conjur-debify 1.11.5 → 2.1.1.pre.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/CHANGELOG.md +32 -0
- data/Dockerfile +11 -24
- data/Jenkinsfile +47 -34
- data/README.md +6 -1
- data/Rakefile +2 -1
- data/VERSION +1 -1
- data/ci/test.sh +0 -5
- data/debify.gemspec +7 -7
- data/distrib/docker-debify +4 -2
- data/distrib/entrypoint.sh +4 -7
- data/example/Gemfile.lock +1 -1
- data/example/net-test.sh +1 -1
- data/features/package.feature +12 -6
- data/features/sandbox.feature +9 -5
- data/features/step_definitions/debify_steps.rb +1 -3
- data/features/support/env.rb +3 -1
- data/features/test.feature +4 -4
- data/lib/conjur/debify/Dockerfile.fpm +0 -4
- data/lib/conjur/debify/action/publish.rb +63 -20
- data/lib/conjur/debify/utils.rb +1 -1
- data/lib/conjur/debify.rb +161 -92
- data/lib/conjur/fpm/Dockerfile +5 -6
- data/lib/conjur/fpm/package.sh +61 -32
- data/lib/conjur/publish/Dockerfile +1 -7
- data/publish-rubygem.sh +7 -8
- data/spec/action/publish_spec.rb +4 -4
- data/spec/debify_utils_spec.rb +1 -1
- data/spec/utils_spec.rb +1 -1
- metadata +18 -17
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8ef8a9cc4afa7d0d497eeb7cc8bc37f4a958019460f027c4144422f62b156afb
|
4
|
+
data.tar.gz: 969998395e00778d72f777e78343c1f7f4b0cd4b71404cc2fe185d6930bcdad0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1fee2f382be527e02407da6096f1fef3e1dea8c5b443828eaa45ab2c76cd2e779addcf872bdced4567584ddfc43e311441931a32febe24d02b22806e404e9961
|
7
|
+
data.tar.gz: 5fef9c7c2bdd4e966278425f0f1009da8ce01b321d4b73bca16cd9853a2707ab7cf013fe5fd8dfad339eb7f1e96db445f9b53ef7c698746851338eef3c1453ff
|
data/.gitignore
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,35 @@
|
|
1
|
+
## [2.1.1]
|
2
|
+
### Changed
|
3
|
+
|
4
|
+
- Update to use automated release process
|
5
|
+
|
6
|
+
# 2.1.0
|
7
|
+
### Changed
|
8
|
+
|
9
|
+
- Refine bundler related steps in `debify package` flow: only `package.sh` file configures
|
10
|
+
and invokes bundler. `Dockerfile.fpm` only copies files and adjusts folder structure.
|
11
|
+
- Remove bundler 1.* support
|
12
|
+
|
13
|
+
# 2.0.0
|
14
|
+
### Changed
|
15
|
+
- Debify now receives the flag `--output` as input to indicate the file type that it should package (e.g `rpm`). If this
|
16
|
+
flag is not given, the default value is `deb`.
|
17
|
+
[conjurinc/debify#56](https://github.com/conjurinc/debify/issues/56)
|
18
|
+
|
19
|
+
# 1.12.0
|
20
|
+
|
21
|
+
### Added
|
22
|
+
- Debify now packages and publishes an RPM file, alongside a debian file.
|
23
|
+
[conjurinc/debify#49](https://github.com/conjurinc/debify/pull/49)
|
24
|
+
- `debify package` now offers an `--additional-files` flag to provide a comma
|
25
|
+
separated list of files to include in the FPM build that are not provided
|
26
|
+
automatically by `git ls-files`.
|
27
|
+
[conjurinc/debify#52](https://github.com/conjurinc/debify/pull/52)
|
28
|
+
|
29
|
+
### Fixed
|
30
|
+
- Bug causing `all` files in the git repo to be added to the debian file.
