conjur-debify 1.12.0 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/Dockerfile +7 -21
- data/Rakefile +2 -1
- data/VERSION +1 -1
- data/ci/test.sh +0 -5
- data/distrib/entrypoint.sh +4 -7
- data/features/package.feature +1 -0
- data/features/sandbox.feature +4 -0
- data/features/step_definitions/debify_steps.rb +1 -2
- data/lib/conjur/debify.rb +96 -83
- data/lib/conjur/fpm/package.sh +40 -27
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6f76a5ea0e2c4fc01e0666594176690174cf1894f478570118056908c03c5e81
|
4
|
+
data.tar.gz: ebdb065547d044394079979326f759118e264a640a5feb41341fdba6386de661
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ed14d2fecc7c4229f8c3c59d289acd39b7defd6c046b5417d332d7adfe6b921cdc5dc16b81f95825b07e9d595f92ecc7924508fc0529f6ccce00bd182e0d8f65
|
7
|
+
data.tar.gz: 9c8aaaa932d2971d549a2db859c2e47c16f26890fc25ed6491c5cd854fb4d363af289312947e5f9deb950d55b044a6bc32158472445c391241bd19604d7a5725
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,11 @@
|
|
1
1
|
## [Unreleased]
|
2
2
|
|
3
|
+
# 2.0.0
|
4
|
+
### Changed
|
5
|
+
- Debify now receives the flag `--output` as input to indicate the file type that it should package (e.g `rpm`). If this
|
6
|
+
flag is not given, the default value is `deb`.
|
7
|
+
[conjurinc/debify#56](https://github.com/conjurinc/debify/issues/56)
|
8
|
+
|
3
9
|
# 1.12.0
|
4
10
|
|
5
11
|
### Added
|
data/Dockerfile
CHANGED
@@ -1,32 +1,18 @@
|
|
1
1
|
FROM ruby:2.6-stretch
|
2
2
|
|
3
|
-
### DockerInDocker support is take from
|
4
|
-
### https://github.com/jpetazzo/dind/blob/master/Dockerfile . I
|
5
|
-
### elected to base this image on ruby, then pull in the (slightly
|
6
|
-
### outdated) support for DockerInDocker. Creation of the official
|
7
|
-
### docker:dind image much more complicated and didn't lend itself to
|
8
|
-
### also running ruby.
|
9
|
-
|
10
3
|
RUN apt-get update -qq && \
|
11
4
|
apt-get dist-upgrade -qqy && \
|
12
5
|
apt-get install -qqy \
|
13
6
|
apt-transport-https \
|
14
7
|
ca-certificates \
|
15
|
-
curl
|
16
|
-
lxc \
|
17
|
-
iptables
|
8
|
+
curl
|
18
9
|
|
19
|
-
# Install Docker
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
# Define additional metadata for our image.
|
27
|
-
VOLUME /var/lib/docker
|
28
|
-
|
29
|
-
### End of DockerInDocker support
|
10
|
+
# Install Docker client tools
|
11
|
+
ENV DOCKERVERSION=20.10.0
|
12
|
+
RUN curl -fsSLO https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKERVERSION}.tgz \
|
13
|
+
&& tar xzvf docker-${DOCKERVERSION}.tgz --strip 1 \
|
14
|
+
-C /usr/local/bin docker/docker \
|
15
|
+
&& rm docker-${DOCKERVERSION}.tgz
|
30
16
|
|
31
17
|
RUN mkdir -p /debify
|
32
18
|
WORKDIR /debify
|
data/Rakefile
CHANGED
@@ -33,7 +33,8 @@ if cucumber?
|
|
33
33
|
Cucumber::Rake::Task.new(:features) do |t|
|
34
34
|
opts = "features --format junit -o #{CUKE_RESULTS} --format pretty -x"
|
35
35
|
opts += " --tags #{ENV['TAGS']}" if ENV['TAGS']
|
36
|
-
|
36
|
+
opts += " --tags ~@skip"
