conjur-debify 1.12.0 → 2.1.1.pre.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +17 -1
- data/Dockerfile +11 -24
- data/Jenkinsfile +47 -33
- data/README.md +1 -1
- data/Rakefile +2 -1
- data/VERSION +1 -1
- data/ci/test.sh +0 -5
- data/debify.gemspec +5 -5
- data/distrib/entrypoint.sh +4 -7
- data/example/Gemfile.lock +1 -1
- data/example/net-test.sh +1 -1
- data/features/package.feature +2 -1
- data/features/sandbox.feature +9 -5
- data/features/step_definitions/debify_steps.rb +1 -3
- data/features/support/env.rb +3 -1
- data/features/test.feature +4 -4
- data/lib/conjur/debify/Dockerfile.fpm +0 -4
- data/lib/conjur/debify/utils.rb +1 -1
- data/lib/conjur/debify.rb +114 -85
- data/lib/conjur/fpm/Dockerfile +3 -5
- data/lib/conjur/fpm/package.sh +45 -30
- data/lib/conjur/publish/Dockerfile +1 -7
- data/publish-rubygem.sh +7 -8
- data/spec/debify_utils_spec.rb +1 -1
- data/spec/utils_spec.rb +1 -1
- metadata +16 -15
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2747ff6c3ff8221c8cde88db6e41a9d3fe2955f46a9d4a35581c6d9588e7ba3b
|
4
|
+
data.tar.gz: 6709af83edc34fefd2ee0583fc816b4ee950c498cac54bd05e85a9a1959c8c9e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 53c2942288ec1af7b38c831b28a5e066713dc6f4d0b7b339693c021c9c77d13216a6380e854660696bccf9de74c1939454666ec4f35f7f3f6c3a3ffdb947ee0a
|
7
|
+
data.tar.gz: 0e128decf3f960f495aee458fcf865e26b7700d94c6b9ed96f46b04d062777da4c9b8bacf4bce3a07c0adbd20c45b3bd5a1f7fb391fe8d491fd2a29580c7e4b5
|
data/CHANGELOG.md
CHANGED
@@ -1,4 +1,20 @@
|
|
1
|
-
## [
|
1
|
+
## [2.1.1]
|
2
|
+
### Changed
|
3
|
+
|
4
|
+
- Update to use automated release process
|
5
|
+
|
6
|
+
# 2.1.0
|
7
|
+
### Changed
|
8
|
+
|
9
|
+
- Refine bundler related steps in `debify package` flow: only `package.sh` file configures
|
10
|
+
and invokes bundler. `Dockerfile.fpm` only copies files and adjusts folder structure.
|
11
|
+
- Remove bundler 1.* support
|
12
|
+
|
13
|
+
# 2.0.0
|
14
|
+
### Changed
|
15
|
+
- Debify now receives the flag `--output` as input to indicate the file type that it should package (e.g `rpm`). If this
|
16
|
+
flag is not given, the default value is `deb`.
|
17
|
+
[conjurinc/debify#56](https://github.com/conjurinc/debify/issues/56)
|
2
18
|
|
3
19
|
# 1.12.0
|
4
20
|
|
data/Dockerfile
CHANGED
@@ -1,46 +1,33 @@
|
|
1
1
|
FROM ruby:2.6-stretch
|
2
2
|
|
3
|
-
### DockerInDocker support is take from
|
4
|
-
### https://github.com/jpetazzo/dind/blob/master/Dockerfile . I
|
5
|
-
### elected to base this image on ruby, then pull in the (slightly
|
6
|
-
### outdated) support for DockerInDocker. Creation of the official
|
7
|
-
### docker:dind image much more complicated and didn't lend itself to
|
8
|
-
### also running ruby.
|
9
|
-
|
10
3
|
RUN apt-get update -qq && \
|
11
4
|
apt-get dist-upgrade -qqy && \
|
12
5
|
apt-get install -qqy \
|
13
6
|
apt-transport-https \
|
14
7
|
ca-certificates \
|
15
|
-
curl
|
16
|
-
lxc \
|
17
|
-
iptables
|
8
|
+
curl
|
18
9
|
|
19
|
-
# Install Docker
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
# Define additional metadata for our image.
|
27
|
-
VOLUME /var/lib/docker
|
28
|
-
|
29
|
-
### End of DockerInDocker support
|
10
|
+
# Install Docker client tools
|
11
|
+
ENV DOCKERVERSION=20.10.0
|
12
|
+
RUN curl -fsSLO https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKERVERSION}.tgz \
|
13
|
+
&& tar xzvf docker-${DOCKERVERSION}.tgz --strip 1 \
|
14
|
+
-C /usr/local/bin docker/docker \
|
15
|
+
&& rm docker-${DOCKERVERSION}.tgz
|
30
16
|
|
31
17
|
RUN mkdir -p /debify
|
32
18
|
WORKDIR /debify
|
33
19
|
|
34
20
|
COPY . ./
|
35
21
|
|
22
|
+
RUN gem install bundler:2.2.30
|
36
23
|
RUN gem build debify.gemspec
|
37
24
|
|
38
25
|
ARG VERSION
|
39
|
-
RUN gem install -N conjur-debify
|
26
|
+
RUN gem install -N conjur-debify-*.gem
|
40
27
|
|
41
28
|
ARG CONJUR_APPLIANCE_URL
|
42
|
-
ENV CONJUR_APPLIANCE_URL ${CONJUR_APPLIANCE_URL:-https://
|
29
|
+
ENV CONJUR_APPLIANCE_URL ${CONJUR_APPLIANCE_URL:-https://conjurops.itp.conjur.net}
|
43
30
|
ENV CONJUR_ACCOUNT ${CONJUR_ACCOUNT:-conjur}
|
44
|
-
ENV CONJUR_VERSION ${CONJUR_VERSION:-
|
31
|
+
ENV CONJUR_VERSION ${CONJUR_VERSION:-5}
|
45
32
|
|
46
33
|
ENTRYPOINT ["/debify/distrib/entrypoint.sh"]
|
data/Jenkinsfile
CHANGED
@@ -1,29 +1,52 @@
|
|
1
1
|
#!/usr/bin/env groovy
|
2
2
|
|
3
|
+
// Automated release, promotion and dependencies
|
4
|
+
properties([
|
5
|
+
release.addParams(),
|
6
|
+
dependencies(['cyberark/conjur-base-image'])
|
7
|
+
])
|
8
|
+
|
9
|
+
if (params.MODE == "PROMOTE") {
|
10
|
+
release.promote(params.VERSION_TO_PROMOTE) { sourceVersion, targetVersion, assetDirectory ->
|
11
|
+
sh './publish-rubygems.sh'
|
12
|
+
}
|
13
|
+
return
|
14
|
+
}
|
15
|
+
|
3
16
|
pipeline {
|
4
17
|
agent { label 'executor-v2' }
|
5
18
|
|
6
19
|
options {
|
7
20
|
timestamps()
|
8
21
|
buildDiscarder(logRotator(daysToKeepStr: '30'))
|
9
|
-
skipDefaultCheckout()
|
10
22
|
}
|
11
23
|
|
12
24
|
triggers {
|
13
25
|
cron(getDailyCronString())
|
14
26
|
}
|
15
27
|
|
28
|
+
environment {
|
29
|
+
MODE = release.canonicalizeMode()
|
30
|
+
}
|
31
|
+
|
16
32
|
stages {
|
17
|
-
stage('
|
33
|
+
stage ("Skip build if triggering job didn't create a release") {
|
34
|
+
when {
|
35
|
+
expression {
|
36
|
+
MODE == "SKIP"
|
37
|
+
}
|
38
|
+
}
|
18
39
|
steps {
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
40
|
+
script {
|
41
|
+
currentBuild.result = 'ABORTED'
|
42
|
+
error("Aborting build because this build was triggered from upstream, but no release was built")
|
43
|
+
}
|
44
|
+
}
|
45
|
+
}
|
46
|
+
stage('Prepare') {
|
47
|
+
steps {
|
48
|
+
// Initialize VERSION file
|
49
|
+
updateVersion("CHANGELOG.md", "${BUILD_NUMBER}")
|
27
50
|
}
|
28
51
|
}
|
29
52
|
stage('Build docker image') {
|
@@ -42,10 +65,14 @@ pipeline {
|
|
42
65
|
scanAndReport("debify:${VERSION}", "HIGH", false)
|
43
66
|
}
|
44
67
|
}
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
68
|
+
stage('Scan Docker image for all issues') {
|
69
|
+
steps{
|
70
|
+
script {
|
71
|
+
VERSION = sh(returnStdout: true, script: 'cat VERSION')
|
72
|
+
}
|
73
|
+
scanAndReport("debify:${VERSION}", "NONE", true)
|
74
|
+
}
|
75
|
+
}
|
49
76
|
}
|
50
77
|
}
|
51
78
|
|
@@ -67,29 +94,16 @@ pipeline {
|
|
67
94
|
|
68
95
|
stage('Publish to RubyGems') {
|
69
96
|
when {
|
70
|
-
|
71
|
-
|
72
|
-
/* expression {
|
73
|
-
boolean publish = false
|
74
|
-
|
75
|
-
try {
|
76
|
-
timeout(time: 5, unit: 'MINUTES') {
|
77
|
-
input(message: 'Publish to RubyGems?')
