Keeping SIMP modules' Travis CI pipelines up-to-date is currently a pain:
The same CI Secrets (GitHub release API token and Puppet Forge credentials) are encrypted separately and embedded into the .travis.yml file in every module repo
This makes the otherwise standard .travis,yml file unique per project
The `travis encrypt` workflow is error-prone, and we don’t know whether the embedded secrets for a project are valid until the next release.
When the secrets don’t work during a release, it’s too late to fix in-place, and we have to release each failed asset manually ().
The CI Secrets are currently the GitHub release API auth token and the Puppet Forge credentials for simp. They should both be API tokens, which are easier to manage.
This epic aims to:
Move CI secrets out of .travis.yml into Travis CI secure variables in each repo's settings
Standardize all SIMP module repos' .travis.yml file as a static asset
Standardize Travis CI secure variables across all SIMP module repositories.
Add an optional diagnostics to Pipelines that validate a repo's release-relevant Travis CI secrets
Use the Puppet Forge v3 API using a release token instead of the web site's credentials
After this epic is completed, our CI release process should be better situated to abstract into composable tasks that are agnostic to the specific CI service they run in.