From eeeb5fcfe3440b126680b0c54bd33e79cacd7724 Mon Sep 17 00:00:00 2001 From: Jason Zaugg Date: Thu, 18 Dec 2014 15:48:09 +1000 Subject: Support tag driven publishing I started with: https://github.com/scala/scala-swing/commit/a6a8e1d77e#diff-3acefdae08499733e855dd23e1af933dR8 And: - modified the regex that derives the version from the tag to handle the fact we have the scala binary version appended to our tags - Removed unnessary cross building with Scala 2.11 (as this is on the 2.10.x branch) - generated a key pair for the async repository - added passphrase for that key, and sonatype credentials, to sensitive.sbt - encrypted the secrets with the travis key. --- .travis.yml | 14 +++++++++++--- admin/build.sh | 19 +++++++++++++++++++ admin/decrypt.sh | 2 ++ admin/encrypt.sh | 2 ++ admin/encryptAll.sh | 19 +++++++++++++++++++ admin/gpg.sbt | 26 ++++++++++++++++++++++++++ admin/pubring.asc | 18 ++++++++++++++++++ admin/secring.asc.enc | 39 +++++++++++++++++++++++++++++++++++++++ build.sh | 4 ---- sensitive.sbt.enc | 7 +++++++ 10 files changed, 143 insertions(+), 7 deletions(-) create mode 100755 admin/build.sh create mode 100755 admin/decrypt.sh create mode 100755 admin/encrypt.sh create mode 100755 admin/encryptAll.sh create mode 100644 admin/gpg.sbt create mode 100644 admin/pubring.asc create mode 100644 admin/secring.asc.enc delete mode 100755 build.sh create mode 100644 sensitive.sbt.enc diff --git a/.travis.yml b/.travis.yml index 7fb860d..975aabf 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,9 +1,17 @@ language: scala + +env: + global: + - PUBLISH_JDK=openjdk6 # admin/build.sh only publishes when running on this jdk +# Don't commit sensitive files, instead commit a version encrypted with $SECRET, +# this environment variable is encrypted with this repo's private key and stored below: +# (See http://docs.travis-ci.com/user/environment-variables/#Secure-Variables.) + - secure: "YO/7YiWEirzz0EAy7oVNmAKroj4qCLZNMkPS+xW/VgeGjuEV+Nk1S7pwxF0o2OggSxIQ+a0lWSrOPQqSXMjOstDIzzGeYfuAt0+0fupXtDDge0mXpCCMadrvYzff1/5XYX0dJ+pjJmz6IgF1hliPJHIuddhhdqPxdHWTHAKm9ME=" + script: - - sbt ++$TRAVIS_SCALA_VERSION clean test publishLocal + - admin/build.sh scala: - - 2.10.3 - - 2.11.0-M6 + - 2.10.4 jdk: - openjdk6 - openjdk7 diff --git a/admin/build.sh b/admin/build.sh new file mode 100755 index 0000000..f0692c6 --- /dev/null +++ b/admin/build.