conjur-debify 0.0.1.pre.47 → 0.2.0

data/CHANGELOG.md

@@ -1,246 +0,0 @@
-## [0.0.1]
-### Changed
-
-- Upgrade ruby version to 3.0.
-- Bump `cucumber` gem to 7.1.
-- Bump `conjur-api` gem to 5.3.7.
-- Bump `conjur-cli` gem to 6.2.6.
-- Bump `aruba` gem to 2.0.
-- Bump `jfrog-cli` to :latest.
-
-## [2.1.1]
-### Changed
-
-- Update to use automated release process
-
-# 2.1.0
-### Changed
-
-- Refine bundler related steps in `debify package` flow: only `package.sh` file configures
-  and invokes bundler. `Dockerfile.fpm` only copies files and adjusts folder structure.
-- Remove bundler 1.* support 
-
-# 2.0.0
-### Changed
-- Debify now receives the flag `--output` as input to indicate the file type that it should package (e.g `rpm`). If this 
-  flag is not given, the default value is `deb`.
-  [conjurinc/debify#56](https://github.com/conjurinc/debify/issues/56)
-
-# 1.12.0
-
-### Added
-- Debify now packages and publishes an RPM file, alongside a debian file.
-  [conjurinc/debify#49](https://github.com/conjurinc/debify/pull/49)
-- `debify package` now offers an `--additional-files` flag to provide a comma
-  separated list of files to include in the FPM build that are not provided
-  automatically by `git ls-files`.
-  [conjurinc/debify#52](https://github.com/conjurinc/debify/pull/52)
-
-### Fixed
-- Bug causing `all` files in the git repo to be added to the debian file.
-  [conjurinc/debify#50](https://github.com/conjurinc/debify/pull/50)
-
-# 1.11.5
-
-### Changed
-* Updated FPM and Test images to use a base image with FIPS-compliant Ruby and OpenSSL.
-
-# 1.11.4
-
-* Updated sandbox password to match Conjur password complexity requirements.
-
-# 1.11.3
-
-* Reverted to `bundler` v1. `bundler` v2 was creating incompatible paths for downstream
-  packages.
-* Made FPM Ruby version use `ruby2.5` instead of `ruby2.6` since that is what
-  our appliance image uses otherwise the gems bundled in the packages are unusable.
-
-# 1.11.2
-
-* Upgraded to use Ruby 2.6 and latest version of FPM
-* Update Conjur Dockerfile from Ubuntu 14.04 --> 18.04 as 14.04 repos
-  are now behind a [pay wall](https://ubuntu.com/blog/ubuntu-14-04-esm-support)
-  Ruby is installed from `ppa:brightbox/ruby-ng` however that PPA
-  [doesn't currently supply ruby2.2 for Ubuntu 18.04](https://launchpad.net/~brightbox/+archive/ubuntu/ruby-ng?field.series_filter=bionic). [The documentation](https://www.brightbox.com/docs/ruby/ubuntu/)
-  suggests this combination is available, so it may be a temporary problem.
-  To work around the problem, ruby is bumped from 2.2 to 2.3 as 2.3 is the oldest
-  version available for Ubuntu 18.04.
-
-# 1.11.1
-
-* Upgrade `docker-debify` to use Ruby 2.6.
-
-# 1.11.0
-
-* Use a Docker env-file (docker.env, by default) to pass environment
-  variables to the debify container.
-
-* Make sure `--env` variables get passed along to the Conjur container when testing, too.
-
-# 1.10.3
-
-* Fix a bug causing duplicate files between normal and dev packages when a file name contained a space.
-
-# 1.10.2
-
-* Pin `ruby-xz` gem in fpm Dockerfile, so it works on Ruby 2.2. Upstream issue: https://github.com/jordansissel/fpm/issues/1493
-
-# 1.10.1
-
-* Update fpm container to use Ruby 2.4, fixes `ruby-xz` dependency
-
-# 1.10.0
-
-* add `--net` support to `test` and `sandbox` subcommands
-* Use Docker::Container.start! to start containers, to avoid
