Commit d635c1f3 authored by Edward Z. Yang's avatar Edward Z. Yang Committed by Edward Z. Yang
Browse files

A few bug fixes to our CI setup.



- Setup the ssh key for cabal-website deploy right before we use
  it, so it doesn't get clobbered by our pushbot deploy script.
  Furthermore, umask the key to 600, so that we can override it.

- Add some more helpful information to the Pushbot commit messages,
  including what branch/PR the build was for, and a link to the
  relevant GitHub page.

- Have Travis spoof the author and email of the original committer,
  so that Travis sends the build notification message to the right place.
Signed-off-by: default avatarEdward Z. Yang <ezyang@cs.stanford.edu>
parent 9348682e
......@@ -102,12 +102,6 @@ before_install:
- export PATH=/opt/alex/3.1.7/bin:$PATH
- ./travis-install.sh
# Set up deployment to the haskell/cabal-website repo.
# NB: these commands MUST be in .travis.yml, otherwise the secret key can be
# leaked! See https://github.com/travis-ci/travis.rb/issues/423.
# umask to get the permissions to be 400.
- if [ "x$TRAVIS_REPO_SLUG" = "xhaskell/cabal" -a "x$TRAVIS_PULL_REQUEST" = "xfalse" -a "x$TRAVIS_BRANCH" = "xmaster" -a "x$DEPLOY_DOCS" = "xYES" ]; then (umask 377 && openssl aes-256-cbc -K $encrypted_edaf6551664d_key -iv $encrypted_edaf6551664d_iv -in id_rsa_cabal_website.aes256.enc -out ~/.ssh/id_rsa -d); fi
install:
# We intentionally do not install anything before trying to build Cabal because
# it should build with each supported GHC version out-of-the-box.
......@@ -143,6 +137,11 @@ before_cache:
# Deploy Haddocks to the haskell/cabal-website repo.
after_success:
# Set up deployment to the haskell/cabal-website repo.
# NB: these commands MUST be in .travis.yml, otherwise the secret key can be
# leaked! See https://github.com/travis-ci/travis.rb/issues/423.
# umask to get the permissions to be 600.
- if [ "x$TRAVIS_REPO_SLUG" = "xhaskell/cabal" -a "x$TRAVIS_PULL_REQUEST" = "xfalse" -a "x$TRAVIS_BRANCH" = "xmaster" -a "x$DEPLOY_DOCS" = "xYES" ]; then (umask 177 && openssl aes-256-cbc -K $encrypted_edaf6551664d_key -iv $encrypted_edaf6551664d_iv -in id_rsa_cabal_website.aes256.enc -out ~/.ssh/id_rsa -d); fi
- ./travis-deploy.sh
notifications:
......
......@@ -32,3 +32,7 @@ timed() {
fi
echo "----"
}
travis_retry () {
$* || (sleep 1 && $*) || (sleep 2 && $*)
}
#!/bin/sh
set -ex
travis_retry () {
$* || (sleep 1 && $*) || (sleep 2 && $*)
}
. ./travis-common.sh
if [ "$GHCVER" = "none" ]; then
travis_retry sudo add-apt-repository -y ppa:hvr/ghc
......
......@@ -7,6 +7,10 @@
# If you make a separate matrix entry in .travis.yml it can
# be run in parallel.
# NB: the '|| exit $?' workaround is required on old broken versions of bash
# that ship with OS X. See https://github.com/haskell/cabal/pull/3624 and
# http://stackoverflow.com/questions/14970663/why-doesnt-bash-flag-e-exit-when-a-subshell-fails
. ./travis-common.sh
CABAL_STORE_DB="${HOME}/.cabal/store/ghc-${GHCVER}/package.db"
......
......@@ -9,7 +9,8 @@ There are two reasons we do this:
1. On our slowest configuration (GHC 8 on Mac OS X), the time to
build and run tests was easily bumping up against the Travis time
limit. By uploading our build products to a separate account
limit. By uploading our build products to a separate account,
we get twice as much time to run our builds.
2. Travis parallelism is limited on a per-account basis; if we
upload build products to another account, we get more parallelism!
......
......@@ -2,6 +2,8 @@
set -x
. ./travis-common.sh
# Read out ACCOUNT and REPO from the slug
# Cribbed from http://unix.stackexchange.com/a/53323/118117
ACCOUNT=${TRAVIS_REPO_SLUG%%"/"*}
......@@ -17,17 +19,27 @@ TAG="$TRAVIS_OS_NAME-$GHCVER$TAGSUFFIX"
# commit which no one from GitHub will be able to see.
COMMIT=${TRAVIS_PULL_REQUEST_SHA:-$TRAVIS_COMMIT}
# This is just to help you correlate the build to what it's for
if [ "x$TRAVIS_PULL_REQUEST" != "xfalse" ]; then
ORIGIN="${TRAVIS_REPO_SLUG}/pull/$TRAVIS_PULL_REQUEST"
URL="https://github.com/${TRAVIS_REPO_SLUG}/pull/${TRAVIS_PULL_REQUEST}"
else
ORIGIN="${TRAVIS_REPO_SLUG}/${TRAVIS_BRANCH}"
URL="https://github.com/${TRAVIS_REPO_SLUG}/commits/${TRAVIS_BRANCH}"
fi
# Git will complain if these fields don't work when committing,
# so set them up.
git config --global user.name "Pushbot"
git config --global user.email "pushbot@$(hostname)"
git config --global user.name "$(git --no-pager show -s --format='%an' $COMMIT)"
git config --global user.email "$(git --no-pager show -s --format='%ae' $COMMIT)"
git config --global push.default simple
cd travis
# Setup SSH key we will use to push to binaries repository
cp id_rsa $HOME/.ssh/id_rsa
chmod 0600 $HOME/.ssh/id_rsa
# Setup SSH key we will use to push to binaries repository.
# umask to get the permissions to be 600 (not 400, because the deploy
# script in .travis.yml is going to clobber this private key)
(umask 177 && cp id_rsa $HOME/.ssh/id_rsa)
# Setup SSH keys
ssh-keyscan github.com >> $HOME/.ssh/known_hosts
......@@ -68,5 +80,12 @@ git add .
# The JSON in the commit message is used by the webhook listening
# on the downstream repo to figure out who to communicate the
# status update back to
git commit -m '{"account":"'$ACCOUNT'", "repo":"'$REPO'", "commit": "'$COMMIT'", "tag":"'$TAG'"}'
git push -f origin "HEAD:$TAG/$COMMIT"
git commit -m '{"origin":"'$ORIGIN'",
"url":"'$URL'",
"account":"'$ACCOUNT'",
"repo":"'$REPO'",
"commit": "'$COMMIT'",
"tag":"'$TAG'"
}'
travis_retry git push -f origin "HEAD:$TAG/$COMMIT"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment