berkeley_library-docker 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.github/workflows/build.yml +31 -0
- data/.gitignore +375 -0
- data/.rspec +3 -0
- data/.ruby-version +1 -0
- data/Gemfile +3 -0
- data/README.md +26 -0
- data/Rakefile +39 -0
- data/berkeley_library-docker.gemspec +35 -0
- data/lib/berkeley_library/docker/logging.rb +26 -0
- data/lib/berkeley_library/docker/module_info.rb +16 -0
- data/lib/berkeley_library/docker/railtie.rb +9 -0
- data/lib/berkeley_library/docker/secret.rb +38 -0
- data/lib/berkeley_library/docker.rb +10 -0
- data/spec/berkeley_library/docker/railtie_spec.rb +22 -0
- data/spec/berkeley_library/docker/secret_spec.rb +50 -0
- data/spec/spec_helper.rb +18 -0
- data/spec/spec_utils.rb +28 -0
- metadata +134 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 1a8f366b628cad8dd6d516fe9180667fb4bd2908d331ad79437990ee4e0d865b
|
4
|
+
data.tar.gz: 70dd01ff23d3177c3430597abd7cbdee9657829599791f04299052b070efdee2
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 986553998d692b12fdf140ee55f08b75b7c4754ec829049242283b81894dd6ff3205a47830d9d4d3a7a1178198b3a18d255374a21eb0614943268bbebdf93406
|
7
|
+
data.tar.gz: 792ac78d25c7c14f7384ba968a0578a373fdc66d0e2e9765e4221db04c3b8665c1030af8edfc0835009e518bb0bdbd186d968a61759c8ad6ddc76ba5658f0caa
|
@@ -0,0 +1,31 @@
|
|
1
|
+
name: Build
|
2
|
+
on: [ push, pull_request, workflow_dispatch ]
|
3
|
+
jobs:
|
4
|
+
test:
|
5
|
+
strategy:
|
6
|
+
fail-fast: false
|
7
|
+
matrix:
|
8
|
+
os: [ ubuntu-latest, macos-latest ]
|
9
|
+
ruby: [ '2.7', '3.0', '3.1' ]
|
10
|
+
|
11
|
+
runs-on: ${{ matrix.os }}
|
12
|
+
|
13
|
+
steps:
|
14
|
+
- name: Check out repository
|
15
|
+
uses: actions/checkout@v3
|
16
|
+
|
17
|
+
- name: Set up Ruby
|
18
|
+
uses: ruby/setup-ruby@v1
|
19
|
+
with:
|
20
|
+
ruby-version: ${{ matrix.ruby }}
|
21
|
+
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
|
22
|
+
|
23
|
+
- name: Run checks
|
24
|
+
run: bundle exec rake
|
25
|
+
|
26
|
+
- name: Test Report
|
27
|
+
uses: dorny/test-reporter@v1
|
28
|
+
with:
|
29
|
+
name: RSpec Tests
|
30
|
+
path: artifacts/*.xml
|
31
|
+
reporter: java-junit
|
data/.gitignore
ADDED
@@ -0,0 +1,375 @@
|
|
1
|
+
# Don't commit Gemfile.lock for libraries
|
2
|
+
Gemfile.lock
|
3
|
+
|
4
|
+
# build artifacts
|
5
|
+
/artifacts/
|
6
|
+
|
7
|
+
#### joe made this: http://goel.io/joe
|
8
|
+
|
9
|
+
#### ruby ####
|
10
|
+
*.gem
|
11
|
+
*.rbc
|
12
|
+
/.config
|
13
|
+
/coverage/
|
14
|
+
/InstalledFiles
|
15
|
+
/pkg/
|
16
|
+
/spec/reports/
|
17
|
+
/spec/examples.txt
|
18
|
+
/test/tmp/
|
19
|
+
/test/version_tmp/
|
20
|
+
/tmp/
|
21
|
+
|
22
|
+
# Used by dotenv library to load environment variables.
|
23
|
+
# .env
|
24
|
+
|
25
|
+
# Ignore Byebug command history file.
|
26
|
+
.byebug_history
|
27
|
+
|
28
|
+
## Specific to RubyMotion:
|
29
|
+
.dat*
|
30
|
+
.repl_history
|
31
|
+
build/
|
32
|
+
*.bridgesupport
|
33
|
+
build-iPhoneOS/
|
34
|
+
build-iPhoneSimulator/
|
35
|
+
|
36
|
+
## Specific to RubyMotion (use of CocoaPods):
|
37
|
+
#
|
38
|
+
# We recommend against adding the Pods directory to your .gitignore. However
|
39
|
+
# you should judge for yourself, the pros and cons are mentioned at:
|
40
|
+
# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
|
41
|
+
#
|
42
|
+
# vendor/Pods/
|
43
|
+
|
44
|
+
## Documentation cache and generated files:
|
45
|
+
/.yardoc/
|
46
|
+
/_yardoc/
|
47
|
+
/doc/
|
48
|
+
/rdoc/
|
49
|
+
|
50
|
+
## Environment normalization:
|
51
|
+
/.bundle/
|
52
|
+
/vendor/bundle
|
53
|
+
/lib/bundler/man/
|
54
|
+
|
55
|
+
# for a library or gem, you might want to ignore these files since the code is
|
56
|
+
# intended to run in multiple environments; otherwise, check them in:
|
57
|
+
# Gemfile.lock
|
58
|
+
# .ruby-version
|
59
|
+
# .ruby-gemset
|
60
|
+
|
61
|
+
# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
|
62
|
+
.rvmrc
|
63
|
+
|
64
|
+
|
65
|
+
#### rails ####
|
66
|
+
*.rbc
|
67
|
+
capybara-*.html
|
68
|
+
/db/*.sqlite3
|
69
|
+
/db/*.sqlite3-journal
|
70
|
+
/db/*.sqlite3-[0-9]*
|
71
|
+
/public/system
|
72
|
+
/coverage/
|
73
|
+
/spec/tmp
|
74
|
+
*.orig
|
75
|
+
rerun.txt
|
76
|
+
pickle-email-*.html
|
77
|
+
|
78
|
+
# Ignore all logfiles and tempfiles.
|
79
|
+
/log/*
|
80
|
+
/tmp/*
|
81
|
+
!/log/.keep
|
82
|
+
!/tmp/.keep
|
83
|
+
|
84
|
+
# Comment out this rule if you are OK with secrets being uploaded to the repo
|
85
|
+
config/initializers/secret_token.rb
|
86
|
+
config/master.key
|
87
|
+
|
88
|
+
# Only include if you have production secrets in this file, which is no longer a Rails default
|
89
|
+
# config/secrets.yml
|
90
|
+
|
91
|
+
# dotenv
|
92
|
+
# Comment out this rule if environment variables can be committed
|
93
|
+
.env
|
94
|
+
|
95
|
+
## Environment normalization:
|
96
|
+
/.bundle
|
97
|
+
/vendor/bundle
|
98
|
+
|
99
|
+
# these should all be checked in to normalize the environment:
|
100
|
+
# Gemfile.lock, .ruby-version, .ruby-gemset
|
101
|
+
|
102
|
+
# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
|
103
|
+
.rvmrc
|
104
|
+
|
105
|
+
# if using bower-rails ignore default bower_components path bower.json files
|
106
|
+
/vendor/assets/bower_components
|
107
|
+
*.bowerrc
|
108
|
+
bower.json
|
109
|
+
|
110
|
+
# Ignore pow environment settings
|
111
|
+
.powenv
|
112
|
+
|
113
|
+
# Ignore Byebug command history file.
|
114
|
+
.byebug_history
|
115
|
+
|
116
|
+
# Ignore node_modules
|
117
|
+
node_modules/
|
118
|
+
|
119
|
+
# Ignore precompiled javascript packs
|
