conjur-debify 3.0.0.pre.1118 → 3.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.dockerignore +1 -0
- data/.gitignore +22 -0
- data/.project +18 -0
- data/.rvmrc +60 -0
- data/CHANGELOG.md +246 -0
- data/CONTRIBUTING.md +16 -0
- data/Dockerfile +33 -0
- data/Gemfile +2 -0
- data/Jenkinsfile +116 -0
- data/LICENSE.txt +22 -0
- data/README.md +303 -0
- data/Rakefile +75 -0
- data/VERSION +1 -1
- data/bin/debify +5 -0
- data/build.sh +8 -0
- data/ci/test.sh +8 -0
- data/debify.gemspec +36 -0
- data/distrib/conjur_creds.rb +7 -0
- data/distrib/docker-debify +50 -0
- data/distrib/entrypoint.sh +19 -0
- data/distrib/script +1 -0
- data/distrib/secrets +1 -0
- data/distrib/secrets.yml +2 -0
- data/example/Gemfile +9 -0
- data/example/Gemfile.lock +32 -0
- data/example/debify.sh +3 -0
- data/example/distrib/postinstall.sh +8 -0
- data/example/docker-compose.yml +11 -0
- data/example/net-test.sh +7 -0
- data/example/test.sh +4 -0
- data/features/detect_version.feature +12 -0
- data/features/package.feature +23 -0
- data/features/sandbox.feature +23 -0
- data/features/step_definitions/debify_steps.rb +29 -0
- data/features/support/env.rb +12 -0
- data/features/support/hooks.rb +29 -0
- data/features/support/world.rb +10 -0
- data/features/test.feature +24 -0
- data/image-tags +23 -0
- data/lib/conjur/debify/Dockerfile.fpm +13 -0
- data/lib/conjur/debify/action/publish.rb +136 -0
- data/lib/conjur/debify/utils.rb +16 -0
- data/lib/conjur/debify/version.rb +5 -0
- data/lib/conjur/debify.rb +850 -0
- data/lib/conjur/fpm/Dockerfile +26 -0
- data/lib/conjur/fpm/debify_utils.sh +32 -0
- data/lib/conjur/fpm/package.sh +107 -0
- data/lib/conjur/publish/Dockerfile +5 -0
- data/publish-rubygem.sh +10 -0
- data/push-image.sh +6 -0
- data/secrets.yml +3 -0
- data/spec/action/publish_spec.rb +54 -0
- data/spec/data/Makefile +5 -0
- data/spec/data/test.tar +0 -0
- data/spec/debify_utils_spec.rb +55 -0
- data/spec/spec_helper.rb +1 -0
- data/spec/utils_spec.rb +22 -0
- data/tag-image.sh +6 -0
- data/test.sh +6 -0
- metadata +80 -7
@@ -0,0 +1,23 @@
|
|
1
|
+
@announce-output
|
2
|
+
Feature: Running a sandbox
|
3
|
+
Background:
|
4
|
+
Given I successfully run `docker pull registry.tld/conjur-appliance-cuke-master:5.0-stable`
