conjur-debify 3.0.0.pre.1043 → 3.0.0.pre.1118

data/lib/conjur/debify.rb

@@ -1,850 +0,0 @@
-require "conjur/debify/version"
-require 'docker'
-require 'fileutils'
-require 'gli'
-require 'json'
-require 'base64'
-require 'tmpdir'
-
-require 'conjur/debify/utils'
-
-require 'active_support'
-require 'active_support/core_ext'
-
-include GLI::App
-
-DEFAULT_FILE_TYPE = "deb"
-
-config_file '.debifyrc'
-
-desc 'Set an environment variable (e.g. TERM=xterm) when starting a container'
-flag [:env], :multiple => true
-
-desc 'Mount local bundle to reuse gems from previous installation'
-default_value true
-switch [:'local-bundle']
-
-
-Docker.options[:read_timeout] = 300
-
-# This is used to turn on DEBUG notices.
-module DebugMixin
-  DEBUG = ENV['DEBUG'].nil? ? true : ENV['DEBUG'].downcase == 'true'
-
-  def debug *a
-    DebugMixin.debug *a
-  end
-
-  def self.debug *a
-    $stderr.puts *a if DEBUG
-  end
-
-  def debug_write *a
-    DebugMixin.debug_write *a
-  end
-
-  def self.debug_write *a
-    $stderr.write *a if DEBUG
-  end
-
-  # you can give this to various docker methods to print output if debug is on
-  def self.docker_debug *a
-    if a.length == 2 && a[0].is_a?(Symbol)
-      debug a.last
-    else
-      a.each do |line|
-        begin
-          line = JSON.parse(line)
-          line.keys.each do |k|
-            debug line[k]
-          end
-        rescue JSON::ParserError
-          # Docker For Mac is spitting out invalid JSON, so just print
-          # out the line if parsing fails.
-          debug line
-        end
-      end
-    end
-  end
-
-  DOCKER = method :docker_debug
-end
-
-program_desc 'Utility commands for building and testing Conjur appliance Debian packages'
-
-version Conjur::Debify::VERSION
-
-subcommand_option_handling :normal
-arguments :strict
-
-def detect_version
-  if File.exists?("VERSION") && !(base_commit = `git log --pretty='%h' VERSION | head -n 1`.strip).empty?
-    base_version = File.read("VERSION").strip
-    commits_since = `git log #{base_commit}..HEAD --pretty='%h'`.split("\n").size
-    hash = `git rev-parse --short HEAD`.strip
-    [[base_version, commits_since].join('.'), hash].join("-")
-  else
-    `git describe --long --tags --abbrev=7 --match 'v*.*.*' | sed -e 's/^v//'`.strip.tap do |version|
-      raise "No Git version (tag) for project" if version.empty?
-    end
-  end
-end
-
-def git_files
-  files = (`git ls-files -z`.split("\x0") + ['Gemfile.lock', 'VERSION']).uniq
-  # Since submodule directories are listed, but are not files, we remove them.
-  # Currently, `conjur-project-config` is the only submodule in Conjur, and it
-  # can safely be removed because it's a developer-only tool.  If we add another
-  # submodule in the future needed for production, we'll need to update this
-  # code.  But YAGNI for now.
-  files.select { |f| File.file?(f) }
-end
-
-def login_to_registry(appliance_image_id)
-  config_file = File.expand_path('~/.docker/config.json')
-  if File.exist? config_file
-    json_config = JSON.parse(File.read(config_file))
-    registry = appliance_image_id.split('/')[0]
-
-    json_auth = json_config['auths'][registry]['auth']
-    if json_auth
-      username, password = Base64.decode64(json_auth).split(':')
-      Docker.authenticate! username: username, password: password, serveraddress: registry
-    end
-  end
-end
-
-desc "Clean current working directory of non-Git-managed files"
-long_desc <<DESC
-Reliable builds depend on having a clean working directory.
