Skip to content

Latest commit

 

History

History
97 lines (59 loc) · 3.89 KB

publishing.md

File metadata and controls

97 lines (59 loc) · 3.89 KB
Raw

Publishing

spata is published from Travis CI, with help of sbt-sonatype plugin. A lot of useful information about publishing process may be found in the Scala's Library Author Guide and sbt documentation.

Preparations

Set up Sonatype account (for Maven Central)

  • Create personal Sonatype repository account through Sonatype JIRA.

  • Open a ticket to set up new project and claim access to fingo.info domain.

  • Log in to Sonatype and create a user token (Profile / User Token).

Create PGP keys to sign releases

  • Install GnuGP if required.

  • Generate a key pair: gpg --gen-key:

    • provide spata bot as name,
    • provide your personal email (optimally in fingo.info domain).

  • Note the key id for later use.

  • Check keys: gpg --list-keys.

  • Publish the key: gpg --keyserver hkps://keys.openpgp.org --send-keys <key-id> (it may take a while until the keys are publicly available).

Configure Travis CI

  • Install Travis client if required.

  • Set the repository name in environment: REPO=fingo/spata.

  • Create GitHub OAuth token for Travis CI (with repo, user:email and read:org scopes).

  • Log in to Travis CI: travis login --github-token <token> --com.

  • Export public key for CI: gpg -a --export <key-id> > ci/public-key.asc.

  • Export private key: gpg --export-secret-keys --armor <key-id> > target/secret-key.asc.

  • Encrypt private key and send to Travis: travis encrypt-file target/secret-key.asc --com -r $REPO

  • Adjust .travis.yml: replace $encrypted_<id>_key and $encrypted_<id>_iv with values returned by above command (openssl call in publish stage).

  • Move encrypted key to ci folder: mv secret-key.asc.enc ci.

  • Remove exported private key: rm target/secret-key.asc.

  • Encrypt credentials:

    • Execute travis encrypt PGP_PASSPHRASE=<spata_bot_pgp_pass> and replace secure environment variable for PGP_PASSPHRASE in .travis.yml with returned value.

    • Execute travis encrypt SONATYPE_USERNAME=<user_token_name> and replace secure environment variable for PGP_PASSPHRASE in .travis.yml with returned value.

    • Execute travis encrypt SONATYPE_PASSWORD=<user_token_pass> and replace secure environment variable for PGP_PASSPHRASE in .travis.yml with returned value.

  • Logout from Travis: travis logout --com.

Cutting a release

A release process uses sbt-dynver and is triggered by Git tag:

  • Set a tag: git tag -a v<version> -m <info>.
  • Push it: git push --tags.

After this, draft a new release in GitHub.

Revoking keys

In case of compromised PGP private key, revoke it with following procedure:

  • List keys: gpg --list-keys.

  • Look up the key on server: gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --search-keys <key-id>.

  • Revoke key: gpg --output revoke.asc --gen-revoke <key-id>.

  • Import revoked key to keychain: gpg --import revoke.asc.

  • Publish revoke information: `gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --send-keys and set up publishing configuration again.