deploy to Sonatype OSSRH from Travis CI

add maven artifact signing certificates and travis CI config.
this actually only contains a signing sub-certificate, encrypted with a different passphrase than the master key, and then encrypted again with 'travis encrypt-file', following the excellent instructions at http://www.debonair.io/post/maven-cd/

Author: abyrd

.travis.yml

@@ -1,9 +1,8 @@
 language: java
-
-# OpenTripPlanner requires Java 8 and Travis doesn't (yet) support OpenJDK 8 
+# OpenTripPlanner requires Java 8 and Travis doesn't (yet) support OpenJDK 8
 jdk:
   - oraclejdk8
-
+  
 # Replace Travis's default Maven installation step with a no-op.
 # This avoids redundantly pre-running 'mvn install -DskipTests' every time.
 install: true
@@ -13,27 +12,33 @@ install: true
 script: |
   # only (attempt to) deploy non-pull request commits to master
   if [ "$TRAVIS_PULL_REQUEST" = false ] && [ "$TRAVIS_BRANCH" = master ]; then
-    mvn clean deploy
+    mvn clean deploy --settings maven-settings.xml
   else
     # otherwise, just run test suite
-    mvn clean verify
+    mvn clean verify --settings maven-settings.xml
   fi
 
+# Secure envs are OSSRH_JIRA_USERNAME, OSSRH_JIRA_PASSWORD, GPG_KEY_NAME, GPG_PASSPHRASE
 env:
   global:
-    # encrypted AWS access/secret keys to allow automated deployment to the Conveyal Maven repo on S3
-    - secure: "d1GabNiRYJwCeu+Zqr/qKnyNf4CY2pH0dLkY708Dzpe1Vgi0k2WLTMeYe9yJ3CyQydpUfOFkvwV64r4KIj4tBRDuW5C72bZyk/0o6oo931IwT1uHKstPfiovf/GiZ8qbn0SDencwfjfDefZUtaZ6I1mF6S638PvUlz4lNgl6kfA="
-    - secure: "DNnCaMx4Cgcuj78m96IEDwZMMtY14HCWIi6voT80DJZB5Rtu50BayT8ljxjrSHATYIfkZ+aLgFaNSPqI8MlNlt22xk2lzjOkA4J3Bn0d3xuYlgS9WT5rh78llKgtGpjH47OeRwHhpFM5PnNTCgFdnXNoj9SlZeNlWHk8+PHi5do="
+  - secure: SR50xh5n9H9ML20NM9QK3Y7rS1xzmMgLtp8Hke7fPL4QsCvdd1CTXTIjGPtCNzvEx0zUKIx1vO0s5mwnB0KyhTzwI8t5xvw7RErp7v7WiskKVKVkCu6EPDsTH1d3iQpF4QAFy/07HehCvGtObh3XnOYZKRfoxpY3/n9y/DxuKp8=
+  - secure: R8kd55l4UXde9pa6POKFFFmkp4N7KD03vCAiT5dEOvDDKBRIGo1n7Yn+txIhpe8VJVYDqAxOUdW9yZO29GWvjNTiFmDqbvC4GuzWqU+Am1Dfmi5Udmmswcy4CTeoNqKchhNn69EhphdFsKE+JzCZIJSo4+Gl0jAqxMBE13ghlBw=
+  - secure: LV+MX/r5l/ycNS1fQNxdzBLyGLnAsG8G3APWsvqb0Sou/fPncwjfGV178jxPUULhb8VAex+MIJsBObrQGD4vdvqBI9ASPHReplANLYrsAAzTm0bPkkyQCs37cDq9ORsETnR9j8m8G/0+8bxH81WOOEv56h4fiQog5z3cBbSGdh0=
+  - secure: cAXIX+Op0EXl3GHX5qCOGHrFQpPlvVSq8mh5zqABSICsMQHUgTyOgSNUykOdrOarjM2y2H1+Yu2MfLtu2v1hAS/zSzAswx+7T7xwptsX1bd+QX2s9+3q4OgG/97Il3Dqhbf9mGqxJyfWP4iD1Ry9IIlsIGk/coe877mkZCbKb2s=
 
 # If sudo is disabled, CI runs on container based infrastructure (allows caching &c.)
 sudo: false
 
 # Retain the local Maven repository to speed up builds.
 cache:
   directories:
-    - "$HOME/.m2/repository"
+    - $HOME/.m2/repository
 
-# Notify us of the build status on the Slack channel     
+# Notify us of the build status on the Slack channel
 notifications:
   slack: conveyal:RQuTZBfE7FBjVtYkKwdnNRjY
 
+# Decrypt and import the artifact signing certificate before running the build
+before_install:
+  - openssl aes-256-cbc -K $encrypted_9918733fe303_key -iv $encrypted_9918733fe303_iv -in maven-artifact-signing-key.asc.enc -out maven-artifact-signing-key.asc -d
+  - gpg --import --batch maven-artifact-signing-key.asc

maven-artifact-signing-key.asc.enc

@@ -0,0 +1,26 @@
+<!-- This file provides passwords and key details to the Maven plugins that sign our artifacts 
+     and deploy them to the OSSRH repository. The secret information is passed in with 
+     Travis CI secure environment variables in .travis.yml. -->
+<settings>
+  <servers>
+    <server>
+      <id>ossrh</id>
+      <username>${env.OSSRH_JIRA_USERNAME}</username>
+      <password>${env.OSSRH_JIRA_PASSWORD}</password>
+    </server>
+  </servers>
+  <profiles>
+    <profile>
+      <id>ossrh</id>
+      <activation>
+        <activeByDefault>true</activeByDefault>
+      </activation>
+      <properties>
+        <gpg.executable>gpg</gpg.executable>
+        <gpg.keyname>${env.GPG_KEY_NAME}</gpg.keyname>
+        <gpg.passphrase>${env.GPG_PASSPHRASE}</gpg.passphrase>
+      </properties>
+    </profile>
+  </profiles>
+</settings>
+