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +# prep environment for publish to sonatype staging if the HEAD commit is tagged + +# git on travis does not fetch tags, but we have TRAVIS_TAG +# headTag=$(git describe --exact-match ||:) + +if [ "$TRAVIS_JDK_VERSION" == "$PUBLISH_JDK" ] && [[ "$TRAVIS_TAG" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-[A-Za-z0-9-]+)? ]]; then + echo "Going to release from tag $TRAVIS_TAG!" + myVer=$(echo $TRAVIS_TAG | sed -e s/^v// | sed -e 's/_[0-9]*\.[0-9]*//') + publishVersion='set every version := "'$myVer'"' + extraTarget="publish-signed" + + cat admin/gpg.sbt >> project/plugins.sbt + admin/decrypt.sh sensitive.sbt + (cd admin/ && ./decrypt.sh secring.asc) +fi + +sbt ++$TRAVIS_SCALA_VERSION "$publishVersion" clean update compile test $extraTarget diff --git a/admin/decrypt.sh b/admin/decrypt.sh new file mode 100755 index 0000000..3c3c602 --- /dev/null +++ b/admin/decrypt.sh @@ -0,0 +1,2 @@ +#!/bin/bash +openssl aes-256-cbc -pass "pass:$SECRET" -in $1.enc -out $1 -d -a \ No newline at end of file diff --git a/admin/encrypt.sh b/admin/encrypt.sh new file mode 100755 index 0000000..4bf6c93 --- /dev/null +++ b/admin/encrypt.sh @@ -0,0 +1,2 @@ +#!/bin/bash +openssl aes-256-cbc -pass "pass:$SECRET" -in $1 -out $1.enc -a \ No newline at end of file diff --git a/admin/encryptAll.sh b/admin/encryptAll.sh new file mode 100755 index 0000000..de7016b --- /dev/null +++ b/admin/encryptAll.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +# Based on https://gist.github.com/kzap/5819745: + +echo "This will encrypt the cleartext sensitive.sbt and admin/secring.asc, while making the encrypted versions available for decryption on Travis." +echo "Update your .travis.yml as directed, and delete the cleartext versions." +echo "Press enter to continue." +read + +# 1. create a secret, put it in an environment variable while encrypting files -- UNSET IT AFTER +export SECRET=$(cat /dev/urandom | head -c 10000 | openssl sha1) + +# 2. add the "secure: ..." line under the env section -- generate it with `` (install the travis gem first) +travis encrypt SECRET=$SECRET + +admin/encrypt.sh admin/secring.asc +admin/encrypt.sh sensitive.sbt + +echo "Remember to rm sensitive.sbt admin/secring.asc -- once you do, they cannot be recovered (except on Travis)!" \ No newline at end of file diff --git a/admin/gpg.sbt b/admin/gpg.sbt new file mode 100644 index 0000000..01157e6 --- /dev/null +++ b/admin/gpg.sbt @@ -0,0 +1,26 @@ + +addSbtPlugin("com.typesafe.sbt" % "sbt-pgp" % "0.8.3") // only added when publishing: + +// There's a companion sensitive.sbt, which was created like this: +// +// 1. in an sbt shell that has the sbt-pgp plugin, create pgp key in admin/: +// +// sbt +// set pgpReadOnly := false +// set pgpPublicRing := file("admin/pubring.asc") +// set pgpSecretRing := file("admin/secring.asc") +// pgp-cmd