-
-Because debify runs some commands in volume-mounted Docker containers,
-it is capable of creating root-owned files.
-
-This command will delete all files in the working directory that are not
-git-managed. The command is designed to run in Jenkins. Therefore, it will
-only perform file deletion if:
-
-* The current user, as provided by Etc.getlogin, is 'jenkins'
-* The BUILD_NUMBER environment variable is set
-
-File deletion can be compelled using the "force" option.
-DESC
-arg_name "project-name -- <fpm-arguments>"
-command "clean" do |c|
-  c.desc "Set the current working directory"
-  c.flag [:d, "dir"]
-
-  c.desc "Ignore (don't delete) a file or directory"
-  c.flag [:i, :ignore]
-
-  c.desc "Force file deletion even if if this doesn't look like a Jenkins environment"
-  c.switch [:force]
-
-  c.action do |global_options, cmd_options, args|
-    def looks_like_jenkins?
-      require 'etc'
-      Etc.getlogin == 'jenkins' && ENV['BUILD_NUMBER']
-    end
-
-    require 'set'
-    perform_deletion = cmd_options[:force] || looks_like_jenkins?
-    if !perform_deletion
-      $stderr.puts "No --force, and this doesn't look like Jenkins. I won't actually delete anything"
-    end
-    @ignore_list = Array(cmd_options[:ignore]) + ['.', '..', '.git']
-
-    def ignore_file? f
-      @ignore_list.find { |ignore| f.index(ignore) == 0 }
-    end
-
-    dir = cmd_options[:dir] || '.'
-    dir = File.expand_path(dir)
-    Dir.chdir dir do
-      require 'find'
-      find_files = []
-      Find.find('.').each do |p|
-        find_files.push p[2..-1]
-      end
-      find_files.compact!
-      delete_files = (find_files - git_files)
-      delete_files.delete_if { |file|
-        File.directory?(file) || ignore_file?(file)
-      }
-      if perform_deletion
-        image = Docker::Image.create 'fromImage' => "alpine:3.3"
-        options = {
-          'Cmd' => ["sh", "-c", "while true; do sleep 1; done"],
-          'Image' => image.id,
-          'Binds' => [
-            [dir, "/src"].join(':'),
-          ]
-        }
-        options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
-        container = Docker::Container.create options
-        begin
-          container.start!
-          delete_files.each do |file|
-            puts file
-
-            file = "/src/#{file}"
-            cmd = ["rm", "-f", file]
-
-            stdout, stderr, status = container.exec cmd, &DebugMixin::DOCKER
-            $stderr.puts "Failed to delete #{file}" unless status == 0
-          end
-        ensure
-          container.delete force: true
-        end
-      else
-        delete_files.each do |file|
-          puts file
-        end
-      end
-    end
-  end
-end
-
-def copy_packages_from_container(container, package_name, dev_package_name)
-  Conjur::Debify::Utils.copy_from_container container, "/src/#{package_name}"
-  puts "#{package_name}"
-  begin
-    Conjur::Debify::Utils.copy_from_container container, "/dev-pkg/#{dev_package_name}"
-    puts "#{dev_package_name}"
-  rescue Docker::Error::NotFoundError
-    warn "#{dev_package_name} not found. The package might not have any development dependencies."
-  end
-end
-
-desc "Build a debian package for a project"
-long_desc <<DESC
-The package is built using fpm (https://github.com/jordansissel/fpm).
-
-The project directory is required to contain:
-
-* A Gemfile and Gemfile.lock
-* A shell script called debify.sh
-
-debify.sh is invoked by the package build process to create any custom
-files, other than the project source tree. For example, config files can be
-created in /opt/conjur/etc.
-
-The distrib folder in the project source tree is intended to create scripts
-for package pre-install, post-install etc. The distrib folder is not included
-in the deb package, so its contents should be copied to the file system or
-packaged using fpm arguments.
-
-All arguments to this command which follow the double-dash are propagated to
-the fpm command.