|
37
|
+
t.cucumber_opts = opts
|
37
38
|
t.fork = false
|
38
39
|
end
|
39
40
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
|
1
|
+
2.0.0
|
data/ci/test.sh
CHANGED
@@ -2,11 +2,6 @@
|
|
2
2
|
|
3
3
|
bundle
|
4
4
|
|
5
|
-
# Some tests need to be logged in to the registry, to pull a base
|
6
|
-
# image if it's not already available. Have entrypoint.sh do something
|
7
|
-
# simple, and log in as a side effect.
|
8
|
-
/debify/distrib/entrypoint.sh detect-version
|
9
|
-
|
10
5
|
for target in spec cucumber; do
|
11
6
|
bundle exec rake $target
|
12
7
|
done
|
data/distrib/entrypoint.sh
CHANGED
@@ -6,17 +6,14 @@ set +x
|
|
6
6
|
|
7
7
|
creds=( $(ruby /debify/distrib/conjur_creds.rb) )
|
8
8
|
|
9
|
-
# If there are creds, use them to log in to the registry.
|
10
|
-
# the magic DockerInDocker wrapper script so debify can interact with
|
11
|
-
# the Docker daemon.
|
9
|
+
# If there are creds, use them to log in to the registry.
|
12
10
|
#
|
13
|
-
# If there are no creds,
|
11
|
+
# If there are no creds, any commands that do
|
14
12
|
# Docker stuff will fail, but the non-Docker commands (e.g. the config
|
15
13
|
# subcommands) will work fine.
|
16
14
|
if [[ ${#creds[*]} > 0 ]]; then
|
17
15
|
echo -n "${creds[1]}" | docker login registry.tld -u ${creds[0]} --password-stdin >/dev/null 2>&1
|
18
|
-
exec wrapdocker debify "$@"
|
19
|
-
else
|
20
|
-
exec debify "$@"
|
21
16
|
fi
|
22
17
|
|
18
|
+
exec debify "$@"
|
19
|
+
|
data/features/package.feature
CHANGED
data/features/sandbox.feature
CHANGED
@@ -2,6 +2,10 @@
|
|
2
2
|
Feature: Running a sandbox
|
3
3
|
Background:
|
4
4
|
Given I successfully run `docker pull registry.tld/conjur-appliance-cuke-master:4.9-stable`
|
5
|
+
# The extra containers will use the `alpine` image, so we need to pull it first on the
|
6
|
+
# host to use the authenticated DockerHub connection. This avoids hitting DockerHub
|
7
|
+
# rate limits.
|
8
|
+
And I successfully run `docker pull alpine`
|
5
9
|
|
6
10
|
Scenario: sandbox for 'example' project be started
|
7
11
|
Given I successfully start a sandbox for "example" with arguments "-t 4.9-stable --no-pull"
|
@@ -12,11 +12,10 @@ When /^I start a container named "(.*?)"(?: on network "(.*?)")*$/ do |name, net
|
|
12
12
|
networks << network
|
13
13
|
end
|
14
14
|
|
15
|
-
alpine = Docker::Image.create('fromImage' => 'alpine')
|
16
15
|
options = {
|
17
16
|
'name' => name,
|
18
17
|
'Cmd' => [ "sh", "-c", "while true; do sleep 1; done" ],
|
19
|
-
'Image' => alpine
|
18
|
+
'Image' => 'alpine'
|
20
19
|
}
|
21
20
|
options['HostConfig'] = { 'NetworkMode' => net_name } if net_name
|
22
21
|
|
data/lib/conjur/debify.rb
CHANGED
@@ -13,6 +13,8 @@ require 'active_support/core_ext'
|
|
13
13
|
|
14
14
|
include GLI::App
|
15
15
|
|
16
|
+
DEFAULT_FILE_TYPE = "deb"
|
17
|
+
|
16
18
|
config_file '.debifyrc'
|
17
19
|
|
18
20
|
desc 'Set an environment variable (e.g. TERM=xterm) when starting a container'
|
@@ -50,7 +52,7 @@ module DebugMixin
|
|
50
52
|
if a.length == 2 && a[0].is_a?(Symbol)
|
51
53
|
debug a.last
|
52
54
|
else
|
53
|
-
|
55
|
+
a.each do |line|
|
54
56
|
begin
|
55
57
|
line = JSON.parse(line)
|
56
58
|
line.keys.each do |k|
|
@@ -80,7 +82,7 @@ def detect_version
|
|
80
82
|
base_version = File.read("VERSION").strip
|
81
83
|
commits_since = `git log #{base_commit}..HEAD --pretty='%h'`.split("\n").size
|
82
84
|
hash = `git rev-parse --short HEAD`.strip
|
83
|
-
[
|
85
|
+
[[base_version, commits_since].join('.'), hash].join("-")
|
84
86
|
else
|
85
87
|
`git describe --long --tags --abbrev=7 --match 'v*.*.*' | sed -e 's/^v//'`.strip.tap do |version|
|
86
88
|
raise "No Git version (tag) for project" if version.empty?
