Travis: Deploy to S3 rather than SourceForge
This has the following advantages: -- It doesn't require checking a private SSH key into the repository. (With SourceForge, an SSH key is the "keys to the kingdom".) -- If the S3 key is compromised, it is very easy to revoke it and generate a new one. -- The S3 bucket is isolated, so even if it becomes compromised, then the damage that one could do is limited. -- It's much easier to manage files through S3's web interface than through SourceForge. -- The files are served via HTTPS. -- Travis fully supports S3 as a deployment target, so this simplifies .travis.yml somewhat.
This commit is contained in:
DRC
49
.travis.yml
49
.travis.yml
@@ -34,9 +34,6 @@ matrix:
|
|||||||
compiler: gcc
|
compiler: gcc
|
||||||
env: CONFIGURE_FLAGS="--without-simd"
|
env: CONFIGURE_FLAGS="--without-simd"
|
||||||
|
|
||||||
addons:
|
|
||||||
ssh_known_hosts: shell.sourceforge.net
|
|
||||||
|
|
||||||
before_install:
|
before_install:
|
||||||
- if [ "${BUILD_OFFICIAL:-}" != "" ]; then
|
- if [ "${BUILD_OFFICIAL:-}" != "" ]; then
|
||||||
if [ "$TRAVIS_OS_NAME" = "linux" ]; then
|
if [ "$TRAVIS_OS_NAME" = "linux" ]; then
|
||||||
@@ -46,8 +43,6 @@ before_install:
|
|||||||
openssl aes-256-cbc -K $encrypted_f92e8533f6f1_key -iv $encrypted_f92e8533f6f1_iv -in ci/keys.enc -out ci/keys -d &&
|
openssl aes-256-cbc -K $encrypted_f92e8533f6f1_key -iv $encrypted_f92e8533f6f1_iv -in ci/keys.enc -out ci/keys -d &&
|
||||||
tar xf ci/keys &&
|
tar xf ci/keys &&
|
||||||
rm ci/keys &&
|
rm ci/keys &&
|
||||||
mv ci/deploy_ljt ~/.ssh/id_rsa &&
|
|
||||||
chmod 600 ~/.ssh/id_rsa &&
|
|
||||||
mv ci/gpgsign ~/src/buildscripts &&
|
mv ci/gpgsign ~/src/buildscripts &&
|
||||||
gpg --import ci/sign_ljt &&
|
gpg --import ci/sign_ljt &&
|
||||||
rm ci/sign_ljt;
|
rm ci/sign_ljt;
|
||||||
@@ -66,9 +61,11 @@ script:
|
|||||||
fi &&
|
fi &&
|
||||||
if [ "$TRAVIS_OS_NAME" = "linux" ]; then
|
if [ "$TRAVIS_OS_NAME" = "linux" ]; then
|
||||||
docker run -v $HOME/src/ljt.nightly:/root/src/ljt.nightly -v $HOME/src/buildscripts:/root/src/buildscripts -v $TRAVIS_BUILD_DIR:/root/src/libjpeg-turbo -v $HOME/.gnupg:/root/.gnupg -t dcommander/buildljt:latest bash -c "rpm --import http://pgp.mit.edu/pks/lookup?op=get\&search=0x0575F26BD5B3FDB1 && ~/src/buildscripts/buildljt -r file:///root/src/libjpeg-turbo $TRAVIS_BRANCH -v" &&
|
docker run -v $HOME/src/ljt.nightly:/root/src/ljt.nightly -v $HOME/src/buildscripts:/root/src/buildscripts -v $TRAVIS_BUILD_DIR:/root/src/libjpeg-turbo -v $HOME/.gnupg:/root/.gnupg -t dcommander/buildljt:latest bash -c "rpm --import http://pgp.mit.edu/pks/lookup?op=get\&search=0x0575F26BD5B3FDB1 && ~/src/buildscripts/buildljt -r file:///root/src/libjpeg-turbo $TRAVIS_BRANCH -v" &&
