-
Notifications
You must be signed in to change notification settings - Fork 0
/
.travis.yml
207 lines (188 loc) · 10.9 KB
/
.travis.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
env:
global:
- secure: "jmHlQx8VVgO5i6q2ajtIayNiK8ekeoI8CLq1rno20zYUAd2xm4me8QVI0/Kuo2FKmg0GwRB14MdjNCUQNILIDZfzmrjnTuMTHiJjnTwWPMZcCbtc6fE1XQxnGs7IUhtMLfD2TTJrOvsKdqDFi8Z3CMC9v8gh+xFepeBxYhUdpRooW727oUGnracTos+wp1jVVcCiqXjR/kdA0WaZp9FEPU+kZ3NaLcXtjLhM60reIaEhC7e/dzX84heIOP/YfquBDqArH+tUXPwmlwNi3j8jv/A9yO02Fb6c3xyTGdROCjYXy2fXxKt5d0NvELU97F8SXkTPG3Z7hDSZJ33OYukq4pvPovlDBHDN7Sr+RjYuCaNesU07ngaOLdQgqC9TzgpbAF/mXij1q2+qWYy9X0xXLC1R30wmg4X3StFZqUT8J4BCshk+7QR3vNx7e6lroJgHrnIexGQwv1F0SQThDFEP0wfBNmcQeA2tkgpuMH9USj2N6nMRPoIYA5BTVSK3Gdwcua1H6kFWv7bWOj5ADaVDCmd1SfChwQ9tQ23JBcSFxnXc5KXfaJuwLByHyYxqKc+Mwds3GtaHLCWvDEJU96GQUSl52G7MsSctXhSmouIIY4VXDBy58iYEkhzbPrXqlcj50f/CfNmuWV1XQPofgGR1ClYq63K8Z6ARnknRxzEvU9Q="
- secure: "Rm7BUT1vZe/OyRpl/Y5UiE8MgRMzYkwOoWOemLWVuqpfI4EdCfrthEIG/RwGiD1JGCmM6qOTJXvwNlAccn3+cowo/MOFtscr+dDAPv79d6Zgk8SFgcpuOcWtv6vzZ0zMrTS3aynPM4ZAXSnfDbRw3X+XUdN1I7LGhMVW4ccUQnjQD6WYj5eGxgC6hacIarDpPrUDKpcrIK3vACFNrl9cAon2ao43YUAtYXGnM4l9+mdF6mBHalilJQJDgRGicEXRMKr8PnpoaUrvKfeoZbUIDkjyEAiSyfdnXQdv3yzSYlxWmFh98nns+SGlvkA2TuqXuM6W3icwlVYhv/AZWFUkBxXxwHB+OlBRONxc03L06BeVlznnoOECXLxxgXqukJFCSa0o+9VxkVTg6AOMnUs1mmUZse9H/FlGT2uuetq3Ha40wDXvH6BN+1gbBJfe+dYODMTdm3MCk+2z95NlPaqQpYtMAnTsXMN4PkL72hV3N0ASJxG22SK7fFFrnABT31K7R3W/OCNX6KR+SUGdXPrfmNmGh7x/iP6L1gkl2xe+t3z6iy5M0zDXxZPBV9hXOU0jjoK1jl5tHo2ZeNdSmOdZF5s7VaJ4yEDqE0NniYA3Wa5s7EvCOdDdf+itXHW7x0defkA3RfPqPxNmsC7d0FFX7zP54VLhwJuZmvnmWUgeq+Y="
- secure: "pEFlv1zsFWsV5X3BwG/Wt7ejrcLbL/YK0oUZBcpZUgCnYa3u+T9aCID/s/Uw/UGR2nVE3+FK914837tKN4N0+I6jYbS111aB/mbQcgAJp/N+LmnGqH9ngNdRE347WZcOnwgPHWpoXGJ0QYZCV2U9KuvfGxwDrASAAZApGNokLbUER6JdcPyTSKLUF1EkCnZZRaOL5m4il5Kk4nl54aOl+KWrwASzH7wV6YJUf9xZTHnxMcKLChRIClCReoIveOionba6qv5211wknOS4FPXCRHig27kbnr3cJcwETM9SCD4d8GnkKZq+AAu5b207p9mkGbNF4NuU19iDihp0g4Kyqs0qg1ZtsquoZd7UBcPPqC7l+hhJdYC17t5U/9QCGi7qYDRMqw20kn80LbvmSexAoPrQK3xMCTNdxZZF3WfbXTrpkN0A6Wp2kh7dNkfVfoU5UPVulYlUkrzWCuQtziiMHLOvp0S2URLhMW1uDTK3isJSriL6SlEFkruwr/zwV1HjPIeW7Tj4PJ4gmc3UL++nkISHJAfAtj/6w9RBp40LgfinvvK0Sjy4twnY1f+By93MlnFpTxFBkJYCzmbR7he2SR7RJSXSEwObnIkHIguGXkIy4LM725BFJ8piSSNPM2e8BihGlgAke3W72jnmzf239vsQNh6tZYwIlcnpBrQGzyo="
language: python
sudo: false
cache:
apt: true
directories:
- $HOME/.pip-cache
- $HOME/gpg_install_prefix
- $HOME/.cache/pip
- $HOME/download
