conjur-debify 3.0.0.pre.1118 → 3.0.1.pre.1548

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a477b1d5eb552ad42a02db1bf54985f3aa2ffb74253e99e943fb6954aaa1d37e
-  data.tar.gz: 4a5c3b5c04127b073ef2af8f097be3cbf01f4862ea789a165f84022e433aa456
+  metadata.gz: b2b4706902ad9370c0c8dcca46472dca0c538681812769ee851337d1bac23192
+  data.tar.gz: da34f61ddbd9eb2bc7e810b9ebf10b19b512c4e28c6c59f774fd123a4c96c258
 SHA512:
-  metadata.gz: 7e73b60e3fcac8d8934377bec39e9b146cd83f7d46ed27b31161af6085040d715681bfe5ca2a32e951ea846e2b368647e57fd49c770f3535fdf3f135c32bafcb
-  data.tar.gz: 9a5fe1eead6f3be6161984c04b1c6e01edf4e1a2a438d4b7d98e17653717287d3ac072df5b075c2c001c9bbb1472e7c0ba2186ff17665094c4cefcec470f2111
+  metadata.gz: a5880ce1f71328565101141fba09347e2758f3275a6cb35432c53ff3fba74d8cd1fa2dc05b34aa74a188dcd50b3593a0299f0708d8f289655a21657cff189f71
+  data.tar.gz: e2e1fa0b497dffffeee4ba45a284b133322cca8e2bdee5b1348f948cf1303042053f0a7a0eb2b9a7faac03206f75d15cf48ce06791b1d85868e18556d205b7f9

data/.dockerignore

@@ -0,0 +1 @@
+Gemfile.lock

data/.gitignore

@@ -0,0 +1,22 @@
+.idea
+features/reports
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+VERSION
+results.html
+mkmf.log
+*.deb
+*.rpm
+*.gem
+docker-debify

data/.project

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>debify</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>com.aptana.ide.core.unifiedBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>com.aptana.ruby.core.rubynature</nature>
+		<nature>com.aptana.projects.webnature</nature>
+	</natures>
+</projectDescription>

data/.rvmrc

@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+
+# This is an RVM Project .rvmrc file, used to automatically load the ruby
+# development environment upon cd'ing into the directory
+
+# First we specify our desired <ruby>[@<gemset>], the @gemset name is optional,
+# Only full ruby name is supported here, for short names use:
+#     echo "rvm use 2.2.4@debify" > .rvmrc
+environment_id="ruby-2.2.4@debify"
+
+# Uncomment the following lines if you want to verify rvm version per project
+# rvmrc_rvm_version="1.26.11 (latest)" # 1.10.1 seems like a safe start
+# eval "$(echo ${rvm_version}.${rvmrc_rvm_version} | __rvm_awk -F. '{print "[[ "$1*65536+$2*256+$3" -ge "$4*65536+$5*256+$6" ]]"}' )" || {
+#   echo "This .rvmrc file requires at least RVM ${rvmrc_rvm_version}, aborting loading."
+#   return 1
+# }
+
+# First we attempt to load the desired environment directly from the environment
+# file. This is very fast and efficient compared to running through the entire
+# CLI and selector. If you want feedback on which environment was used then
+# insert the word 'use' after --create as this triggers verbose mode.
+if [[ -d "${rvm_path:-$HOME/.rvm}/environments"
+  && -s "${rvm_path:-$HOME/.rvm}/environments/$environment_id" ]]
+then
+  \. "${rvm_path:-$HOME/.rvm}/environments/$environment_id"
+  for __hook in "${rvm_path:-$HOME/.rvm}/hooks/after_use"*
+  do
+    if [[ -f "${__hook}" && -x "${__hook}" && -s "${__hook}" ]]
+    then \. "${__hook}" || true
+    fi
+  done
+  unset __hook
+  if (( ${rvm_use_flag:=1} >= 2 )) # display only when forced
+  then
+    if [[ $- == *i* ]] # check for interactive shells
+    then printf "%b" "Using: $(tput setaf 2 2>/dev/null)$GEM_HOME$(tput sgr0 2>/dev/null)\n" # show the user the ruby and gemset they are using in green
+    else printf "%b" "Using: $GEM_HOME\n" # don't use colors in non-interactive shells
+    fi
+  fi
+else
+  # If the environment file has not yet been created, use the RVM CLI to select.
+  rvm --create  "$environment_id" || {
+    echo "Failed to create RVM environment '${environment_id}'."
+    return 1
+  }
+fi
+
+# If you use bundler, this might be useful to you:
+# if [[ -s Gemfile ]] && {
+#   ! builtin command -v bundle >/dev/null ||
+#   builtin command -v bundle | GREP_OPTIONS="" \command \grep $rvm_path/bin/bundle >/dev/null
+# }
+# then
+#   printf "%b" "The rubygem 'bundler' is not installed. Installing it now.\n"
+#   gem install bundler
+# fi
+# if [[ -s Gemfile ]] && builtin command -v bundle >/dev/null
+# then
+#   bundle install | GREP_OPTIONS="" \command \grep -vE '^Using|Your bundle is complete'
+# fi

