Travis CI changelog
Travis CI changelog
travis-ci.com

Fixes deployed

 

New

    

Fix

  

Updates regarding all images, including Jammy, AMD architecture:

  • updated git to the newest 2.39.1 version fixing critical vulnerabilities
  • adding preinstalled libpq-dev package to fix issues while installing Postgress package
  • fixed issues with google-chrome package installation
  • added newest openjdk8 for Focal

Fixes deployed

 

Fix

    

New

  

Fixes for some issues related to lxd images, affected architectures: s390x, arm64 and ppc64le:

  • Fixed Cargo permission issues
  • Fixed Scala/JVM missing config
  • Added archive PostgreSQL repository for Xenial
  • Removed ruby-3.1.2 due to issues with DPL
  • Bumped Cosign version to v1.13.1, Rekor to v1.0.1
  • Added Lein installation

Active scanning and censoring post-job build logs

 

New

  

Travis CI introduces additional security scans of build job logs. The scan is mandatory and meant to improve protection against accidentally or maliciously leaked secrets. Scan process is executed shortly after the build job is completed.

If the scan process finds a secret-like pattern:

  • the respective job log line will be censored with asterisks (line numbers do refer to a raw job log line numbers)
  • graphic indicator of the log scan failing will be visible in the repository page and the dashboard until either repository administrator reviews it or 7 days elapse; only repository administrators do have access to the report details

Read more:

Xcode 14.2 available

 

New

  

Xcode 14.2 (14C18) is now available. Just add the tag osx_image: xcode14.2 to run your jobs on this version.

Securely Signing Software with Travis CI

 

New

  

Travis CI enables software developers to securely sign software artifacts as a part of a build job using a cosign tool and a key.

This release allows Travis CI users to:

  • Upload a dedicated SSH key to Travis CI or use existing Hashicorp Vault KMS integration to obtain a key
  • Use the key within a build job to sign a file or container image, which is built as a result of preceding CI steps

Read More:

Xcode 14.1 released

 

New

  

Xcode 14.1 (14B47b) build environment is now available. You may utilize this version right now using the tag osx_image: xcode14.1.

Xcode 14.0.1 available

 

New

  

Now running on macOS 12.6, the Xcode 14.0.1 (14A400) build environment is now available under the tag osx_image: xcode14. Some tools were updated like Fastlane to version 2.210.1, CocoaPods to ver. 1.11.3 and SwiftLint to 0.49.1

Changes in job logs availability

 

New

  

We are introducing new functionalities to increase control over the build’s job logs:

  • Enable/disable access to old build job logs
  • Limit access to build’s job logs

Job logs requested via API are now provided only via API, no redirections to the storage.

These new features provide a certain level of control over the availability of publicly visible Travis CI build job logs to the repository owners.

Read More:

Hashicorp Vault integration available

 

New

  

Travis CI users now can connect Hashicorp Vault with Travis CI. Secrets/configuration may be pulled into CI job from Hashicorp Vault instance instead of storing these permanently at Travis CI native mechanisms. This feature aims to support security policies of teams, who want to maintain easy and full control over secrets via their own Key Management System.

In order to use the feature, a Travis CI user has to:

In your .travis.yml you can now use following convenience hooks:

vault:
  token: 
    secure: "Your encrypted token goes here"
  api_url: https://your-vault-kv2-api.endpoint
  secrets:
    - ns1/project_id/secret_key_a #path to a secret in Vault KV engine

If using this feature, please consider creating a dedicated CI/CD account in Hashicorp Vault with access only to secrets (credentials) or configuration entries required by the CI/CD pipeline. This will help limit security related risks.


Read more:

Build environment: Ubuntu Jammy Jellyfish 22.04

 

New

  

The Ubuntu Jammy Jellyfish 22.04 environment is available using:

os: linux   #optional
dist: jammy

You can learn more about it in our blog post and documentation.