Let Travis do the deployment of the homepage

This commit adds an after_install Travis hook. The hook first ensures it is running within a Travis environment, decrypts the ssh deployment key and initializes an ssh-agent, and then copies all files from dist to premium. The deployment script is based on the following gist: https://gist.github.com/pghalliday/240fe740d523dad21d3f The ssh deployment key is stored encrypted in the repository (AES-256). More information on this can be found here: http://docs.travis-ci.com/user/encrypting-files/
raumzeitlabor · Feb 4, 2015 · b113396 · b113396
1 parent 0671147
commit b113396
Show file tree

Hide file tree

Showing 5 changed files with 60 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -8,3 +8,6 @@ cache
 app/bower_components
 test/bower_components
 .*.sw[po]
+
+deploy_key
+deploy_key.pub
diff --git a/.travis.yml b/.travis.yml
@@ -4,3 +4,13 @@ before_install:
  - npm install -g grunt-cli bower
 install: npm install
 script: grunt build
+
+addons:
+  ssh_known_hosts: premium.raumzeitlabor.de
+after_success:
+  - ./deploy.sh
+
+env:
+  global:
+    - ENCRYPTION_LABEL="906c0d008fb2"
+    - DEPLOY_BRANCH="master"
diff --git a/deploy.sh b/deploy.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+set -e
+
+# Sync the contents of this directory where the site should have been built
+SOURCE_DIR=dist
+# Where to copy files
+TARGET_DIR=/var/www/www.raumzeitlabor.de/htdocs
+
+if [ ! -d "$SOURCE_DIR" ]; then
+  echo "SOURCE_DIR ($SOURCE_DIR) does not exist, build the source directory before deploying"
+  exit 1
+fi
+
+if [ -n "$TRAVIS_BUILD_ID" ]; then
+  # Set the following environment variables in the travis configuration (.travis.yml)
+  #
+  #   DEPLOY_BRANCH    - The only branch that Travis should deploy from
+  #   ENCRYPTION_LABEL - The label assigned when encrypting the SSH key using travis encrypt-file
+  #
+  echo DEPLOY_BRANCH: $DEPLOY_BRANCH
+  echo ENCRYPTION_LABEL: $ENCRYPTION_LABEL
+  if [ "$TRAVIS_BRANCH" != "$DEPLOY_BRANCH" ]; then
+    echo "Travis should only deploy from the DEPLOY_BRANCH ($DEPLOY_BRANCH) branch"
+    exit 0
+  else
+    if [ "$TRAVIS_PULL_REQUEST" != "false" ]; then
+      echo "Travis should not deploy from pull requests"
+      exit 0
+    else
+      ENCRYPTED_KEY_VAR=encrypted_${ENCRYPTION_LABEL}_key
+      ENCRYPTED_IV_VAR=encrypted_${ENCRYPTION_LABEL}_iv
+      ENCRYPTED_KEY=${!ENCRYPTED_KEY_VAR}
+      ENCRYPTED_IV=${!ENCRYPTED_IV_VAR}
+
+      # The `deploy_key.enc` file should have been added to the repo and should
+      # have been created from the deploy private key using `travis encrypt-file`
+      openssl aes-256-cbc -K $ENCRYPTED_KEY -iv $ENCRYPTED_IV -in deploy_key.enc -out deploy_key -d
+
+      chmod 600 deploy_key
+      eval `ssh-agent -s`
+      ssh-add deploy_key
+    fi
+  fi
+fi
+
+rsync -zvrt --delete --checksum -e ssh $SOURCE_DIR/ rzl-homepage@premium.raumzeitlabor.de:$TARGET_DIR/
diff --git a/deploy_key.enc b/deploy_key.enc
diff --git a/deploy_key.pub b/deploy_key.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK01MBi+bVXuRJJoJ+8vb2iP/vRpOStUcZVAFbaWiJ6HL/U07SfPARgG3Yc0eKnmk2qRb+gKMEPMR7F7Xb5alC1aWDEQiuA8DbikWowWa7Z3ztz+NpxpwS4o8ZB8rznSBpksQVqEKVK/wCsaN1zksp7VgmTJhfAmbNfzSPfkDAtwtfgpVXJwadRbGzbMQ3zX1D0Mr3m5PJY4a6BImtBq+7P0qvqO4zxqU9IOoDNTO/7dElrBYE0S0ppxifBfyaWjcXhuLOepAV2jNdcQCVPvh50qqibNxBjY6i4IERwnULJzKuip79EiTTd+cFJFOt4IwUajdZJGu6rhtUlXYL+xUv else@butters