Shipping from GitHub to Maven Central and S3, using Travis-CI

Shipping from GitHub to Maven Central and S3, using Travis-CI 1

If you use GitHub and SBT and need to deliver your artifacts to Maven Central, you want it to be simple to install and control. We’ve compiled some commands on how our SBT plugin can assist.


As a part of open sourcing our scala-automation framework, we wanted to open the build and artifacts and placed them in the cloud. Our necessities had been simple. Firstly, we wanted to run our automated exams on every decision to scala-automation. Secondly, to make matters easy for customers, we desired to kick off a launch via, without a doubt tagging the grasp department with the model quantity we desired to release. For us, a release consists of each sending signed binaries to Maven Central and publishing a beneficial changelog on the net. Finally, we wanted to avoid making commits back to our GitHub repo throughout the release technique, as is executed by the set-launch plugin.

Image result for plug

Our plugin is based on sbt-git, sbt-sonatype, but-PGP and sbt-s3, so you need to fulfil their necessities to use it.

Follow the steps beneath to apply our plugin to your own SBT challenge.

Step 1: Setting up your PGP key and Sonatype account
Set up the site-sonatype plugin as in step with the SBT documentation: http://www.Scala-sbt.Org/0.Thirteen/docs/Using-Sonatype.Html

Test that you could run sbt put up-signed and sbt sonatypeReleaseAll the use of http://www.Scala-sbt.Org/sbt-pgp/ and https://github.Com/xerial/sbt-sonatype


Step 2: Preparing your Secrets
Firstly, add the subsequent line to yours.gitignore

Secondly, reproduction your pubring.Gpg and securing.Gpg to the mission listing as local.Purring.Gpg and neighborhood.Securing.Gpg.

Finally, move your secrets and techniques to a brand new file neighborhood.Credentials.But as follows:

import com.Typesafe.Sat.SbtPgp._

// this has to move in an sbt record because if we use an external
// credentials residences document it ignores it
credentials += Credentials(
“Sonatype Nexus Repository Manager,”

pgpPassphrase := Some(“<PGP_PASSPHRASE>”.ToCharArray)

credentials += Credentials(
“Amazon S3”,
Background: Why use Travis CI?
Travis is an established cloud-based, totally construct gadget, free for open supply tasks. It takes your source and a special .Travis.Yml build definition from your public repo, runs the construct on a built engine, and reviews the high-level result. Other functions include robotically emailing you while your builds finish and updating the widget on GitHub pull requests with the build repute.

There are numerous matters I like approximately Travis – you don’t need to manipulate or pay for the servers, it’s tried and examined, and it’s quite simple. Unfortunately, not like many other build structures, Travis doesn’t encompass an included report save to your construct output – the handiest the console output is retained, and it’s as much as you to shop artifacts somewhere else. On the other hand, sOn the other hand, sOn the other hand, since Amazon S3 affords storage and internet access and has a set-s3 plugin, it’s a terrific region to keep any vital documents.

Shipping from a construct engine is repeatable and at ease, and access can be controlled thru the repository.

Step three: Encrypting your mystery documents
It’s easy to encrypt variables using the Travis command – see http://medical doctors.Travis-ci.Com/person/encryption-keys/

Choose a robust encryption password. It must be sturdy because humans can download your encrypted documents and brute force assault them regionally. You gained’t have to kind this password regularly.

Firstly, run these commands to let Travis CI realize your password.

Gem install Travis
Secondly, encrypt your mystery documents together with your password.

Openssl AES-256-CBC -in nearby.Securing.Gpg -out securing.Gpg.Enc -skip pass:<YOUR_ENCRYPTION_PASSWORD>
OpenSSL aes-256-CBC -in nearby.Purring.Gpg -out pubring.Gpg.Enc -pass skip:<YOUR_ENCRYPTION_PASSWORD>
OpenSSL aes-256-CBC -in local.Credentials.Sbt -out credentials.Sat.Enc -pass bypass:<YOUR_ENCRYPTION_PASSWORD>
Finally, edit .Travis.Yml to feature these lines. This tells Travis to decrypt your files for the duration of the build.

It is critical to apply $ENCRYPTION_PASSWORD as proven and not substitute your actual password here as this record can be unencrypted for your repository.


– openssl aes-256-cbc -bypass bypass:$ENCRYPTION_PASSWORD -in secring.Gpg.Enc -out nearby.Secring.Gpg -d
– openssl aes-256-cbc -bypass pass:$ENCRYPTION_PASSWORD -in pubring.Gpg.Enc -out neighborhood.Pubring.Gpg -d
– openssl aes-256-cbc -pass bypass:$ENCRYPTION_PASSWORD -in credentials.Sbt.Enc -out neighborhood.Credentials.Sbt -d
Now whilst the Travis build runs, the documents must be decrypted robotically.

Background: Generating a Change Log
Usually, users need a first-rate changelog to recognize whether or no longer to make a new version. I preferred the idea. However, I didn’t like more problem of writing it. I determined to percentage the trouble with pulling the changelog from the git records, thereby making it everyone’s task. I determined that most of the commits were too low stage to encompass; however, pull requests typically offer useful facts. With Github’s default remark, I should hyperlink lower back to the pull request from a changelog.

For implementation, I decided that it’d be simplest to parse the output of the git log with parser combinators and rework it to HTML. You can see my implementation here.

Generating the changelog become excellent, but I had to add it someplace. I decided AWS S3 would do, as you could store static files there cost-effectively and serve them over HTTP.

I determined a sbt-s3 plugin at https://github.Com/sbt/sbt-s3 and determined to use that for my plugin.

Step four: Configuring the sbt-sonatype-launch plugin
Firstly, edit your project/plugins.Sbt and add this line:

addSbtPlugin(“com.Gu” % “sbt-sonatype-launch” % “1.Zero”)
Next edit your construct.Sbt to configure the plugin:

lazy val root = (project in file(“.”)).EnablePlugins(ShipAutoPlugin)

pgpSecretRing := report(“neighborhood.Secring.Gpg”)

pgpPublicRing := document(“neighborhood.Pubring.Gpg”)

mappings in add ++= Seq((new java.Io.File(“medical doctors/changelog.Css”),”changelog.Css”))

host in upload := “YOUR_S3_BUCKET.S3.Amazonaws.Com”
Finally, ensure your .Travis.Yml runs the sbt-sonatype-release goal:

script: sbt testAndOptionallyShip
Step 5: Kicking off a Release
Since Travis is driven from GitHub, we need to indicate inside the repo whilst we want a brand new launch. So tSo the cleanest workflow is to tag grasp with the model variety we need to launch, then the build can do a little extra step to do the release.

To kick off a release – in this situation, v1.Zero – run the subsequent two instructions:

git tag -a v1.Zero -m “new edition shipped.”
git push origin v1.Zero
Check Travis CI to monitor your construct. Once it has been completed, your artifacts should be available.


We have installed an SBT challenge to deliver to Maven Central and save a changelog to AWS using the site-sonatype-release plugin. So nSo now, whenever the grasp department is tagged vN.NN, a new edition, will mechanically ship.