|
||||||
sudo chown -R travis:travis ~/src/ljt.nightly;
|
sudo chown -R travis:travis ~/src/ljt.nightly &&
|
||||||
|
mv ~/src/ljt.nightly/latest/log-$TRAVIS_OS_NAME.txt ~/src/ljt.nightly/latest/files/;
|
||||||
else
|
else
|
||||||
PATH=$PATH:~/src/gas-preprocessor ~/src/buildscripts/buildljt -r file://$TRAVIS_BUILD_DIR $TRAVIS_BRANCH -v;
|
PATH=$PATH:~/src/gas-preprocessor ~/src/buildscripts/buildljt -r file://$TRAVIS_BUILD_DIR $TRAVIS_BRANCH -v &&
|
||||||
|
mv ~/src/ljt.nightly/latest/log-$TRAVIS_OS_NAME.txt ~/src/ljt.nightly/latest/files/;
|
||||||
fi &&
|
fi &&
|
||||||
if [ -f .git/shallow.bak ]; then
|
if [ -f .git/shallow.bak ]; then
|
||||||
mv .git/shallow.bak .git/shallow;
|
mv .git/shallow.bak .git/shallow;
|
||||||
@@ -97,26 +94,28 @@ after_failure:
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
before_deploy:
|
|
||||||
- if [ "${BUILD_OFFICIAL:-}" != "" ]; then
|
|
||||||
eval "$(ssh-agent -s)" &&
|
|
||||||
ssh-add;
|
|
||||||
fi
|
|
||||||
|
|
||||||
deploy:
|
deploy:
|
||||||
- provider: script
|
- provider: s3
|
||||||
script:
|
bucket: libjpeg-turbo-pr
|
||||||
if [ "${BUILD_OFFICIAL:-}" != "" ]; then
|
access_key_id:
|
||||||
mv ~/src/ljt.nightly/latest/log-$TRAVIS_OS_NAME.txt ~/src/ljt.nightly/latest/files/ &&
|
secure: bmFEt4H90/oR/LiN9XI+G26Pd6hiyrTw3+Vg3lS4ynwAYk33weApaVM8CyzQTgIhGSPzFStqVm9fTrb3RmrYP/PnNS+/surOeWLkH2DMRxvc0qmetBuNx1+vAN7FUkY8MO/u5uE9WXHAdp4e64pXcLXEbKmh+wgDm72b35WmMxErtHsGbpqy+j47rQkY4BJGi7XQzjjafaamfm4PzitsjkYYsgX8KLI16jyJEIirvyDHCPTn9wKR/jSjelDl+xTlgZGuCqmLCBW8f6JgycIspWjcYfO4WpWvkbnnI2sl3rCMPvOYc4wHe8SwzG0l4tM1PblZZDRcU7vjE15PmNf1Xfq9Vx3RpgBJv+UBNL/Vn0rKdpUCeEcfC12hxrske8DWpV6waBiDivjQJreE+YRXqa5YBhV/EdkoKYCqafnJvRASlOko9evje8F9KXTNsIGTT1HPmU9QM9WoJwLs/Xa3t09EmA2IjhcuAvvUmwCTuBBQVAlDjExiTT3Zhc9IYZDD92JgpAYLgridtzR87ElOxKhTkR4PowdI6UiLYArPjMFTjoz5Rivb9qNpbLaQC8HCYgLWxpWtUTzlW/9rM8izHpF8ySFHjO6E2aA9OJFc0tcbEGwAs2jLGD01OduU+DbBfsIkW0EgfXCPbD3FVgHsn3tkuzgO/bg20SM7uuCEYKQ=
|
||||||
~/src/buildscripts/uploadljt dcommander $TRAVIS_BRANCH.$TRAVIS_OS_NAME;
|
secret_access_key:
|
||||||
fi
|
secure: mrkOpEtqd2dEmi/qNJyX9vkME+6xgVBnXaRETKF7jT+flcQCQ0ayQkRkMV7lzGqq44XFg+n6Cpfn6oW0gH9RNdcC8YQvFP+kgzPx6nw6V/M31Vz6ySapJf59HBzVevf0NJkr0/1JoWsp1iq4IoN10WPzsCXZB55Io3Cf7DgpR+yiyBlWOctDfNdjJ97Juw3ENE80MHDf0fVqdUOIknQka1p68yAGkjar9kc2Oe7o94RzzmoqEn8tuFumiBQjIcuVRALsKqz+eIxBNgkL3BF9shVyRjOWLAeBhMPVFxZs5Dgd4ECbvU0i33gfmje3d6qqcw78N2lZaLefoVvWol3pOzVO133ewOSY9/lmpqEiRUU2ohEe8T4aSoS7posBW42itUTO4Y5w+eVOnHsm4sRQaI+/AXWTe7GPel+P8Qbe8Ya10A5gnpoag7o3raRDcHx+/qaZw1Af/u4XiAOYz3be3U90Qc+YMc/kS5i8BH0GXBbSfaWQ00CwRFlZQ3n1xUqmjC2CmjZTki3W/p7mEt0DjhcH9ZIXscK603sCC+mF6pEd9019k5fG/8fr2Y4Ptai9kd3BxZJCX9/jSoMfWOBbgkA5bRgHU0xrAj+p49qD6Ej9Xr8GE3+uebz3sEuhSFRnCKwKoOHOemfgevfO2y/jQXP677WPf3xQX7bVDfTFSHU=