|
31
|
+
[conjurinc/debify#50](https://github.com/conjurinc/debify/pull/50)
|
32
|
+
|
1
33
|
# 1.11.5
|
2
34
|
|
3
35
|
### Changed
|
data/Dockerfile
CHANGED
@@ -1,46 +1,33 @@
|
|
1
1
|
FROM ruby:2.6-stretch
|
2
2
|
|
3
|
-
### DockerInDocker support is take from
|
4
|
-
### https://github.com/jpetazzo/dind/blob/master/Dockerfile . I
|
5
|
-
### elected to base this image on ruby, then pull in the (slightly
|
6
|
-
### outdated) support for DockerInDocker. Creation of the official
|
7
|
-
### docker:dind image much more complicated and didn't lend itself to
|
8
|
-
### also running ruby.
|
9
|
-
|
10
3
|
RUN apt-get update -qq && \
|
11
4
|
apt-get dist-upgrade -qqy && \
|
12
5
|
apt-get install -qqy \
|
13
6
|
apt-transport-https \
|
14
7
|
ca-certificates \
|
15
|
-
curl
|
16
|
-
lxc \
|
17
|
-
iptables
|
8
|
+
curl
|
18
9
|
|
19
|
-
# Install Docker
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
# Define additional metadata for our image.
|
27
|
-
VOLUME /var/lib/docker
|
28
|
-
|
29
|
-
### End of DockerInDocker support
|
10
|
+
# Install Docker client tools
|
11
|
+
ENV DOCKERVERSION=20.10.0
|
12
|
+
RUN curl -fsSLO https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKERVERSION}.tgz \
|
13
|
+
&& tar xzvf docker-${DOCKERVERSION}.tgz --strip 1 \
|
14
|
+
-C /usr/local/bin docker/docker \
|
15
|
+
&& rm docker-${DOCKERVERSION}.tgz
|
30
16
|
|
31
17
|
RUN mkdir -p /debify
|
32
18
|
WORKDIR /debify
|
33
19
|
|
34
20
|
COPY . ./
|
35
21
|
|
22
|
+
RUN gem install bundler:2.2.30
|
36
23
|
RUN gem build debify.gemspec
|
37
24
|
|
38
25
|
ARG VERSION
|
39
|
-
RUN gem install -N conjur-debify
|
26
|
+
RUN gem install -N conjur-debify-*.gem
|
40
27
|
|
41
28
|
ARG CONJUR_APPLIANCE_URL
|
42
|
-
ENV CONJUR_APPLIANCE_URL ${CONJUR_APPLIANCE_URL:-https://
|
29
|
+
ENV CONJUR_APPLIANCE_URL ${CONJUR_APPLIANCE_URL:-https://conjurops.itp.conjur.net}
|
43
30
|
ENV CONJUR_ACCOUNT ${CONJUR_ACCOUNT:-conjur}
|
44
|
-
ENV CONJUR_VERSION ${CONJUR_VERSION:-
|
31
|
+
ENV CONJUR_VERSION ${CONJUR_VERSION:-5}
|
45
32
|
|
46
33
|
ENTRYPOINT ["/debify/distrib/entrypoint.sh"]
|
data/Jenkinsfile
CHANGED
@@ -1,29 +1,52 @@
|
|
1
1
|
#!/usr/bin/env groovy
|
2
2
|
|
3
|
+
// Automated release, promotion and dependencies
|
4
|
+
properties([
|
5
|
+
release.addParams(),
|
6
|
+
dependencies(['cyberark/conjur-base-image'])
|
7
|
+
])
|
8
|
+
|
9
|
+
if (params.MODE == "PROMOTE") {
|
10
|
+
release.promote(params.VERSION_TO_PROMOTE) { sourceVersion, targetVersion, assetDirectory ->
|
11
|
+
sh './publish-rubygems.sh'
|
12
|
+
}
|
13
|
+
return
|
14
|
+
}
|
15
|
+
|
3
16
|
pipeline {
|
4
17
|
