the GitHub Pages branch and rsync it with the newly generated files
  GITHUB_REPO=https://${GH_TOKEN:-git}@github.com/${TARGET_REPO}.git
  git clone --branch $GH_PAGES_BRANCH --depth 1 "$GITHUB_REPO" $REMOTE_DIR &> /dev/null
  rsync -r --exclude=.git --delete $OUTPUT_DIR/ $REMOTE_DIR/
  pushd $REMOTE_DIR > /dev/null

  git add -A
  git status -s

  $1  # execute the function that was passed as an argument
}

push_changes() {
  if [ "$TRAVIS" == "true" ]; then
    longMessage="Generated by $commitHash; pushed by build #$TRAVIS_BUILD_NUMBER."
    git commit -m "$commitMessage" -m "$longMessage"
    git push origin $GH_PAGES_BRANCH &> /dev/null || echo "Push failed."
  else
    read -rp "Push changes to GitHub Pages? [y/N] " response
    if [[ "$response" =~ ^[Yy]$ ]]; then
      git commit -m "$commitMessage" -m "Generated by $commitHash."
      git push origin $GH_PAGES_BRANCH
    fi

    popd > /dev/null
    rm -rf -- $REMOTE_DIR $OUTPUT_DIR && echo "Removed $REMOTE_DIR and $OUTPUT_DIR."
  fi
}

case "$1" in
  'deploy')
    generate_site push_changes
    ;;

  'diff')
    generate_site 'git --no-pager diff --cached --color-words'
    ;;

  'serve')
    developPath=${rootPath}/develop
    local_ip=$(ifconfig | grep 'inet ' | awk 'NR==2 {print $2}')

    # Seed directory with site content
    cd "$rootPath" && pelican -s $DEVELOP_CONF > /dev/null
    echo "Serving HTTP at $(tput bold)${local_ip}:${PORT}$(tput sgr0)."

    cleanup() {
      pkill -f $SERVER
      cd "$rootPath" && rm -r "$developPath" && echo && exit 0
    }

    trap cleanup SIGINT

    (pelican -rs $DEVELOP_CONF 2> /dev/null) &
    (cd "$developPath" || exit 1; $PY_CMD -m $SERVER $PORT 1> /dev/null) &
    wait
    ;;

  *)
    echo "$usage"
    exit 2
    ;;

esac

这篇关于用travis自动推送到github库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！