conjur-debify 3.0.0.pre.1118 → 3.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.dockerignore +1 -0
- data/.gitignore +22 -0
- data/.project +18 -0
- data/.rvmrc +60 -0
- data/CHANGELOG.md +246 -0
- data/CONTRIBUTING.md +16 -0
- data/Dockerfile +33 -0
- data/Gemfile +2 -0
- data/Jenkinsfile +116 -0
- data/LICENSE.txt +22 -0
- data/README.md +303 -0
- data/Rakefile +75 -0
- data/VERSION +1 -1
- data/bin/debify +5 -0
- data/build.sh +8 -0
- data/ci/test.sh +8 -0
- data/debify.gemspec +36 -0
- data/distrib/conjur_creds.rb +7 -0
- data/distrib/docker-debify +50 -0
- data/distrib/entrypoint.sh +19 -0
- data/distrib/script +1 -0
- data/distrib/secrets +1 -0
- data/distrib/secrets.yml +2 -0
- data/example/Gemfile +9 -0
- data/example/Gemfile.lock +32 -0
- data/example/debify.sh +3 -0
- data/example/distrib/postinstall.sh +8 -0
- data/example/docker-compose.yml +11 -0
- data/example/net-test.sh +7 -0
- data/example/test.sh +4 -0
- data/features/detect_version.feature +12 -0
- data/features/package.feature +23 -0
- data/features/sandbox.feature +23 -0
- data/features/step_definitions/debify_steps.rb +29 -0
- data/features/support/env.rb +12 -0
- data/features/support/hooks.rb +29 -0
- data/features/support/world.rb +10 -0
- data/features/test.feature +24 -0
- data/image-tags +23 -0
- data/lib/conjur/debify/Dockerfile.fpm +13 -0
- data/lib/conjur/debify/action/publish.rb +136 -0
- data/lib/conjur/debify/utils.rb +16 -0
- data/lib/conjur/debify/version.rb +5 -0
- data/lib/conjur/debify.rb +850 -0
- data/lib/conjur/fpm/Dockerfile +26 -0
- data/lib/conjur/fpm/debify_utils.sh +32 -0
- data/lib/conjur/fpm/package.sh +107 -0
- data/lib/conjur/publish/Dockerfile +5 -0
- data/publish-rubygem.sh +10 -0
- data/push-image.sh +6 -0
- data/secrets.yml +3 -0
- data/spec/action/publish_spec.rb +54 -0
- data/spec/data/Makefile +5 -0
- data/spec/data/test.tar +0 -0
- data/spec/debify_utils_spec.rb +55 -0
- data/spec/spec_helper.rb +1 -0
- data/spec/utils_spec.rb +22 -0
- data/tag-image.sh +6 -0
- data/test.sh +6 -0
- metadata +80 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 65aa3614580dd66e5394a5e1893f236722b8dbc740d2f1f344df21498dcfa757
|
4
|
+
data.tar.gz: 5af3cebd73f1d05e96c13ead0ea70a6486c4ed6ce5d10860ca6840c80a395217
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 43f4c48ac3a1518d967554ea863fc865960a2e6ccac87205935902a80fd37c96140a71cedbeed02bf2608f863f398d2617d2d3e48688a07174adbbcaab913dfe
|
7
|
+
data.tar.gz: 82a7f4e7811b6f02bfd9e0f33b57c0c557e0efca08ec0484477d53bff83747e7957c1bb23d737c519bcbbd29a8c9d842ebe8ee4b1aadce8fd1504618d92b7e90
|
data/.dockerignore
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
Gemfile.lock
|
data/.gitignore
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
.idea
|
2
|
+
features/reports
|
3
|
+
/.bundle/
|
4
|
+
/.yardoc
|
5
|
+
/Gemfile.lock
|
6
|
+
/_yardoc/
|
7
|
+
/coverage/
|
8
|
+
/doc/
|
9
|
+
/pkg/
|
10
|
+
/spec/reports/
|
11
|
+
/tmp/
|
12
|
+
*.bundle
|
13
|
+
*.so
|
14
|
+
*.o
|
15
|
+
*.a
|
16
|
+
VERSION
|
17
|
+
results.html
|