-  swallowing important errors.
-
-# 1.9.1
-
-* Make sure .bundle/config in the 'main' package excludes test and development groups.
-
-# 1.9.0
-
-* Build -dev package with development/test dependencies and use it on `debify test`.
-
-# 1.8.2
-
-* Install fpm dependency libffi-dev
-
-# 1.8.1
-
-* Make Conjur cert available in dockerized debify container
-* Add a cuke for `debify publish`
-
-# 1.8.0
-
-* Added artifactory url option to `debify publish`, defaults to jfrog.io domain
-* Added artifactory repo option to `debify publish`, defaults to 'debian-private'
-
-# 1.7.4
-
-* Fix publishing support in docker-debify
-
-# 1.7.2
-
-* Take out a `require 'pry'` that had snuck in.
-* Fix `publish` subcommand, broken after factoring publish out into a separate action.
-
-# 1.7.0
-
-* Read artifactory credentials from the environment
-  (`ARTIFACTORY_USER`, `ARTIFACTORY_PASSWORD`), only contact Conjur if
-  they're not set.
-
-# 1.6.1
-
-* Buils a docker image to run debify, convert tests to use it, pipeline build
-
-# 1.6.0
-
-* When not on the master branch, `debify publish` uses the branch name as the component name, rather than always using
-  `'testing'`.
-
-# 1.5.4
-
-* `debify publish` now checks env var `BRANCH_NAME` as well as `GIT_BRANCH`.
-  Jenkins pipelines use `BRANCH_NAME`, Jenkins jobs use `GIT_BRANCH`.
-
-# 1.5.3
-
-* debify now uses `~/.docker/config` auth if pulling an image fails due to auth
-
-# 1.5.2
-
-* Use new conjurops variables in `publish` command, fall back to old conjurops
-
-# 1.5.1
-
-* Fix the description of the `--version` argument to indicate that the version now comes from the `VERSION` file.
-
-# 1.5.0
-
-* Add `detect-version` command.
-* Read version from VERSION file, if it exists.
-
-# 1.4.0
-
-* Add `--port` sandbox option
-
-# 1.3.1
-
-* When testing, `docker exec` into the Conjur container to run
-  `/opt/conjur/evoke/bin/wait_for_conjur`.
-
-# 1.3.0
-
-* Add `--volumes-from`
-
-# 1.2.1
-
-* Fix typo in error message
-
-# 1.2.0
-
-* Pin bundler to 1.11.2
-
-# 1.1.0
-
-* Minor workflow tweaks, and some changes to work around Docker For Mac issues
-
-# 1.0.0
-
-* Base image used for packaging on Ubuntu 14.04
-* Install ruby2.2 and related packages
-
-# 0.11.1
-
-* Add `name` and `Workingdir` options to the sandbox container.
-
-# 0.11.0
-
-* Add `debify sandbox`.
-
-# 0.10.2
-
-* Fixed publish internal Dockerfile.
-
-# 0.10.1
-
-* Run internal containers as privileged if Docker >= 1.10.0.
-
-# 0.10.0
-
-* Upgrading Ruby for packaging from 2.0 to 2.2.4.
-
-# 0.9.2
-
-* Print messages to stderr instead of stdout during packaging.
-* Only consider tags matching v*.*.* when determining package version string.
-
-# 0.9.1
-
-* Provide the package to purge before installing the new version.
-
-# 0.9.0
-
-* Don't nuke the entire existing source install dir, there may be necessary files in there.
-
-# 0.8.0
-
-* Remove the need for a 'latest' debian.
-* Fix bug in the error message for 'detect_version'.
-* Use a more reliable way to detect the current branch.
-* `publish` : Remove the default value of the 'component' flag.
-* `clean` : Don't create a container unless deletions will actually be performed.
-
-# 0.7.0
-
-* Add `debify clean`.
-
-# 0.6.0
-
-* `package` : Add `--dockerfile` option.
-* `package` : Ensure that `Gemfile.lock` is in the container.
-* `test` : Propagate `SSH_AUTH_SOCK` to the container.