data/CHANGELOG.md

@@ -0,0 +1,255 @@
+## [3.0.1]
+### Changed
+
+- Supply debian distribution to fpm
+
+### Fixed
+
+- Fixed publish-rubygems.sh by using git safe directory
+
+## [3.0.0]
+### Changed
+
+- Upgrade ruby version to 3.0.
+- Bump `cucumber` gem to 7.1.
+- Bump `conjur-api` gem to 5.3.7.
+- Bump `conjur-cli` gem to 6.2.6.
+- Bump `aruba` gem to 2.0.
+- Bump `jfrog-cli` to :latest.
+
+## [2.1.1]
+### Changed
+
+- Update to use automated release process
+
+# 2.1.0
+### Changed
+
+- Refine bundler related steps in `debify package` flow: only `package.sh` file configures
+  and invokes bundler. `Dockerfile.fpm` only copies files and adjusts folder structure.
+- Remove bundler 1.* support 
+
+# 2.0.0
+### Changed
+- Debify now receives the flag `--output` as input to indicate the file type that it should package (e.g `rpm`). If this 
+  flag is not given, the default value is `deb`.
+  [conjurinc/debify#56](https://github.com/conjurinc/debify/issues/56)
+
+# 1.12.0
+
+### Added
+- Debify now packages and publishes an RPM file, alongside a debian file.
+  [conjurinc/debify#49](https://github.com/conjurinc/debify/pull/49)
+- `debify package` now offers an `--additional-files` flag to provide a comma
+  separated list of files to include in the FPM build that are not provided
+  automatically by `git ls-files`.
+  [conjurinc/debify#52](https://github.com/conjurinc/debify/pull/52)
+
+### Fixed
+- Bug causing `all` files in the git repo to be added to the debian file.
+  [conjurinc/debify#50](https://github.com/conjurinc/debify/pull/50)
+
+# 1.11.5
+
+### Changed
+* Updated FPM and Test images to use a base image with FIPS-compliant Ruby and OpenSSL.
+
+# 1.11.4
+
+* Updated sandbox password to match Conjur password complexity requirements.
+
+# 1.11.3
+
+* Reverted to `bundler` v1. `bundler` v2 was creating incompatible paths for downstream
+  packages.
+* Made FPM Ruby version use `ruby2.5` instead of `ruby2.6` since that is what
+  our appliance image uses otherwise the gems bundled in the packages are unusable.
+
+# 1.11.2
+
+* Upgraded to use Ruby 2.6 and latest version of FPM
+* Update Conjur Dockerfile from Ubuntu 14.04 --> 18.04 as 14.04 repos
+  are now behind a [pay wall](https://ubuntu.com/blog/ubuntu-14-04-esm-support)
+  Ruby is installed from `ppa:brightbox/ruby-ng` however that PPA
+  [doesn't currently supply ruby2.2 for Ubuntu 18.04](https://launchpad.net/~brightbox/+archive/ubuntu/ruby-ng?field.series_filter=bionic). [The documentation](https://www.brightbox.com/docs/ruby/ubuntu/)
+  suggests this combination is available, so it may be a temporary problem.
+  To work around the problem, ruby is bumped from 2.2 to 2.3 as 2.3 is the oldest
+  version available for Ubuntu 18.04.
+
+# 1.11.1
+
+* Upgrade `docker-debify` to use Ruby 2.6.
+
+# 1.11.0
+
+* Use a Docker env-file (docker.env, by default) to pass environment
+  variables to the debify container.
+
+* Make sure `--env` variables get passed along to the Conjur container when testing, too.
+
+# 1.10.3
+
+* Fix a bug causing duplicate files between normal and dev packages when a file name contained a space.
+
+# 1.10.2
+
+* Pin `ruby-xz` gem in fpm Dockerfile, so it works on Ruby 2.2. Upstream issue: https://github.com/jordansissel/fpm/issues/1493
+
+# 1.10.1
+
+* Update fpm container to use Ruby 2.4, fixes `ruby-xz` dependency
+
+# 1.10.0
+
+* add `--net` support to `test` and `sandbox` subcommands
