I see that Travis has a workflow for encrypting a files, here.
My use case is slightly simpler, I just want to generate a signature for a file that has been built on Travis-CI. Say:
hello-0.0.1-a.bin.asc
hello-0.0.1-a.bin
pubkey.gpg
<or> hello-0.0.1-a.pub
In this case hello-0.0.1-a.bin is created by a Travis build, and will be pushed to Github as a release. Likewise the signature must also be pushed to Github as a release (i.e. under the same tag).
I don't strongly care (i.e. not a deal breaker) if the private/public key-pair is unique to that build. But it would be ideal if the private/public key-pair is shared between builds.
Appreciate and hints tips or incantations.
It basically comes down to a few steps.
gpg --export-secret-keys > all.gpgtravis ruby gem to encrypt-file the gpg keyring (ex all.gpg)all.gpg.enc to your repo (NOT the unencrypted all.gpg)Add this line to your .travis.yml file to decrypt your encrypted private signing key
openssl aes-256-cbc -K $encrypted_0a6446eb3ae3_key -iv $encrypted_0a6446eb3ae3_key -in all.gpg.enc -out all.gpg -d
Import the gpg keys gpg --import all.gpg
gpg --output hello.bin.asc --sign hello.bin$ travis encrypt-file all.gpg --add encrypting all.gpg for rkh/travis-encrypt-file-example storing result as all.gpg.enc storing secure env variables for decryption Make sure to add all.gpg.enc to the git repository. Make sure not to add all.gpg to the git repository. Commit all changes to your .travis.yml.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments