diff --git a/.travis.yml b/.travis.yml index 33c33702f..9a80fe916 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,22 +2,19 @@ language: scala env: global: - - PUBLISH_JDK=openjdk6 # admin/build.sh only publishes when running on this jdk -# Don't commit sensitive files, instead commit a version encrypted with $SECRET, -# this environment variable is encrypted with this repo's private key and stored below: -# (See http://docs.travis-ci.com/user/environment-variables/#Secure-Variables.) - - secure: "whJQqI/7G+kUJoCCGQYbv3Y/T2Cx3EcBKfCyvMkZaVgo0wFEOUguh8I+4QqRyf9cC/uPmzwCzV9uwXsNDMcY78jouY05A+fCEnUol/9TuF5PWmXF6Yr/UmmYoCQe4pioXsbXa4uOy18kLzE0h2sOIrJ5A9NL8/58iVgl4E3pwvk=" + - PUBLISH_JDK=openjdk6 + # PGP_PASSPHRASE + - secure: "BYC1kEnHjNrINrHYWPGEuTTJ2V340/0ByzqeihLecjoZ75yrjWdsh6MI1JEUWgv5kb+58vLzib21JfnjsPK6Yb2bSXuCFCsEtJNh6RJKgxkWlCOzfTSh5I2wl7PCjRClRL6gseX2uTSvFjL4Z//pmxwxeXlLp7voQe4QAUq1+sE=" + # SONA_USER + - secure: "OpBwPc1GNvauageYOH3RscAa7wpZxgpmqDz15aigIKLNWzAhAtVUx0MleZ8rQeoqml6nrAvlnzuVHjKL2lVcjMPpjUis7bcQ5UAGK7tZK8x+qZNQxXmpXu8+pENwQA2yFaqt/xy7K5jFOrHJHTRxcPnyVG1yKakPWz53PPYUwbc=" + # SONA_PASS + - secure: "Xw7rI/qlML1nD2e2XwlakkhKAWNGZKqqE+Q3ntTvFpfHryl7KLCvVzJ4LIavnL6kGJaWOgy9vlSoEWn5g9nqHSfE31C/k5pY5nTMAKiwiJzfAS+r0asKXW2gmKhwtcTBkqyLVOZLCJSPVlFRQyfBJHY+Fs0L3KWcnMQgtBlyDhU=" + +script: admin/build.sh -script: - - admin/build.sh -scala: - - 2.11.4 jdk: - openjdk6 - openjdk7 -notifications: - email: - - adriaan.moors@typesafe.com -# if we get weird timeouts, see https://github.com/spray/spray/pull/233 -# 'set concurrentRestrictions in Global += Tags.limit(Tags.Test, 1)' +notifications: + email: adriaan.moors@typesafe.com diff --git a/admin/README.md b/admin/README.md new file mode 100644 index 000000000..55ae9c8ae --- /dev/null +++ b/admin/README.md @@ -0,0 +1,61 @@ +## Tag Driven Releasing + +Copied from https://github.com/scala/scala-java8-compat/commit/4a6cfc97cd95227b86650410e1b632e5ff79335b. + +### Background Reading + + - http://docs.travis-ci.com/user/environment-variables/ + - http://docs.travis-ci.com/user/encryption-keys/ + - http://docs.travis-ci.com/user/encrypting-files/ + +### Initial setup for the repository + +To configure tag driven releases from Travis CI. + + 1. Generate a key pair for this repository with `./admin/genKeyPair.sh`. + Edit `.travis.yml` and `admin/build.sh` as prompted. + 2. Publish the public key to https://pgp.mit.edu + 3. Store other secrets as encrypted environment variables with `admin/encryptEnvVars.sh`. + Edit `.travis.yml` as prompted. + 4. Edit `.travis.yml` to use `./admin/build.sh` as the build script, + and edit that script to use the tasks required for this project. + 5. Edit `.travis.yml` to select which JDK will be used for publishing. + +It is important to add comments in .travis.yml to identify the name +of each environment variable encoded in a `:secure` section. + +After all of these steps, your .travis.yml should contain config of the +form: + + language: scala + env: + global: + - PUBLISH_JDK=openjdk6 + # PGP_PASSPHRASE + - secure: "XXXXXX" + # SONA_USER + - secure: "XXXXXX" + # SONA_PASS + - secure: "XXXXXX" + script: admin/build.sh + +If Sonatype credentials change in the future, step 3 can