From 1e28a0cbc0b693f796c6893847676ce490070de9 Mon Sep 17 00:00:00 2001
From: Agniva De Sarker <agnivade@yahoo.co.in>
Date: Sun, 3 Feb 2019 19:27:35 +0530
Subject: [PATCH] [Security]: Moving to a secure way of uploading assets
 (#2747)

* [Security] Moving to a secure way of uploading assets
---
 .travis.yml                              |  11 ++++-------
 scripts/build.sh                         |   6 +++---
 scripts/id_ed25519_tldr_asset_upload.enc | Bin 0 -> 416 bytes
 3 files changed, 7 insertions(+), 10 deletions(-)
 create mode 100644 scripts/id_ed25519_tldr_asset_upload.enc

diff --git a/.travis.yml b/.travis.yml
index 8296f096a..29b4b5250 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -6,14 +6,11 @@ node_js:
 cache: false
 
 after_success:
+- eval "$(ssh-agent -s)"
+- openssl aes-256-cbc -K $encrypted_973441be79af_key -iv $encrypted_973441be79af_iv -in ./scripts/id_ed25519_tldr_asset_upload.enc -out id_ed25519 -d
+- chmod 600 id_ed25519
+- ssh-add id_ed25519
 - bash scripts/build.sh
 
 after_failure:
 - cat test_result | python scripts/send_to_bot.py
-
-env:
-  global:
-  # Used to upload the tldr archive to tldr-pages repo.
-  # Achieved via the upload_assets() function of scripts/build.sh
-  # This is an encrypted form of @agnivade's user token.
-  - secure: AJPra/q3bCFHzMOam1aFz4tzasYuU261Mk6lISh1VJatibHa7nBErsuA3VbR5qth9LblH5HFmNGl4bwmas/PTD1P3lPAHO19gdlMb1kpS9MhTojQP/0EPCsyMTgnWcmNMU2XMvYGHFT0JFn4vj/0TrM9CUMDoT9WhtnVJfgRrlY=
diff --git a/scripts/build.sh b/scripts/build.sh
index 39a377067..50b96665b 100644
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -10,6 +10,7 @@ function initialize {
   export TLDR_ARCHIVE="tldr.zip"
   export SITE_HOME="$HOME/site"
   export SITE_URL="github.com/tldr-pages/tldr-pages.github.io"
+  export SITE_REPO_SLUG="tldr-pages/tldr-pages.github.io"
 
   git config --global user.email "travis@travis-ci.org"
   git config --global user.name "Travis CI"
@@ -29,13 +30,12 @@ function build_archive {
 }
 
 function upload_assets {
-  # ${GH_TOKEN} is defined as a secure variable inside .travis.yml
-  git clone --quiet --depth 1 https://${GH_TOKEN}@${SITE_URL} $SITE_HOME
+  git clone --quiet --depth 1 git@github.com:${SITE_REPO_SLUG}.git $SITE_HOME
   mv -f $TLDR_ARCHIVE $SITE_HOME/assets/
   cp -f $TLDRHOME/pages/index.json $SITE_HOME/assets/
 
   cd $SITE_HOME
-  git add -A 
+  git add -A
   git commit -m "[TravisCI] uploaded assets after commits ${TRAVIS_COMMIT_RANGE}"
   git push -q
 }
diff --git a/scripts/id_ed25519_tldr_asset_upload.enc b/scripts/id_ed25519_tldr_asset_upload.enc
new file mode 100644
index 0000000000000000000000000000000000000000..13806f870b9bd364baac265a41d617035c35fd6e
GIT binary patch
literal 416
zcmeyno8S1!j*i4NPjnuN6@E+&kSgC0c~-Gb@x8%`DJHM}Z(8Xqw?pyB>?S+$^H0*B
z3Ve?KX}encQW=+8n#e@ki^Zox6`yZVP;~Nc^WFXZh*D_M!*5d!xir6O=6j#Nq#t-N
z_5Qpjci*0ue&5cXi|zb6d-<DZ#T!lwx2^aVBy%WhYUI8<bDS=A-?dR-UcTg5G4uR*
zd6Q`qPv}2U`=PG=Xri!AfakTXr-Sk{6>hbkkIa~!%wBo!a$tD&Vu4b|Lx)ti-q5}E
z$>!I+O(KeS+qE2pv!rfI@+x?}i;KCi@Xua-pM$Zb&7p;?Hy&Mk#+S17M)W6D)+=K5
z!9H8BI`wY+<y5x(RhIZqXO7i=%V$jacv=5O%cDHC;+cMa^XAA;HB#NRsl@R3^Fw>R
zpQiK3?DIVvabxAYi>r4;Bp>gOT$(Cz;`h?e3_eA5jf)g>pPUV|f4r{$@0AmRkKRm+
zuIK)`f2zWvFh@~&9nKKxHpO@iC7p|E$8GBt-xvL>$o=lcfhwOHy61XNX2!>5UpjoT
eEj8ov6{nrzdbYdF)7QuC|9a<kS>+Aixhnzxd(+nd

literal 0
HcmV?d00001