18
|
+
mkmf.log
|
19
|
+
*.deb
|
20
|
+
*.rpm
|
21
|
+
*.gem
|
22
|
+
docker-debify
|
data/.project
ADDED
@@ -0,0 +1,18 @@
|
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
2
|
+
<projectDescription>
|
3
|
+
<name>debify</name>
|
4
|
+
<comment></comment>
|
5
|
+
<projects>
|
6
|
+
</projects>
|
7
|
+
<buildSpec>
|
8
|
+
<buildCommand>
|
9
|
+
<name>com.aptana.ide.core.unifiedBuilder</name>
|
10
|
+
<arguments>
|
11
|
+
</arguments>
|
12
|
+
</buildCommand>
|
13
|
+
</buildSpec>
|
14
|
+
<natures>
|
15
|
+
<nature>com.aptana.ruby.core.rubynature</nature>
|
16
|
+
<nature>com.aptana.projects.webnature</nature>
|
17
|
+
</natures>
|
18
|
+
</projectDescription>
|
data/.rvmrc
ADDED
@@ -0,0 +1,60 @@
|
|
1
|
+
#!/usr/bin/env bash
|
2
|
+
|
3
|
+
# This is an RVM Project .rvmrc file, used to automatically load the ruby
|
4
|
+
# development environment upon cd'ing into the directory
|
5
|
+
|
6
|
+
# First we specify our desired <ruby>[@<gemset>], the @gemset name is optional,
|
7
|
+
# Only full ruby name is supported here, for short names use:
|
8
|
+
# echo "rvm use 2.2.4@debify" > .rvmrc
|
9
|
+
environment_id="ruby-2.2.4@debify"
|
10
|
+
|
11
|
+
# Uncomment the following lines if you want to verify rvm version per project
|
12
|
+
# rvmrc_rvm_version="1.26.11 (latest)" # 1.10.1 seems like a safe start
|
13
|
+
# eval "$(echo ${rvm_version}.${rvmrc_rvm_version} | __rvm_awk -F. '{print "[[ "$1*65536+$2*256+$3" -ge "$4*65536+$5*256+$6" ]]"}' )" || {
|
14
|
+
# echo "This .rvmrc file requires at least RVM ${rvmrc_rvm_version}, aborting loading."
|
15
|
+
# return 1
|
16
|
+
# }
|
17
|
+
|
18
|
+
# First we attempt to load the desired environment directly from the environment
|
19
|
+
# file. This is very fast and efficient compared to running through the entire
|
20
|
+
# CLI and selector. If you want feedback on which environment was used then
|
21
|
+
# insert the word 'use' after --create as this triggers verbose mode.
|
22
|
+
if [[ -d "${rvm_path:-$HOME/.rvm}/environments"
|
23
|
+
&& -s "${rvm_path:-$HOME/.rvm}/environments/$environment_id" ]]
|
24
|
+
then
|
25
|
+
\. "${rvm_path:-$HOME/.rvm}/environments/$environment_id"
|
26
|
+
for __hook in "${rvm_path:-$HOME/.rvm}/hooks/after_use"*
|
27
|
+
do
|
28
|
+
if [[ -f "${__hook}" && -x "${__hook}" && -s "${__hook}" ]]
|
29
|
+
then \. "${__hook}" || true
|
30
|
+
fi
|
31
|
+
done
|
32
|
+
unset __hook
|
33
|
+
if (( ${rvm_use_flag:=1} >= 2 )) # display only when forced
|
34
|
+
then
|
35
|
+
if [[ $- == *i* ]] # check for interactive shells
|
36
|
+
then printf "%b" "Using: $(tput setaf 2 2>/dev/null)$GEM_HOME$(tput sgr0 2>/dev/null)\n" # show the user the ruby and gemset they are using in green
|
37
|
+
else printf "%b" "Using: $GEM_HOME\n" # don't use colors in non-interactive shells
|
38
|
+
fi
|
39
|
+
fi
|
40
|
+
else
|
41
|
+
# If the environment file has not yet been created, use the RVM CLI to select.
|
42
|
+
rvm --create "$environment_id" || {
|
43
|
+
echo "Failed to create RVM environment '${environment_id}'."
