conjur-debify 1.11.5 → 2.1.1.pre.957
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/CHANGELOG.md +32 -0
- data/Dockerfile +11 -24
- data/Jenkinsfile +47 -25
- data/README.md +6 -1
- data/Rakefile +2 -1
- data/VERSION +1 -1
- data/ci/test.sh +0 -5
- data/debify.gemspec +7 -7
- data/distrib/docker-debify +4 -2
- data/distrib/entrypoint.sh +4 -7
- data/example/Gemfile.lock +1 -1
- data/example/net-test.sh +1 -1
- data/features/package.feature +12 -6
- data/features/sandbox.feature +9 -5
- data/features/step_definitions/debify_steps.rb +1 -3
- data/features/support/env.rb +3 -1
- data/features/test.feature +4 -4
- data/lib/conjur/debify/Dockerfile.fpm +0 -4
- data/lib/conjur/debify/action/publish.rb +63 -20
- data/lib/conjur/debify/utils.rb +1 -1
- data/lib/conjur/debify.rb +161 -92
- data/lib/conjur/fpm/Dockerfile +5 -6
- data/lib/conjur/fpm/package.sh +61 -32
- data/lib/conjur/publish/Dockerfile +1 -7
- data/publish-rubygem.sh +1 -1
- data/spec/action/publish_spec.rb +4 -4
- data/spec/debify_utils_spec.rb +1 -1
- data/spec/utils_spec.rb +1 -1
- metadata +17 -17
data/lib/conjur/debify.rb
CHANGED
@@ -4,6 +4,7 @@ require 'fileutils'
|
|
4
4
|
require 'gli'
|
5
5
|
require 'json'
|
6
6
|
require 'base64'
|
7
|
+
require 'tmpdir'
|
7
8
|
|
8
9
|
require 'conjur/debify/utils'
|
9
10
|
|
@@ -12,6 +13,8 @@ require 'active_support/core_ext'
|
|
12
13
|
|
13
14
|
include GLI::App
|
14
15
|
|
16
|
+
DEFAULT_FILE_TYPE = "deb"
|
17
|
+
|
15
18
|
config_file '.debifyrc'
|
16
19
|
|
17
20
|
desc 'Set an environment variable (e.g. TERM=xterm) when starting a container'
|
@@ -49,7 +52,7 @@ module DebugMixin
|
|
49
52
|
if a.length == 2 && a[0].is_a?(Symbol)
|
50
53
|
debug a.last
|
51
54
|
else
|
52
|
-
|
55
|
+
a.each do |line|
|
53
56
|
begin
|
54
57
|
line = JSON.parse(line)
|
55
58
|
line.keys.each do |k|
|
@@ -79,7 +82,7 @@ def detect_version
|
|
79
82
|
base_version = File.read("VERSION").strip
|
80
83
|
commits_since = `git log #{base_commit}..HEAD --pretty='%h'`.split("\n").size
|
81
84
|
hash = `git rev-parse --short HEAD`.strip
|
82
|
-
[
|
85
|
+
[[base_version, commits_since].join('.'), hash].join("-")
|
83
86
|
else
|
84
87
|
`git describe --long --tags --abbrev=7 --match 'v*.*.*' | sed -e 's/^v//'`.strip.tap do |version|
|
85
88
|
raise "No Git version (tag) for project" if version.empty?