|
5
|
+
# The extra containers will use the `alpine` image, so we need to pull it first on the
|
6
|
+
# host to use the authenticated DockerHub connection. This avoids hitting DockerHub
|
7
|
+
# rate limits.
|
8
|
+
And I successfully run `docker pull nginx`
|
9
|
+
|
10
|
+
Scenario: sandbox for 'example' project be started
|
11
|
+
Given I successfully start a sandbox for "example" with arguments "-t 5.0-stable --no-pull"
|
12
|
+
|
13
|
+
Scenario: sandbox for 'example' project be started linked to another container
|
14
|
+
Given I start a container named "other_host"
|
15
|
+
Then I successfully start a sandbox for "example" with arguments "-t 5.0-stable --no-pull --link other_host -c 'curl -s http://other_host > /dev/null'"
|
16
|
+
|
17
|
+
Scenario: sandbox for 'example' project be started on a network other than the default
|
18
|
+
Given I start a container named "other_host" on network "test-net"
|
19
|
+
Then I successfully start a sandbox for "example" with arguments "-t 5.0-stable --no-pull --net test-net -c 'curl -s http://other_host > /dev/null'"
|
20
|
+
|
21
|
+
Scenario: sandbox for 'example' project be started on a network other than the default with a host aliased
|
22
|
+
Given I start a container named "another_host" on network "test-net"
|
23
|
+
Then I successfully start a sandbox for "example" with arguments "-t 5.0-stable --no-pull --net test-net --link another_host:other_host -c 'curl -s http://other_host > /dev/null'"
|
@@ -0,0 +1,29 @@
|
|
1
|
+
|
2
|
+
When /^I get help for "([^"]*)"$/ do |app_name|
|
3
|
+
@app_name = app_name
|
4
|
+
step %(I run `#{app_name} help`)
|
5
|
+
end
|
6
|
+
|
7
|
+
# Add more step definitions here
|
8
|
+
|
9
|
+
When /^I start a container named "(.*?)"(?: on network "(.*?)")*$/ do |name, net_name|
|
10
|
+
if net_name
|
11
|
+
network = Docker::Network.create(net_name)
|
12
|
+
networks << network
|
13
|
+
end
|
14
|
+
|
15
|
+
options = {
|
16
|
+
'name' => name,
|
17
|
+
'Image' => 'nginx'
|
18
|
+
}
|
19
|
+
options['HostConfig'] = { 'NetworkMode' => net_name } if net_name
|
20
|
+
|
21
|
+
container = Docker::Container.create(options)
|
22
|
+
container.start!
|
23
|
+
containers << container
|
24
|
+
end
|
25
|
+
|
26
|
+
When /^I successfully start a sandbox for "(.*?)" with arguments "(.*?)"$/ do |project, args|
|
27
|
+
step %Q{I successfully run `env DEBUG=true GLI_DEBUG=true debify sandbox -d ../../#{project} #{args}`}
|
28
|
+
containers << Docker::Container.get("#{project}-sandbox")
|
29
|
+
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
require 'aruba/cucumber'
|
2
|
+
require 'docker-api'
|
3
|
+
|
4
|
+
ENV['PATH'] = "#{File.expand_path(File.dirname(__FILE__) + '/../../bin')}#{File::PATH_SEPARATOR}#{ENV['PATH']}"
|
5
|
+
LIB_DIR = File.join(File.expand_path(File.dirname(__FILE__)),'..','..','lib')
|
6
|
+
|
7
|
+
Aruba.configure do |config|
|
8
|
+
config.exit_timeout = 1200
|
9
|
+
# not a best practice from aruba's point of view
|
10
|
+
# but the only solution I've found to have docker credentials context
|
11
|
+
config.home_directory = ENV['HOME']
|
12
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
Before do
|
2
|
+
# Using "announce" causes massive warnings on 1.9.2
|
3
|
+
@puts = true
|
4
|
+
@original_rubylib = ENV['RUBYLIB']
