Skip to content

Commit

Permalink
Travis: Deploy to S3 rather than SourceForge
Browse files Browse the repository at this point in the history 
This has the following advantages:
-- It doesn't require checking a private SSH key into the repository.
(With SourceForge, an SSH key is the "keys to the kingdom".)
-- If the S3 key is compromised, it is very easy to revoke it and
generate a new one.
-- The S3 bucket is isolated, so even if it becomes compromised, then
the damage that one could do is limited.
-- It's much easier to manage files through S3's web interface than
through SourceForge.
-- The files are served via HTTPS.
-- Travis fully supports S3 as a deployment target, so this simplifies
.travis.yml somewhat.
  • Loading branch information
@dcommander
dcommander committed Oct 20, 2016
1 parent 9366cf0 commit 2d4b2f1
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 25 deletions.
49 changes: 24 additions & 25 deletions .travis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,6 @@ matrix:
compiler: gcc
env: CONFIGURE_FLAGS="--without-simd"

addons:
ssh_known_hosts: shell.sourceforge.net

before_install:
- if [ "${BUILD_OFFICIAL:-}" != "" ]; then
if [ "$TRAVIS_OS_NAME" = "linux" ]; then
Expand All @@ -46,8 +43,6 @@ before_install:
openssl aes-256-cbc -K $encrypted_f92e8533f6f1_key -iv $encrypted_f92e8533f6f1_iv -in ci/keys.enc -out ci/keys -d &&
tar xf ci/keys &&
rm ci/keys &&
mv ci/deploy_ljt ~/.ssh/id_rsa &&
chmod 600 ~/.ssh/id_rsa &&
mv ci/gpgsign ~/src/buildscripts &&
gpg --import ci/sign_ljt &&
rm ci/sign_ljt;
Expand All @@ -66,9 +61,11 @@ script:
fi &&
if [ "$TRAVIS_OS_NAME" = "linux" ]; then
docker run -v $HOME/src/ljt.nightly:/root/src/ljt.nightly -v $HOME/src/buildscripts:/root/src/buildscripts -v $TRAVIS_BUILD_DIR:/root/src/libjpeg-turbo -v $HOME/.gnupg:/root/.gnupg -t dcommander/buildljt:latest bash -c "rpm --import http://pgp.mit.edu/pks/lookup?op=get\&search=0x0575F26BD5B3FDB1 && ~/src/buildscripts/buildljt -r file:///root/src/libjpeg-turbo $TRAVIS_BRANCH -v" &&
sudo chown -R travis:travis ~/src/ljt.nightly;
sudo chown -R travis:travis ~/src/ljt.nightly &&
mv ~/src/ljt.nightly/latest/log-$TRAVIS_OS_NAME.txt ~/src/ljt.nightly/latest/files/;
else
PATH=$PATH:~/src/gas-preprocessor ~/src/buildscripts/buildljt -r file://$TRAVIS_BUILD_DIR $TRAVIS_BRANCH -v;
PATH=$PATH:~/src/gas-preprocessor ~/src/buildscripts/buildljt -r file://$TRAVIS_BUILD_DIR $TRAVIS_BRANCH -v &&
mv ~/src/ljt.nightly/latest/log-$TRAVIS_OS_NAME.txt ~/src/ljt.nightly/latest/files/;
fi &&
if [ -f .git/shallow.bak ]; then
mv .git/shallow.bak .git/shallow;
Expand Down Expand Up @@ -97,26 +94,28 @@ after_failure:
fi
fi

before_deploy:
- if [ "${BUILD_OFFICIAL:-}" != "" ]; then
eval "$(ssh-agent -s)" &&
ssh-add;
fi