agent { label 'executor-v2' }
|
5
18
|
|
6
19
|
options {
|
7
20
|
timestamps()
|
8
21
|
buildDiscarder(logRotator(daysToKeepStr: '30'))
|
9
|
-
skipDefaultCheckout()
|
10
22
|
}
|
11
23
|
|
12
24
|
triggers {
|
13
25
|
cron(getDailyCronString())
|
14
26
|
}
|
15
27
|
|
28
|
+
environment {
|
29
|
+
MODE = release.canonicalizeMode()
|
30
|
+
}
|
31
|
+
|
16
32
|
stages {
|
17
|
-
stage('
|
33
|
+
stage ("Skip build if triggering job didn't create a release") {
|
34
|
+
when {
|
35
|
+
expression {
|
36
|
+
MODE == "SKIP"
|
37
|
+
}
|
38
|
+
}
|
18
39
|
steps {
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
40
|
+
script {
|
41
|
+
currentBuild.result = 'ABORTED'
|
42
|
+
error("Aborting build because this build was triggered from upstream, but no release was built")
|
43
|
+
}
|
44
|
+
}
|
45
|
+
}
|
46
|
+
stage('Prepare') {
|
47
|
+
steps {
|
48
|
+
// Initialize VERSION file
|
49
|
+
updateVersion("CHANGELOG.md", "${BUILD_NUMBER}")
|
27
50
|
}
|
28
51
|
}
|
29
52
|
stage('Build docker image') {
|
@@ -42,10 +65,14 @@ pipeline {
|
|
42
65
|
scanAndReport("debify:${VERSION}", "HIGH", false)
|
43
66
|
}
|
44
67
|
}
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
68
|
+
stage('Scan Docker image for all issues') {
|
69
|
+
steps{
|
70
|
+
script {
|
71
|
+
VERSION = sh(returnStdout: true, script: 'cat VERSION')
|
72
|
+
}
|
73
|
+
scanAndReport("debify:${VERSION}", "NONE", true)
|
74
|
+
}
|
75
|
+
}
|
49
76
|
}
|
50
77
|
}
|
51
78
|
|
@@ -66,31 +93,17 @@ pipeline {
|
|
66
93
|
}
|
67
94
|
|
68
95
|
stage('Publish to RubyGems') {
|
69
|
-
agent { label 'releaser-v2' }
|
70
96
|
when {
|
71
|
-
|
72
|
-
|
73
|
-
/* expression {
|
74
|
-
boolean publish = false
|
75
|
-
|
76
|
-
try {
|
77
|
-
timeout(time: 5, unit: 'MINUTES') {
|
78
|
-
input(message: 'Publish to RubyGems?')
|
79
|
-
publish = true
|
80
|
-
}
|
81
|
-
} catch (final ignore) {
|
82
|
-
publish = false
|
83
|
-
}
|
84
|
-
|
85
|
-
return publish
|
86
|
-
}*/
|
97
|
+
expression {
|
98
|
+
MODE == "RELEASE"
|
87
99
|
}
|
88
100
|
}
|
89
101
|
|
90
102
|
steps {
|
91
|
-
|
92
|
-
|
93
|
-
|
103
|
+
release {
|
104
|
+
sh './publish-rubygem.sh'
|
105
|
+
sh "cp debify-*.gem release-assets/."
|
106
|
+
}
|
94
107
|
}
|
95
108
|
}
|
96
109
|
}
|
data/README.md
CHANGED
@@ -1,5 +1,10 @@
|
|
1
1
|
# Debify
|
2
2
|
|
3
|
+
Debify is a tool used for building and testing DAP appliance packages.
|
4
|
+
It is mainly used to package and publish debian packages that are consumed into the
|
5
|
+
appliance image in its build stage. However, it also packages and publishes an
|
6
|
+
RPM package whenever it does so for a debian.
|
7
|
+
|
3
8
|
## Installation
|
4
9
|
|
5
10
|
There are two different ways of installing debify: as a gem, or as a Docker image.
|
@@ -284,7 +289,7 @@ Start a sandbox, see that it can resolve the hostname `mydb`:
|
|
284
289
|
|
285
290
|
```sh-session
|
286
291
|
|
287
|
-
example $ debify sandbox -t
|
292
|
+
example $ debify sandbox -t 5.0-stable --net testnet
|
288
293
|
example $ docker exec -it example-sandbox /bin/bash
|
289
294
|
root@7d4217655332:/src/example# getent hosts mydb
|
290
295
|
172.19.0.2 mydb
|
data/Rakefile
CHANGED
@@ -33,7 +33,8 @@ if cucumber?
|
|
33
33
|
Cucumber::Rake::Task.new(:features) do |t|
|
34
34
|
opts = "features --format junit -o #{CUKE_RESULTS} --format pretty -x"
|
35
35
|
opts += " --tags #{ENV['TAGS']}" if ENV['TAGS']
|
36
|
-
|
36
|
+
opts += " --tags ~@skip"
|
37
|
+
t.cucumber_opts = opts
|
37
38
|
t.fork = false
|
38
39
|
end
|
39
40
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
2.1.1-2
|
data/ci/test.sh
CHANGED
@@ -2,11 +2,6 @@
|
|
2
2
|
|
3
3
|
bundle
|
4
4
|
|
5
|
-
# Some tests need to be logged in to the registry, to pull a base
|
6
|
-
# image if it's not already available. Have entrypoint.sh do something
|
7
|
-
# simple, and log in as a side effect.
|
8
|
-
/debify/distrib/entrypoint.sh detect-version
|
9
|
-
|
10
5
|
for target in spec cucumber; do
|
11
6
|
bundle exec rake $target
|
12
7
|
done
|
data/debify.gemspec
CHANGED
@@ -6,32 +6,32 @@ require 'conjur/debify/version'
|
|
6
6
|
Gem::Specification.new do |spec|
|
7
7
|
spec.name = "conjur-debify"
|
8
8
|
spec.version = Conjur::Debify::VERSION
|
9
|
-
spec.authors = ["
|
10
|
-
spec.email = ["
|
9
|
+
spec.authors = ["CyberArk Software, Inc."]
|
10
|
+
spec.email = ["conj_maintainers@cyberark.com"]
|
11
11
|
spec.summary = %q{Utility commands to build and package Conjur services as Debian packages}
|
12
12
|
spec.homepage = "https://github.com/conjurinc/debify"
|
13
13
|
spec.license = "MIT"
|
14
14
|
|
15
|
-
spec.files = `git ls-files -z`.split("\x0")
|
15
|
+
spec.files = `git ls-files -z`.split("\x0").append("VERSION")
|
16
16
|
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
17
17
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
18
18
|
spec.require_paths = ["lib"]
|
19
19
|
|
20
20
|
spec.add_dependency "gli"
|
21
|
-
spec.add_dependency "docker-api", "~>
|
21
|
+
spec.add_dependency "docker-api", "~> 2.0"
|
22
22
|
spec.add_dependency "conjur-cli" , "~> 6"
|
23
23
|
spec.add_dependency "conjur-api", "~> 5"
|
24
24
|
|
25
|
-
spec.add_development_dependency "bundler", "
|
25
|
+
spec.add_development_dependency "bundler", ">= 2.2.30"
|
26
26
|
spec.add_development_dependency "fakefs", "~> 0"
|
27
|
-
spec.add_development_dependency "rake", "~>
|
27
|
+
spec.add_development_dependency "rake", "~> 13.0"