|
@@ -88,7 +91,13 @@ def detect_version
|
|
88
91
|
end
|
89
92
|
|
90
93
|
def git_files
|
91
|
-
(`git ls-files -z`.split("\x0") + ['Gemfile.lock']).uniq
|
94
|
+
files = (`git ls-files -z`.split("\x0") + ['Gemfile.lock']).uniq
|
95
|
+
# Since submodule directories are listed, but are not files, we remove them.
|
96
|
+
# Currently, `conjur-project-config` is the only submodule in Conjur, and it
|
97
|
+
# can safely be removed because it's a developer-only tool. If we add another
|
98
|
+
# submodule in the future needed for production, we'll need to update this
|
99
|
+
# code. But YAGNI for now.
|
100
|
+
files.select { |f| File.file?(f) }
|
92
101
|
end
|
93
102
|
|
94
103
|
def login_to_registry(appliance_image_id)
|
@@ -124,15 +133,15 @@ DESC
|
|
124
133
|
arg_name "project-name -- <fpm-arguments>"
|
125
134
|
command "clean" do |c|
|
126
135
|
c.desc "Set the current working directory"
|
127
|
-
c.flag [
|
136
|
+
c.flag [:d, "dir"]
|
128
137
|
|
129
138
|
c.desc "Ignore (don't delete) a file or directory"
|
130
|
-
c.flag [
|
139
|
+
c.flag [:i, :ignore]
|
131
140
|
|
132
141
|
c.desc "Force file deletion even if if this doesn't look like a Jenkins environment"
|
133
|
-
c.switch [
|
142
|
+
c.switch [:force]
|
134
143
|
|
135
|
-
c.action do |global_options,cmd_options,args|
|
144
|
+
c.action do |global_options, cmd_options, args|
|
136
145
|
def looks_like_jenkins?
|
137
146
|
require 'etc'
|
138
147
|
Etc.getlogin == 'jenkins' && ENV['BUILD_NUMBER']
|
@@ -143,10 +152,10 @@ command "clean" do |c|
|
|
143
152
|
if !perform_deletion
|
144
153
|
$stderr.puts "No --force, and this doesn't look like Jenkins. I won't actually delete anything"
|
145
154
|
end
|
146
|
-
@ignore_list = Array(cmd_options[:ignore]) + [
|
155
|
+
@ignore_list = Array(cmd_options[:ignore]) + ['.', '..', '.git']
|
147
156
|
|
148
157
|
def ignore_file? f
|
149
|
-
@ignore_list.find{|ignore| f.index(ignore) == 0}
|
158
|
+
@ignore_list.find { |ignore| f.index(ignore) == 0 }
|
150
159
|
end
|
151
160
|
|
152
161
|
dir = cmd_options[:dir] || '.'
|
@@ -159,16 +168,16 @@ command "clean" do |c|
|
|
159
168
|
end
|
160
169
|
find_files.compact!
|
161
170
|
delete_files = (find_files - git_files)
|
162
|
-
delete_files.delete_if{|file|
|
171
|
+
delete_files.delete_if { |file|
|
163
172
|
File.directory?(file) || ignore_file?(file)
|
164
173
|
}
|
165
174
|
if perform_deletion
|
166
175
|
image = Docker::Image.create 'fromImage' => "alpine:3.3"
|
167
176
|
options = {
|
168
|
-
'Cmd'
|
177
|
+
'Cmd' => ["sh", "-c", "while true; do sleep 1; done"],
|
169
178
|
'Image' => image.id,
|
170
179
|
'Binds' => [
|
171
|
-
[
|
180
|
+
[dir, "/src"].join(':'),
|
172
181
|
]
|
173
182
|
}
|
174
183
|
options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
|
@@ -179,7 +188,7 @@ command "clean" do |c|
|
|
179
188
|
puts file
|
180
189
|
|
181
190
|
file = "/src/#{file}"
|
182
|
-
cmd = [
|
191
|
+
cmd = ["rm", "-f", file]
|
183
192
|
|
184
193
|
stdout, stderr, status = container.exec cmd, &DebugMixin::DOCKER
|
185
194
|
$stderr.puts "Failed to delete #{file}" unless status == 0
|
@@ -196,6 +205,17 @@ command "clean" do |c|
|
|
196
205
|
end
|
197
206
|
end
|
198
207
|
|
208
|
+
def copy_packages_from_container(container, package_name, dev_package_name)
|
209
|
+
Conjur::Debify::Utils.copy_from_container container, "/src/#{package_name}"
|
210
|
+
puts "#{package_name}"
|
211
|
+
begin
|
212
|
+
Conjur::Debify::Utils.copy_from_container container, "/dev-pkg/#{dev_package_name}"
|
213
|
+
puts "#{dev_package_name}"
|
214
|
+
rescue Docker::Error::NotFoundError
|
215
|
+
warn "#{dev_package_name} not found. The package might not have any development dependencies."
|
216
|
+
end
|
217
|
+
end
|
218
|
+
|
199
219
|
desc "Build a debian package for a project"
|
200
220
|
long_desc <<DESC
|
201
221
|
The package is built using fpm (https://github.com/jordansissel/fpm).
|
@@ -220,15 +240,21 @@ DESC
|
|
220
240
|
arg_name "project-name -- <fpm-arguments>"
|
221
241
|
command "package" do |c|
|
222
242
|
c.desc "Set the current working directory"
|
223
|
-
c.flag [
|
243
|
+
c.flag [:d, "dir"]
|
244
|
+
|
245
|
+
c.desc "Set the output file type of the fpm command (e.g rpm)"
|
246
|
+
c.flag [:o, :output]
|
224
247
|
|
225
248
|
c.desc "Specify the deb version; by default, it's read from the VERSION file"
|
226
|
-
c.flag [
|
249
|
+
c.flag [:v, :version]
|
227
250
|
|
228
251
|
c.desc "Specify a custom Dockerfile.fpm"
|
229
|
-
c.flag [
|
252
|
+
c.flag [:dockerfile]
|
253
|
+
|
254
|
+
c.desc "Specify files to add to the FPM image that are not included from the git repo"
|
255
|
+
c.flag [:'additional-files']
|
230
256
|
|
231
|
-
c.action do |global_options,cmd_options,args|
|
257
|
+
c.action do |global_options, cmd_options, args|
|
232
258
|
raise "project-name is required" unless project_name = args.shift
|
233
259
|
|
234
260
|
fpm_args = []
|
@@ -241,30 +267,62 @@ command "package" do |c|
|
|
241
267
|
dir = cmd_options[:dir] || '.'
|
242
268
|
pwd = File.dirname(__FILE__)
|
243
269
|
|
244
|
-
|
270
|
+
additional_files = []
|
271
|
+
if cmd_options[:'additional-files']
|
272
|
+
additional_files = cmd_options[:'additional-files'].split(',').map(&:strip)
|
273
|
+
end
|
274
|
+
|
275
|
+
begin
|
276
|
+
tries ||= 2
|
277
|
+
fpm_image = Docker::Image.build_from_dir File.expand_path('fpm', File.dirname(__FILE__)), tag: "debify-fpm", &DebugMixin::DOCKER
|
278
|
+
rescue
|
279
|
+
image_id = File.readlines(File.expand_path('fpm/Dockerfile', File.dirname(__FILE__)))
|
280
|
+
.find { | line | line =~ /^FROM/ }
|
281
|
+
.split(' ')
|
282
|
+
.last
|
283
|
+
login_to_registry image_id
|
284
|
+
retry unless (tries -= 1).zero?
|
285
|
+
end
|
245
286
|
DebugMixin.debug_write "Built base fpm image '#{fpm_image.id}'\n"
|
246
287
|
dir = File.expand_path(dir)
|
288
|
+
|
247
289
|
Dir.chdir dir do
|
248
290
|
version = cmd_options[:version] || detect_version
|
249
|
-
dockerfile_path = cmd_options[:dockerfile] || File.expand_path("debify/Dockerfile.fpm", pwd)
|
250
|
-
dockerfile = File.read(dockerfile_path)
|
251
291
|
|
252
|
-
|
253
|
-
|
254
|
-
|
255
|
-
|
256
|
-
|
257
|
-
|
258
|
-
|
292
|
+
# move git files and Dockerfile to temp dir to make deb from
|
293
|
+
# we do this to avoid adding "non-git" files
|
294
|
+
# that aren't mentioned in the dockerignore to the deb
|
295
|
+
temp_dir = Dir.mktmpdir
|
296
|
+
DebugMixin.debug_write "Copying git files to tmp dir '#{temp_dir}'\n"
|
297
|
+
(git_files + additional_files).each do |fname|
|
298
|
+
original_file = File.join(dir, fname)
