ARROW-6260: [Website] Use deploy key on Travis to build and push to asf-site (#16)
* Add support for using a deploy key
* Standardize 'if' syntax and reorg slightly
* One more -z
* ssh-add key without writing file
* Try a \n
diff --git a/README.md b/README.md
index 7980799..fb0a96e 100644
--- a/README.md
+++ b/README.md
@@ -68,6 +68,8 @@
bundle exec jekyll serve
```
+## Automatic deployment
+
If you're working on a fork of `apache/arrow-site`, you can get a development
version of the site built off of your `master` branch published using GitHub
Pages and Travis-CI. There are a couple of quick steps to enable this:
@@ -78,14 +80,42 @@
turn on GitHub Pages and set it to the gh-pages branch
3. Go to https://travis-ci.org/account/repositories and enable Travis builds on
your fork
-4. Go to https://github.com/settings/tokens and create a GitHub personal access
+4. Set up an auth token or deploy key:
+
+### With a personal access token:
+
+A GitHub personal access token takes the least effort to set up, but its scope
+is broader (all public repositories you have access to), so some may be worried
+about setting one in Travis (even though Travis encrypts them).
+
+1. Go to https://github.com/settings/tokens and create a GitHub personal access
token with `public_repo` scope
-5. In the settings in Travis for your fork
+2. In the settings in Travis for your fork
(https://travis-ci.org/$YOU/arrow-site/settings), add an environment variable
called GITHUB_PAT, using the token you just created. To keep the token value
secret, **do not toggle on "Display value in build log"** (i.e. the default is
secret).
+### With a deploy key
+
+GitHub deploy keys are tied to a repository, so they have much narrower scope
+and aren't connected to an individual contributor, but they take a little more
+work to set up.
+
+1. On your computer, do `ssh-keygen -t rsa -b 4096 -f 'github_deploy_key' -N ''`
+2. Go to https://github.com/$YOU/arrow-site/settings/keys and put the public
+key there (found in `github_deploy_key.pub`). Check the box to give the token
+write access.
+3. In the settings in Travis for your fork
+(https://travis-ci.org/$YOU/arrow-site/settings), add an environment variable
+called DEPLOY_KEY. This takes the contents of the private key file you just
+made (`github_deploy_key`), but you have to preprocess it to escape whitespace.
+Replace the spaces ` ` in the first and last lines with `\ ` (i.e. the first
+line becomes `-----BEGIN\ OPENSSH\ PRIVATE\ KEY-----`), and replace the
+newlines with `\\n`. The result should be a very long string on a single line.
+To keep this ssh key value secret, **do not toggle on "Display value in build
+log"** (i.e. the default is secret).
+
After doing this, commits to the master branch of your fork will be
automatically built and published to https://$YOU.github.io/arrow-site/. This
can help Arrow committers preview your changes more easily before accepting
diff --git a/build-and-deploy.sh b/build-and-deploy.sh
index a03931b..80e56f7 100755
--- a/build-and-deploy.sh
+++ b/build-and-deploy.sh
@@ -3,9 +3,9 @@
if [ "${TRAVIS_BRANCH}" = "master" ] && [ "${TRAVIS_PULL_REQUEST}" = "false" ]; then
- if [ -z "${GITHUB_PAT}" ]; then
+ if [ "${GITHUB_PAT}" = "" ] && [ "${DEPLOY_KEY}" = "" ]; then
# Don't build because we can't publish
- echo "To publish the site, you must set a GITHUB_PAT at"
+ echo "To publish the site, you must set a GITHUB_PAT or DEPLOY_KEY at"
echo "https://travis-ci.org/${TRAVIS_REPO_SLUG}/settings"
exit 1
fi
@@ -26,7 +26,7 @@
TARGET_BRANCH=gh-pages
# You could supply an alternate BASE_URL, but that's not necessary
# because we can infer it based on GitHub Pages conventions
- if [ -z "${BASE_URL}" ]; then
+ if [ "${BASE_URL}" = "" ]; then
BASE_URL=$(echo $TRAVIS_REPO_SLUG | sed -e 's@.*/@/@')
fi
fi
@@ -35,7 +35,17 @@
JEKYLL_ENV=production bundle exec jekyll build --baseurl="${BASE_URL}"
# Publish
- git clone -b ${TARGET_BRANCH} https://${GITHUB_PAT}@github.com/$TRAVIS_REPO_SLUG.git OUTPUT
+ if [ "${DEPLOY_KEY}" != "" ]; then
+ echo "Setting deploy key"
+ eval $(ssh-agent -s)
+ # Hack to make the key from the env var have real newlines
+ echo "${DEPLOY_KEY}" | sed -e 's/\\n/\n/g' | ssh-add -
+ git clone -b ${TARGET_BRANCH} git@github.com:$TRAVIS_REPO_SLUG.git OUTPUT
+ else
+ echo "Using GitHub PAT"
+ git clone -b ${TARGET_BRANCH} https://${GITHUB_PAT}@github.com/$TRAVIS_REPO_SLUG.git OUTPUT
+ fi
+
rsync -a --delete --exclude '/.git/' --exclude '/docs/' build/ OUTPUT/
cd OUTPUT