be repeated +without generating a new key. + +Be sure to use SBT 0.13.7 or higher to avoid [#1430](https://github.com/sbt/sbt/issues/1430)! + +### Testing + + 1. Follow the release process below to create a dummy release (e.g. 0.1.0-TEST1). + Confirm that the release was staged to Sonatype but do not release it to Maven + central. Instead, drop the staging repository. + +### Performing a release + + 1. Create a GitHub "Release" (with a corresponding tag) via the GitHub + web interface. + 2. Travis CI will schedule a build for this release. Review the build logs. + 3. Log into https://oss.sonatype.org/ and identify the staging repository. + 4. Sanity check its contents + 5. Release staging repository to Maven and send out release announcement. + diff --git a/admin/build.sh b/admin/build.sh index 3c7f4b6c8..34f5ccda1 100755 --- a/admin/build.sh +++ b/admin/build.sh @@ -1,5 +1,7 @@ #!/bin/bash +set -e + # prep environment for publish to sonatype staging if the HEAD commit is tagged # git on travis does not fetch tags, but we have TRAVIS_TAG @@ -9,11 +11,15 @@ if [ "$TRAVIS_JDK_VERSION" == "$PUBLISH_JDK" ] && [[ "$TRAVIS_TAG" =~ ^v[0-9]+\. echo "Going to release from tag $TRAVIS_TAG!" myVer=$(echo $TRAVIS_TAG | sed -e s/^v//) publishVersion='set every version := "'$myVer'"' - extraTarget="publish-signed" - + extraTarget="+publish-signed" cat admin/gpg.sbt >> project/plugins.sbt - admin/decrypt.sh sensitive.sbt - (cd admin/ && ./decrypt.sh secring.asc) + cp admin/publish-settings.sbt . + + # Copied from the output of genKeyPair.sh + K=$encrypted_6b8d67feaab7_key + IV=$encrypted_6b8d67feaab7_iv + + openssl aes-256-cbc -K $K -iv $IV -in admin/secring.asc.enc -out admin/secring.asc -d fi -sbt ++$TRAVIS_SCALA_VERSION "$publishVersion" clean update compile test $extraTarget \ No newline at end of file +sbt "$publishVersion" clean update +test +publishLocal $extraTarget diff --git a/admin/decrypt.sh b/admin/decrypt.sh deleted file mode 100755 index 3c3c602f0..000000000 --- a/admin/decrypt.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -openssl aes-256-cbc -pass "pass:$SECRET" -in $1.enc -out $1 -d -a \ No newline at end of file diff --git a/admin/encrypt.sh b/admin/encrypt.sh deleted file mode 100755 index 4bf6c9329..000000000 --- a/admin/encrypt.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -openssl aes-256-cbc -pass "pass:$SECRET" -in $1 -out $1.enc -a \ No newline at end of file diff --git a/admin/encryptAll.sh b/admin/encryptAll.sh deleted file mode 100755 index de7016b75..000000000 --- a/admin/encryptAll.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -# Based on https://gist.github.com/kzap/5819745: - -echo "This will encrypt the cleartext sensitive.sbt and admin/secring.asc, while making the encrypted versions available for decryption on Travis." -echo "Update your .travis.yml as directed, and delete the cleartext versions." -echo "Press enter to continue." -read - -# 1. create a secret, put it in an environment variable while encrypting files -- UNSET IT AFTER -export SECRET=$(cat /dev/urandom | head -c 10000 | openssl sha1) - -# 2. add the "secure: ..." line under the env section -- generate it with `` (install the travis gem first) -travis encrypt SECRET=$SECRET - -admin/encrypt.sh admin/secring.asc -admin/encrypt.sh sensitive.sbt - -echo "Remember to rm sensitive.sbt admin/secring.asc -- once you do, they cannot be recovered (except on Travis)!" \ No newline at end of file diff --git a/admin/encryptEnvVars.sh b/admin/encryptEnvVars.sh new file mode 100755 index 000000000..b62566798 --- /dev/null +++ b/admin/encryptEnvVars.