Support tag driven releases

retronym · retronym · commit c5fa6780d0dd · 2015-01-12T15:19:26.000+10:00
Creating a tag via a GitHub release will trigger a Travis CI
build that will publish to Sonatype OSS staging.
diff --git a/.travis.yml b/.travis.yml
@@ -1,6 +1,13 @@
 language: scala
+env:
+  global:
+    - PUBLISH_JDK=oraclejdk8 # admin/build.sh only publishes when running on this jdk
+# Don't commit sensitive files, instead commit a version encrypted with $SECRET,
+# this environment variable is encrypted with this repo's private key and stored below:
+# (See http://docs.travis-ci.com/user/environment-variables/#Secure-Variables.)
+  secure: "sGB53QddmPmQ4ftCGYxT0gaJcFt0bpMJoGxJRJCFTxdzg6nNMqJ9qDWbyJo7vDFx30axNQlyBH928pUiS5KfsmvzVdoVHUBEUJlF1lBurlpx06tGLuBdcFDwUF5ybi7SGRNdUPuX/6uLdgK5clpcW16/pcfT5Qr5vo/0mvPY85s="
 script:
-  - sbt ++$TRAVIS_SCALA_VERSION clean test publishLocal
+  - admin/build.sh
 scala:
   - 2.10.4
   - 2.11.4
diff --git a/admin/build.sh b/admin/build.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# prep environment for publish to sonatype staging if the HEAD commit is tagged
+
+# git on travis does not fetch tags, but we have TRAVIS_TAG
+# headTag=$(git describe --exact-match ||:)
+
+if [ "$TRAVIS_JDK_VERSION" == "$PUBLISH_JDK" ] && [[ "$TRAVIS_TAG" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-[A-Za-z0-9-]+)? ]]; then
+  echo "Going to release from tag $TRAVIS_TAG!"
+  myVer=$(echo $TRAVIS_TAG | sed -e s/^v// | sed -e 's/_[0-9]*\.[0-9]*//')
+  publishVersion='set every version := "'$myVer'"'
+  extraTarget="publish-signed"
+
+  cat admin/gpg.sbt >> project/plugins.sbt
+  admin/decrypt.sh sensitive.sbt
+  (cd admin/ && ./decrypt.sh secring.asc)
+fi
+
+sbt ++$TRAVIS_SCALA_VERSION "$publishVersion" clean update test publishLocal $extraTarget
diff --git a/admin/decrypt.sh b/admin/decrypt.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+openssl aes-256-cbc -pass "pass:$SECRET" -in $1.enc -out $1 -d -a
diff --git a/admin/encrypt.sh b/admin/encrypt.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+openssl aes-256-cbc -pass "pass:$SECRET" -in $1 -out $1.enc -a
diff --git a/admin/encryptAll.sh b/admin/encryptAll.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# Based on https://gist.github.com/kzap/5819745:
+
+echo "This will encrypt the cleartext sensitive.sbt and admin/secring.asc, while making the encrypted versions available for decryption on Travis."
+echo "Update your .travis.yml as directed, and delete the cleartext versions."
+echo "Press enter to continue."
+read
+
+# 1. create a secret, put it in an environment variable while encrypting files -- UNSET IT AFTER
+export SECRET=$(cat /dev/urandom | head -c 10000 | openssl sha1)
+
+# 2. add the "secure: ..." line under the env section -- generate it with ``  (install the travis gem first)
+travis encrypt SECRET=$SECRET
+
+admin/encrypt.sh admin/secring.asc
+admin/encrypt.sh sensitive.sbt
+
+echo "Remember to rm sensitive.sbt admin/secring.asc -- once you do, they cannot be recovered (except on Travis)!"