|
@@ -125,15 +127,15 @@ DESC
|
|
125
127
|
arg_name "project-name -- <fpm-arguments>"
|
126
128
|
command "clean" do |c|
|
127
129
|
c.desc "Set the current working directory"
|
128
|
-
c.flag [
|
130
|
+
c.flag [:d, "dir"]
|
129
131
|
|
130
132
|
c.desc "Ignore (don't delete) a file or directory"
|
131
|
-
c.flag [
|
133
|
+
c.flag [:i, :ignore]
|
132
134
|
|
133
135
|
c.desc "Force file deletion even if if this doesn't look like a Jenkins environment"
|
134
|
-
c.switch [
|
136
|
+
c.switch [:force]
|
135
137
|
|
136
|
-
c.action do |global_options,cmd_options,args|
|
138
|
+
c.action do |global_options, cmd_options, args|
|
137
139
|
def looks_like_jenkins?
|
138
140
|
require 'etc'
|
139
141
|
Etc.getlogin == 'jenkins' && ENV['BUILD_NUMBER']
|
@@ -144,10 +146,10 @@ command "clean" do |c|
|
|
144
146
|
if !perform_deletion
|
145
147
|
$stderr.puts "No --force, and this doesn't look like Jenkins. I won't actually delete anything"
|
146
148
|
end
|
147
|
-
@ignore_list = Array(cmd_options[:ignore]) + [
|
149
|
+
@ignore_list = Array(cmd_options[:ignore]) + ['.', '..', '.git']
|
148
150
|
|
149
151
|
def ignore_file? f
|
150
|
-
@ignore_list.find{|ignore| f.index(ignore) == 0}
|
152
|
+
@ignore_list.find { |ignore| f.index(ignore) == 0 }
|
151
153
|
end
|
152
154
|
|
153
155
|
dir = cmd_options[:dir] || '.'
|
@@ -160,16 +162,16 @@ command "clean" do |c|
|
|
160
162
|
end
|
161
163
|
find_files.compact!
|
162
164
|
delete_files = (find_files - git_files)
|
163
|
-
delete_files.delete_if{|file|
|
165
|
+
delete_files.delete_if { |file|
|
164
166
|
File.directory?(file) || ignore_file?(file)
|
165
167
|
}
|
166
168
|
if perform_deletion
|
167
169
|
image = Docker::Image.create 'fromImage' => "alpine:3.3"
|
168
170
|
options = {
|
169
|
-
'Cmd'
|
171
|
+
'Cmd' => ["sh", "-c", "while true; do sleep 1; done"],
|
170
172
|
'Image' => image.id,
|
171
173
|
'Binds' => [
|
172
|
-
[
|
174
|
+
[dir, "/src"].join(':'),
|
173
175
|
]
|
174
176
|
}
|
175
177
|
options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
|
@@ -180,7 +182,7 @@ command "clean" do |c|
|
|
180
182
|
puts file
|
181
183
|
|
182
184
|
file = "/src/#{file}"
|
183
|
-
cmd = [
|
185
|
+
cmd = ["rm", "-f", file]
|
184
186
|
|
185
187
|
stdout, stderr, status = container.exec cmd, &DebugMixin::DOCKER
|
186
188
|
$stderr.puts "Failed to delete #{file}" unless status == 0
|
@@ -232,18 +234,21 @@ DESC
|
|
232
234
|
arg_name "project-name -- <fpm-arguments>"
|
233
235
|
command "package" do |c|
|
234
236
|
c.desc "Set the current working directory"
|
235
|
-
c.flag [
|
237
|
+
c.flag [:d, "dir"]
|
238
|
+
|
239
|
+
c.desc "Set the output file type of the fpm command (e.g rpm)"
|
240
|
+
c.flag [:o, :output]
|
236
241
|
|
237
242
|
c.desc "Specify the deb version; by default, it's read from the VERSION file"
|
238
|
-
c.flag [
|
243
|
+
c.flag [:v, :version]
|
239
244
|
|
240
245
|
c.desc "Specify a custom Dockerfile.fpm"
|
241
|
-
c.flag [
|
246
|
+
c.flag [:dockerfile]
|
242
247
|
|
243
248
|
c.desc "Specify files to add to the FPM image that are not included from the git repo"
|
244
|
-
c.flag [
|
249
|
+
c.flag [:'additional-files']
|
245
250
|
|
246
|
-
c.action do |global_options,cmd_options,args|