deploy:
- provider: script
script:
if [ "${BUILD_OFFICIAL:-}" != "" ]; then
mv ~/src/ljt.nightly/latest/log-$TRAVIS_OS_NAME.txt ~/src/ljt.nightly/latest/files/ &&
~/src/buildscripts/uploadljt dcommander $TRAVIS_BRANCH.$TRAVIS_OS_NAME;
fi
- provider: s3
bucket: libjpeg-turbo-pr
access_key_id:
secure: bmFEt4H90/oR/LiN9XI+G26Pd6hiyrTw3+Vg3lS4ynwAYk33weApaVM8CyzQTgIhGSPzFStqVm9fTrb3RmrYP/PnNS+/surOeWLkH2DMRxvc0qmetBuNx1+vAN7FUkY8MO/u5uE9WXHAdp4e64pXcLXEbKmh+wgDm72b35WmMxErtHsGbpqy+j47rQkY4BJGi7XQzjjafaamfm4PzitsjkYYsgX8KLI16jyJEIirvyDHCPTn9wKR/jSjelDl+xTlgZGuCqmLCBW8f6JgycIspWjcYfO4WpWvkbnnI2sl3rCMPvOYc4wHe8SwzG0l4tM1PblZZDRcU7vjE15PmNf1Xfq9Vx3RpgBJv+UBNL/Vn0rKdpUCeEcfC12hxrske8DWpV6waBiDivjQJreE+YRXqa5YBhV/EdkoKYCqafnJvRASlOko9evje8F9KXTNsIGTT1HPmU9QM9WoJwLs/Xa3t09EmA2IjhcuAvvUmwCTuBBQVAlDjExiTT3Zhc9IYZDD92JgpAYLgridtzR87ElOxKhTkR4PowdI6UiLYArPjMFTjoz5Rivb9qNpbLaQC8HCYgLWxpWtUTzlW/9rM8izHpF8ySFHjO6E2aA9OJFc0tcbEGwAs2jLGD01OduU+DbBfsIkW0EgfXCPbD3FVgHsn3tkuzgO/bg20SM7uuCEYKQ=
secret_access_key:
secure: mrkOpEtqd2dEmi/qNJyX9vkME+6xgVBnXaRETKF7jT+flcQCQ0ayQkRkMV7lzGqq44XFg+n6Cpfn6oW0gH9RNdcC8YQvFP+kgzPx6nw6V/M31Vz6ySapJf59HBzVevf0NJkr0/1JoWsp1iq4IoN10WPzsCXZB55Io3Cf7DgpR+yiyBlWOctDfNdjJ97Juw3ENE80MHDf0fVqdUOIknQka1p68yAGkjar9kc2Oe7o94RzzmoqEn8tuFumiBQjIcuVRALsKqz+eIxBNgkL3BF9shVyRjOWLAeBhMPVFxZs5Dgd4ECbvU0i33gfmje3d6qqcw78N2lZaLefoVvWol3pOzVO133ewOSY9/lmpqEiRUU2ohEe8T4aSoS7posBW42itUTO4Y5w+eVOnHsm4sRQaI+/AXWTe7GPel+P8Qbe8Ya10A5gnpoag7o3raRDcHx+/qaZw1Af/u4XiAOYz3be3U90Qc+YMc/kS5i8BH0GXBbSfaWQ00CwRFlZQ3n1xUqmjC2CmjZTki3W/p7mEt0DjhcH9ZIXscK603sCC+mF6pEd9019k5fG/8fr2Y4Ptai9kd3BxZJCX9/jSoMfWOBbgkA5bRgHU0xrAj+p49qD6Ej9Xr8GE3+uebz3sEuhSFRnCKwKoOHOemfgevfO2y/jQXP677WPf3xQX7bVDfTFSHU=
acl: public_read
local-dir: $HOME/src/ljt.nightly/latest/files
upload-dir: $TRAVIS_BRANCH/$TRAVIS_OS_NAME
on:
branch: master
- provider: script
script:
if [ "${BUILD_OFFICIAL:-}" != "" ]; then
