You can create a GitHub Personal API Token that will grant access to your repositories. The public_repo
scope should be all you need for a public repository.
Use this token for authenticating to the GitHub API. To use the token with the API include it in the Authorization header.
curl -H "Authorization: token <YOUR_TOKEN>" https://api.github.com/user
You can also use this token to push to your repository.
git push -q https://<token>@github.com/<user>/<repo>
Now for the fun part, you need to keep that token a secret. Having it public is equivalent to having your username and password public.
You need to be sure to read through the documentation referenced and keep an eye on your Travis-CI logs. The commands run in bash, and depending how you write it or if there are any errors you could accidentally reveal your token.
To keep that token a secret Travis-CI has a system for generating public and private keys. The encryption keys are specific to your repository.
The link has all of the relevant documentation; you need to install the Travis command line interface tool, it is available as a Ruby Gem.
gem install travis
To encrypt a variable (such as your personal token) -
travis encrypt SOMEVAR=secretvalue --add
Travis assumes that the command is being run in the project directory and will provide the unique Public key to encrypt your data, based on your repository. The --add
flag will automatically place the secured data in your .travis.yml
file.
That's how you keep it a secret. The implementation of creating tags with Git or the GitHub API is up to you. Please share once you figure it out.