data/CONTRIBUTING.md

@@ -1,16 +0,0 @@
-# Contributing
-
-For general contribution and community guidelines, please see the [community repo](https://github.com/cyberark/community).
-
-## Contributing
-
-1. [Fork the project](https://help.github.com/en/github/getting-started-with-github/fork-a-repo)
-2. [Clone your fork](https://help.github.com/en/github/creating-cloning-and-archiving-repositories/cloning-a-repository)
-3. Make local changes to your fork by editing files
-3. [Commit your changes](https://help.github.com/en/github/managing-files-in-a-repository/adding-a-file-to-a-repository-using-the-command-line)
-4. [Push your local changes to the remote server](https://help.github.com/en/github/using-git/pushing-commits-to-a-remote-repository)
-5. [Create new Pull Request](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request-from-a-fork)
-
-From here your pull request will be reviewed and once you've responded to all
-feedback it will be merged into the project. Congratulations, you're a
-contributor!

data/Dockerfile

@@ -1,33 +0,0 @@
-FROM ruby:3.0
-
-RUN apt-get update -qq && \
-    apt-get dist-upgrade -qqy && \
-    apt-get install -qqy \
-    apt-transport-https \
-    ca-certificates \
-    curl
-    
-# Install Docker client tools
-ENV DOCKERVERSION=20.10.0
-RUN curl -fsSLO https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKERVERSION}.tgz \
-  && tar xzvf docker-${DOCKERVERSION}.tgz --strip 1 \
-                 -C /usr/local/bin docker/docker \
-  && rm docker-${DOCKERVERSION}.tgz
-
-RUN mkdir -p /debify
-WORKDIR /debify
-
-COPY . ./
-
-RUN gem install bundler:2.2.30
-RUN gem build debify.gemspec
-
-ARG VERSION
-RUN gem install -N conjur-debify-*.gem
-
-ARG CONJUR_APPLIANCE_URL
-ENV CONJUR_APPLIANCE_URL ${CONJUR_APPLIANCE_URL:-https://conjurops.itp.conjur.net}
-ENV CONJUR_ACCOUNT ${CONJUR_ACCOUNT:-conjur}
-ENV CONJUR_VERSION ${CONJUR_VERSION:-5}
-
-ENTRYPOINT ["/debify/distrib/entrypoint.sh"]

data/Jenkinsfile

@@ -1,116 +0,0 @@
-#!/usr/bin/env groovy
-
-// Automated release, promotion and dependencies
-properties([
-  release.addParams(),
-  dependencies(['cyberark/conjur-base-image'])
-])
-
-if (params.MODE == "PROMOTE") {
-  release.promote(params.VERSION_TO_PROMOTE) { sourceVersion, targetVersion, assetDirectory ->
-    sh './publish-rubygems.sh'
-  }
-  return
-}
-
-pipeline {
-  agent { label 'executor-v2' }
-
-  options {
-    timestamps()
-    buildDiscarder(logRotator(daysToKeepStr: '30'))
-  }
-
-  triggers {
-    cron(getDailyCronString())
-  }
-
-  environment {
-    MODE = release.canonicalizeMode()
-  }
-
-  stages {
-    stage ("Skip build if triggering job didn't create a release") {
-      when {
-        expression {
-          MODE == "SKIP"
-        }
-      }
-      steps {
-        script {
-          currentBuild.result = 'ABORTED'
-          error("Aborting build because this build was triggered from upstream, but no release was built")
-        }
-      }
-    }
-    stage('Prepare') {
-      steps {
-        // Initialize VERSION file
-        updateVersion("CHANGELOG.md", "${BUILD_NUMBER}")
-      }
-    }
-    stage('Build docker image') {
-      steps {
-        sh './build.sh'
-      }
-    }
-
-    stage('Scan Docker image') {
-      parallel {
-        stage('Scan Docker image for fixable issues') {
-          steps{
-            script {
-              VERSION = sh(returnStdout: true, script: 'cat VERSION')
-            }
-            scanAndReport("debify:${VERSION}", "HIGH", false)
-          }
-        }
-        stage('Scan Docker image for all issues') {
-          steps{
-            script {
-              VERSION = sh(returnStdout: true, script: 'cat VERSION')
-            }
-            scanAndReport("debify:${VERSION}", "NONE", true)
-          }
-        }
-      }
-    }
-
-    stage('Run feature tests') {
-      steps {
-        sh './test.sh'
-      }
-      post { always {
-        junit 'features/reports/*.xml'
-      }}
-    }
-
-    stage('Push Docker image') {
-      steps {
-        sh './tag-image.sh'
-        sh './push-image.sh'
-      }
-    }
-
-    stage('Publish to RubyGems') {
-      when {
-        expression {
-          MODE == "RELEASE"
-        }
-      }
-
-      steps {
-        release {
-          sh './publish-rubygem.sh'
-          sh "cp conjur-debify-*.gem release-assets/."
-        }
-      }
-    }
-  }
-
-  post {
-    always {
-      cleanupAndNotify(currentBuild.currentResult)
-    }
-  }
-}

