| Message ID | 20160627181322.17082-1-bobby.prani@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Pranith Kumar <bobby.prani@gmail.com> writes: > We want the travis build bot to post notifications on IRC only for the > master qemu repository and not the various forks/branches of > others. Currently there is no direct option to restrict the updates to > one repository. This is being worked upon by the developers and > tracked in https://github.com/travis-ci/travis-ci/issues/1094. > > Until such time, we can use the workaround as posted in > ref. https://github.com/facebook/flow/pull/1822. > > This basically creates an ecrypted string which decrypts to qemu IRC > channel only on "qemu/qemu" repo and not on the forks. This enables > the build bot to notify the IRC only for the main repo. > > Signed-off-by: Pranith Kumar <bobby.prani@gmail.com> > CC: serge.fdrv@gmail.com > CC: peter.maydell@linaro.org > --- > v2: Add comment about what the string is and how the string is generated > > .travis.yml | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/.travis.yml b/.travis.yml > index c13881e..f30b10e 100644 > --- a/.travis.yml > +++ b/.travis.yml > @@ -34,10 +34,13 @@ addons: > - sparse > - uuid-dev > > +# The channel name "irc.oftc.net#qemu" is encrypted against qemu/qemu > +# to prevent IRC notifications from forks. This was created using: > +# $ travis encrypt -r "qemu/qemu" "irc.oftc.net#qemu" Interesting. I didn't realise anyone outside the repository can still create encrypted strings. I guess there is a repository secret that we never see. > notifications: > irc: > channels: > - - "irc.oftc.net#qemu" > + - secure: "F7GDRgjuOo5IUyRLqSkmDL7kvdU4UcH3Lm/W2db2JnDHTGCqgEdaYEYKciyCLZ57vOTsTsOgesN8iUT7hNHBd1KWKjZe9KDTZWppWRYVwAwQMzVeSOsbbU4tRoJ6Pp+3qhH1Z0eGYR9ZgKYAoTumDFgSAYRp4IscKS8jkoedOqM=" > on_success: change > on_failure: always > env: -- Alex Bennée
On Tue, Jun 28, 2016 at 7:58 AM, Alex Bennée <alex.bennee@linaro.org> wrote: >> >> +# The channel name "irc.oftc.net#qemu" is encrypted against qemu/qemu >> +# to prevent IRC notifications from forks. This was created using: >> +# $ travis encrypt -r "qemu/qemu" "irc.oftc.net#qemu" > > Interesting. I didn't realise anyone outside the repository can still > create encrypted strings. I guess there is a repository secret that we > never see. Yes, there is a per-repo private key which is not disclosed to anyone and is used to decrypt this string. You can only have access to the public key of the repo to create the encrypted string as above.
Pranith Kumar <bobby.prani@gmail.com> writes: > On Tue, Jun 28, 2016 at 7:58 AM, Alex Bennée <alex.bennee@linaro.org> wrote: >>> >>> +# The channel name "irc.oftc.net#qemu" is encrypted against qemu/qemu >>> +# to prevent IRC notifications from forks. This was created using: >>> +# $ travis encrypt -r "qemu/qemu" "irc.oftc.net#qemu" >> >> Interesting. I didn't realise anyone outside the repository can still >> create encrypted strings. I guess there is a repository secret that we >> never see. > > Yes, there is a per-repo private key which is not disclosed to anyone > and is used to decrypt this string. You can only have access to the > public key of the repo to create the encrypted string as above. Cool. Applied to travis/next. Thanks. -- Alex Bennée
diff --git a/.travis.yml b/.travis.yml index c13881e..f30b10e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -34,10 +34,13 @@ addons: - sparse - uuid-dev +# The channel name "irc.oftc.net#qemu" is encrypted against qemu/qemu +# to prevent IRC notifications from forks. This was created using: +# $ travis encrypt -r "qemu/qemu" "irc.oftc.net#qemu" notifications: irc: channels: - - "irc.oftc.net#qemu" + - secure: "F7GDRgjuOo5IUyRLqSkmDL7kvdU4UcH3Lm/W2db2JnDHTGCqgEdaYEYKciyCLZ57vOTsTsOgesN8iUT7hNHBd1KWKjZe9KDTZWppWRYVwAwQMzVeSOsbbU4tRoJ6Pp+3qhH1Z0eGYR9ZgKYAoTumDFgSAYRp4IscKS8jkoedOqM=" on_success: change on_failure: always env:
We want the travis build bot to post notifications on IRC only for the master qemu repository and not the various forks/branches of others. Currently there is no direct option to restrict the updates to one repository. This is being worked upon by the developers and tracked in https://github.com/travis-ci/travis-ci/issues/1094. Until such time, we can use the workaround as posted in ref. https://github.com/facebook/flow/pull/1822. This basically creates an ecrypted string which decrypts to qemu IRC channel only on "qemu/qemu" repo and not on the forks. This enables the build bot to notify the IRC only for the main repo. Signed-off-by: Pranith Kumar <bobby.prani@gmail.com> CC: serge.fdrv@gmail.com CC: peter.maydell@linaro.org --- v2: Add comment about what the string is and how the string is generated .travis.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)