Reputation: 1380
Allow travis.ci to push github
I was hoping I could just add travis.ci as a collaborator, but didn't find anything in that direction. Maybe it's a security measure because they don't want to leak their credentials in the virtual environment.
Other (unsatisfying) ideas:
- share my github credentials with travis via encrypted vars
- create a separate github account for travis
- create separate ssh keys, share with travis (encrypted), add to my github
Does anyone have a better idea?
Context: I'm publishing my project from travis.ci and it automatically assigns a new version number that's tracked as a git tag, e.g. v1.0.5
Without anything setup, it obviously fails due to missing permissions:
pushing to remote, using `git push origin v0.1.41`
remote: Invalid username or password.
fatal: Authentication failed for 'https://github.com/mpollmeier/sbt-ci-release-early-usage.git/'
Upvotes: 0
Views: 683
Answers (2)
Reputation: 3099
The reason behind that is kind of security related, but not in the way you described it. Public repos are - as the name suggests - public which means that anyone can pull changes but only selected people can push. Since Travis by default only pulls from the repo, there's no need for Travis to have special access rights.
If Travis would request write access anyway, many users would complain about not trusting Travis as it requests permission for things that it shouldn't do by default.
If you wish to grant Travis write access anyway, the only ways to do so are the ones you described in your question, but I'll summarize them for the sake of completeness (from most to less preferred):
- Create a GitHub access key (as you did)
- Create an ssh key, encrypt it and share it with travis (tedious as the travis cli cannot encrypt files on Windows due to a bug)
- Sharing your github credentials with Travis through encrypted environment variables
Creating a separate account for Travis is only necessary if you wish to be able to separate your commits from the ones done by Travis, it doesn't add any layer of security though.
Regardless of what way you choose, encrypted information is secure by design. If someone submits a pull request and you enabled builds for pull requests, Travis will not share your encryption keys with the submitter (as stated in the docs).
Upvotes: 2
Reputation: 1380
I ended up using a github access token a of https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/, but I'm still keen to hear better alternatives...
Upvotes: 0
Related Questions
- travis-ci setup releases with --github-token
- Configure Travis CI to build new github branches
- Travis CI not triggering upon GitHub organization repository change
- How do I send pull-request that implements Travis to another repository which I do not own?
- Pushing on a Git repository with Travis-CI
- How to deploy to github releases from travis
- Restrict git branch to Travis CI only
- automated push to a github repo with travis
- Build with Travis-ci and push some files/folder to another repository
- Travis CI for Github?