data/VERSION

@@ -1 +0,0 @@
-0.0.1-47

data/build.sh

@@ -1,4 +0,0 @@
-#!/bin/bash -ex
-
-VERSION=$(< VERSION)
-docker build --build-arg VERSION=$VERSION -t debify:$VERSION .

data/ci/test.sh

@@ -1,8 +0,0 @@
-#!/bin/bash -ex
-
-bundle
-
-for target in spec cucumber; do
-  bundle exec rake $target
-done
-

data/distrib/conjur_creds.rb

@@ -1,7 +0,0 @@
-require 'netrc'
-Netrc.configure do |c|
-  c[:allow_permissive_netrc_file] = true
-end
-
-creds = Netrc.read('/root/.netrc')[ENV['CONJUR_APPLIANCE_URL'] + '/authn']
-print "#{creds.login} #{creds.password}" if creds

data/distrib/docker-debify

@@ -1,50 +0,0 @@
-#!/bin/bash -e
-
-# If we're running in jenkins, there will be a conjur.identity file
-# with Conjur creds in it. Otherwise, assume the user's netrc has
-# them.
-if [[ -f /etc/conjur.identity ]]; then
-  netrc=/etc/conjur.identity
-else
-  netrc=$HOME/.netrc
-fi
-
-: ${CONJURRC=/etc/conjur.conf}
-
-conjur_config() {
-  local name=$1; shift
-  grep $name $CONJURRC | awk '{print $2}' | tr -d '"'
-}
-
-export CONJUR_APPLIANCE_URL=$(conjur_config appliance_url)
-export CONJUR_SSL_CERTIFICATE="$(< $(conjur_config cert_file))"
-
-[[ -f "$HOME/.debifyrc" ]] && rc_arg="-v $HOME/.debifyrc:/root/.debifyrc:ro"
-
-: ${DEBIFY_ENVFILE=debify.env}
-[[ -f $DEBIFY_ENVFILE ]] &&  envfile_arg="--env-file $DEBIFY_ENVFILE"
-
-# Mounting docker socket is required because subcommands launch
-# containers.
-#
-# The environment variables can't go into an env-file, because docker
-# doesn't handle env-file variables the same way it handles
-# command-line variables. In particular, when a variable in an
-# env-file is unset in the calling enviroment, it gets set in the
-# container without a value. When such a variable is mentioned on the
-# command line, it doesn't get set in the container.
-tty=$(tty -s && echo "-t" || true)
-docker run -i $tty --rm \
-  -e GLI_DEBUG -e DEBUG \
-  -e CONJUR_APPLIANCE_URL -e CONJUR_SSL_CERTIFICATE \
-  -e GIT_BRANCH -e BRANCH_NAME \
-  -e ARTIFACTORY_USER -e ARTIFACTORY_PASSWORD \
-  -e HOME \
-  ${envfile_arg} \
-  -v "$PWD:$PWD" -w "$PWD" \
-  -v /var/run/docker.sock:/var/run/docker.sock \
-  -v "${HOME}:${HOME}" \
-  -v "${netrc}:${HOME}/.netrc:ro" \
-  ${rc_arg} \
-  ${DEBIFY_ENTRYPOINT+--entrypoint $DEBIFY_ENTRYPOINT} \
-  ${DEBIFY_IMAGE-registry.tld/conjurinc/debify:@@DEBIFY_VERSION@@} "$@"