|
299
|
+
destination_path = File.join(temp_dir, fname)
|
300
|
+
FileUtils.mkdir_p(File.dirname(destination_path))
|
301
|
+
FileUtils.cp(original_file, destination_path)
|
259
302
|
end
|
260
|
-
output.rewind
|
261
303
|
|
262
|
-
|
304
|
+
# rename specified dockerfile to 'Dockerfile' during copy, incase name is different
|
305
|
+
dockerfile_path = cmd_options[:dockerfile] || File.expand_path("debify/Dockerfile.fpm", pwd)
|
306
|
+
temp_dockerfile = File.join(temp_dir, "Dockerfile")
|
307
|
+
|
308
|
+
# change image variable in specified Dockerfile
|
309
|
+
dockerfile = File.read(dockerfile_path)
|
310
|
+
replace_image = dockerfile.gsub("@@image@@", fpm_image.id)
|
311
|
+
File.open(temp_dockerfile, "w") { |file| file.puts replace_image }
|
312
|
+
|
313
|
+
# build image from project being debified dir
|
314
|
+
image = Docker::Image.build_from_dir temp_dir, &DebugMixin::DOCKER
|
263
315
|
|
264
316
|
DebugMixin.debug_write "Built fpm image '#{image.id}' for project #{project_name}\n"
|
265
317
|
|
318
|
+
container_cmd_options = [project_name, version]
|
319
|
+
|
320
|
+
# Set the output file type if present
|
321
|
+
file_type = cmd_options[:output] || DEFAULT_FILE_TYPE
|
322
|
+
container_cmd_options << "--file-type=#{file_type}"
|
323
|
+
|
266
324
|
options = {
|
267
|
-
'Cmd'
|
325
|
+
'Cmd' => container_cmd_options + fpm_args,
|
268
326
|
'Image' => image.id
|
269
327
|
}
|
270
328
|
options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
|
@@ -276,15 +334,22 @@ command "package" do |c|
|
|
276
334
|
status = container.wait
|
277
335
|
raise "Failed to package #{project_name}" unless status['StatusCode'] == 0
|
278
336
|
|
279
|
-
|
280
|
-
|
281
|
-
|
282
|
-
|
283
|
-
|
284
|
-
|
285
|
-
|
286
|
-
|
287
|
-
|
337
|
+
if file_type == "deb"
|
338
|
+
# Copy deb packages
|
339
|
+
copy_packages_from_container(
|
340
|
+
container,
|
341
|
+
"conjur-#{project_name}_#{version}_amd64.deb",
|
342
|
+
"conjur-#{project_name}-dev_#{version}_amd64.deb"
|
343
|
+
)
|
344
|
+
elsif file_type == "rpm"
|
345
|
+
# Copy rpm packages
|
346
|
+
# The rpm builder replaces dashes with underscores in the version
|
347
|
+
rpm_version = version.tr('-', '_')
|
348
|
+
copy_packages_from_container(
|
349
|
+
container,
|
350
|
+
"conjur-#{project_name}-#{rpm_version}-1.x86_64.rpm",
|
351
|
+
"conjur-#{project_name}-dev-#{rpm_version}-1.x86_64.rpm"
|
352
|
+
)
|
288
353
|
end
|
289
354
|
ensure
|
290
355
|
container.delete(force: true)
|
@@ -308,10 +373,10 @@ end
|
|
308
373
|
|
309
374
|
def network_options(cmd)
|
310
375
|
cmd.desc "Specify link for test container"
|
311
|
-
cmd.flag [
|
312
|
-
|
376
|
+
cmd.flag [:l, :link], :multiple => true
|
377
|
+
|
313
378
|
cmd.desc 'Attach to the specified network'
|
314
|
-
cmd.flag [
|
379
|
+
cmd.flag [:n, :net]
|
315
380
|
end
|
316
381
|
|
317
382
|
def short_id(id)
