Basic TravisCI Information
Last updated
Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
TravisCI directly integrates with different git platforms such as Github, Bitbucket, Assembla, and Gitlab. It will ask the user to give TravisCI permissions to access the repos he wants to integrate with TravisCI.
For example, in Github it will ask for the following permissions:
user:email
(read-only)
read:org
(read-only)
repo
: Grants read and write access to code, commit statuses, collaborators, and deployment statuses for public and private repositories and organizations.
In TravisCI, as in other CI platforms, it's possible to save at repo level secrets that will be saved encrypted and be decrypted and push in the environment variable of the machine executing the build.
It's possible to indicate the branches to which the secrets are going to be available (by default all) and also if TravisCI should hide its value if it appears in the logs (by default it will).
For each repo TravisCI generates an RSA keypair, keeps the private one, and makes the repository’s public key available to those who have access to the repository.
You can access the public key of one repo with:
Then, you can use this setup to encrypt secrets and add them to your .travis.yaml
. The secrets will be decrypted when the build is run and accessible in the environment variables.
Note that the secrets encrypted this way won't appear listed in the environmental variables of the settings.
Same way as before, TravisCI also allows to encrypt files and then decrypt them during the build:
Note that when encrypting a file 2 Env Variables will be configured inside the repo such as:
Travis CI Enterprise is an on-prem version of Travis CI, which you can deploy in your infrastructure. Think of the ‘server’ version of Travis CI. Using Travis CI allows you to enable an easy-to-use Continuous Integration/Continuous Deployment (CI/CD) system in an environment, which you can configure and secure as you want to.
Travis CI Enterprise consists of two major parts:
TCI services (or TCI Core Services), responsible for integration with version control systems, authorizing builds, scheduling build jobs, etc.
TCI Worker and build environment images (also called OS images).
TCI Core services require the following:
A PostgreSQL11 (or later) database.
An infrastructure to deploy a Kubernetes cluster; it can be deployed in a server cluster or in a single machine if required
Depending on your setup, you may want to deploy and configure some of the components on your own, e.g., RabbitMQ - see the Setting up Travis CI Enterprise for more details.
TCI Worker requires the following:
An infrastructure where a docker image containing the Worker and a linked build image can be deployed.
Connectivity to certain Travis CI Core Services components - see the Setting Up Worker for more details.
The amount of deployed TCI Worker and build environment OS images will determine the total concurrent capacity of Travis CI Enterprise deployment in your infrastructure.
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)