Improved tag-driven publishing, cross-build for 2.11 and 2.12

.travis.yml

@@ -2,22 +2,19 @@ language: scala
 
 env:
   global:
-    - PUBLISH_JDK=openjdk6 # admin/build.sh only publishes when running on this jdk
-# Don't commit sensitive files, instead commit a version encrypted with $SECRET,
-# this environment variable is encrypted with this repo's private key and stored below:
-# (See http://docs.travis-ci.com/user/environment-variables/#Secure-Variables.)
-    - secure: "KpKvQvUQNsF+o74lndXl+zDGU8+A686ltndldlwDhNiSYF/PJ9RIXembsRh+B4ureo/Aa9UBL7vE6d265DRpir2o6JQ3jcU6e4djfqkvmXuDpBlcd3rJXtKuGYQyE5cm2h3/ZFl+0RmYm+fGSieWBAo+A3uvAVuq8qTu6PY8nMU="
+    - PUBLISH_JDK=openjdk6
+    # PGP_PASSPHRASE
+    - secure: "XLe/gZXrGwJlKCgAUoEUIHwoh8js0IdlIazwUd5KKssZMQkPg4VfC5LLPl8iXCYIRe2JrgmD56b7eseiZF9kMxa1Rsz8fSMY0v3A0qwxRjbsxVQ2NqEvdq+TNOAhjo/OmPnipvTcDdAyq68Ca4nTSBtfBpy5t6X3Z4UIl8CWLdw="
+    # SONA_USER
+    - secure: "Me+3gxk89qOq18J+N/N+VoxnG8bSTrgyGovutLRFQnSNkJQXoVawJul9BmCZVrha7y/WCwsbSFFP9vS3VnKjPne5RnQM4eNjPOUw08uBtoj6QD/jpmRjt+cEWMaD9tB9OvJLkaKRFyTy8Un2tVO4ia9GEdojy2YbqjrJjGqwW9E="
+    # SONA_PASS
+    - secure: "cjzluj1FGCr2D/3TgnV/7yOELOcqB8QG6Du95tb4xPp39+ulrIfTvzQ8HA1oC8+y1mmN68h5RxN/gcC+9GdihDpk+bXz2Ij7XWmp+tiHU8E6VNS+rd+JO7Ojf90q6jsmx00Y8uhZ/RZtjK+p8SUTC0a5KhqesmxSThHFqPNC5CM="
+
+script: admin/build.sh
 
-script:
-  - admin/build.sh
-scala:
-  - 2.11.0
 jdk:
   - openjdk6
   - openjdk7
-notifications:
-  email:
-    - [email protected]
 
-# if we get weird timeouts, see https://github.com/spray/spray/pull/233
-# 'set concurrentRestrictions in Global += Tags.limit(Tags.Test, 1)'
+notifications:
+  email: [email protected]