|
251
|
+
c.action do |global_options, cmd_options, args|
|
247
252
|
raise "project-name is required" unless project_name = args.shift
|
248
253
|
|
249
254
|
fpm_args = []
|
@@ -279,23 +284,29 @@ command "package" do |c|
|
|
279
284
|
FileUtils.mkdir_p(File.dirname(destination_path))
|
280
285
|
FileUtils.cp(original_file, destination_path)
|
281
286
|
end
|
282
|
-
|
287
|
+
|
283
288
|
# rename specified dockerfile to 'Dockerfile' during copy, incase name is different
|
284
289
|
dockerfile_path = cmd_options[:dockerfile] || File.expand_path("debify/Dockerfile.fpm", pwd)
|
285
290
|
temp_dockerfile = File.join(temp_dir, "Dockerfile")
|
286
|
-
|
291
|
+
|
287
292
|
# change image variable in specified Dockerfile
|
288
293
|
dockerfile = File.read(dockerfile_path)
|
289
294
|
replace_image = dockerfile.gsub("@@image@@", fpm_image.id)
|
290
|
-
File.open(temp_dockerfile, "w") {|file| file.puts replace_image}
|
295
|
+
File.open(temp_dockerfile, "w") { |file| file.puts replace_image }
|
291
296
|
|
292
297
|
# build image from project being debified dir
|
293
298
|
image = Docker::Image.build_from_dir temp_dir, &DebugMixin::DOCKER
|
294
299
|
|
295
300
|
DebugMixin.debug_write "Built fpm image '#{image.id}' for project #{project_name}\n"
|
296
301
|
|
302
|
+
container_cmd_options = [project_name, version]
|
303
|
+
|
304
|
+
# Set the output file type if present
|
305
|
+
file_type = cmd_options[:output] || DEFAULT_FILE_TYPE
|
306
|
+
container_cmd_options << "--file-type=#{file_type}"
|
307
|
+
|
297
308
|
options = {
|
298
|
-
'Cmd'
|
309
|
+
'Cmd' => container_cmd_options + fpm_args,
|
299
310
|
'Image' => image.id
|
300
311
|
}
|
301
312
|
options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
|
@@ -307,21 +318,23 @@ command "package" do |c|
|
|
307
318
|
status = container.wait
|
308
319
|
raise "Failed to package #{project_name}" unless status['StatusCode'] == 0
|
309
320
|
|
310
|
-
|
311
|
-
|
312
|
-
|
313
|
-
|
314
|
-
|
315
|
-
|
316
|
-
|
317
|
-
|
318
|
-
|
319
|
-
|
320
|
-
|
321
|
-
|
322
|
-
|
323
|
-
|
324
|
-
|
321
|
+
if file_type == "deb"
|
322
|
+
# Copy deb packages
|
323
|
+
copy_packages_from_container(
|
324
|
+
container,
|
325
|
+
"conjur-#{project_name}_#{version}_amd64.deb",
|
326
|
+
"conjur-#{project_name}-dev_#{version}_amd64.deb"
|
327
|
+
)
|
328
|
+
elsif file_type == "rpm"
|
329
|
+
# Copy rpm packages
|
330
|
+
# The rpm builder replaces dashes with underscores in the version
|
331
|
+
rpm_version = version.tr('-', '_')
|
332
|
+
copy_packages_from_container(
|
333
|
+
container,
|
334
|
+
"conjur-#{project_name}-#{rpm_version}-1.x86_64.rpm",
|
335
|
+
"conjur-#{project_name}-dev-#{rpm_version}-1.x86_64.rpm"
|
336
|
+
)
|
337
|
+
end
|
325
338
|
ensure
|
326
339
|
container.delete(force: true)
|
327
340
|
end
|
@@ -344,10 +357,10 @@ end
|
|
344
357
|
|
345
358
|
def network_options(cmd)
|
346
359
|
cmd.desc "Specify link for test container"
|
347
|
-
cmd.flag [
|
360
|
+
cmd.flag [:l, :link], :multiple => true
|
348
361
|
|
349
362
|
cmd.desc 'Attach to the specified network'
|
350
|
-
cmd.flag [
|
363
|
+
cmd.flag [:n, :net]
|
351
364
|
end
|
352
365
|
|
353
366
|
def short_id(id)