|
28
28
|
|
29
29
|
# Pin to cucumbe v2. cucumber v3 changes (breaks) the behavior of
|
30
30
|
# unmatched capture groups with \(d+). In v3, the value of such a
|
31
31
|
# group is 0 instead of nil, which breaks aruba's "I successfully
|
32
32
|
# run...." steps.
|
33
33
|
spec.add_development_dependency "cucumber", '~> 2'
|
34
|
-
spec.add_development_dependency "aruba", "~> 0
|
34
|
+
spec.add_development_dependency "aruba", "~> 1.0"
|
35
35
|
spec.add_development_dependency 'rspec', '~> 3'
|
36
36
|
spec.add_development_dependency 'ci_reporter_rspec', '~> 1.0'
|
37
37
|
end
|
data/distrib/docker-debify
CHANGED
@@ -39,10 +39,12 @@ docker run -i $tty --rm \
|
|
39
39
|
-e CONJUR_APPLIANCE_URL -e CONJUR_SSL_CERTIFICATE \
|
40
40
|
-e GIT_BRANCH -e BRANCH_NAME \
|
41
41
|
-e ARTIFACTORY_USER -e ARTIFACTORY_PASSWORD \
|
42
|
+
-e HOME \
|
42
43
|
${envfile_arg} \
|
43
|
-
-v $PWD:$PWD -w $PWD \
|
44
|
+
-v "$PWD:$PWD" -w "$PWD" \
|
44
45
|
-v /var/run/docker.sock:/var/run/docker.sock \
|
45
|
-
-v ${
|
46
|
+
-v "${HOME}:${HOME}" \
|
47
|
+
-v "${netrc}:${HOME}/.netrc:ro" \
|
46
48
|
${rc_arg} \
|
47
49
|
${DEBIFY_ENTRYPOINT+--entrypoint $DEBIFY_ENTRYPOINT} \
|
48
50
|
${DEBIFY_IMAGE-registry.tld/conjurinc/debify:@@DEBIFY_VERSION@@} "$@"
|
data/distrib/entrypoint.sh
CHANGED
@@ -6,17 +6,14 @@ set +x
|
|
6
6
|
|
7
7
|
creds=( $(ruby /debify/distrib/conjur_creds.rb) )
|
8
8
|
|
9
|
-
# If there are creds, use them to log in to the registry.
|
10
|
-
# the magic DockerInDocker wrapper script so debify can interact with
|
11
|
-
# the Docker daemon.
|
9
|
+
# If there are creds, use them to log in to the registry.
|
12
10
|
#
|
13
|
-
# If there are no creds,
|
11
|
+
# If there are no creds, any commands that do
|
14
12
|
# Docker stuff will fail, but the non-Docker commands (e.g. the config
|
15
13
|
# subcommands) will work fine.
|
16
14
|
if [[ ${#creds[*]} > 0 ]]; then
|
17
15
|
echo -n "${creds[1]}" | docker login registry.tld -u ${creds[0]} --password-stdin >/dev/null 2>&1
|
18
|
-
exec wrapdocker debify "$@"
|
19
|
-
else
|
20
|
-
exec debify "$@"
|
21
16
|
fi
|
22
17
|
|
18
|
+
exec debify "$@"
|
19
|
+
|
data/example/Gemfile.lock
CHANGED
data/example/net-test.sh
CHANGED
data/features/package.feature
CHANGED
@@ -2,16 +2,22 @@
|
|
2
2
|
Feature: Packaging
|
3
3
|
|
4
4
|
Background:
|
5
|
-
|
5
|
+
# We use version 0.0.1-suffix to verify that RPM converts dashes to underscores
|
6
|
+
# in the version as we expect
|
7
|
+
Given I successfully run `env DEBUG=true GLI_DEBUG=true debify package -d ../../example -v 0.0.1-suffix example -- --post-install /distrib/postinstall.sh`
|
8
|
+
And I successfully run `env DEBUG=true GLI_DEBUG=true debify package -d ../../example --output rpm -v 0.0.1-suffix example -- --post-install /distrib/postinstall.sh`
|
6
9
|
|
7
10
|
Scenario: 'example' project can be packaged successfully
|
8
|
-
Then the stdout should contain "conjur-example_0.0.