+* Use Docker::Container.start! to start containers, to avoid
+  swallowing important errors.
+
+# 1.9.1
+
+* Make sure .bundle/config in the 'main' package excludes test and development groups.
+
+# 1.9.0
+
+* Build -dev package with development/test dependencies and use it on `debify test`.
+
+# 1.8.2
+
+* Install fpm dependency libffi-dev
+
+# 1.8.1
+
+* Make Conjur cert available in dockerized debify container
+* Add a cuke for `debify publish`
+
+# 1.8.0
+
+* Added artifactory url option to `debify publish`, defaults to jfrog.io domain
+* Added artifactory repo option to `debify publish`, defaults to 'debian-private'
+
+# 1.7.4
+
+* Fix publishing support in docker-debify
+
+# 1.7.2
+
+* Take out a `require 'pry'` that had snuck in.
+* Fix `publish` subcommand, broken after factoring publish out into a separate action.
+
+# 1.7.0
+
+* Read artifactory credentials from the environment
+  (`ARTIFACTORY_USER`, `ARTIFACTORY_PASSWORD`), only contact Conjur if
+  they're not set.
+
+# 1.6.1
+
+* Buils a docker image to run debify, convert tests to use it, pipeline build
+
+# 1.6.0
+
+* When not on the master branch, `debify publish` uses the branch name as the component name, rather than always using
+  `'testing'`.
+
+# 1.5.4
+
+* `debify publish` now checks env var `BRANCH_NAME` as well as `GIT_BRANCH`.
+  Jenkins pipelines use `BRANCH_NAME`, Jenkins jobs use `GIT_BRANCH`.
+
+# 1.5.3
+
+* debify now uses `~/.docker/config` auth if pulling an image fails due to auth
+
+# 1.5.2
+
+* Use new conjurops variables in `publish` command, fall back to old conjurops
+
+# 1.5.1
+
+* Fix the description of the `--version` argument to indicate that the version now comes from the `VERSION` file.
+
+# 1.5.0
+
+* Add `detect-version` command.
+* Read version from VERSION file, if it exists.
+
+# 1.4.0
+
+* Add `--port` sandbox option
+
+# 1.3.1
+
+* When testing, `docker exec` into the Conjur container to run
+  `/opt/conjur/evoke/bin/wait_for_conjur`.
+
+# 1.3.0
+
+* Add `--volumes-from`
+
+# 1.2.1
+
+* Fix typo in error message
+
+# 1.2.0
+
+* Pin bundler to 1.11.2
+
+# 1.1.0
+
+* Minor workflow tweaks, and some changes to work around Docker For Mac issues
+
+# 1.0.0
+
+* Base image used for packaging on Ubuntu 14.04
+* Install ruby2.2 and related packages
+
+# 0.11.1
+
+* Add `name` and `Workingdir` options to the sandbox container.
+
+# 0.11.0
+
+* Add `debify sandbox`.
+
+# 0.10.2
+
+* Fixed publish internal Dockerfile.
+
+# 0.10.1
+
+* Run internal containers as privileged if Docker >= 1.10.0.
+
+# 0.10.0
+
+* Upgrading Ruby for packaging from 2.0 to 2.2.4.
+
+# 0.9.2
+
+* Print messages to stderr instead of stdout during packaging.
+* Only consider tags matching v*.*.* when determining package version string.
+
+# 0.9.1
+
+* Provide the package to purge before installing the new version.
+
+# 0.9.0
+
+* Don't nuke the entire existing source install dir, there may be necessary files in there.
+
+# 0.8.0
+
+* Remove the need for a 'latest' debian.
+* Fix bug in the error message for 'detect_version'.
+* Use a more reliable way to detect the current branch.
+* `publish` : Remove the default value of the 'component' flag.
+* `clean` : Don't create a container unless deletions will actually be performed.
+
+# 0.7.0
+
+* Add `debify clean`.
+
+# 0.6.0
+
+* `package` : Add `--dockerfile` option.
+* `package` : Ensure that `Gemfile.lock` is in the container.
+* `test` : Propagate `SSH_AUTH_SOCK` to the container.

