RubyGems - travis - Versions diffs - 1.7.1.travis.613.5 → 1.7.1 - Mend

travis 1.7.1.travis.613.5 → 1.7.1

Files changed (9) hide show

checksums.yaml +5 -13
data/README.md +7 -2
data/lib/travis/cli/encrypt.rb +5 -0
data/lib/travis/cli/sshkey.rb +3 -2
data/lib/travis/version.rb +1 -1
data/travis.gemspec +5 -5
metadata +43 -42
data/examples/cli/encrypt_file.md +0 -88
data/examples/cli/private_dependencies.md +0 -253

checksums.yaml CHANGED Viewed

@@ -1,15 +1,7 @@
 ---
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    ZmZmNjIyNDM1ZGVjNzM1NGVjZjA5NTAyMDc3NjFkYThkNzNjOGYxYw==
-  data.tar.gz: !binary |-
-    NTNjZjBiMGJjOGQ2OTIxYTk2MWY5Y2FkNzIyYjhkY2NlODdlNGE1Yg==
+SHA1:
+  metadata.gz: 2bbe32794af4faecd1efdc98fc741b211b423125
+  data.tar.gz: af3729cc6a768fe277c05e0928d7e98862f110d8
 SHA512:
-  metadata.gz: !binary |-
-    MjVkMmQ4NDYxNDFiYzcwYWU3ZTc0NWYyYWQwOTQyZjRiZjI4MTEyNWYxMjFh
-    YTE0ZGJkMTQ2NjNjOTA5NTE3MWE4ODQ0M2VmYmQxNDQ1MjI5N2JjMzExNzVl
-    N2IyMmEwMzIyMzJkMGY2ZTlmNDM0YTY4ZjA3ZmFjZmE5OTZhNDU=
-  data.tar.gz: !binary |-
-    NmYzZTc2NzY3NzQxMTJkMzAxOTg2ODU0M2I1ZWNkNjNmNzUwMGQwN2I0YmQ3
-    MDk1MGIzZTA4Y2YyYzdmZjUwNmYxNGVmY2UwZWY4MDg5NGE1ZTIxNDJjOTJj
-    NzY0ODI3ZWVkYjQ1NDQ4ZWI5ZjkzMjQzNTBkM2MxYzU0YzYwMGY=
+  metadata.gz: 97a56cd715c0ee8c6fe5630df0c2821cf109b3f7501f7fae8feb57ada9b2a8562d1c9d663c8d22d589b74bad85d2e96bed33a924432a7cda5acb3bdf7bf3748e
+  data.tar.gz: fa580f8c64a0b78923ee35114c8154f92f4195305c35bcfb8ebd7a43895aa318ddf7a3c5d714f0bff3580314a843afb3ab9214c3b686385f4ad7dc79c1d76432

data/README.md CHANGED Viewed

@@ -1964,12 +1964,12 @@ You can check your Ruby version by running `ruby -v`:
 Then run:
-    $ gem install travis -v 1.7.0 --no-rdoc --no-ri
+    $ gem install travis -v 1.7.1 --no-rdoc --no-ri
 Now make sure everything is working:
     $ travis version
-    1.7.0
+    1.7.1
 See also [Note on Ubuntu](#note-on-ubuntu) below.
@@ -2054,6 +2054,11 @@ If you have the old `travis-cli` gem installed, you should `gem uninstall travis
 ## Version History
+**1.7.1** (August 9, 2014)
+* Better error message when trying to encrypt a string that is too long.
+* Fix Validation failed error using `travis sshkey --upload`.
 **1.7.0** (August 5, 2014)
 * Add `travis encrypt-file`.

