| 1 | #!/usr/bin/env bash
|
| 2 | #
|
| 3 | # Automation for Travis CI.
|
| 4 | #
|
| 5 | # Usage:
|
| 6 | # soil/travis.sh <function name>
|
| 7 | #
|
| 8 | # This contains setup for travis-ci.oilshell.org (the server), as well as the
|
| 9 | # client, which is an ephemeral machine for each Travis run.
|
| 10 | #
|
| 11 | # The server needs a public key and the client needs a private key.
|
| 12 | #
|
| 13 | # Other TODO:
|
| 14 | #
|
| 15 | # And I probably need a cron job on my own domain to administer oilshell.org
|
| 16 | # - wwz log files
|
| 17 | # - backup (does sync_logs.sh do this?)
|
| 18 | # - cleanup
|
| 19 | # - clean up old travis CI build logs
|
| 20 | # - back up /downloads/ dir
|
| 21 | #
|
| 22 | # Related docs:
|
| 23 | #
|
| 24 | # https://docs.travis-ci.com/user/environment-variables/#defining-encrypted-variables-in-travisyml
|
| 25 |
|
| 26 | # https://oncletom.io/2016/travis-ssh-deploy/
|
| 27 | # https://github.com/dwyl/learn-travis/blob/master/encrypted-ssh-keys-deployment.md
|
| 28 |
|
| 29 | set -o nounset
|
| 30 | set -o pipefail
|
| 31 | set -o errexit
|
| 32 |
|
| 33 | source soil/common.sh
|
| 34 | source soil/web-worker.sh
|
| 35 |
|
| 36 | #
|
| 37 | # Key Generation: One Time Setup
|
| 38 | #
|
| 39 |
|
| 40 | # Need to pass --pre because I hit this bug. Does not inspire confidence.
|
| 41 | # https://github.com/travis-ci/travis.rb/issues/711
|
| 42 |
|
| 43 | deps() {
|
| 44 | # travis gem needed to encrypt ssh private key (also adds to .travis.yml)
|
| 45 | sudo gem install travis --pre # --version '1.8.10'
|
| 46 | }
|
| 47 |
|
| 48 | keygen() {
|
| 49 | local comment=${1:-travis-ci.oilshell}
|
| 50 | local file=${2:-rsa_travis}
|
| 51 | ssh-keygen -t rsa -b 4096 -C "$comment" -f $file
|
| 52 | }
|
| 53 |
|
| 54 | encrypt-private-key() {
|
| 55 | ### Use travis gem to add an encrypted version to .travis.yml
|
| 56 |
|
| 57 | # 'travis login' first
|
| 58 |
|
| 59 | #travis encrypt-file ./rsa_travis --add
|
| 60 | travis encrypt-file ./rsa_travis soil/rsa_travis.enc --add
|
| 61 | }
|
| 62 |
|
| 63 | deploy-public-key() {
|
| 64 | # note: permissions must be 700
|
| 65 | ssh travis_admin@travis-ci.oilshell.org mkdir -v -p .ssh
|
| 66 |
|
| 67 | # TODO: or append it?
|
| 68 | scp rsa_travis.pub travis_admin@travis-ci.oilshell.org:.ssh/authorized_keys
|
| 69 | }
|
| 70 |
|
| 71 | decrypt-key() {
|
| 72 | local out=$1
|
| 73 | openssl aes-256-cbc \
|
| 74 | -K $encrypted_a65247dffca0_key -iv $encrypted_a65247dffca0_iv \
|
| 75 | -in soil/rsa_travis.enc -out $out -d
|
| 76 | }
|
| 77 |
|
| 78 | publish-html-assuming-ssh-key() {
|
| 79 | if true; then
|
| 80 | deploy-job-results 'travis-' \
|
| 81 | TRAVIS_JOB_NAME \
|
| 82 | TRAVIS_OS_NAME \
|
| 83 | TRAVIS_TIMER_START_TIME \
|
| 84 | TRAVIS_BUILD_WEB_URL \
|
| 85 | TRAVIS_JOB_WEB_URL \
|
| 86 | TRAVIS_BUILD_NUMBER \
|
| 87 | TRAVIS_JOB_NUMBER \
|
| 88 | TRAVIS_BRANCH \
|
| 89 | TRAVIS_COMMIT \
|
| 90 | TRAVIS_COMMIT_MESSAGE
|
| 91 | else
|
| 92 | deploy-test-wwz # dummy data that doesn't depend on the build
|
| 93 | fi
|
| 94 |
|
| 95 | write-jobs-raw 'travis-'
|
| 96 | remote-rewrite-jobs-index 'travis-'
|
| 97 |
|
| 98 | # note: we could speed jobs up by doing this separately?
|
| 99 | remote-cleanup-jobs-index 'travis-'
|
| 100 |
|
| 101 | # soil/worker.sh recorded this for us
|
| 102 | return $(cat _tmp/soil/exit-status.txt)
|
| 103 | }
|
| 104 |
|
| 105 | publish-html() {
|
| 106 | local privkey=/tmp/rsa_travis
|
| 107 |
|
| 108 | decrypt-key $privkey
|
| 109 | chmod 600 $privkey
|
| 110 | eval "$(ssh-agent -s)"
|
| 111 | ssh-add $privkey
|
| 112 |
|
| 113 | publish-html-assuming-ssh-key
|
| 114 | }
|
| 115 |
|
| 116 | #
|
| 117 | # Maintenance
|
| 118 | #
|
| 119 |
|
| 120 | # Sometimes the cache gets stale and you have to delete it. Weird.
|
| 121 | delete-caches() {
|
| 122 | travis cache -d
|
| 123 | }
|
| 124 |
|
| 125 | if test $(basename $0) = 'travis.sh'; then
|
| 126 | "$@"
|
| 127 | fi
|