|
44
|
+
return 1
|
45
|
+
}
|
46
|
+
fi
|
47
|
+
|
48
|
+
# If you use bundler, this might be useful to you:
|
49
|
+
# if [[ -s Gemfile ]] && {
|
50
|
+
# ! builtin command -v bundle >/dev/null ||
|
51
|
+
# builtin command -v bundle | GREP_OPTIONS="" \command \grep $rvm_path/bin/bundle >/dev/null
|
52
|
+
# }
|
53
|
+
# then
|
54
|
+
# printf "%b" "The rubygem 'bundler' is not installed. Installing it now.\n"
|
55
|
+
# gem install bundler
|
56
|
+
# fi
|
57
|
+
# if [[ -s Gemfile ]] && builtin command -v bundle >/dev/null
|
58
|
+
# then
|
59
|
+
# bundle install | GREP_OPTIONS="" \command \grep -vE '^Using|Your bundle is complete'
|
60
|
+
# fi
|
data/CHANGELOG.md
ADDED
@@ -0,0 +1,246 @@
|
|
1
|
+
## [3.0.0]
|
2
|
+
### Changed
|
3
|
+
|
4
|
+
- Upgrade ruby version to 3.0.
|
5
|
+
- Bump `cucumber` gem to 7.1.
|
6
|
+
- Bump `conjur-api` gem to 5.3.7.
|
7
|
+
- Bump `conjur-cli` gem to 6.2.6.
|
8
|
+
- Bump `aruba` gem to 2.0.
|
9
|
+
- Bump `jfrog-cli` to :latest.
|
10
|
+
|
11
|
+
## [2.1.1]
|
12
|
+
### Changed
|
13
|
+
|
14
|
+
- Update to use automated release process
|
15
|
+
|
16
|
+
# 2.1.0
|
17
|
+
### Changed
|
18
|
+
|
19
|
+
- Refine bundler related steps in `debify package` flow: only `package.sh` file configures
|
20
|
+
and invokes bundler. `Dockerfile.fpm` only copies files and adjusts folder structure.
|
21
|
+
- Remove bundler 1.* support
|
22
|
+
|
23
|
+
# 2.0.0
|
24
|
+
### Changed
|
25
|
+
- Debify now receives the flag `--output` as input to indicate the file type that it should package (e.g `rpm`). If this
|
26
|
+
flag is not given, the default value is `deb`.
|
27
|
+
[conjurinc/debify#56](https://github.com/conjurinc/debify/issues/56)
|
28
|
+
|
29
|
+
# 1.12.0
|
30
|
+
|
31
|
+
### Added
|
32
|
+
- Debify now packages and publishes an RPM file, alongside a debian file.
|
33
|
+
[conjurinc/debify#49](https://github.com/conjurinc/debify/pull/49)
|
34
|
+
- `debify package` now offers an `--additional-files` flag to provide a comma
|
35
|
+
separated list of files to include in the FPM build that are not provided
|
36
|
+
automatically by `git ls-files`.
|
37
|
+
[conjurinc/debify#52](https://github.com/conjurinc/debify/pull/52)
|
38
|
+
|
39
|
+
### Fixed
|
40
|
+
- Bug causing `all` files in the git repo to be added to the debian file.
|
41
|
+
[conjurinc/debify#50](https://github.com/conjurinc/debify/pull/50)
|
42
|
+
|
43
|
+
# 1.11.5
|
44
|
+
|
45
|
+
### Changed
|
46
|
+
* Updated FPM and Test images to use a base image with FIPS-compliant Ruby and OpenSSL.
|
47
|
+
|
48
|
+
# 1.11.4
|
49
|
+
|
50
|
+
* Updated sandbox password to match Conjur password complexity requirements.
|
51
|
+
|
52
|
+
# 1.11.3
|
53
|
+
|
54
|
+
* Reverted to `bundler` v1. `bundler` v2 was creating incompatible paths for downstream
|
55
|
+
packages.
|
56
|
+
* Made FPM Ruby version use `ruby2.5` instead of `ruby2.6` since that is what
|
57
|
+
our appliance image uses otherwise the gems bundled in the packages are unusable.
