Support for tag-driven publishing on Travis.

Modify travis build to derive the project version from TRAVIS_TAG (when set).
as well as to have sbt run the `publish-signed` task if the environment is right.
The tag must match the semver regex `^v[0-9]+\.[0-9]+\.[0-9]+(-[A-Za-z0-9-]+)?`,
and the jdk we're running on must match PUBLISH_JDK (set in .travis.yml).

For every repo, you must create the following files (not included here)
according to the instructions in admin/gpg.sbt:
 - admin/pubring.asc      (commit)
 - admin/secring.asc      (DO NOT COMMIT)
 - sensitive.sbt          (DO NOT COMMIT)
    - passphrase for secring.asc
	- api token for staging to sonatype

Generate these using `admin/encryptAll.sh`:
 - admin/secring.asc.enc  (commit)
 - sensitive.sbt.enc      (commit)

Note that `encryptAll.sh` spits out a "- secure .... " line,
that you need to add to `.travis.yml`'s `env` section, so that
travis can supply the SECRET env variable, which is used to
decrypt the sensitive files above.

Author: adriaanm

Diff for: .travis.yml

@@ -1,6 +1,15 @@
 language: scala
+
+env:
+  global:
+    - PUBLISH_JDK=openjdk6 # admin/build.sh only publishes when running on this jdk
+# Don't commit sensitive files, instead commit a version encrypted with $SECRET,
+# this environment variable is encrypted with this repo's private key and stored below:
+# (See http://docs.travis-ci.com/user/environment-variables/#Secure-Variables.)
+#   - secure: <generated by encryptAll.sh>
+
 script:
-  - sbt ++$TRAVIS_SCALA_VERSION clean update compile test
+  - admin/build.sh
 scala:
   - 2.11.4
 jdk:

Diff for: admin/build.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# prep environment for publish to sonatype staging if the HEAD commit is tagged
+
+# git on travis does not fetch tags, but we have TRAVIS_TAG
+# headTag=$(git describe --exact-match ||:)
+
+if [ "$TRAVIS_JDK_VERSION" == "$PUBLISH_JDK" ] && [[ "$TRAVIS_TAG" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-[A-Za-z0-9-]+)? ]]; then
+  echo "Going to release from tag $TRAVIS_TAG!"
+  myVer=$(echo $TRAVIS_TAG | sed -e s/^v//)
+  publishVersion='set every version := "'$myVer'"'
+  extraTarget="publish-signed"
+
+  cat admin/gpg.sbt >> project/plugins.sbt
+  admin/decrypt.sh sensitive.sbt
+  (cd admin/ && ./decrypt.sh secring.asc)
+fi
+
+sbt ++$TRAVIS_SCALA_VERSION "$publishVersion" clean update compile test $extraTarget

Diff for: admin/decrypt.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+openssl aes-256-cbc -pass "pass:$SECRET" -in $1.enc -out $1 -d -a

Diff for: admin/encrypt.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+openssl aes-256-cbc -pass "pass:$SECRET" -in $1 -out $1.enc -a

Diff for: admin/encryptAll.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# Based on https://gist.github.com/kzap/5819745:
+
+echo "This will encrypt the cleartext sensitive.sbt and admin/secring.asc, while making the encrypted versions available for decryption on Travis."
+echo "Update your .travis.yml as directed, and delete the cleartext versions."
+echo "Press enter to continue."
+read
+
+# 1. create a secret, put it in an environment variable while encrypting files -- UNSET IT AFTER
+export SECRET=$(cat /dev/urandom | head -c 10000 | openssl sha1)
+
+# 2. add the "secure: ..." line under the env section -- generate it with ``  (install the travis gem first)
+travis encrypt SECRET=$SECRET
+
+admin/encrypt.sh admin/secring.asc
+admin/encrypt.sh sensitive.sbt
+
+echo "Remember to rm sensitive.sbt admin/secring.asc -- once you do, they cannot be recovered (except on Travis)!"

Diff for: admin/gpg.sbt

@@ -0,0 +1,21 @@
+// only added when publishing:
+addSbtPlugin("com.typesafe.sbt" % "sbt-pgp" % "0.8.3")
+
+/* There's a companion sensitive.sbt, which was created like this:
+
+1. in an sbt shell when sbt-gpg is loaded, create pgp key in admin/:
+
+ set pgpReadOnly := false
+ pgp-cmd gen-key // use $passPhrase
+ pgp-cmd send-key <keyIdUsingTabCompletion> hkp://keyserver.ubuntu.com
+
+2. create sensitive.sbt with contents:
+
+pgpPassphrase := Some($passPhrase.toArray)
+
+pgpPublicRing := file("admin/pubring.asc")
+
+pgpSecretRing := file("admin/secring.asc")
+
+credentials   += Credentials("Sonatype Nexus Repository Manager", "oss.sonatype.org", $sonaUser, $sonaPass)
+*/