www-builds mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Huxing Zhang <hux...@apache.org>
Subject Re: Continuous deployment for Dubbo
Date Fri, 15 Feb 2019 08:10:41 GMT
Hi,

CCing builds@apache.org

On Fri, Feb 15, 2019 at 11:16 AM jun liu <ken.lj.hz@gmail.com> wrote:
>
> Hi,
>
> I’ve figure out the integration with Travis. With this PR[1] travis can automatically
deploy SNAPSHOT artifacts to the apache maven repository.
>
> But there’s one potential security issue to be aware.
> To make sure the deployment process get the proper right, I have to give my Apache ID
to Travis. It’s guaranteed by Travis that the raw username/password will be safely kept
in Travis and the public will only see the encrypted codes[2]. Travis Ci uses asymmetric cryptography[3]
to achieve that, which I personally think is pretty safe and trustable. Even though I think
it’s still an issue worth discussing, especially considering there maybe have some ASF policies
denying this action  (providing Apache ID to a trusted third party platform) but I do not
aware of.

I am leaning towards do not expose a personal Apache credentials to
third parties unless we know it is safe to do so.
And I do think there is a recommended way in order to deploy snapshot
to maven repository upon successful build for each commit.
Just want to confirm with builds@apache.org, is this safe to do so?

I just checked [1] it clearly states it can
a) Automatically Build and Deploy Snapshots to Nexus staging area
b) Build and Deploy your website to a staging area for review

which is what I want, however I do not want to switch completely from
Travis CI to buildbot.
So my next question is, can we achieve a) and b) with buildbot while
keeping Travis for everything else?

[1] https://ci.apache.org/buildbot.html


>
> 1. https://github.com/apache/incubator-dubbo/pull/3452
> 2. https://github.com/apache/incubator-dubbo/pull/3452/files#diff-354f30a63fb0907d4ad57269548329e3R26
> 3. https://docs.travis-ci.com/user/encryption-keys/
>
> Jun
>
> > On Jan 15, 2019, at 2:35 PM, Huxing Zhang <huxing@apache.org> wrote:
> >
> > Hi All,
> >
> > I am trying to achieve continuous deployment for Dubbo, specifically speaking:
> >
> > - deploy snapshot to maven repository upon successful build for each commit
> > - deploy dubbo-ops as a preview upon successful build for each commit
> > - build & deploy dubbo-website for each commit
> >
> > I am looking for following:
> > - ASF official tools like Jenkins and Buildbot
> > - 3rd party tools like Travis CI
> > - GitHub Actions (currently in limited public beta)
> >
> > I am trying to investigate and compare them in next few days.
> > Feel free to provide advices.
> >
> > --
> > Best Regards!
> > Huxing
>


--
Best Regards!

Huxing

Mime
View raw message