Get npm and pub credentials from environment variables (#694)

Getting them from a file made the process of updating either set of credentials convoluted and error-prone, and meant that if one needed to be updated both had to be re-encrypted. This also updates the pub credentials to accommodate the new scope, as described in dart-lang/pub-dev#2281.
2024-11-27 04:34:59 +01:00 · 2019-05-24 16:43:04 -07:00 · 2019-05-24 16:43:04 -07:00 · 58a525c435
commit 58a525c435
parent eeeb1811f0
5 changed files with 8 additions and 14 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -138,6 +138,9 @@ jobs:
  # Deploy to npm.
  - name: npm
    if: *deploy-if
+    env:
+      # NPM_RC="..."
+      - "Iv6UKB6mH0GLkRQtaLeZnoW0QMmXbzGVX/QO+vvT26yWvqlW/ik+YeHB+4VLZFz/4xezukkztVENdxNDCnrQA/NX7fVhjqj4Px2JQau0V0ljYN64H+o0oxlBeMQqnsVOJcsU7DuPFPErYixkE3yuN6DqIYE+DYe3fVQg/1RBCs2z1nejg4udbZG7D0yfrxZSCckhsyBH1Ej72FhMGMaFq7k7IMC7f/sGYZZYsOe2WKmsYF35hyL/twIXKBNxjPat1HmsVT/3VOUIF+doO26BxthEc68Tmp3SHucEXHWPEjk9N87DxLClGkHvvZ2PUK9nYB9/KqxvJqf/AcDO34vS0lAU809Eov7dK/19WE1GtgA/gL0B/nh2QYbWpbO/HPzxFqOYwfzLtAXvwUr45eMNxmh1yupbAtxRvst7ZO/UTC+awW55AXnVd4jiTzZ/jqV52aGbClN+escPZCYXgYosvJLK3G4xLYCY4TTC99riBQZ0MDLfCt35+RivjNLVf8vecGT8WTmVQySzq0Cthy/9SCp1OzWT5roY2rzkwvR4R0+42f48qyDU/buUgPBsw9zwCabWVoB0p4hflalEhc9EwbRn5oDI0NHwXE0r83movx+JHHPBau1zwX53DJSpSFXnDPi6KaNpg52wyuIIzO90zA7FZTRR9My38AzYgVaKkdE="
    script: skip
    language: node_js
    node_js: stable
@ -150,6 +153,9 @@ jobs:
  # Deploy to pub.
  - name: pub
    if: *deploy-if
+    env:
+      # PUB_CREDENTIALS="..."
+      - "L7p8nH1qhGbOdqXZSPJzaC4wv1Rf4gJUiPpy2e0pgkk78jFyaLJ4Vt6c/976hQxETZQ8q1mChj7xrgEI4d6rN+iBEDSdgCiV+toVVYCzX9gnzb8+a5qTBbRNLrcC4jPr5+6LPK+qklrAyYi56JCYI2CgCOxUzo/CHOk/nHbEWwxMoD5Ifzat3NXwyb/9RKHH/4YYBi2PRkBrIuGTvZi4VqyIJ7AJu8eCZYPD8e1ij5muLhTxgQvycIf6fkSBbhMoC/ULExkV3zFEgY1eU/UMdXPR68/qgne+q0ph4K5ArTgFoPAVVIDYv4CZfpx2NVEpluWz2OQ/Lr+VxTqAYMGDCEEreeTTTE26JFCquUwSypNBSo7jtAoMtFDrX3fwa0jt9lhkwTMlEQtLg3ykpABsn7E4nEYw6K3hAqjV5kJFdgNFqli83QpXXu9mfUtif7Wzlekiw6DuN7FKTr8VohaqlVgp5gSExp/zuFCOFQn3+LnzxZtFJbkiQw0Bbii4TBwrASrhvNcPE/CrCbq0OLrNYrJH8UiLsZGoz1iAuPyCvbpiD7eXrL4vodR73IGUBx2hKTbolP8EWseR/nw4InH50kc+jhDMaT+Lj34q+9Icv2Q4ICWsPky7NhLDJWvLntiExwkos4fPtmr5SuaV/dCVox1Qvkzg7NBoqihrdQC8Tak="
    script: skip
    deploy:
      provider: script
--- a/tool/travis/credentials.tar.enc
+++ b/tool/travis/credentials.tar.enc
--- a/tool/travis/deploy/npm.sh
+++ b/tool/travis/deploy/npm.sh
@ -7,8 +7,7 @@ echo 'Deploying to npm.'

 source tool/travis/utils.sh

-decrypt_credentials
-tar xfO credentials.tar npm > ~/.npmrc
+echo "$NPM_RC" > ~/.npmrc

 travis_cmd pub run grinder npm-release-package
 travis_cmd npm publish build/npm
--- a/tool/travis/deploy/pub.sh
+++ b/tool/travis/deploy/pub.sh
@ -7,8 +7,6 @@ echo 'Deploying to pub.'

 source tool/travis/utils.sh

-decrypt_credentials
-mkdir -p ~/.pub-cache
-tar xfO credentials.tar pub > ~/.pub-cache/credentials.json
+echo "$PUB_CREDENTIALS" > ~/.pub-cache/credentials.json

 travis_cmd pub lish --force
--- a/tool/travis/utils.sh
+++ b/tool/travis/utils.sh
@ -2,15 +2,6 @@
 # license that can be found in the LICENSE file or at
 # https://opensource.org/licenses/MIT.

-# Decrypts the encrypted credentials using Travis's private key and saves them
-# to credentials.tar.
-function decrypt_credentials() {
-    openssl aes-256-cbc -K $encrypted_b4541d8c554c_key \
-            -iv $encrypted_b4541d8c554c_iv \
-            -in tool/travis/credentials.tar.enc \
-            -out credentials.tar -d
-}
-
 # Prints the invocation of a command and then runs that command, in the same way
 # Travis's internal infrastructure does.
 function travis_cmd() {