admin/README.md

@@ -0,0 +1,61 @@
+## Tag Driven Releasing
+
+Copied from https://github.com/scala/scala-java8-compat/commit/4a6cfc97cd95227b86650410e1b632e5ff79335b.
+
+### Background Reading
+
+  - http://docs.travis-ci.com/user/environment-variables/
+  - http://docs.travis-ci.com/user/encryption-keys/
+  - http://docs.travis-ci.com/user/encrypting-files/
+
+### Initial setup for the repository
+
+To configure tag driven releases from Travis CI.
+
+  1. Generate a key pair for this repository with `./admin/genKeyPair.sh`.
+     Edit `.travis.yml` and `admin/build.sh` as prompted.
+  2. Publish the public key to https://pgp.mit.edu
+  3. Store other secrets as encrypted environment variables with `admin/encryptEnvVars.sh`.
+     Edit `.travis.yml` as prompted.
+  4. Edit `.travis.yml` to use `./admin/build.sh` as the build script,
+     and edit that script to use the tasks required for this project.
+  5. Edit `.travis.yml` to select which JDK will be used for publishing.
+
+It is important to add comments in .travis.yml to identify the name
+of each environment variable encoded in a `:secure` section.
+
+After all of these steps, your .travis.yml should contain config of the
+form:
+
+	language: scala
+	env:
+	  global:
+	    - PUBLISH_JDK=openjdk6
+	    # PGP_PASSPHRASE
+	    - secure: "XXXXXX"
+	    # SONA_USER
+	    - secure: "XXXXXX"
+	    # SONA_PASS
+	    - secure: "XXXXXX"
+	script: admin/build.sh
+
+If Sonatype credentials change in the future, step 3 can be repeated
+without generating a new key.
+
+Be sure to use SBT 0.13.7 or higher to avoid [#1430](https://github.com/sbt/sbt/issues/1430)!
+
+### Testing
+
+  1. Follow the release process below to create a dummy release (e.g. 0.1.0-TEST1).
+     Confirm that the release was staged to Sonatype but do not release it to Maven
+     central. Instead, drop the staging repository.
+
+### Performing a release
+
+  1. Create a GitHub "Release" (with a corresponding tag) via the GitHub
+     web interface.
+  2. Travis CI will schedule a build for this release. Review the build logs.
+  3. Log into https://oss.sonatype.org/ and identify the staging repository.
+  4. Sanity check its contents
+  5. Release staging repository to Maven and send out release announcement.
+

admin/build.sh

@@ -1,5 +1,7 @@
 #!/bin/bash
 
+set -e
+
 # prep environment for publish to sonatype staging if the HEAD commit is tagged
 
 # git on travis does not fetch tags, but we have TRAVIS_TAG
@@ -9,11 +11,15 @@ if [ "$TRAVIS_JDK_VERSION" == "$PUBLISH_JDK" ] && [[ "$TRAVIS_TAG" =~ ^v[0-9]+\.
   echo "Going to release from tag $TRAVIS_TAG!"
   myVer=$(echo $TRAVIS_TAG | sed -e s/^v//)
   publishVersion='set every version := "'$myVer'"'
-  extraTarget="publish-signed"
-
+  extraTarget="+publish-signed"
   cat admin/gpg.sbt >> project/plugins.sbt
-  admin/decrypt.sh sensitive.sbt
-  (cd admin/ && ./decrypt.sh secring.asc)
+  cp admin/publish-settings.sbt .
+
+  # Copied from the output of genKeyPair.sh
+  K=$encrypted_abe708fa1965_key
+  IV=$encrypted_abe708fa1965_iv
+
+  openssl aes-256-cbc -K $K -iv $IV -in admin/secring.asc.enc -out admin/secring.asc -d
 fi
 
-sbt ++$TRAVIS_SCALA_VERSION "$publishVersion" clean update compile $extraTarget
+sbt "$publishVersion" clean update +test +publishLocal $extraTarget

admin/encryptEnvVars.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+#
+# Encrypt sonatype credentials so that they can be
+# decrypted in trusted builds on Travis CI.
+#
+set -e
+
+read -s -p 'SONA_USER: ' SONA_USER
+travis encrypt SONA_USER="$SONA_USER"
+read -s -p 'SONA_PASS: ' SONA_PASS
+travis encrypt SONA_PASS="$SONA_PASS"