-DESC
-arg_name "project-name -- <fpm-arguments>"
-command "package" do |c|
-  c.desc "Set the current working directory"
-  c.flag [:d, "dir"]
-
-  c.desc "Set the output file type of the fpm command (e.g rpm)"
-  c.flag [:o, :output]
-
-  c.desc "Specify the deb version; by default, it's read from the VERSION file"
-  c.flag [:v, :version]
-
-  c.desc "Specify a custom Dockerfile.fpm"
-  c.flag [:dockerfile]
-
-  c.desc "Specify files to add to the FPM image that are not included from the git repo"
-  c.flag [:'additional-files']
-
-  c.action do |global_options, cmd_options, args|
-    raise "project-name is required" unless project_name = args.shift
-
-    fpm_args = []
-    if (delimeter = args.shift) == '--'
-      fpm_args = args.dup
-    else
-      raise "Unexpected argument '#{delimeter}'"
-    end
-
-    dir = cmd_options[:dir] || '.'
-    pwd = File.dirname(__FILE__)
-
-    additional_files = []
-    if cmd_options[:'additional-files']
-      additional_files = cmd_options[:'additional-files'].split(',').map(&:strip)
-    end
-
-    begin
-      tries ||= 2
-      fpm_image = Docker::Image.build_from_dir File.expand_path('fpm', File.dirname(__FILE__)), tag: "debify-fpm", &DebugMixin::DOCKER
-    rescue
-      image_id = File.readlines(File.expand_path('fpm/Dockerfile', File.dirname(__FILE__)))
-                     .find { | line | line =~ /^FROM/ }
-                     .split(' ')
-                     .last
-      login_to_registry image_id
-      retry unless (tries -= 1).zero?
-    end
-    DebugMixin.debug_write "Built base fpm image '#{fpm_image.id}'\n"
-    dir = File.expand_path(dir)
-
-    Dir.chdir dir do
-      version = cmd_options[:version] || detect_version
-
-      # move git files and Dockerfile to temp dir to make deb from
-      # we do this to avoid adding "non-git" files
-      # that aren't mentioned in the dockerignore to the deb
-      temp_dir = Dir.mktmpdir
-      DebugMixin.debug_write "Copying git files to tmp dir '#{temp_dir}'\n"
-      (git_files + additional_files).each do |fname|
-        original_file = File.join(dir, fname)
-        destination_path = File.join(temp_dir, fname)
-        FileUtils.mkdir_p(File.dirname(destination_path))
-        FileUtils.cp(original_file, destination_path)
-      end
-
-      # rename specified dockerfile to 'Dockerfile' during copy, incase name is different
-      dockerfile_path = cmd_options[:dockerfile] || File.expand_path("debify/Dockerfile.fpm", pwd)
-      temp_dockerfile = File.join(temp_dir, "Dockerfile")
-
-      # change image variable in specified Dockerfile
-      dockerfile = File.read(dockerfile_path)
-      replace_image = dockerfile.gsub("@@image@@", fpm_image.id)
-      File.open(temp_dockerfile, "w") { |file| file.puts replace_image }
-
-      # build image from project being debified dir
-      image = Docker::Image.build_from_dir temp_dir, &DebugMixin::DOCKER
-
-      DebugMixin.debug_write "Built fpm image '#{image.id}' for project #{project_name}\n"
-
-      container_cmd_options = [project_name, version]
-
-      # Set the output file type if present
-      file_type = cmd_options[:output] || DEFAULT_FILE_TYPE
-      container_cmd_options << "--file-type=#{file_type}"
-
-      options = {
-        'Cmd' => container_cmd_options + fpm_args,
-        'Image' => image.id
-      }
-      options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
-
-      container = Docker::Container.create options
-      begin
-        DebugMixin.debug_write "Packaging #{project_name} in container #{container.id}\n"
-        container.tap(&:start!).streaming_logs(follow: true, stdout: true, stderr: true) { |stream, chunk| $stderr.puts "#{chunk}" }
-        status = container.wait