|
78
|
-
publish = true
|
79
|
-
}
|
80
|
-
} catch (final ignore) {
|
81
|
-
publish = false
|
82
|
-
}
|
83
|
-
|
84
|
-
return publish
|
85
|
-
}*/
|
97
|
+
expression {
|
98
|
+
MODE == "RELEASE"
|
86
99
|
}
|
87
100
|
}
|
88
101
|
|
89
102
|
steps {
|
90
|
-
|
91
|
-
|
92
|
-
|
103
|
+
release {
|
104
|
+
sh './publish-rubygem.sh'
|
105
|
+
sh "cp conjur-debify-*.gem release-assets/."
|
106
|
+
}
|
93
107
|
}
|
94
108
|
}
|
95
109
|
}
|
data/README.md
CHANGED
@@ -289,7 +289,7 @@ Start a sandbox, see that it can resolve the hostname `mydb`:
|
|
289
289
|
|
290
290
|
```sh-session
|
291
291
|
|
292
|
-
example $ debify sandbox -t
|
292
|
+
example $ debify sandbox -t 5.0-stable --net testnet
|
293
293
|
example $ docker exec -it example-sandbox /bin/bash
|
294
294
|
root@7d4217655332:/src/example# getent hosts mydb
|
295
295
|
172.19.0.2 mydb
|
data/Rakefile
CHANGED
@@ -33,7 +33,8 @@ if cucumber?
|
|
33
33
|
Cucumber::Rake::Task.new(:features) do |t|
|
34
34
|
opts = "features --format junit -o #{CUKE_RESULTS} --format pretty -x"
|
35
35
|
opts += " --tags #{ENV['TAGS']}" if ENV['TAGS']
|
36
|
-
|
36
|
+
opts += " --tags ~@skip"
|
37
|
+
t.cucumber_opts = opts
|
37
38
|
t.fork = false
|
38
39
|
end
|
39
40
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
2.1.1-4
|
data/ci/test.sh
CHANGED
@@ -2,11 +2,6 @@
|
|
2
2
|
|
3
3
|
bundle
|
4
4
|
|
5
|
-
# Some tests need to be logged in to the registry, to pull a base
|
6
|
-
# image if it's not already available. Have entrypoint.sh do something
|
7
|
-
# simple, and log in as a side effect.
|
8
|
-
/debify/distrib/entrypoint.sh detect-version
|
9
|
-
|
10
5
|
for target in spec cucumber; do
|
11
6
|
bundle exec rake $target
|
12
7
|
done
|
data/debify.gemspec
CHANGED
@@ -12,26 +12,26 @@ Gem::Specification.new do |spec|
|
|
12
12
|
spec.homepage = "https://github.com/conjurinc/debify"
|
13
13
|
spec.license = "MIT"
|
14
14
|
|
15
|
-
spec.files = `git ls-files -z`.split("\x0")
|
15
|
+
spec.files = `git ls-files -z`.split("\x0").append("VERSION")
|
16
16
|
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
17
17
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
18
18
|
spec.require_paths = ["lib"]
|
19
19
|
|
20
20
|
spec.add_dependency "gli"
|
21
|
-
spec.add_dependency "docker-api", "~>
|
21
|
+
spec.add_dependency "docker-api", "~> 2.0"
|
22
22
|
spec.add_dependency "conjur-cli" , "~> 6"
|
23
23
|
spec.add_dependency "conjur-api", "~> 5"
|
24
24
|
|
25
|
-
spec.add_development_dependency "bundler", "
|
25
|
+
spec.add_development_dependency "bundler", ">= 2.2.30"
|
26
26
|
spec.add_development_dependency "fakefs", "~> 0"
|
27
|
-
spec.add_development_dependency "rake", "~>
|
27
|
+
spec.add_development_dependency "rake", "~> 13.0"
|
28
28
|
|
29
29
|
# Pin to cucumbe v2. cucumber v3 changes (breaks) the behavior of
|
30
30
|
# unmatched capture groups with \(d+). In v3, the value of such a
|
31
31
|
# group is 0 instead of nil, which breaks aruba's "I successfully
|
32
32
|
# run...." steps.
|
33
33
|
spec.add_development_dependency "cucumber", '~> 2'
|
34
|
-
spec.add_development_dependency "aruba", "~> 0
|
34
|
+
spec.add_development_dependency "aruba", "~> 1.0"
|
35
35
|
spec.add_development_dependency 'rspec', '~> 3'
|
36
36
|
spec.add_development_dependency 'ci_reporter_rspec', '~> 1.0'
|
37
37
|
end
|
data/distrib/entrypoint.sh
CHANGED
@@ -6,17 +6,14 @@ set +x
|
|
6
6
|
|
7
7
|
creds=( $(ruby /debify/distrib/conjur_creds.rb) )
