diff --git a/.travis.yml b/.travis.yml index c37a04c2..5633424f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,23 +2,21 @@ language: scala env: global: - - PUBLISH_JDK=openjdk6 # admin/build.sh only publishes when running on this jdk -# Don't commit sensitive files, instead commit a version encrypted with $SECRET, -# this environment variable is encrypted with this repo's private key and stored below: -# (See http://docs.travis-ci.com/user/environment-variables/#Secure-Variables.) - - secure: ZEAhn8ozGqcQxvJD7/G3ifou2Vl7OkNzUXM15aKy0FbqLMOzsx3hAKsWEM6e/6d/7phDkiZisers+HOlt3nLwu75M3QLGm5lo4moJJJyx17omlrBQ7+M/hu3ZxqNRCE8oNI41V3pc+ZJQsY1qA7at4NPJbnAXx9sUUO2lGmc4xI= + - PUBLISH_JDK=openjdk6 + # PGP_PASSPHRASE + - secure: "SkBtn/6OjEldoikn0MFuyeLT/pau27kwKSDYTVQeJ4BKDzdWLwLE5Q3RukLGttIfNdhOvRoocpQSW9GkZfibTHmwrRnAokucfZCqTsKbwoOp1xIoOh5GrrVrB6gcP7WBTKinqFdBgSvLOrP7GviImz4ZuB9wq1r+mToGG4pDrXc=" + # SONA_USER + - secure: "JSv/Er6q1XtTpRH1bpU63YBf7ufwg0vW+Kv/udQBtr8YX/P3gRYC1x6hW4uwftaKMYh7wXDkfNy51SRpH3kUptdJvjPUifVElyPiYlsumetmD+rZJmxX6agx+U5pdjIXPqPoton9MdSVHNTROeTu339bDak0Z+N5ht5wRfjP7F4=" + # SONA_PASS + - secure: "OIVtcj7AHZr8Grpf03ZmZsygcADewiYIvSnRwLYCx+5AqOzs39EZ68DsIOxi7wEXVUbVj5RvLXpKzLX3iN+UszLOQRoFPFQyyn+3Y50f8T2aRxdZtInzXn0sCVTj4Hhd/zbKl1W+2Nh3Sqazab7tFoQVzEyYqhcPeiNRMF7h+aY=" + +script: admin/build.sh -script: - - admin/build.sh -scala: - - 2.11.6 jdk: - openjdk6 - openjdk7 + notifications: email: - adriaan.moors@typesafe.com - antoine@gourlay.fr - -# if we get weird timeouts, see https://github.com/spray/spray/pull/233 -# 'set concurrentRestrictions in Global += Tags.limit(Tags.Test, 1)' diff --git a/admin/README.md b/admin/README.md new file mode 100644 index 00000000..55ae9c8a --- /dev/null +++ b/admin/README.md @@ -0,0 +1,61 @@ +## Tag Driven Releasing + +Copied from https://github.com/scala/scala-java8-compat/commit/4a6cfc97cd95227b86650410e1b632e5ff79335b. + +### Background Reading + + - http://docs.travis-ci.com/user/environment-variables/ + - http://docs.travis-ci.com/user/encryption-keys/ + - http://docs.travis-ci.com/user/encrypting-files/ + +### Initial setup for the repository + +To configure tag driven releases from Travis CI. + + 1. Generate a key pair for this repository with `./admin/genKeyPair.sh`. + Edit `.travis.yml` and `admin/build.sh` as prompted. + 2. Publish the public key to https://pgp.mit.edu + 3. Store other secrets as encrypted environment variables with `admin/encryptEnvVars.sh`. + Edit `.travis.yml` as prompted. + 4. Edit `.travis.yml` to use `./admin/build.sh` as the build script, + and edit that script to use the tasks required for this project. + 5. Edit `.travis.yml` to select which JDK will be used for publishing. + +It is important to add comments in .travis.yml to identify the name +of each environment variable encoded in a `:secure` section. + +After all of these steps, your .travis.yml should contain config of the +form: + + language: scala + env: + global: + - PUBLISH_JDK=openjdk6 + # PGP_PASSPHRASE + - secure: "XXXXXX" + # SONA_USER + - secure: "XXXXXX" + # SONA_PASS + - secure: "XXXXXX" + script: admin/build.sh + +If Sonatype credentials change in the future, step 3 can be repeated +without generating a new key. + +Be sure to use SBT 0.13.7 or higher to avoid [#1430](https://github.com/sbt/sbt/issues/1430)! + +### Testing + + 1. Follow