-        raise "Failed to package #{project_name}" unless status['StatusCode'] == 0
-
-        if file_type == "deb"
-          # Copy deb packages
-          copy_packages_from_container(
-            container,
-            "conjur-#{project_name}_#{version}_amd64.deb",
-            "conjur-#{project_name}-dev_#{version}_amd64.deb"
-          )
-        elsif file_type == "rpm"
-          # Copy rpm packages
-          # The rpm builder replaces dashes with underscores in the version
-          rpm_version = version.tr('-', '_')
-          copy_packages_from_container(
-            container,
-            "conjur-#{project_name}-#{rpm_version}-1.x86_64.rpm",
-            "conjur-#{project_name}-dev-#{rpm_version}-1.x86_64.rpm"
-          )
-        end
-      ensure
-        container.delete(force: true)
-      end
-    end
-  end
-end
-
-def container_command container, *args
-  stdout, stderr, exitcode = container.exec args, &DebugMixin::DOCKER
-  exit_now! "Command failed : #{args.join(' ')}", exitcode unless exitcode == 0
-  stdout
-end
-
-def wait_for_conjur appliance_image, container
-  container_command container, '/opt/conjur/evoke/bin/wait_for_conjur'
-rescue
-  $stderr.puts container.logs
-  raise
-end
-
-def network_options(cmd)
-  cmd.desc "Specify link for test container"
-  cmd.flag [:l, :link], :multiple => true
-
-  cmd.desc 'Attach to the specified network'
-  cmd.flag [:n, :net]
-end
-
-def short_id(id)
-  if id =~ /\A[0-9a-f]{64}\z/ # 64 hex digits, docker only allows lower case letters in ids
-    $stderr.puts "Warning: found full container id, using short id instead (#{id[0..11]} for #{id})"
-    id[0..11]
-  else
-    id
-  end
-end
-
-# If the source of the link is a full container id, use the short id
-# instead. (Docker doesn't add full container ids as network aliases,
-# only short ids).
-def shorten_source_id(link)
-  src, dest = link.split(':')
-  src && dest ? "#{short_id(src)}:#{dest}" : link
-end
-
-def add_network_config(container_config, cmd_options)
-  host_config = container_config['HostConfig']
-  has_links = cmd_options[:link] && !cmd_options[:link].empty?
-  net_name = cmd_options[:net]
-  if net_name
-    host_config['NetworkMode'] = net_name
-    if has_links
-      container_config['NetworkingConfig'] ||= {}
-      container_config['NetworkingConfig'].deep_merge!(
-        'EndpointsConfig' => {
-          net_name => {
-            'Links' => cmd_options[:link].collect(&method(:shorten_source_id))
-          }
-        }
-      )
-    end
-  elsif has_links
-    # Don't shorten source ids here
-    host_config['Links'] = cmd_options[:link]
-  end
-end
-
-desc "Test a Conjur debian package in a Conjur appliance container"
-long_desc <<DESC
-First, a Conjur appliance container is created and started. By default, the
-container image is registry.tld/conjur-appliance-cuke-master. An image tag
-MUST be supplied. This image is configured with all the CONJUR_ environment
-variables setup for the local environment (appliance URL, cert path, admin username and
-password, etc). The project source tree is also mounted into the container, at
-/src/<project-name>.
-
-This command then waits for Conjur to initialize and be healthy. It proceeds by
-installing the conjur-<project-name>_<version>_amd64.deb from the project working directory.
-
-Then the evoke "test-install" command is used to install the test code in the
-/src/<project-name>. Basically, the development bundle is installed and the database
-configuration (if any) is setup.
-
-Finally, a test script from the project source tree is run, again with the container
-id as the program argument.
-
-Then the Conjur container is deleted (use --keep to leave it running).