|
@@ -327,7 +392,7 @@ end
|
|
327
392
|
# instead. (Docker doesn't add full container ids as network aliases,
|
328
393
|
# only short ids).
|
329
394
|
def shorten_source_id(link)
|
330
|
-
src,dest = link.split(':')
|
395
|
+
src, dest = link.split(':')
|
331
396
|
src && dest ? "#{short_id(src)}:#{dest}" : link
|
332
397
|
end
|
333
398
|
|
@@ -377,32 +442,32 @@ DESC
|
|
377
442
|
arg_name "project-name test-script"
|
378
443
|
command "test" do |c|
|
379
444
|
c.desc "Set the current working directory"
|
380
|
-
c.flag [
|
445
|
+
c.flag [:d, :dir]
|
381
446
|
|
382
447
|
c.desc "Keep the Conjur appliance container after the command finishes"
|
383
448
|
c.default_value false
|
384
|
-
c.switch [
|
449
|
+
c.switch [:k, :keep]
|
385
450
|
|
386
451
|
c.desc "Image name"
|
387
452
|
c.default_value "registry.tld/conjur-appliance-cuke-master"
|
388
|
-
c.flag [
|
453
|
+
c.flag [:i, :image]
|
389
454
|
|
390
455
|
c.desc "Image tag, e.g. 4.5-stable, 4.6-stable"
|
391
|
-
c.flag [
|
456
|
+
c.flag [:t, "image-tag"]
|
392
457
|
|
393
458
|
c.desc "'docker pull' the Conjur container image"
|
394
459
|
c.default_value true
|
395
|
-
c.switch [
|
460
|
+
c.switch [:pull]
|
396
461
|
|
397
462
|
c.desc "Specify the deb version; by default, it's read from the VERSION file"
|
398
|
-
c.flag [
|
463
|
+
c.flag [:v, :version]
|
399
464
|
|
400
465
|
c.desc "Specify volume for test container"
|
401
|
-
c.flag [
|
466
|
+
c.flag [:'volumes-from'], :multiple => true
|
402
467
|
|
403
468
|
network_options(c)
|
404
|
-
|
405
|
-
c.action do |global_options,cmd_options,args|
|
469
|
+
|
470
|
+
c.action do |global_options, cmd_options, args|
|
406
471
|
raise "project-name is required" unless project_name = args.shift
|
407
472
|
raise "test-script is required" unless test_script = args.shift
|
408
473
|
raise "Received extra command-line arguments" if args.shift
|
@@ -415,7 +480,7 @@ command "test" do |c|
|
|
415
480
|
|
416
481
|
Dir.chdir dir do
|
417
482
|
image_tag = cmd_options["image-tag"] or raise "image-tag is required"
|
418
|
-
appliance_image_id = [
|
483
|
+
appliance_image_id = [cmd_options[:image], image_tag].join(":")
|
419
484
|
version = cmd_options[:version] || detect_version
|
420
485
|
package_name = "conjur-#{project_name}_#{version}_amd64.deb"
|
421
486
|
dev_package_name = "conjur-#{project_name}-dev_#{version}_amd64.deb"
|
@@ -423,7 +488,7 @@ command "test" do |c|
|
|
423
488
|
raise "#{test_script} does not exist or is not a file" unless File.file?(test_script)
|
424
489
|
|
425
490
|
begin
|
426
|
-
tries ||=2
|
491
|
+
tries ||= 2
|
427
492
|
Docker::Image.create 'fromImage' => appliance_image_id, &DebugMixin::DOCKER if cmd_options[:pull]
|
428
493
|
rescue
|
429
494
|
login_to_registry appliance_image_id
|
@@ -462,7 +527,7 @@ RUN touch /etc/service/conjur/down
|
|
462
527
|
packages << dev_package_name if File.exist? dev_package_name
|
463
528
|
|
464
529
|
begin
|
465
|
-
tries ||=2
|
530
|
+
tries ||= 2
|
466
531
|
appliance_image = build_test_image(appliance_image_id, project_name, packages)
|
467
532
|
rescue
|
468
533
|
login_to_registry appliance_image_id
|
@@ -483,29 +548,29 @@ RUN touch /etc/service/conjur/down
|
|
483
548
|
] + global_options[:env],
|
484
549
|
'HostConfig' => {
|
485
550
|
'Binds' => [
|
486
|
-
[
|
551
|
+
[dir, "/src/#{project_name}"].join(':')
|
487
552
|
]
|
488
553
|
}
|
489
554
|
}
|
490
555
|
host_config = options['HostConfig']
|
491
|
-
|
556
|
+
|
492
557
|
host_config['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
|
493
558
|
host_config['VolumesFrom'] = cmd_options[:'volumes-from'] if cmd_options[:'volumes-from'] && !cmd_options[:'volumes-from'].empty?
