-
Notifications
You must be signed in to change notification settings - Fork 0
Travis CI for Continuous Integration and Security
Coordinating this setup with AWS, TravisCI and GitHub allows me to automate deployment with just a simple git push
to master.
What I learned about Travis:
-
language should be set to
minimal
, if it's only HTML, JavaScript and CSS. Otherwise, defaults to Ruby and tries to look for Ruby gems, which results in an error. - set install to
true
if there are no dependencies - set script to
true
if there are no tests being run - Refer to environment variables that you setup in your Repository Settings in Travis:
$AWS_ACCESS_KEY_ID
,$AWS_SECRET_ACCESS_KEY
. - run this code in terminal to check on validity of file before pushing up:
travis lint .travis.yml
- ask Travis CI support as they really do want to help you and greatly reduce your banging head against the wall routine
The following setup was for a static website with no tests and no dependencies, for now.
language: minimal
deploy:
provider: s3
access_key_id: $AWS_ACCESS_KEY_ID
secret_access_key: $AWS_SECRET_ACCESS_KEY
bucket: thuy.life
acl: public_read
on:
repo: ThuyNT13/thuy_life
install: true
script: true
I've tried to be very careful about pushing up API keys to GitHub and it's still a learning process in trying to find the best solution for hiding secret keys and still have your code work. So in the attempt to protect my keys, I used Environment Variables to store and access the keys. In this case, it's stored securely (I hope) in my Repository Settings in Travis CI so that I can avoid this here and this. Apparently, there are some major corporations that still don't know better.
If you're interested in how crawling bots work, here's a GitHub repo that can be used to sniff out secret keys.
Update: there is a security vulnerability with Environment Variables being kept in Travis CI Repository Setting, Travis CI doesn't keep your environment variable secure, with GitHub Issue here. Doesn't appear to affect me as I won't be transferring over my account to anybody, but still good to know the vulnerability and will keep an eye out to see if there are any updates on further exploits.
- S3 deployment with Travis
- AWS User Guide - Best practices
- Travis CI - Best Practices in Securing Your Data
- Travis CI - Environment Variables
- Removing sensitive data from a repository for fixing accidental git commits, after the fact.