How to publish artifacts in Travis CI?
I would like to use Travis CI for my open-source project. The issue that Travis doesn't provide any ways to publish produced artifacts (though, they have this in their future plans).
What are workarounds to publish/upload artifacts somewhere? I'm allowed to execute any scripts on a CI machine.
Simple upload will work, but there is security issue: anyone will be able to upload something in the same way as all sources are public.
Solution 1:
GitHub releases step-by-step
The method was mentioned at https://stackoverflow.com/a/24100779/895245, and is poorly documented at: https://docs.travis-ci.com/user/deployment/releases/ , so here goes a more detailed step-by-step.
It uploads artifacts to GitHub releases https://github.com/<username>/<repo>/releases
which exist for every Git tag you push.
-
Get a Personal Access Token under https://github.com/settings/tokens
Only enable "public_repo" access for public repositories, "repo" for private.
Save the token somewhere as you can only see it once.
-
Install the
travis
gem:gem install travis # See: https://stackoverflow.com/a/33119804/895245 gem update --system
Then
cd
into your repository and:travis encrypt <api-token>
but more recently people have reported that
travis encrypt -r githubusername/repositoryname --org
is needed instead, see: https://github.com/travis-ci/travis-ci/issues/8128This will produce an output like:
secure: "<encrypted-token>"
Note down the large encrypted token.
-
Use a
.travis.yml
as follows:script: # This command generates a release.zip file. - make dist deploy: provider: releases api_key: secure: "<encrypted-token>" file: 'release.zip' skip_cleanup: true on: tags
What happens is that Travis replaces every
something: secure: <encrypted-string>
with justsomething: <decrypted-string>
as explained at: http://docs.travis-ci.com/user/encryption-keys/This is safe because only authorized pushes by you can decrypt the string, so if a malicious user tries to make a pull request to get your string, it would should just show the encrypted string.
Now whenever you push a commit with a tag, Travis will upload
release.zip
to the release:git commit -m 1.0 git tag -m 1.0 1.0 git push --tags
If you had already pushed the commit and the tag after, you might have to click the "Restart build" button on the Travis UI for it to upload.
https://stackoverflow.com/a/38037626/895245 has some screenshots of the process.
Alternative method: environment variable
-
Instead of an encrypted string, we could also use a hidden environment variable.
On the Travis settings for the repository
https://travis-ci.org/<me>/<myrepo>/settings
create an environment variable:GITHUB_API_KEY=<token>
and make sure to mark "Display value in build log" as "Off", and use:
api_key: '$GITHUB_API_KEY'
While this will not show on logs for pull requests, this method is riskier, as you could my mistake list the environment of a build.
The upside is that this method is simpler to understand.
A simple example of mine that uploads images generated from Gnuplot to GitHub releases:
- https://github.com/cirosantilli/gnuplot-examples/blob/b76d5a7c7aa2af973accdc9639220df74c36285e/.travis.yml#L23
- https://github.com/cirosantilli/gnuplot-cheat/releases
Question about GitHub Pages deployment: How to publish to Github Pages from Travis CI?
Solution 2:
The "github releases uploading" feature is announced recently. It officially supports everything that is needed. See http://docs.travis-ci.com/user/deployment/releases/