|
494
559
|
|
495
560
|
add_network_config(options, cmd_options)
|
496
|
-
|
561
|
+
|
497
562
|
if global_options[:'local-bundle']
|
498
563
|
host_config['Binds']
|
499
|
-
.push([
|
500
|
-
.push([
|
564
|
+
.push([vendor_dir, "/src/#{project_name}/vendor"].join(':'))
|
565
|
+
.push([dot_bundle_dir, "/src/#{project_name}/.bundle"].join(':'))
|
501
566
|
end
|
502
567
|
|
503
|
-
container = Docker::Container.create(options.tap {|o| DebugMixin.debug_write "creating container with options #{o.inspect}"})
|
568
|
+
container = Docker::Container.create(options.tap { |o| DebugMixin.debug_write "creating container with options #{o.inspect}" })
|
504
569
|
|
505
570
|
begin
|
506
571
|
DebugMixin.debug_write "Testing #{project_name} in container #{container.id}\n"
|
507
572
|
|
508
|
-
spawn("docker logs -f #{container.id}", [
|
573
|
+
spawn("docker logs -f #{container.id}", [:out, :err] => $stderr).tap do |pid|
|
509
574
|
Process.detach pid
|
510
575
|
end
|
511
576
|
container.start!
|
@@ -556,29 +621,29 @@ Once in the container, use "/opt/conjur/evoke/bin/dev-install" to install the de
|
|
556
621
|
DESC
|
557
622
|
command "sandbox" do |c|
|
558
623
|
c.desc "Set the current working directory"
|
559
|
-
c.flag [
|
624
|
+
c.flag [:d, :dir]
|
560
625
|
|
561
626
|
c.desc "Image name"
|
562
627
|
c.default_value "registry.tld/conjur-appliance-cuke-master"
|
563
|
-
c.flag [
|
628
|
+
c.flag [:i, :image]
|
564
629
|
|
565
630
|
c.desc "Image tag, e.g. 4.5-stable, 4.6-stable"
|
566
|
-
c.flag [
|
631
|
+
c.flag [:t, "image-tag"]
|
567
632
|
|
568
633
|
c.desc "Bind another source directory into the container. Use <src>:<dest>, where both are full paths."
|
569
|
-
c.flag [
|
634
|
+
c.flag [:"bind"], :multiple => true
|
570
635
|
|
571
636
|
c.desc "'docker pull' the Conjur container image"
|
572
637
|
c.default_value false
|
573
|
-
c.switch [
|
638
|
+
c.switch [:pull]
|
574
639
|
|
575
640
|
network_options(c)
|
576
641
|
|
577
642
|
c.desc "Specify volume for container"
|
578
|
-
c.flag [
|
643
|
+
c.flag [:'volumes-from'], :multiple => true
|
579
644
|
|
580
645
|
c.desc "Expose a port from the container to host. Use <host>:<container>."
|
581
|
-
c.flag [
|
646
|
+
c.flag [:p, :port], :multiple => true
|
582
647
|
|
583
648
|
c.desc 'Run dev-install in /src/<project-name>'
|
584
649
|
c.default_value false
|
@@ -589,9 +654,9 @@ command "sandbox" do |c|
|
|
589
654
|
c.switch [:kill]
|
590
655
|
|
591
656
|
c.desc 'A command to run in the sandbox'
|
592
|
-
c.flag [
|
593
|
-
|
594
|
-
c.action do |global_options,cmd_options,args|
|
657
|
+
c.flag [:c, :command]
|
658
|
+
|
659
|
+
c.action do |global_options, cmd_options, args|
|
595
660
|
raise "Received extra command-line arguments" if args.shift
|
596
661
|
|
597
662
|
dir = cmd_options[:dir] || '.'