data/lib/travis/cli/encrypt.rb CHANGED Viewed

@@ -45,6 +45,11 @@ module Travis
           list = encrypted.map { |data| format(data.inspect, "  secure: %s") }
           say(list.join("\n"), template(__FILE__), :none)
         end
+      rescue OpenSSL::PKey::RSAError => error
+        error "#{error.message.sub(" for key size", "")} - consider using "    <<
+          color("travis encrypt-file", [:red, :bold]) <<
+          color(" or ", :red)                         <<
+          color("travis env set", [:red, :bold])
       end
       private

data/lib/travis/cli/sshkey.rb CHANGED Viewed

@@ -52,12 +52,13 @@ module Travis
       def generate_key
         github.with_basic_auth do |gh|
+          login = gh['user']['login']
           check_access(gh)
           empty_line
           say "Generating RSA key."
           private_key        = Tools::SSLKey.generate_rsa
-          self.description ||= "key for fetching dependencies for #{slug}"
+          self.description ||= "key for fetching dependencies for #{slug} via #{login}"
           say "Uploading public key to GitHub."
           gh.post("/user/keys", :title => "#{description} (Travis CI)", :key => Tools::SSLKey.rsa_ssh(private_key.public_key))
@@ -75,7 +76,7 @@ module Travis
       end
       def remove_passphrase(value)
-        return unless Tools::SSLKey.has_passphrase? value
+        return value unless Tools::SSLKey.has_passphrase? value
         return Tools::SSLKey.remove_passphrase(value, passphrase) || error("wrong pass phrase") if passphrase
         error "Key is encrypted, but missing --passphrase option" unless interactive?
         say "The private key is protected by a pass phrase."

data/lib/travis/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Travis
-  VERSION = '1.7.0'
+  VERSION = '1.7.1'
 end

data/travis.gemspec CHANGED Viewed

@@ -2,7 +2,7 @@
 Gem::Specification.new do |s|
   # general infos
   s.name        = "travis"
-  s.version     = "1.7.0"
+  s.version     = "1.7.1"
   s.description = "CLI and Ruby client library for Travis CI"
   s.homepage    = "https://github.com/travis-ci/travis.rb"
   s.summary     = "Travis CI client"
@@ -19,8 +19,8 @@ Gem::Specification.new do |s|
     "Peter Souter",
     "Peter van Dijk",
     "Max Barnash",
-    "Mathias Meyer",
     "Carlos Palhares",
+    "Mathias Meyer",
     "Thais Camilo and Konstantin Haase",
     "Justin Lambert",
     "Adrien Brault",
@@ -29,6 +29,7 @@ Gem::Specification.new do |s|
     "Mario Visic",
     "Miro Hron\xC4\x8Dok",
     "Neamar",
+    "Nicolas Bessi (nbessi)",
     "Piotr Sarnacki",
     "Rapha\xC3\xABl Pinson",
     "Tobias Wilken",
@@ -55,8 +56,8 @@ Gem::Specification.new do |s|
     "p.morsou@gmail.com",
     "peter.van.dijk@netherlabs.nl",
     "i.am@anhero.ru",
-    "meyer@paperplanes.de",
     "me@xjunior.me",
+    "meyer@paperplanes.de",
     "dev+narwen+rkh@rkh.im",
     "jlambert@eml.cc",
     "adrien.brault@gmail.com",
@@ -65,6 +66,7 @@ Gem::Specification.new do |s|
     "mario@mariovisic.com",
     "miro@hroncok.cz",
     "neamar@neamar.fr",
+    "nbessi@users.noreply.github.com",
     "drogus@gmail.com",
     "raphael.pinson@camptocamp.com",
     "tw@cloudcontrol.de",
@@ -115,8 +117,6 @@ Gem::Specification.new do |s|
     "assets/travis.sh",
     "assets/travis.sh.erb",
     "bin/travis",
-    "examples/cli/encrypt_file.md",
-    "examples/cli/private_dependencies.md",
     "examples/org_overview.rb",
     "examples/pro_auth.rb",
     "examples/stream.rb",

