Decrypt secrets only when passphrase is present

In cas a pull request is tested, the secret environment variables are not present, because they could be exposed by a malicious pull request. So we can only decrypt the gpg-keys only when the keyphrase is availible.

Decrypt secrets only when passphrase is present
f6c256e5 · Johannes Edmeier · f4b2c380 · f6c256e5
Commit f6c256e5 authored Nov 21, 2015 by Johannes Edmeier
Show whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

.travis.yml .travis.yml +2 -2

No files found.
--- a/.travis.yml
+++ b/.travis.yml
@@ -2,10 +2,10 @@ language: java
 sudo: false

 before_install:
-  - openssl aes-256-cbc -d -pass "env:DECRYPT_KEYPHRASE" -in .gnupg.tar.enc | tar xv
  - "export DISPLAY=:99.0"
  - "sh -e /etc/init.d/xvfb start"
-  - "if [[ ${TRAVIS_TAG} != '' ]]; then mvn versions:set -DnewVersion='${TRAVIS_TAG}'; fi"
+  - 'if [[ -n "$DECRYPT_KEYPHRASE" ]]; then openssl aes-256-cbc -d -pass "env:DECRYPT_KEYPHRASE" -in .gnupg.tar.enc | tar xv; fi'
+  - 'if [[ ${TRAVIS_TAG} != "" ]]; then mvn versions:set -DnewVersion="${TRAVIS_TAG}"; fi'

 script: mvn clean verify