conjur-debify 3.0.0.pre.1118 → 3.0.1.pre.1548

data/lib/conjur/fpm/Dockerfile

@@ -0,0 +1,26 @@
+# Build from the same version of ubuntu as phusion/baseimage
+FROM cyberark/phusion-ruby-fips:latest
+
+RUN apt-get update -y && \
+    apt-get dist-upgrade -y && \
+    apt-get install -y build-essential \
+                       git \
+                       libffi-dev \
+                       rpm
+
+RUN gem install --no-document fpm
+
+ENV GEM_HOME /usr/local/bundle
+ENV BUNDLE_PATH="$GEM_HOME" \
+    BUNDLE_BIN="$GEM_HOME/bin" \
+    BUNDLE_SILENCE_ROOT_WARNING=1
+ENV PATH $BUNDLE_BIN:$PATH
+RUN mkdir -p "$GEM_HOME" "$BUNDLE_BIN" && \
+    chmod 777 "$GEM_HOME" "$BUNDLE_BIN"
+
+RUN mkdir /src
+
+ENTRYPOINT [ "/package.sh" ]
+
+COPY debify_utils.sh /
+COPY package.sh      /

data/lib/conjur/fpm/debify_utils.sh

@@ -0,0 +1,32 @@
+function bundle_clean() {
+  ruby_version="$(ruby -v | grep -o '[0-9]\.[0-9]\.[0-9]')"
+
+  if [ -d vendor/bundle ]; then
+    chmod og+r -R vendor/bundle # some gems have broken perms
+
+    # some cleanup
+    rm -rf vendor/bundle/ruby/${ruby_version}/cache
+    rm -rf vendor/bundle/ruby/${ruby_version}/gems/*/{test,spec,examples,example,contrib,doc,ext,sample}
+  fi
+}
+
+# Remove files from the current directory that also exist in another given
+# directory. For example, say in the current directory there is:
+#    foo
+#    bar/baz
+#    bar/xyzzy
+#    bacon
+#    people/phlebas
+# and in dir2 there is
+#    bacon
+#    alice
+#    people/phlebas
+#    bar/xyzzy
+# then after running `remove_matching dir2` current directory will be left with only:
+#    foo
+#    bar/baz
+# Note it probably isn't 100% fool-proof, so don't launch it out to space or something.
+function remove_matching() {
+  find "$1" -type f -print0 | sed -ze "s@^$1@.@" | xargs -0 rm -f
+  find . -type d -empty -delete
+}

data/lib/conjur/fpm/package.sh

@@ -0,0 +1,109 @@
+#!/bin/bash -ex
+
+source /debify_utils.sh
+
+project_name=$1
+shift
+version=$1
+shift
+
+if [ -z "$project_name" ]; then
+  echo Project name argument is required
+  exit 1
+fi
+if [ -z "$version" ]; then
+  echo Version argument is required
+  exit 1
+fi
+
+for i in "$@"; do
+  case $i in
+  -ft=* | --file-type=*)
+    file_type="${i#*=}"
+    shift
+    ;;
+  esac
+done
+
+if [ -z "$file_type" ]; then
+  echo "No file type given. Using deb"
+  file_type=deb
+fi
+
+echo Project Name is $project_name
+echo Version is $version
+echo file_type is $file_type
+echo params at the end are $@
+
+# Build dev package first
+prefix=/src/opt/conjur/project
+cd $prefix
+bundle config set --local deployment 'true' && \
+bundle config set --local path 'vendor/bundle' && \
+bundle
+cp -al $prefix /dev-pkg
+bundle config set --local without 'development test'
+bundle clean
+cd /dev-pkg
+remove_matching $prefix
+bundle_clean
+
+if [ $(ls | wc -l) -eq 0 ]; then
+  echo No dev dependencies, skipping dev package
+else
+  echo "Building conjur-$project_name-dev $file_type package"
+
+  fpm \
+    -s dir \
+    -t $file_type \
+    -n conjur-$project_name-dev \
+    -v $version \
+    -C . \
+    --maintainer "CyberArk Software, Inc." \
+    --vendor "CyberArk Software, Inc." \
+    --license "Proprietary" \
+    --url "https://www.cyberark.com" \
+    --deb-no-default-config-files \
+    --deb-dist "whatever" \
+    --$file_type-user conjur \
+    --$file_type-group conjur \
+    --depends "conjur-$project_name = $version" \
+    --prefix /opt/conjur/$project_name \
+    --description "Conjur $project_name service - development files"
+fi
+
+mv /src/opt/conjur/project /src/opt/conjur/$project_name
+
+cd /src/opt/conjur/$project_name
+
+bundle_clean
+
+cd /src
+
+mkdir -p opt/conjur/etc
+
+/debify.sh
+
+[ -d opt/conjur/"$project_name"/distrib ] && mv opt/conjur/"$project_name"/distrib /
+
+echo "Building conjur-$project_name $file_type package"
+
+fpm \
+  -s dir \
+  -t $file_type \
+  -n conjur-$project_name \
+  -v $version \
+  -C . \
+  --maintainer "CyberArk Software, Inc." \
+  --vendor "CyberArk Software, Inc." \
+  --license "Proprietary" \
+  --url "https://www.cyberark.com" \
+  --config-files opt/conjur/etc \
+  --deb-no-default-config-files \
+  --deb-dist "whatever" \
+  --$file_type-user conjur \
+  --$file_type-group conjur \
+  --description "Conjur $project_name service" \
+  "$@"
+
+ls -l

