-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathtravis-encrypt
executable file
·115 lines (102 loc) · 3.13 KB
/
travis-encrypt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
#!/usr/bin/env bash
set -euo pipefail
YP_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." >/dev/null && pwd)"
source ${YP_DIR}/sh/common.inc.sh
#- travis-encrypt 1.0
## Usage: travis-encrypt [OPTION]
## Encrypt value for the current github repo with its Travis CI public key.
##
## --value Value to encrypt. Can be "<key>=<value>" too
## --porcelain Output only the encrypted value, without any helper text
## --show-key Show the Tracis CI public key
## --org Use travis-ci.org (if you have not migrated a public repository yet)
##
## -h, --help Display this help and exit
## -v, --version Output version information and exit
# Refs:
# https://github.com/slodki/travis-encrypt-cli
# https://github.com/dlenski/travis-encrypt-sh
TRAVIS_DOMAIN=travis-ci.com
USERREPO=$(git config --local travis.slug 2>/dev/null)
[[ -n "${USERREPO}" ]] || \
USERREPO=$(git remote -v 2>/dev/null | grep -oP "(?<=github.com.).+" | grep -oP ".+(?= \(fetch\))" | head -n1 | sed "s/.git$//")
VALUE=
PORCELAIN=false
SHOW_KEY=false
if { getopt --test >/dev/null 2>&1 && false; } || [[ "$?" = "4" ]] || false; then
ARGS=$(getopt -o hv -l help,version,value:,porcelain,show-key,org,com,pro -n $(basename ${BASH_SOURCE[0]}) -- "$@") || sh_script_usage # editorconfig-checker-disable-line
eval set -- "${ARGS}"
fi
while [[ $# -gt 0 ]]; do
case "$1" in
--value)
VALUE="$2"
shift 2
;;
--porcelain)
PORCELAIN=true
shift
;;
--show-key)
SHOW_KEY=true
shift
;;
--org)
TRAVIS_DOMAIN=travis-ci.org
shift
;;
--com,--pro)
# ignore
shift
;;
-h|--help)
sh_script_usage
;;
-v|--version)
sh_script_version
;;
--)
shift
break
;;
-*)
sh_script_usage
;;
*)
break
;;
esac
done
[[ $# -eq 0 ]] || sh_script_usage
[[ -n "${VALUE}" ]] || {
echo_err "Please provide a --value."
exit 1
}
[[ ${SHOW_KEY} = false ]] || {
[[ ${PORCELAIN} = false ]] || {
echo_err "Cannot show key in porcelain mode."
exit 1
}
}
KEY_URL="https://api.${TRAVIS_DOMAIN}/repos/${USERREPO}/key"
KEY_RE='"key":"([^"]+)"'
[[ "$(curl -qfsSL "${KEY_URL}" 2>/dev/null || echo 'not found')" =~ ${KEY_RE} ]]
KEY="${BASH_REMATCH[1]//RSA PUBLIC KEY/PUBLIC KEY}"
if [[ "${KEY}" =~ not\ found ]]; then
echo_err "Key not found at ${KEY_URL}."
echo_info "Use official Travis CI client for private repos:"
echo_info "e.g. <travis encrypt \"value\"> instead of <travis-encrypt --value \"value\">."
exit 1
fi
[[ ${PORCELAIN} = true ]] || {
[[ ${SHOW_KEY} = false ]] || echo -e "${KEY}"
echo "Detected repository as ${USERREPO}."
echo "Please add the following to your .travis.yml file:"
echo
echo -n "secure: \""
}
echo -n "${VALUE}" | openssl rsautl -encrypt -pubin -inkey <(echo -e "${KEY}") | openssl base64 -A
[[ ${PORCELAIN} = true ]] || {
echo -n "\""
echo
}