-DESC
-arg_name "project-name test-script"
-command "test" do |c|
-  c.desc "Set the current working directory"
-  c.flag [:d, :dir]
-
-  c.desc "Keep the Conjur appliance container after the command finishes"
-  c.default_value false
-  c.switch [:k, :keep]
-
-  c.desc "Image name"
-  c.default_value "registry.tld/conjur-appliance-cuke-master"
-  c.flag [:i, :image]
-
-  c.desc "Image tag, e.g. 4.5-stable, 4.6-stable"
-  c.flag [:t, "image-tag"]
-
-  c.desc "'docker pull' the Conjur container image"
-  c.default_value true
-  c.switch [:pull]
-
-  c.desc "Specify the deb version; by default, it's read from the VERSION file"
-  c.flag [:v, :version]
-
-  c.desc "Specify volume for test container"
-  c.flag [:'volumes-from'], :multiple => true
-
-  network_options(c)
-
-  c.action do |global_options, cmd_options, args|
-    raise "project-name is required" unless project_name = args.shift
-    raise "test-script is required" unless test_script = args.shift
-    raise "Received extra command-line arguments" if args.shift
-
-    dir = cmd_options[:dir] || '.'
-    dir = File.expand_path(dir)
-
-    raise "Directory #{dir} does not exist or is not a directory" unless File.directory?(dir)
-    raise "Directory #{dir} does not contain a .deb file" unless Dir["#{dir}/*.deb"].length >= 1
-
-    Dir.chdir dir do
-      image_tag = cmd_options["image-tag"] or raise "image-tag is required"
-      appliance_image_id = [cmd_options[:image], image_tag].join(":")
-      version = cmd_options[:version] || detect_version
-      package_name = "conjur-#{project_name}_#{version}_amd64.deb"
-      dev_package_name = "conjur-#{project_name}-dev_#{version}_amd64.deb"
-
-      raise "#{test_script} does not exist or is not a file" unless File.file?(test_script)
-
-      begin
-        tries ||= 2
-        Docker::Image.create 'fromImage' => appliance_image_id, &DebugMixin::DOCKER if cmd_options[:pull]
-      rescue
-        login_to_registry appliance_image_id
-        retry unless (tries -= 1).zero?
-      end
-
-
-      def build_test_image(appliance_image_id, project_name, packages)
-        packages = packages.join " "
-        dockerfile = <<-DOCKERFILE
-FROM #{appliance_image_id}
-
-COPY #{packages} /tmp/
-
-RUN if dpkg --list | grep conjur-#{project_name}; then dpkg --force all --purge conjur-#{project_name}; fi
-RUN if [ -f /opt/conjur/etc/#{project_name}.conf ]; then rm /opt/conjur/etc/#{project_name}.conf; fi
-RUN cd /tmp; dpkg --install #{packages}
-
-RUN touch /etc/service/conjur/down
-        DOCKERFILE
-        Dir.mktmpdir do |tmpdir|
-          tmpfile = Tempfile.new('Dockerfile', tmpdir)
-          File.write(tmpfile, dockerfile)
-          dockerfile_name = File.basename(tmpfile.path)
-          tar_cmd = "tar -cvzh -C #{tmpdir} #{dockerfile_name} -C #{Dir.pwd} #{packages}"
-          tar = open("| #{tar_cmd}")
-          begin
-            Docker::Image.build_from_tar(tar, :dockerfile => dockerfile_name, &DebugMixin::DOCKER)
-          ensure
-            tar.close
-          end
-        end
-      end
-
-      packages = [package_name]
-      packages << dev_package_name if File.exist? dev_package_name
-
-      begin
-        tries ||= 2
-        appliance_image = build_test_image(appliance_image_id, project_name, packages)
-      rescue
-        login_to_registry appliance_image_id
-        retry unless (tries -= 1).zero?
