HOWTO: Travis Configuration

We use Travis-CI for our continuous integration builds (http://travis-ci.org). Travis performs builds in virtual machines. The VMs have several tools already installed (e.g., Maven) and has extensive configuration options outlined in this beautiful documentation.

Travis configuration is performed in a YML file at the root of the master branch of our repository, ".travis.yml" (note the leading dot, making the file hidden on most filesystems).

You can find our live Travis configuration here: https://github.com/FINRAOS/JTAF-ExtWebDriver/blob/master/.travis.yml

In general, we use an approach outlined in this blog post from another open-source team.

The current configuration does the following:

• language: java- This sets up a standard Java build environment in the VM.
• before_script: git clone -b CM `git config --get remote.origin.url` target/CM- This checks out our CM branch, which includes files supporting the build
• install: ''- Specifies that we do not want to attempt any "install" steps before our build (would be ON by default, running Maven install before our Maven deploy)
• script: mvn clean deploy --settings target/CM/settings.xml- Specifies the command to use in our primary build step, a Maven deploy which forces build and test steps. The settings.xml file (kept in the CM branch) contains a "server" entry needed during the deploy step. IMPORTANT: the ID of the server in this file needs to match the ID referred to by the root POM of the master branch.
• branches: only: master- Specifies that we only want to build the master branch
• env: global: secure: ...- Specifies environment variables to be made available to the build. Specifically, these two entries provide credentials for deployment of the snapshot to Sonatype (more about this below)

Setting up Secure Environment Variables

From settings.xml, you can see that we are referring to environment variables for username and password, CI_DEPLOY_USERNAME and CI_DEPLOY_PASSWORD. These credentials authorize the build to deploy snapshots to Sonatype.

Because we don't want to provide this sensitive information in plain-text form, we use Travis' encryption support to encrypt these environment variable entries according to a private key associated with our Travis user. The "secure" lines in the YML configuration store the output of an external tool provided by Travis. Before each build, the lines are decrypted and environment variables made available to the build. In decrypted form, the entries in .travis.yml are "CI_DEPLOY_USERNAME=<username>" and "CI_DEPLOY_PASSWORD=<password>".

As described here , Travis provides a Ruby gem for encrypting text. To use the gem, you need to:

• Install Ruby w/ native extensions (e.g., ruby-dev package on Ubuntu, Ruby DevKit on Windows)
• Install Rubygems
• Install the "travis" gem with "gem install travis" (usually requires elevation)

On a machine with the gem available, do the following:

• Clone the repository (Note: The actual repository, not a fork) and cd into the cloned working copy
• Execute the following command, entering the FINRA GitHub credentials (also used for Travis) when prompted:

travis login

• If relevant, remove entries related to old values (e.g., previously encrypted credentials) from the YML file.
• Execute the following commands to append the encrypted environment variables to the YML file (replace <username> and <password> with the FINRA Sonatype credentials locally):

travis encrypt CI_DEPLOY_USERNAME=<username> --add

travis encrypt CI_DEPLOY_PASSWORD=<password> --add

• Upon inspection, you should see two "- secure" lines added to the YML file.

References

• http://about.travis-ci.org/docs/user/build-configuration
• http://blog.xeiam.com/2013/05/configure-travis-ci-to-deploy-snapshots.html
• http://about.travis-ci.org/docs/user/encryption-keys/
• http://maven.apache.org/plugins/maven-deploy-plugin/usage.html