|
58
|
+
|
59
|
+
# 1.11.2
|
60
|
+
|
61
|
+
* Upgraded to use Ruby 2.6 and latest version of FPM
|
62
|
+
* Update Conjur Dockerfile from Ubuntu 14.04 --> 18.04 as 14.04 repos
|
63
|
+
are now behind a [pay wall](https://ubuntu.com/blog/ubuntu-14-04-esm-support)
|
64
|
+
Ruby is installed from `ppa:brightbox/ruby-ng` however that PPA
|
65
|
+
[doesn't currently supply ruby2.2 for Ubuntu 18.04](https://launchpad.net/~brightbox/+archive/ubuntu/ruby-ng?field.series_filter=bionic). [The documentation](https://www.brightbox.com/docs/ruby/ubuntu/)
|
66
|
+
suggests this combination is available, so it may be a temporary problem.
|
67
|
+
To work around the problem, ruby is bumped from 2.2 to 2.3 as 2.3 is the oldest
|
68
|
+
version available for Ubuntu 18.04.
|
69
|
+
|
70
|
+
# 1.11.1
|
71
|
+
|
72
|
+
* Upgrade `docker-debify` to use Ruby 2.6.
|
73
|
+
|
74
|
+
# 1.11.0
|
75
|
+
|
76
|
+
* Use a Docker env-file (docker.env, by default) to pass environment
|
77
|
+
variables to the debify container.
|
78
|
+
|
79
|
+
* Make sure `--env` variables get passed along to the Conjur container when testing, too.
|
80
|
+
|
81
|
+
# 1.10.3
|
82
|
+
|
83
|
+
* Fix a bug causing duplicate files between normal and dev packages when a file name contained a space.
|
84
|
+
|
85
|
+
# 1.10.2
|
86
|
+
|
87
|
+
* Pin `ruby-xz` gem in fpm Dockerfile, so it works on Ruby 2.2. Upstream issue: https://github.com/jordansissel/fpm/issues/1493
|
88
|
+
|
89
|
+
# 1.10.1
|
90
|
+
|
91
|
+
* Update fpm container to use Ruby 2.4, fixes `ruby-xz` dependency
|
92
|
+
|
93
|
+
# 1.10.0
|
94
|
+
|
95
|
+
* add `--net` support to `test` and `sandbox` subcommands
|
96
|
+
* Use Docker::Container.start! to start containers, to avoid
|
97
|
+
swallowing important errors.
|
98
|
+
|
99
|
+
# 1.9.1
|
100
|
+
|
101
|
+
* Make sure .bundle/config in the 'main' package excludes test and development groups.
|
102
|
+
|
103
|
+
# 1.9.0
|
104
|
+
|
105
|
+
* Build -dev package with development/test dependencies and use it on `debify test`.
|
106
|
+
|
107
|
+
# 1.8.2
|
108
|
+
|
109
|
+
* Install fpm dependency libffi-dev
|
110
|
+
|
111
|
+
# 1.8.1
|
112
|
+
|
113
|
+
* Make Conjur cert available in dockerized debify container
|
114
|
+
* Add a cuke for `debify publish`
|
115
|
+
|
116
|
+
# 1.8.0
|
117
|
+
|
118
|
+
* Added artifactory url option to `debify publish`, defaults to jfrog.io domain
|
119
|
+
* Added artifactory repo option to `debify publish`, defaults to 'debian-private'
|
120
|
+
|
121
|
+
# 1.7.4
|
122
|
+
|
123
|
+
* Fix publishing support in docker-debify
|
124
|
+
|
125
|
+
# 1.7.2
|
126
|
+
|
127
|
+
* Take out a `require 'pry'` that had snuck in.
|
128
|
+
* Fix `publish` subcommand, broken after factoring publish out into a separate action.
|
129
|
+
|
130
|
+
# 1.7.0
|
131
|
+
|
132
|
+
* Read artifactory credentials from the environment
|
133
|
+
(`ARTIFACTORY_USER`, `ARTIFACTORY_PASSWORD`), only contact Conjur if
|
134
|
+
they're not set.
|
135
|
+
|
136
|
+
# 1.6.1
|
137
|
+
|
138
|
+
* Buils a docker image to run debify, convert tests to use it, pipeline build
|
139
|
+
|
140
|
+
# 1.6.0
|
141
|
+
|
142
|
+
* When not on the master branch, `debify publish` uses the branch name as the component name, rather than always using
|
143
|
+
`'testing'`.
