Step-by-step example with HTTPS API Token in environment variable
Others have mentioned it, but here goes a more detailed procedure.
-
Create a separate repository for the website (optional). This will reduce the likelihood that you overwrite your main repository, and will keep output files from polluting it.
-
Get a Personal Access Token under https://github.com/settings/tokens
Only enable “public_repo” access for public repositories, “repo” for private.
Save the token somewhere as you can only see it once.
-
On the Travis settings for the repository
https://travis-ci.org/<me>/<myrepo>/settingscreate an environment variable:GITHUB_API_KEY=<token>and make sure to mark “Display value in build log” as “Off”.
This is safe because only authorized pushes by you see such environment variables, so if a malicious user tries to make a pull request to get your string, the variable won’t be there.
Just make sure that you never, ever list your environment variables on your build!
-
Add the following to your
.travis.yml:after_success: | if [ -n "$GITHUB_API_KEY" ]; then cd "$TRAVIS_BUILD_DIR" # This generates a `web` directory containing the website. make web cd web git init git checkout -b gh-pages git add . git -c user.name="travis" -c user.email="travis" commit -m init # Make sure to make the output quiet, or else the API token will leak! # This works because the API key can replace your password. git push -f -q https://<me>:[email protected]/<me>/<myrepo>-gh-pages gh-pages &>/dev/null cd "$TRAVIS_BUILD_DIR" fi
Alternative travis encrypt method
Explained in detail at: https://stackoverflow.com/a/33109519/895245
Encrypt the string GITHUB_API_KEY=<key> with the travis gem, and add it to your .travis.yml:
env:
secure: <encrypted>
This has the advantage that it does not require using the Travis web interface, but does require using a Gem and some more copy pasting.