|
5
|
+
ENV['RUBYLIB'] = LIB_DIR + File::PATH_SEPARATOR + ENV['RUBYLIB'].to_s
|
6
|
+
end
|
7
|
+
|
8
|
+
After do
|
9
|
+
ENV['RUBYLIB'] = @original_rubylib
|
10
|
+
end
|
11
|
+
|
12
|
+
Around do |scenario, block|
|
13
|
+
# Note that self in an Around hook is the instance of the world
|
14
|
+
# (here, a DebifyWorld) for the current scenario.
|
15
|
+
initialize
|
16
|
+
begin
|
17
|
+
block.call
|
18
|
+
ensure
|
19
|
+
unless ENV['KEEP_CONTAINERS']
|
20
|
+
containers.each do |c|
|
21
|
+
c.remove(force: true)
|
22
|
+
end
|
23
|
+
|
24
|
+
networks.each do |n|
|
25
|
+
n.remove
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
@announce-output
|
2
|
+
Feature: Testing
|
3
|
+
|
4
|
+
Background:
|
5
|
+
Given I successfully run `env DEBUG=true GLI_DEBUG=true debify package -d ../../example -v 0.0.1 example -- --post-install /distrib/postinstall.sh`
|
6
|
+
|
7
|
+
Scenario: 'example' project can be tested successfully
|
8
|
+
When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 5.0-stable -v 0.0.1 -d ../../example --no-pull example test.sh`
|
9
|
+
Then the stderr should contain "Test succeeded"
|
10
|
+
|
11
|
+
Scenario: 'example' project can be tested when linked to another container
|
12
|
+
Given I start a container named "other_host"
|
13
|
+
When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 5.0-stable -v 0.0.1 -d ../../example --no-pull --link other_host example net-test.sh`
|
14
|
+
Then the stderr should contain "Test succeeded"
|
15
|
+
|
16
|
+
Scenario: 'example' project can be tested on a network other than the default
|
17
|
+
Given I start a container named "other_host" on network "test-net"
|
18
|
+
When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 5.0-stable -v 0.0.1 -d ../../example --no-pull --net test-net example net-test.sh`
|
19
|
+
Then the stderr should contain "Test succeeded"
|
20
|
+
|
21
|
+
Scenario: 'example' project can be tested on a network other than the default with a host aliased
|
22
|
+
Given I start a container named "another_host" on network "test-net"
|
23
|
+
When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 5.0-stable -v 0.0.1 -d ../../example --no-pull --link another_host:other_host --net test-net example net-test.sh`
|
24
|
+
Then the stderr should contain "Test succeeded"
|
data/image-tags
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
#!/bin/bash -e
|
2
|
+
|
3
|
+
: ${BRANCH_NAME:=$(git symbolic-ref --short HEAD)}
|
4
|
+
|
5
|
+
show_master_tags() {
|
6
|
+
IFS=. read MAJOR MINOR PATCH <<< "$(<VERSION)"
|
7
|
+
TAG="$MAJOR.$MINOR.$PATCH"
|
8
|
+
echo "latest $TAG $MAJOR.$MINOR"
|
9
|
+
}
|
10
|
+
|
11
|
+
show_branch_tags() {
|
12
|
+
# tail and tr, to remove the grottiness from the detect-version
|
13
|
+
# output
|
14
|
+
local version="$(DEBIFY_IMAGE=debify:$(<VERSION) ./docker-debify detect-version | tail -1 | tr -d '\r')"
|
15
|
+
|
16
|
+
echo "$BRANCH_NAME $version"
|
17
|
+
}
|
18
|
+
|
19
|
+
if [[ "$BRANCH_NAME" == "master" ]]; then
|
20
|
+
show_master_tags
|
21
|
+
else
|
22
|
+
show_branch_tags
|
23
|
+
fi
|
@@ -0,0 +1,136 @@
|
|
1
|
+
module Conjur::Debify
|
2
|
+
module Action
|
3
|
+
class Publish
|
4
|
+
|
5
|
+
def detect_component
|
6
|
+
branch = ENV['GIT_BRANCH'] || ENV['BRANCH_NAME'] || `git rev-parse --abbrev-ref HEAD`.strip
|
7
|
+
if %w(master origin/master).include?(branch)
|
8
|
+
'stable'
|
9
|
+
else
|
10
|
+
branch.gsub('/', '.')
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
attr_reader :distribution, :project_name, :cmd_options
|
15
|
+
def initialize(distribution, project_name, cmd_options)
|
16
|
+
@distribution = distribution
|
17
|
+
@project_name = project_name
|
18
|
+
@cmd_options = cmd_options
|
19
|
+
end
|
20
|
+
|
21
|
+
def run
|
22
|
+
dir = cmd_options[:dir] || '.'
|
23
|
+
dir = File.expand_path(dir)
|
24
|
+
raise "Directory #{dir} does not exist or is not a directory" unless File.directory?(dir)
|
25
|
+
|
26
|
+
Dir.chdir dir do
|
27
|
+
version = cmd_options[:version] || detect_version
|
28
|
+
|
29
|
+
publish_image = create_image
|
30
|