|
||||||
|
acl: public_read
|
||||||
|
local-dir: $HOME/src/ljt.nightly/latest/files
|
||||||
|
upload-dir: $TRAVIS_BRANCH/$TRAVIS_OS_NAME
|
||||||
on:
|
on:
|
||||||
branch: master
|
branch: master
|
||||||
- provider: script
|
condition: -n "$BUILD_OFFICIAL"
|
||||||
script:
|
- provider: s3
|
||||||
if [ "${BUILD_OFFICIAL:-}" != "" ]; then
|
bucket: libjpeg-turbo-pr
|
||||||
mv ~/src/ljt.nightly/latest/log-$TRAVIS_OS_NAME.txt ~/src/ljt.nightly/latest/files/ &&
|
access_key_id:
|
||||||
~/src/buildscripts/uploadljt dcommander $TRAVIS_BRANCH.$TRAVIS_OS_NAME;
|
secure: bmFEt4H90/oR/LiN9XI+G26Pd6hiyrTw3+Vg3lS4ynwAYk33weApaVM8CyzQTgIhGSPzFStqVm9fTrb3RmrYP/PnNS+/surOeWLkH2DMRxvc0qmetBuNx1+vAN7FUkY8MO/u5uE9WXHAdp4e64pXcLXEbKmh+wgDm72b35WmMxErtHsGbpqy+j47rQkY4BJGi7XQzjjafaamfm4PzitsjkYYsgX8KLI16jyJEIirvyDHCPTn9wKR/jSjelDl+xTlgZGuCqmLCBW8f6JgycIspWjcYfO4WpWvkbnnI2sl3rCMPvOYc4wHe8SwzG0l4tM1PblZZDRcU7vjE15PmNf1Xfq9Vx3RpgBJv+UBNL/Vn0rKdpUCeEcfC12hxrske8DWpV6waBiDivjQJreE+YRXqa5YBhV/EdkoKYCqafnJvRASlOko9evje8F9KXTNsIGTT1HPmU9QM9WoJwLs/Xa3t09EmA2IjhcuAvvUmwCTuBBQVAlDjExiTT3Zhc9IYZDD92JgpAYLgridtzR87ElOxKhTkR4PowdI6UiLYArPjMFTjoz5Rivb9qNpbLaQC8HCYgLWxpWtUTzlW/9rM8izHpF8ySFHjO6E2aA9OJFc0tcbEGwAs2jLGD01OduU+DbBfsIkW0EgfXCPbD3FVgHsn3tkuzgO/bg20SM7uuCEYKQ=
|
||||||
fi
|
secret_access_key:
|
||||||
|
secure: mrkOpEtqd2dEmi/qNJyX9vkME+6xgVBnXaRETKF7jT+flcQCQ0ayQkRkMV7lzGqq44XFg+n6Cpfn6oW0gH9RNdcC8YQvFP+kgzPx6nw6V/M31Vz6ySapJf59HBzVevf0NJkr0/1JoWsp1iq4IoN10WPzsCXZB55Io3Cf7DgpR+yiyBlWOctDfNdjJ97Juw3ENE80MHDf0fVqdUOIknQka1p68yAGkjar9kc2Oe7o94RzzmoqEn8tuFumiBQjIcuVRALsKqz+eIxBNgkL3BF9shVyRjOWLAeBhMPVFxZs5Dgd4ECbvU0i33gfmje3d6qqcw78N2lZaLefoVvWol3pOzVO133ewOSY9/lmpqEiRUU2ohEe8T4aSoS7posBW42itUTO4Y5w+eVOnHsm4sRQaI+/AXWTe7GPel+P8Qbe8Ya10A5gnpoag7o3raRDcHx+/qaZw1Af/u4XiAOYz3be3U90Qc+YMc/kS5i8BH0GXBbSfaWQ00CwRFlZQ3n1xUqmjC2CmjZTki3W/p7mEt0DjhcH9ZIXscK603sCC+mF6pEd9019k5fG/8fr2Y4Ptai9kd3BxZJCX9/jSoMfWOBbgkA5bRgHU0xrAj+p49qD6Ej9Xr8GE3+uebz3sEuhSFRnCKwKoOHOemfgevfO2y/jQXP677WPf3xQX7bVDfTFSHU=
|
||||||
|
acl: public_read
|
||||||
|
local-dir: $HOME/src/ljt.nightly/latest/files
|
||||||
|
upload-dir: $TRAVIS_BRANCH/$TRAVIS_OS_NAME
|
||||||
on:
|
on:
|
||||||
branch: dev
|
branch: dev
|
||||||
|
condition: -n "$BUILD_OFFICIAL"
|
||||||
|
|||||||
BIN
ci/keys.enc
BIN
ci/keys.enc
Binary file not shown.
Reference in New Issue
Block a user