conjur-debify 0.3.2 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/conjur/debify/version.rb +1 -1
- data/lib/conjur/debify.rb +80 -44
- data/lib/conjur/fpm/package.sh +0 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5bba7f110cbbeb17cad3b1a7aaa9723bbbfaa508
|
4
|
+
data.tar.gz: 29cb740a691ceefa03960e68208b01c37439448d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a96de1aad2fe69616b94854ef6ae8f870a8065a706ef582bd02427b44ea49f84f3d34bdbb8565f1a7c1b620160e530ccec8e61933b1e43976ffdf27786bc4db8
|
7
|
+
data.tar.gz: 0509aeec7d1fef0005a3ca69e44ba4ce7f5f7f210c6e761cf56481a0ddb96ae9d61e1298a100c91d58a28e8fd6ccf08754f0edabfa6036d8901392cd15bded28
|
data/lib/conjur/debify.rb
CHANGED
@@ -52,6 +52,12 @@ version Conjur::Debify::VERSION
|
|
52
52
|
subcommand_option_handling :normal
|
53
53
|
arguments :strict
|
54
54
|
|
55
|
+
def detect_version
|
56
|
+
`git describe --long --tags --abbrev=7 | sed -e 's/^v//'`.strip.tap do |version|
|
57
|
+
raise "No Git version (tag) for project '#{project_name}'" if version.empty?
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
55
61
|
desc "Build a debian package for a project"
|
56
62
|
long_desc <<DESC
|
57
63
|
The package is built using fpm (https://github.com/jordansissel/fpm).
|
@@ -83,6 +89,7 @@ command "package" do |c|
|
|
83
89
|
|
84
90
|
c.action do |global_options,cmd_options,args|
|
85
91
|
raise "project-name is required" unless project_name = args.shift
|
92
|
+
|
86
93
|
fpm_args = []
|
87
94
|
if (delimeter = args.shift) == '--'
|
88
95
|
fpm_args = args.dup
|
@@ -92,16 +99,12 @@ command "package" do |c|
|
|
92
99
|
|
93
100
|
dir = cmd_options[:dir] || '.'
|
94
101
|
pwd = File.dirname(__FILE__)
|
95
|
-
version = cmd_options[:version]
|
96
102
|
|
97
103
|
fpm_image = Docker::Image.build_from_dir File.expand_path('fpm', File.dirname(__FILE__)), tag: "debify-fpm", &DebugMixin::DOCKER
|
98
104
|
DebugMixin.debug_write "Built base fpm image '#{fpm_image.id}'\n"
|
99
105
|
dir = File.expand_path(dir)
|
100
106
|
Dir.chdir dir do
|
101
|
-
|
102
|
-
version = `git describe --long --tags --abbrev=7 | sed -e 's/^v//'`.strip
|
103
|
-
raise "No Git version (tag) for project '#{project_name}'" if version.empty?
|
104
|
-
end
|
107
|
+
version = cmd_options[:version] || detect_version
|
105
108
|
|
106
109
|
package_name = "conjur-#{project_name}_#{version}_amd64.deb"
|
107
110
|
|
@@ -207,6 +210,7 @@ command "test" do |c|
|
|
207
210
|
c.action do |global_options,cmd_options,args|
|
208
211
|
raise "project-name is required" unless project_name = args.shift
|
209
212
|
raise "test-script is required" unless test_script = args.shift
|
213
|
+
raise "Receive extra command-line arguments" if args.shift
|
210
214
|
|
211
215
|
dir = cmd_options[:dir] || '.'
|
212
216
|
dir = File.expand_path(dir)
|
@@ -231,9 +235,6 @@ command "test" do |c|
|
|
231
235
|
options = {
|
232
236
|
'Image' => appliance_image.id,
|
233
237
|
'Env' => [
|
234
|
-
"CONJUR_APPLIANCE_URL=https://localhost/api",
|
235
|
-
"CONJUR_ACCOUNT=cucumber",
|
236
|
-
"CONJUR_CERT_FILE=/opt/conjur/etc/ssl/ca.pem",
|
237
238
|
"CONJUR_AUTHN_LOGIN=admin",
|
238
239
|
"CONJUR_ENV=production",
|
239
240
|
"CONJUR_AUTHN_API_KEY=secret",
|
@@ -323,57 +324,92 @@ desc "Publish a debian package to apt repository"
|
|
323
324
|
long_desc <<DESC
|
324
325
|
Publishes a deb created with `debify package` to our private apt repository.
|
325
326
|
|
326
|
-
|
327
|
+
"distribution" should match the major/minor version of the Conjur appliance you want to install to.
|
327
328
|
|
328
|
-
|
329
|
+
The package name is a required option. The package version can be specified as a CLI option, or it will
|
330
|
+
be auto-detected from Git.
|
329
331
|
|
330
332
|
--component should be 'stable' if run after package tests pass or 'testing' if the package is not yet ready for release.
|
333
|
+
If you don't specify the component, it will be set to 'testing' unless the current git branch is 'master' or 'origin/master'.
