-
Notifications
You must be signed in to change notification settings - Fork 8
/
.travis.yml
202 lines (182 loc) · 10.4 KB
/
.travis.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
env:
global:
- secure: "bAGurDEeXbSdh+gynwitVCflqskLWYYYjLAV5BNsloU42HBlsoHNT+3keA4I8zVAxVJ3rgOE19RpzpWtPPOmlcC+5sdLEs8/iCvRsJIupcGArmTygH4MTsVElX2WTFkhsIQ7VwkL1P9fARvwwoA5599nl6N0zBNB43JnfqrPqonEUZV3R71hIgdngOA0I14lu5LtPVpKy8bKIifBWtCFlxJ1kAaM8iHd+tf58Nam+HwLQdrooaIdM2qGwcFeYVru5fo/e+yhBtOda2ir0qHlN65UPbzyI/a0/0mbfr55foU9ipSg/Wgj4kUjXgdGMYpppHenjXcg+mPrB7+Noa6yA8ktrbV9IrIZ0LczWxLRX3CZ72zIRGPeehAGNSk01H6FYJYy/uktF+5yofBM9U+9MNOfpZ3ykK6Vghb+oKy7DUDWy9xRyBPEGfoQyjeDfz0uIL2xractjtpsGnJ3o3ZcBoo05hUFIpf4+kLTGzHV1UQh7k8RM0Jze70vXt85y4E//z5SXwpvnTQVemGr0AJvh1QjoCeCT+3lUEADw1RYisVH57DfkH84ACHnK13iBIxAqX0+/HZ8CEFz77OgSYoy97AbjxZlY0NJNkQ3KrXEpQxtY8YAdypjHHCb9KABdqJHQ9iJiyAlDvjIbmdTcw66EzPoZJbV697XaKuIO1Qg67A="
- secure: "h7bpnn0bsoPtbvYf+UkAkElCfkcxP/WiE7hY6JpJBzf/NmpZs13VJe4D/r2O0RZWegI8BRst2Euy4+M98xj9jw8KtFGwgl/L9dnmpfq97CoadVdHRtf+ISqIPVjuWxWOXJWaTL9lUzWi17z/i0tdDN69KlkNLButvBNO8vSbx87+prDx43+GOwyWSLnxGMin/yDcDBsbtDv3+NCreFfFiTBOjiZbZkswPByWIEVX/xaE3+FLe482STbMPvCtDxfcYPAKiipP13ov/nx68R4JYyEWqvjvUDyLcYXmF+5aDGbYVTXu/lWsIhivEj4VzJbd8L0wNO7Yerdj5WB7JoS0AIYq/CCeJx36SxE+geJAJXZdrsle4i1UqRMdMzbKaHoaYMsTF8ERK+nXbmwlcys5kCvcfJ/TR7rJm37spTjKZMchFJGZgpMOdD5K/3xRsdAxwgQyVeIc4eih84ZXNDrFAJVJBE8UD7kGWTMboUskEsJiwvSdbSwYY/P1J4ryNGev8z2Mhp+pgFAgbG6ilIY9zj2Krj3DqvTy/R/4N9NKX4qnSg7R5Vw/5awSYp9Gs/VIlbCr1a48q9P4MC/DTCihPPeCYkfC3aJxkApY39MYvqbsR0NyR4cbv9qvxlA4k0uu7Y4pZRFyyILcmK6DwW6zVyBLsZwOui0SbOgIDJDADjk="
- secure: "HQzRtQYzkxvixl47Qh71w9sr0ppF1KGglxoARIi1ffUjZy5aITga0mwYalrzWou+kX6BLpPxIqC06rDE+02aAnWfjtQfjX8EosUMKMOw/2WxasM47Q/mgSm6OVll4L75fWxhBrJNUuNAAwor67iLHPJ/8VwEtSZzI9kostScmT4zeMEp5JRY7I6E9TFuuSZGp2XSza2kOmfngDY2PRhwJ8CQWEvYLuaAI0Q+AuwGjJ+YZNDg2viFX8wTdyOpspT8eEnpCKNRXkcm14GbGAgFaiupxthtJlDj/ccHh+ISrtbQF3Grh2PhYb8s8vDWVBsCVS840MjO2ngCspQVUNqLe/6vDRUCCOANqXIzvp2VCehizHIE9bqAlf+znyLuDVcaggUt/wkGf7wKKQeSJOOgWH58wejQvpGHpHowiL6deqRkPflEc4x87FHP0qjpOhrx64Req99s4+m2iqFcSocitBd0TvuXiHVL5aMpVD31xoDKXWV3ZpC3X77AlLNbhwzSKCMtiEn/RzBJIr4O/k3OVw+NnyI17OXhbLU4fCO3s7dcvri+oSJQk83l4AH0URPw1m3g+/QL4OZiYAcPdWcwa4I6mOqbp122O3a5kMeTRcNDbvzf8bL/LtR4NqNF9SMa0o2fjMJ8dNdxf9IWgdAuhc6q+G4/g+lxt4C57MGdQXg="
language: python
sudo: false
cache:
apt: true
directories:
- $HOME/.pip-cache
- $HOME/gpg_install_prefix
- $HOME/.cache/pip
- $HOME/download
python:
- "2.7"
- "3.5"
- "3.6"
- "3.7"
- "3.8"
#
before_install:
- pip install pip -U
- pip install -r requirements.txt -U
install:
- |
MB_PYTHON_TAG="py2.py3-none-any"
VERSION=$(python -c "import setup; print(setup.VERSION)")
echo "VERSION = $VERSION"
echo "MB_PYTHON_TAG = $MB_PYTHON_TAG"
- |
python setup.py bdist_wheel --universal
- |
BDIST_WHEEL_PATH=$(ls dist/*-$VERSION-$MB_PYTHON_TAG*.whl)
echo "BDIST_WHEEL_PATH = $BDIST_WHEEL_PATH"
- pip install $BDIST_WHEEL_PATH
script:
- travis_wait ./run_tests.py
after_success:
- codecov
- gpg --version
- gpg2 --version
- export GPG_EXECUTABLE=gpg2
- openssl version
- |
__heredoc__='''
# Load or generate secrets
source $(secret_loader.sh)