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: travis
 version: !ruby/object:Gem::Version
-  version: 1.7.1.travis.613.5
+  version: 1.7.1
 platform: ruby
 authors:
 - Konstantin Haase
@@ -12,8 +12,8 @@ authors:
 - Peter Souter
 - Peter van Dijk
 - Max Barnash
-- Mathias Meyer
 - Carlos Palhares
+- Mathias Meyer
 - Thais Camilo and Konstantin Haase
 - Justin Lambert
 - Adrien Brault
@@ -22,6 +22,7 @@ authors:
 - Mario Visic
 - Miro Hrončok
 - Neamar
+- Nicolas Bessi (nbessi)
 - Piotr Sarnacki
 - Raphaël Pinson
 - Tobias Wilken
@@ -39,206 +40,206 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-08-05 00:00:00.000000000 Z
+date: 2014-08-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
 - !ruby/object:Gem::Dependency
   name: faraday_middleware
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.9.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.9.1
 - !ruby/object:Gem::Dependency
   name: highline
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.6'
 - !ruby/object:Gem::Dependency
   name: backports
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: gh
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.13'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.13'
 - !ruby/object:Gem::Dependency
   name: launchy
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.1'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - <
+    - - "<"
       - !ruby/object:Gem::Version
         version: '0.10'
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - <
+    - - "<"
       - !ruby/object:Gem::Version
         version: '0.10'
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
 - !ruby/object:Gem::Dependency
   name: typhoeus
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.6'
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.6.8
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.6'
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.6.8
 - !ruby/object:Gem::Dependency
   name: pusher-client
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.4'
 - !ruby/object:Gem::Dependency
   name: addressable
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.3'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.12'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.12'
 - !ruby/object:Gem::Dependency
   name: sinatra
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.6'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.6'
 description: CLI and Ruby client library for Travis CI
@@ -251,8 +252,8 @@ email:
 - p.morsou@gmail.com
 - peter.van.dijk@netherlabs.nl
 - i.am@anhero.ru
-- meyer@paperplanes.de
 - me@xjunior.me
+- meyer@paperplanes.de
 - dev+narwen+rkh@rkh.im
 - jlambert@eml.cc
 - adrien.brault@gmail.com
@@ -261,6 +262,7 @@ email:
 - mario@mariovisic.com
 - miro@hroncok.cz
 - neamar@neamar.fr
+- nbessi@users.noreply.github.com
 - drogus@gmail.com
 - raphael.pinson@camptocamp.com
 - tw@cloudcontrol.de
@@ -312,8 +314,6 @@ files:
 - assets/travis.sh
 - assets/travis.sh.erb
 - bin/travis
-- examples/cli/encrypt_file.md
-- examples/cli/private_dependencies.md
 - examples/org_overview.rb
 - examples/pro_auth.rb
 - examples/stream.rb
@@ -469,18 +469,19 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>'
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.3.0
+rubygems_version: 2.2.2
 signing_key:
 specification_version: 4
 summary: Travis CI client
 test_files: []
+has_rdoc:

data/examples/cli/encrypt_file.md DELETED Viewed

@@ -1,88 +0,0 @@
-##  Encrypt a file
-### Automated
-Assumptions:
-* The repository is set up on Travis CI
-* You have version **1.7.0** or later of the Travis CI Command Line Client installed and setup up (you are logged in)
-* You have a local copy of the repository and a terminal open where your current working directory is said copy
-* In the repository is a file, called super_secret.txt, that you need on Travis CI but you don't want to publish its content on GitHub.
-You can encrypt the file with the following command:
-``` console
-$ travis encrypt-file super_secret.txt --add
-encrypting bacon.txt for rkh/travis-encrypt-file-example
-storing result as super_secret.txt.enc
-storing secure env variables for decryption
-Make sure to add super_secret.txt.enc to the git repository.
-Make sure not to add super_secret.txt to the git repository.
-Commit all changes to your .travis.yml.
-```
-### Manually
-Assumptions:
-* The repository is set up on Travis CI
-* You have the recent version of the Travis CI Command Line Client installed and setup up (you are logged in)
-* You have a local copy of the repository and a terminal open where your current working directory is said copy
-* In the repository is a file, called super_secret.txt, that you need on Travis CI but you don't want to publish its content on GitHub.
-The file might be too large to encrypt it directly via the `travis encrypt` command. However, you can encrypt the file using a passphrase and then encrypt the passphrase. On Travis CI, you can use the passphrase to decrypt the file again.
-The set up process looks like this:
-1. **Come up with a password.** First, you need a password. We recommend generating a random password using a tool like pwgen or 1password. In our example we will use `ahduQu9ushou0Roh`.
-2. **Encrypt the password and add it to your .travis.yml.** Here we can use the `encrypt` command: `travis encrypt super_secret_password=ahduQu9ushou0Roh --add` - note that if you set this up multiple times for multiple files, you will have to use different variable names so the passwords don't override each other.
-3. **Encrypt the file locally.** Using a tool that you have installed locally and that is also installed on Travis CI (see below).
-4. **Set up decryption command.** You should add the command for decrypting the file to the `before_install` section of your `.travis.yml` (see below).
-Be sure to add `super_secret.txt` to your `.gitignore` list, and to commit both the encrypted file and your `.travis.yml` changes.
-#### Using GPG
-Set up:
-``` console
-$ travis encrypt super_secret_password=ahduQu9ushou0Roh --add
-$ gpg -c super_secret.txt
-(will prompt you for the password twice, use the same value as for super_secret_password above)
-```
-Contents of the `.travis.yml` (besides whatever else you might have in there):
-``` yaml
-env:
-  global:
-    secure: ... encoded secret ...
-before_install:
-  - echo $super_secret_password | gpg super_secret.txt.gpg
-````
-The encrypted file is called `super_secret.txt.gpg` and has to be committed to the repository.
-#### Using OpenSSL
-Set up:
-``` console
-$ travis encrypt super_secret_password=ahduQu9ushou0Roh --add
-$ openssl aes-256-cbc -k "ahduQu9ushou0Roh" -in super_secret.txt -out super_secret.txt.enc
-(keep in mind to replace the password with the proper value)
-```
-Contents of the `.travis.yml` (besides whatever else you might have in there):
-``` yaml
-env:
-  global:
-    secure: ... encoded secret ...
-before_install:
-  - openssl aes-256-cbc -k "$super_secret_password" -in super_secret.txt.enc -out super_secret.txt -d
-````
-The encrypted file is called `super_secret.txt.enc` and has to be committed to the repository.