data/distrib/entrypoint.sh

@@ -1,19 +0,0 @@
-#!/bin/bash -e
-
-# Make sure we don't echo commands as executed, otherwise the user's
-# Conjur API key will show up in the logs.
-set +x
-
-creds=( $(ruby /debify/distrib/conjur_creds.rb) )
-
-# If there are creds, use them to log in to the registry.
-#
-# If there are no creds, any commands that do
-# Docker stuff will fail, but the non-Docker commands (e.g. the config
-# subcommands) will work fine.
-if [[ ${#creds[*]} > 0 ]]; then
-  echo -n "${creds[1]}" | docker login registry.tld -u ${creds[0]} --password-stdin >/dev/null 2>&1
-fi
-
-exec debify "$@"
-

data/distrib/script

@@ -1 +0,0 @@
-distrib/docker-debify

data/distrib/secrets

@@ -1 +0,0 @@
-distrib/secrets.yml

data/distrib/secrets.yml

@@ -1,2 +0,0 @@
-ARTIFACTORY_USER: !var ci/artifactory/users/jenkins/username
-ARTIFACTORY_PASSWORD: !var ci/artifactory/users/jenkins/password

data/example/docker-compose.yml

@@ -1,11 +0,0 @@
-version: "2"
-networks:
-  svcnet:
-    external:
-      name: testnet
-services:
-  db:
-    image: postgres
-    container_name: mydb
-    networks:
-      - svcnet

data/example/net-test.sh

@@ -1,7 +0,0 @@
-#!/bin/bash -ex
-
-cid=$1
-
-docker exec $cid curl -s http://other_host > /dev/null
-
-echo Test succeeded

data/features/detect_version.feature

@@ -1,7 +0,0 @@
-Feature: Automatic version string
-
-  @announce-output
-  Scenario: 'example' project gets a default version
-    When I run `env DEBUG=true GLI_DEBUG=true debify detect-version -d ../../example`
-    Then the exit status should be 0
-    And the output should match /\d+.\d+.\d+-\d+-.*/

data/features/package.feature

@@ -1,23 +0,0 @@
-@announce-output
-Feature: Packaging
-
-  Background:
-    # We use version 0.0.1-suffix to verify that RPM converts dashes to underscores
-    # in the version as we expect
-    Given I successfully run `env DEBUG=true GLI_DEBUG=true debify package -d ../../example -v 0.0.1-suffix example -- --post-install /distrib/postinstall.sh`
-    And I successfully run `env DEBUG=true GLI_DEBUG=true debify package -d ../../example --output rpm  -v 0.0.1-suffix example  -- --post-install /distrib/postinstall.sh`
-
-  Scenario: 'example' project can be packaged successfully
-    Then the stdout should contain "conjur-example_0.0.1-suffix_amd64.deb"
-    And the stdout should contain "conjur-example-dev_0.0.1-suffix_amd64.deb"
-    And the stdout should contain "conjur-example-0.0.1_suffix-1.x86_64.rpm"
-    And the stdout should contain "conjur-example-dev-0.0.1_suffix-1.x86_64.rpm"
-
-  Scenario: 'clean' command will delete non-Git-managed files
-    When I successfully run `env DEBUG=true GLI_DEBUG=true debify clean -d ../../example --force`
-    And I successfully run `find ../../example`
-    Then the stdout from "find ../../example" should not contain "conjur-example_0.0.1-suffix_amd64.deb"
-    And the stdout from "find ../../example" should not contain "conjur-example-0.0.1_suffix-1.x86_64.rpm"
-
-  Scenario: 'example' project can be published
-    When I successfully run `env DEBUG=true GLI_DEBUG=true debify publish -v 0.0.1-suffix -d ../../example 5.0 example`

