Improve modules' Travis CI release pipelines


Keeping SIMP modules' Travis CI pipelines up-to-date is currently a pain:

  • The same CI Secrets (GitHub release API token and Puppet Forge credentials) are encrypted separately and embedded into the .travis.yml file in every module repo

  • This makes the otherwise standard .travis,yml file unique per project

  • The `travis encrypt` workflow is error-prone, and we don’t know whether the embedded secrets for a project are valid until the next release.

    • When the secrets don’t work during a release, it’s too late to fix in-place, and we have to release each failed asset manually ().

  • The CI Secrets are currently the GitHub release API auth token and the Puppet Forge credentials for simp. They should both be API tokens, which are easier to manage.

This epic aims to:

  • Move CI secrets out of .travis.yml into Travis CI secure variables in each repo's settings

  • Standardize all SIMP module repos' .travis.yml file as a static asset

    • Standardize Travis CI secure variables across all SIMP module repositories.

  • Add an optional diagnostics to Pipelines that validate a repo's release-relevant Travis CI secrets

  • Use the Puppet Forge v3 API using a release token instead of the web site's credentials

After this epic is completed, our CI release process should be better situated to abstract into composable tasks that are agnostic to the specific CI service they run in.

Acceptance Criteria



Story Points



Chris Tessmer



Epic Name

Improve Travis CI