mv ~/src/ljt.nightly/latest/log-$TRAVIS_OS_NAME.txt ~/src/ljt.nightly/latest/files/ &&
~/src/buildscripts/uploadljt dcommander $TRAVIS_BRANCH.$TRAVIS_OS_NAME;
fi
condition: -n "$BUILD_OFFICIAL"
- provider: s3
bucket: libjpeg-turbo-pr
access_key_id:
secure: bmFEt4H90/oR/LiN9XI+G26Pd6hiyrTw3+Vg3lS4ynwAYk33weApaVM8CyzQTgIhGSPzFStqVm9fTrb3RmrYP/PnNS+/surOeWLkH2DMRxvc0qmetBuNx1+vAN7FUkY8MO/u5uE9WXHAdp4e64pXcLXEbKmh+wgDm72b35WmMxErtHsGbpqy+j47rQkY4BJGi7XQzjjafaamfm4PzitsjkYYsgX8KLI16jyJEIirvyDHCPTn9wKR/jSjelDl+xTlgZGuCqmLCBW8f6JgycIspWjcYfO4WpWvkbnnI2sl3rCMPvOYc4wHe8SwzG0l4tM1PblZZDRcU7vjE15PmNf1Xfq9Vx3RpgBJv+UBNL/Vn0rKdpUCeEcfC12hxrske8DWpV6waBiDivjQJreE+YRXqa5YBhV/EdkoKYCqafnJvRASlOko9evje8F9KXTNsIGTT1HPmU9QM9WoJwLs/Xa3t09EmA2IjhcuAvvUmwCTuBBQVAlDjExiTT3Zhc9IYZDD92JgpAYLgridtzR87ElOxKhTkR4PowdI6UiLYArPjMFTjoz5Rivb9qNpbLaQC8HCYgLWxpWtUTzlW/9rM8izHpF8ySFHjO6E2aA9OJFc0tcbEGwAs2jLGD01OduU+DbBfsIkW0EgfXCPbD3FVgHsn3tkuzgO/bg20SM7uuCEYKQ=
secret_access_key:
secure: mrkOpEtqd2dEmi/qNJyX9vkME+6xgVBnXaRETKF7jT+flcQCQ0ayQkRkMV7lzGqq44XFg+n6Cpfn6oW0gH9RNdcC8YQvFP+kgzPx6nw6V/M31Vz6ySapJf59HBzVevf0NJkr0/1JoWsp1iq4IoN10WPzsCXZB55Io3Cf7DgpR+yiyBlWOctDfNdjJ97Juw3ENE80MHDf0fVqdUOIknQka1p68yAGkjar9kc2Oe7o94RzzmoqEn8tuFumiBQjIcuVRALsKqz+eIxBNgkL3BF9shVyRjOWLAeBhMPVFxZs5Dgd4ECbvU0i33gfmje3d6qqcw78N2lZaLefoVvWol3pOzVO133ewOSY9/lmpqEiRUU2ohEe8T4aSoS7posBW42itUTO4Y5w+eVOnHsm4sRQaI+/AXWTe7GPel+P8Qbe8Ya10A5gnpoag7o3raRDcHx+/qaZw1Af/u4XiAOYz3be3U90Qc+YMc/kS5i8BH0GXBbSfaWQ00CwRFlZQ3n1xUqmjC2CmjZTki3W/p7mEt0DjhcH9ZIXscK603sCC+mF6pEd9019k5fG/8fr2Y4Ptai9kd3BxZJCX9/jSoMfWOBbgkA5bRgHU0xrAj+p49qD6Ej9Xr8GE3+uebz3sEuhSFRnCKwKoOHOemfgevfO2y/jQXP677WPf3xQX7bVDfTFSHU=
acl: public_read
local-dir: $HOME/src/ljt.nightly/latest/files
upload-dir: $TRAVIS_BRANCH/$TRAVIS_OS_NAME
on:
branch: dev
condition: -n "$BUILD_OFFICIAL"
Binary file modified ci/keys.enc
View file
Binary file not shown.

0 comments on commit 2d4b2f1

Please sign in to comment.