|
144
|
+
|
145
|
+
# 1.5.4
|
146
|
+
|
147
|
+
* `debify publish` now checks env var `BRANCH_NAME` as well as `GIT_BRANCH`.
|
148
|
+
Jenkins pipelines use `BRANCH_NAME`, Jenkins jobs use `GIT_BRANCH`.
|
149
|
+
|
150
|
+
# 1.5.3
|
151
|
+
|
152
|
+
* debify now uses `~/.docker/config` auth if pulling an image fails due to auth
|
153
|
+
|
154
|
+
# 1.5.2
|
155
|
+
|
156
|
+
* Use new conjurops variables in `publish` command, fall back to old conjurops
|
157
|
+
|
158
|
+
# 1.5.1
|
159
|
+
|
160
|
+
* Fix the description of the `--version` argument to indicate that the version now comes from the `VERSION` file.
|
161
|
+
|
162
|
+
# 1.5.0
|
163
|
+
|
164
|
+
* Add `detect-version` command.
|
165
|
+
* Read version from VERSION file, if it exists.
|
166
|
+
|
167
|
+
# 1.4.0
|
168
|
+
|
169
|
+
* Add `--port` sandbox option
|
170
|
+
|
171
|
+
# 1.3.1
|
172
|
+
|
173
|
+
* When testing, `docker exec` into the Conjur container to run
|
174
|
+
`/opt/conjur/evoke/bin/wait_for_conjur`.
|
175
|
+
|
176
|
+
# 1.3.0
|
177
|
+
|
178
|
+
* Add `--volumes-from`
|
179
|
+
|
180
|
+
# 1.2.1
|
181
|
+
|
182
|
+
* Fix typo in error message
|
183
|
+
|
184
|
+
# 1.2.0
|
185
|
+
|
186
|
+
* Pin bundler to 1.11.2
|
187
|
+
|
188
|
+
# 1.1.0
|
189
|
+
|
190
|
+
* Minor workflow tweaks, and some changes to work around Docker For Mac issues
|
191
|
+
|
192
|
+
# 1.0.0
|
193
|
+
|
194
|
+
* Base image used for packaging on Ubuntu 14.04
|
195
|
+
* Install ruby2.2 and related packages
|
196
|
+
|
197
|
+
# 0.11.1
|
198
|
+
|
199
|
+
* Add `name` and `Workingdir` options to the sandbox container.
|
200
|
+
|
201
|
+
# 0.11.0
|
202
|
+
|
203
|
+
* Add `debify sandbox`.
|
204
|
+
|
205
|
+
# 0.10.2
|
206
|
+
|
207
|
+
* Fixed publish internal Dockerfile.
|
208
|
+
|
209
|
+
# 0.10.1
|
210
|
+
|
211
|
+
* Run internal containers as privileged if Docker >= 1.10.0.
|
212
|
+
|
213
|
+
# 0.10.0
|
214
|
+
|
215
|
+
* Upgrading Ruby for packaging from 2.0 to 2.2.4.
|
216
|
+
|
217
|
+
# 0.9.2
|
218
|
+
|
219
|
+
* Print messages to stderr instead of stdout during packaging.
|
220
|
+
* Only consider tags matching v*.*.* when determining package version string.
|
221
|
+
|
222
|
+
# 0.9.1
|
223
|
+
|
224
|
+
* Provide the package to purge before installing the new version.
|
225
|
+
|
226
|
+
# 0.9.0
|
227
|
+
|
228
|
+
* Don't nuke the entire existing source install dir, there may be necessary files in there.
|
229
|
+
|
230
|
+
# 0.8.0
|
231
|
+
|
232
|
+
* Remove the need for a 'latest' debian.
|
233
|
+
* Fix bug in the error message for 'detect_version'.
|
234
|
+
* Use a more reliable way to detect the current branch.
|
235
|
+
* `publish` : Remove the default value of the 'component' flag.
|
236
|
+
* `clean` : Don't create a container unless deletions will actually be performed.
|
237
|
+
|
238
|
+
# 0.7.0
|
239
|
+
|
240
|
+
* Add `debify clean`.
|
241
|
+
|
242
|
+
# 0.6.0
|
243
|
+
|
244
|
+
* `package` : Add `--dockerfile` option.
|
245
|
+
* `package` : Ensure that `Gemfile.lock` is in the container.