data/examples/cli/private_dependencies.md DELETED Viewed

@@ -1,253 +0,0 @@
-## Private Dependencies
-When testing a private repository, you might need to pull in other private repositories as dependencies. Whether it's via [git submodules](http://git-scm.com/book/en/Git-Tools-Submodules), a custom script, or a dependency management tool, like [Bundler](http://bundler.io/) or [Composer](https://getcomposer.org/).
-If the dependency is also on GitHub, there are four different ways of being able to fetch the repository from within a Travis CI VM:
- Authentication                | Protocol | Gives access to              | Notes
--------------------------------|----------|------------------------------|--------------------------------------
- **[Deploy Key](#deploy-key)** | SSH      | single repository            | used by default for main repository
- **[User Key](#user-key)**     | SSH      | all repos user has access to | **recommended** for dependencies
- **[Password](#password)**     | HTTPS    | all repos user has access to | password can be encrypted
- **[API token](#api-token)**   | HTTPS    | all repos user has access to | token can be encrypted
-For the SSH protocol, dependency URLs need to have the format of `git@github.com/…` whereas for the HTTPS protocol, they need to start with `https://…`.
-You can use a [dedicated CI user account](#dedicated-user-account) for all but the deploy key approach. This will allow you to limit the access to a well defined list of repositories and read access only.
-### Deploy Key
-GitHub allows to set up read-only SSH keys for a repository. These deploy keys have some great advantages:
-* They are not bound to a user account, so they will not get invalidated by removing users from a repository.
-* They do not give access to other, unrelated repositories.
-* Deploy keys only have read access.
-* The same key can be used for dependencies not stored on GitHub.
-However, using deploy keys is complicated by the fact that GitHub does not allow you to reuse keys. So a single private key cannot access multiple GitHub repositories.
-You could include a different private key for every dependency in the repository, possibly [encrypting them](encrypt_file.md). Maintaining complex dependency graphs this way can be complex and hard to maintain. For that reason, we recommend using a [user key](#user-key) instead.
-### User Key
-You can add SSH keys to user accounts on GitHub. Most users have probably already done this to be able to clone the repositories locally.
-This way, a single key can access multiple repositories. To limit the list of repositories and type of access, it is recommended to create a [dedicated CI user account](#dedicated-user-account).
-#### Using an existing key
-Assumptions:
-* The repository you are running the builds for is called "myorg/main" and depends on "myorg/lib1" and "myorg/lib2".
-* You have a key already set up on your machine, for instance under `~/.ssh/id_rsa` (default on Unix systems).
-You can use the following command to add the key to Travis CI:
-``` console
-$ travis sshkey --upload ~/.ssh/id_rsa -r myorg/main
-Key description: Key to clone myorg/lib1 and myorg/lib2
-updating ssh key for myorg/main with key from ~/.ssh/id_rsa
-Current SSH key: Key to clone myorg/lib1 and myorg/lib2
-```
-You can omit the `-r myorg/main` if your current working directory is a clone of the "myorg/main" repository.
-#### Generating a new key
-Assumptions:
-* The repository you are running the builds for is called "myorg/main" and depends on "myorg/lib1" and "myorg/lib2".
-* You know the credentials for a user account that has at least read access to all three repositories.
-The `travis` command line tool can generate a new key for you and set it up on both Travis CI and GitHub. In order to do so, it will ask you for a GitHub user name and password This is very handy if you have just created a [dedicated user](#dedicated-user-account) or if you don't have a key set up on your machine that you want to use.
-The credentials will only be used to access GitHub and will not be stored or shared with any other service.
-``` console
-$ travis sshkey --generate -r myorg/main
-We need the GitHub login for the account you want to add the key to.
-This information will not be sent to Travis CI, only to api.github.com.
-The password will not be displayed.
-Username: ci-user
-Password for ci-user: **************
-Generating RSA key.
-Uploading public key to GitHub.
-Uploading private key to Travis CI.
-You can store the private key to reuse it for other repositories (travis sshkey --upload FILE).
-Store private key? |no|
-Current SSH key: key for fetching dependencies for myorg/main
-```
-You can omit the `-r myorg/main` if your current working directory is a clone of the "myorg/main" repository.
-At the end of the process, it will ask you whether you want to store the generated key somewhere, usually it is safe to say "no" here. After all, you can just generate a new key as necessary. See [below](#reusing-a-generated-key) for instructions on storing and reusing a generated key.
-#### Reusing a generated key
-Assumptions:
-* The repository you are running the builds for is called "myorg/main" and depends on "myorg/lib1" and "myorg/lib2".
-* You know the credentials for a user account that has at least read access to all three repositories.
-* You only want to generate a single key, so you can revoke it easily or use it for accessing other sourced for dependencies or deploy targets.
-This is absolutely optional, nothing keeps you from generating new keys for all the repositories you are testing.
-You follow the [steps above](#generating-a-new-key), but choose to store the key. It will ask you for a path to store it under.
-``` console