120
|
+
/public/packs
|
121
|
+
/public/packs-test
|
122
|
+
/public/assets
|
123
|
+
|
124
|
+
# Ignore yarn files
|
125
|
+
/yarn-error.log
|
126
|
+
yarn-debug.log*
|
127
|
+
.yarn-integrity
|
128
|
+
|
129
|
+
# Ignore uploaded files in development
|
130
|
+
/storage/*
|
131
|
+
!/storage/.keep
|
132
|
+
|
133
|
+
|
134
|
+
#### node ####
|
135
|
+
# Logs
|
136
|
+
logs
|
137
|
+
*.log
|
138
|
+
npm-debug.log*
|
139
|
+
yarn-debug.log*
|
140
|
+
yarn-error.log*
|
141
|
+
lerna-debug.log*
|
142
|
+
|
143
|
+
# Diagnostic reports (https://nodejs.org/api/report.html)
|
144
|
+
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
|
145
|
+
|
146
|
+
# Runtime data
|
147
|
+
pids
|
148
|
+
*.pid
|
149
|
+
*.seed
|
150
|
+
*.pid.lock
|
151
|
+
|
152
|
+
# Directory for instrumented libs generated by jscoverage/JSCover
|
153
|
+
lib-cov
|
154
|
+
|
155
|
+
# Coverage directory used by tools like istanbul
|
156
|
+
coverage
|
157
|
+
*.lcov
|
158
|
+
|
159
|
+
# nyc test coverage
|
160
|
+
.nyc_output
|
161
|
+
|
162
|
+
# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
|
163
|
+
.grunt
|
164
|
+
|
165
|
+
# Bower dependency directory (https://bower.io/)
|
166
|
+
bower_components
|
167
|
+
|
168
|
+
# node-waf configuration
|
169
|
+
.lock-wscript
|
170
|
+
|
171
|
+
# Compiled binary addons (https://nodejs.org/api/addons.html)
|
172
|
+
build/Release
|
173
|
+
|
174
|
+
# Dependency directories
|
175
|
+
node_modules/
|
176
|
+
jspm_packages/
|
177
|
+
|
178
|
+
# TypeScript v1 declaration files
|
179
|
+
typings/
|
180
|
+
|
181
|
+
# TypeScript cache
|
182
|
+
*.tsbuildinfo
|
183
|
+
|
184
|
+
# Optional npm cache directory
|
185
|
+
.npm
|
186
|
+
|
187
|
+
# Optional eslint cache
|
188
|
+
.eslintcache
|
189
|
+
|
190
|
+
# Optional REPL history
|
191
|
+
.node_repl_history
|
192
|
+
|
193
|
+
# Output of 'npm pack'
|
194
|
+
*.tgz
|
195
|
+
|
196
|
+
# Yarn Integrity file
|
197
|
+
.yarn-integrity
|
198
|
+
|
199
|
+
# dotenv environment variables file
|
200
|
+
.env
|
201
|
+
.env.test
|
202
|
+
|
203
|
+
# parcel-bundler cache (https://parceljs.org/)
|
204
|
+
.cache
|
205
|
+
|
206
|
+
# next.js build output
|
207
|
+
.next
|
208
|
+
|
209
|
+
# nuxt.js build output
|
210
|
+
.nuxt
|
211
|
+
|
212
|
+
# vuepress build output
|
213
|
+
.vuepress/dist
|
214
|
+
|
215
|
+
# Serverless directories
|
216
|
+
.serverless/
|
217
|
+
|
218
|
+
# FuseBox cache
|
219
|
+
.fusebox/
|
220
|
+
|
221
|
+
# DynamoDB Local files
|
222
|
+
.dynamodb/
|
223
|
+
|
224
|
+
|
225
|
+
#### jetbrains ####
|
226
|
+
# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and WebStorm
|
227
|
+
# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
|
228
|
+
|
229
|
+
# User-specific stuff
|
230
|
+
.idea/**/workspace.xml
|
231
|
+
.idea/**/tasks.xml
|
232
|
+
.idea/**/usage.statistics.xml
|
233
|
+
.idea/**/dictionaries
|
234
|
+
.idea/**/shelf
|
235
|
+
|
236
|
+
# Generated files
|
237
|
+
.idea/**/contentModel.xml
|
238
|
+
|
239
|
+
# Sensitive or high-churn files
|
240
|
+
.idea/**/dataSources/
|
241
|
+
.idea/**/dataSources.ids
|
242
|
+
.idea/**/dataSources.local.xml
|
243
|
+
.idea/**/sqlDataSources.xml
|
244
|
+
.idea/**/dynamic.xml
|
245
|
+
.idea/**/uiDesigner.xml
|
246
|
+
.idea/**/dbnavigator.xml
|
247
|
+
|
248
|
+
# Gradle
|
249
|
+
.idea/**/gradle.xml
|
250
|
+
.idea/**/libraries
|
251
|
+
|
252
|
+
# Gradle and Maven with auto-import
|
253
|
+
# When using Gradle or Maven with auto-import, you should exclude module files,
|
