Call GitHub API with Travis to build Tag

Question

I have created a TravisCI Hook in a GitHub repository that automatically run a build after pushing to the repo. What I would like to add is that if the build succeeds a tag is automatically created.

I have found out that there is a way to create tags with the GitHub API http://developer.github.com/v3/git/tags/#create-a-tag-object

But how do I control access to my repository? I can't expose my login github credentials in the travis.yml because everyone can read it as it is cointained in the repository.\

I am pretty new to automated deployment so if there is any other solution to do this without travis please let me also know. What I would like to achieve is that a downloadable version is created for the users after a successful build.

Solution

Ok I have finally found the correct travis.yaml Configuration.

How does it work: After pushing to the repository, travis will run the tests of my application. If the tests are successful travis will build a precompiled version of the current build and upload it to a special release which I have created on the GitHub Repo.

    language: scala
    env:
      global:
        - PLAY_VERSION=2.2.1
        - secure: "HD1x0S9ad/3+G9YUkyT/uTw9lEr+tUQEV4QO+M2Ro1JFSVOzLNZiNoh6FrNb06a0TbencTkftyHYmYjp1/CCyTpF9CMCQ4ddB7TVF9hibH1y9ONVrPJIm5BCEpjGDa4fND8bkcChrpcZDQKIO0ZwArEsl2+IRocnbBT+oYqIFNo="
    before_script:
      - wget http://downloads.typesafe.com/play/${PLAY_VERSION}/play-${PLAY_VERSION}.zip
      - unzip -q play-${PLAY_VERSION}.zip
      - sudo apt-get install jq
    script: play-${PLAY_VERSION}/play test
    notifications:
      email: false
    after_success: 
      - play-${PLAY_VERSION}/play dist
      - cd target/universal/
      - 'ASSETID=$(curl -s -H "Authorization: token ${BUILD_KEY}" "https://api.github.com/repos/meisign/fillable/releases/204198/assets" | jq ".[0].id")'
      - 'curl -XDELETE -s -H "Authorization: token ${BUILD_KEY}" "https://api.github.com/repos/meisign/fillable/releases/assets/$ASSETID"'
      - 'curl -XPOST -s -H "Authorization: token ${BUILD_KEY}" -H "Content-Type: application/zip" --data-binary @./Fillable-1.0-SNAPSHOT.zip "https://uploads.github.com/repos/meisign/fillable/releases/204198/assets?name=Fillable.zip"'

Answer 1

You can create a GitHub Personal API Token that will grant access to your repositories. The public_repo scope should be all you need for a public repository.

Use this token for authenticating to the GitHub API. To use the token with the API include it in the Authorization header.

curl -H "Authorization: token <YOUR_TOKEN>" https://api.github.com/user

You can also use this token to push to your repository.

git push -q https://<token>@github.com/<user>/<repo>

Now for the fun part, you need to keep that token a secret. Having it public is equivalent to having your username and password public.

---

You need to be sure to read through the documentation referenced and keep an eye on your Travis-CI logs. The commands run in bash, and depending how you write it or if there are any errors you could accidentally reveal your token.

To keep that token a secret Travis-CI has a system for generating public and private keys. The encryption keys are specific to your repository.

The link has all of the relevant documentation; you need to install the Travis command line interface tool, it is available as a Ruby Gem.

gem install travis

To encrypt a variable (such as your personal token) -

travis encrypt SOMEVAR=secretvalue --add

Travis assumes that the command is being run in the project directory and will provide the unique Public key to encrypt your data, based on your repository. The --add flag will automatically place the secured data in your .travis.yml file.

That's how you keep it a secret. The implementation of creating tags with Git or the GitHub API is up to you. Please share once you figure it out.