diff --git a/admin/gpg.sbt b/admin/gpg.sbt
@@ -0,0 +1,26 @@
+
+addSbtPlugin("com.typesafe.sbt" % "sbt-pgp" % "0.8.3") // only added when publishing:
+
+// There's a companion sensitive.sbt, which was created like this:
+//
+// 1. in an sbt shell that has the sbt-pgp plugin, create pgp key in admin/:
+//
+// sbt
+//  set pgpReadOnly := false
+//  set pgpPublicRing := file("admin/pubring.asc")
+//  set pgpSecretRing := file("admin/secring.asc")
+//  pgp-cmd gen-key // use $passPhrase
+// 	 Please enter the name associated with the key: $repoName
+// 	 Please enter the email associated with the key: scala-internals@googlegroups.com
+// 	 Please enter the passphrase for the key: $passphrase
+//
+// 2. create sensitive.sbt with contents:
+//
+// pgpPassphrase := Some($passPhrase.toArray)
+//
+// pgpPublicRing := file("admin/pubring.asc")
+//
+// pgpSecretRing := file("admin/secring.asc")
+//
+// credentials   += Credentials("Sonatype Nexus Repository Manager", "oss.sonatype.org", $sonaUser, $sonaPass)
+
diff --git a/admin/pubring.asc b/admin/pubring.asc
@@ -0,0 +1,18 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: BCPG v1.49
+
+mQENBFSzVhYBCADp261YcgfWCNZ/IrSpvk1LaqnomeDjktUuCy3LD0WQ/B750vpV
+gograxIWDfGK3TaHHdiRTV0OmfhhA6Dv/E8wFiHc1psn8mtaL+tQQcFHCLqBnTEe
+/VQXZLrHoFsMSBRrFY0rHZGXtCS0DKIxSeqlba4RH9eS4Q35LzBjMBLKewBCwben
+mDMOMxLgTS21xqe7OoyrcQGg3nFPLBMM8hgrqmVH9lYc5c2NuTMSHC4/wUozTwMm
+SxmEQ1Ga2lEpVAcaJ6r7bz0+QwX62cMs57nkGuf3SP2D5/+igDkkoVb447wESHHG
+s3BZw9ThblHXJOZ5Xb64fvQ3/vCjivLqZIepABEBAAG0NXNjYWxhLWphdmE4LWNv
+bXBhdCA8c2NhbGEtaW50ZXJuYWxzQGdvb2dsZWdyb3Vwcy5jb20+iQEcBBMBAgAG
+BQJUs1YWAAoJEF7zF/88US8Xdw4IAJmPcOka4Tc5s5eYAdwZuNOqUiuNO3/9+Za6
+tdGZQfQxUVN5PdgXhAGiKfRxrtSTjfzN+O/wiF/7NDqOQXBHNEx53Rzucq770WvL
+G5hUwr8MJB577OIyU2CQquslva3h2LbOt8lEHplLy0tI00zm6ueJNmxq36C4Mu3h
+l6QMs0zd29OqtUjWpkUNRnz+1HSdhRCPZNhX1bjhRaJARrhUtP24+g3wKgjg3H95
+yjPh4951r21w/x7msu+w0vSpdA7j/VJIzql6+2exh14YeLx9AFVDgvkJE6McHXX3
+ccr1eQ0FjYpWWUrBMXpS1Pz4SiwXEOOhs1xtsM7fHuikqhkXfHg=
+=oZnQ
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/admin/secring.asc.enc b/admin/secring.asc.enc
@@ -0,0 +1,40 @@
+U2FsdGVkX1/DTFr0XPXF8oOHqDacn6gihvunVNWyqTWG2EXA5HNZn59hWeflnCXg
+lW+dqKqUDhKrlLmLkOvmHKN4Fx/3T0L5xFWvB4P37YzLlxeApzqRcfIteK6j+1Eh
+wib8bRZBRwQJw/Se4UhAaofiHQ4V+j76jIjlolatcBNKf9V8+ceG3iyer4fvBdnB
+KnhNqG9rIEiDOcGMScqNuHZFcraJ+FZL/3/dNzfm/A/aB15kJ+ukQs6MyzLh/30+
+ttHBzLf3Hbd7j8AcIweNCbQ5/gOqen3PFxzM59OUUTJe7/JtNbFQBQEZFXH+U/cx
+DY65izT3UkrUOJ02eNrYsDiTZdKz8VGEKQImiMeFkqX3LjGNHUGOe0rA33LW25dT
+cXCNkWWegdXd3KkUPXUjPvABMAhnC+dU8nl4d87UUEVLZvB5wyOV9P5sFUcvvZaH
+k7aHL/IYFqutlvCZ2NFjonFolaeVvf+p33A2UIswCa0zCZwR1rvtkL0irAApCQ5g
+LCSP5t1LBP/F/O8AAAd5tm6t3XWoQs7POKv3MMEgFdQHKj6KXtMxpI5Il+WiXlKD