echo $TWINE_USERNAME
echo $TWINE_PASSWORD
echo $CI_GITHUB_SECRET
# encrypt relevant travis variables
travis encrypt TWINE_USERNAME=$TWINE_USERNAME
travis encrypt TWINE_PASSWORD=$TWINE_PASSWORD
travis encrypt CI_GITHUB_SECRET=$CI_GITHUB_SECRET
# HOW TO ENCRYPT YOUR SECRET GPG KEY
IDENTIFIER="travis-ci-Erotemic"
KEYID=$(gpg --list-keys --keyid-format LONG "$IDENTIFIER" | head -n 2 | tail -n 1 | awk '{print $1}' | tail -c 9)
echo "KEYID = $KEYID"
# Export plaintext gpg public keys, private keys, and trust info
mkdir -p dev
gpg --armor --export-secret-keys $KEYID > dev/travis_secret_gpg_key.pgp
gpg --armor --export $KEYID > dev/travis_public_gpg_key.pgp
gpg --export-ownertrust > dev/gpg_owner_trust
# Encrypt gpg keys and trust with travis secret
TSP=$CI_GITHUB_SECRET openssl enc -aes-256-cbc -md MD5 -pass env:TSP -e -a -in dev/travis_public_gpg_key.pgp > dev/travis_public_gpg_key.pgp.enc
TSP=$CI_GITHUB_SECRET openssl enc -aes-256-cbc -md MD5 -pass env:TSP -e -a -in dev/travis_secret_gpg_key.pgp > dev/travis_secret_gpg_key.pgp.enc
TSP=$CI_GITHUB_SECRET openssl enc -aes-256-cbc -md MD5 -pass env:TSP -e -a -in dev/gpg_owner_trust > dev/gpg_owner_trust.enc
echo $KEYID > dev/public_gpg_key
source $(secret_unloader.sh)
# Look at what we did, clean up, and add it to git
ls dev/*.enc
rm dev/gpg_owner_trust dev/*.pgp
git status
git add dev/*.enc
git add dev/public_gpg_key
''' # <hack vim "regex" parser> '
- |
# Install a more recent version of GPG
# https://gnupg.org/download/
export GPG_INSTALL_PREFIX=$HOME/gpg_install_prefix
export LD_LIBRARY_PATH=$GPG_INSTALL_PREFIX/lib:$LD_LIBRARY_PATH
export PATH=$GPG_INSTALL_PREFIX/bin:$PATH
export CPATH=$GPG_INSTALL_PREFIX/include:$CPATH
export GPG_EXECUTABLE=$GPG_INSTALL_PREFIX/bin/gpg
ls $GPG_INSTALL_PREFIX
ls $GPG_INSTALL_PREFIX/bin || echo "no bin"
if [[ ! -f "$GPG_INSTALL_PREFIX/bin/gpg" ]]; then
# try and have travis cache this
mkdir -p $GPG_INSTALL_PREFIX
echo $GPG_INSTALL_PREFIX
OLD=$(pwd)
cd $GPG_INSTALL_PREFIX
pip install ubelt
ERROR_FPATH=$(python -c "import ubelt as ub; print(ub.grabdata(
'https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.36.tar.bz2',
hash_prefix='6e5f853f77dc04f0091d94b224cab8e669042450f271b78d0ea0219',
dpath=ub.ensuredir('$HOME/.pip-cache'), verbose=0))")
GCRYPT_FPATH=$(python -c "import ubelt as ub; print(ub.grabdata(
'https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.5.tar.bz2',
hash_prefix='b55e16e838d1b1208e7673366971ae7c0f9c1c79e042f41c03d1',
dpath=ub.ensuredir('$HOME/.pip-cache'), verbose=0))")
KSBA_CRYPT_FPATH=$(python -c "import ubelt as ub; print(ub.grabdata(
'https://gnupg.org/ftp/gcrypt/libksba/libksba-1.3.5.tar.bz2',
hash_prefix='60179bfd109b7b4fd8d2b30a3216540f03f5a13620d9a5b63f1f95',
dpath=ub.ensuredir('$HOME/.pip-cache'), verbose=0))")
ASSUAN_FPATH=$(python -c "import ubelt as ub; print(ub.grabdata(
'https://gnupg.org/ftp/gcrypt/libassuan/libassuan-2.5.3.tar.bz2',
hash_prefix='e7ccb651ea75b07b2e687d48d86d0ab83cba8e2af7f30da2aec',
dpath=ub.ensuredir('$HOME/.pip-cache'), verbose=0))")
NTBLTLS_FPATH=$(python -c "import ubelt as ub; print(ub.grabdata(
