Tag-driven publishing, v2

Scripts taken from here:
scala/scala-java8-compat@4a6cfc9

New keys generated as described in the README.

Author: lrytz

.travis.yml

@@ -1,8 +1,20 @@
 language: scala
 
-script: sbt clean update +test +publishLocal
+env:
+  global:
+    - PUBLISH_JDK=openjdk6
+    # PGP_PASSPHRASE
+    - secure: "BYC1kEnHjNrINrHYWPGEuTTJ2V340/0ByzqeihLecjoZ75yrjWdsh6MI1JEUWgv5kb+58vLzib21JfnjsPK6Yb2bSXuCFCsEtJNh6RJKgxkWlCOzfTSh5I2wl7PCjRClRL6gseX2uTSvFjL4Z//pmxwxeXlLp7voQe4QAUq1+sE="
+    # SONA_USER
+    - secure: "OpBwPc1GNvauageYOH3RscAa7wpZxgpmqDz15aigIKLNWzAhAtVUx0MleZ8rQeoqml6nrAvlnzuVHjKL2lVcjMPpjUis7bcQ5UAGK7tZK8x+qZNQxXmpXu8+pENwQA2yFaqt/xy7K5jFOrHJHTRxcPnyVG1yKakPWz53PPYUwbc="
+    # SONA_PASS
+    - secure: "Xw7rI/qlML1nD2e2XwlakkhKAWNGZKqqE+Q3ntTvFpfHryl7KLCvVzJ4LIavnL6kGJaWOgy9vlSoEWn5g9nqHSfE31C/k5pY5nTMAKiwiJzfAS+r0asKXW2gmKhwtcTBkqyLVOZLCJSPVlFRQyfBJHY+Fs0L3KWcnMQgtBlyDhU="
+
+script: admin/build.sh
+
 jdk:
   - openjdk6
   - openjdk7
+
 notifications:
   email: [email protected]

admin/README.md

@@ -0,0 +1,61 @@
+## Tag Driven Releasing
+
+Copied from https://github.com/scala/scala-java8-compat/commit/4a6cfc97cd95227b86650410e1b632e5ff79335b.
+
+### Background Reading
+
+  - http://docs.travis-ci.com/user/environment-variables/
+  - http://docs.travis-ci.com/user/encryption-keys/
+  - http://docs.travis-ci.com/user/encrypting-files/
+
+### Initial setup for the repository
+
+To configure tag driven releases from Travis CI.
+
+  1. Generate a key pair for this repository with `./admin/genKeyPair.sh`.
+     Edit `.travis.yml` and `admin/build.sh` as prompted.
+  2. Publish the public key to https://pgp.mit.edu
+  3. Store other secrets as encrypted environment variables with `admin/encryptEnvVars.sh`.
+     Edit `.travis.yml` as prompted.
+  4. Edit `.travis.yml` to use `./admin/build.sh` as the build script,
+     and edit that script to use the tasks required for this project.
+  5. Edit `.travis.yml` to select which JDK will be used for publishing.
+
+It is important to add comments in .travis.yml to identify the name
+of each environment variable encoded in a `:secure` section.
+
+After all of these steps, your .travis.yml should contain config of the
+form:
+
+	language: scala
+	env:
+	  global:
+	    - PUBLISH_JDK=openjdk6
+	    # PGP_PASSPHRASE
+	    - secure: "XXXXXX"
+	    # SONA_USER
+	    - secure: "XXXXXX"
+	    # SONA_PASS
+	    - secure: "XXXXXX"
+	script: admin/build.sh
+
+If Sonatype credentials change in the future, step 3 can be repeated
+without generating a new key.
+
+Be sure to use SBT 0.13.7 or higher to avoid [#1430](https://github.com/sbt/sbt/issues/1430)!
+
+### Testing
+
+  1. Follow the release process below to create a dummy release (e.g. 0.1.0-TEST1).
+     Confirm that the release was staged to Sonatype but do not release it to Maven
+     central. Instead, drop the staging repository.
+
+### Performing a release
+
+  1. Create a GitHub "Release" (with a corresponding tag) via the GitHub
+     web interface.
+  2. Travis CI will schedule a build for this release. Review the build logs.
+  3. Log into https://oss.sonatype.org/ and identify the staging repository.
+  4. Sanity check its contents
+  5. Release staging repository to Maven and send out release announcement.
+

admin/build.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+set -e
+
+# prep environment for publish to sonatype staging if the HEAD commit is tagged
+
+# git on travis does not fetch tags, but we have TRAVIS_TAG
+# headTag=$(git describe --exact-match ||:)
+
+if [ "$TRAVIS_JDK_VERSION" == "$PUBLISH_JDK" ] && [[ "$TRAVIS_TAG" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-[A-Za-z0-9-]+)? ]]; then
+  echo "Going to release from tag $TRAVIS_TAG!"
+  myVer=$(echo $TRAVIS_TAG | sed -e s/^v//)
+  publishVersion='set every version := "'$myVer'"'
+  extraTarget="+publish-signed"
+  cat admin/gpg.sbt >> project/plugins.sbt
+  cp admin/publish-settings.sbt .
+
+  # Copied from the output of genKeyPair.sh
+  K=$encrypted_6b8d67feaab7_key
+  IV=$encrypted_6b8d67feaab7_iv
+
+  openssl aes-256-cbc -K $K -iv $IV -in admin/secring.asc.enc -out admin/secring.asc -d
+fi
+
+sbt "$publishVersion" clean update +test +publishLocal $extraTarget

