Skip to content
This repository has been archived by the owner on May 28, 2024. It is now read-only.

Chef cookbook deployment from Travis

Jump to bottom
James Smith edited this page May 9, 2014 · 1 revision

We can use Berkshelf to deploy cookbooks and dependencies directly from travis.

First, make sure you're using Berkshelf, and then add a berkshelf.json file to your repository. We tensd to put this in a deploy subdirectory.

{
  "chef": {
    "chef_server_url": "https://chef.theodi.org",
    "client_key": "deploy/key.pem",
    "node_name": "odi"
  },
  "ssl": {
    "verify": false
  }
}

This tells Berkshelf where to upload the cookbook to. Note it needs the client key PEM file. This should not be added to version control. In order to get this, we add an encrypted version to git, and decrypt it on Travis with an environment variable.

export CHEF_KEY=SOME-UNIQUE-KEY
openssl aes-256-cbc -k "$CHEF_KEY" -in deploy/key.pem -out deploy/key.enc -a -e

Add deploy/key.enc to version control.

For convenience, add a rake task to handle the berkshelf upload:

namespace :berkshelf do

  desc "Upload cookbook to chef server"
  task :upload do
    sh "bundle exec berks upload -c deploy/berkshelf.json"
  end

end

Now, in your travis config, after successful master builds, you want to decrypt the PEM file and run the rask task:

after_success:
- openssl enc -d -aes-256-cbc -k $CHEF_KEY -in deploy/key.enc -out deploy/key.pem
- chmod 600 deploy/key.pem
- bundle exec berks install
- "[ \"$TRAVIS_BRANCH\" == \"master\" ] && [ \"$TRAVIS_PULL_REQUEST\" == \"false\"] && bundle exec rake berkshelf:upload"

Last thing is to add the chef key to an encrypted variable in travis:

travis encrypt CHEF_KEY=${CHEF_KEY} --add

Now, when your build passes, travis should try to upload the new cookbook to the Chef server. Bingo!

Clone this wiki locally