|
@@ -363,7 +376,7 @@ end
|
|
363
376
|
# instead. (Docker doesn't add full container ids as network aliases,
|
364
377
|
# only short ids).
|
365
378
|
def shorten_source_id(link)
|
366
|
-
src,dest = link.split(':')
|
379
|
+
src, dest = link.split(':')
|
367
380
|
src && dest ? "#{short_id(src)}:#{dest}" : link
|
368
381
|
end
|
369
382
|
|
@@ -413,32 +426,32 @@ DESC
|
|
413
426
|
arg_name "project-name test-script"
|
414
427
|
command "test" do |c|
|
415
428
|
c.desc "Set the current working directory"
|
416
|
-
c.flag [
|
429
|
+
c.flag [:d, :dir]
|
417
430
|
|
418
431
|
c.desc "Keep the Conjur appliance container after the command finishes"
|
419
432
|
c.default_value false
|
420
|
-
c.switch [
|
433
|
+
c.switch [:k, :keep]
|
421
434
|
|
422
435
|
c.desc "Image name"
|
423
436
|
c.default_value "registry.tld/conjur-appliance-cuke-master"
|
424
|
-
c.flag [
|
437
|
+
c.flag [:i, :image]
|
425
438
|
|
426
439
|
c.desc "Image tag, e.g. 4.5-stable, 4.6-stable"
|
427
|
-
c.flag [
|
440
|
+
c.flag [:t, "image-tag"]
|
428
441
|
|
429
442
|
c.desc "'docker pull' the Conjur container image"
|
430
443
|
c.default_value true
|
431
|
-
c.switch [
|
444
|
+
c.switch [:pull]
|
432
445
|
|
433
446
|
c.desc "Specify the deb version; by default, it's read from the VERSION file"
|
434
|
-
c.flag [
|
447
|
+
c.flag [:v, :version]
|
435
448
|
|
436
449
|
c.desc "Specify volume for test container"
|
437
|
-
c.flag [
|
450
|
+
c.flag [:'volumes-from'], :multiple => true
|
438
451
|
|
439
452
|
network_options(c)
|
440
453
|
|
441
|
-
c.action do |global_options,cmd_options,args|
|
454
|
+
c.action do |global_options, cmd_options, args|
|
442
455
|
raise "project-name is required" unless project_name = args.shift
|
443
456
|
raise "test-script is required" unless test_script = args.shift
|
444
457
|
raise "Received extra command-line arguments" if args.shift
|
@@ -451,7 +464,7 @@ command "test" do |c|
|
|
451
464
|
|
452
465
|
Dir.chdir dir do
|
453
466
|
image_tag = cmd_options["image-tag"] or raise "image-tag is required"
|
454
|
-
appliance_image_id = [
|
467
|
+
appliance_image_id = [cmd_options[:image], image_tag].join(":")
|
455
468
|
version = cmd_options[:version] || detect_version
|
456
469
|
package_name = "conjur-#{project_name}_#{version}_amd64.deb"
|
457
470
|
dev_package_name = "conjur-#{project_name}-dev_#{version}_amd64.deb"
|
@@ -459,7 +472,7 @@ command "test" do |c|
|
|
459
472
|
raise "#{test_script} does not exist or is not a file" unless File.file?(test_script)
|
460
473
|
|
461
474
|
begin
|
462
|
-
tries ||=2
|
475
|
+
tries ||= 2
|
463
476
|
Docker::Image.create 'fromImage' => appliance_image_id, &DebugMixin::DOCKER if cmd_options[:pull]
|
464
477
|
rescue
|
465
478
|
login_to_registry appliance_image_id
|
@@ -498,7 +511,7 @@ RUN touch /etc/service/conjur/down
|
|
498
511
|
packages << dev_package_name if File.exist? dev_package_name
|
499
512
|
|
500
513
|
begin
|
501
|
-
tries ||=2
|
514
|
+
tries ||= 2
|
502
515
|
appliance_image = build_test_image(appliance_image_id, project_name, packages)
|
503
516
|
rescue
|
504
517
|
login_to_registry appliance_image_id
|
@@ -519,7 +532,7 @@ RUN touch /etc/service/conjur/down
|
|
519
532
|
] + global_options[:env],
|
520
533
|
'HostConfig' => {
|
521
534
|
'Binds' => [
|
522
|
-
[
|
535
|
+
[dir, "/src/#{project_name}"].join(':')
|
523
536
|
]
|
524
537
|
}
|
525
538
|
}
|
@@ -532,16 +545,16 @@ RUN touch /etc/service/conjur/down
|
|
532
545
|
|
533
546
|
if global_options[:'local-bundle']
|
534
547
|
host_config['Binds']
|
535
|
-
.push([
|
536
|
-
.push([
|
548
|
+
.push([vendor_dir, "/src/#{project_name}/vendor"].join(':'))
|
549
|
+
.push([dot_bundle_dir, "/src/#{project_name}/.bundle"].join(':'))
|
537
550
|
end
|
538
551
|
|
539
|
-
container = Docker::Container.create(options.tap {|o| DebugMixin.debug_write "creating container with options #{o.inspect}"})
|
552
|
+
container = Docker::Container.create(options.tap { |o| DebugMixin.debug_write "creating container with options #{o.inspect}" })
|
540
553
|
|
541
554
|
begin
|
542
555
|
DebugMixin.debug_write "Testing #{project_name} in container #{container.id}\n"
|
543
556
|
|
544
|
-
spawn("docker logs -f #{container.id}", [
|
557
|
+
spawn("docker logs -f #{container.id}", [:out, :err] => $stderr).tap do |pid|
|
545
558
|
Process.detach pid
|
546
559
|
end
|
547
560
|
container.start!