python:
- "2.7"
- "3.5"
- "3.6"
- "3.7"
- "3.8"
#
before_install:
- pip install pip -U
- pip install -r requirements.txt -U
install:
- travis_retry pip install -e .
script:
- travis_wait ./run_tests.py --network
after_success:
- codecov
- gpg --version
- gpg2 --version
- export GPG_EXECUTABLE=gpg2
- openssl version
- |
__heredoc__='''
# THE SCRIPT IN THIS HEREDOC IS USED TO SETUP SECRET REPO VARIABLES
#
# Load or generate secrets
source $(secret_loader.sh)
echo $TWINE_USERNAME
echo $TWINE_PASSWORD
echo $CI_GITHUB_SECRET
# In your repo directory run the command to ensure travis recognizes the repo
# It will say: Detected repository as <user>/<repo>, is this correct? |yes|
# Answer yes before running the encrypt commands.
travis status
# encrypt relevant travis variables (requires travis cli)
#sudo apt install ruby ruby-dev -y
#sudo gem install travis
SECURE_TWINE_USERNAME=$(travis encrypt --no-interactive TWINE_USERNAME=$TWINE_USERNAME)
SECURE_TWINE_PASSWORD=$(travis encrypt --no-interactive TWINE_PASSWORD=$TWINE_PASSWORD)
SECURE_CI_GITHUB_SECRET=$(travis encrypt --no-interactive CI_GITHUB_SECRET=$CI_GITHUB_SECRET)
echo "
Add the following lines to your .travis.yml
env:
global:
- secure: $SECURE_TWINE_USERNAME
- secure: $SECURE_TWINE_PASSWORD
- secure: $SECURE_CI_GITHUB_SECRET
"
# HOW TO ENCRYPT YOUR SECRET GPG KEY
IDENTIFIER="travis-ci-Erotemic"
KEYID=$(gpg --list-keys --keyid-format LONG "$IDENTIFIER" | head -n 2 | tail -n 1 | awk '{print $1}' | tail -c 9)
echo "KEYID = $KEYID"
# Export plaintext gpg public keys, private keys, and trust info
mkdir -p dev
gpg --armor --export-secret-keys $KEYID > dev/travis_secret_gpg_key.pgp
gpg --armor --export $KEYID > dev/travis_public_gpg_key.pgp
gpg --export-ownertrust > dev/gpg_owner_trust
# Encrypt gpg keys and trust with CI secret
TSP=$CI_GITHUB_SECRET openssl enc -aes-256-cbc -md MD5 -pass env:TSP -e -a -in dev/travis_public_gpg_key.pgp > dev/travis_public_gpg_key.pgp.enc
TSP=$CI_GITHUB_SECRET openssl enc -aes-256-cbc -md MD5 -pass env:TSP -e -a -in dev/travis_secret_gpg_key.pgp > dev/travis_secret_gpg_key.pgp.enc
TSP=$CI_GITHUB_SECRET openssl enc -aes-256-cbc -md MD5 -pass env:TSP -e -a -in dev/gpg_owner_trust > dev/gpg_owner_trust.enc
echo $KEYID > dev/public_gpg_key
source $(secret_unloader.sh)
# Look at what we did, clean up, and add it to git
ls dev/*.enc
rm dev/gpg_owner_trust dev/*.pgp
git status
git add dev/*.enc