|
8
8
|
|
9
|
-
# If there are creds, use them to log in to the registry.
|
10
|
-
# the magic DockerInDocker wrapper script so debify can interact with
|
11
|
-
# the Docker daemon.
|
9
|
+
# If there are creds, use them to log in to the registry.
|
12
10
|
#
|
13
|
-
# If there are no creds,
|
11
|
+
# If there are no creds, any commands that do
|
14
12
|
# Docker stuff will fail, but the non-Docker commands (e.g. the config
|
15
13
|
# subcommands) will work fine.
|
16
14
|
if [[ ${#creds[*]} > 0 ]]; then
|
17
15
|
echo -n "${creds[1]}" | docker login registry.tld -u ${creds[0]} --password-stdin >/dev/null 2>&1
|
18
|
-
exec wrapdocker debify "$@"
|
19
|
-
else
|
20
|
-
exec debify "$@"
|
21
16
|
fi
|
22
17
|
|
18
|
+
exec debify "$@"
|
19
|
+
|
data/example/Gemfile.lock
CHANGED
data/example/net-test.sh
CHANGED
data/features/package.feature
CHANGED
@@ -5,6 +5,7 @@ Feature: Packaging
|
|
5
5
|
# We use version 0.0.1-suffix to verify that RPM converts dashes to underscores
|
6
6
|
# in the version as we expect
|
7
7
|
Given I successfully run `env DEBUG=true GLI_DEBUG=true debify package -d ../../example -v 0.0.1-suffix example -- --post-install /distrib/postinstall.sh`
|
8
|
+
And I successfully run `env DEBUG=true GLI_DEBUG=true debify package -d ../../example --output rpm -v 0.0.1-suffix example -- --post-install /distrib/postinstall.sh`
|
8
9
|
|
9
10
|
Scenario: 'example' project can be packaged successfully
|
10
11
|
Then the stdout should contain "conjur-example_0.0.1-suffix_amd64.deb"
|
@@ -19,4 +20,4 @@ Feature: Packaging
|
|
19
20
|
And the stdout from "find ../../example" should not contain "conjur-example-0.0.1_suffix-1.x86_64.rpm"
|
20
21
|
|
21
22
|
Scenario: 'example' project can be published
|
22
|
-
When I successfully run `env DEBUG=true GLI_DEBUG=true debify publish -v 0.0.1-suffix -d ../../example
|
23
|
+
When I successfully run `env DEBUG=true GLI_DEBUG=true debify publish -v 0.0.1-suffix -d ../../example 5.0 example`
|
data/features/sandbox.feature
CHANGED
@@ -1,19 +1,23 @@
|
|
1
1
|
@announce-output
|
2
2
|
Feature: Running a sandbox
|
3
3
|
Background:
|
4
|
-
Given I successfully run `docker pull registry.tld/conjur-appliance-cuke-master:
|
4
|
+
Given I successfully run `docker pull registry.tld/conjur-appliance-cuke-master:5.0-stable`
|
5
|
+
# The extra containers will use the `alpine` image, so we need to pull it first on the
|
6
|
+
# host to use the authenticated DockerHub connection. This avoids hitting DockerHub
|
7
|
+
# rate limits.
|
8
|
+
And I successfully run `docker pull nginx`
|
5
9
|
|
6
10
|
Scenario: sandbox for 'example' project be started
|
7
|
-
Given I successfully start a sandbox for "example" with arguments "-t
|
11
|
+
Given I successfully start a sandbox for "example" with arguments "-t 5.0-stable --no-pull"
|
8
12
|
|
9
13
|
Scenario: sandbox for 'example' project be started linked to another container
|
10
14
|
Given I start a container named "other_host"
|
11
|
-
Then I successfully start a sandbox for "example" with arguments "-t
|
15
|
+
Then I successfully start a sandbox for "example" with arguments "-t 5.0-stable --no-pull --link other_host -c 'curl -s http://other_host > /dev/null'"
|
12
16
|
|
13
17
|
Scenario: sandbox for 'example' project be started on a network other than the default
|
14
18
|
Given I start a container named "other_host" on network "test-net"
|
15
|
-
Then I successfully start a sandbox for "example" with arguments "-t
|
19
|
+
Then I successfully start a sandbox for "example" with arguments "-t 5.0-stable --no-pull --net test-net -c 'curl -s http://other_host > /dev/null'"
|
16
20
|
|
17
21
|
Scenario: sandbox for 'example' project be started on a network other than the default with a host aliased
|
18
22
|
Given I start a container named "another_host" on network "test-net"
|
19
|
-
Then I successfully start a sandbox for "example" with arguments "-t
|
23
|
+
Then I successfully start a sandbox for "example" with arguments "-t 5.0-stable --no-pull --net test-net --link another_host:other_host -c 'curl -s http://other_host > /dev/null'"
|
@@ -12,11 +12,9 @@ When /^I start a container named "(.*?)"(?: on network "(.*?)")*$/ do |name, net
|
|
12
12
|
networks << network
|
13
13
|
end
|
14
14
|
|
15
|
-
alpine = Docker::Image.create('fromImage' => 'alpine')
|
16
15
|
options = {
|
17
16
|
'name' => name,
|
18
|
-
'
|
19
|
-
'Image' => alpine.id
|
17
|
+
'Image' => 'nginx'
|
20
18
|
}
|
21
19
|
options['HostConfig'] = { 'NetworkMode' => net_name } if net_name
|
22
20
|
|
data/features/support/env.rb
CHANGED
@@ -6,5 +6,7 @@ LIB_DIR = File.join(File.expand_path(File.dirname(__FILE__)),'..','..','lib')
|
|
6
6
|
|
7
7
|
Aruba.configure do |config|
|
8
8
|
config.exit_timeout = 1200
|
9
|
+
# not a best practice from aruba's point of view
|
10
|
+
# but the only solution I've found to have docker credentials context
|
11
|
+
config.home_directory = ENV['HOME']
|
9
12
|
end
|
10
|
-
|
data/features/test.feature
CHANGED
@@ -5,20 +5,20 @@ Feature: Testing
|
|
5
5
|
Given I successfully run `env DEBUG=true GLI_DEBUG=true debify package -d ../../example -v 0.0.1 example -- --post-install /distrib/postinstall.sh`
|
6
6
|
|
7
7
|
Scenario: 'example' project can be tested successfully
|
8
|
-
When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t
|
8
|
+
When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 5.0-stable -v 0.0.1 -d ../../example --no-pull example test.sh`
|
9
9
|
Then the stderr should contain "Test succeeded"
|
10
10
|
|
11
11
|
Scenario: 'example' project can be tested when linked to another container
|
12
12
|
Given I start a container named "other_host"
|
13
|
-
When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t
|
13
|
+
When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 5.0-stable -v 0.0.1 -d ../../example --no-pull --link other_host example net-test.sh`
|
14
14
|
Then the stderr should contain "Test succeeded"
|
15
15
|
|
16
16
|
Scenario: 'example' project can be tested on a network other than the default
|
17
17
|
Given I start a container named "other_host" on network "test-net"
|
18
|
-
When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t
|
18
|
+
When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 5.0-stable -v 0.0.1 -d ../../example --no-pull --net test-net example net-test.sh`
|
19
19
|
Then the stderr should contain "Test succeeded"
|
20
20
|
|
21
21
|
Scenario: 'example' project can be tested on a network other than the default with a host aliased
|
22
22
|
Given I start a container named "another_host" on network "test-net"
|
23
|
-
When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t
|
23
|
+
When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 5.0-stable -v 0.0.1 -d ../../example --no-pull --link another_host:other_host --net test-net example net-test.sh`
|
24
24
|
Then the stderr should contain "Test succeeded"
|
data/lib/conjur/debify/utils.rb
CHANGED
@@ -6,7 +6,7 @@ module Conjur::Debify::Utils
|
|
6
6
|
# copy a file from container to the current working directory
|
7
7
|
def copy_from_container container, path
|
8
8
|
tar = StringIO.new
|
9
|
-
container.