254
|
+
# since they will be recreated, and may cause churn. Uncomment if using
|
255
|
+
# auto-import.
|
256
|
+
# .idea/modules.xml
|
257
|
+
# .idea/*.iml
|
258
|
+
# .idea/modules
|
259
|
+
# *.iml
|
260
|
+
# *.ipr
|
261
|
+
|
262
|
+
# CMake
|
263
|
+
cmake-build-*/
|
264
|
+
|
265
|
+
# Mongo Explorer plugin
|
266
|
+
.idea/**/mongoSettings.xml
|
267
|
+
|
268
|
+
# File-based project format
|
269
|
+
*.iws
|
270
|
+
|
271
|
+
# IntelliJ
|
272
|
+
out/
|
273
|
+
|
274
|
+
# mpeltonen/sbt-idea plugin
|
275
|
+
.idea_modules/
|
276
|
+
|
277
|
+
# JIRA plugin
|
278
|
+
atlassian-ide-plugin.xml
|
279
|
+
|
280
|
+
# Cursive Clojure plugin
|
281
|
+
.idea/replstate.xml
|
282
|
+
|
283
|
+
# Crashlytics plugin (for Android Studio and IntelliJ)
|
284
|
+
com_crashlytics_export_strings.xml
|
285
|
+
crashlytics.properties
|
286
|
+
crashlytics-build.properties
|
287
|
+
fabric.properties
|
288
|
+
|
289
|
+
# Editor-based Rest Client
|
290
|
+
.idea/httpRequests
|
291
|
+
|
292
|
+
# Android studio 3.1+ serialized cache file
|
293
|
+
.idea/caches/build_file_checksums.ser
|
294
|
+
|
295
|
+
|
296
|
+
#### emacs ####
|
297
|
+
# -*- mode: gitignore; -*-
|
298
|
+
*~
|
299
|
+
\#*\#
|
300
|
+
/.emacs.desktop
|
301
|
+
/.emacs.desktop.lock
|
302
|
+
*.elc
|
303
|
+
auto-save-list
|
304
|
+
tramp
|
305
|
+
.\#*
|
306
|
+
|
307
|
+
# Org-mode
|
308
|
+
.org-id-locations
|
309
|
+
*_archive
|
310
|
+
|
311
|
+
# flymake-mode
|
312
|
+
*_flymake.*
|
313
|
+
|
314
|
+
# eshell files
|
315
|
+
/eshell/history
|
316
|
+
/eshell/lastdir
|
317
|
+
|
318
|
+
# elpa packages
|
319
|
+
/elpa/
|
320
|
+
|
321
|
+
# reftex files
|
322
|
+
*.rel
|
323
|
+
|
324
|
+
# AUCTeX auto folder
|
325
|
+
/auto/
|
326
|
+
|
327
|
+
# cask packages
|
328
|
+
.cask/
|
329
|
+
dist/
|
330
|
+
|
331
|
+
# Flycheck
|
332
|
+
flycheck_*.el
|
333
|
+
|
334
|
+
# server auth directory
|
335
|
+
/server/
|
336
|
+
|
337
|
+
# projectiles files
|
338
|
+
.projectile
|
339
|
+
|
340
|
+
# directory configuration
|
341
|
+
.dir-locals.el
|
342
|
+
|
343
|
+
# network security
|
344
|
+
/network-security.data
|
345
|
+
|
346
|
+
|
347
|
+
|
348
|
+
#### macos ####
|
349
|
+
# General
|
350
|
+
.DS_Store
|
351
|
+
.AppleDouble
|
352
|
+
.LSOverride
|
353
|
+
|
354
|
+
# Icon must end with two \r
|
355
|
+
Icon
|
356
|
+
|
357
|
+
|
358
|
+
# Thumbnails
|
359
|
+
._*
|
360
|
+
|
361
|
+
# Files that might appear in the root of a volume
|
362
|
+
.DocumentRevisions-V100
|
363
|
+
.fseventsd
|
364
|
+
.Spotlight-V100
|
365
|
+
.TemporaryItems
|
366
|
+
.Trashes
|
367
|
+
.VolumeIcon.icns
|
368
|
+
.com.apple.timemachine.donotpresent
|
369
|
+
|
370
|
+
# Directories potentially created on remote AFP share
|
371
|
+
.AppleDB
|
372
|
+
.AppleDesktop
|
373
|
+
Network Trash Folder
|
374
|
+
Temporary Items
|
375
|
+
.apdisk
|
data/.rspec
ADDED
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
2.7.6
|
data/Gemfile
ADDED
data/README.md
ADDED
@@ -0,0 +1,26 @@
|
|
1
|
+
# Shim Docker secrets into your Ruby ENV
|
2
|
+
|
3
|
+
`berkeley_library-docker` autoloads the contents of your secrets files into environment variables having the same name as the source file. If using Rails, it's autoloaded via a Railtie, so there's no need to do anything besides require the gem. Otherwise, you can call it manually via:
|
4
|
+
|
5
|
+
```ruby
|
6
|
+
require 'berkeley_library/docker'
|
7
|
+
BerkeleyLibrary::Docker::Secret.load_secrets!