|
@@ -592,29 +605,29 @@ Once in the container, use "/opt/conjur/evoke/bin/dev-install" to install the de
|
|
592
605
|
DESC
|
593
606
|
command "sandbox" do |c|
|
594
607
|
c.desc "Set the current working directory"
|
595
|
-
c.flag [
|
608
|
+
c.flag [:d, :dir]
|
596
609
|
|
597
610
|
c.desc "Image name"
|
598
611
|
c.default_value "registry.tld/conjur-appliance-cuke-master"
|
599
|
-
c.flag [
|
612
|
+
c.flag [:i, :image]
|
600
613
|
|
601
614
|
c.desc "Image tag, e.g. 4.5-stable, 4.6-stable"
|
602
|
-
c.flag [
|
615
|
+
c.flag [:t, "image-tag"]
|
603
616
|
|
604
617
|
c.desc "Bind another source directory into the container. Use <src>:<dest>, where both are full paths."
|
605
|
-
c.flag [
|
618
|
+
c.flag [:"bind"], :multiple => true
|
606
619
|
|
607
620
|
c.desc "'docker pull' the Conjur container image"
|
608
621
|
c.default_value false
|
609
|
-
c.switch [
|
622
|
+
c.switch [:pull]
|
610
623
|
|
611
624
|
network_options(c)
|
612
625
|
|
613
626
|
c.desc "Specify volume for container"
|
614
|
-
c.flag [
|
627
|
+
c.flag [:'volumes-from'], :multiple => true
|
615
628
|
|
616
629
|
c.desc "Expose a port from the container to host. Use <host>:<container>."
|
617
|
-
c.flag [
|
630
|
+
c.flag [:p, :port], :multiple => true
|
618
631
|
|
619
632
|
c.desc 'Run dev-install in /src/<project-name>'
|
620
633
|
c.default_value false
|
@@ -625,9 +638,9 @@ command "sandbox" do |c|
|
|
625
638
|
c.switch [:kill]
|
626
639
|
|
627
640
|
c.desc 'A command to run in the sandbox'
|
628
|
-
c.flag [
|
641
|
+
c.flag [:c, :command]
|
629
642
|
|
630
|
-
c.action do |global_options,cmd_options,args|
|
643
|
+
c.action do |global_options, cmd_options, args|
|
631
644
|
raise "Received extra command-line arguments" if args.shift
|
632
645
|
|
633
646
|
dir = cmd_options[:dir] || '.'
|
@@ -637,11 +650,11 @@ command "sandbox" do |c|
|
|
637
650
|
|
638
651
|
Dir.chdir dir do
|
639
652
|
image_tag = cmd_options["image-tag"] or raise "image-tag is required"
|
640
|
-
appliance_image_id = [
|
653
|
+
appliance_image_id = [cmd_options[:image], image_tag].join(":")
|
641
654
|
|
642
655
|
appliance_image = if cmd_options[:pull]
|
643
656
|
begin
|
644
|
-
tries ||=2
|
657
|
+
tries ||= 2
|
645
658
|
Docker::Image.create 'fromImage' => appliance_image_id, &DebugMixin::DOCKER if cmd_options[:pull]
|
646
659
|
rescue
|
647
660
|
login_to_registry appliance_image_id
|
@@ -671,14 +684,14 @@ command "sandbox" do |c|
|
|
671
684
|
|
672
685
|
options['HostConfig'] = host_config = {}
|
673
686
|
host_config['Binds'] = [
|
674
|
-
[
|
675
|
-
[
|
687
|
+
[File.expand_path(".ssh/id_rsa", ENV['HOME']), "/root/.ssh/id_rsa", 'ro'].join(':'),
|
688
|
+
[dir, "/src/#{project_name}"].join(':'),
|
676
689
|
] + Array(cmd_options[:bind])
|
677
690
|
|
678
691
|
if global_options[:'local-bundle']
|
679
692
|
host_config['Binds']
|
680
|
-
.push([
|
681
|
-
.push([
|
693
|
+
.push([vendor_dir, "/src/#{project_name}/vendor"].join(':'))