|
9
|
+
container.archive_out(path) { |chunk| tar.write chunk }
|
10
10
|
tar.rewind
|
11
11
|
Gem::Package::TarReader.new(tar).each do |entry|
|
12
12
|
File.write entry.full_name, entry.read
|
data/lib/conjur/debify.rb
CHANGED
@@ -13,6 +13,8 @@ require 'active_support/core_ext'
|
|
13
13
|
|
14
14
|
include GLI::App
|
15
15
|
|
16
|
+
DEFAULT_FILE_TYPE = "deb"
|
17
|
+
|
16
18
|
config_file '.debifyrc'
|
17
19
|
|
18
20
|
desc 'Set an environment variable (e.g. TERM=xterm) when starting a container'
|
@@ -50,7 +52,7 @@ module DebugMixin
|
|
50
52
|
if a.length == 2 && a[0].is_a?(Symbol)
|
51
53
|
debug a.last
|
52
54
|
else
|
53
|
-
|
55
|
+
a.each do |line|
|
54
56
|
begin
|
55
57
|
line = JSON.parse(line)
|
56
58
|
line.keys.each do |k|
|
@@ -80,7 +82,7 @@ def detect_version
|
|
80
82
|
base_version = File.read("VERSION").strip
|
81
83
|
commits_since = `git log #{base_commit}..HEAD --pretty='%h'`.split("\n").size
|
82
84
|
hash = `git rev-parse --short HEAD`.strip
|
83
|
-
[
|
85
|
+
[[base_version, commits_since].join('.'), hash].join("-")
|
84
86
|
else
|
85
87
|
`git describe --long --tags --abbrev=7 --match 'v*.*.*' | sed -e 's/^v//'`.strip.tap do |version|
|
86
88
|
raise "No Git version (tag) for project" if version.empty?
|
@@ -89,7 +91,13 @@ def detect_version
|
|
89
91
|
end
|
90
92
|
|
91
93
|
def git_files
|
92
|
-
(`git ls-files -z`.split("\x0") + ['Gemfile.lock']).uniq
|
94
|
+
files = (`git ls-files -z`.split("\x0") + ['Gemfile.lock']).uniq
|
95
|
+
# Since submodule directories are listed, but are not files, we remove them.
|
96
|
+
# Currently, `conjur-project-config` is the only submodule in Conjur, and it
|
97
|
+
# can safely be removed because it's a developer-only tool. If we add another
|
98
|
+
# submodule in the future needed for production, we'll need to update this
|
99
|
+
# code. But YAGNI for now.
|
100
|
+
files.select { |f| File.file?(f) }
|
93
101
|
end
|
94
102
|
|
95
103
|
def login_to_registry(appliance_image_id)
|
@@ -125,15 +133,15 @@ DESC
|
|
125
133
|
arg_name "project-name -- <fpm-arguments>"
|
126
134
|
command "clean" do |c|
|
127
135
|
c.desc "Set the current working directory"
|
128
|
-
c.flag [
|
136
|
+
c.flag [:d, "dir"]
|
129
137
|
|
130
138
|
c.desc "Ignore (don't delete) a file or directory"
|
131
|
-
c.flag [
|
139
|
+
c.flag [:i, :ignore]
|
132
140
|
|
133
141
|
c.desc "Force file deletion even if if this doesn't look like a Jenkins environment"
|
134
|
-
c.switch [
|
142
|
+
c.switch [:force]
|
135
143
|
|
136
|
-
c.action do |global_options,cmd_options,args|
|
144
|
+
c.action do |global_options, cmd_options, args|
|
137
145
|
def looks_like_jenkins?
|
138
146
|
require 'etc'
|
139
147
|
Etc.getlogin == 'jenkins' && ENV['BUILD_NUMBER']
|
@@ -144,10 +152,10 @@ command "clean" do |c|
|
|
144
152
|
if !perform_deletion
|
145
153
|
$stderr.puts "No --force, and this doesn't look like Jenkins. I won't actually delete anything"
|
146
154
|
end
|
147
|
-
@ignore_list = Array(cmd_options[:ignore]) + [
|
155
|
+
@ignore_list = Array(cmd_options[:ignore]) + ['.', '..', '.git']
|
148
156
|
|
149
157
|
def ignore_file? f
|
150
|
-
@ignore_list.find{|ignore| f.index(ignore) == 0}
|
158
|
+
@ignore_list.find { |ignore| f.index(ignore) == 0 }
|
151
159
|
end
|
152
160
|
|
153
161
|
dir = cmd_options[:dir] || '.'
|
@@ -160,16 +168,16 @@ command "clean" do |c|
|
|
160
168
|
end
|
161
169
|
find_files.compact!
|
162
170
|
delete_files = (find_files - git_files)
|
163
|
-
delete_files.delete_if{|file|
|
171
|
+
delete_files.delete_if { |file|
|
164
172
|
File.directory?(file) || ignore_file?(file)
|
165
173
|
}
|
166
174
|
if perform_deletion
|
167
175
|
image = Docker::Image.create 'fromImage' => "alpine:3.3"
|
168
176
|
options = {
|
169
|
-
'Cmd'
|
177
|
+
'Cmd' => ["sh", "-c", "while true; do sleep 1; done"],
|
170
178
|
'Image' => image.id,
|
171
179
|
'Binds' => [
|
172
|
-
[
|
180
|
+
[dir, "/src"].join(':'),
|
173
181
|
]
|
174
182
|
}
|
175
183
|
options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
|
@@ -180,7 +188,7 @@ command "clean" do |c|
|
|
180
188
|
puts file
|
181
189
|
|
182
190
|
file = "/src/#{file}"
|
183
|
-
cmd = [
|
191
|
+
cmd = ["rm", "-f", file]
|
184
192
|
|
185
193
|
stdout, stderr, status = container.exec cmd, &DebugMixin::DOCKER
|
186
194
|
$stderr.puts "Failed to delete #{file}" unless status == 0
|
@@ -232,18 +240,21 @@ DESC
|
|
232
240
|
arg_name "project-name -- <fpm-arguments>"
|
233
241
|
command "package" do |c|
|
234
242
|
c.desc "Set the current working directory"
|
235
|
-
c.flag [
|
243
|
+
c.flag [:d, "dir"]
|
244
|
+
|
245
|
+
c.desc "Set the output file type of the fpm command (e.g rpm)"
|
246
|
+
c.flag [:o, :output]
|
236
247
|
|
237
248
|
c.desc "Specify the deb version; by default, it's read from the VERSION file"
|
238
|
-
c.flag [
|
249
|
+
c.flag [:v, :version]
|
239
250
|
|
240
251
|
c.desc "Specify a custom Dockerfile.fpm"
|
241
|
-
c.flag [
|
252
|
+
c.flag [:dockerfile]
|
242
253
|
|
243
254
|
c.desc "Specify files to add to the FPM image that are not included from the git repo"
|
244
|
-
c.flag [
|
255
|
+
c.flag [:'additional-files']
|
245
256
|
|
246
|
-
c.action do |global_options,cmd_options,args|
|
257
|
+
c.action do |global_options, cmd_options, args|
|
247
258
|
raise "project-name is required" unless project_name = args.shift
|
248
259
|
|
249
260
|
fpm_args = []
|
@@ -261,7 +272,17 @@ command "package" do |c|
|
|
261
272
|
additional_files = cmd_options[:'additional-files'].split(',').map(&:strip)
|
262
273
|
end
|
263
274
|
|
264
|
-
|
275
|
+
begin
|
276
|
+
tries ||= 2
|
277
|
+
fpm_image = Docker::Image.build_from_dir File.expand_path('fpm', File.dirname(__FILE__)), tag: "debify-fpm", &DebugMixin::DOCKER
|
278
|
+
rescue
|
279
|
+
image_id = File.readlines(File.expand_path('fpm/Dockerfile', File.dirname(__FILE__)))
|
280
|
+
.find { | line | line =~ /^FROM/ }
|
281
|
+
.split(' ')
|
282
|
+
.last
|
283
|
+
login_to_registry image_id
|
284
|
+
retry unless (tries -= 1).zero?