admin/genKeyPair.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+#
+# Generates a key pair for this repository to sign artifacts.
+# Encrypt the private key and its passphrase in trusted builds
+# on Travis CI.
+#
+set -e
+
+# Based on https://gist.github.com/kzap/5819745:
+function promptDelete() {
+    if [[ -f "$1" ]]; then
+        echo About to delete $1, Enter for okay / CTRL-C to cancel
+        read
+        rm "$1"
+    fi
+}
+for f in admin/secring.asc.enc admin/secring.asc admin/pubring.asc; do promptDelete "$f"; done
+
+echo Generating key pair. Please enter 1. repo name 2. [email protected], 3. a new passphrase
+echo Be careful when using special characters in the passphrase, see http://docs.travis-ci.com/user/encryption-keys/#Note-on-escaping-certain-symbols
+cp admin/gpg.sbt project
+sbt 'set pgpReadOnly := false' \
+    'set pgpPublicRing := file("admin/pubring.asc")' \
+    'set pgpSecretRing := file("admin/secring.asc")' \
+    'pgp-cmd gen-key'
+rm project/gpg.sbt
+
+echo ============================================================================================
+echo Encrypting admin/secring.asc. Update K and IV variables in admin/build.sh accordingly.
+echo ============================================================================================
+travis encrypt-file admin/secring.asc
+rm admin/secring.asc
+mv secring.asc.enc admin
+
+echo ============================================================================================
+echo Encrypting environment variables. Add each to a line in .travis.yml. Include a comment
+echo with the name of the corresponding variable
+echo ============================================================================================
+read -s -p 'PGP_PASSPHRASE: ' PGP_PASSPHRASE
+travis encrypt PGP_PASSPHRASE="$PGP_PASSPHRASE"
+

admin/gpg.sbt

@@ -1,26 +1,2 @@
 
-addSbtPlugin("com.typesafe.sbt" % "sbt-pgp" % "0.8.3") // only added when publishing:
-
-// There's a companion sensitive.sbt, which was created like this:
-//
-// 1. in an sbt shell that has the sbt-pgp plugin, create pgp key in admin/:
-//
-// sbt
-//  set pgpReadOnly := false
-//  set pgpPublicRing := file("admin/pubring.asc")
-//  set pgpSecretRing := file("admin/secring.asc")
-//  pgp-cmd gen-key // use $passPhrase
-// 	 Please enter the name associated with the key: $repoName
-// 	 Please enter the email associated with the key: [email protected]
-// 	 Please enter the passphrase for the key: $passphrase
-//
-// 2. create sensitive.sbt with contents:
-//
-// pgpPassphrase := Some($passPhrase.toArray)
-//
-// pgpPublicRing := file("admin/pubring.asc")
-//
-// pgpSecretRing := file("admin/secring.asc")
-//
-// credentials   += Credentials("Sonatype Nexus Repository Manager", "oss.sonatype.org", $sonaUser, $sonaPass)
-
+addSbtPlugin("com.typesafe.sbt" % "sbt-pgp" % "0.8.3") // only added when publishing, see build.sh

admin/publish-settings.sbt

@@ -0,0 +1,9 @@
+def env(key: String) = Option(System.getenv(key)).getOrElse("")
+
+pgpPassphrase := Some(env("PGP_PASSPHRASE").toArray)
+
+pgpPublicRing := file("admin/pubring.asc")
+
+pgpSecretRing := file("admin/secring.asc")
+
+credentials   += Credentials("Sonatype Nexus Repository Manager", "oss.sonatype.org", env("SONA_USER"), env("SONA_PASS"))