-      end
-
-      vendor_dir = File.expand_path("tmp/debify/#{project_name}/vendor", ENV['HOME'])
-      dot_bundle_dir = File.expand_path("tmp/debify/#{project_name}/.bundle", ENV['HOME'])
-      FileUtils.mkdir_p vendor_dir
-      FileUtils.mkdir_p dot_bundle_dir
-      options = {
-        'Image' => appliance_image.id,
-        'Env' => [
-          "CONJUR_AUTHN_LOGIN=admin",
-          "CONJUR_ENV=appliance",
-          "CONJUR_AUTHN_API_KEY=SEcret12!!!!",
-          "CONJUR_ADMIN_PASSWORD=SEcret12!!!!",
-        ] + global_options[:env],
-        'HostConfig' => {
-          'Binds' => [
-            [dir, "/src/#{project_name}"].join(':')
-          ]
-        }
-      }
-      host_config = options['HostConfig']
-
-      host_config['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
-      host_config['VolumesFrom'] = cmd_options[:'volumes-from'] if cmd_options[:'volumes-from'] && !cmd_options[:'volumes-from'].empty?
-
-      add_network_config(options, cmd_options)
-
-      if global_options[:'local-bundle']
-        host_config['Binds']
-          .push([vendor_dir, "/src/#{project_name}/vendor"].join(':'))
-          .push([dot_bundle_dir, "/src/#{project_name}/.bundle"].join(':'))
-      end
-
-      container = Docker::Container.create(options.tap { |o| DebugMixin.debug_write "creating container with options #{o.inspect}" })
-
-      begin
-        DebugMixin.debug_write "Testing #{project_name} in container #{container.id}\n"
-
-        spawn("docker logs -f #{container.id}", [:out, :err] => $stderr).tap do |pid|
-          Process.detach pid
-        end
-        container.start!
-
-        # Wait for pg/main so that migrations can run
-        30.times do
-          stdout, stderr, exitcode = container.exec %w(sv status pg/main), &DebugMixin::DOCKER
-          status = stdout.join
-          break if exitcode == 0 && status =~ /^run\:/
-          sleep 1
-        end
-
-        # If we're not using shared gems, run dev-install instead of
-        # test-install. Even having to reinstall all the gems is
-        # better than dealing with Docker For Mac's current file
-        # sharing performance.
-        install_cmd = global_options[:'local-bundle'] ? 'test-install' : 'dev-install'
-        container_command container, "/opt/conjur/evoke/bin/#{install_cmd}", project_name
-
-        DebugMixin.debug_write "Starting conjur\n"
-
-        container_command container, "rm", "/etc/service/conjur/down"
-        container_command container, "sv", "start", "conjur"
-        wait_for_conjur appliance_image, container
-
-        system "./#{test_script} #{container.id}"
-        exit_now! "#{test_script} failed with exit code #{$?.exitstatus}", $?.exitstatus unless $?.exitstatus == 0
-      ensure
-        unless cmd_options[:keep] || ENV['KEEP_CONTAINERS']
-          DebugMixin.debug_write "deleting container"
-          container.delete(force: true)
-        end
-      end
-    end
-  end
-end
-
-desc "Setup a development sandbox for a Conjur debian package in a Conjur appliance container"
-long_desc <<DESC
-First, a Conjur appliance container is created and started. By default, the
-container image is registry.tld/conjur-appliance-cuke-master. An image tag
-MUST be supplied. This image is configured with all the CONJUR_ environment
-variables setup for the local environment (appliance URL, cert path, admin username and
-password, etc). The project source tree is also mounted into the container, at
-/src/<project-name>, where <project-name> is taken from the name of the current working directory.
-
-Once in the container, use "/opt/conjur/evoke/bin/dev-install" to install the development bundle of your project.
-DESC
-command "sandbox" do |c|
-  c.desc "Set the current working directory"
-  c.flag [:d, :dir]
-
-  c.desc "Image name"
-  c.default_value "registry.tld/conjur-appliance-cuke-master"
-  c.flag [:i, :image]
-
-  c.desc "Image tag, e.g. 4.5-stable, 4.6-stable"
-  c.flag [:t, "image-tag"]
-
-  c.desc "Bind another source directory into the container. Use <src>:<dest>, where both are full paths."