the release process below to create a dummy release (e.g. 0.1.0-TEST1). + Confirm that the release was staged to Sonatype but do not release it to Maven + central. Instead, drop the staging repository. + +### Performing a release + + 1. Create a GitHub "Release" (with a corresponding tag) via the GitHub + web interface. + 2. Travis CI will schedule a build for this release. Review the build logs. + 3. Log into https://oss.sonatype.org/ and identify the staging repository. + 4. Sanity check its contents + 5. Release staging repository to Maven and send out release announcement. + diff --git a/admin/build.sh b/admin/build.sh index 3c7f4b6c..ddd6d5e0 100755 --- a/admin/build.sh +++ b/admin/build.sh @@ -1,5 +1,7 @@ #!/bin/bash +set -e + # prep environment for publish to sonatype staging if the HEAD commit is tagged # git on travis does not fetch tags, but we have TRAVIS_TAG @@ -9,11 +11,15 @@ if [ "$TRAVIS_JDK_VERSION" == "$PUBLISH_JDK" ] && [[ "$TRAVIS_TAG" =~ ^v[0-9]+\. echo "Going to release from tag $TRAVIS_TAG!" myVer=$(echo $TRAVIS_TAG | sed -e s/^v//) publishVersion='set every version := "'$myVer'"' - extraTarget="publish-signed" - + extraTarget="+publish-signed" cat admin/gpg.sbt >> project/plugins.sbt - admin/decrypt.sh sensitive.sbt - (cd admin/ && ./decrypt.sh secring.asc) + cp admin/publish-settings.sbt . + + # Copied from the output of genKeyPair.sh + K=$encrypted_5e972ec514e2_key + IV=$encrypted_5e972ec514e2_iv + + openssl aes-256-cbc -K $K -iv $IV -in admin/secring.asc.enc -out admin/secring.asc -d fi -sbt ++$TRAVIS_SCALA_VERSION "$publishVersion" clean update compile test $extraTarget \ No newline at end of file +sbt "$publishVersion" clean update +test +publishLocal $extraTarget diff --git a/admin/decrypt.sh b/admin/decrypt.sh deleted file mode 100755 index 3c3c602f..00000000 --- a/admin/decrypt.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -openssl aes-256-cbc -pass "pass:$SECRET" -in $1.enc -out $1 -d -a \ No newline at end of file diff --git a/admin/encrypt.sh b/admin/encrypt.sh deleted file mode 100755 index 4bf6c932..00000000 --- a/admin/encrypt.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -openssl aes-256-cbc -pass "pass:$SECRET" -in $1 -out $1.enc -a \ No newline at end of file diff --git a/admin/encryptAll.sh b/admin/encryptAll.sh deleted file mode 100755 index de7016b7..00000000 --- a/admin/encryptAll.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -# Based on https://gist.github.com/kzap/5819745: - -echo "This will encrypt the cleartext sensitive.sbt and admin/secring.asc, while making the encrypted versions available for decryption on Travis." -echo "Update your .travis.yml as directed, and delete the cleartext versions." -echo "Press enter to continue." -read - -# 1. create a secret, put it in an environment variable while encrypting files -- UNSET IT AFTER -export SECRET=$(cat /dev/urandom | head -c 10000 | openssl sha1) - -# 2. add the "secure: ..." line under the env section -- generate it with `` (install the travis gem first) -travis encrypt SECRET=$SECRET - -admin/encrypt.sh admin/secring.asc -admin/encrypt.sh sensitive.sbt - -echo "Remember to rm sensitive.sbt admin/secring.asc -- once you do, they cannot be recovered (except on Travis)!" \ No newline at end of file diff --git a/admin/encryptEnvVars.sh b/admin/encryptEnvVars.sh new file mode 100755 index 00000000..b6256679 --- /dev/null +++ b/admin/encryptEnvVars.