|
285
|
+
end
|
265
286
|
DebugMixin.debug_write "Built base fpm image '#{fpm_image.id}'\n"
|
266
287
|
dir = File.expand_path(dir)
|
267
288
|
|
@@ -279,23 +300,29 @@ command "package" do |c|
|
|
279
300
|
FileUtils.mkdir_p(File.dirname(destination_path))
|
280
301
|
FileUtils.cp(original_file, destination_path)
|
281
302
|
end
|
282
|
-
|
303
|
+
|
283
304
|
# rename specified dockerfile to 'Dockerfile' during copy, incase name is different
|
284
305
|
dockerfile_path = cmd_options[:dockerfile] || File.expand_path("debify/Dockerfile.fpm", pwd)
|
285
306
|
temp_dockerfile = File.join(temp_dir, "Dockerfile")
|
286
|
-
|
307
|
+
|
287
308
|
# change image variable in specified Dockerfile
|
288
309
|
dockerfile = File.read(dockerfile_path)
|
289
310
|
replace_image = dockerfile.gsub("@@image@@", fpm_image.id)
|
290
|
-
File.open(temp_dockerfile, "w") {|file| file.puts replace_image}
|
311
|
+
File.open(temp_dockerfile, "w") { |file| file.puts replace_image }
|
291
312
|
|
292
313
|
# build image from project being debified dir
|
293
314
|
image = Docker::Image.build_from_dir temp_dir, &DebugMixin::DOCKER
|
294
315
|
|
295
316
|
DebugMixin.debug_write "Built fpm image '#{image.id}' for project #{project_name}\n"
|
296
317
|
|
318
|
+
container_cmd_options = [project_name, version]
|
319
|
+
|
320
|
+
# Set the output file type if present
|
321
|
+
file_type = cmd_options[:output] || DEFAULT_FILE_TYPE
|
322
|
+
container_cmd_options << "--file-type=#{file_type}"
|
323
|
+
|
297
324
|
options = {
|
298
|
-
'Cmd'
|
325
|
+
'Cmd' => container_cmd_options + fpm_args,
|
299
326
|
'Image' => image.id
|
300
327
|
}
|
301
328
|
options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
|
@@ -307,21 +334,23 @@ command "package" do |c|
|
|
307
334
|
status = container.wait
|
308
335
|
raise "Failed to package #{project_name}" unless status['StatusCode'] == 0
|
309
336
|
|
310
|
-
|
311
|
-
|
312
|
-
|
313
|
-
|
314
|
-
|
315
|
-
|
316
|
-
|
317
|
-
|
318
|
-
|
319
|
-
|
320
|
-
|
321
|
-
|
322
|
-
|
323
|
-
|
324
|
-
|
337
|
+
if file_type == "deb"
|
338
|
+
# Copy deb packages
|
339
|
+
copy_packages_from_container(
|
340
|
+
container,
|
341
|
+
"conjur-#{project_name}_#{version}_amd64.deb",
|
342
|
+
"conjur-#{project_name}-dev_#{version}_amd64.deb"
|
343
|
+
)
|
344
|
+
elsif file_type == "rpm"
|
345
|
+
# Copy rpm packages
|
346
|
+
# The rpm builder replaces dashes with underscores in the version
|
347
|
+
rpm_version = version.tr('-', '_')
|
348
|
+
copy_packages_from_container(
|
349
|
+
container,
|
350
|
+
"conjur-#{project_name}-#{rpm_version}-1.x86_64.rpm",
|
351
|
+
"conjur-#{project_name}-dev-#{rpm_version}-1.x86_64.rpm"
|
352
|
+
)
|
353
|
+
end
|
325
354
|
ensure
|
326
355
|
container.delete(force: true)
|
327
356
|
end
|
@@ -344,10 +373,10 @@ end
|
|
344
373
|
|
345
374
|
def network_options(cmd)
|
346
375
|
cmd.desc "Specify link for test container"
|
347
|
-
cmd.flag [
|
376
|
+
cmd.flag [:l, :link], :multiple => true
|
348
377
|
|
349
378
|
cmd.desc 'Attach to the specified network'
|
350
|
-
cmd.flag [
|
379
|
+
cmd.flag [:n, :net]
|
351
380
|
end
|
352
381
|
|
353
382
|
def short_id(id)
|
@@ -363,7 +392,7 @@ end
|
|
363
392
|
# instead. (Docker doesn't add full container ids as network aliases,
|
364
393
|
# only short ids).
|
365
394
|
def shorten_source_id(link)
|
366
|
-
src,dest = link.split(':')
|
395
|
+
src, dest = link.split(':')
|
367
396
|
src && dest ? "#{short_id(src)}:#{dest}" : link
|
368
397
|
end
|
369
398
|
|
@@ -413,32 +442,32 @@ DESC
|
|
413
442
|
arg_name "project-name test-script"
|
414
443
|
command "test" do |c|
|
415
444
|
c.desc "Set the current working directory"
|
416
|
-
c.flag [
|
445
|
+
c.flag [:d, :dir]
|
417
446
|
|
418
447
|
c.desc "Keep the Conjur appliance container after the command finishes"
|
419
448
|
c.default_value false
|
420
|
-
c.switch [
|
449
|
+
c.switch [:k, :keep]
|
421
450
|
|
422
451
|
c.desc "Image name"
|
423
452
|
c.default_value "registry.tld/conjur-appliance-cuke-master"
|
424
|
-
c.flag [
|
453
|
+
c.flag [:i, :image]
|
425
454
|
|
426
455
|
c.desc "Image tag, e.g. 4.5-stable, 4.6-stable"
|
427
|
-
c.flag [
|
456
|
+
c.flag [:t, "image-tag"]
|
428
457
|
|
429
458
|
c.desc "'docker pull' the Conjur container image"
|
430
459
|
c.default_value true
|
431
|
-
c.switch [
|
460
|
+
c.switch [:pull]
|
432
461
|
|
433
462
|
c.desc "Specify the deb version; by default, it's read from the VERSION file"
|
434
|
-
c.flag [
|
463
|
+
c.flag [:v, :version]
|
435
464
|
|
436
465
|
c.desc "Specify volume for test container"
|
437
|
-
c.flag [
|
466
|
+
c.flag [:'volumes-from'], :multiple => true
|
438
467
|
|
439
468
|
network_options(c)
|
440
469
|
|
441
|
-
c.action do |global_options,cmd_options,args|
|
470
|
+
c.action do |global_options, cmd_options, args|
|
442
471
|
raise "project-name is required" unless project_name = args.shift
|
443
472
|
raise "test-script is required" unless test_script = args.shift
|
444
473
|
raise "Received extra command-line arguments" if args.shift
|
@@ -451,7 +480,7 @@ command "test" do |c|
|
|
451
480
|
|
452
481
|
Dir.chdir dir do
|
453
482
|
image_tag = cmd_options["image-tag"] or raise "image-tag is required"
|
454
|
-
appliance_image_id = [
|
483
|
+
appliance_image_id = [cmd_options[:image], image_tag].join(":")
|
455
484
|
version = cmd_options[:version] || detect_version
|
456
485
|
package_name = "conjur-#{project_name}_#{version}_amd64.deb"
|
457
486
|
dev_package_name = "conjur-#{project_name}-dev_#{version}_amd64.deb"
|
@@ -459,7 +488,7 @@ command "test" do |c|
|
|
459
488
|
raise "#{test_script} does not exist or is not a file" unless File.file?(test_script)
|
460
489
|
|
461
490
|
begin
|
462
|
-
tries ||=2
|
491
|
+
tries ||= 2
|
463
492
|
Docker::Image.create 'fromImage' => appliance_image_id, &DebugMixin::DOCKER if cmd_options[:pull]
|
464
493
|
rescue
|
465
494
|
login_to_registry appliance_image_id
|
@@ -498,7 +527,7 @@ RUN touch /etc/service/conjur/down
|
|
498
527
|
packages << dev_package_name if File.exist? dev_package_name
|
499
528
|
|
500
529
|
begin
|
501
|
-
tries ||=2
|
530
|
+
tries ||= 2
|
502
531
|
appliance_image = build_test_image(appliance_image_id, project_name, packages)
|
503
532
|
rescue
|
504
533
|
login_to_registry appliance_image_id
|
@@ -519,7 +548,7 @@ RUN touch /etc/service/conjur/down
|
|
519
548
|
] + global_options[:env],
|
520
549
|
'HostConfig' => {
|
521
550
|
'Binds' => [
|
522
|
-
[
|
551
|
+
[dir, "/src/#{project_name}"].join(':')
|
523
552
|
]
|
524
553
|
}
|
525
554
|
}
|
@@ -532,16 +561,16 @@ RUN touch /etc/service/conjur/down
|
|
532
561
|
|
533
562
|
if global_options[:'local-bundle']
|
534
563
|
host_config['Binds']
|
535
|
-
.push([
|
536
|
-
.push([
|
564
|
+
.push([vendor_dir, "/src/#{project_name}/vendor"].join(':'))
|
565
|
+
.push([dot_bundle_dir, "/src/#{project_name}/.bundle"].join(':'))
|
537
566
|
end
|
538
567
|
|
539
|
-
container = Docker::Container.create(options.tap {|o| DebugMixin.debug_write "creating container with options #{o.inspect}"})
|
568
|
+
container = Docker::Container.create(options.tap { |o| DebugMixin.debug_write "creating container with options #{o.inspect}" })
|
540
569
|
|
541
570
|
begin
|
542
571
|
DebugMixin.debug_write "Testing #{project_name} in container #{container.id}\n"
|
543
572
|
|
544
|
-
spawn("docker logs -f #{container.id}", [
|
573
|
+
spawn("docker logs -f #{container.id}", [:out, :err] => $stderr).tap do |pid|
|
545
574
|
Process.detach pid
|
546
575
|
end
|
547
576
|
container.start!