|
9
|
-
And the stdout should contain "conjur-example-dev_0.0.
|
11
|
+
Then the stdout should contain "conjur-example_0.0.1-suffix_amd64.deb"
|
12
|
+
And the stdout should contain "conjur-example-dev_0.0.1-suffix_amd64.deb"
|
13
|
+
And the stdout should contain "conjur-example-0.0.1_suffix-1.x86_64.rpm"
|
14
|
+
And the stdout should contain "conjur-example-dev-0.0.1_suffix-1.x86_64.rpm"
|
10
15
|
|
11
16
|
Scenario: 'clean' command will delete non-Git-managed files
|
12
17
|
When I successfully run `env DEBUG=true GLI_DEBUG=true debify clean -d ../../example --force`
|
13
18
|
And I successfully run `find ../../example`
|
14
|
-
Then the stdout from "find ../../example" should not contain "conjur-example_0.0.
|
15
|
-
|
19
|
+
Then the stdout from "find ../../example" should not contain "conjur-example_0.0.1-suffix_amd64.deb"
|
20
|
+
And the stdout from "find ../../example" should not contain "conjur-example-0.0.1_suffix-1.x86_64.rpm"
|
21
|
+
|
16
22
|
Scenario: 'example' project can be published
|
17
|
-
When I successfully run `env DEBUG=true GLI_DEBUG=true debify publish -v 0.0.1 -d ../../example
|
23
|
+
When I successfully run `env DEBUG=true GLI_DEBUG=true debify publish -v 0.0.1-suffix -d ../../example 5.0 example`
|
data/features/sandbox.feature
CHANGED
@@ -1,19 +1,23 @@
|
|
1
1
|
@announce-output
|
2
2
|
Feature: Running a sandbox
|
3
3
|
Background:
|
4
|
-
Given I successfully run `docker pull registry.tld/conjur-appliance-cuke-master:
|
4
|
+
Given I successfully run `docker pull registry.tld/conjur-appliance-cuke-master:5.0-stable`
|
5
|
+
# The extra containers will use the `alpine` image, so we need to pull it first on the
|
6
|
+
# host to use the authenticated DockerHub connection. This avoids hitting DockerHub
|
7
|
+
# rate limits.
|
8
|
+
And I successfully run `docker pull nginx`
|
5
9
|
|
6
10
|
Scenario: sandbox for 'example' project be started
|
7
|
-
Given I successfully start a sandbox for "example" with arguments "-t
|
11
|
+
Given I successfully start a sandbox for "example" with arguments "-t 5.0-stable --no-pull"
|
8
12
|
|
9
13
|
Scenario: sandbox for 'example' project be started linked to another container
|
10
14
|
Given I start a container named "other_host"
|
11
|
-
Then I successfully start a sandbox for "example" with arguments "-t
|
15
|
+
Then I successfully start a sandbox for "example" with arguments "-t 5.0-stable --no-pull --link other_host -c 'curl -s http://other_host > /dev/null'"
|
12
16
|
|
13
17
|
Scenario: sandbox for 'example' project be started on a network other than the default
|
14
18
|
Given I start a container named "other_host" on network "test-net"
|
15
|
-
Then I successfully start a sandbox for "example" with arguments "-t
|
19
|
+
Then I successfully start a sandbox for "example" with arguments "-t 5.0-stable --no-pull --net test-net -c 'curl -s http://other_host > /dev/null'"
|
16
20
|
|
17
21
|
Scenario: sandbox for 'example' project be started on a network other than the default with a host aliased
|
18
22
|
Given I start a container named "another_host" on network "test-net"
|
19
|
-
Then I successfully start a sandbox for "example" with arguments "-t
|
23
|
+