|
8
|
+
```
|
9
|
+
|
10
|
+
Secrets are loaded from `/run/secrets` by default. You can override this by passing another path (or glob pattern) to the `load_secrets!` method, or by setting the `UCBLIB_SECRETS_PATH` environment variable. For example:
|
11
|
+
|
12
|
+
```ruby
|
13
|
+
# Load any file under /tmp/secrets
|
14
|
+
BerkeleyLibrary::Docker::Secret.load_secrets! '/tmp/secrets/**/*'
|
15
|
+
|
16
|
+
# Load only a specific file
|
17
|
+
ENV['UCBLIB_SECRETS_PATH'] = '/run/secrets/DB_PASSWORD'
|
18
|
+
BerkeleyLibrary::Docker::Secret.load_secrets!
|
19
|
+
```
|
20
|
+
|
21
|
+
## Testing
|
22
|
+
|
23
|
+
```ruby
|
24
|
+
bundle install
|
25
|
+
rspec
|
26
|
+
```
|
data/Rakefile
ADDED
@@ -0,0 +1,39 @@
|
|
1
|
+
ENV['BUNDLE_GEMFILE'] ||= File.expand_path('Gemfile', __dir__)
|
2
|
+
require 'bundler/setup' # Set up gems listed in the Gemfile.
|
3
|
+
require 'bundler/gem_tasks'
|
4
|
+
require 'rubygems/gem_runner'
|
5
|
+
|
6
|
+
File.expand_path('lib', __dir__).tap do |lib|
|
7
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
8
|
+
end
|
9
|
+
|
10
|
+
begin
|
11
|
+
require 'rspec/core/rake_task'
|
12
|
+
RSpec::Core::RakeTask.new(:spec)
|
13
|
+
rescue LoadError
|
14
|
+
end
|
15
|
+
|
16
|
+
if ENV['CI']
|
17
|
+
ENV['RAILS_ENV'] = 'test'
|
18
|
+
end
|
19
|
+
|
20
|
+
desc 'Clean, check, build gem'
|
21
|
+
task default: %i[clean spec gem]
|
22
|
+
|
23
|
+
desc 'Remove artifacts directory, except for .keep file'
|
24
|
+
task :clean do
|
25
|
+
FileUtils.rm_rf('artifacts')
|
26
|
+
FileUtils.mkdir('artifacts')
|
27
|
+
FileUtils.touch(File.join('artifacts', '.keep'))
|
28
|
+
end
|
29
|
+
|
30
|
+
desc 'Build the gem'
|
31
|
+
task :gem do
|
32
|
+
gem_name = [
|
33
|
+
BerkeleyLibrary::Docker::ModuleInfo::NAME,
|
34
|
+
BerkeleyLibrary::Docker::ModuleInfo::VERSION,
|
35
|
+
].join('-')
|
36
|
+
output_file = File.join(__dir__, 'artifacts', gem_name)
|
37
|
+
|
38
|
+
Gem::GemRunner.new.run(['build', '--output', output_file])
|
39
|
+
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
File.expand_path('lib', __dir__).tap do |lib|
|
2
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
3
|
+
end
|
4
|
+
|
5
|
+
ruby_version = begin
|
6
|
+
ruby_version_file = File.expand_path('.ruby-version', __dir__)
|
7
|
+
File.read(ruby_version_file).strip
|
8
|
+
end
|
9
|
+
|
10
|
+
require 'berkeley_library/docker/module_info'
|
11
|
+
|
12
|
+
Gem::Specification.new do |spec|
|
13
|
+
spec.name = BerkeleyLibrary::Docker::ModuleInfo::NAME
|
14
|
+
spec.author = BerkeleyLibrary::Docker::ModuleInfo::AUTHOR
|
15
|
+
spec.email = BerkeleyLibrary::Docker::ModuleInfo::AUTHOR_EMAIL
|
16
|
+