|
@@ -592,29 +621,29 @@ Once in the container, use "/opt/conjur/evoke/bin/dev-install" to install the de
|
|
592
621
|
DESC
|
593
622
|
command "sandbox" do |c|
|
594
623
|
c.desc "Set the current working directory"
|
595
|
-
c.flag [
|
624
|
+
c.flag [:d, :dir]
|
596
625
|
|
597
626
|
c.desc "Image name"
|
598
627
|
c.default_value "registry.tld/conjur-appliance-cuke-master"
|
599
|
-
c.flag [
|
628
|
+
c.flag [:i, :image]
|
600
629
|
|
601
630
|
c.desc "Image tag, e.g. 4.5-stable, 4.6-stable"
|
602
|
-
c.flag [
|
631
|
+
c.flag [:t, "image-tag"]
|
603
632
|
|
604
633
|
c.desc "Bind another source directory into the container. Use <src>:<dest>, where both are full paths."
|
605
|
-
c.flag [
|
634
|
+
c.flag [:"bind"], :multiple => true
|
606
635
|
|
607
636
|
c.desc "'docker pull' the Conjur container image"
|
608
637
|
c.default_value false
|
609
|
-
c.switch [
|
638
|
+
c.switch [:pull]
|
610
639
|
|
611
640
|
network_options(c)
|
612
641
|
|
613
642
|
c.desc "Specify volume for container"
|
614
|
-
c.flag [
|
643
|
+
c.flag [:'volumes-from'], :multiple => true
|
615
644
|
|
616
645
|
c.desc "Expose a port from the container to host. Use <host>:<container>."
|
617
|
-
c.flag [
|
646
|
+
c.flag [:p, :port], :multiple => true
|
618
647
|
|
619
648
|
c.desc 'Run dev-install in /src/<project-name>'
|
620
649
|
c.default_value false
|
@@ -625,9 +654,9 @@ command "sandbox" do |c|
|
|
625
654
|
c.switch [:kill]
|
626
655
|
|
627
656
|
c.desc 'A command to run in the sandbox'
|
628
|
-
c.flag [
|
657
|
+
c.flag [:c, :command]
|
629
658
|
|
630
|
-
c.action do |global_options,cmd_options,args|
|
659
|
+
c.action do |global_options, cmd_options, args|
|
631
660
|
raise "Received extra command-line arguments" if args.shift
|
632
661
|
|
633
662
|
dir = cmd_options[:dir] || '.'
|
@@ -637,11 +666,11 @@ command "sandbox" do |c|
|
|
637
666
|
|
638
667
|
Dir.chdir dir do
|
639
668
|
image_tag = cmd_options["image-tag"] or raise "image-tag is required"
|
640
|
-
appliance_image_id = [
|
669
|
+
appliance_image_id = [cmd_options[:image], image_tag].join(":")
|
641
670
|
|
642
671
|
appliance_image = if cmd_options[:pull]
|
643
672
|
begin
|
644
|
-
tries ||=2
|
673
|
+
tries ||= 2
|
645
674
|
Docker::Image.create 'fromImage' => appliance_image_id, &DebugMixin::DOCKER if cmd_options[:pull]
|
646
675
|
rescue
|
647
676
|
login_to_registry appliance_image_id
|
@@ -671,14 +700,14 @@ command "sandbox" do |c|
|
|
671
700
|
|
672
701
|
options['HostConfig'] = host_config = {}
|
673
702
|
host_config['Binds'] = [
|
674
|
-
[
|
675
|
-
[
|
703
|
+
[File.expand_path(".ssh/id_rsa", ENV['HOME']), "/root/.ssh/id_rsa", 'ro'].join(':'),
|
704
|
+
[dir, "/src/#{project_name}"].join(':'),
|
676
705
|
] + Array(cmd_options[:bind])
|
677
706
|
|
678
707
|
if global_options[:'local-bundle']
|
679
708
|
host_config['Binds']
|
680
|
-
.push([
|
681
|
-
.push([
|
709
|
+
.push([vendor_dir, "/src/#{project_name}/vendor"].join(':'))
|
710
|
+
.push([dot_bundle_dir, "/src/#{project_name}/.bundle"].join(':'))
|
682
711
|
end
|
683
712
|
|
684
713
|
host_config['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
|
@@ -690,7 +719,7 @@ command "sandbox" do |c|
|
|
690
719
|
port_bindings = Hash.new({})
|
691
720
|
cmd_options[:port].each do |mapping|
|
692
721
|
hport, cport = mapping.split(':')
|
693
|
-
port_bindings["#{cport}/tcp"] = [{
|
722
|
+
port_bindings["#{cport}/tcp"] = [{'HostPort' => hport}]
|
694
723
|
end
|
695
724
|
host_config['PortBindings'] = port_bindings
|
696
725
|
end
|
@@ -700,7 +729,7 @@ command "sandbox" do |c|
|
|
700
729
|
previous.delete(:force => true) if previous
|
701
730
|
end
|
702
731
|
|
703
|
-
container = Docker::Container.create(options.tap {|o| DebugMixin.debug_write "creating container with options #{o.inspect}"})
|
732
|
+
container = Docker::Container.create(options.tap { |o| DebugMixin.debug_write "creating container with options #{o.inspect}" })
|
704
733
|
$stdout.puts container.id
|
705
734
|
container.start!