+aEGY3AH5kia9UkjclHfbrPJS/NkDyINGw9KzZcr/CO29sgm3oxuy3wRhWp2Gbqi1
+eYccgYw4jJw2gmdTf7bOE9WzGqkq7B2/oP1FoS4KPJS5nj57kRjaJRW/0dkzdQVg
+LwcnnTL+pJNGRXiN9rAj1fBXvtj3J/Hx19jKcRoXW6OdemSIJw7M2EpWMaXTRDP3
+iLIL00BnU584IwzAM7AXlio4dxRn+Y/U3czCaaCP22uJuFoJo8+ImjerYnU520qD
+lIbFS1eNNA2YcWLMs9THCR8eDvYyjHdTtWU67RQluesFRwFhtiPwz9AOa8NJ0tvP
+OnBEklN/o75cNYGlTdEfKBh9Q8Qy+j0ini8W7XkV9lXUNMScRngQ9xfASm19W5Ch
+QOQWiqTmjz3kUlJ2KS1xD+GlFP/U+wk1vCdQy0gaheDjO15NvqfugFTCebMj2t9Z
+RN5wxou+rJZ7RsOpst5UvS78CuIPGi5zbCXCR3NaQVGy1aQ8zLLHIYzmnd1/kLi5
+pZ0DfIsWlqq8kZmnXr6fHJN0QvrEAlMi+KAvdJvPjKEA+GLKcPNBp8BMWsBDEpwg
+kNE6fCj/Hd5jvzHVK32JbB5jldml5Em3wqjuIRkATmF8x9jek3t+5OIeDxoaMeOz
+GJU3VL2w+L5GKOdbcIyE0bPkdYaIo5XXs+DQNdceZorRtMk6NDh8fzkI6ePMxbk/
+s6/lIsgsX6niZUjHUtASYOGy/3c8Eh/MJmj0UXjhwmMADUaMalvhxU0HBF/5euoC
+/lMje7QT2aIyQW18wC4ouSVJpYRAivPm3Qy1TbqnL/FxK8K1D7ympRM9kyGjwoCv
+/35LU0XvQgzsd+f/VdcDRUWWx58Cel8sMHwybiJ7rROPBwdm42CL+fTfSfC9xufS
+hrzzV/OApp8eHndwNEg3m5ndFZvq7CcWpJZnr9ParQNvy7AYxRjPGJc8wmoBgcND
+a4tGLWLjKaVeZYsFHCIE/uPMqsuO1ROEkBeQc7yxKssW+cyCjEkTuFwrAI89ycgk
+nzPWzJtc2vSyYKy5qlZkft1gX1S2icVxMFhppQtx7+LRn0gTPjIXCNtA1icMro58
+cY2Yc5sc0y5MdsPU+gS9lm1jOg2iEEhVv7v3PwLrNYy+XuBh3LxMy8Hwf2qCfFHE
+CbWOIM1QMaJAN0NyoWhb6zuLewAj2G4L3fstPo0F/GmsQpV++6hIsaPlqunSx/sR
+2BUGth2cAKFlNw25nLJp5xbUG/V8BPlLb+B8635R4ATQfQtXkVJDoG7eZ3J32Isu
+nI21JFZOBkriTYcOWnt5KJVCl1TRh+OgXzeK54COVDMUa9L/oSqvRT0TUOEoYieI
+w6Ji4KpxqIB3tz3QYN3hEooTg1XxN+QGS3l18GGg7fBFNzDD+Yz61co5WZocV6fh
+4yZqHx8XHlh564b+x1jBE5sQ06axHJG0lYX/kesf6kwkYAZhCqLS7zBcxcDDmapc
+nNCrUnYlunoSf6nt7AU0QlOre3a7CIaMvVivSbkMbheAHLEqRjww/U77va7oGeFv
+ipLi1enMmre+ubjS+/VNpurN7e+qVj6RT1JcnTfyGM7/HIj97OGHEzc0YXoyKgKb
+H15LZ2qTq1HjvIfVTZGDMv9m9LKW62DHhp0LTBawALQCZzfPaaI3JwBMgTvhFZcT
+Cmv0re9DSpgunsX9N5t7bUQ6C/raChhu7UGUwrFkSOu00+3eYn30hqlCyAyR8QU6
+yA/Wxb+7eNZH5ZM5MCAWcCrgsv1IGOMBFB+4i9Ti/USkHapL4L2jdrJcvbhQjfKP
+2ktZTg/Ji7RwqJ3wIJReTCd8N0cNI8H2zAtFST9Vgtwx9tVqluOd7Ldn2hUOhImz
+64oMMZq+zS+Vquc+7xs/zpTeMN+2cFlRsye+Jrqac522suwPTw9g07gx+BM2cH98
+pCaY3ZBmWKT5lSx0yURiGg==
diff --git a/sensitive.sbt.enc b/sensitive.sbt.enc
@@ -0,0 +1,7 @@
+U2FsdGVkX18PW91o6/n5xLjlSIP+q3wKS3jHVWD5fbGyq6eu9milKZ3bl6i3YmQX
+t6NiVtuFuJjix9pqlNgSc4SNInGnvI0kfyYTtcp0/CdZsKsmfUL5lRYxyOo2NIM5
+z/yXD7C9eU1ul48CXNgVOAC2F4w25bdI0iQzvUPRYG5gkiofdP7KL6n0yOlGnSJN
+M0KhTrqCLcqVG4cRBZ9Q3+Rip8Lr/F00NSBUcSyL06kag/Zd/iCf3xm76eX/WN59
+Wofi5p+nvPqYSCJc+e/8Dx+aiyj0m2aeXYzwiYDdUQlBGUk8f2+CPy1NlEPGMuET
+6p2zc60YT/ohUp1YUGxbvIlZ7S1FzMmiJvpT1VcnouIAYAOVGHqW0ClbPmmXiTkW
+W/cGjYYDKiZNQ+8qXhfrF7rxJYiJ8LPMioh5mnzlBSk=

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+#!/bin/bash`
	`2`	`+openssl aes-256-cbc -pass "pass:$SECRET" -in $1.enc -out $1 -d -a`