Hi, I’ve figure out the integration with Travis. With this PR[1] travis can automatically deploy SNAPSHOT artifacts to the apache maven repository.
But there’s one potential security issue to be aware. To make sure the deployment process get the proper right, I have to give my Apache ID to Travis. It’s guaranteed by Travis that the raw username/password will be safely kept in Travis and the public will only see the encrypted codes[2]. Travis Ci uses asymmetric cryptography[3] to achieve that, which I personally think is pretty safe and trustable. Even though I think it’s still an issue worth discussing, especially considering there maybe have some ASF policies denying this action (providing Apache ID to a trusted third party platform) but I do not aware of. 1. https://github.com/apache/incubator-dubbo/pull/3452 2. https://github.com/apache/incubator-dubbo/pull/3452/files#diff-354f30a63fb0907d4ad57269548329e3R26 3. https://docs.travis-ci.com/user/encryption-keys/ Jun > On Jan 15, 2019, at 2:35 PM, Huxing Zhang <hux...@apache.org> wrote: > > Hi All, > > I am trying to achieve continuous deployment for Dubbo, specifically speaking: > > - deploy snapshot to maven repository upon successful build for each commit > - deploy dubbo-ops as a preview upon successful build for each commit > - build & deploy dubbo-website for each commit > > I am looking for following: > - ASF official tools like Jenkins and Buildbot > - 3rd party tools like Travis CI > - GitHub Actions (currently in limited public beta) > > I am trying to investigate and compare them in next few days. > Feel free to provide advices. > > -- > Best Regards! > Huxing