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# +# Encrypt sonatype credentials so that they can be +# decrypted in trusted builds on Travis CI. +# +set -e + +read -s -p 'SONA_USER: ' SONA_USER +travis encrypt SONA_USER="$SONA_USER" +read -s -p 'SONA_PASS: ' SONA_PASS +travis encrypt SONA_PASS="$SONA_PASS" diff --git a/admin/genKeyPair.sh b/admin/genKeyPair.sh new file mode 100755 index 000000000..17db3f39b --- /dev/null +++ b/admin/genKeyPair.sh @@ -0,0 +1,41 @@ +#!/bin/bash +# +# Generates a key pair for this repository to sign artifacts. +# Encrypt the private key and its passphrase in trusted builds +# on Travis CI. +# +set -e + +# Based on https://gist.github.com/kzap/5819745: +function promptDelete() { + if [[ -f "$1" ]]; then + echo About to delete $1, Enter for okay / CTRL-C to cancel + read + rm "$1" + fi +} +for f in admin/secring.asc.enc admin/secring.asc admin/pubring.asc; do promptDelete "$f"; done + +echo Generating key pair. Please enter 1. repo name 2. scala-internals@googlegroups.com, 3. a new passphrase +echo Be careful when using special characters in the passphrase, see http://docs.travis-ci.com/user/encryption-keys/#Note-on-escaping-certain-symbols +cp admin/gpg.sbt project +sbt 'set pgpReadOnly := false' \ + 'set pgpPublicRing := file("admin/pubring.asc")' \ + 'set pgpSecretRing := file("admin/secring.asc")' \ + 'pgp-cmd gen-key' +rm project/gpg.sbt + +echo ============================================================================================ +echo Encrypting admin/secring.asc. Update K and IV variables in admin/build.sh accordingly. +echo ============================================================================================ +travis encrypt-file admin/secring.asc +rm admin/secring.asc +mv secring.asc.enc admin + +echo ============================================================================================ +echo Encrypting environment variables. Add each to a line in .travis.yml. Include a comment +echo with the name of the corresponding variable +echo ============================================================================================ +read -s -p 'PGP_PASSPHRASE: ' PGP_PASSPHRASE +travis encrypt PGP_PASSPHRASE="$PGP_PASSPHRASE" + diff --git a/admin/gpg.sbt b/admin/gpg.sbt index 6ec4213ea..68ae46411 100644 --- a/admin/gpg.sbt +++ b/admin/gpg.sbt @@ -1,21 +1,2 @@ -// only added when publishing: -addSbtPlugin("com.typesafe.sbt" % "sbt-pgp" % "0.8.3") -/* There's a companion sensitive.sbt, which was created like this: - -1. in an sbt shell when sbt-gpg is loaded, create pgp key in admin/: - - set pgpReadOnly := false - pgp-cmd gen-key // use $passPhrase - pgp-cmd send-key hkp://keyserver.ubuntu.com - -2. create sensitive.sbt with contents: - -pgpPassphrase := Some($passPhrase.toArray) - -pgpPublicRing := file("admin/pubring.asc") - -pgpSecretRing := file("admin/secring.asc") - -credentials += Credentials("Sonatype Nexus Repository Manager", "oss.sonatype.org", $sonaUser, $sonaPass) -*/ +addSbtPlugin("com.typesafe.sbt" % "sbt-pgp" % "0.8.3") // only added when publishing, see build.sh diff --git a/admin/publish-settings.sbt b/admin/publish-settings.sbt new file mode 100644 index 000000000..f763ea06c --- /dev/null +++ b/admin/publish-settings.sbt @@ -0,0 +1,9 @@ +def env(key: String) = Option(System.getenv(key)).getOrElse("") + +pgpPassphrase := Some(env("PGP_PASSPHRASE").toArray) + +pgpPublicRing := file("admin/pubring.asc") + +pgpSecretRing := file("admin/secring.asc") + +credentials += Credentials("Sonatype Nexus Repository Manager", "oss.sonatype.org", env("SONA_USER"), env("SONA_PASS")) diff --git a/admin/pubring.asc b/admin/pubring.asc index 61de5ecf0..df4501ad6 100644 --- a/admin/pubring.asc +++ b/admin/pubring.asc @@ -1,18 +1,18 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- Version: BCPG v1.49 -mQENBFR/wRIBCACgRrOC5zAzSuuhf35NVzAG3K6xADFcxSKtxyIKydvlzhgdTuH8 -MvqLaQvo0gOQ/32DEnBy0DbDu8WEDvpZzEM21eTz/VW9VDb0fbNEXoLODY+IYt+v -ohsw0NzQV6qSk2WQVYWVuZbfZXZBT3/JoDxHKRRl/IvZb8CQkRypxKVmsud/IOsu -t/hHRWzbgPtNJNUX0Uhrz96P0+LcKfwUt34TMBIyfSY9C3ZPzPYTlhuDqtJunKTj -NZljt9cbAMjJsuw0rSYNkAb5kGblguUn7BLp5Ngox6h7/MP7v1YM7WsXa3oMcHyX -0Rf3PPE8HELcfsbF+FAN3jCNWgaz15bCz3lhABEBAAG0LHNjYWxhLXhtbCA8c2Nh -bGEtaW50ZXJuYWxzQGdvb2dsZWdyb3Vwcy5jb20+iQEcBBMBAgAGBQJUf8ESAAoJ -EIbbEE4RFVfeHWgH/1B5U+UT/lx8Z/V3qK3EfsVVM5nbcJqy+jRC9mNsO4VSX7+G -rNuIn6oZ08SZKcmzWo71i9uqatgaFtVHhLbOJ9a72Ja8YoBSKerv6gpcFcAH4fDB -m5FyoxbM0K9vLwUvkbewNLLK8XbWwuCuHTmtEW2WPv2d/PmyOXuXoos/E1HiPTkU -iN5TIuJYpDvy7cxQL0qlaEcpWjzXHyy6+BFA1C8zlwoX+2iAx1rVGd3mPDHNgY+U -Z3MYArHxu5QC3BZs2wsD9/SkioanFhzH4g/MB1qaQlD2WGqXwoDK2/Bsnu5pJaPA -QhCuqobGMQ8Umupnejt8fIIQ/8A99sneBU+eEB8= -=450t +mQENBFVQohwBCACi9Hupi/27JFgcRypkruHZNKXa4+QO380B5hp0UFUzJHBqEvUd +p9niOq30yCgfByLiPv2qr7g1lAg2DltH9WyN5zhp3MzOt/m1w66IwZqgCS364gtD +56udK2R6YCFMfiJxGXFsSbStfIoD8N5S++NJGv0GuFc2m3sSuTunRFoRWN4Dce0g +a16nyVR2dPfqOkL7LLzMR4Tl8VQFb36WPrFBmJKzZWxt0r2pQhEDMwItuZeKrBhm +K/RZWtNqiBO61JCBHfWZdpduUcTjlr5cW+jkRtw8La0qgglJcSN/sErQamAtU6vo +sdTZ2aQQZnYyVBt00yrLV+9Dq/dBS6cfV9NHABEBAAG0LHNjYWxhLXhtbCA8c2Nh +bGEtaW50ZXJuYWxzQGdvb2dsZWdyb3Vwcy5jb20+iQEcBBMBAgAGBQJVUKIcAAoJ +EO/sfqhmzEOuHtkH/25VVvDzMo85E8KlCtsnkD5Alb83zV1XF6+mZaRHikzKkQRz +phZEGaU6ee3V6CH5qXsmKTU2B1WaOYIdPkuBjwdpRPJbaX0zzrWUCCv1vLKDb+z2 +nlcg0AehMUM3UinbGR6QCh06p3O/tBokJvZM+Ng3pkXtLOS4HphRfindpy7+u1Y/ +szcIQS88AH1g5xPt8nwrh9VQbrYD04K20mLckGIWnjSzgFB9hntMF5arAP9Q1RkS +52xiOZB8RTZZCkFeHIdMKjjmoM9Vn/3JZzsy8Om4FWYa/l2fEExxKWFupvQetjFk +VTTOG+T7/WwVPQQ0xQLROgWL7z5UgxHly64WClA= +=/6/b -----END PGP PUBLIC KEY BLOCK----- diff --git a/admin/secring.asc.enc b/admin/secring.asc.enc index 25ed5cc2d..626ff5d10 100644 Binary files a/admin/secring.asc.enc and b/admin/secring.asc.enc differ diff --git a/build.sbt b/build.sbt index b97e13faf..f38d0da04 100644 --- a/build.sbt +++ b/build.sbt @@ -6,7 +6,9 @@ name := "scala-xml" version := "1.0.5-SNAPSHOT" -scalaVersion := "2.11.4" +scalaVersion := crossScalaVersions.value.head + +crossScalaVersions := Seq("2.11.6", "2.12.0-M1") // important!! must come here (why?) scalaModuleOsgiSettings