Then I successfully start a sandbox for "example" with arguments "-t 5.0-stable --no-pull --net test-net --link another_host:other_host -c 'curl -s http://other_host > /dev/null'"
|
@@ -12,11 +12,9 @@ When /^I start a container named "(.*?)"(?: on network "(.*?)")*$/ do |name, net
|
|
12
12
|
networks << network
|
13
13
|
end
|
14
14
|
|
15
|
-
alpine = Docker::Image.create('fromImage' => 'alpine')
|
16
15
|
options = {
|
17
16
|
'name' => name,
|
18
|
-
'
|
19
|
-
'Image' => alpine.id
|
17
|
+
'Image' => 'nginx'
|
20
18
|
}
|
21
19
|
options['HostConfig'] = { 'NetworkMode' => net_name } if net_name
|
22
20
|
|
data/features/support/env.rb
CHANGED
@@ -6,5 +6,7 @@ LIB_DIR = File.join(File.expand_path(File.dirname(__FILE__)),'..','..','lib')
|
|
6
6
|
|
7
7
|
Aruba.configure do |config|
|
8
8
|
config.exit_timeout = 1200
|
9
|
+
# not a best practice from aruba's point of view
|
10
|
+
# but the only solution I've found to have docker credentials context
|
11
|
+
config.home_directory = ENV['HOME']
|
9
12
|
end
|
10
|
-
|
data/features/test.feature
CHANGED
@@ -5,20 +5,20 @@ Feature: Testing
|
|
5
5
|
Given I successfully run `env DEBUG=true GLI_DEBUG=true debify package -d ../../example -v 0.0.1 example -- --post-install /distrib/postinstall.sh`
|
6
6
|
|
7
7
|
Scenario: 'example' project can be tested successfully
|
8
|
-
When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t
|
8
|
+
When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 5.0-stable -v 0.0.1 -d ../../example --no-pull example test.sh`
|
9
9
|
Then the stderr should contain "Test succeeded"
|
10
10
|
|
11
11
|
Scenario: 'example' project can be tested when linked to another container
|
12
12
|
Given I start a container named "other_host"
|
13
|
-
When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t
|
13
|
+
When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 5.0-stable -v 0.0.1 -d ../../example --no-pull --link other_host example net-test.sh`
|
14
14
|
Then the stderr should contain "Test succeeded"
|
15
15
|
|
16
16
|
Scenario: 'example' project can be tested on a network other than the default
|
17
17
|
Given I start a container named "other_host" on network "test-net"
|
18
|
-
When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t
|
18
|
+
When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 5.0-stable -v 0.0.1 -d ../../example --no-pull --net test-net example net-test.sh`
|
19
19
|
Then the stderr should contain "Test succeeded"
|
20
20
|
|
21
21
|
Scenario: 'example' project can be tested on a network other than the default with a host aliased
|
22
22
|
Given I start a container named "another_host" on network "test-net"
|
23
|
-
When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t
|
23
|
+
When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 5.0-stable -v 0.0.1 -d ../../example --no-pull --link another_host:other_host --net test-net example net-test.sh`
|
24
24
|
Then the stderr should contain "Test succeeded"
|
@@ -25,14 +25,12 @@ module Conjur::Debify
|
|
25
25
|
|
26
26
|
Dir.chdir dir do
|
27
27
|
version = cmd_options[:version] || detect_version
|
28
|
-
component = cmd_options[:component] || detect_component
|
29
|
-