-  c.flag [:"bind"], :multiple => true
-
-  c.desc "'docker pull' the Conjur container image"
-  c.default_value false
-  c.switch [:pull]
-
-  network_options(c)
-
-  c.desc "Specify volume for container"
-  c.flag [:'volumes-from'], :multiple => true
-
-  c.desc "Expose a port from the container to host. Use <host>:<container>."
-  c.flag [:p, :port], :multiple => true
-
-  c.desc 'Run dev-install in /src/<project-name>'
-  c.default_value false
-  c.switch [:'dev-install']
-
-  c.desc 'Kill previous sandbox container'
-  c.default_value false
-  c.switch [:kill]
-
-  c.desc 'A command to run in the sandbox'
-  c.flag [:c, :command]
-
-  c.action do |global_options, cmd_options, args|
-    raise "Received extra command-line arguments" if args.shift
-
-    dir = cmd_options[:dir] || '.'
-    dir = File.expand_path(dir)
-
-    raise "Directory #{dir} does not exist or is not a directory" unless File.directory?(dir)
-
-    Dir.chdir dir do
-      image_tag = cmd_options["image-tag"] or raise "image-tag is required"
-      appliance_image_id = [cmd_options[:image], image_tag].join(":")
-
-      appliance_image = if cmd_options[:pull]
-        begin
-          tries ||= 2
-          Docker::Image.create 'fromImage' => appliance_image_id, &DebugMixin::DOCKER if cmd_options[:pull]
-        rescue
-          login_to_registry appliance_image_id
-          retry unless (tries -= 1).zero?
-        end
-      else
-        Docker::Image.get appliance_image_id
-      end
-
-      project_name = File.basename(Dir.getwd)
-      vendor_dir = File.expand_path("tmp/debify/#{project_name}/vendor", ENV['HOME'])
-      dot_bundle_dir = File.expand_path("tmp/debify/#{project_name}/.bundle", ENV['HOME'])
-      FileUtils.mkdir_p vendor_dir
-      FileUtils.mkdir_p dot_bundle_dir
-
-      options = {
-        'name' => "#{project_name}-sandbox",
-        'Image' => appliance_image.id,
-        'WorkingDir' => "/src/#{project_name}",
-        'Env' => [
-          "CONJUR_AUTHN_LOGIN=admin",
-          "CONJUR_ENV=appliance",
-          "CONJUR_AUTHN_API_KEY=SEcret12!!!!",
-          "CONJUR_ADMIN_PASSWORD=SEcret12!!!!",
-        ] + global_options[:env]
-      }
-
-      options['HostConfig'] = host_config = {}
-      host_config['Binds'] = [
-        [File.expand_path(".ssh/id_rsa", ENV['HOME']), "/root/.ssh/id_rsa", 'ro'].join(':'),
-        [dir, "/src/#{project_name}"].join(':'),
-      ] + Array(cmd_options[:bind])
-
-      if global_options[:'local-bundle']
-        host_config['Binds']
-          .push([vendor_dir, "/src/#{project_name}/vendor"].join(':'))
-          .push([dot_bundle_dir, "/src/#{project_name}/.bundle"].join(':'))
-      end
-
-      host_config['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
-      host_config['VolumesFrom'] = cmd_options[:'volumes-from'] unless cmd_options[:'volumes-from'].empty?
-
-      add_network_config(options, cmd_options)
-
-      unless cmd_options[:port].empty?
-        port_bindings = Hash.new({})
-        cmd_options[:port].each do |mapping|
-          hport, cport = mapping.split(':')
-          port_bindings["#{cport}/tcp"] = [{'HostPort' => hport}]
-        end
-        host_config['PortBindings'] = port_bindings
-      end
-
-      if cmd_options[:kill]
-        previous = Docker::Container.get(options['name']) rescue nil
-        previous.delete(:force => true) if previous
-      end
-
-      container = Docker::Container.create(options.tap { |o| DebugMixin.debug_write "creating container with options #{o.inspect}" })
-      $stdout.puts container.id
-      container.start!
