Travis CI changelog travis-ci.com

New

Fix

Updates regarding all images, including Jammy, AMD architecture:

• updated git to the newest 2.39.1 version fixing critical vulnerabilities
• adding preinstalled libpq-dev package to fix issues while installing Postgress package
• fixed issues with google-chrome package installation
• added newest openjdk8 for Focal

Fix

New

Fixes for some issues related to lxd images, affected architectures: s390x, arm64 and ppc64le:

• Fixed Cargo permission issues
• Fixed Scala/JVM missing config
• Added archive PostgreSQL repository for Xenial
• Removed ruby-3.1.2 due to issues with DPL
• Bumped Cosign version to v1.13.1, Rekor to v1.0.1
• Added Lein installation

New

Travis CI introduces additional security scans of build job logs. The scan is mandatory and meant to improve protection against accidentally or maliciously leaked secrets. Scan process is executed shortly after the build job is completed.

If the scan process finds a secret-like pattern:

• the respective job log line will be censored with asterisks (line numbers do refer to a raw job log line numbers)
• graphic indicator of the log scan failing will be visible in the repository page and the dashboard until either repository administrator reviews it or 7 days elapse; only repository administrators do have access to the report details

Read more:

• blog post
• documentation.

New

Xcode 14.2 (14C18) is now available. Just add the tag osx_image: xcode14.2 to run your jobs on this version.

New

Travis CI enables software developers to securely sign software artifacts as a part of a build job using a cosign tool and a key.

This release allows Travis CI users to:

• Upload a dedicated SSH key to Travis CI or use existing Hashicorp Vault KMS integration to obtain a key
• Use the key within a build job to sign a file or container image, which is built as a result of preceding CI steps

Read More:

• Securely Signing Software documentation
• Hashicorp Vault Integration documentation

New

Xcode 14.1 (14B47b) build environment is now available. You may utilize this version right now using the tag osx_image: xcode14.1.

New

Now running on macOS 12.6, the Xcode 14.0.1 (14A400) build environment is now available under the tag osx_image: xcode14. Some tools were updated like Fastlane to version 2.210.1, CocoaPods to ver. 1.11.3 and SwiftLint to 0.49.1

New

We are introducing new functionalities to increase control over the build’s job logs:

• Enable/disable access to old build job logs
• Limit access to build’s job logs

Job logs requested via API are now provided only via API, no redirections to the storage.

These new features provide a certain level of control over the availability of publicly visible Travis CI build job logs to the repository owners.

Read More:

• Documentation

• Blog post

New

Travis CI users now can connect Hashicorp Vault with Travis CI. Secrets/configuration may be pulled into CI job from Hashicorp Vault instance instead of storing these permanently at Travis CI native mechanisms. This feature aims to support security policies of teams, who want to maintain easy and full control over secrets via their own Key Management System.

In order to use the feature, a Travis CI user has to:

• have a Hashicorp Vault instance with KV engines enabled
• allow connections to that Vault instance from Travis CI IP addresses
• log into Hashicorp Vault and obtain authentication token, which will be used in Travis CI
• encrypt aforementioned Vault access token with travis-cli

In your .travis.yml you can now use following convenience hooks:

vault:
  token: 
    secure: "Your encrypted token goes here"
  api_url: https://your-vault-kv2-api.endpoint
  secrets:
    - ns1/project_id/secret_key_a #path to a secret in Vault KV engine

If using this feature, please consider creating a dedicated CI/CD account in Hashicorp Vault with access only to secrets (credentials) or configuration entries required by the CI/CD pipeline. This will help limit security related risks.

Read more:

• 'Use your own Hashicorp Vault instance with Travis CI' blog post
• Hashicorp Vault Integration documentation page

New

The Ubuntu Jammy Jellyfish 22.04 environment is available using:

os: linux   #optional
dist: jammy

You can learn more about it in our blog post and documentation.