git add dev/public_gpg_key
''' # <hack vim "regex" parser> '
- |
# Install a more recent version of GPG
# https://gnupg.org/download/
export GPG_INSTALL_PREFIX=$HOME/gpg_install_prefix
export LD_LIBRARY_PATH=$GPG_INSTALL_PREFIX/lib:$LD_LIBRARY_PATH
export PATH=$GPG_INSTALL_PREFIX/bin:$PATH
export CPATH=$GPG_INSTALL_PREFIX/include:$CPATH
export GPG_EXECUTABLE=$GPG_INSTALL_PREFIX/bin/gpg
ls $GPG_INSTALL_PREFIX
ls $GPG_INSTALL_PREFIX/bin || echo "no bin"
# try and have travis cache this
if [[ ! -f "$GPG_INSTALL_PREFIX/bin/gpg" ]]; then
# This part of the script installs a newer version of GPG on the CI
# machine so we can sign our releases.
mkdir -p $GPG_INSTALL_PREFIX
echo $GPG_INSTALL_PREFIX
OLD=$(pwd)
cd $GPG_INSTALL_PREFIX
pip install liberator
ERROR_FPATH=$(python -c "import liberator as ub; print(ub.grabdata(
'https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.36.tar.bz2',
hash_prefix='6e5f853f77dc04f0091d94b224cab8e669042450f271b78d0ea0219',
dpath=ub.ensuredir('$HOME/.pip-cache'), verbose=0))")
GCRYPT_FPATH=$(python -c "import liberator as ub; print(ub.grabdata(
'https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.5.tar.bz2',
hash_prefix='b55e16e838d1b1208e7673366971ae7c0f9c1c79e042f41c03d1',
dpath=ub.ensuredir('$HOME/.pip-cache'), verbose=0))")
KSBA_CRYPT_FPATH=$(python -c "import liberator as ub; print(ub.grabdata(
'https://gnupg.org/ftp/gcrypt/libksba/libksba-1.3.5.tar.bz2',
hash_prefix='60179bfd109b7b4fd8d2b30a3216540f03f5a13620d9a5b63f1f95',
dpath=ub.ensuredir('$HOME/.pip-cache'), verbose=0))")
ASSUAN_FPATH=$(python -c "import liberator as ub; print(ub.grabdata(
'https://gnupg.org/ftp/gcrypt/libassuan/libassuan-2.5.3.tar.bz2',
hash_prefix='e7ccb651ea75b07b2e687d48d86d0ab83cba8e2af7f30da2aec',
dpath=ub.ensuredir('$HOME/.pip-cache'), verbose=0))")
NTBLTLS_FPATH=$(python -c "import liberator as ub; print(ub.grabdata(
'https://gnupg.org/ftp/gcrypt/ntbtls/ntbtls-0.1.2.tar.bz2',
hash_prefix='54468208359dc88155b14cba37773984d7d6f0f37c7a4ce13868d',
dpath=ub.ensuredir('$HOME/.pip-cache'), verbose=0))")
NPTH_FPATH=$(python -c "import liberator as ub; print(ub.grabdata(
'https://gnupg.org/ftp/gcrypt/npth/npth-1.6.tar.bz2',
hash_prefix='2ed1012e14a9d10665420b9a23628be7e206fd9348111ec751349b',
dpath=ub.ensuredir('$HOME/.pip-cache'), verbose=0))")
GPG_FPATH=$(python -c "import liberator as ub; print(ub.grabdata(
'https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.17.tar.bz2',
