diff --git a/.travis.yml b/.travis.yml index a51b9b8..d0b3015 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,22 +2,19 @@ language: scala env: global: - - PUBLISH_JDK=openjdk6 # admin/build.sh only publishes when running on this jdk -# Don't commit sensitive files, instead commit a version encrypted with $SECRET, -# this environment variable is encrypted with this repo's private key and stored below: -# (See http://docs.travis-ci.com/user/environment-variables/#Secure-Variables.) - - secure: "KpKvQvUQNsF+o74lndXl+zDGU8+A686ltndldlwDhNiSYF/PJ9RIXembsRh+B4ureo/Aa9UBL7vE6d265DRpir2o6JQ3jcU6e4djfqkvmXuDpBlcd3rJXtKuGYQyE5cm2h3/ZFl+0RmYm+fGSieWBAo+A3uvAVuq8qTu6PY8nMU=" + - PUBLISH_JDK=openjdk6 + # PGP_PASSPHRASE + - secure: "XLe/gZXrGwJlKCgAUoEUIHwoh8js0IdlIazwUd5KKssZMQkPg4VfC5LLPl8iXCYIRe2JrgmD56b7eseiZF9kMxa1Rsz8fSMY0v3A0qwxRjbsxVQ2NqEvdq+TNOAhjo/OmPnipvTcDdAyq68Ca4nTSBtfBpy5t6X3Z4UIl8CWLdw=" + # SONA_USER + - secure: "Me+3gxk89qOq18J+N/N+VoxnG8bSTrgyGovutLRFQnSNkJQXoVawJul9BmCZVrha7y/WCwsbSFFP9vS3VnKjPne5RnQM4eNjPOUw08uBtoj6QD/jpmRjt+cEWMaD9tB9OvJLkaKRFyTy8Un2tVO4ia9GEdojy2YbqjrJjGqwW9E=" + # SONA_PASS + - secure: "cjzluj1FGCr2D/3TgnV/7yOELOcqB8QG6Du95tb4xPp39+ulrIfTvzQ8HA1oC8+y1mmN68h5RxN/gcC+9GdihDpk+bXz2Ij7XWmp+tiHU8E6VNS+rd+JO7Ojf90q6jsmx00Y8uhZ/RZtjK+p8SUTC0a5KhqesmxSThHFqPNC5CM=" + +script: admin/build.sh -script: - - admin/build.sh -scala: - - 2.11.0 jdk: - openjdk6 - openjdk7 -notifications: - email: - - adriaan.moors@typesafe.com -# if we get weird timeouts, see https://github.com/spray/spray/pull/233 -# 'set concurrentRestrictions in Global += Tags.limit(Tags.Test, 1)' +notifications: + email: adriaan.moors@typesafe.com diff --git a/admin/README.md b/admin/README.md new file mode 100644 index 0000000..55ae9c8 --- /dev/null +++ b/admin/README.md @@ -0,0 +1,61 @@ +## Tag Driven Releasing + +Copied from https://github.com/scala/scala-java8-compat/commit/4a6cfc97cd95227b86650410e1b632e5ff79335b. + +### Background Reading + + - http://docs.travis-ci.com/user/environment-variables/ + - http://docs.travis-ci.com/user/encryption-keys/ + - http://docs.travis-ci.com/user/encrypting-files/ + +### Initial setup for the repository + +To configure tag driven releases from Travis CI. + + 1. Generate a key pair for this repository with `./admin/genKeyPair.sh`. + Edit `.travis.yml` and `admin/build.sh` as prompted. + 2. Publish the public key to https://pgp.mit.edu + 3. Store other secrets as encrypted environment variables with `admin/encryptEnvVars.sh`. + Edit `.travis.yml` as prompted. + 4. Edit `.travis.yml` to use `./admin/build.sh` as the build script, + and edit that script to use the tasks required for this project. + 5. Edit `.travis.yml` to select which JDK will be used for publishing. + +It is important to add comments in .travis.yml to identify the name +of each