I see that Travis has a workflow for encrypting a files, here.
My use case is slightly simpler, I just want to generate a signature for a file that has been built on Travis-CI. Say:
hello-0.0.1-a.bin.asc
hello-0.0.1-a.bin
pubkey.gpg
<or> hello-0.0.1-a.pub
In this case hello-0.0.1-a.bin
is created by a Travis build, and will be pushed to Github as a release. Likewise the signature must also be pushed to Github as a release (i.e. under the same tag).
I don't strongly care (i.e. not a deal breaker) if the private/public key-pair is unique to that build. But it would be ideal if the private/public key-pair is shared between builds.
Appreciate and hints tips or incantations.
It basically comes down to a few steps.
gpg --export-secret-keys > all.gpg
travis
ruby gem to encrypt-file
the gpg keyring (ex all.gpg
)all.gpg.enc
to your repo (NOT the unencrypted all.gpg
)Add this line to your .travis.yml
file to decrypt your encrypted private signing key
openssl aes-256-cbc -K $encrypted_0a6446eb3ae3_key -iv $encrypted_0a6446eb3ae3_key -in all.gpg.enc -out all.gpg -d
Import the gpg keys gpg --import all.gpg
gpg --output hello.bin.asc --sign hello.bin
$ travis encrypt-file all.gpg --add encrypting all.gpg for rkh/travis-encrypt-file-example storing result as all.gpg.enc storing secure env variables for decryption Make sure to add all.gpg.enc to the git repository. Make sure not to add all.gpg to the git repository. Commit all changes to your .travis.yml.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments