conjur-debify 3.0.0.pre.1118 → 3.0.0

data/features/sandbox.feature

@@ -0,0 +1,23 @@
+@announce-output
+Feature: Running a sandbox
+  Background:
+    Given I successfully run `docker pull registry.tld/conjur-appliance-cuke-master:5.0-stable`
+    # The extra containers will use the `alpine` image, so we need to pull it first on the
+    # host to use the authenticated DockerHub connection. This avoids hitting DockerHub
+    # rate limits.
+    And I successfully run `docker pull nginx`
+
+  Scenario: sandbox for 'example' project be started
+    Given I successfully start a sandbox for "example" with arguments "-t 5.0-stable --no-pull"
+
+  Scenario: sandbox for 'example' project be started linked to another container
+    Given I start a container named "other_host"
+    Then I successfully start a sandbox for "example" with arguments "-t 5.0-stable --no-pull --link other_host -c 'curl -s http://other_host > /dev/null'"
+
+  Scenario: sandbox for 'example' project be started on a network other than the default
+    Given I start a container named "other_host" on network "test-net"
+    Then I successfully start a sandbox for "example" with arguments "-t 5.0-stable --no-pull --net test-net -c 'curl -s http://other_host > /dev/null'"
+
+  Scenario: sandbox for 'example' project be started on a network other than the default with a host aliased
+    Given I start a container named "another_host" on network "test-net"
+    Then I successfully start a sandbox for "example" with arguments "-t 5.0-stable --no-pull --net test-net --link another_host:other_host -c 'curl -s http://other_host > /dev/null'"

data/features/step_definitions/debify_steps.rb

@@ -0,0 +1,29 @@
+
+When /^I get help for "([^"]*)"$/ do |app_name|
+  @app_name = app_name
+  step %(I run `#{app_name} help`)
+end
+
+# Add more step definitions here
+
+When /^I start a container named "(.*?)"(?: on network "(.*?)")*$/ do |name, net_name|
+  if net_name
+    network =  Docker::Network.create(net_name)
+    networks << network
+  end
+  
+  options = {
+    'name' => name,
+    'Image' => 'nginx'
+  }
+  options['HostConfig'] = { 'NetworkMode' => net_name } if net_name
+    
+  container = Docker::Container.create(options)
+  container.start!
+  containers << container
+end
+
+When /^I successfully start a sandbox for "(.*?)" with arguments "(.*?)"$/ do |project, args|
+  step %Q{I successfully run `env DEBUG=true GLI_DEBUG=true debify sandbox -d ../../#{project} #{args}`}
+  containers << Docker::Container.get("#{project}-sandbox")
+end

data/features/support/env.rb

@@ -0,0 +1,12 @@
+require 'aruba/cucumber'
+require 'docker-api'
+
+ENV['PATH'] = "#{File.expand_path(File.dirname(__FILE__) + '/../../bin')}#{File::PATH_SEPARATOR}#{ENV['PATH']}"
+LIB_DIR = File.join(File.expand_path(File.dirname(__FILE__)),'..','..','lib')
+
+Aruba.configure do |config|
+  config.exit_timeout = 1200
+  # not a best practice from aruba's point of view
+  # but the only solution I've found to have docker credentials context
+  config.home_directory = ENV['HOME']
+end

data/features/support/hooks.rb

@@ -0,0 +1,29 @@
+Before do
+  # Using "announce" causes massive warnings on 1.9.2
+  @puts = true
+  @original_rubylib = ENV['RUBYLIB']
+  ENV['RUBYLIB'] = LIB_DIR + File::PATH_SEPARATOR + ENV['RUBYLIB'].to_s
+end
+
+After do
+  ENV['RUBYLIB'] = @original_rubylib
+end
+
+Around do |scenario, block|
+  # Note that self in an Around hook is the instance of the world
+  # (here, a DebifyWorld) for the current scenario.
+  initialize
+  begin
+    block.call
+  ensure
+    unless ENV['KEEP_CONTAINERS']
+      containers.each do |c|
+        c.remove(force: true)
+      end
+      
+      networks.each do |n|
+        n.remove
+      end
+    end
+  end
+end

data/features/support/world.rb

@@ -0,0 +1,10 @@
+module DebifyWorld
+  attr_accessor :containers, :networks
+
+  def initialize
+    @containers = []
+    @networks = []
+  end
+end
+
+World(DebifyWorld)

data/features/test.feature

@@ -0,0 +1,24 @@
+@announce-output
+Feature: Testing
+
+  Background:
+    Given I successfully run `env DEBUG=true GLI_DEBUG=true debify package -d ../../example -v 0.0.1 example -- --post-install /distrib/postinstall.sh`
+
+  Scenario: 'example' project can be tested successfully
+    When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 5.0-stable -v 0.0.1 -d ../../example --no-pull example test.sh`
+    Then the stderr should contain "Test succeeded"
+
+  Scenario: 'example' project can be tested when linked to another container
+    Given I start a container named "other_host"
+    When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 5.0-stable -v 0.0.1 -d ../../example --no-pull --link other_host example net-test.sh`
+    Then the stderr should contain "Test succeeded"
+
+  Scenario: 'example' project can be tested on a network other than the default
+    Given I start a container named "other_host" on network "test-net"
+    When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 5.0-stable -v 0.0.1 -d ../../example --no-pull --net test-net example net-test.sh`
+    Then the stderr should contain "Test succeeded"
+
+  Scenario: 'example' project can be tested on a network other than the default with a host aliased
+    Given I start a container named "another_host" on network "test-net"
+    When I successfully run `env DEBUG=true GLI_DEBUG=true debify test -t 5.0-stable -v 0.0.1 -d ../../example --no-pull --link another_host:other_host --net test-net example net-test.sh`
+    Then the stderr should contain "Test succeeded"

data/image-tags

@@ -0,0 +1,23 @@
+#!/bin/bash -e
+
+: ${BRANCH_NAME:=$(git symbolic-ref --short HEAD)}
+
+show_master_tags() {
+  IFS=. read MAJOR MINOR PATCH <<< "$(<VERSION)"
+  TAG="$MAJOR.$MINOR.$PATCH"
+  echo "latest $TAG $MAJOR.$MINOR"
+}
+
+show_branch_tags() {
+  # tail and tr, to remove the grottiness from the detect-version
+  # output
+  local version="$(DEBIFY_IMAGE=debify:$(<VERSION) ./docker-debify detect-version | tail -1 | tr -d '\r')"
+  
+  echo "$BRANCH_NAME $version"
+}
+
+if [[ "$BRANCH_NAME" == "master" ]]; then
+  show_master_tags
+else
+  show_branch_tags
+fi

data/lib/conjur/debify/Dockerfile.fpm

@@ -0,0 +1,13 @@
+FROM @@image@@
+
+RUN mkdir -p /src/opt/conjur/project
+
+WORKDIR /src/opt/conjur/project
+
+COPY Gemfile ./
+COPY Gemfile.lock ./
+
+COPY . .
+ADD debify.sh /
+
+WORKDIR /src

data/lib/conjur/debify/action/publish.rb

@@ -0,0 +1,136 @@
+module Conjur::Debify
+  module Action
+    class Publish
+
+      def detect_component
+        branch = ENV['GIT_BRANCH'] || ENV['BRANCH_NAME'] || `git rev-parse --abbrev-ref HEAD`.strip
+        if %w(master origin/master).include?(branch)
+          'stable'
+        else
+          branch.gsub('/', '.')
+        end
+      end
+
+      attr_reader :distribution, :project_name, :cmd_options
+      def initialize(distribution, project_name, cmd_options)
+        @distribution = distribution
+        @project_name = project_name
+        @cmd_options = cmd_options
+      end
+
+      def run
+        dir = cmd_options[:dir] || '.'
+        dir = File.expand_path(dir)
+        raise "Directory #{dir} does not exist or is not a directory" unless File.directory?(dir)
+
+        Dir.chdir dir do
+          version = cmd_options[:version] || detect_version
+
+          publish_image = create_image
+          DebugMixin.debug_write "Built base publish image '#{publish_image.id}'\n"
+
+          art_url = cmd_options[:url]
+          deb_art_repo = cmd_options[:repo]
+
+          art_user = ENV['ARTIFACTORY_USER']
+          art_password = ENV['ARTIFACTORY_PASSWORD']
+          unless art_user && art_password
+            art_user, art_password = fetch_art_creds
+          end
+
+          # Publish deb package
+          component = cmd_options[:component] || detect_component
+          deb_info = "#{distribution}/#{component}/amd64"
+          package_name = "conjur-#{project_name}_#{version}_amd64.deb"
+          publish_package(
+            publish_image: publish_image,
+            art_url: art_url,
+            art_user: art_user,
+            art_password: art_password,
+            art_repo: deb_art_repo,
+            package_name: package_name,
+            dir: dir,
+            deb_info: deb_info
+          )
+
+          # Publish RPM package
+          # The rpm builder replaces dashes with underscores in the version
+          rpm_version = version.tr('-', '_')
+          package_name = "conjur-#{project_name}-#{rpm_version}-1.x86_64.rpm"
+          rpm_art_repo = cmd_options['rpm-repo']
+          publish_package(
+            publish_image: publish_image,
+            art_url: art_url,
+            art_user: art_user,
+            art_password: art_password,
+            art_repo: rpm_art_repo,
+            package_name: package_name,
+            dir: dir
+          )
+        end
+      end
+
+      def create_image
+        Docker::Image.build_from_dir File.expand_path('../../publish', File.dirname(__FILE__)), tag: "debify-publish", &DebugMixin::DOCKER
+      end
+
+      def fetch_art_creds
+        require 'conjur/cli'
+        require 'conjur/authn'
+        Conjur::Config.load
+        Conjur::Config.apply
+        conjur = Conjur::Authn.connect nil, noask: true
+
+        account = Conjur.configuration.account
+        username_var = [account, "variable", "ci/artifactory/users/jenkins/username"].join(':')
+        password_var = [account, "variable", 'ci/artifactory/users/jenkins/password'].join(':')
+        [conjur.resource(username_var).value, conjur.resource(password_var).value]
+      end
+
+      def publish_package(
+        publish_image:,
+        art_url:,
+        art_user:,
+        art_password:,
+        art_repo:,
+        package_name:,
+        dir:,
+        deb_info: nil
+      )
+
+        cmd_args = [
+          "jfrog", "rt", "upload",
+          "--url", art_url,
+          "--user", art_user,
+          "--password", art_password,
+        ]
+
+        cmd_args += ["--deb", deb_info] if deb_info
+        cmd_args += [package_name, "#{art_repo}/"]
+
+        options = {
+          'Image' => publish_image.id,
+          'Cmd' => cmd_args,
+          'Binds' => [
+            [ dir, "/src" ].join(':')
+          ]
+        }
+        options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
+
+        publish(options)
+      end
+
+      def publish(options)
+        container = Docker::Container.create(options)
+        begin
+          container.tap(&:start!).streaming_logs(follow: true, stdout: true, stderr: true) { |stream, chunk| puts "#{chunk}" }
+          status = container.wait
+          raise "Failed to publish package" unless status['StatusCode'] == 0
+        ensure
+          container.delete(force: true)
+        end
+      end
+
+    end
+  end
+end

data/lib/conjur/debify/utils.rb

@@ -0,0 +1,16 @@
+require 'rubygems/package'
+
+module Conjur::Debify::Utils
+  module_function
+
+  # copy a file from container to the current working directory
+  def copy_from_container container, path
+    tar = StringIO.new
+    container.archive_out(path) { |chunk| tar.write chunk }
+    tar.rewind
+    Gem::Package::TarReader.new(tar).each do |entry|
+      File.write entry.full_name, entry.read
+    end
+  end
+end
+

data/lib/conjur/debify/version.rb

@@ -0,0 +1,5 @@
+module Conjur
+  module Debify
+    VERSION = File.read(File.expand_path('../../../VERSION', __dir__))
+  end
+end