conjur-debify 3.0.2 → 3.0.3.pre.10

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8bd35d7a7a35d9c093b4194dedda6ea1d0221b8e0c20296b96195c16b28215cf
4
- data.tar.gz: 8e42219970968e197d1adf38212d5e8b9a14f744687085b6a83b22d2a950fe3e
3
+ metadata.gz: 436c92c5c492573a754e82a9b35ef13aca64a795fd4a01e125951488a107978c
4
+ data.tar.gz: bdecbbddaf1e13882847e3d11eb8e2c4ae597f95c036dcb74021c3ff1dc340f5
5
5
  SHA512:
6
- metadata.gz: aaf81d2fe3303db79ba608ce5a3defa99a1cb756030a94d944fc61b37005720fdb7f4d59e3ada15d2752c3de931f3208e912c6bb85561c8e2f320386adee1b09
7
- data.tar.gz: a32bb3780243b3ec25efb50c5c6016db49e8d777cf51e2f822772d6f907212d4c966b411f8ea5af79c69a7fd3adc5ad3c7dfdb62b35b5f023a5245bdd381dede
6
+ metadata.gz: a971c4675b727301536f00a606dbe54d1f011fc660daa29708c060fe2be55967a21caa872f5aaeca3c4cef04f37b79cea3887d83a86222b2326801553e822490
7
+ data.tar.gz: 4529e3f15f359cdd0009c6cbd2ba3c70db72ee122aea0f9de41bf1573df45f393a77030b987a58b61ea718222b5d3ed9b2e01b3a8157abf3eea7bd5a02927298
data/CHANGELOG.md CHANGED
@@ -1,3 +1,12 @@
1
+ ## [3.0.3]
2
+ ### Added
3
+ - Build arm64 image on separate agent with dedicated architecture
4
+ - Upload artifacts for all packaged architectures to artifactory
5
+
6
+ ### Fixed
7
+ - Fixed regressions introduced by incorrect linting fixes. Most significantly,
8
+ preventing the `VERSION` file from being included in release packages.
9
+
1
10
  ## [3.0.2]
2
11
  ### Changed
3
12
  - Allow Base Image to be configured on execution.
@@ -35,11 +44,11 @@
35
44
 
36
45
  - Refine bundler related steps in `debify package` flow: only `package.sh` file configures
37
46
  and invokes bundler. `Dockerfile.fpm` only copies files and adjusts folder structure.
38
- - Remove bundler 1.* support
47
+ - Remove bundler 1.* support
39
48
 
40
49
  # 2.0.0
41
50
  ### Changed
42
- - Debify now receives the flag `--output` as input to indicate the file type that it should package (e.g `rpm`). If this
51
+ - Debify now receives the flag `--output` as input to indicate the file type that it should package (e.g `rpm`). If this
43
52
  flag is not given, the default value is `deb`.
44
53
  [conjurinc/debify#56](https://github.com/conjurinc/debify/issues/56)
45
54
 
data/Jenkinsfile CHANGED
@@ -2,23 +2,33 @@
2
2
 
3
3
  // Automated release, promotion and dependencies
4
4
  properties([
5
+ // Include the automated release parameters for the build
5
6
  release.addParams(),
6
- dependencies(['cyberark/conjur-base-image'])
7
+ // Dependencies of the project that should trigger builds
8
+ dependencies([])
7
9
  ])
8
10
 
11
+ // Performs release promotion. No other stages will be run
9
12
  if (params.MODE == "PROMOTE") {
10
- release.promote(params.VERSION_TO_PROMOTE) { sourceVersion, targetVersion, assetDirectory ->
11
- sh './publish-rubygem.sh'
13
+ release.promote(params.VERSION_TO_PROMOTE) { infrapool, sourceVersion, targetVersion, assetDirectory ->
14
+ // Any assets from sourceVersion Github release are available in assetDirectory
15
+ // Any version number updates from sourceVersion to targetVersion occur here
16
+ // Any publishing of targetVersion artifacts occur here
17
+ // Anything added to assetDirectory will be attached to the Github Release
18
+
19
+ //Note: assetDirectory is on the infrapool agent, not the local Jenkins agent.
20
+ infrapool.agentSh './publish-rubygem.sh'
12
21
  }
22
+ release.copyEnterpriseRelease(params.VERSION_TO_PROMOTE)
13
23
  return
14
24
  }
15
25
 
16
26
  pipeline {
17
- agent { label 'executor-v2' }
27
+ agent { label 'conjur-enterprise-common-agent' }
18
28
 
19
29
  options {
20
30
  timestamps()
21
- buildDiscarder(logRotator(daysToKeepStr: '30'))
31
+ buildDiscarder(logRotator(numToKeepStr: '30'))
22
32
  }
23
33
 
24
34
  triggers {
@@ -26,10 +36,12 @@ pipeline {
26
36
  }
27
37
 
28
38
  environment {
39
+ // Sets the MODE to the specified or autocalculated value as appropriate
29
40
  MODE = release.canonicalizeMode()
30
41
  }
31
42
 
