Travis CI changelog travis-ci.com

New

Travis CI introduces additional security scans of build job logs. The scan is mandatory and meant to improve protection against accidentally or maliciously leaked secrets. Scan process is executed shortly after the build job is completed.

If the scan process finds a secret-like pattern:

• the respective job log line will be censored with asterisks (line numbers do refer to a raw job log line numbers)
• graphic indicator of the log scan failing will be visible in the repository page and the dashboard until either repository administrator reviews it or 7 days elapse; only repository administrators do have access to the report details

Read more:

• blog post
• documentation.

New

Xcode 14.2 (14C18) is now available. Just add the tag osx_image: xcode14.2 to run your jobs on this version.

New

Travis CI enables software developers to securely sign software artifacts as a part of a build job using a cosign tool and a key.

This release allows Travis CI users to:

• Upload a dedicated SSH key to Travis CI or use existing Hashicorp Vault KMS integration to obtain a key
• Use the key within a build job to sign a file or container image, which is built as a result of preceding CI steps

Read More:

• Securely Signing Software documentation
• Hashicorp Vault Integration documentation

New

Xcode 14.1 (14B47b) build environment is now available. You may utilize this version right now using the tag osx_image: xcode14.1.

New

Now running on macOS 12.6, the Xcode 14.0.1 (14A400) build environment is now available under the tag osx_image: xcode14. Some tools were updated like Fastlane to version 2.210.1, CocoaPods to ver. 1.11.3 and SwiftLint to 0.49.1

New

We are introducing new functionalities to increase control over the build’s job logs:

• Enable/disable access to old build job logs
• Limit access to build’s job logs

Job logs requested via API are now provided only via API, no redirections to the storage.

These new features provide a certain level of control over the availability of publicly visible Travis CI build job logs to the repository owners.

Read More:

• Documentation

• Blog post

New

Travis CI users now can connect Hashicorp Vault with Travis CI. Secrets/configuration may be pulled into CI job from Hashicorp Vault instance instead of storing these permanently at Travis CI native mechanisms. This feature aims to support security policies of teams, who want to maintain easy and full control over secrets via their own Key Management System.

In order to use the feature, a Travis CI user has to:

• have a Hashicorp Vault instance with KV engines enabled
• allow connections to that Vault instance from Travis CI IP addresses
• log into Hashicorp Vault and obtain authentication token, which will be used in Travis CI
• encrypt aforementioned Vault access token with travis-cli

In your .travis.yml you can now use following convenience hooks:

vault:
  token: 
    secure: "Your encrypted token goes here"
  api_url: https://your-vault-kv2-api.endpoint
  secrets:
    - ns1/project_id/secret_key_a #path to a secret in Vault KV engine

If using this feature, please consider creating a dedicated CI/CD account in Hashicorp Vault with access only to secrets (credentials) or configuration entries required by the CI/CD pipeline. This will help limit security related risks.

Read more:

• 'Use your own Hashicorp Vault instance with Travis CI' blog post
• Hashicorp Vault Integration documentation page

New

The Ubuntu Jammy Jellyfish 22.04 environment is available using:

os: linux   #optional
dist: jammy

You can learn more about it in our blog post and documentation.

New

We had to rollback the constraint of not running builds for commits with a commit date older than several days. It was an attempt to work around the 'ghost build issue' (build is not triggered when it's requested, but all of sudden after some longer time), yet made more harm than help. This means 'ghost builds' may now reappear from time to time.

New

The Xcode 13.4.1 (13F100) build environment is available via the tag osx_image: xcode13.4, now running on macOS 12.4 (21F79). Some tools were updated like CocoaPods to version 1.11.3, Fastlane to 2.206.2, and SwiftLint to 0.47.1. Ruby was also updated to ver. 2.7.6 and Java to 18.0.1.1.