|
694
|
+
.push([dot_bundle_dir, "/src/#{project_name}/.bundle"].join(':'))
|
682
695
|
end
|
683
696
|
|
684
697
|
host_config['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
|
@@ -690,7 +703,7 @@ command "sandbox" do |c|
|
|
690
703
|
port_bindings = Hash.new({})
|
691
704
|
cmd_options[:port].each do |mapping|
|
692
705
|
hport, cport = mapping.split(':')
|
693
|
-
port_bindings["#{cport}/tcp"] = [{
|
706
|
+
port_bindings["#{cport}/tcp"] = [{'HostPort' => hport}]
|
694
707
|
end
|
695
708
|
host_config['PortBindings'] = port_bindings
|
696
709
|
end
|
@@ -700,7 +713,7 @@ command "sandbox" do |c|
|
|
700
713
|
previous.delete(:force => true) if previous
|
701
714
|
end
|
702
715
|
|
703
|
-
container = Docker::Container.create(options.tap {|o| DebugMixin.debug_write "creating container with options #{o.inspect}"})
|
716
|
+
container = Docker::Container.create(options.tap { |o| DebugMixin.debug_write "creating container with options #{o.inspect}" })
|
704
717
|
$stdout.puts container.id
|
705
718
|
container.start!
|
706
719
|
|
@@ -736,27 +749,27 @@ DESC
|
|
736
749
|
arg_name "distribution project-name"
|
737
750
|
command "publish" do |c|
|
738
751
|
c.desc "Set the current working directory"
|
739
|
-
c.flag [
|
752
|
+
c.flag [:d, :dir]
|
740
753
|
|
741
754
|
c.desc "Specify the deb package version; by default, it's computed automatically"
|
742
|
-
c.flag [
|
755
|
+
c.flag [:v, :version]
|
743
756
|
|
744
757
|
c.desc "Component to publish to, either 'stable' or the name of the git branch"
|
745
|
-
c.flag [
|
758
|
+
c.flag [:c, :component]
|
746
759
|
|
747
760
|
c.desc "Artifactory URL to publish to"
|
748
761
|
c.default_value "https://conjurinc.jfrog.io/conjurinc"
|
749
|
-
c.flag [
|
762
|
+
c.flag [:u, :url]
|
750
763
|
|
751
764
|
c.desc "Artifactory Debian repo to publish package to"
|
752
765
|
c.default_value "debian-private"
|
753
|
-
c.flag [
|
766
|
+
c.flag [:r, :repo]
|
754
767
|
|
755
768
|
c.desc "Artifactory RPM repo to publish package to"
|
756
769
|
c.default_value "redhat-private"
|
757
770
|
c.flag ['rpm-repo']
|
758
771
|
|
759
|
-
c.action do |global_options,cmd_options,args|
|
772
|
+
c.action do |global_options, cmd_options, args|
|
760
773
|
require 'conjur/debify/action/publish'
|
761
774
|
raise "distribution is required" unless distribution = args.shift
|
762
775
|
raise "project-name is required" unless project_name = args.shift
|
@@ -769,8 +782,8 @@ end
|
|
769
782
|
desc "Auto-detect and print the repository version"
|
770
783
|
command "detect-version" do |c|
|
771
784
|
c.desc "Set the current working directory"
|
772
|
-
c.flag [
|
773
|
-
c.action do |global_options,cmd_options,args|
|
785
|
+
c.flag [:d, :dir]
|
786
|
+
c.action do |global_options, cmd_options, args|
|
774
787
|
raise "Received extra command-line arguments" if args.shift
|
775
788
|
|
776
789
|
dir = cmd_options[:dir] || '.'
