How to push to github from Travis CI
January 26, 2019
Use a github Deploy key, which is scoped to a single repo, instead of a Personal Access token, which has push rights to all your public repos.
This approach is only as secure as the private key that Travis creates for your github repo.
Approach from https://stackoverflow.com/a/22977235.
Software used for this HOWTO:
- OSX Mojave
- OpenSSH_7.9p1, LibreSSL 2.7.3
- travis gem 1.8.9
- openssl (LibreSSL 2.6.5)
1. Install Travis CI command-line client
2. Create a GitHub deploy key
3. Add deploy key to your repo
GitHub -> your repository -> settings -> Deploy Keys -> "Add deploy key"
- Title = travis-ci
- Key = [paste public key generated in previous step]
- Allow write access = checked
4. Encode private key with big random password
5. Give Travis access to the password
6. Setup private key for push to git
I added the following lines to my test runner script:
Stumbles along the way
1. digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:539:
alpine:3.8|apk update|apk add|bash,sqlite|/bin/bash|sqlite3 [PASS] shmig-net bad decrypt 139902961870496:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:539: remote: Invalid username or password. fatal: Authentication failed for 'https://github.com/mbucc/shmig_test.git/' [Sat Jan 26 16:37:24 UTC 2019] git push error
I had forgotten to commit the .travis.yml, so the
variable was not in the Travis build environment. Doh!
The default digest was changed from MD5 to SHA256 in Openssl 1.1,
realized this, I spent a good amount of time making sure the digest
used by my laptop openssl matched
the one used by the Travis build box openssl.
-md sha256 argument to openssl
in both environments.
2. remote: Invalid username or password
git remote set-url origin firstname.lastname@example.org:mbucc/shmig_test.git
This one took a long while to figure out. You must use the git URL for the remote in order for the SSH private key to work.
3. Permissions 0664 for '/home/travis/build/mbucc/shmig_test/travis_key' are too open.
chmod 400 ./travis_key