|
246
|
+
* `test` : Propagate `SSH_AUTH_SOCK` to the container.
|
data/CONTRIBUTING.md
ADDED
@@ -0,0 +1,16 @@
|
|
1
|
+
# Contributing
|
2
|
+
|
3
|
+
For general contribution and community guidelines, please see the [community repo](https://github.com/cyberark/community).
|
4
|
+
|
5
|
+
## Contributing
|
6
|
+
|
7
|
+
1. [Fork the project](https://help.github.com/en/github/getting-started-with-github/fork-a-repo)
|
8
|
+
2. [Clone your fork](https://help.github.com/en/github/creating-cloning-and-archiving-repositories/cloning-a-repository)
|
9
|
+
3. Make local changes to your fork by editing files
|
10
|
+
3. [Commit your changes](https://help.github.com/en/github/managing-files-in-a-repository/adding-a-file-to-a-repository-using-the-command-line)
|
11
|
+
4. [Push your local changes to the remote server](https://help.github.com/en/github/using-git/pushing-commits-to-a-remote-repository)
|
12
|
+
5. [Create new Pull Request](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request-from-a-fork)
|
13
|
+
|
14
|
+
From here your pull request will be reviewed and once you've responded to all
|
15
|
+
feedback it will be merged into the project. Congratulations, you're a
|
16
|
+
contributor!
|
data/Dockerfile
ADDED
@@ -0,0 +1,33 @@
|
|
1
|
+
FROM ruby:3.0
|
2
|
+
|
3
|
+
RUN apt-get update -qq && \
|
4
|
+
apt-get dist-upgrade -qqy && \
|
5
|
+
apt-get install -qqy \
|
6
|
+
apt-transport-https \
|
7
|
+
ca-certificates \
|
8
|
+
curl
|
9
|
+
|
10
|
+
# Install Docker client tools
|
11
|
+
ENV DOCKERVERSION=20.10.0
|
12
|
+
RUN curl -fsSLO https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKERVERSION}.tgz \
|
13
|
+
&& tar xzvf docker-${DOCKERVERSION}.tgz --strip 1 \
|
14
|
+
-C /usr/local/bin docker/docker \
|
15
|
+
&& rm docker-${DOCKERVERSION}.tgz
|
16
|
+
|
17
|
+
RUN mkdir -p /debify
|
18
|
+
WORKDIR /debify
|
19
|
+
|
20
|
+
COPY . ./
|
21
|
+
|
22
|
+
RUN gem install bundler:2.2.30
|
23
|
+
RUN gem build debify.gemspec
|
24
|
+
|
25
|
+
ARG VERSION
|
26
|
+
RUN gem install -N conjur-debify-*.gem
|
27
|
+
|
28
|
+
ARG CONJUR_APPLIANCE_URL
|
29
|
+
ENV CONJUR_APPLIANCE_URL ${CONJUR_APPLIANCE_URL:-https://conjurops.itp.conjur.net}
|
30
|
+
ENV CONJUR_ACCOUNT ${CONJUR_ACCOUNT:-conjur}
|
31
|
+
ENV CONJUR_VERSION ${CONJUR_VERSION:-5}
|
32
|
+
|
33
|
+
ENTRYPOINT ["/debify/distrib/entrypoint.sh"]
|
data/Gemfile
ADDED
data/Jenkinsfile
ADDED
@@ -0,0 +1,116 @@
|
|
1
|
+
#!/usr/bin/env groovy
|
2
|
+
|
3
|
+
// Automated release, promotion and dependencies
|
4
|
+
properties([
|
5
|
+
release.addParams(),
|
6
|
+
dependencies(['cyberark/conjur-base-image'])
|
7
|
+
])
|
8
|
+
|
9
|
+
if (params.MODE == "PROMOTE") {
|
10
|
+
release.promote(params.VERSION_TO_PROMOTE) { sourceVersion, targetVersion, assetDirectory ->
|
11
|
+
sh './publish-rubygem.sh'
|
12
|
+
}
|
13
|
+
return
|
14
|
+
}
|
15
|
+
|
16
|
+
pipeline {
|
17
|
+
agent { label 'executor-v2' }
|
18
|
+
|
19
|
+
options {
|
20
|
+
timestamps()
|
21
|
+
buildDiscarder(logRotator(daysToKeepStr: '30'))
|
22
|
+
}
|
23
|
+
|
24
|
+
triggers {
|
25
|
+
cron(getDailyCronString())
|
26
|
+
}
|
27
|
+
|
28
|
+
environment {
|
29
|
+
MODE = release.canonicalizeMode()
|
30
|
+
