I am working on a project that is using Travis CI. Some of our tests require secure credentials to be defined in environment variables, or else they are skipped. We are using the encrypt
command of the Travis CLI gem to define a secure environment variable for our primary repository, owner/Project
. This variable is included in our .travis.yml
file as follows:
env:
secure: "av9hxTZp/Dhe9xAOq6WlhTNDoWjjczN3lFanG6h/3h4kW7DsxhfXMRA96z6MambbC6c9ARFiwsQ24NeCAfPQ1m6r9uZwNkusqnRDOwZQeVQcmopnoNNG4Kd/9oclIVgsAlSG6WfhkyQPUG2p7PkOvxFV4/YjDSViYDR3eoih3JA="
travis encrypt
has encrypted these variables using the private key for our owner/Project
, and Travis runs the credentialed tests successfully for that repository.
However we have another repository, contributor/Project
, which is also used for development. When Travis is run in that repository, the secure environment variables are not available, and the credentialed tests are skipped.
I used travis encrypt
to encrypt a set of credentials for contributor/Project
, and tried to add it to the .travis.yml
like this:
env:
- secure: "av9hxTZp/Dhe9xAOq6WlhTNDoWjjczN3lFanG6h/3h4kW7DsxhfXMRA96z6MambbC6c9ARFiwsQ24NeCAfPQ1m6r9uZwNkusqnRDOwZQeVQcmopnoNNG4Kd/9oclIVgsAlSG6WfhkyQPUG2p7PkOvxFV4/YjDSViYDR3eoih3JA="
- secure: "TcOCPDytGQpQgiP4w4LRdLXn+pUvhf5SjJF4J3TXjaPUCfomNfod2WTZn3v4WBR2kg3UCaeqFo2BmGUdwCdPbrAZ3cF2W749HLNU0Z2zxFWru5W+GAGgUi2FXIzzjF+U8Hb/2fLZ6GoUiSlNzVHKo/+kvLDAyuGnGFwfH7dpEb8="
This resulted in Travis running two different versions of the build. One attempted to use each set of secure credentials. Since only one set was valid for a given repository, this would result in the test suite being run twice, once with credentials and once without.
This extra build is wasteful and unnecessary. If the test is running in an environment where neither set of secure credentials are available (such as a pull request from a fork), the test suite will be run without credentials twice. Adding more sets of credentials would be even worse; you'd have several redundant uncredentialed builds for every credentialed build.
How can I define secure environment variables for multiple repositories in a single Travis configuration without causing extra builds to occur?
When I defined multiple secure values directly under env
, they seemed to be treated as though I had used the matrix
key, which defines multiple variations of a build. It was as though I had written:
env:
matrix:
- secure: "TcOCPDytGQpQgiP4w4LRdLXn+pUvhf5SjJF4J3TXjaPUCfomNfod2WTZn3v4WBR2kg3UCaeqFo2BmGUdwCdPbrAZ3cF2W749HLNU0Z2zxFWru5W+GAGgUi2FXIzzjF+U8Hb/2fLZ6GoUiSlNzVHKo/+kvLDAyuGnGFwfH7dpEb8="
- secure: "av9hxTZp/Dhe9xAOq6WlhTNDoWjjczN3lFanG6h/3h4kW7DsxhfXMRA96z6MambbC6c9ARFiwsQ24NeCAfPQ1m6r9uZwNkusqnRDOwZQeVQcmopnoNNG4Kd/9oclIVgsAlSG6WfhkyQPUG2p7PkOvxFV4/YjDSViYDR3eoih3JA="
Instead, I need to specify the secure credentials under the global
key, so that they will all be applied to every build:
env:
global:
- secure: "TcOCPDytGQpQgiP4w4LRdLXn+pUvhf5SjJF4J3TXjaPUCfomNfod2WTZn3v4WBR2kg3UCaeqFo2BmGUdwCdPbrAZ3cF2W749HLNU0Z2zxFWru5W+GAGgUi2FXIzzjF+U8Hb/2fLZ6GoUiSlNzVHKo/+kvLDAyuGnGFwfH7dpEb8="
- secure: "av9hxTZp/Dhe9xAOq6WlhTNDoWjjczN3lFanG6h/3h4kW7DsxhfXMRA96z6MambbC6c9ARFiwsQ24NeCAfPQ1m6r9uZwNkusqnRDOwZQeVQcmopnoNNG4Kd/9oclIVgsAlSG6WfhkyQPUG2p7PkOvxFV4/YjDSViYDR3eoih3JA="
Travis will attempt to use each of the secure variables in a single build. It will only be able to decode and use the one (or none) that are appropriate to the repository and build conditions. In this way you are able to add secure environment variables for as many repositories as you want to a single Travis configuration.