spec.summary = BerkeleyLibrary::Docker::ModuleInfo::SUMMARY
|
17
|
+
spec.description = BerkeleyLibrary::Docker::ModuleInfo::DESCRIPTION
|
18
|
+
spec.license = BerkeleyLibrary::Docker::ModuleInfo::LICENSE
|
19
|
+
spec.version = BerkeleyLibrary::Docker::ModuleInfo::VERSION
|
20
|
+
spec.homepage = BerkeleyLibrary::Docker::ModuleInfo::HOMEPAGE
|
21
|
+
|
22
|
+
spec.files = `git ls-files -z`.split("\x0")
|
23
|
+
spec.test_files = spec.files.grep(%r{^(test|spec|features|artifacts)/})
|
24
|
+
spec.require_paths = ['lib']
|
25
|
+
|
26
|
+
spec.required_ruby_version = ">= #{ruby_version}"
|
27
|
+
|
28
|
+
spec.add_development_dependency 'rails', '~> 6'
|
29
|
+
spec.add_development_dependency 'rake'
|
30
|
+
spec.add_development_dependency 'rspec'
|
31
|
+
spec.add_development_dependency 'rspec_junit_formatter'
|
32
|
+
spec.add_development_dependency 'rspec-support', '~> 3.9'
|
33
|
+
|
34
|
+
spec.metadata['rubygems_mfa_required'] = 'true'
|
35
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
require 'forwardable'
|
2
|
+
require 'logger'
|
3
|
+
|
4
|
+
module BerkeleyLibrary
|
5
|
+
module Docker
|
6
|
+
module Logging
|
7
|
+
extend Forwardable
|
8
|
+
|
9
|
+
def logger
|
10
|
+
@logger ||= begin
|
11
|
+
if defined?(Rails) && Rails.logger
|
12
|
+
Rails.logger
|
13
|
+
else
|
14
|
+
Logger.new(STDOUT)
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
# Prefixed "log_" to avoid conflicts with core methods,
|
20
|
+
# namely 'warn'.
|
21
|
+
[:debug, :info, :warn, :error, :fatal].each do |level|
|
22
|
+
def_delegator :logger, level, :"log_#{level}"
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
module BerkeleyLibrary
|
2
|
+
module Docker
|
3
|
+
class ModuleInfo
|
4
|
+
NAME = 'berkeley_library-docker'.freeze
|
5
|
+
AUTHOR = 'Dan Schmidt'.freeze
|
6
|
+
AUTHOR_EMAIL = 'danschmidt5189@berkeley.edu'.freeze
|
7
|
+
SUMMARY = 'Utility functions for Dockerizing Ruby apps'.freeze
|
8
|
+
DESCRIPTION = 'Utility functions for making Ruby apps "just work" in Docker containers.'.freeze
|
9
|
+
LICENSE = 'MIT'.freeze
|
10
|
+
VERSION = '0.0.1'.freeze
|
11
|
+
HOMEPAGE = 'https://github.com/BerkeleyLibrary/docker'.freeze
|
12
|
+
|
13
|
+
private_class_method :new
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
require 'berkeley_library/docker/logging'
|
2
|
+
|
3
|
+
module BerkeleyLibrary
|
4
|
+
module Docker
|
5
|
+
class Secret
|
6
|
+
class << self
|
7
|
+
include Logging
|
8
|
+
|
9
|
+
PATH_OVERRIDE_ENVVAR = 'UCBLIB_SECRETS_PATH'
|
10
|
+
DEFAULT_SECRETS_PATH = '/run/secrets'
|
11
|
+
|
12
|
+
def load_secrets!(glob = nil)
|
13
|
+
files_from(glob).each(&method(:load_secret!))
