From cd0d075def384fc8b48e92348278607955d114f2 Mon Sep 17 00:00:00 2001 From: Matthieu Gautier Date: Wed, 11 Jul 2018 15:27:12 +0200 Subject: [PATCH] Do not try to decrypt the ssh_key if we cannot. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If we are building a PR comming from a fork, the secret key will not be available and we cannot decrypt the ssh key. And if the ssh key cannot be decrypted, we should not try to use it to upload base dependencies. `cron` and deployement are made only on "secured environment" so we don't need to test for existance of the key because we are sure that we have been able to decrypt it. --- .travis.yml | 5 +++-- travis/compile_all.py | 16 +++++++++------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/.travis.yml b/.travis.yml index ecd641b..47a79fe 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,8 +13,9 @@ if: type != push OR tag IS present before_install: - PATH=$PATH:${HOME}/bin - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then PATH=$PATH:$(brew --prefix)/opt/gettext/bin; fi -- openssl aes-256-cbc -K $encrypted_eba2f7543984_key -iv $encrypted_eba2f7543984_iv - -in travis/travisci_builder_id_key.enc -out travis/travisci_builder_id_key -d +- '[ -n "$encrypted_eba2f7543984_iv" ] && openssl aes-256-cbc + -K $encrypted_eba2f7543984_key -iv $encrypted_eba2f7543984_iv + -in travis/travisci_builder_id_key.enc -out travis/travisci_builder_id_key -d' - chmod 600 travis/travisci_builder_id_key before_cache: - rm -f $HOME/.gradle/caches/modules-2/modules-2.lock diff --git a/travis/compile_all.py b/travis/compile_all.py index d332044..40c72dd 100755 --- a/travis/compile_all.py +++ b/travis/compile_all.py @@ -32,7 +32,10 @@ NIGHTLY_ZIM_ARCHIVES_DIR = HOME/'NIGHTLY_ZIM_ARCHIVES'/NIGHTLY_DATE RELEASE_ZIM_ARCHIVES_DIR = HOME/'RELEASE_ZIM_ARCHIVES' DIST_KIWIX_ARCHIVES_DIR = HOME/'DIST_KIWIX_ARCHIVES' DIST_ZIM_ARCHIVES_DIR = HOME/'DIST_ZIM_ARCHIVES' -SSH_KEY = environ.get('TRAVISCI_SSH_KEY', Path(environ['TRAVIS_BUILD_DIR'])/'travis'/'travisci_builder_id_key') +if 'TRAVISCI_SSH_KEY' in environ: + SSH_KEY = Path(environ['TRAVISCI_SSH_KEY']) +else: + SSH_KEY = Path(environ['TRAVIS_BUILD_DIR'])/'travis'/'travisci_builder_id_key' # We have build everything. Now create archives for public deployement. BINARIES = { @@ -225,12 +228,11 @@ try: except URLError: print_message("Cannot get archive. Build dependencies") run_kiwix_build('alldependencies', platform=PLATFORM) - archive = make_deps_archive('alldependencies', full=True) - destination = 'nightlybot@download.kiwix.org:/var/www/tmp.kiwix.org/ci/{}' - destination = destination.format(base_dep_archive_name) - scp(archive, destination) - - + if SSH_KEY.exists(): + archive = make_deps_archive('alldependencies', full=True) + destination = 'nightlybot@download.kiwix.org:/var/www/tmp.kiwix.org/ci/{}' + destination = destination.format(base_dep_archive_name) + scp(archive, destination) # A basic compilation to be sure everything is working (for a PR)