Hi, CCing builds@apache.org
On Fri, Feb 15, 2019 at 11:16 AM jun liu <ken.lj...@gmail.com> wrote: > > Hi, > > I’ve figure out the integration with Travis. With this PR[1] travis can > automatically deploy SNAPSHOT artifacts to the apache maven repository. > > But there’s one potential security issue to be aware. > To make sure the deployment process get the proper right, I have to give my > Apache ID to Travis. It’s guaranteed by Travis that the raw username/password > will be safely kept in Travis and the public will only see the encrypted > codes[2]. Travis Ci uses asymmetric cryptography[3] to achieve that, which I > personally think is pretty safe and trustable. Even though I think it’s still > an issue worth discussing, especially considering there maybe have some ASF > policies denying this action (providing Apache ID to a trusted third party > platform) but I do not aware of. I am leaning towards do not expose a personal Apache credentials to third parties unless we know it is safe to do so. And I do think there is a recommended way in order to deploy snapshot to maven repository upon successful build for each commit. Just want to confirm with builds@apache.org, is this safe to do so? I just checked [1] it clearly states it can a) Automatically Build and Deploy Snapshots to Nexus staging area b) Build and Deploy your website to a staging area for review which is what I want, however I do not want to switch completely from Travis CI to buildbot. So my next question is, can we achieve a) and b) with buildbot while keeping Travis for everything else? [1] https://ci.apache.org/buildbot.html > > 1. https://github.com/apache/incubator-dubbo/pull/3452 > 2. > https://github.com/apache/incubator-dubbo/pull/3452/files#diff-354f30a63fb0907d4ad57269548329e3R26 > 3. https://docs.travis-ci.com/user/encryption-keys/ > > Jun > > > On Jan 15, 2019, at 2:35 PM, Huxing Zhang <hux...@apache.org> wrote: > > > > Hi All, > > > > I am trying to achieve continuous deployment for Dubbo, specifically > > speaking: > > > > - deploy snapshot to maven repository upon successful build for each commit > > - deploy dubbo-ops as a preview upon successful build for each commit > > - build & deploy dubbo-website for each commit > > > > I am looking for following: > > - ASF official tools like Jenkins and Buildbot > > - 3rd party tools like Travis CI > > - GitHub Actions (currently in limited public beta) > > > > I am trying to investigate and compare them in next few days. > > Feel free to provide advices. > > > > -- > > Best Regards! > > Huxing > -- Best Regards! Huxing