'https://gnupg.org/ftp/gcrypt/ntbtls/ntbtls-0.1.2.tar.bz2',
hash_prefix='54468208359dc88155b14cba37773984d7d6f0f37c7a4ce13868d',
dpath=ub.ensuredir('$HOME/.pip-cache'), verbose=0))")
NPTH_FPATH=$(python -c "import ubelt as ub; print(ub.grabdata(
'https://gnupg.org/ftp/gcrypt/npth/npth-1.6.tar.bz2',
hash_prefix='2ed1012e14a9d10665420b9a23628be7e206fd9348111ec751349b',
dpath=ub.ensuredir('$HOME/.pip-cache'), verbose=0))")
GPG_FPATH=$(python -c "import ubelt as ub; print(ub.grabdata(
'https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.17.tar.bz2',
hash_prefix='a3cd094addac62b4b4ec1683005a2bec761ea2aacf6daf904316b',
dpath=ub.ensuredir('$HOME/.pip-cache'), verbose=0))")
tar xjf $ERROR_FPATH
tar xjf $GCRYPT_FPATH
tar xjf $KSBA_CRYPT_FPATH
tar xjf $ASSUAN_FPATH
tar xjf $NTBLTLS_FPATH
tar xjf $NPTH_FPATH
tar xjf $GPG_FPATH
(cd libgpg-error-1.36 && ./configure --prefix=$GPG_INSTALL_PREFIX && make install)
(cd libgcrypt-1.8.5 && ./configure --prefix=$GPG_INSTALL_PREFIX && make install)
(cd libksba-1.3.5 && ./configure --prefix=$GPG_INSTALL_PREFIX && make install)
(cd libassuan-2.5.3 && ./configure --prefix=$GPG_INSTALL_PREFIX && make install)
(cd ntbtls-0.1.2 && ./configure --prefix=$GPG_INSTALL_PREFIX && make install)
(cd npth-1.6 && ./configure --prefix=$GPG_INSTALL_PREFIX && make install)
(cd gnupg-2.2.17 && ./configure --prefix=$GPG_INSTALL_PREFIX && make install)
echo "GPG_EXECUTABLE = '$GPG_EXECUTABLE'"
cd $OLD
fi
# Decrypt and import GPG Keys / trust
- $GPG_EXECUTABLE --version
- openssl version
- $GPG_EXECUTABLE --list-keys
- TSP=$CI_GITHUB_SECRET openssl enc -aes-256-cbc -md MD5 -pass env:TSP -d -a -in dev/travis_public_gpg_key.pgp.enc | $GPG_EXECUTABLE --import
- TSP=$CI_GITHUB_SECRET openssl enc -aes-256-cbc -md MD5 -pass env:TSP -d -a -in dev/gpg_owner_trust.enc | $GPG_EXECUTABLE --import-ownertrust
- TSP=$CI_GITHUB_SECRET openssl enc -aes-256-cbc -md MD5 -pass env:TSP -d -a -in dev/travis_secret_gpg_key.pgp.enc | $GPG_EXECUTABLE --import
- $GPG_EXECUTABLE --list-keys
- MB_PYTHON_TAG=$(python -c "import setup; print(setup.MB_PYTHON_TAG)")
- VERSION=$(python -c "import setup; print(setup.VERSION)")
- |
pip install twine
if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then
pip install six pyopenssl ndg-httpsclient pyasn1 -U --user
pip install requests[security] twine --user
elfi
if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then
pip install six twine
pip install --upgrade pyOpenSSL
fi
# Package and publish to pypi (if on release)
# Package and publish to pypi (if on release)
- |
echo "TRAVIS_BRANCH = $TRAVIS_BRANCH"
KEYID=$(cat dev/public_gpg_key)
echo "KEYID = '$KEYID'"
if [[ "$TRAVIS_BRANCH" == "release" ]]; then
# use set +x to log all intermediate commands
export CURRENT_BRANCH=$TRAVIS_BRANCH
TAG_AND_UPLOAD=yes
else
TAG_AND_UPLOAD=no
fi
MB_PYTHON_TAG=$MB_PYTHON_TAG \
USE_GPG=True \
GPG_KEYID=$KEYID \
CURRENT_BRANCH=$TRAVIS_BRANCH \
TWINE_PASSWORD=$TWINE_PASSWORD \
TWINE_USERNAME=$TWINE_USERNAME \
GPG_EXECUTABLE=$GPG_EXECUTABLE \
DEPLOY_BRANCH=release \
TAG_AND_UPLOAD=$TAG_AND_UPLOAD \
./publish.sh