gen-key // use $passPhrase +// Please enter the name associated with the key: $repoName +// Please enter the email associated with the key: scala-internals@googlegroups.com +// Please enter the passphrase for the key: $passphrase +// +// 2. create sensitive.sbt with contents: +// +// pgpPassphrase := Some($passPhrase.toArray) +// +// pgpPublicRing := file("admin/pubring.asc") +// +// pgpSecretRing := file("admin/secring.asc") +// +// credentials += Credentials("Sonatype Nexus Repository Manager", "oss.sonatype.org", $sonaUser, $sonaPass) + diff --git a/admin/pubring.asc b/admin/pubring.asc new file mode 100644 index 0000000..1a9742f --- /dev/null +++ b/admin/pubring.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: BCPG v1.49 + +mQENBFSScxABCACj8nAMNdPBgCihD2b+ngYhQaIOmhPEG0Z394T1Qg8EawWhaWXH +50A3NaA5jc1+UJSQ0xyzB/95xCvTCCgWgo2q3L+hIQKoIif+7MfMCrw7CsZSuGFg +Jv46saoBvLBoeiSCI7cFYrQNh+gfTypgGtFu/BBjeIpl6RKQ1gyUdPSb0Nh/2hk9 +7ZdApoJ4PhLnEAB5ZA8YnakBicBMF8GRGEwBgA/Mw/ADGqGA9rYxcl/BT65dEbrV +onDDZUc1NCcMoHnpnzLzLnrYH0QK1GbE+UZ9eesQUts7ICTO/+YCpAYxHAqdCynF +mMHY86yXanF1AK8blGxeIagiLY1kJ9C/iUr1ABEBAAG0KGFzeW5jIDxzY2FsYS1p +bnRlcm5hbHNAZ29vZ2xlZ3JvdXBzLmNvbT6JARwEEwECAAYFAlSScxAACgkQhxTM +1mIV232fBAf/dbVxSfLptv7Y/y/v08LO3T+5eAhLDLWfVhS7sJUNWPBM2hxsSEw0 +9Wb1X15v8rv2nrxOmcOxbYiWxe2lVrxj8/J7GT8x/eVFQ4cQ7wAC6GhHNvXCTxEU +TnJAmJPPhlAeubK7b5UT3v3SpY/TM7QoE/i2PBb5VzZcc8cbqpanMODnJqQiIy4R +P89XX8TkskWnFIdir0L8TXGmp4UUBXyRc9KZwR9aXmu5f8U8p7t/DEIAZxqEv8Zf +Rud2i+JvFjY2pUj7uZZyeIlqQthegsF+/3M70pgLS26Fz0u7xEHOspzpsdsBAILB +/GrxK4BP32iLo+pgZBcLX/XEN0+scv1SJw== +=9Yrd +-----END PGP PUBLIC KEY BLOCK----- diff --git a/admin/secring.asc.enc b/admin/secring.asc.enc new file mode 100644 index 0000000..114d368 --- /dev/null +++ b/admin/secring.asc.enc @@ -0,0 +1,39 @@ +U2FsdGVkX1//i9RN+UboroXMoSax0duQzcOHgxIv95SA5BUYs5iIQeGL4RgD6mN9 +8CUA+P56ubkeP53n/ZdV3vr4KEis1wIummf/YT1jgyhntNCAWYI/Csrw/YI5rVOs +TgIp1eYQlIO2+xAjOxud+R20dATXWmn/u/onwPxZJraG4WsvWFQ6caXktVfzLag9 +u9hgLyjnXzDvagyco6GvpLBkkAxiiPKu4/vNNAwxwiYj7p+6lr724e2KTDWqAsTd +2z+oKOJsnwY4EnvyunS4/uRnXluIE8eAMxGpeLUurhWrQZ6yx6s3tShnzSL8rdf9 +hNxZQWvcYNPDBNrKMXNK2z9Y6dgV9IQE32CdozoMWl59bdNwt9exm429mp3HZkwM +NV7Y/PugVqO0F71d8i98UMnnOtYJ10Ozv8L24xCqP5M6fD7kOXIzikYBjk/2JdA4 +1xhMaBv3Ig0tu1qUrdL9nNAwjGeDgw32QPIjcf5AFzIEEOf1r7I+Im7irNGY/Iqa +/WnUvoLEuUedzxaWIatBcPWZMG2Y2UbPR4oAy8FMdA5LvTdWCfghR25tL8tYUMx4 +OIEqZ2Gp+xWJz70gQOycTfazdxP40rmbAcOmHF7BvOfs6AXHlOyKsan71CUhOTUC +J5lu0FLyVZwUp+fVovy57GvTMCka0+Tw0XVJqn+n7nXyjWUyXRG176kqkbAL7yXs +IjlYsUmeRqDexyAlKyeDiLf85LlyesadR+fknpJ4zZLjcgjd8XvI6P+srh7yXa7a +hCzGZhDM50qB098flwW5LzJaQaNpEe230lXwjzGwwdWDlpEJf/1J7Iin9CvxuRrz +0WTnQUB6kDArIJqyYFtZhSYMxRbWWDns0A69Da/rO48VGUC0J+WjXORk7Kk65O5f +6QzHYVSWFEYQkLPYDRQFwdwT9A/mh/2buAsDFO5ZEq4enf9/ntuJbVgRLm5AaNOg +SeqvZJOPU5dTSM0dlMKcEi8ePH9fNuZlX3vKS4H4giBvYQZ8b5t0AQqcZo757m58 +mwkh8HgPaz3oukrUJP0O3cmeHE4+N9Q66cbd35W2u5vM0q/OQ13UiAZNULI+dZUs +BR0e46OnW1GuVIcxKQfGhLSNB/oaPERgPwm9+UYnYCm5gF92gPcvCqTd4VvHQXcq +jD/HXOuHXsq/OeqCswasmgL1MPlmaudvS2CH9j7IgTQABEuqt3rFfqCaWB1c63Aa +pgS9jvuqq6bAoFzOdBBfn/ozTR8j4oGnoiHJte30TI8L/78mANdVxutrgBkAn8Gq +RtZX8jfZTe7FWu+4fwC8BRTDB3QFkc6hEs4BkC66JeniLA/xNiTy+Ef6OVft/BF8 +SJ+iivR+pZoCK85pgXmHM2iW6bpiS+kf1DsFuJ1PGViXpXdINhChpPikh4qpSKOr +W4OxDDcLFaLL8zn1M/ry3PPF8id6PwSWxtfzF6Ki5rd45hGjLtCbmjRNwQQ+5MrQ +DvNFlZbnf+Wj7bLK3uq4UdcxFHClHTKWPXw4BPXXXD/xZlInzGRQC2Y9mU7Meks7 +VkhM5/MfeuDEJZotgo7AdwNF1u0HcsEcPk8oz8dL5TZnix83h5rWZ8+60EWu+OO8 +usjXMKmosRZdYMjsFjJyPR5x2nMthTlu7EhG4URFhij2aggbPSEFhAjcpxSxPihH +OBA8a0o9DO6cnSFtkJNafsce9zrzmO17I/hirsG86TdXVXdZXzj6D2kWQEcdGfoN +mG6bBtPwuFFBM/i5QaWNr1QlsiuoHdbif7ik1JS5OP6u2HNWLDtr5h/N+mYYBR6S +VcSEH3QTV9zVk7oap4b0bOAkFYt4OAmykvRJBXVVN2VaoHwfDaehKO8cErlnDEVL +DqkW5Hy2cTr5XSKu7aZOkXgz043DaMRxBXjzFY1awMDrmYu1PTCmTzc1Z/8jXUay +CcU57sWROyf1tImIxXWmXZC3QiJs4mgaOK7ZQDTMaG8GJpHQAqaf+MX65idv2WvQ +oxoMjCwtV5i0D3kNVdlN4ls+bPygh8V6JPEg2nyTWzakGCywDtV6dX0uQupbuYat +l7KR52TgYY8h7NHDcFQknTQ0bzL3DuZEm51dqLc91JdgirPmKBP1xLlSKPIBsHYu +FXpwxeiPAvcsJ8bObxq/sG5LxQTOXwS/oip+ZJIRKHvIFSq4Hth0oJp16BhNfzqv +fuDRgmtgbqONkuNcgDq9tUMcsjYjfNXWeIOipbISE4xF8CsUPM29WYjcPj/x7N0p +ClbXxzev8lUJ2Kw6mTLK7C4SszxjYPrSVnl732+GFu6T7NdYWuokV2KCOIgI+fRK +fMmMQgPS+P8KSdZAWlpcMZYbHJN3ek+Ku6mTanN/9bnnvuT2ou5KKoOJFJhilGLX +CKjPBHFYMnS84rg5ZjxArchRGUzfi7FCx5MCyUvSHyZ3eBOLePZk2UFXgfxbCWYV +kTd0y/GJp4GjH08nVug5eXeP9mSE1sEDseIpnx3lnf1MSTdfUFjve64rvND/iKah diff --git a/build.sh b/build.sh deleted file mode 100755 index f1adb3a..0000000 --- a/build.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -scalac -version -mkdir -p classes -scalac -P:continuations:enable -d classes -deprecation -feature src/main/scala/scala/async/*.scala diff --git a/sensitive.sbt.enc b/sensitive.sbt.enc new file mode 100644 index 0000000..320f66e --- /dev/null +++ b/sensitive.sbt.enc @@ -0,0 +1,7 @@ +U2FsdGVkX189LDn5TWFrVGQjBYsdWBa4oV4S4qUeOxpLo7rPzNMYCINEbDVScYhK +2PyloA5GcNY9MYMNUymxpdqPczGSbguTdhMGV0Y9AlKYDFUJkAquNGGmX0inhvaO +sC0Nq3YlQlYbpAWS3JpbX1Yh5+0JyeTdwK3zxiOkBLoDHN58NPlnDjQUoIjveHao +Qo8Y3h/YFhmLMk+abN5SzmotrrSR7Xn8Jr11h9TTTU7z/diqhX0uLV0OWO4Ydp/m +63PiuBb6bgI6KkRSz7dbDeBzTMBGITy+UmymAwdBY/fQOZhFOtzEFiM/OZAA/Mv/ +iM0/XkQ9j5CC9sJerR3tJu6rgdqbEiHqi2vjz2Z2ytSY3jOSJnlGRUsJtGik8gAW +u2LRzgcTcYfEN4rMT0sLi9Omtjpzy76Ys0KZ8UdblPM= -- cgit v1.2.3