+
DebugMixin.debug_write "Built base publish image '#{publish_image.id}'\n"
|
31
|
+
|
32
|
+
art_url = cmd_options[:url]
|
33
|
+
deb_art_repo = cmd_options[:repo]
|
34
|
+
|
35
|
+
art_user = ENV['ARTIFACTORY_USER']
|
36
|
+
art_password = ENV['ARTIFACTORY_PASSWORD']
|
37
|
+
unless art_user && art_password
|
38
|
+
art_user, art_password = fetch_art_creds
|
39
|
+
end
|
40
|
+
|
41
|
+
# Publish deb package
|
42
|
+
component = cmd_options[:component] || detect_component
|
43
|
+
deb_info = "#{distribution}/#{component}/amd64"
|
44
|
+
package_name = "conjur-#{project_name}_#{version}_amd64.deb"
|
45
|
+
publish_package(
|
46
|
+
publish_image: publish_image,
|
47
|
+
art_url: art_url,
|
48
|
+
art_user: art_user,
|
49
|
+
art_password: art_password,
|
50
|
+
art_repo: deb_art_repo,
|
51
|
+
package_name: package_name,
|
52
|
+
dir: dir,
|
53
|
+
deb_info: deb_info
|
54
|
+
)
|
55
|
+
|
56
|
+
# Publish RPM package
|
57
|
+
# The rpm builder replaces dashes with underscores in the version
|
58
|
+
rpm_version = version.tr('-', '_')
|
59
|
+
package_name = "conjur-#{project_name}-#{rpm_version}-1.x86_64.rpm"
|
60
|
+
rpm_art_repo = cmd_options['rpm-repo']
|
61
|
+
publish_package(
|
62
|
+
publish_image: publish_image,
|
63
|
+
art_url: art_url,
|
64
|
+
art_user: art_user,
|
65
|
+
art_password: art_password,
|
66
|
+
art_repo: rpm_art_repo,
|
67
|
+
package_name: package_name,
|
68
|
+
dir: dir
|
69
|
+
)
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
def create_image
|
74
|
+
Docker::Image.build_from_dir File.expand_path('../../publish', File.dirname(__FILE__)), tag: "debify-publish", &DebugMixin::DOCKER
|
75
|
+
end
|
76
|
+
|
77
|
+
def fetch_art_creds
|
78
|
+
require 'conjur/cli'
|
79
|
+
require 'conjur/authn'
|
80
|
+
Conjur::Config.load
|
81
|
+
Conjur::Config.apply
|
82
|
+
conjur = Conjur::Authn.connect nil, noask: true
|
83
|
+
|
84
|
+
account = Conjur.configuration.account
|
85
|
+
username_var = [account, "variable", "ci/artifactory/users/jenkins/username"].join(':')
|
86
|
+
password_var = [account, "variable", 'ci/artifactory/users/jenkins/password'].join(':')
|
87
|
+
[conjur.resource(username_var).value, conjur.resource(password_var).value]
|
88
|
+
end
|
89
|
+
|
90
|
+
def publish_package(
|
91
|
+
publish_image:,
|
92
|
+
art_url:,
|
93
|
+
art_user:,
|
94
|
+
art_password:,
|
95
|
+
art_repo:,
|
96
|
+
package_name:,
|
97
|
+
dir:,
|
98
|
+
deb_info: nil
|
99
|
+
)
|
100
|
+
|
101
|
+
cmd_args = [
|
102
|
+
"jfrog", "rt", "upload",
|
103
|
+
"--url", art_url,
|
104
|
+
"--user", art_user,
|
105
|
+
"--password", art_password,
|
106
|
+
]
|
107
|
+
|
108
|
+
cmd_args += ["--deb", deb_info] if deb_info
|
109
|
+
cmd_args += [package_name, "#{art_repo}/"]
|
110
|
+
|
111
|
+
options = {
|
112
|
+
'Image' => publish_image.id,
|
113
|
+
'Cmd' => cmd_args,
|
114
|
+
'Binds' => [
|
115
|
+
[ dir, "/src" ].join(':')
|
116
|
+
]
|
117
|
+
}
|
118
|
+
options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
|
119
|
+
|
120
|
+
publish(options)
|
121
|
+
end
|
122
|
+
|
123
|
+
def publish(options)
|
124
|
+
container = Docker::Container.create(options)
|
125
|
+
begin
|
126
|
+
container.tap(&:start!).streaming_logs(follow: true, stdout: true, stderr: true) { |stream, chunk| puts "#{chunk}" }
|
127
|
+
status = container.wait
|
128
|
+
raise "Failed to publish package" unless status['StatusCode'] == 0
|
129
|
+
ensure
|
130
|
+
container.delete(force: true)
|
131
|
+
end
|
132
|
+
end
|
133
|
+
|
134
|
+
end
|
135
|
+
end
|
136
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
require 'rubygems/package'
|
2
|
+
|
3
|
+
module Conjur::Debify::Utils
|
4
|
+
module_function
|
5
|
+
|
6
|
+
# copy a file from container to the current working directory
|
7
|
+
def copy_from_container container, path
|
8
|
+
tar = StringIO.new
|
9
|
+
container.archive_out(path) { |chunk| tar.write chunk }
|
10
|
+
tar.rewind
|
11
|
+
Gem::Package::TarReader.new(tar).each do |entry|
|
12
|
+
File.write entry.full_name, entry.read
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|