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# +# Encrypt sonatype credentials so that they can be +# decrypted in trusted builds on Travis CI. +# +set -e + +read -s -p 'SONA_USER: ' SONA_USER +travis encrypt SONA_USER="$SONA_USER" +read -s -p 'SONA_PASS: ' SONA_PASS +travis encrypt SONA_PASS="$SONA_PASS" diff --git a/admin/genKeyPair.sh b/admin/genKeyPair.sh new file mode 100755 index 00000000..17db3f39 --- /dev/null +++ b/admin/genKeyPair.sh @@ -0,0 +1,41 @@ +#!/bin/bash +# +# Generates a key pair for this repository to sign artifacts. +# Encrypt the private key and its passphrase in trusted builds +# on Travis CI. +# +set -e + +# Based on https://gist.github.com/kzap/5819745: +function promptDelete() { + if [[ -f "$1" ]]; then + echo About to delete $1, Enter for okay / CTRL-C to cancel + read + rm "$1" + fi +} +for f in admin/secring.asc.enc admin/secring.asc admin/pubring.asc; do promptDelete "$f"; done + +echo Generating key pair. Please enter 1. repo name 2. scala-internals@googlegroups.com, 3. a new passphrase +echo Be careful when using special characters in the passphrase, see http://docs.travis-ci.com/user/encryption-keys/#Note-on-escaping-certain-symbols +cp admin/gpg.sbt project +sbt 'set pgpReadOnly := false' \ + 'set pgpPublicRing := file("admin/pubring.asc")' \ + 'set pgpSecretRing := file("admin/secring.asc")' \ + 'pgp-cmd gen-key' +rm project/gpg.sbt + +echo ============================================================================================ +echo Encrypting admin/secring.asc. Update K and IV variables in admin/build.sh accordingly. +echo ============================================================================================ +travis encrypt-file admin/secring.asc +rm admin/secring.asc +mv secring.asc.enc admin + +echo ============================================================================================ +echo Encrypting environment variables. Add each to a line in .travis.yml. Include a comment +echo with the name of the corresponding variable +echo ============================================================================================ +read -s -p 'PGP_PASSPHRASE: ' PGP_PASSPHRASE +travis encrypt PGP_PASSPHRASE="$PGP_PASSPHRASE" + diff --git a/admin/gpg.sbt b/admin/gpg.sbt index 6ec4213e..68ae4641 100644 --- a/admin/gpg.sbt +++ b/admin/gpg.sbt @@ -1,21 +1,2 @@ -// only added when publishing: -addSbtPlugin("com.typesafe.sbt" % "sbt-pgp" % "0.8.3") -/* There's a companion sensitive.sbt, which was created like this: - -1. in an sbt shell when sbt-gpg is loaded, create pgp key in admin/: - - set pgpReadOnly := false - pgp-cmd gen-key // use $passPhrase - pgp-cmd send-key hkp://keyserver.ubuntu.com - -2. create sensitive.sbt with contents: - -pgpPassphrase := Some($passPhrase.toArray) - -pgpPublicRing := file("admin/pubring.asc") - -pgpSecretRing := file("admin/secring.asc") - -credentials += Credentials("Sonatype Nexus Repository Manager", "oss.sonatype.org", $sonaUser, $sonaPass) -*/ +addSbtPlugin("com.typesafe.sbt" % "sbt-pgp" % "0.8.3") // only added when publishing, see build.sh diff --git a/admin/publish-settings.sbt b/admin/publish-settings.sbt new file mode 100644 index 00000000..f763ea06 --- /dev/null +++ b/admin/publish-settings.sbt @@ -0,0 +1,9 @@ +def env(key: String) = Option(System.getenv(key)).getOrElse("") + +pgpPassphrase := Some(env("PGP_PASSPHRASE").toArray) + +pgpPublicRing := file("admin/pubring.asc") + +pgpSecretRing := file("admin/secring.asc") + +credentials += Credentials("Sonatype Nexus Repository Manager", "oss.sonatype.org", env("SONA_USER"), env("SONA_PASS")) diff --git a/admin/pubring.asc b/admin/pubring.asc index b750e6f9..f6c13e89 100644 --- a/admin/pubring.asc +++ b/admin/pubring.asc @@ -1,18 +1,18 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- Version: BCPG v1.49 -mQENBFSAu20BCACAHC5KEbSM7Dm9+ksU12Y7TIP4rLLg94e/jF29WFNnH8P4rTv/ -8WNX0OF9gNW5Ltj7IzGGkzLX3HjrEKA7SEaFyTqoCQ+FIlqNNYt8YCScMyTSfYbQ -8GOEBUEcS8HPpZoudX7T1IYIAApl46kD0H4zzPPz2QHu51uj4jyjnIGRcDmHat3q -dIeBzdnGinRFY+h/b4elKI0uEAFe/WmrMb9GpUaparkbNwutwof+7gIs5N7wyamg -tErARSBgs00JJtgh+lyRv7y6T9OkL8p8nylxRGjIpUM3cICBZLTg/mA1+FPvQzFm -AvYQ3cLWeFLobIVjuKSxWKwybdxR6ikCZd/LABEBAAG0O3NjYWxhLXBhcnNlci1j +mQENBFVQwAoBCACr9atY5vDPbvYEMO8D4OvBz/YTP/tr43S/ibYIL2SAAZXvoVht +5BRAw063HqeM74U58isdbrt33VfmmJSJ0lVJX3iJ6dJeRO66az4aiqUckDP1JyVx +S3PJc402PcnF2Is849DHJF8AutIiAVnXa+gD5j/BShA6UZek9LqM9SRIl0SwE4Xo +WfMGdfvgQFl2vKJohrUbpKIYnhPa4HEu9FUFjVWn4iemeUVZ5OWzfEWNymrWDdLC +q5j1YMfjVvrtT3DhQD+HnDM4l5FNFxl7DHJkeMZZl+pp6RxS++m+/xMK5WmGj2Un +JUKzdoXGJdBA2q3erk5Dq6++ivvLqABt2J8DABEBAAG0O3NjYWxhLXBhcnNlci1j b21iaW5hdG9ycyA8c2NhbGEtaW50ZXJuYWxzQGdvb2dsZWdyb3Vwcy5jb20+iQEc -BBMBAgAGBQJUgLttAAoJEF2pklhwFz7lp+kH/21ydQFQKdIv91iUNkwdbRbFcOoY -1LTZBAg2QaWMgqo9ZqZako09IlHouzMs+8mpgu3iC0spuzt24dn0He7ruKbnUb9F -AvWcyG5Kzw/zy/wvC8IZNtLqMP5RKOJmNZydoMj2DUcfPnldAwKd/UGmOyn4AEvW -ND0Qi59mPcJy/mCCDyjYfu+tJQCRg2DEhKtNX06GskZTaBeuqEVt58ZdE2aAq/X0 -2afs/Pv160NvbzgQ5vroamvwr2Q8E5aCiCcf7DZDyG5Kibt2Z7IvrosdAJsS75xQ -Q+1w7E3af7EdVZicMjkRPEhTbrtOInCRslIfKGp221mNvl7Au/ztfGPMUKY= -=/HZD +BBMBAgAGBQJVUMAKAAoJEHCQr0Ol4Q0LX7MH/1GTgBitKA/RNXK04k//P9U4k7bX +ofJDUrtwx+WNg2bi2er6RQhsWPWQ3p/clgK7by93XkgDrBPLsUTIUTCHGa/Dn9R+ +h5syQfjI5iDi1AZ47ARmSZisadG6RAzLNewQUFcYwBTmGxLBrGBjcxvrmUN1XLml +jA4mqzvApDvwMrzWKdE6eNBf7G2k4dlwG4AzkSNMHfCDFXUgqsqvodrAp+WmGpbN +kZzrAVYoZtfKfalakjZDdn6EqKgw0VgZynSCX1gfwrwLric12fCBWbqXARiMVaM2 +EUqbFszdNRkD/TT9vDIabQqZvLsJO6Ql50hrOJ7IPoEmxJukuS64Je/AYiM= +=iDWo -----END PGP PUBLIC KEY BLOCK----- diff --git a/admin/secring.asc.enc b/admin/secring.asc.enc index 9acbd239..fd45d256 100644 Binary files a/admin/secring.asc.enc and b/admin/secring.asc.enc differ diff --git a/build.sbt b/build.sbt index 2bee54b1..8c61e4ad 100644 --- a/build.sbt +++ b/build.sbt @@ -5,7 +5,9 @@ name := "scala-parser-combinators" version := "1.1.0-SNAPSHOT" -scalaVersion := "2.11.6" +scalaVersion := crossScalaVersions.value.head + +crossScalaVersions := Seq("2.11.6", "2.12.0-M1") // important!! must come here (why?) scalaModuleOsgiSettings diff --git a/sensitive.sbt.enc b/sensitive.sbt.enc deleted file mode 100644 index b3ebdac2..00000000 --- a/sensitive.sbt.enc +++ /dev/null @@ -1,7 +0,0 @@ -U2FsdGVkX19ymDGvEeR3Ld7K7e4jzUoCqTw/KfHdPdtZbPDpAc1txKP1i2y8T6hO -y4QJTEhmKXsIJEnDTjyM0wEzh/yYjdE6fGNF43cW4ysSeSEBPy104gNhQXKsyohH -JIb0suQ288cP8kZ9IBq/osXkWU0qe+++PJNMeUATaU+ek/z9f/YfvcWZ2jJIKvIk -aRMYX/Tpkm70ap9Ko9bdDsgV0/OrPnWT7It0ITIK4P7uj+Yyl9AYBRMT1sk0vqfX -oiArljvbeswaS+Ydll4u+kp/hgPMbE1IeYtmey2m9ls6FyLn+D9AfEIpUKg011K2 -kVEU678T3LqTqzJvvYhRfDR+KNw/n4l1EPj/JTubMx4qZLmDkoE69o19/lNffrCj -6B1nj4/2VU79kG+XpXDXEw==