environment variable encoded in a `:secure` section. + +After all of these steps, your .travis.yml should contain config of the +form: + + language: scala + env: + global: + - PUBLISH_JDK=openjdk6 + # PGP_PASSPHRASE + - secure: "XXXXXX" + # SONA_USER + - secure: "XXXXXX" + # SONA_PASS + - secure: "XXXXXX" + script: admin/build.sh + +If Sonatype credentials change in the future, step 3 can be repeated +without generating a new key. + +Be sure to use SBT 0.13.7 or higher to avoid [#1430](https://github.com/sbt/sbt/issues/1430)! + +### Testing + + 1. Follow the release process below to create a dummy release (e.g. 0.1.0-TEST1). + Confirm that the release was staged to Sonatype but do not release it to Maven + central. Instead, drop the staging repository. + +### Performing a release + + 1. Create a GitHub "Release" (with a corresponding tag) via the GitHub + web interface. + 2. Travis CI will schedule a build for this release. Review the build logs. + 3. Log into https://oss.sonatype.org/ and identify the staging repository. + 4. Sanity check its contents + 5. Release staging repository to Maven and send out release announcement. + diff --git a/admin/build.sh b/admin/build.sh index af77da9..965ab6c 100755 --- a/admin/build.sh +++ b/admin/build.sh @@ -1,5 +1,7 @@ #!/bin/bash +set -e + # prep environment for publish to sonatype staging if the HEAD commit is tagged # git on travis does not fetch tags, but we have TRAVIS_TAG @@ -9,11 +11,15 @@ if [ "$TRAVIS_JDK_VERSION" == "$PUBLISH_JDK" ] && [[ "$TRAVIS_TAG" =~ ^v[0-9]+\. echo "Going to release from tag $TRAVIS_TAG!" myVer=$(echo $TRAVIS_TAG | sed -e s/^v//) publishVersion='set every version := "'$myVer'"' - extraTarget="publish-signed" - + extraTarget="+publish-signed" cat admin/gpg.sbt >> project/plugins.sbt - admin/decrypt.sh sensitive.sbt - (cd admin/ && ./decrypt.sh secring.asc) + cp admin/publish-settings.sbt . + + # Copied from the output of genKeyPair.sh + K=$encrypted_abe708fa1965_key + IV=$encrypted_abe708fa1965_iv + + openssl aes-256-cbc -K $K -iv $IV -in admin/secring.asc.enc -out admin/secring.asc -d fi -sbt ++$TRAVIS_SCALA_VERSION "$publishVersion" clean update compile $extraTarget \ No newline at end of file +sbt "$publishVersion" clean update +test +publishLocal $extraTarget diff --git a/admin/decrypt.sh b/admin/decrypt.sh deleted file mode 100755 index 3c3c602..0000000 --- a/admin/decrypt.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -openssl aes-256-cbc -pass "pass:$SECRET" -in $1.enc -out $1 -d -a \ No newline at end of file diff --git a/admin/encrypt.sh b/admin/encrypt.sh deleted file mode 100755 index 4bf6c93..0000000 --- a/admin/encrypt.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -openssl aes-256-cbc -pass "pass:$SECRET" -in $1 -out $1.enc -a \ No newline at end of file diff --git a/admin/encryptAll.sh b/admin/encryptAll.sh deleted file mode 100755 index de7016b..0000000 --- a/admin/encryptAll.