|
706
735
|
|
@@ -736,27 +765,27 @@ DESC
|
|
736
765
|
arg_name "distribution project-name"
|
737
766
|
command "publish" do |c|
|
738
767
|
c.desc "Set the current working directory"
|
739
|
-
c.flag [
|
768
|
+
c.flag [:d, :dir]
|
740
769
|
|
741
770
|
c.desc "Specify the deb package version; by default, it's computed automatically"
|
742
|
-
c.flag [
|
771
|
+
c.flag [:v, :version]
|
743
772
|
|
744
773
|
c.desc "Component to publish to, either 'stable' or the name of the git branch"
|
745
|
-
c.flag [
|
774
|
+
c.flag [:c, :component]
|
746
775
|
|
747
776
|
c.desc "Artifactory URL to publish to"
|
748
777
|
c.default_value "https://conjurinc.jfrog.io/conjurinc"
|
749
|
-
c.flag [
|
778
|
+
c.flag [:u, :url]
|
750
779
|
|
751
780
|
c.desc "Artifactory Debian repo to publish package to"
|
752
781
|
c.default_value "debian-private"
|
753
|
-
c.flag [
|
782
|
+
c.flag [:r, :repo]
|
754
783
|
|
755
784
|
c.desc "Artifactory RPM repo to publish package to"
|
756
785
|
c.default_value "redhat-private"
|
757
786
|
c.flag ['rpm-repo']
|
758
787
|
|
759
|
-
c.action do |global_options,cmd_options,args|
|
788
|
+
c.action do |global_options, cmd_options, args|
|
760
789
|
require 'conjur/debify/action/publish'
|
761
790
|
raise "distribution is required" unless distribution = args.shift
|
762
791
|
raise "project-name is required" unless project_name = args.shift
|
@@ -769,8 +798,8 @@ end
|
|
769
798
|
desc "Auto-detect and print the repository version"
|
770
799
|
command "detect-version" do |c|
|
771
800
|
c.desc "Set the current working directory"
|
772
|
-
c.flag [
|
773
|
-
c.action do |global_options,cmd_options,args|
|
801
|
+
c.flag [:d, :dir]
|
802
|
+
c.action do |global_options, cmd_options, args|
|
774
803
|
raise "Received extra command-line arguments" if args.shift
|
775
804
|
|
776
805
|
dir = cmd_options[:dir] || '.'
|
@@ -787,7 +816,7 @@ end
|
|
787
816
|
desc 'Show the given configuration'
|
788
817
|
arg_name 'configuration'
|
789
818
|
command 'config' do |c|
|
790
|
-
c.action do |_,_,args|
|
819
|
+
c.action do |_, _, args|
|
791
820
|
raise 'no configuration provided' unless config = args.shift
|
792
821
|
raise "Received extra command-line arguments" if args.shift
|
793
822
|
|
@@ -798,7 +827,7 @@ command 'config' do |c|
|
|
798
827
|
end
|
799
828
|
|
800
829
|
|
801
|
-
pre do |global,command,options,args|
|
830
|
+
pre do |global, command, options, args|
|
802
831
|
# Pre logic here
|
803
832
|
# Return true to proceed; false to abort and not call the
|
804
833
|
# chosen command
|
@@ -807,7 +836,7 @@ pre do |global,command,options,args|
|
|
807
836
|
true
|
808
837
|
end
|
809
838
|
|
810
|
-
post do |global,command,options,args|
|
839
|
+
post do |global, command, options, args|
|
811
840
|
# Post logic here
|
812
841
|
# Use skips_post before a command to skip this
|
813
842
|
# block on that command only
|
data/lib/conjur/fpm/Dockerfile
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
# Build from the same version of ubuntu as phusion/baseimage
|
2
|
-
FROM cyberark/phusion-ruby-fips:
|
2
|
+
FROM cyberark/phusion-ruby-fips:latest
|
3
3
|
|
4
4
|
RUN apt-get update -y && \
|
5
5
|
apt-get dist-upgrade -y && \
|
@@ -8,14 +8,12 @@ RUN apt-get update -y && \
|
|
8
8
|
libffi-dev \
|
9
9
|
rpm
|
10
10
|
|
11
|
-
RUN gem install --no-document
|
12
|
-
fpm
|
11
|
+
RUN gem install --no-document fpm
|
13
12
|
|
14
13
|
ENV GEM_HOME /usr/local/bundle
|
15
14
|
ENV BUNDLE_PATH="$GEM_HOME" \
|
16
15
|
BUNDLE_BIN="$GEM_HOME/bin" \
|
17
|
-
BUNDLE_SILENCE_ROOT_WARNING=1
|
18
|
-
BUNDLE_APP_CONFIG="$GEM_HOME"
|
16
|
+
BUNDLE_SILENCE_ROOT_WARNING=1
|
19
17
|
ENV PATH $BUNDLE_BIN:$PATH
|
20
18
|
RUN mkdir -p "$GEM_HOME" "$BUNDLE_BIN" && \
|
21
19
|
chmod 777 "$GEM_HOME" "$BUNDLE_BIN"
|
data/lib/conjur/fpm/package.sh
CHANGED
@@ -8,33 +8,52 @@ version=$1
|
|
8
8
|
shift
|
9
9
|
|
10
10
|
if [ -z "$project_name" ]; then
|
11
|
-
|
12
|
-
|
11
|
+
echo Project name argument is required
|
12
|
+
exit 1
|
13
13
|
fi
|
14
14
|
if [ -z "$version" ]; then
|
15
|
-
|
16
|
-
|
15
|
+
echo Version argument is required
|
16
|
+
exit 1
|
17
17
|
fi
|
18
18
|
|
19
|
+
for i in "$@"; do
|
20
|
+
case $i in
|
21
|
+
-ft=* | --file-type=*)
|
22
|
+
file_type="${i#*=}"
|
23
|
+
shift
|
24
|
+
;;
|
25
|
+
esac
|
26
|
+
done
|
27
|
+
|
28
|
+
if [ -z "$file_type" ]; then
|
29
|
+
echo "No file type given. Using deb"
|
30
|
+
file_type=deb
|
31
|
+
fi
|
32
|
+
|
33
|
+
echo Project Name is $project_name
|
34
|
+
echo Version is $version
|
35
|
+
echo file_type is $file_type
|
36
|
+
echo params at the end are $@
|
37
|
+
|
19
38
|
# Build dev package first
|
20
39
|
prefix=/src/opt/conjur/project
|
21
|
-
cp -al $prefix /dev-pkg
|
22
40
|
cd $prefix
|
23
|
-
bundle --
|
41
|
+
bundle config set --local deployment 'true' && \
|
42
|
+
bundle config set --local path 'vendor/bundle' && \
|
43
|
+
bundle
|
44
|
+
cp -al $prefix /dev-pkg
|
45
|
+
bundle config set --local without 'development test'
|
24
46
|
bundle clean
|
25
|
-
cp /usr/local/bundle/config .bundle/config # bundler for some reason stores config there...