-$ travis sshkey --generate -r myorg/main --description "CI dependencies"
-We need the GitHub login for the account you want to add the key to.
-This information will not be sent to Travis CI, only to api.github.com.
-The password will not be displayed.
-Username: ci-user
-Password for ci-user: **************
-Generating RSA key.
-Uploading public key to GitHub.
-Uploading private key to Travis CI.
-You can store the private key to reuse it for other repositories (travis sshkey --upload FILE).
-Store private key? |no| yes
-Path: |id_travis_rsa| myorg_key
-Current SSH key: CI dependencies
-```
-And as always, you can omit the `-r myorg/main` if your current working directory is a clone of the "myorg/main" repository.
-You can then [upload](#using-an-existing-key) the key for myorg/main2:
-``` console
-$ travis sshkey --upload myorg_key -r myorg/main2 --description "CI dependencies"
-updating ssh key for myorg/main with key from myorg_key
-Current SSH key: CI dependencies
-```
-Starting with the 1.7.0 release of the `travis` command line tool, you are able to combine it with the `repos` command to set up the key not only for for "main" and "main2", but all repositories under the "myorg" organization.
-``` console
-$ travis repos --active --owner myorg --pro | xargs -I % travis sshkey --upload myorg_key -r % --description "CI dependencies"
-updating ssh key for myorg/main with key from myorg_key
-Current SSH key: CI dependencies
-updating ssh key for myorg/main2 with key from myorg_key
-Current SSH key: CI dependencies
-updating ssh key for myorg/lib1 with key from myorg_key
-Current SSH key: CI dependencies
-updating ssh key for myorg/lib2 with key from myorg_key
-Current SSH key: CI dependencies
-```
-### Password
-Assumptions:
-* The repository you are running the builds for is called "myorg/main" and depends on "myorg/lib1" and "myorg/lib2".
-* You know the credentials for a user account that has at least read access to all three repositories.
-* You have a clone of the repository locally and run commands from a terminal where the copy is the current working directory (this is needed to make `travis encrypt --add` work).
-To pull in dependencies with a password, you will have to use the user name and password in the Git HTTPS URL: `https://ci-user:mypassword123@github.com/myorg/lib1.git`.
-Alternatively, you can also write the credentials to the `~.netrc` file:
-``` netrc
-machine github.com
-  login ci-user
-  password mypassword123
-```
-You can also encrypt the password and then write it to the netrc in a `before_install` step in your `.travis.yml`.
-``` console
-$ travis encrypt CI_USER_PASSWORD=mypassword123 --add
-```
-``` yaml
-before_install:
-- echo "machine github.com\n  login ci-user\n  password $CI_USER_PASSWORD" >> ~/.netrc
-```
-It is also possible to inject the credentials into URLs, for instance, in a Gemfile, it would look like this:
-``` ruby
-source 'https://rubygems.org'
-gemspec
-if ENV['CI']
-  # use HTTPS with password on Travis CI
-  git_source :github do |repo_name|
-    repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?("/")
-    "https://ci-user:#{ENV.fetch("CI_USER_PASSWORD")}@github.com/#{repo_name}.git"
-  end
-end
-gem 'lib1', github: "myorg/lib1"
-gem 'lib2', github: "myorg/lib2"
-```
-### API token
-Assumptions:
-* The repository you are running the builds for is called "myorg/main" and depends on "myorg/lib1" and "myorg/lib2".
-* You know the credentials for a user account that has at least read access to all three repositories.
-* You have a clone of the repository locally and run commands from a terminal where the copy is the current working directory (this is needed to make `travis encrypt --add` work).
-This approach works just like the [password](#password) approach outlined above, except instead of the username/password pair, you use a GitHub API token.
-Under the GitHub account settings for the user you want to use, navigate to [Applications](https://github.com/settings/applications) and generate a "personal access tokens". Make sure the token has the "repo" scope.
-Your `~/.netrc` should look like this:
-``` netrc
-machine github.com
-  login the-generated-token
-```
-You can also use it in URLs directly: `https://the-generated-token@github.com/myorg/lib1.git`.
-Use the `encrypt` command to add the token to your `.travis.yml`.
-``` console
-$ travis encrypt CI_USER_TOKEN=the-generated-token --add
-```
-You can then have Travis CI write to the `~/.netrc` on every build.
-``` yaml
-before_install:
-- echo "machine github.com\n  login $CI_USER_TOKEN" >> ~/.netrc
-```
-It is also possible to inject the token into URLs, for instance, in a Gemfile, it would look like this:
-``` ruby
-source 'https://rubygems.org'
-gemspec
-if ENV['CI']
-  # use HTTPS with token on Travis CI
-  git_source :github do |repo_name|
-    repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?("/")
-    "https://#{ENV.fetch("CI_USER_TOKEN")}@github.com/#{repo_name}.git"
-  end
-end
-gem 'lib1', github: "myorg/lib1"
-gem 'lib2', github: "myorg/lib2"
-```
-### Dedicated User Account
-As mentioned a few times, it might make sense to create a dedicated CI user for the following reasons:
-* The CI user will only have access to the repositories you want it to have access to.
-* You can limit the access to read access.
-* Less risk when it comes to leaking keys or credentials.
-* The CI user will not leave the organization for non-technical reasons and accidentally break all your builds.
-In order to do so, you need to register on GitHub as if you would be signing up for a normal user (pro tip: try using incognito mode in your browser, so you don't have to sign out of your main account). Registering users cannot be automated, since that would violate the GitHub Terms of Service.