data/lib/conjur/publish/Dockerfile

@@ -0,0 +1,5 @@
+FROM releases-docker.jfrog.io/jfrog/jfrog-cli:latest
+
+ENV JFROG_CLI_OFFER_CONFIG=false
+
+WORKDIR /src

data/publish-rubygem.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+set -e
+
+docker run -i --rm -v $PWD:/src -w /src --entrypoint /bin/sh alpine/git \
+  -c "git config --global --add safe.directory /src && \
+      git clean -fdx \
+        -e VERSION \
+        -e bom-assets/ \
+        -e release-assets"
+
+summon --yaml "RUBYGEMS_API_KEY: !var rubygems/api-key" \
+  publish-rubygem debify

data/push-image.sh

@@ -0,0 +1,6 @@
+#!/bin/bash -ex
+
+for t in $(./image-tags); do
+  docker push registry.tld/conjurinc/debify:$t
+done
+

data/secrets.yml

@@ -0,0 +1,3 @@
+# Example of secrets.yml file needed for debify publish
+ARTIFACTORY_USERNAME: !var artifactory/users/jenkins/username
+ARTIFACTORY_PASSWORD: !var artifactory/users/jenkins/password

data/spec/action/publish_spec.rb

@@ -0,0 +1,54 @@
+require 'spec_helper'
+require 'conjur/debify/action/publish'
+
+describe Conjur::Debify::Action::Publish do
+
+  let (:cmd_options) {
+    {
+      :version => '1.0.0',
+      :component => 'stable'
+    }
+  }
+
+  let (:action) { Conjur::Debify::Action::Publish.new('dist', 'proj', cmd_options) }
+
+  before do
+    allow(DebugMixin).to receive(:debug_write)
+    
+    allow(action).to receive(:create_image).and_return(double('publish_image', :id => 'a1b2c3d4'))
+  end
+  
+  context 'with artifactory creds in the environment' do
+
+    before do
+      ENV['ARTIFACTORY_USER'] = 'art_user'
+      ENV['ARTIFACTORY_PASSWORD'] = 'art_password'
+    end
+
+    after do
+      ENV.delete('ARTIFACTORY_USER')
+      ENV.delete('ARTIFACTORY_PASSWORD')
+    end
+    
+    it 'runs' do
+      expect(action).to receive(:publish).twice
+
+      action.run
+    end
+    
+  end
+
+  context 'without artifactory creds in the environment' do
+
+    it 'runs' do
+      expect(action).to receive(:fetch_art_creds)
+      expect(action).to receive(:publish).twice
+
+      action.run
+    end
+  end
+  
+end
+
+    
+    

data/spec/data/Makefile

@@ -0,0 +1,5 @@
+test.tar:
+	echo "this is a test" > test.txt
+	tar cf test.tar test.txt
+	rm test.txt
+

data/spec/debify_utils_spec.rb

@@ -0,0 +1,55 @@
+require 'spec_helper'
+require 'aruba/rspec'
+
+Aruba.configure do |c|
+  c.activate_announcer_on_command_failure = %i(stderr stdout)
+end
+
+describe "remove_matching()", type: :aruba do
+  it "removes matching files" do
+    here %w(foo bar/baz bar/xyzzy zork)
+    there %w(foo bar/baz not)
+    remove_matching
+    expect(contents_of herepath).to match_array %w(zork bar bar/xyzzy)
+  end
+  
+  it "also handles files with spaces in names" do
+    here ['foo', 'bar/baz', 'with space', 'with', 'bar/another space']
+    there ['with space', 'bar/another space here']
+    remove_matching
+    expect(contents_of herepath).to match_array ['foo', 'bar', 'bar/baz', 'with', 'bar/another space']
+  end
+  
+  # auxiliary methods and setup
+  let(:herepath) { Pathname.new Dir.mktmpdir }
+  let(:therepath) { Pathname.new Dir.mktmpdir }
+  after { [herepath, therepath].each &FileUtils.method(:remove_entry) }
+
+  def contents_of dir
+    Dir.chdir(dir) { Dir['**/*'] }
+  end
+
+  def remove_matching
+    run_command_and_stop "bash -c 'source #{DEBIFY_UTILS_PATH}; cd #{herepath}; remove_matching #{therepath}'"
+  end
+  
+  def here files
+    mkfiles herepath, files
+  end
+  
+  def there files
+    mkfiles therepath, files
+  end
+
+  def mkfiles dir, files  
+    return dir if files.empty?
+    files.each do |path|
+      fullpath = dir + path
+      FileUtils.makedirs fullpath.dirname
+      FileUtils.touch fullpath
+    end
+  end
+  
+  DEBIFY_UTILS_PATH = File.expand_path '../../lib/conjur/fpm/debify_utils.sh', __FILE__
+end
+

