How to publish artifacts in Travis CI?

I would like to use Travis CI for my open-source project. The issue that Travis doesn't provide any ways to publish produced artifacts (though, they have this in their future plans).

What are workarounds to publish/upload artifacts somewhere? I'm allowed to execute any scripts on a CI machine.

Simple upload will work, but there is security issue: anyone will be able to upload something in the same way as all sources are public.


Solution 1:

GitHub releases step-by-step

The method was mentioned at https://stackoverflow.com/a/24100779/895245, and is poorly documented at: https://docs.travis-ci.com/user/deployment/releases/ , so here goes a more detailed step-by-step.

It uploads artifacts to GitHub releases https://github.com/<username>/<repo>/releases which exist for every Git tag you push.

  1. Get a Personal Access Token under https://github.com/settings/tokens

    Only enable "public_repo" access for public repositories, "repo" for private.

    Save the token somewhere as you can only see it once.

  2. Install the travis gem:

    gem install travis
    # See: https://stackoverflow.com/a/33119804/895245
    gem update --system
    

    Then cd into your repository and:

    travis encrypt <api-token>
    

    but more recently people have reported that travis encrypt -r githubusername/repositoryname --org is needed instead, see: https://github.com/travis-ci/travis-ci/issues/8128

    This will produce an output like:

    secure: "<encrypted-token>"
    

    Note down the large encrypted token.

  3. Use a .travis.yml as follows:

    script:
      # This command generates a release.zip file.
      - make dist
    deploy:
      provider: releases
      api_key:
        secure: "<encrypted-token>"
      file: 'release.zip'
      skip_cleanup: true
      on:
        tags
    

    What happens is that Travis replaces every something: secure: <encrypted-string> with just something: <decrypted-string> as explained at: http://docs.travis-ci.com/user/encryption-keys/

    This is safe because only authorized pushes by you can decrypt the string, so if a malicious user tries to make a pull request to get your string, it would should just show the encrypted string.

    Now whenever you push a commit with a tag, Travis will upload release.zip to the release:

    git commit -m 1.0
    git tag -m 1.0 1.0
    git push --tags
    

    If you had already pushed the commit and the tag after, you might have to click the "Restart build" button on the Travis UI for it to upload.

https://stackoverflow.com/a/38037626/895245 has some screenshots of the process.

Alternative method: environment variable

  1. Instead of an encrypted string, we could also use a hidden environment variable.

    On the Travis settings for the repository https://travis-ci.org/<me>/<myrepo>/settings create an environment variable:

    GITHUB_API_KEY=<token>
    

    and make sure to mark "Display value in build log" as "Off", and use:

    api_key: '$GITHUB_API_KEY'
    

    While this will not show on logs for pull requests, this method is riskier, as you could my mistake list the environment of a build.

    The upside is that this method is simpler to understand.

A simple example of mine that uploads images generated from Gnuplot to GitHub releases:

  • https://github.com/cirosantilli/gnuplot-examples/blob/b76d5a7c7aa2af973accdc9639220df74c36285e/.travis.yml#L23
  • https://github.com/cirosantilli/gnuplot-cheat/releases

Question about GitHub Pages deployment: How to publish to Github Pages from Travis CI?

Solution 2:

The "github releases uploading" feature is announced recently. It officially supports everything that is needed. See http://docs.travis-ci.com/user/deployment/releases/