|
14
|
+
end
|
15
|
+
|
16
|
+
private
|
17
|
+
|
18
|
+
def load_secret!(filepath)
|
19
|
+
secret = File.basename(filepath)
|
20
|
+
ENV[secret] = File.read(filepath).strip
|
21
|
+
log_info "Loaded secret `ENV['#{secret}']` from #{filepath}"
|
22
|
+
end
|
23
|
+
|
24
|
+
def files_from(glob = nil)
|
25
|
+
glob ||= ENV[PATH_OVERRIDE_ENVVAR] || DEFAULT_SECRETS_PATH
|
26
|
+
glob = glob.strip
|
27
|
+
|
28
|
+
if File.directory?(glob) && !glob.end_with?('*')
|
29
|
+
glob = File.join(glob, '*')
|
30
|
+
end
|
31
|
+
|
32
|
+
log_info "Searching '#{glob}' for secrets files"
|
33
|
+
Dir[glob].filter_map { |fname| fname if File.file? fname }
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
@@ -0,0 +1,10 @@
|
|
1
|
+
require 'berkeley_library/docker/logging'
|
2
|
+
require 'berkeley_library/docker/module_info'
|
3
|
+
require 'berkeley_library/docker/secret'
|
4
|
+
require 'berkeley_library/docker/railtie' if defined?(Rails::Railtie)
|
5
|
+
|
6
|
+
module BerkeleyLibrary
|
7
|
+
module Docker
|
8
|
+
#
|
9
|
+
end
|
10
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
require 'rails' # require Rails first to mimic load order
|
2
|
+
require 'berkeley_library/docker/railtie'
|
3
|
+
require 'spec_helper'
|
4
|
+
|
5
|
+
module BerkeleyLibrary
|
6
|
+
module Docker
|
7
|
+
describe Railtie do
|
8
|
+
before do
|
9
|
+
expect(ENV['API_TOKEN']).to be nil
|
10
|
+
end
|
11
|
+
|
12
|
+
it 'causes rails to load the environment' do
|
13
|
+
with_secret('API_TOKEN', 'd33db55f') do
|
14
|
+
class TestApp < Rails::Application; end
|
15
|
+
TestApp.create.initialize!
|
16
|
+
|
17
|
+
expect(ENV['API_TOKEN']).to eq 'd33db55f'
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
@@ -0,0 +1,50 @@
|
|
1
|
+
require 'berkeley_library/docker/secret'
|
2
|
+
require 'fileutils'
|
3
|
+
require 'spec_helper'
|
4
|
+
|
5
|
+
module BerkeleyLibrary
|
6
|
+
module Docker
|
7
|
+
describe Secret do
|
8
|
+
it 'loads secrets into the environment' do
|
9
|
+
with_secret('DB_PASSWORD', 'f00BarbAz') do
|
10
|
+
expect(ENV['DB_PASSWORD']).to be nil
|
11
|
+
Secret.load_secrets!
|
12
|
+
expect(ENV['DB_PASSWORD']).to eq 'f00BarbAz'
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
it 'reads multiline secrets' do
|
17
|
+
with_secret('SSH_PRIVATE_KEY', "d33db55f\nd33db55f") do
|
18
|
+
expect(ENV['SSH_PRIVATE_KEY']).to be nil
|
19
|
+
Secret.load_secrets!
|
20
|
+
expect(ENV['SSH_PRIVATE_KEY']).to eq "d33db55f\nd33db55f"
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
it 'strips trailing whitespace' do
|
25
|
+
with_secret('API_TOKEN', "d33db55f\n") do
|
26
|
+
expect(ENV['API_TOKEN']).to be nil
|
27
|
+
Secret.load_secrets!
|
28
|
+
expect(ENV['API_TOKEN']).to eq 'd33db55f'
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
it 'ignores subdirectories in the secrets directory' do
|
33
|
+
FileUtils.mkdir_p(File.join(SPEC_SECRETS_PATH, 'some-dir'))
|
34
|
+
expect{ Secret.load_secrets! }.not_to raise_error
|
35
|
+
end
|
36
|
+
|
37
|
+
it 'searches ENV["UCBLIB_SECRETS_PATH"] by default' do
|
38
|
+
with_secret('MASTER_KEY', 'd33db55f', '/tmp/super-secrets') do
|
39
|
+
Secret.load_secrets!
|
40
|
+
expect(ENV['MASTER_KEY']).to be nil
|
41
|
+
|
42
|
+
ENV['UCBLIB_SECRETS_PATH'] = '/tmp/super-secrets'
|
43
|
+
|
44
|
+
Secret.load_secrets!