|
@@ -601,11 +666,11 @@ command "sandbox" do |c|
|
|
601
666
|
|
602
667
|
Dir.chdir dir do
|
603
668
|
image_tag = cmd_options["image-tag"] or raise "image-tag is required"
|
604
|
-
appliance_image_id = [
|
669
|
+
appliance_image_id = [cmd_options[:image], image_tag].join(":")
|
605
670
|
|
606
671
|
appliance_image = if cmd_options[:pull]
|
607
672
|
begin
|
608
|
-
tries ||=2
|
673
|
+
tries ||= 2
|
609
674
|
Docker::Image.create 'fromImage' => appliance_image_id, &DebugMixin::DOCKER if cmd_options[:pull]
|
610
675
|
rescue
|
611
676
|
login_to_registry appliance_image_id
|
@@ -635,26 +700,26 @@ command "sandbox" do |c|
|
|
635
700
|
|
636
701
|
options['HostConfig'] = host_config = {}
|
637
702
|
host_config['Binds'] = [
|
638
|
-
[
|
639
|
-
[
|
703
|
+
[File.expand_path(".ssh/id_rsa", ENV['HOME']), "/root/.ssh/id_rsa", 'ro'].join(':'),
|
704
|
+
[dir, "/src/#{project_name}"].join(':'),
|
640
705
|
] + Array(cmd_options[:bind])
|
641
706
|
|
642
707
|
if global_options[:'local-bundle']
|
643
708
|
host_config['Binds']
|
644
|
-
.push([
|
645
|
-
.push([
|
709
|
+
.push([vendor_dir, "/src/#{project_name}/vendor"].join(':'))
|
710
|
+
.push([dot_bundle_dir, "/src/#{project_name}/.bundle"].join(':'))
|
646
711
|
end
|
647
712
|
|
648
713
|
host_config['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
|
649
714
|
host_config['VolumesFrom'] = cmd_options[:'volumes-from'] unless cmd_options[:'volumes-from'].empty?
|
650
|
-
|
715
|
+
|
651
716
|
add_network_config(options, cmd_options)
|
652
717
|
|
653
718
|
unless cmd_options[:port].empty?
|
654
719
|
port_bindings = Hash.new({})
|
655
720
|
cmd_options[:port].each do |mapping|
|
656
721
|
hport, cport = mapping.split(':')
|
657
|
-
port_bindings["#{cport}/tcp"] = [{
|
722
|
+
port_bindings["#{cport}/tcp"] = [{'HostPort' => hport}]
|
658
723
|
end
|
659
724
|
host_config['PortBindings'] = port_bindings
|
660
725
|
end
|
@@ -664,7 +729,7 @@ command "sandbox" do |c|
|
|
664
729
|
previous.delete(:force => true) if previous
|
665
730
|
end
|
666
731
|
|
667
|
-
container = Docker::Container.create(options.tap {|o| DebugMixin.debug_write "creating container with options #{o.inspect}"})
|
732
|
+
container = Docker::Container.create(options.tap { |o| DebugMixin.debug_write "creating container with options #{o.inspect}" })
|
668
733
|
$stdout.puts container.id
|
669
734
|
container.start!