data/spec/spec_helper.rb

@@ -0,0 +1 @@
+require 'conjur/debify'

data/spec/utils_spec.rb

@@ -0,0 +1,22 @@
+require 'fakefs/safe'
+
+require 'conjur/debify/utils'
+
+describe 'Conjur::Debify::Utils.copy_from_container' do
+  it "copies a file from the container to the current directory" do
+    tar = File.read "#{__dir__}/data/test.tar"
+    container = instance_double Docker::Container
+    allow(container).to receive(:archive_out).with "/tmp/test.tar" do |&b|
+      StringIO.new(tar).each(nil, 512) do |c|
+        # docker api sends three arguments, so emulate that
+        b[c, nil, nil]
+      end
+    end
+
+    FakeFS do
+      Conjur::Debify::Utils.copy_from_container container, "/tmp/test.tar"
+      expect(File.read 'test.txt').to eq "this is a test\n"
+    end
+  end
+end
+

data/tag-image.sh

@@ -0,0 +1,6 @@
+#!/bin/bash -ex
+
+TAG=$(< VERSION)
+for t in $(./image-tags); do
+  docker tag debify:$TAG registry.tld/conjurinc/debify:$t
+done

data/test.sh

@@ -0,0 +1,6 @@
+#!/bin/bash -ex
+
+VERSION=$(< VERSION)
+docker run --rm debify:$VERSION config script > docker-debify
+chmod +x docker-debify
+DEBIFY_IMAGE=debify:$VERSION DEBIFY_ENTRYPOINT=ci/test.sh ./docker-debify

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: conjur-debify
 version: !ruby/object:Gem::Version
-  version: 3.0.0.pre.1118
+  version: 3.0.1.pre.1548
 platform: ruby
 authors:
 - CyberArk Software, Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-04-18 00:00:00.000000000 Z
+date: 2023-01-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gli
@@ -167,11 +167,70 @@ dependencies:
 description:
 email:
 - conj_maintainers@cyberark.com
-executables: []
+executables:
+- debify
 extensions: []
 extra_rdoc_files: []
 files:
+- ".dockerignore"
+- ".gitignore"
+- ".project"
+- ".rvmrc"
+- CHANGELOG.md
+- CONTRIBUTING.md
+- Dockerfile
+- Gemfile
+- Jenkinsfile
+- LICENSE.txt
+- README.md
+- Rakefile
 - VERSION
+- bin/debify
+- build.sh
+- ci/test.sh
+- debify.gemspec
+- distrib/conjur_creds.rb
+- distrib/docker-debify
+- distrib/entrypoint.sh
+- distrib/script
+- distrib/secrets
+- distrib/secrets.yml
+- example/Gemfile
+- example/Gemfile.lock
+- example/debify.sh
+- example/distrib/postinstall.sh
+- example/docker-compose.yml
+- example/net-test.sh
+- example/test.sh
+- features/detect_version.feature
+- features/package.feature
+- features/sandbox.feature
+- features/step_definitions/debify_steps.rb
+- features/support/env.rb
+- features/support/hooks.rb
+- features/support/world.rb
+- features/test.feature
+- image-tags
+- lib/conjur/debify.rb
+- lib/conjur/debify/Dockerfile.fpm
+- lib/conjur/debify/action/publish.rb
+- lib/conjur/debify/utils.rb
+- lib/conjur/debify/version.rb
+- lib/conjur/fpm/Dockerfile
+- lib/conjur/fpm/debify_utils.sh
+- lib/conjur/fpm/package.sh
+- lib/conjur/publish/Dockerfile
+- publish-rubygem.sh
+- push-image.sh
+- secrets.yml
+- spec/action/publish_spec.rb
+- spec/data/Makefile
+- spec/data/test.tar
+- spec/debify_utils_spec.rb
+- spec/spec_helper.rb
+- spec/utils_spec.rb
+- tag-image.sh
+- test.sh
 homepage: https://github.com/conjurinc/debify
 licenses:
 - MIT
@@ -195,4 +254,18 @@ rubygems_version: 3.2.33
 signing_key:
 specification_version: 4
 summary: Utility commands to build and package Conjur services as Debian packages
-test_files: []
+test_files:
+- features/detect_version.feature
+- features/package.feature
+- features/sandbox.feature
+- features/step_definitions/debify_steps.rb
+- features/support/env.rb
+- features/support/hooks.rb
+- features/support/world.rb
+- features/test.feature
+- spec/action/publish_spec.rb
+- spec/data/Makefile
+- spec/data/test.tar
+- spec/debify_utils_spec.rb
+- spec/spec_helper.rb
+- spec/utils_spec.rb