data/CONTRIBUTING.md

@@ -0,0 +1,16 @@
+# Contributing
+
+For general contribution and community guidelines, please see the [community repo](https://github.com/cyberark/community).
+
+## Contributing
+
+1. [Fork the project](https://help.github.com/en/github/getting-started-with-github/fork-a-repo)
+2. [Clone your fork](https://help.github.com/en/github/creating-cloning-and-archiving-repositories/cloning-a-repository)
+3. Make local changes to your fork by editing files
+3. [Commit your changes](https://help.github.com/en/github/managing-files-in-a-repository/adding-a-file-to-a-repository-using-the-command-line)
+4. [Push your local changes to the remote server](https://help.github.com/en/github/using-git/pushing-commits-to-a-remote-repository)
+5. [Create new Pull Request](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request-from-a-fork)
+
+From here your pull request will be reviewed and once you've responded to all
+feedback it will be merged into the project. Congratulations, you're a
+contributor!

data/Dockerfile

@@ -0,0 +1,33 @@
+FROM ruby:3.0
+
+RUN apt-get update -qq && \
+    apt-get dist-upgrade -qqy && \
+    apt-get install -qqy \
+    apt-transport-https \
+    ca-certificates \
+    curl
+    
+# Install Docker client tools
+ENV DOCKERVERSION=20.10.0
+RUN curl -fsSLO https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKERVERSION}.tgz \
+  && tar xzvf docker-${DOCKERVERSION}.tgz --strip 1 \
+                 -C /usr/local/bin docker/docker \
+  && rm docker-${DOCKERVERSION}.tgz
+
+RUN mkdir -p /debify
+WORKDIR /debify
+
+COPY . ./
+
+RUN gem install bundler:2.2.30
+RUN gem build debify.gemspec
+
+ARG VERSION
+RUN gem install -N conjur-debify-*.gem
+
+ARG CONJUR_APPLIANCE_URL
+ENV CONJUR_APPLIANCE_URL ${CONJUR_APPLIANCE_URL:-https://conjurops.itp.conjur.net}
+ENV CONJUR_ACCOUNT ${CONJUR_ACCOUNT:-conjur}
+ENV CONJUR_VERSION ${CONJUR_VERSION:-5}
+
+ENTRYPOINT ["/debify/distrib/entrypoint.sh"]

data/Gemfile

@@ -0,0 +1,2 @@
+source 'https://rubygems.org'
+gemspec

data/Jenkinsfile

@@ -0,0 +1,116 @@
+#!/usr/bin/env groovy
+
+// Automated release, promotion and dependencies
+properties([
+  release.addParams(),
+  dependencies(['cyberark/conjur-base-image'])
+])
+
+if (params.MODE == "PROMOTE") {
+  release.promote(params.VERSION_TO_PROMOTE) { sourceVersion, targetVersion, assetDirectory ->
+    sh './publish-rubygem.sh'
+  }
+  return
+}
+
+pipeline {
+  agent { label 'executor-v2' }
+
+  options {
+    timestamps()
+    buildDiscarder(logRotator(daysToKeepStr: '30'))
+  }
+
+  triggers {
+    cron(getDailyCronString())
+  }
+
+  environment {
+    MODE = release.canonicalizeMode()
+  }
+
+  stages {
+    stage ("Skip build if triggering job didn't create a release") {
+      when {
+        expression {
+          MODE == "SKIP"
+        }
+      }
+      steps {
+        script {
+          currentBuild.result = 'ABORTED'
+          error("Aborting build because this build was triggered from upstream, but no release was built")
+        }
+      }
+    }
+    stage('Prepare') {
+      steps {
+        // Initialize VERSION file
+        updateVersion("CHANGELOG.md", "${BUILD_NUMBER}")
+      }
+    }
+    stage('Build docker image') {
+      steps {
+        sh './build.sh'
+      }
+    }
+
+    stage('Scan Docker image') {
+      parallel {
+        stage('Scan Docker image for fixable issues') {
+          steps{
+            script {
+              VERSION = sh(returnStdout: true, script: 'cat VERSION')
+            }
+            scanAndReport("debify:${VERSION}", "HIGH", false)
+          }
+        }
+        stage('Scan Docker image for all issues') {
+          steps{
+            script {
+              VERSION = sh(returnStdout: true, script: 'cat VERSION')
+            }
+            scanAndReport("debify:${VERSION}", "NONE", true)
+          }
+        }
+      }
+    }
+
+    stage('Run feature tests') {
+      steps {
+        sh './test.sh'
+      }
+      post { always {
+        junit 'features/reports/*.xml'
+      }}
+    }
+
+    stage('Push Docker image') {
+      steps {
+        sh './tag-image.sh'
+        sh './push-image.sh'
+      }
+    }
+
+    stage('Publish to RubyGems') {
+      when {
+        expression {
+          MODE == "RELEASE"
+        }
+      }
+
+      steps {
+        release {
+          sh './publish-rubygem.sh'
+          sh "cp conjur-debify-*.gem release-assets/."
+        }
+      }
+    }
+  }
+
+  post {
+    always {
+      cleanupAndNotify(currentBuild.currentResult)
+    }
+  }
+}

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2022 CyberArk Software Ltd. All rights reserved.
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.