More and more packages, be it for R or another language, are now interfacing different application programming interfaces (API) which are exposed to the web. And many of these may require an API key, or token, or account and password.
Which traditionally poses a problem in automated tests such as those running on the popular Travis CI service which integrates so well with GitHub. A case in point is the RPushbullet package where Seth Wenchel and I have been making a few recent changes and additions.
And yesterday morning, I finally looked more closely into providing Travis CI with the required API key so that we could in fact run continuous integration with unit tests following each commit. And it turns that it is both easy and quick to do, and yet another great showcase for ad-hoc Docker use.
We assume you have Docker installed, and a suitable base package. We will need Ruby, so any base Linux image will do. In what follows, I use Ubuntu 14.04 but many other Debian, Ubunti, Fedora, ... flavours could be used provided you know how to pick the relevant packages. What is shown here should work on any recent Debian or Ubuntu flavour 'as is'.
We start by firing off the Docker engine in the repo directory for which we want to create an encrypted file. The
-v $(pwd):/mnt switch mounts the current directory as
/mnt in the Docker instance:
edd@max:~/git/gtrendsr(master)$ docker run --rm -ti -v $(pwd):/mnt ubuntu:trusty root@38b478356439:/# apt-get update ## this takes a minute or two Ign http://archive.ubuntu.com trusty InRelease Get:1 http://archive.ubuntu.com trusty-updates InRelease [65.9 kB] Get:2 http://archive.ubuntu.com trusty-security InRelease [65.9 kB] # ... a dozen+ lines omitted ... Get:21 http://archive.ubuntu.com trusty/restricted amd64 Packages [16.0 kB] Get:22 http://archive.ubuntu.com trusty/universe amd64 Packages [7589 kB] Fetched 22.4 MB in 6min 40s (55.8 kB/s) Reading package lists... Done root@38b478356439:/#
We then install what is needed to actually install the
travis (Ruby) gem, as well as
git which is used by it:
root@38b478356439:/# apt-get install -y ruby ruby-dev gem build-essential git Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: # ... lot of output ommitted ... Processing triggers for ureadahead (0.100.0-16) ... Processing triggers for sgml-base (1.26+nmu4ubuntu1) ... root@38b478356439:/#
This too may take a few minutes, depending on the networking bandwidth and other factors, and should in general succeed without the need for any intervention. Once it has concluded, we can use the now-complete infrastructure to install the
travis command-line client:
root@38b478356439:/# gem install travis Fetching: multipart-post-2.0.0.gem (100%) Fetching: faraday-0.11.0.gem (100%) Fetching: faraday_middleware-0.11.0.1.gem (100%) Fetching: highline-1.7.8.gem (100%) Fetching: backports-3.6.8.gem (100%) Fetching: multi_json-1.12.1.gem (100% # ... many lines omitted ... Installing RDoc documentation for websocket-1.2.4... Installing RDoc documentation for json-2.0.3... Installing RDoc documentation for pusher-client-0.6.2... Installing RDoc documentation for travis-1.8.6... root@38b478356439:/#
This in turn will take a moment.
Once done, we can use the
travis client to login into GitHub. In my base this requires a password and a two-factor authentication code. Also note that we switch directories first to be in the actual repo we had mounted when launching
root@38b478356439:/# cd /mnt/ ## change to repo directory root@38b478356439:/mnt# travis --login Shell completion not installed. Would you like to install it now? |y| y We need your GitHub login to identify you. This information will not be sent to Travis CI, only to api.github.com. The password will not be displayed. Try running with --github-token or --auto if you don't want to enter your password anyway. Username: eddelbuettel Password for eddelbuettel: **************** Two-factor authentication code for eddelbuettel: xxxxxx Successfully logged in as eddelbuettel! root@38b478356439:/mnt#
Now the actual work of encrypting. For this particular package, we need a file
.Rprofile containing a short
option() segment setting a user-id and password:
root@38b478356439:/mnt# travis encrypt-file .Rprofile Detected repository as PMassicotte/gtrendsR, is this correct? |yes| encrypting .Rprofile for PMassicotte/gtrendsR storing result as .Rprofile.enc storing secure env variables for decryption Please add the following to your build script (before_install stage in your .travis.yml, for instance): openssl aes-256-cbc -K $encrypted_988d19a907a0_key -iv $encrypted_988d19a907a0_iv -in .Rprofile.enc -out .Rprofile -d Pro Tip: You can add it automatically by running with --add. Make sure to add .Rprofile.enc to the git repository. Make sure not to add .Rprofile to the git repository. Commit all changes to your .travis.yml. root@38b478356439:/mnt#
That's it. Now we just need to follow-through as indicated, committing the
.Rprofile.enc file, making sure to not commit its input file
.Rprofile, and adding the proper
openssl invocation with the keys known only to Travis to the file