package_name = "conjur-#{project_name}_#{version}_amd64.deb"
|
30
28
|
|
31
29
|
publish_image = create_image
|
32
30
|
DebugMixin.debug_write "Built base publish image '#{publish_image.id}'\n"
|
33
31
|
|
34
32
|
art_url = cmd_options[:url]
|
35
|
-
|
33
|
+
deb_art_repo = cmd_options[:repo]
|
36
34
|
|
37
35
|
art_user = ENV['ARTIFACTORY_USER']
|
38
36
|
art_password = ENV['ARTIFACTORY_PASSWORD']
|
@@ -40,23 +38,35 @@ module Conjur::Debify
|
|
40
38
|
art_user, art_password = fetch_art_creds
|
41
39
|
end
|
42
40
|
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
41
|
+
# Publish deb package
|
42
|
+
component = cmd_options[:component] || detect_component
|
43
|
+
deb_info = "#{distribution}/#{component}/amd64"
|
44
|
+
package_name = "conjur-#{project_name}_#{version}_amd64.deb"
|
45
|
+
publish_package(
|
46
|
+
publish_image: publish_image,
|
47
|
+
art_url: art_url,
|
48
|
+
art_user: art_user,
|
49
|
+
art_password: art_password,
|
50
|
+
art_repo: deb_art_repo,
|
51
|
+
package_name: package_name,
|
52
|
+
dir: dir,
|
53
|
+
deb_info: deb_info
|
54
|
+
)
|
55
|
+
|
56
|
+
# Publish RPM package
|
57
|
+
# The rpm builder replaces dashes with underscores in the version
|
58
|
+
rpm_version = version.tr('-', '_')
|
59
|
+
package_name = "conjur-#{project_name}-#{rpm_version}-1.x86_64.rpm"
|
60
|
+
rpm_art_repo = cmd_options['rpm-repo']
|
61
|
+
publish_package(
|
62
|
+
publish_image: publish_image,
|
63
|
+
art_url: art_url,
|
64
|
+
art_user: art_user,
|
65
|
+
art_password: art_password,
|
66
|
+
art_repo: rpm_art_repo,
|
67
|
+
package_name: package_name,
|
68
|
+
dir: dir
|
69
|
+
)
|
60
70
|
end
|
61
71
|
end
|
62
72
|
|
@@ -77,6 +87,39 @@ module Conjur::Debify
|
|
77
87
|
[conjur.resource(username_var).value, conjur.resource(password_var).value]
|
78
88
|
end
|
79
89
|
|
90
|
+
def publish_package(
|
91
|
+
publish_image:,
|
92
|
+
art_url:,
|
93
|
+
art_user:,
|
94
|
+
art_password:,
|
95
|
+
art_repo:,
|
96
|
+
package_name:,
|
97
|
+
dir:,
|
98
|
+
deb_info: nil
|
99
|
+
)
|
100
|
+
|
101
|
+
cmd_args = [
|
102
|
+
"jfrog", "rt", "upload",
|
103
|
+
"--url", art_url,
|
104
|
+
"--user", art_user,
|
105
|
+
"--password", art_password,
|
106
|
+
]
|
107
|
+
|
108
|
+
cmd_args += ["--deb", deb_info] if deb_info
|
109
|
+
cmd_args += [package_name, "#{art_repo}/"]
|
110
|
+
|
111
|
+
options = {
|
112
|
+
'Image' => publish_image.id,
|
113
|
+
'Cmd' => cmd_args,
|
114
|
+
'Binds' => [
|
115
|
+
[ dir, "/src" ].join(':')
|
116
|
+
]
|
117
|
+
}
|
118
|
+
options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
|
119
|
+
|
120
|
+
publish(options)
|
121
|
+
end
|
122
|
+
|
80
123
|
def publish(options)
|
81
124
|
container = Docker::Container.create(options)
|
82
125
|
begin
|
data/lib/conjur/debify/utils.rb
CHANGED
@@ -6,7 +6,7 @@ module Conjur::Debify::Utils
|
|
6
6
|
# copy a file from container to the current working directory
|
7
7
|
def copy_from_container container, path
|
8
8
|
tar = StringIO.new
|
9
|
-
container.
|
9
|
+
container.archive_out(path) { |chunk| tar.write chunk }
|
10
10
|
tar.rewind
|
11
11
|
Gem::Package::TarReader.new(tar).each do |entry|
|
12
12
|
File.write entry.full_name, entry.read
|