admin/encryptEnvVars.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+#
+# Encrypt sonatype credentials so that they can be
+# decrypted in trusted builds on Travis CI.
+#
+set -e
+
+read -s -p 'SONA_USER: ' SONA_USER
+travis encrypt SONA_USER="$SONA_USER"
+read -s -p 'SONA_PASS: ' SONA_PASS
+travis encrypt SONA_PASS="$SONA_PASS"

admin/genKeyPair.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+#
+# Generates a key pair for this repository to sign artifacts.
+# Encrypt the private key and its passphrase in trusted builds
+# on Travis CI.
+#
+set -e
+
+# Based on https://gist.github.com/kzap/5819745:
+function promptDelete() {
+    if [[ -f "$1" ]]; then
+        echo About to delete $1, Enter for okay / CTRL-C to cancel
+        read
+        rm "$1"
+    fi
+}
+for f in admin/secring.asc.enc admin/secring.asc admin/pubring.asc; do promptDelete "$f"; done
+
+echo Generating key pair. Please enter 1. repo name 2. [email protected], 3. a new passphrase
+echo Be careful when using special characters in the passphrase, see http://docs.travis-ci.com/user/encryption-keys/#Note-on-escaping-certain-symbols
+cp admin/gpg.sbt project
+sbt 'set pgpReadOnly := false' \
+    'set pgpPublicRing := file("admin/pubring.asc")' \
+    'set pgpSecretRing := file("admin/secring.asc")' \
+    'pgp-cmd gen-key'
+rm project/gpg.sbt
+
+echo ============================================================================================
+echo Encrypting admin/secring.asc. Update K and IV variables in admin/build.sh accordingly.
+echo ============================================================================================
+travis encrypt-file admin/secring.asc
+rm admin/secring.asc
+mv secring.asc.enc admin
+
+echo ============================================================================================
+echo Encrypting environment variables. Add each to a line in .travis.yml. Include a comment
+echo with the name of the corresponding variable
+echo ============================================================================================
+read -s -p 'PGP_PASSPHRASE: ' PGP_PASSPHRASE
+travis encrypt PGP_PASSPHRASE="$PGP_PASSPHRASE"
+

admin/gpg.sbt

@@ -0,0 +1,2 @@
+
+addSbtPlugin("com.typesafe.sbt" % "sbt-pgp" % "0.8.3") // only added when publishing, see build.sh

admin/publish-settings.sbt

@@ -0,0 +1,9 @@
+def env(key: String) = Option(System.getenv(key)).getOrElse("")
+
+pgpPassphrase := Some(env("PGP_PASSPHRASE").toArray)
+
+pgpPublicRing := file("admin/pubring.asc")
+
+pgpSecretRing := file("admin/secring.asc")
+
+credentials   += Credentials("Sonatype Nexus Repository Manager", "oss.sonatype.org", env("SONA_USER"), env("SONA_PASS"))

admin/pubring.asc

@@ -0,0 +1,18 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: BCPG v1.49
+
+mQENBFVQohwBCACi9Hupi/27JFgcRypkruHZNKXa4+QO380B5hp0UFUzJHBqEvUd
+p9niOq30yCgfByLiPv2qr7g1lAg2DltH9WyN5zhp3MzOt/m1w66IwZqgCS364gtD
+56udK2R6YCFMfiJxGXFsSbStfIoD8N5S++NJGv0GuFc2m3sSuTunRFoRWN4Dce0g
+a16nyVR2dPfqOkL7LLzMR4Tl8VQFb36WPrFBmJKzZWxt0r2pQhEDMwItuZeKrBhm
+K/RZWtNqiBO61JCBHfWZdpduUcTjlr5cW+jkRtw8La0qgglJcSN/sErQamAtU6vo
+sdTZ2aQQZnYyVBt00yrLV+9Dq/dBS6cfV9NHABEBAAG0LHNjYWxhLXhtbCA8c2Nh
+bGEtaW50ZXJuYWxzQGdvb2dsZWdyb3Vwcy5jb20+iQEcBBMBAgAGBQJVUKIcAAoJ
+EO/sfqhmzEOuHtkH/25VVvDzMo85E8KlCtsnkD5Alb83zV1XF6+mZaRHikzKkQRz
+phZEGaU6ee3V6CH5qXsmKTU2B1WaOYIdPkuBjwdpRPJbaX0zzrWUCCv1vLKDb+z2
+nlcg0AehMUM3UinbGR6QCh06p3O/tBokJvZM+Ng3pkXtLOS4HphRfindpy7+u1Y/
+szcIQS88AH1g5xPt8nwrh9VQbrYD04K20mLckGIWnjSzgFB9hntMF5arAP9Q1RkS
+52xiOZB8RTZZCkFeHIdMKjjmoM9Vn/3JZzsy8Om4FWYa/l2fEExxKWFupvQetjFk
+VTTOG+T7/WwVPQQ0xQLROgWL7z5UgxHly64WClA=
+=/6/b
+-----END PGP PUBLIC KEY BLOCK-----