data/features/sandbox.feature

@@ -1,23 +0,0 @@
-@announce-output
-Feature: Running a sandbox
-  Background:
-    Given I successfully run `docker pull registry.tld/conjur-appliance-cuke-master:5.0-stable`
-    # The extra containers will use the `alpine` image, so we need to pull it first on the
-    # host to use the authenticated DockerHub connection. This avoids hitting DockerHub
-    # rate limits.
-    And I successfully run `docker pull nginx`
-
-  Scenario: sandbox for 'example' project be started
-    Given I successfully start a sandbox for "example" with arguments "-t 5.0-stable --no-pull"
-
-  Scenario: sandbox for 'example' project be started linked to another container
-    Given I start a container named "other_host"
-    Then I successfully start a sandbox for "example" with arguments "-t 5.0-stable --no-pull --link other_host -c 'curl -s http://other_host > /dev/null'"
-
-  Scenario: sandbox for 'example' project be started on a network other than the default
-    Given I start a container named "other_host" on network "test-net"
-    Then I successfully start a sandbox for "example" with arguments "-t 5.0-stable --no-pull --net test-net -c 'curl -s http://other_host > /dev/null'"
-
-  Scenario: sandbox for 'example' project be started on a network other than the default with a host aliased
-    Given I start a container named "another_host" on network "test-net"
-    Then I successfully start a sandbox for "example" with arguments "-t 5.0-stable --no-pull --net test-net --link another_host:other_host -c 'curl -s http://other_host > /dev/null'"

data/features/support/hooks.rb

@@ -1,29 +0,0 @@
-Before do
-  # Using "announce" causes massive warnings on 1.9.2
-  @puts = true
-  @original_rubylib = ENV['RUBYLIB']
-  ENV['RUBYLIB'] = LIB_DIR + File::PATH_SEPARATOR + ENV['RUBYLIB'].to_s
-end
-
-After do
-  ENV['RUBYLIB'] = @original_rubylib
-end
-
-Around do |scenario, block|
-  # Note that self in an Around hook is the instance of the world
-  # (here, a DebifyWorld) for the current scenario.
-  initialize
-  begin
-    block.call
-  ensure
-    unless ENV['KEEP_CONTAINERS']
-      containers.each do |c|
-        c.remove(force: true)
-      end
-      
-      networks.each do |n|
-        n.remove
-      end
-    end
-  end
-end

data/features/support/world.rb

@@ -1,10 +0,0 @@
-module DebifyWorld
-  attr_accessor :containers, :networks
-
-  def initialize
-    @containers = []
-    @networks = []
-  end
-end
-
-World(DebifyWorld)

data/features/test.feature

@@ -1,24 +0,0 @@
-@announce-output
-Feature: Testing
-
-  Background:
-    Given I successfully run `env DEBUG=true GLI_DEBUG=true debify package -d ../../example -v 0.0.1 example -- --post-install /distrib/postinstall.sh`
-
-  Scenario: 'example' project can be tested successfully
-    When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 5.0-stable -v 0.0.1 -d ../../example --no-pull example test.sh`
-    Then the stderr should contain "Test succeeded"
-
-  Scenario: 'example' project can be tested when linked to another container
-    Given I start a container named "other_host"
-    When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 5.0-stable -v 0.0.1 -d ../../example --no-pull --link other_host example net-test.sh`
-    Then the stderr should contain "Test succeeded"
-
-  Scenario: 'example' project can be tested on a network other than the default
-    Given I start a container named "other_host" on network "test-net"
-    When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 5.0-stable -v 0.0.1 -d ../../example --no-pull --net test-net example net-test.sh`
-    Then the stderr should contain "Test succeeded"
-
-  Scenario: 'example' project can be tested on a network other than the default with a host aliased
-    Given I start a container named "another_host" on network "test-net"
-    When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 5.0-stable -v 0.0.1 -d ../../example --no-pull --link another_host:other_host --net test-net example net-test.sh`
-    Then the stderr should contain "Test succeeded"