From 1e28a0cbc0b693f796c6893847676ce490070de9 Mon Sep 17 00:00:00 2001
From: Agniva De Sarker <agnivade@yahoo.co.in>
Date: Sun, 3 Feb 2019 19:27:35 +0530
Subject: [PATCH] [Security]: Moving to a secure way of uploading assets
 (#2747)

* [Security] Moving to a secure way of uploading assets
---
 .travis.yml                              |  11 ++++-------
 scripts/build.sh                         |   6 +++---
 scripts/id_ed25519_tldr_asset_upload.enc | Bin 0 -> 416 bytes
 3 files changed, 7 insertions(+), 10 deletions(-)
 create mode 100644 scripts/id_ed25519_tldr_asset_upload.enc

diff --git a/.travis.yml b/.travis.yml
index 8296f096a..29b4b5250 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -6,14 +6,11 @@ node_js:
 cache: false
 
 after_success:
+- eval "$(ssh-agent -s)"
+- openssl aes-256-cbc -K $encrypted_973441be79af_key -iv $encrypted_973441be79af_iv -in ./scripts/id_ed25519_tldr_asset_upload.enc -out id_ed25519 -d
+- chmod 600 id_ed25519
+- ssh-add id_ed25519
 - bash scripts/build.sh
 
 after_failure:
 - cat test_result | python scripts/send_to_bot.py
-
-env:
-  global:
-  # Used to upload the tldr archive to tldr-pages repo.
-  # Achieved via the upload_assets() function of scripts/build.sh
-  # This is an encrypted form of @agnivade's user token.
-  - secure: AJPra/q3bCFHzMOam1aFz4tzasYuU261Mk6lISh1VJatibHa7nBErsuA3VbR5qth9LblH5HFmNGl4bwmas/PTD1P3lPAHO19gdlMb1kpS9MhTojQP/0EPCsyMTgnWcmNMU2XMvYGHFT0JFn4vj/0TrM9CUMDoT9WhtnVJfgRrlY=
diff --git a/scripts/build.sh b/scripts/build.sh
index 39a377067..50b96665b 100644
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -10,6 +10,7 @@ function initialize {
   export TLDR_ARCHIVE="tldr.zip"
   export SITE_HOME="$HOME/site"
   export SITE_URL="github.com/tldr-pages/tldr-pages.github.io"
+  export SITE_REPO_SLUG="tldr-pages/tldr-pages.github.io"
 
   git config --global user.email "travis@travis-ci.org"
   git config --global user.name "Travis CI"
@@ -29,13 +30,12 @@ function build_archive {
 }
 
 function upload_assets {
-  # ${GH_TOKEN} is defined as a secure variable inside .travis.yml
-  git clone --quiet --depth 1 https://${GH_TOKEN}@${SITE_URL} $SITE_HOME
+  git clone --quiet --depth 1 git@github.com:${SITE_REPO_SLUG}.git $SITE_HOME
   mv -f $TLDR_ARCHIVE $SITE_HOME/assets/
   cp -f $TLDRHOME/pages/index.json $SITE_HOME/assets/
 
   cd $SITE_HOME
-  git add -A 
+  git add -A
   git commit -m "[TravisCI] uploaded assets after commits ${TRAVIS_COMMIT_RANGE}"
   git push -q
 }
diff --git a/scripts/id_ed25519_tldr_asset_upload.enc b/scripts/id_ed25519_tldr_asset_upload.enc
new file mode 100644
index 0000000000000000000000000000000000000000..13806f870b9bd364baac265a41d617035c35fd6e
GIT binary patch
literal 416
zcmV;R0bl<8yALzuxQJn_<SgM9aq(qP8h5Z+%^`jv?=Z-eH0uAdsZAcZA;g=4J{QmA
zXXOy{Tlqb!E7EofCT0|oJ<)T@RUzlFAR$6ahE2Qo#3EH<;r5j=3Mus|Z%fb8FHyl|
z-=2a;O^oSI_RY>+iS?VO?B;W@%M*sE_EH?eYL!{O+?+zui`_gR1E-|Ma|54WA2gPc
z$S>q3_$MpkkrOOXN!GQ?Qg3M>+K10sXqRILdCt>OS8JmXbpgV{CAHWs+VVX5-m(-S
z-G?ec6KWdU84Vyx?p|Ebq5QosOu=1sgH>?_*y7ga4rI01Tk<6Z)E0kJOtsZQjj{Sd
zcBkrU7x_a7t4^nwl=0Iq*o5M4CUcoiPM(|}l`<u|vUD-W=fb^9<!1~WzD><o*r}e;
ztGHNW$B$X1Wf;i&rSkwxa(;oLA#LQ%RzKsekNwoh5#sEYTYn4nzm*`uRzVdXED2N_
zh9O@lA}rA+$31?d-xd8K3-0K^dQ8|Y&W*`wUtVj{!_kIiXw%d}xfd=yx;JO9UcdF+
K+je=_O`WO#d(+nd

literal 0
HcmV?d00001