hash_prefix='a3cd094addac62b4b4ec1683005a2bec761ea2aacf6daf904316b',
dpath=ub.ensuredir('$HOME/.pip-cache'), verbose=0))")
tar xjf $ERROR_FPATH
tar xjf $GCRYPT_FPATH
tar xjf $KSBA_CRYPT_FPATH
tar xjf $ASSUAN_FPATH
tar xjf $NTBLTLS_FPATH
tar xjf $NPTH_FPATH
tar xjf $GPG_FPATH
(cd libgpg-error-1.36 && ./configure --prefix=$GPG_INSTALL_PREFIX && make install)
(cd libgcrypt-1.8.5 && ./configure --prefix=$GPG_INSTALL_PREFIX && make install)
(cd libksba-1.3.5 && ./configure --prefix=$GPG_INSTALL_PREFIX && make install)
(cd libassuan-2.5.3 && ./configure --prefix=$GPG_INSTALL_PREFIX && make install)
(cd ntbtls-0.1.2 && ./configure --prefix=$GPG_INSTALL_PREFIX && make install)
(cd npth-1.6 && ./configure --prefix=$GPG_INSTALL_PREFIX && make install)
(cd gnupg-2.2.17 && ./configure --prefix=$GPG_INSTALL_PREFIX && make install)
echo "GPG_EXECUTABLE = '$GPG_EXECUTABLE'"
cd $OLD
fi
# Decrypt and import GPG Keys / trust
- $GPG_EXECUTABLE --version
- openssl version
- $GPG_EXECUTABLE --list-keys
- TSP=$CI_GITHUB_SECRET openssl enc -aes-256-cbc -md MD5 -pass env:TSP -d -a -in dev/travis_public_gpg_key.pgp.enc | $GPG_EXECUTABLE --import
- TSP=$CI_GITHUB_SECRET openssl enc -aes-256-cbc -md MD5 -pass env:TSP -d -a -in dev/gpg_owner_trust.enc | $GPG_EXECUTABLE --import-ownertrust
- TSP=$CI_GITHUB_SECRET openssl enc -aes-256-cbc -md MD5 -pass env:TSP -d -a -in dev/travis_secret_gpg_key.pgp.enc | $GPG_EXECUTABLE --import
- $GPG_EXECUTABLE --list-keys
- MB_PYTHON_TAG=$(python -c "import setup; print(setup.MB_PYTHON_TAG)")
- VERSION=$(python -c "import setup; print(setup.VERSION)")
- |
pip install twine
if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then
pip install six pyopenssl ndg-httpsclient pyasn1 -U --user
pip install requests[security] twine --user
elfi
if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then
pip install six twine
pip install --upgrade pyOpenSSL
fi
# Package and publish to pypi (if on release)
- |
echo "TRAVIS_BRANCH = $TRAVIS_BRANCH"
KEYID=$(cat dev/public_gpg_key)
echo "KEYID = '$KEYID'"
if [[ "$TRAVIS_BRANCH" == "release" ]]; then
export CURRENT_BRANCH=$TRAVIS_BRANCH
TAG_AND_UPLOAD=yes
else
TAG_AND_UPLOAD=no
fi
MB_PYTHON_TAG=$MB_PYTHON_TAG \
USE_GPG=True \
GPG_KEYID=$KEYID \
CURRENT_BRANCH=$TRAVIS_BRANCH \
TWINE_PASSWORD=$TWINE_PASSWORD \
TWINE_USERNAME=$TWINE_USERNAME \
GPG_EXECUTABLE=$GPG_EXECUTABLE \
DEPLOY_BRANCH=release \
TAG_AND_UPLOAD=$TAG_AND_UPLOAD \
./publish.sh