|
26
47
|
cd /dev-pkg
|
27
48
|
remove_matching $prefix
|
28
49
|
bundle_clean
|
29
50
|
|
30
|
-
if [
|
51
|
+
if [ $(ls | wc -l) -eq 0 ]; then
|
31
52
|
echo No dev dependencies, skipping dev package
|
32
53
|
else
|
33
|
-
|
34
|
-
do
|
35
|
-
echo "Building conjur-$project_name-dev $file_type package"
|
54
|
+
echo "Building conjur-$project_name-dev $file_type package"
|
36
55
|
|
37
|
-
|
56
|
+
fpm \
|
38
57
|
-s dir \
|
39
58
|
-t $file_type \
|
40
59
|
-n conjur-$project_name-dev \
|
@@ -50,7 +69,6 @@ else
|
|
50
69
|
--depends "conjur-$project_name = $version" \
|
51
70
|
--prefix /opt/conjur/$project_name \
|
52
71
|
--description "Conjur $project_name service - development files"
|
53
|
-
done
|
54
72
|
fi
|
55
73
|
|
56
74
|
mv /src/opt/conjur/project /src/opt/conjur/$project_name
|
@@ -67,26 +85,23 @@ mkdir -p opt/conjur/etc
|
|
67
85
|
|
68
86
|
[ -d opt/conjur/"$project_name"/distrib ] && mv opt/conjur/"$project_name"/distrib /
|
69
87
|
|
70
|
-
|
71
|
-
do
|
72
|
-
echo "Building conjur-$project_name-dev $file_type package"
|
88
|
+
echo "Building conjur-$project_name $file_type package"
|
73
89
|
|
74
|
-
|
90
|
+
fpm \
|
75
91
|
-s dir \
|
76
92
|
-t $file_type \
|
77
93
|
-n conjur-$project_name \
|
78
94
|
-v $version \
|
79
95
|
-C . \
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
ls -al *.{deb,rpm}
|
96
|
+
--maintainer "CyberArk Software, Inc." \
|
97
|
+
--vendor "CyberArk Software, Inc." \
|
98
|
+
--license "Proprietary" \
|
99
|
+
--url "https://www.cyberark.com" \
|
100
|
+
--config-files opt/conjur/etc \
|
101
|
+
--deb-no-default-config-files \
|
102
|
+
--$file_type-user conjur \
|
103
|
+
--$file_type-group conjur \
|
104
|
+
--description "Conjur $project_name service" \
|
105
|
+
"$@"
|
106
|
+
|
107
|
+
ls -l
|
@@ -1,11 +1,5 @@
|
|
1
|
-
FROM
|
1
|
+
FROM releases-docker.jfrog.io/jfrog/jfrog-cli:1.52.0
|
2
2
|
|
3
3
|
ENV JFROG_CLI_OFFER_CONFIG=false
|
4
|
-
ENV JFROG_VERSION=1.13.1
|
5
|
-
|
6
|
-
RUN curl -kL \
|
7
|
-
-o /usr/bin/jfrog \
|
8
|
-
https://bintray.com/jfrog/jfrog-cli-go/download_file?file_path=${JFROG_VERSION}%2Fjfrog-cli-linux-amd64%2Fjfrog && \
|
9
|
-
chmod +x /usr/bin/jfrog
|
10
4
|
|
11
5
|
WORKDIR /src
|
data/publish-rubygem.sh
CHANGED
@@ -1,11 +1,10 @@
|
|
1
|
-
#!/bin/bash
|
1
|
+
#!/usr/bin/env bash
|
2
|
+
set -e
|
2
3
|
|
3
|
-
docker
|
4
|
-
|
5
|
-
|
4
|
+
docker run -i --rm -v $PWD:/src -w /src alpine/git clean -fxd \
|
5
|
+
-e VERSION \
|
6
|
+
-e bom-assets/ \
|
7
|
+
-e release-assets/
|
6
8
|
|
7
9
|
summon --yaml "RUBYGEMS_API_KEY: !var rubygems/api-key" \
|
8
|
-
|
9
|
-
registry.tld/conjurinc/publish-rubygem debify
|
10
|
-
|
11
|
-
docker run -i --rm -v $PWD:/src -w /src alpine/git clean -fxd
|
10
|
+
publish-rubygem debify
|
data/spec/debify_utils_spec.rb
CHANGED
@@ -30,7 +30,7 @@ describe "remove_matching()", type: :aruba do
|
|
30
30
|
end
|
31
31
|
|
32
32
|
def remove_matching
|
33
|
-
|
33
|
+
run_command_and_stop "bash -c 'source #{DEBIFY_UTILS_PATH}; cd #{herepath}; remove_matching #{therepath}'"
|
34
34
|
end
|
35
35
|
|
36
36
|
def here files
|
data/spec/utils_spec.rb
CHANGED
@@ -6,7 +6,7 @@ describe 'Conjur::Debify::Utils.copy_from_container' do
|
|
6
6
|
it "copies a file from the container to the current directory" do
|
7
7
|
tar = File.read "#{__dir__}/data/test.tar"
|
8
8
|
container = instance_double Docker::Container
|
9
|
-
allow(container).to receive(:
|
9
|
+
allow(container).to receive(:archive_out).with "/tmp/test.tar" do |&b|
|
10
10
|
StringIO.new(tar).each(nil, 512) do |c|
|
11
11
|
# docker api sends three arguments, so emulate that
|
12
12
|
b[c, nil, nil]
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: conjur-debify
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 2.1.1.pre.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- CyberArk Software, Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-01-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: gli
|
@@ -30,14 +30,14 @@ dependencies:
|
|
30
30
|
requirements:
|
31
31
|
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: '
|
33
|
+
version: '2.0'
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: '
|
40
|
+
version: '2.0'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: conjur-cli
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -70,16 +70,16 @@ dependencies:
|
|
70
70
|
name: bundler
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
72
72
|
requirements:
|
73
|
-
- - "
|
73
|
+
- - ">="
|
74
74
|
- !ruby/object:Gem::Version
|
75
|
-
version:
|
75
|
+
version: 2.2.30
|
76
76
|
type: :development
|
77
77
|
prerelease: false
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
79
79
|
requirements:
|
80
|
-
- - "
|
80
|
+
- - ">="
|
81
81
|
- !ruby/object:Gem::Version
|
82
|
-
version:
|
82
|
+
version: 2.2.30
|
83
83
|
- !ruby/object:Gem::Dependency
|
84
84
|
name: fakefs
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
@@ -100,14 +100,14 @@ dependencies:
|
|
100
100
|
requirements:
|
101
101
|
- - "~>"
|
102
102
|
- !ruby/object:Gem::Version
|
103
|
-
version:
|
103
|
+
version: '13.0'
|
104
104
|
type: :development
|
105
105
|
prerelease: false
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
107
107
|
requirements:
|
108
108
|
- - "~>"
|
109
109
|
- !ruby/object:Gem::Version
|
110
|
-
version:
|
110
|
+
version: '13.0'
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
112
|
name: cucumber
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
@@ -128,14 +128,14 @@ dependencies:
|
|
128
128
|
requirements:
|
129
129
|
- - "~>"
|
130
130
|
- !ruby/object:Gem::Version
|
131
|
-
version: '0
|
131
|
+
version: '1.0'
|
132
132
|
type: :development
|
133
133
|
prerelease: false
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
135
135
|
requirements:
|
136
136
|
- - "~>"
|
137
137
|
- !ruby/object:Gem::Version
|
138
|
-
version: '0
|
138
|
+
version: '1.0'
|
139
139
|
- !ruby/object:Gem::Dependency
|
140
140
|
name: rspec
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
@@ -246,11 +246,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
246
246
|
version: '0'
|
247
247
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
248
248
|
requirements:
|
249
|
-
- - "
|
249
|
+
- - ">"
|
250
250
|
- !ruby/object:Gem::Version
|
251
|
-
version:
|
251
|
+
version: 1.3.1
|
252
252
|
requirements: []
|
253
|
-
|
253
|
+
rubyforge_project:
|
254
|
+
rubygems_version: 2.7.6.2
|
254
255
|
signing_key:
|
255
256
|
specification_version: 4
|
256
257
|
summary: Utility commands to build and package Conjur services as Debian packages
|