Merge pull request #4 from mateusz-bajorek/master

mateusz-bajorek · web-flow · commit a986e22d4d6a · 2017-01-20T09:55:45.000+01:00
generate gpg keys on the fly
diff --git a/.travis.yml b/.travis.yml
@@ -11,10 +11,6 @@ jdk:
 install:
   - mvn --settings .travis/mvnsettings.xml install -DskipTests=true -Dgpg.skip -Dmaven.javadoc.skip=true -B -V
 
-before_install:
-  - if [ ! -z "$GPG_SECRET_KEYS" ]; then echo $GPG_SECRET_KEYS | base64 --decode | $GPG_EXECUTABLE --import; fi
-  - if [ ! -z "$GPG_OWNERTRUST" ]; then echo $GPG_OWNERTRUST | base64 --decode | $GPG_EXECUTABLE --import-ownertrust; fi
-
 deploy:
   -
     provider: script
diff --git a/.travis/deploy.sh b/.travis/deploy.sh
@@ -1,10 +1,24 @@
 #!/usr/bin/env bash
+set -e
+
 if [ ! -z "$TRAVIS_TAG" ]
 then
     echo "on a tag -> set pom.xml <version> to $TRAVIS_TAG"
-    mvn --settings .travis/mvnsettings.xml org.codehaus.mojo:versions-maven-plugin:2.3:set -DnewVersion=$TRAVIS_TAG 1>/dev/null 2>/dev/null
+    mvn --settings .travis/mvnsettings.xml org.codehaus.mojo:versions-maven-plugin:2.3:set -DnewVersion=$TRAVIS_TAG
 else
     echo "not on a tag -> keep snapshot version in pom.xml"
 fi
 
-mvn clean deploy --settings .travis/mvnsettings.xml -DskipTests=true -B -U
+if [ ! -z "$TRAVIS" -a -f "$HOME/.gnupg" ]; then
+    shred -v ~/.gnupg/*
+    rm -rf ~/.gnupg
+fi
+
+source .travis/gpg.sh
+
+mvn clean deploy --settings .travis/mvnsettings.xml -DskipTests=true --batch-mode --update-snapshots
+
+if [ ! -z "$TRAVIS" ]; then
+    shred -v ~/.gnupg/*
+    rm -rf ~/.gnupg
+fi
diff --git a/.travis/gpg.sh b/.travis/gpg.sh
@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+
+set -e
+
+# create a random passphrase
+export GPG_PASSPHRASE=$(echo "$RANDOM$(date)" | md5sum | cut -d\  -f1)
+
+# configuration to generate gpg keys
+cat >gen-key-script <<EOF
+    %echo Generating a basic OpenPGP key
+    Key-Type: RSA
+    Key-Length: 4096
+    Subkey-Type: 1
+    Subkey-Length: 4096
+    Name-Real: CurrencyFair
+    Name-Email: tech@currencyfair.com
+    Expire-Date: 0y
+    Passphrase: ${GPG_PASSPHRASE}
+    %commit
+    %echo done
+EOF
+
+# create a local keypair with given configuration
+gpg --batch --gen-key gen-key-script
+
+
+# export created GPG key
+#
+# example output
+# sec   4096R/EDD32E8B 2016-09-08 [verfällt: 2018-09-08]
+# uid                  Lars K.W. Gohlke <lars.gohlke@idealo.de>
+# ssb   4096R/CC1613B2 2016-09-08
+# ssb   4096R/55B7CAA2 2016-09-08
+export GPG_KEYNAME=$(gpg -K | grep ^sec | cut -d/  -f2 | cut -d\  -f1 | head -n1)
+
+# cleanup local configuration
+shred gen-key-script
+
+# publish the gpg key
+# (use keyserver.ubuntu.com as travis request keys from this server,
+#  we avoid synchronization issues, while releasing)
+gpg --keyserver keyserver.ubuntu.com --send-keys ${GPG_KEYNAME}
+
+# wait for the key beeing accessible
+while(true); do
+  date
+  gpg --keyserver keyserver.ubuntu.com  --recv-keys ${GPG_KEYNAME} && break || sleep 30
+done
diff --git a/.travis/mvnsettings.xml b/.travis/mvnsettings.xml
@@ -18,7 +18,7 @@
                 <activeByDefault>true</activeByDefault>
             </activation>
             <properties>
-                <gpg.executable>${env.GPG_EXECUTABLE}</gpg.executable>
+                <gpg.executable>gpg</gpg.executable>
                 <gpg.passphrase>${env.GPG_PASSPHRASE}</gpg.passphrase>
             </properties>
         </profile>
