On Fri, 15 Feb 2019 at 08:11, Huxing Zhang <hux...@apache.org> wrote: > > Hi, > > CCing builds@apache.org > > On Fri, Feb 15, 2019 at 11:16 AM jun liu <ken.lj...@gmail.com> wrote: > > > > Hi, > > > > I’ve figure out the integration with Travis. With this PR[1] travis can > > automatically deploy SNAPSHOT artifacts to the apache maven repository. > > > > But there’s one potential security issue to be aware. > > To make sure the deployment process get the proper right, I have to give my > > Apache ID to Travis. It’s guaranteed by Travis that the raw > > username/password will be safely kept in Travis and the public will only > > see the encrypted codes[2]. Travis Ci uses asymmetric cryptography[3] to > > achieve that, which I personally think is pretty safe and trustable. Even > > though I think it’s still an issue worth discussing, especially considering > > there maybe have some ASF policies denying this action (providing Apache > > ID to a trusted third party platform) but I do not aware of. > > I am leaning towards do not expose a personal Apache credentials to > third parties unless we know it is safe to do so.
As far as I know, you must never store your ASF credentials on a system you do not own/control. But feel free to check with Infra. > And I do think there is a recommended way in order to deploy snapshot > to maven repository upon successful build for each commit. Yes, Jenkins can deploy snapshots on successful build. It uses its own credentials to do so. > Just want to confirm with builds@apache.org, is this safe to do so? > > I just checked [1] it clearly states it can > a) Automatically Build and Deploy Snapshots to Nexus staging area > b) Build and Deploy your website to a staging area for review > > which is what I want, however I do not want to switch completely from > Travis CI to buildbot. > So my next question is, can we achieve a) and b) with buildbot while > keeping Travis for everything else? > > [1] https://ci.apache.org/buildbot.html > > > > > > 1. https://github.com/apache/incubator-dubbo/pull/3452 > > 2. > > https://github.com/apache/incubator-dubbo/pull/3452/files#diff-354f30a63fb0907d4ad57269548329e3R26 > > 3. https://docs.travis-ci.com/user/encryption-keys/ > > > > Jun > > > > > On Jan 15, 2019, at 2:35 PM, Huxing Zhang <hux...@apache.org> wrote: > > > > > > Hi All, > > > > > > I am trying to achieve continuous deployment for Dubbo, specifically > > > speaking: > > > > > > - deploy snapshot to maven repository upon successful build for each > > > commit > > > - deploy dubbo-ops as a preview upon successful build for each commit > > > - build & deploy dubbo-website for each commit > > > > > > I am looking for following: > > > - ASF official tools like Jenkins and Buildbot > > > - 3rd party tools like Travis CI > > > - GitHub Actions (currently in limited public beta) > > > > > > I am trying to investigate and compare them in next few days. > > > Feel free to provide advices. > > > > > > -- > > > Best Regards! > > > Huxing > > > > > -- > Best Regards! > > Huxing