}
|
31
|
+
|
32
|
+
stages {
|
33
|
+
stage ("Skip build if triggering job didn't create a release") {
|
34
|
+
when {
|
35
|
+
expression {
|
36
|
+
MODE == "SKIP"
|
37
|
+
}
|
38
|
+
}
|
39
|
+
steps {
|
40
|
+
script {
|
41
|
+
currentBuild.result = 'ABORTED'
|
42
|
+
error("Aborting build because this build was triggered from upstream, but no release was built")
|
43
|
+
}
|
44
|
+
}
|
45
|
+
}
|
46
|
+
stage('Prepare') {
|
47
|
+
steps {
|
48
|
+
// Initialize VERSION file
|
49
|
+
updateVersion("CHANGELOG.md", "${BUILD_NUMBER}")
|
50
|
+
}
|
51
|
+
}
|
52
|
+
stage('Build docker image') {
|
53
|
+
steps {
|
54
|
+
sh './build.sh'
|
55
|
+
}
|
56
|
+
}
|
57
|
+
|
58
|
+
stage('Scan Docker image') {
|
59
|
+
parallel {
|
60
|
+
stage('Scan Docker image for fixable issues') {
|
61
|
+
steps{
|
62
|
+
script {
|
63
|
+
VERSION = sh(returnStdout: true, script: 'cat VERSION')
|
64
|
+
}
|
65
|
+
scanAndReport("debify:${VERSION}", "HIGH", false)
|
66
|
+
}
|
67
|
+
}
|
68
|
+
stage('Scan Docker image for all issues') {
|
69
|
+
steps{
|
70
|
+
script {
|
71
|
+
VERSION = sh(returnStdout: true, script: 'cat VERSION')
|
72
|
+
}
|
73
|
+
scanAndReport("debify:${VERSION}", "NONE", true)
|
74
|
+
}
|
75
|
+
}
|
76
|
+
}
|
77
|
+
}
|
78
|
+
|
79
|
+
stage('Run feature tests') {
|
80
|
+
steps {
|
81
|
+
sh './test.sh'
|
82
|
+
}
|
83
|
+
post { always {
|
84
|
+
junit 'features/reports/*.xml'
|
85
|
+
}}
|
86
|
+
}
|
87
|
+
|
88
|
+
stage('Push Docker image') {
|
89
|
+
steps {
|
90
|
+
sh './tag-image.sh'
|
91
|
+
sh './push-image.sh'
|
92
|
+
}
|
93
|
+
}
|
94
|
+
|
95
|
+
stage('Publish to RubyGems') {
|
96
|
+
when {
|
97
|
+
expression {
|
98
|
+
MODE == "RELEASE"
|
99
|
+
}
|
100
|
+
}
|
101
|
+
|
102
|
+
steps {
|
103
|
+
release {
|
104
|
+
sh './publish-rubygem.sh'
|
105
|
+
sh "cp conjur-debify-*.gem release-assets/."
|
106
|
+
}
|
107
|
+
}
|
108
|
+
}
|
109
|
+
}
|
110
|
+
|
111
|
+
post {
|
112
|
+
always {
|
113
|
+
cleanupAndNotify(currentBuild.currentResult)
|
114
|
+
}
|
115
|
+
}
|
116
|
+
}
|
data/LICENSE.txt
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
Copyright (c) 2022 CyberArk Software Ltd. All rights reserved.
|
2
|
+
|
3
|
+
MIT License
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
6
|
+
a copy of this software and associated documentation files (the
|
7
|
+
"Software"), to deal in the Software without restriction, including
|
8
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
9
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
10
|
+
permit persons to whom the Software is furnished to do so, subject to
|
11
|
+
the following conditions:
|
12
|
+
|
13
|
+
The above copyright notice and this permission notice shall be
|
14
|
+
included in all copies or substantial portions of the Software.
|
15
|
+
|
16
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
17
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
18
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
19
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
20
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
21
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
22
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|