admin/pubring.asc

@@ -1,18 +1,18 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: BCPG v1.49
 
-mQENBFSA2hsBCADRzxWZY/Wtw2QCjFUW2k1+WxQ71p1C1jDN63xr6Vqc/ivC2wVt
-Z91vbZj6LlbKGs5GiSTuLXu/Y08ja3qqcnHGA3VqNQg4UkhqKpWMgsF4vT9JEb5c
-ZK0Ise57wmeWxbanhs6YwYbrIIFaBIj+pYJRr0JMbbY2kU0k7qQJv+G+e348ArGJ
-ZDgrA6U6OOsKW/k3pbExSlwVAFSHTncopWVyY76LaX03x2WWBdlEu9dxCggNkDni
-cPIlq/iRfIV4F1STmfHeCYVKcw3UGlGBnpFAlP74smMNvOUeVo1SNmYMHs2a1GbQ
-dt/rKZOEq/HcUjKkdXsCUFCbE/Os1ClHv5mfABEBAAG0MHNjYWxhLXBhcnRlc3Qg
-PHNjYWxhLWludGVybmFsc0Bnb29nbGVncm91cHMuY29tPokBHAQTAQIABgUCVIDa
-GwAKCRAPjZhgjiZfZMTrB/9NtkRpvG05h3YKyQ1JF6gN1v0pC/zlvyTs99ajSJbi
-YskBIGXRQ8W4KNN2rH+fm2Zkz7XVbMrMpsNyons1UL+oX3cOo4UUj9Y9+FNAfq2T
-mwDYR1idv0Q2mmkIrAb85ZmwfVILX3IJmd5ilYvzt8asULF4woABYsvPsnK4/SCs
-3yZzYcmhxdVZmtgJPVnUsy8WmH/E7dMA3+OG/6pQVmFTvRnQL7CR6pyENdwPU9Dn
-xeNbO6Emb54YjrG4nqFZCWQ31hkGk3aMmTHutLnDPgMlQPmXkulPc28Ee6kQmkuA
-byQml2Jk2FP8g1CHqVRkmXYNz5y5qmcFCCMqQNx3V8+b
-=eHVZ
+mQENBFVQ9UcBCADBQeOLe/1vOwX0BasjQK6nAsSaDS/n6DZqauPERkUGv7bQJLL7
+GvvobhYlzTT3W+aJL4cggi51U8ZhYqF+ImtZIclziZDyjMgwDaDfWMEW238wp7zW
+xkQyDk3o9Ms8/kwMaXR589OC2wZ+fGjI27ANzCUVFYaVDS0+B9TtBrUyfrvwY2PN
+qcRtcMCJXDbCc7iL5OVgTPjUYvpCRhmSnbOnieulfu8AJ6lw5VPN3u+Q8CgkVpdu
+yq7MscvOwAhS37FEIHblAsA7J37oBqfYC4AvF5FqqX8vg1tCy+j3k55WWHbDzOM1
+fPCPn/V3Kg5IxMpF/O3GPwwjrZv1aHU5NpZ/ABEBAAG0MHNjYWxhLXBhcnRlc3Qg
+PHNjYWxhLWludGVybmFsc0Bnb29nbGVncm91cHMuY29tPokBGwQTAQIABgUCVVD1
+RwAKCRDhRXkp6LZkqLT3B/YyfwkFzb3KlZxYcMn8hOVfaO+pBu+M+ec5Qx6myNog
+a1esJPVLvTJuYDll0avufVpcXyae3tPHmKr+q838NKdpnG4K0t7WkZ6aKOR54nPZ
+QfwOMugGRBNKXsgYnY6jswQxcYdI7+U/+lYa9+aFTHrIgEa52slnbymUroDj7HxK
+lAbuAKenjPTPXlt6HFcRhJniPf7EQJjyQ7GMgCdGeVAdqlU189FFfo4VMAGybK9f
+N7ssjUxXnKJEr7jhDhWloqYMdH60PQYP5okU+BzQh18f4jsnwmIdFjaDHOYgrJ2i
+4NzbqGUxXT/jIGSyYzo7Bm1ps7NKF08i70ThwYJdpgM=
+=RJHt
 -----END PGP PUBLIC KEY BLOCK-----

build.sbt

@@ -6,11 +6,13 @@ name                       := "scala-partest"
 
 version                    := "1.0.8-SNAPSHOT"
 
-scalaVersion               := "2.11.6"
+scalaVersion               := crossScalaVersions.value.head
 
-scalaXmlVersion            := "1.0.3"
+crossScalaVersions         := Seq("2.11.6", "2.12.0-M1")
 
-scalaCheckVersion          := "1.11.3"
+scalaXmlVersion            := "1.0.4"
+
+scalaCheckVersion          := "1.11.6"
 
 // TODO: enable "-Xfatal-warnings" for nightlies,
 // off by default because we don't want to break scala/scala pr validation due to deprecation

project/build.properties

@@ -1 +1 @@
-sbt.version=0.13.7
+sbt.version=0.13.8