How to publish artifacts in Travis CI?

Question

I would like to use Travis CI for my open-source project. The issue that Travis doesn't provide any ways to publish produced artifacts (though, they have this in their future plans).

What are workarounds to publish/upload artifacts somewhere? I'm allowed to execute any scripts on a CI machine.

Simple upload will work, but there is security issue: anyone will be able to upload something in the same way as all sources are public.

Answer 1

GitHub releases step-by-step

The method was mentioned at https://stackoverflow.com/a/24100779/895245, and is poorly documented at: https://docs.travis-ci.com/user/deployment/releases/ , so here goes a more detailed step-by-step.

It uploads artifacts to GitHub releases https://github.com/<username>/<repo>/releases which exist for every Git tag you push.

1. Get a Personal Access Token under https://github.com/settings/tokens

   Only enable "public_repo" access for public repositories, "repo" for private.

   Save the token somewhere as you can only see it once.

2. Install the travis gem:

   gem install travis # See: https://stackoverflow.com/a/33119804/895245 gem update --system 

   Then cd into your repository and:

   travis encrypt <api-token> 

   but more recently people have reported that travis encrypt -r githubusername/repositoryname --org is needed instead, see: https://github.com/travis-ci/travis-ci/issues/8128

   This will produce an output like:

   secure: "<encrypted-token>" 

   Note down the large encrypted token.

3. Use a .travis.yml as follows:

   script:   # This command generates a release.zip file.   - make dist deploy:   provider: releases   api_key:     secure: "<encrypted-token>"   file: 'release.zip'   skip_cleanup: true   on:     tags 

   What happens is that Travis replaces every something: secure: <encrypted-string> with just something: <decrypted-string> as explained at: http://docs.travis-ci.com/user/encryption-keys/

   This is safe because only authorized pushes by you can decrypt the string, so if a malicious user tries to make a pull request to get your string, it would should just show the encrypted string.

   Now whenever you push a commit with a tag, Travis will upload release.zip to the release:

   git commit -m 1.0 git tag -m 1.0 1.0 git push --tags 

   If you had already pushed the commit and the tag after, you might have to click the "Restart build" button on the Travis UI for it to upload.

https://stackoverflow.com/a/38037626/895245 has some screenshots of the process.

Alternative method: environment variable

1. Instead of an encrypted string, we could also use a hidden environment variable.

   On the Travis settings for the repository https://travis-ci.org/<me>/<myrepo>/settings create an environment variable:

   GITHUB_API_KEY=<token> 

   and make sure to mark "Display value in build log" as "Off", and use:

   api_key: '$GITHUB_API_KEY' 

   While this will not show on logs for pull requests, this method is riskier, as you could my mistake list the environment of a build.

   The upside is that this method is simpler to understand.

A simple example of mine that uploads images generated from Gnuplot to GitHub releases:

• https://github.com/cirosantilli/gnuplot-examples/blob/b76d5a7c7aa2af973accdc9639220df74c36285e/.travis.yml#L23
• https://github.com/cirosantilli/gnuplot-cheat/releases

Question about GitHub Pages deployment: How to publish to Github Pages from Travis CI?