|
45
|
+
expect(ENV['MASTER_KEY']).to eq 'd33db55f'
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,18 @@
|
|
1
|
+
require_relative './spec_utils.rb'
|
2
|
+
|
3
|
+
# Avoid issues with `/run` being read-only on MacOS
|
4
|
+
SPEC_SECRETS_PATH = ENV['UCBLIB_SECRETS_PATH'] = '/tmp/secrets'
|
5
|
+
|
6
|
+
RSpec.configure do |config|
|
7
|
+
config.include SpecUtils
|
8
|
+
|
9
|
+
config.expect_with :rspec do |expectations|
|
10
|
+
expectations.include_chain_clauses_in_custom_matcher_descriptions = true
|
11
|
+
end
|
12
|
+
|
13
|
+
config.mock_with :rspec do |mocks|
|
14
|
+
mocks.verify_partial_doubles = true
|
15
|
+
end
|
16
|
+
|
17
|
+
config.shared_context_metadata_behavior = :apply_to_host_groups
|
18
|
+
end
|
data/spec/spec_utils.rb
ADDED
@@ -0,0 +1,28 @@
|
|
1
|
+
require 'berkeley_library/docker/secret'
|
2
|
+
require 'fileutils'
|
3
|
+
|
4
|
+
module SpecUtils
|
5
|
+
def rollback_environment(&block)
|
6
|
+
old_envvars = ENV.keys
|
7
|
+
|
8
|
+
begin
|
9
|
+
yield
|
10
|
+
ensure
|
11
|
+
ENV.select! { |k, _| old_envvars.include? k }
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
def with_secret(secret_name, value, secrets_dir = nil, &block)
|
16
|
+
rollback_environment do
|
17
|
+
filepath = File.join(secrets_dir || SPEC_SECRETS_PATH, secret_name)
|
18
|
+
FileUtils.mkdir_p(File.dirname(filepath))
|
19
|
+
File.open(filepath, 'w+') { |fh| fh.puts value }
|
20
|
+
|
21
|
+
begin
|
22
|
+
yield
|
23
|
+
ensure
|
24
|
+
File.delete filepath
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
metadata
ADDED
@@ -0,0 +1,134 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: berkeley_library-docker
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Dan Schmidt
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2022-11-14 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: rails
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '6'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '6'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: rake
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ">="
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rspec
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rspec_junit_formatter
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: rspec-support
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - "~>"
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '3.9'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "~>"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '3.9'
|
83
|
+
description: Utility functions for making Ruby apps "just work" in Docker containers.
|
84
|
+
email: danschmidt5189@berkeley.edu
|
85
|
+
executables: []
|
86
|
+
extensions: []
|
87
|
+
extra_rdoc_files: []
|
88
|
+
files:
|
89
|
+
- ".github/workflows/build.yml"
|
90
|
+
- ".gitignore"
|
91
|
+
- ".rspec"
|
92
|
+
- ".ruby-version"
|
93
|
+
- Gemfile
|
94
|
+
- README.md
|
95
|
+
- Rakefile
|
96
|
+
- berkeley_library-docker.gemspec
|
97
|
+
- lib/berkeley_library/docker.rb
|
98
|
+
- lib/berkeley_library/docker/logging.rb
|
99
|
+
- lib/berkeley_library/docker/module_info.rb
|
100
|
+
- lib/berkeley_library/docker/railtie.rb
|
101
|
+
- lib/berkeley_library/docker/secret.rb
|
102
|
+
- spec/berkeley_library/docker/railtie_spec.rb
|
103
|
+
- spec/berkeley_library/docker/secret_spec.rb
|
104
|
+
- spec/spec_helper.rb
|
105
|
+
- spec/spec_utils.rb
|
106
|
+
homepage: https://github.com/BerkeleyLibrary/docker
|
107
|
+
licenses:
|
108
|
+
- MIT
|
109
|
+
metadata:
|
110
|
+
rubygems_mfa_required: 'true'
|
111
|
+
post_install_message:
|
112
|
+
rdoc_options: []
|
113
|
+
require_paths:
|
114
|
+
- lib
|
115
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
116
|
+
requirements:
|
117
|
+
- - ">="
|
118
|
+
- !ruby/object:Gem::Version
|
119
|
+
version: 2.7.6
|
120
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - ">="
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '0'
|
125
|
+
requirements: []
|
126
|
+
rubygems_version: 3.1.6
|
127
|
+
signing_key:
|
128
|
+
specification_version: 4
|
129
|
+
summary: Utility functions for Dockerizing Ruby apps
|
130
|
+
test_files:
|
131
|
+
- spec/berkeley_library/docker/railtie_spec.rb
|
132
|
+
- spec/berkeley_library/docker/secret_spec.rb
|
133
|
+
- spec/spec_helper.rb
|
134
|
+
- spec/spec_utils.rb
|