|
334
|
+
The git branch is first detected from the env var GIT_BRANCH, and then by checking `git rev-parse --abbrev-ref HEAD`
|
335
|
+
(which won't give you the answer you want when detached).
|
331
336
|
|
332
|
-
ARTIFACTORY_USERNAME and ARTIFACTORY_PASSWORD must be available in the environment for upload to succeed.
|
333
337
|
DESC
|
334
|
-
arg_name "
|
338
|
+
arg_name "distribution project-name"
|
335
339
|
command "publish" do |c|
|
336
|
-
c.desc "
|
337
|
-
c.
|
338
|
-
|
340
|
+
c.desc "Set the current working directory"
|
341
|
+
c.flag [ :d, :dir ]
|
342
|
+
|
343
|
+
c.desc "Specify the deb package version; by default, it's computed from the Git tag"
|
344
|
+
c.flag [ :v, :version ]
|
339
345
|
|
340
346
|
c.desc "Maturity stage of the package, 'testing' or 'stable'"
|
341
347
|
c.default_value "testing"
|
342
348
|
c.flag [ :c, :component ]
|
343
349
|
|
344
350
|
c.action do |global_options,cmd_options,args|
|
345
|
-
raise "
|
351
|
+
raise "distribution is required" unless distribution = args.shift
|
352
|
+
raise "project-name is required" unless project_name = args.shift
|
353
|
+
raise "Receive extra command-line arguments" if args.shift
|
346
354
|
|
347
|
-
|
348
|
-
|
349
|
-
|
355
|
+
def detect_component
|
356
|
+
branch = ENV['GIT_BRANCH']
|
357
|
+
unless branch
|
358
|
+
branch = `git describe --all`
|
359
|
+
end
|
360
|
+
if %w(master origin/master).include?(branch)
|
361
|
+
'stable'
|
362
|
+
else
|
363
|
+
'testing'
|
364
|
+
end
|
365
|
+
end
|
366
|
+
|
367
|
+
dir = cmd_options[:dir] || '.'
|
350
368
|
dir = File.expand_path(dir)
|
369
|
+
|
370
|
+
raise "Directory #{dir} does not exist or is not a directory" unless File.directory?(dir)
|
371
|
+
|
372
|
+
Dir.chdir dir do
|
373
|
+
version = cmd_options[:version] || detect_version
|
374
|
+
component = cmd_options[:component] || detect_component
|
375
|
+
|
376
|
+
package_name = "conjur-#{project_name}_#{version}_amd64.deb"
|
351
377
|
|
352
|
-
|
353
|
-
|
354
|
-
|
355
|
-
|
356
|
-
|
357
|
-
|
358
|
-
|
359
|
-
|
360
|
-
|
361
|
-
|
362
|
-
|
363
|
-
|
364
|
-
|
365
|
-
|
366
|
-
|
367
|
-
|
368
|
-
|
369
|
-
|
370
|
-
|
371
|
-
|
372
|
-
|
373
|
-
|
374
|
-
|
375
|
-
|
376
|
-
|
378
|
+
publish_image = Docker::Image.build_from_dir File.expand_path('publish', File.dirname(__FILE__)), tag: "debify-publish", &DebugMixin::DOCKER
|
379
|
+
DebugMixin.debug_write "Built base publish image '#{publish_image.id}'\n"
|
380
|
+
|
381
|
+
require 'conjur/cli'
|
382
|
+
require 'conjur/authn'
|
383
|
+
Conjur::Config.load
|
384
|
+
Conjur::Config.apply
|
385
|
+
conjur = Conjur::Authn.connect nil, noask: true
|
386
|
+
|
387
|
+
art_username = conjur.variable('artifactory/users/jenkins/username').value
|
388
|
+
art_password = conjur.variable('artifactory/users/jenkins/password').value
|
389
|
+
|
390
|
+
options = {
|
391
|
+
'Image' => publish_image.id,
|
392
|
+
'Cmd' => [
|
393
|
+
"art", "upload",
|
394
|
+
"--url", "https://conjurinc.artifactoryonline.com/conjurinc",
|
395
|
+
"--user", art_username,
|
396
|
+
"--password", art_password,
|
397
|
+
"--deb", "#{distribution}/#{component}/amd64",
|
398
|
+
package_name, "debian-local/"
|
399
|
+
],
|
400
|
+
'Binds' => [
|
401
|
+
[ dir, "/src" ].join(':')
|
402
|
+
]
|
403
|
+
}
|
404
|
+
|
405
|
+
container = Docker::Container.create(options)
|
406
|
+
begin
|
407
|
+
container.tap(&:start).streaming_logs(follow: true, stdout: true, stderr: true) { |stream, chunk| puts "#{chunk}" }
|
408
|
+
status = container.wait
|
409
|
+
raise "Failed to publish #{package_name}" unless status['StatusCode'] == 0
|
410
|
+
ensure
|
411
|
+
container.delete(force: true)
|
412
|
+
end
|
377
413
|
end
|
378
414
|
end
|
379
415
|
end
|
data/lib/conjur/fpm/package.sh
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: conjur-debify
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Kevin Gilpin
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-01-
|
11
|
+
date: 2016-01-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: gli
|