I've been working on making Travis do the OS X package build for us. (Previously, some poor Mosh developer had to do it manually and upload it to the Mosh website.) The thing I have it doing now is building the package when a tag is pushed, and uploading it to a GitHub release on cgull/mosh.
The reasons I did this: to get a more externally-visible build for the package, and to do the release build on something other than my personal OS X machines. Of course, this means we are trading trust in my OS X systems for trust in Travis' OS X build environments. I think this is a win, any opinions? Alas, we will not get any kind of repeatable builds out of this, Travis constantly updates their build images and we update to current Homebrew for dependencies on every build. Travis will do the build for us, but it will not hold onto build artifacts for us. So we have to immediately deploy the package to...someplace else. Currently, I'm using the GitHub deployment provider. This requires an authentication token with permissions to create and upload onto a GitHub release on the originating GitHub project. Do people think this is OK security wise? There are plenty of other deployment providers, and it's also possible to script an upload to a random server. regards, --jh _______________________________________________ mosh-devel mailing list mosh-devel@mit.edu http://mailman.mit.edu/mailman/listinfo/mosh-devel