|
@@ -787,7 +800,7 @@ end
|
|
787
800
|
desc 'Show the given configuration'
|
788
801
|
arg_name 'configuration'
|
789
802
|
command 'config' do |c|
|
790
|
-
c.action do |_,_,args|
|
803
|
+
c.action do |_, _, args|
|
791
804
|
raise 'no configuration provided' unless config = args.shift
|
792
805
|
raise "Received extra command-line arguments" if args.shift
|
793
806
|
|
@@ -798,7 +811,7 @@ command 'config' do |c|
|
|
798
811
|
end
|
799
812
|
|
800
813
|
|
801
|
-
pre do |global,command,options,args|
|
814
|
+
pre do |global, command, options, args|
|
802
815
|
# Pre logic here
|
803
816
|
# Return true to proceed; false to abort and not call the
|
804
817
|
# chosen command
|
@@ -807,7 +820,7 @@ pre do |global,command,options,args|
|
|
807
820
|
true
|
808
821
|
end
|
809
822
|
|
810
|
-
post do |global,command,options,args|
|
823
|
+
post do |global, command, options, args|
|
811
824
|
# Post logic here
|
812
825
|
# Use skips_post before a command to skip this
|
813
826
|
# block on that command only
|
data/lib/conjur/fpm/package.sh
CHANGED
@@ -8,14 +8,33 @@ version=$1
|
|
8
8
|
shift
|
9
9
|
|
10
10
|
if [ -z "$project_name" ]; then
|
11
|
-
|
12
|
-
|
11
|
+
echo Project name argument is required
|
12
|
+
exit 1
|
13
13
|
fi
|
14
14
|
if [ -z "$version" ]; then
|
15
|
-
|
16
|
-
|
15
|
+
echo Version argument is required
|
16
|
+
exit 1
|
17
17
|
fi
|
18
18
|
|
19
|
+
for i in "$@"; do
|
20
|
+
case $i in
|
21
|
+
-ft=* | --file-type=*)
|
22
|
+
file_type="${i#*=}"
|
23
|
+
shift
|
24
|
+
;;
|
25
|
+
esac
|
26
|
+
done
|
27
|
+
|
28
|
+
if [ -z "$file_type" ]; then
|
29
|
+
echo "No file type given. Using deb"
|
30
|
+
file_type=deb
|
31
|
+
fi
|
32
|
+
|
33
|
+
echo Project Name is $project_name
|
34
|
+
echo Version is $version
|
35
|
+
echo file_type is $file_type
|
36
|
+
echo params at the end are $@
|
37
|
+
|
19
38
|
# Build dev package first
|
20
39
|
prefix=/src/opt/conjur/project
|
21
40
|
cp -al $prefix /dev-pkg
|
@@ -27,14 +46,12 @@ cd /dev-pkg
|
|
27
46
|
remove_matching $prefix
|
28
47
|
bundle_clean
|
29
48
|
|
30
|
-
if [
|
49
|
+
if [ $(ls | wc -l) -eq 0 ]; then
|
31
50
|
echo No dev dependencies, skipping dev package
|
32
51
|
else
|
33
|
-
|
34
|
-
do
|
35
|
-
echo "Building conjur-$project_name-dev $file_type package"
|
52
|
+
echo "Building conjur-$project_name-dev $file_type package"
|
36
53
|
|
37
|
-
|
54
|
+
fpm \
|
38
55
|
-s dir \
|
39
56
|
-t $file_type \
|
40
57
|
-n conjur-$project_name-dev \
|
@@ -50,7 +67,6 @@ else
|
|
50
67
|
--depends "conjur-$project_name = $version" \
|
51
68
|
--prefix /opt/conjur/$project_name \
|
52
69
|
--description "Conjur $project_name service - development files"
|
53
|
-
done
|
54
70
|
fi
|
55
71
|
|
56
72
|
mv /src/opt/conjur/project /src/opt/conjur/$project_name
|
@@ -67,26 +83,23 @@ mkdir -p opt/conjur/etc
|
|
67
83
|
|
68
84
|
[ -d opt/conjur/"$project_name"/distrib ] && mv opt/conjur/"$project_name"/distrib /
|
69
85
|
|
70
|
-
|
71
|
-
do
|
72
|
-
echo "Building conjur-$project_name-dev $file_type package"
|
86
|
+
echo "Building conjur-$project_name-dev $file_type package"
|
73
87
|
|
74
|
-
|
88
|
+
fpm \
|
75
89
|
-s dir \
|
76
90
|
-t $file_type \
|
77
91
|
-n conjur-$project_name \
|
78
92
|
-v $version \
|
79
93
|
-C . \
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
ls -al *.{deb,rpm}
|
94
|
+
--maintainer "CyberArk Software, Inc." \
|
95
|
+
--vendor "CyberArk Software, Inc." \
|
96
|
+
--license "Proprietary" \
|
97
|
+
--url "https://www.cyberark.com" \
|
98
|
+
--config-files opt/conjur/etc \
|
99
|
+
--deb-no-default-config-files \
|
100
|
+
--$file_type-user conjur \
|
101
|
+
--$file_type-group conjur \
|
102
|
+
--description "Conjur $project_name service" \
|
103
|
+
"$@"
|
104
|
+
|
105
|
+
ls -l
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: conjur-debify
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- CyberArk Software, Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-12-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: gli
|