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -# Based on https://gist.github.com/kzap/5819745: - -echo "This will encrypt the cleartext sensitive.sbt and admin/secring.asc, while making the encrypted versions available for decryption on Travis." -echo "Update your .travis.yml as directed, and delete the cleartext versions." -echo "Press enter to continue." -read - -# 1. create a secret, put it in an environment variable while encrypting files -- UNSET IT AFTER -export SECRET=$(cat /dev/urandom | head -c 10000 | openssl sha1) - -# 2. add the "secure: ..." line under the env section -- generate it with `` (install the travis gem first) -travis encrypt SECRET=$SECRET - -admin/encrypt.sh admin/secring.asc -admin/encrypt.sh sensitive.sbt - -echo "Remember to rm sensitive.sbt admin/secring.asc -- once you do, they cannot be recovered (except on Travis)!" \ No newline at end of file diff --git a/admin/encryptEnvVars.sh b/admin/encryptEnvVars.sh new file mode 100755 index 0000000..b625667 --- /dev/null +++ b/admin/encryptEnvVars.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# +# Encrypt sonatype credentials so that they can be +# decrypted in trusted builds on Travis CI. +# +set -e + +read -s -p 'SONA_USER: ' SONA_USER +travis encrypt SONA_USER="$SONA_USER" +read -s -p 'SONA_PASS: ' SONA_PASS +travis encrypt SONA_PASS="$SONA_PASS" diff --git a/admin/genKeyPair.sh b/admin/genKeyPair.sh new file mode 100755 index 0000000..17db3f3 --- /dev/null +++ b/admin/genKeyPair.sh @@ -0,0 +1,41 @@ +#!/bin/bash +# +# Generates a key pair for this repository to sign artifacts. +# Encrypt the private key and its passphrase in trusted builds +# on Travis CI. +# +set -e + +# Based on https://gist.github.com/kzap/5819745: +function promptDelete() { + if [[ -f "$1" ]]; then + echo About to delete $1, Enter for okay / CTRL-C to cancel + read + rm "$1" + fi +} +for f in admin/secring.asc.enc admin/secring.asc admin/pubring.asc; do promptDelete "$f"; done + +echo Generating key pair. Please enter 1. repo name 2. scala-internals@googlegroups.com, 3. a new passphrase +echo Be careful when using special characters in the passphrase, see http://docs.travis-ci.com/user/encryption-keys/#Note-on-escaping-certain-symbols +cp admin/gpg.sbt project +sbt 'set pgpReadOnly := false' \ + 'set pgpPublicRing := file("admin/pubring.asc")' \ + 'set pgpSecretRing := file("admin/secring.asc")' \ + 'pgp-cmd gen-key' +rm project/gpg.sbt + +echo ============================================================================================ +echo Encrypting admin/secring.asc. Update K and IV variables in admin/build.sh accordingly. +echo ============================================================================================ +travis encrypt-file admin/secring.asc +rm admin/secring.asc +mv secring.asc.enc admin + +echo ============================================================================================ +echo Encrypting environment variables. Add each to a line in .travis.yml. Include a comment +echo with the name of the corresponding variable +echo ============================================================================================ +read -s -p 'PGP_PASSPHRASE: ' PGP_PASSPHRASE +travis encrypt PGP_PASSPHRASE="$PGP_PASSPHRASE" + diff --git a/admin/gpg.sbt b/admin/gpg.sbt index 01157e6..68ae464 100644 --- a/admin/gpg.sbt +++ b/admin/gpg.sbt @@ -1,26 +1,2 @@ -addSbtPlugin("com.typesafe.sbt" % "sbt-pgp" % "0.8.3") // only added when publishing: - -// There's a companion sensitive.sbt, which was created like this: -// -// 1. in an sbt shell that has the sbt-pgp plugin, create pgp key in admin/: -// -// sbt -// set pgpReadOnly := false -// set pgpPublicRing := file("admin/pubring.asc") -// set pgpSecretRing := file("admin/secring.asc") -// pgp-cmd gen-key // use $passPhrase -// Please enter the name associated with the key: $repoName -// Please enter the email associated with the key: scala-internals@googlegroups.com -// Please enter the passphrase for the key: $passphrase -// -// 2. create sensitive.sbt with contents: -// -// pgpPassphrase := Some($passPhrase.toArray) -// -// pgpPublicRing := file("admin/pubring.asc") -// -// pgpSecretRing := file("admin/secring.asc") -// -// credentials += Credentials("Sonatype Nexus Repository Manager", "oss.sonatype.org", $sonaUser, $sonaPass) - +addSbtPlugin("com.typesafe.sbt" % "sbt-pgp" % "0.8.3") // only added when publishing, see build.sh diff --git a/admin/publish-settings.sbt b/admin/publish-settings.sbt new file mode 100644 index 0000000..f763ea0 --- /dev/null +++ b/admin/publish-settings.sbt @@ -0,0 +1,9 @@ +def env(key: String) = Option(System.getenv(key)).getOrElse("") + +pgpPassphrase := Some(env("PGP_PASSPHRASE").toArray) + +pgpPublicRing := file("admin/pubring.asc") + +pgpSecretRing := file("admin/secring.asc") + +credentials += Credentials("Sonatype Nexus Repository Manager", "oss.sonatype.org", env("SONA_USER"), env("SONA_PASS")) diff --git a/admin/pubring.asc b/admin/pubring.asc index 6e1ff9e..82d8fd9 100644 --- a/admin/pubring.asc +++ b/admin/pubring.asc @@ -1,18 +1,18 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- Version: BCPG v1.49 -mQENBFSA2hsBCADRzxWZY/Wtw2QCjFUW2k1+WxQ71p1C1jDN63xr6Vqc/ivC2wVt -Z91vbZj6LlbKGs5GiSTuLXu/Y08ja3qqcnHGA3VqNQg4UkhqKpWMgsF4vT9JEb5c -ZK0Ise57wmeWxbanhs6YwYbrIIFaBIj+pYJRr0JMbbY2kU0k7qQJv+G+e348ArGJ -ZDgrA6U6OOsKW/k3pbExSlwVAFSHTncopWVyY76LaX03x2WWBdlEu9dxCggNkDni -cPIlq/iRfIV4F1STmfHeCYVKcw3UGlGBnpFAlP74smMNvOUeVo1SNmYMHs2a1GbQ -dt/rKZOEq/HcUjKkdXsCUFCbE/Os1ClHv5mfABEBAAG0MHNjYWxhLXBhcnRlc3Qg -PHNjYWxhLWludGVybmFsc0Bnb29nbGVncm91cHMuY29tPokBHAQTAQIABgUCVIDa -GwAKCRAPjZhgjiZfZMTrB/9NtkRpvG05h3YKyQ1JF6gN1v0pC/zlvyTs99ajSJbi -YskBIGXRQ8W4KNN2rH+fm2Zkz7XVbMrMpsNyons1UL+oX3cOo4UUj9Y9+FNAfq2T -mwDYR1idv0Q2mmkIrAb85ZmwfVILX3IJmd5ilYvzt8asULF4woABYsvPsnK4/SCs -3yZzYcmhxdVZmtgJPVnUsy8WmH/E7dMA3+OG/6pQVmFTvRnQL7CR6pyENdwPU9Dn -xeNbO6Emb54YjrG4nqFZCWQ31hkGk3aMmTHutLnDPgMlQPmXkulPc28Ee6kQmkuA -byQml2Jk2FP8g1CHqVRkmXYNz5y5qmcFCCMqQNx3V8+b -=eHVZ +mQENBFVQ9UcBCADBQeOLe/1vOwX0BasjQK6nAsSaDS/n6DZqauPERkUGv7bQJLL7 +GvvobhYlzTT3W+aJL4cggi51U8ZhYqF+ImtZIclziZDyjMgwDaDfWMEW238wp7zW +xkQyDk3o9Ms8/kwMaXR589OC2wZ+fGjI27ANzCUVFYaVDS0+B9TtBrUyfrvwY2PN +qcRtcMCJXDbCc7iL5OVgTPjUYvpCRhmSnbOnieulfu8AJ6lw5VPN3u+Q8CgkVpdu +yq7MscvOwAhS37FEIHblAsA7J37oBqfYC4AvF5FqqX8vg1tCy+j3k55WWHbDzOM1 +fPCPn/V3Kg5IxMpF/O3GPwwjrZv1aHU5NpZ/ABEBAAG0MHNjYWxhLXBhcnRlc3Qg +PHNjYWxhLWludGVybmFsc0Bnb29nbGVncm91cHMuY29tPokBGwQTAQIABgUCVVD1 +RwAKCRDhRXkp6LZkqLT3B/YyfwkFzb3KlZxYcMn8hOVfaO+pBu+M+ec5Qx6myNog +a1esJPVLvTJuYDll0avufVpcXyae3tPHmKr+q838NKdpnG4K0t7WkZ6aKOR54nPZ +QfwOMugGRBNKXsgYnY6jswQxcYdI7+U/+lYa9+aFTHrIgEa52slnbymUroDj7HxK +lAbuAKenjPTPXlt6HFcRhJniPf7EQJjyQ7GMgCdGeVAdqlU189FFfo4VMAGybK9f +N7ssjUxXnKJEr7jhDhWloqYMdH60PQYP5okU+BzQh18f4jsnwmIdFjaDHOYgrJ2i +4NzbqGUxXT/jIGSyYzo7Bm1ps7NKF08i70ThwYJdpgM= +=RJHt -----END PGP PUBLIC KEY BLOCK----- diff --git a/admin/secring.asc.enc b/admin/secring.asc.enc index 19c6840..fdabef3 100644 Binary files a/admin/secring.asc.enc and b/admin/secring.asc.enc differ diff --git a/build.sbt b/build.sbt index d91328b..56a2944 100644 --- a/build.sbt +++ b/build.sbt @@ -6,11 +6,13 @@ name := "scala-partest" version := "1.0.8-SNAPSHOT" -scalaVersion := "2.11.6" +scalaVersion := crossScalaVersions.value.head -scalaXmlVersion := "1.0.3" +crossScalaVersions := Seq("2.11.6", "2.12.0-M1") -scalaCheckVersion := "1.11.3" +scalaXmlVersion := "1.0.4" + +scalaCheckVersion := "1.11.6" // TODO: enable "-Xfatal-warnings" for nightlies, // off by default because we don't want to break scala/scala pr validation due to deprecation diff --git a/project/build.properties b/project/build.properties index 748703f..a6e117b 100644 --- a/project/build.properties +++ b/project/build.properties @@ -1 +1 @@ -sbt.version=0.13.7 +sbt.version=0.13.8 diff --git a/sensitive.sbt.enc b/sensitive.sbt.enc deleted file mode 100644 index fefe996..0000000 --- a/sensitive.sbt.enc +++ /dev/null @@ -1,7 +0,0 @@ -U2FsdGVkX19E4cL16pmP0y3iQKFZZioB1/HTP5omlUx/WW0L1zvvmdeMYEDCC2rJ -3TQGZUZ1W+MLvJMoe7I0Fhm+zfkJK3GHW4KFEfWGE73+i6ZUqox+UFfXZWnkvjje -mSeWQMomh2n5lhgIek+7bgNdg3g2Tnn5ll91P+FKyjFHFSZ8DAzjRL7qwJehDz0m -vkCrwT0HMF35kRK38HE9g4HgHCx/veXkw4EOoWanD4bSv8JyTomBjBFli4S1N4Sl -8bZdh7pbyDH3or+mHYasWEfGTIIszbqnMLlsvMGG2ETfcny1xosiAE8YUaxaVn5I -Xi7QqM1Gp1Bv4yUwSXbGmqU0RSWCkrtYX7uyQeaa3rRUHXsc0HPIHW3W9e0I7QXB -+r5UF+wId3jhZcVwoNQy7g==