chore(build): Add encrypted ssh key for semantic-release (#20)

To allow Travis to automatically push tags back into Github. Fixes OPS-16282 & blocks #17
eventbrite · Apr 5, 2018 · a73f672 · a73f672
1 parent 6cacbfa
commit a73f672
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 0 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -11,3 +11,9 @@ cache: yarn
 # Temporarily also run the build script to make sure it works
 # (will move this to the release step once that's implemented)
 script: yarn run validate && yarn run build
+
+deploy:
+  provider: script
+  skip_cleanup: true
+  script:
+    - bash _scripts/deploy_key_decrypt.sh
diff --git a/_scripts/deploy_key_decrypt.sh b/_scripts/deploy_key_decrypt.sh
@@ -0,0 +1,15 @@
+#!/bin/bash 
+# Decrypt Github Deploy key for the Semantic Release package to be able to push tags 
+# Ubuntu-14.04
+
+# Make sure only the current user can read the private key- 
+/usr/bin/openssl aes-256-cbc -K "${encrypted_ba12a3340263_key}" -iv "${encrypted_ba12a3340263_iv}" -in git_deploy_key.enc -out /tmp/git_deploy_key -d 
+# Make sure only the current user can read the private key
+/bin/chmod 600 /tmp/git_deploy_key
+# Create a script to return the passphrase environment variable to ssh-add
+/bin/echo 'echo ${SSH_PASSPHRASE}' > /tmp/askpass && chmod +x /tmp/askpass
+# Start the authentication agent
+eval "$(ssh-agent -s)"
+# Add the key to the authentication agent
+DISPLAY=":0.0" SSH_ASKPASS="/tmp/askpass" /usr/bin/setsid ssh-add /tmp/git_deploy_key </dev/null
+
diff --git a/git_deploy_key.enc b/git_deploy_key.enc