|
670
735
|
|
@@ -700,23 +765,27 @@ DESC
|
|
700
765
|
arg_name "distribution project-name"
|
701
766
|
command "publish" do |c|
|
702
767
|
c.desc "Set the current working directory"
|
703
|
-
c.flag [
|
768
|
+
c.flag [:d, :dir]
|
704
769
|
|
705
770
|
c.desc "Specify the deb package version; by default, it's computed automatically"
|
706
|
-
c.flag [
|
771
|
+
c.flag [:v, :version]
|
707
772
|
|
708
773
|
c.desc "Component to publish to, either 'stable' or the name of the git branch"
|
709
|
-
c.flag [
|
774
|
+
c.flag [:c, :component]
|
710
775
|
|
711
776
|
c.desc "Artifactory URL to publish to"
|
712
777
|
c.default_value "https://conjurinc.jfrog.io/conjurinc"
|
713
|
-
c.flag [
|
778
|
+
c.flag [:u, :url]
|
714
779
|
|
715
780
|
c.desc "Artifactory Debian repo to publish package to"
|
716
781
|
c.default_value "debian-private"
|
717
|
-
c.flag [
|
782
|
+
c.flag [:r, :repo]
|
783
|
+
|
784
|
+
c.desc "Artifactory RPM repo to publish package to"
|
785
|
+
c.default_value "redhat-private"
|
786
|
+
c.flag ['rpm-repo']
|
718
787
|
|
719
|
-
c.action do |global_options,cmd_options,args|
|
788
|
+
c.action do |global_options, cmd_options, args|
|
720
789
|
require 'conjur/debify/action/publish'
|
721
790
|
raise "distribution is required" unless distribution = args.shift
|
722
791
|
raise "project-name is required" unless project_name = args.shift
|
@@ -729,8 +798,8 @@ end
|
|
729
798
|
desc "Auto-detect and print the repository version"
|
730
799
|
command "detect-version" do |c|
|
731
800
|
c.desc "Set the current working directory"
|
732
|
-
c.flag [
|
733
|
-
c.action do |global_options,cmd_options,args|
|
801
|
+
c.flag [:d, :dir]
|
802
|
+
c.action do |global_options, cmd_options, args|
|
734
803
|
raise "Received extra command-line arguments" if args.shift
|
735
804
|
|
736
805
|
dir = cmd_options[:dir] || '.'
|
@@ -747,7 +816,7 @@ end
|
|
747
816
|
desc 'Show the given configuration'
|
748
817
|
arg_name 'configuration'
|
749
818
|
command 'config' do |c|
|
750
|
-
c.action do |_,_,args|
|
819
|
+
c.action do |_, _, args|
|
751
820
|
raise 'no configuration provided' unless config = args.shift
|
752
821
|
raise "Received extra command-line arguments" if args.shift
|
753
822
|
|
@@ -758,7 +827,7 @@ command 'config' do |c|
|
|
758
827
|
end
|
759
828
|
|
760
829
|
|
761
|
-
pre do |global,command,options,args|
|
830
|
+
pre do |global, command, options, args|
|
762
831
|
# Pre logic here
|
763
832
|
# Return true to proceed; false to abort and not call the
|
764
833
|
# chosen command
|
@@ -767,7 +836,7 @@ pre do |global,command,options,args|
|
|
767
836
|
true
|
768
837
|
end
|
769
838
|
|
770
|
-
post do |global,command,options,args|
|
839
|
+
post do |global, command, options, args|
|
771
840
|
# Post logic here
|
772
841
|
# Use skips_post before a command to skip this
|
773
842
|
# block on that command only
|
data/lib/conjur/fpm/Dockerfile
CHANGED
@@ -1,20 +1,19 @@
|
|
1
1
|
# Build from the same version of ubuntu as phusion/baseimage
|
2
|
-
FROM cyberark/phusion-ruby-fips:
|
2
|
+
FROM cyberark/phusion-ruby-fips:latest
|
3
3
|
|
4
4
|
RUN apt-get update -y && \
|
5
5
|
apt-get dist-upgrade -y && \
|
6
6
|
apt-get install -y build-essential \
|
7
7
|
git \
|
8
|
-
libffi-dev
|
8
|
+
libffi-dev \
|
9
|
+
rpm
|
9
10
|
|
10
|
-
RUN gem install --no-document
|
11
|
-
fpm
|
11
|
+
RUN gem install --no-document fpm
|
12
12
|
|
13
13
|
ENV GEM_HOME /usr/local/bundle
|
14
14
|
ENV BUNDLE_PATH="$GEM_HOME" \
|
15
15
|
BUNDLE_BIN="$GEM_HOME/bin" \
|
16
|
-
BUNDLE_SILENCE_ROOT_WARNING=1
|
17
|
-
BUNDLE_APP_CONFIG="$GEM_HOME"
|
16
|
+
BUNDLE_SILENCE_ROOT_WARNING=1
|
18
17
|
ENV PATH $BUNDLE_BIN:$PATH
|
19
18
|
RUN mkdir -p "$GEM_HOME" "$BUNDLE_BIN" && \
|
20
19
|
chmod 777 "$GEM_HOME" "$BUNDLE_BIN"
|