-
-      wait_for_conjur appliance_image, container
-
-      if cmd_options[:'dev-install']
-        container_command(container, "/opt/conjur/evoke/bin/dev-install", project_name)
-        container_command(container, 'sv', 'restart', "conjur/#{project_name}")
-      end
-
-      if cmd_options[:command]
-        container_command(container, '/bin/bash', '-c', cmd_options[:command])
-      end
-    end
-  end
-end
-
-desc "Publish a debian package to apt repository"
-long_desc <<DESC
-Publishes a deb created with `debify package` to our private apt repository.
-
-"distribution" should match the major/minor version of the Conjur appliance you want to install to.
-
-The package name is a required option. The package version can be specified as a CLI option, or it will
-be auto-detected from Git.
-
---component should be 'stable' if run after package tests pass or 'testing' if the package is not yet ready for release.
-If you don't specify the component, it will be set to 'testing' unless the current git branch is 'master' or 'origin/master'.
-The git branch is first detected from the env var GIT_BRANCH or BRANCH_NAME, and then by checking `git rev-parse --abbrev-ref HEAD`
-(which won't give you the answer you want when detached).
-
-DESC
-arg_name "distribution project-name"
-command "publish" do |c|
-  c.desc "Set the current working directory"
-  c.flag [:d, :dir]
-
-  c.desc "Specify the deb package version; by default, it's computed automatically"
-  c.flag [:v, :version]
-
-  c.desc "Component to publish to, either 'stable' or the name of the git branch"
-  c.flag [:c, :component]
-
-  c.desc "Artifactory URL to publish to"
-  c.default_value "https://conjurinc.jfrog.io/conjurinc"
-  c.flag [:u, :url]
-
-  c.desc "Artifactory Debian repo to publish package to"
-  c.default_value "debian-private"
-  c.flag [:r, :repo]
-
-  c.desc "Artifactory RPM repo to publish package to"
-  c.default_value "redhat-private"
-  c.flag ['rpm-repo']
-
-  c.action do |global_options, cmd_options, args|
-    require 'conjur/debify/action/publish'
-    raise "distribution is required" unless distribution = args.shift
-    raise "project-name is required" unless project_name = args.shift
-    raise "Received extra command-line arguments" if args.shift
-
-    Conjur::Debify::Action::Publish.new(distribution, project_name, cmd_options).run
-  end
-end
-
-desc "Auto-detect and print the repository version"
-command "detect-version" do |c|
-  c.desc "Set the current working directory"
-  c.flag [:d, :dir]
-  c.action do |global_options, cmd_options, args|
-    raise "Received extra command-line arguments" if args.shift
-
-    dir = cmd_options[:dir] || '.'
-    dir = File.expand_path(dir)
-
-    raise "Directory #{dir} does not exist or is not a directory" unless File.directory?(dir)
-
-    Dir.chdir dir do
-      puts detect_version
-    end
-  end
-end
-
-desc 'Show the given configuration'
-arg_name 'configuration'
-command 'config' do |c|
-  c.action do |_, _, args|
-    raise 'no configuration provided' unless config = args.shift
-    raise "Received extra command-line arguments" if args.shift
-
-    File.open(File.join('distrib', config)).each do |line|
-      puts line.gsub(/@@DEBIFY_VERSION@@/, Conjur::Debify::VERSION)
-    end
-  end
-end
-
-
-pre do |global, command, options, args|
-  # Pre logic here
-  # Return true to proceed; false to abort and not call the
-  # chosen command
-  # Use skips_pre before a command to skip this block
-  # on that command only
-  true
-end
-
-post do |global, command, options, args|
-  # Post logic here
-  # Use skips_post before a command to skip this
-  # block on that command only
-end
-
-on_error do |exception|
-  # Error logic here
-  # return false to skip default error handling
-  true
-end
-