32
43
  stages {
44
+ // Aborts any builds triggered by another project that wouldn't include any changes
33
45
  stage ("Skip build if triggering job didn't create a release") {
34
46
  when {
35
47
  expression {
@@ -43,34 +55,86 @@ pipeline {
43
55
  }
44
56
  }
45
57
  }
46
- stage('Prepare') {
58
+
59
+ stage('Get InfraPool ExecutorV2 Agent(s)') {
47
60
  steps {
48
- // Initialize VERSION file
49
- updateVersion("CHANGELOG.md", "${BUILD_NUMBER}")
61
+ script {
62
+ // Request ExecutorV2 agents for 1 hour(s)
63
+ INFRAPOOL_EXECUTORV2_AGENT_0 = getInfraPoolAgent.connected(type: "ExecutorV2", quantity: 1, duration: 1)[0]
64
+ INFRAPOOL_EXECUTORV2ARM_AGENT_0 = getInfraPoolAgent.connected(type: "ExecutorV2ARM", quantity: 1, duration: 1)[0]
65
+ }
50
66
  }
51
67
  }
52
- stage('Build docker image') {
53
- steps {
54
- sh './build.sh'
68
+
69
+ stage('Prepare') {
70
+ parallel {
71
+ stage('Prepare AMD64') {
72
+ steps {
73
+ // Initialize VERSION file
74
+ updateVersion(INFRAPOOL_EXECUTORV2_AGENT_0, "CHANGELOG.md", "${BUILD_NUMBER}")
75
+ }
76
+ }
77
+
78
+ stage('Prepare ARM64') {
79
+ steps {
80
+ // Initialize VERSION file
81
+ updateVersion(INFRAPOOL_EXECUTORV2ARM_AGENT_0, "CHANGELOG.md", "${BUILD_NUMBER}")
82
+ }
83
+ }
55
84
  }
56
85
  }
57
86
 
87
+ stage('Build Docker image') {
88
+ parallel {
89
+ stage('Build AMD64 image') {
90
+ steps {
91
+ script {
92
+ INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './build.sh'
93
+ }
94
+ }
95
+ }
96
+
97
+ stage('Build ARM64 image') {
98
+ steps {
99
+ script {
100
+ INFRAPOOL_EXECUTORV2ARM_AGENT_0.agentSh './build.sh'
101
+ }
102
+ }
103
+ }
104
+ }
105
+ }
58
106
  stage('Scan Docker image') {
59
107
  parallel {
60
- stage('Scan Docker image for fixable issues') {
108
+ stage('Scan Docker image for fixable issues (AMD64 based)') {
61
109
  steps{
62
110
  script {
63
- VERSION = sh(returnStdout: true, script: 'cat VERSION')
111
+ VERSION = INFRAPOOL_EXECUTORV2_AGENT_0.agentSh(returnStdout: true, script: 'cat VERSION')
64
112
  }
65
- scanAndReport("debify:${VERSION}", "HIGH", false)
113
+ scanAndReport(INFRAPOOL_EXECUTORV2_AGENT_0, "debify:${VERSION}", "HIGH", false)
66
114
  }
67
115
  }
68
- stage('Scan Docker image for all issues') {
116
+ stage('Scan Docker image for all issues (AMD64 based)') {
69
117
  steps{
70
118
  script {
71
- VERSION = sh(returnStdout: true, script: 'cat VERSION')
119
+ VERSION = INFRAPOOL_EXECUTORV2_AGENT_0.agentSh(returnStdout: true, script: 'cat VERSION')
72
120
  }
73
- scanAndReport("debify:${VERSION}", "NONE", true)
121
+ scanAndReport(INFRAPOOL_EXECUTORV2_AGENT_0, "debify:${VERSION}", "NONE", true)
122
+ }
123
+ }
124
+ stage('Scan Docker image for fixable issues (ARM64 based)') {
125
+ steps{
126
+ script {
127
+ VERSION = INFRAPOOL_EXECUTORV2ARM_AGENT_0.agentSh(returnStdout: true, script: 'cat VERSION')
128
+ }
129
+ scanAndReport(INFRAPOOL_EXECUTORV2ARM_AGENT_0, "debify:${VERSION}", "HIGH", false)
130
+ }
131
+ }
132
+ stage('Scan Docker image for all issues (ARM64 based)') {
133
+ steps{
134
+ script {
135
+ VERSION = INFRAPOOL_EXECUTORV2ARM_AGENT_0.agentSh(returnStdout: true, script: 'cat VERSION')
136
+ }
137
+ scanAndReport(INFRAPOOL_EXECUTORV2ARM_AGENT_0, "debify:${VERSION}", "NONE", true)
74
138
  }
75
139
  }
76
140
  }
@@ -78,21 +142,46 @@ pipeline {
78
142
 
79
143
  stage('Run feature tests') {
80
144
  steps {
81
- sh './test.sh'
145
+ script {
146
+ INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './test.sh'
147
+ INFRAPOOL_EXECUTORV2_AGENT_0.agentStash name: 'test-results', includes: 'features/reports/*.xml'
148
+ }
82
149
  }
83
150
  post { always {
151
+ unstash 'test-results'
84
152
  junit 'features/reports/*.xml'
85
153
  }}
86
154
  }
87
155
 
88
156
  stage('Push Docker image') {
157
+ parallel {
158
+ stage('Push AMD64 image') {
159
+ steps {
160
+ script {
161
+ INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './push-image.sh amd64'
162
+ }
163
+ }
164
+ }
165
+
166
+ stage('Push ARM64 image') {
167
+ steps {
168
+ script {
169
+ INFRAPOOL_EXECUTORV2ARM_AGENT_0.agentSh './push-image.sh arm64'
170
+ }
171
+ }
172
+ }
173
+ }
174
+ }
175
+
176
+ stage('Push Docker manifest with multi-arch') {
89
177
  steps {
90
- sh './tag-image.sh'
91
- sh './push-image.sh'
178
+ script {
179
+ INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './push-manifest.sh'
180
+ }
92
181
  }
93
182
  }
94
183
 
95
- stage('Publish to RubyGems') {
184
+ stage('Release') {
96
185
  when {
97
186
  expression {
98
187
  MODE == "RELEASE"
@@ -100,17 +189,31 @@ pipeline {
100
189
  }
101
190
 
102
191
  steps {
103
- release {
104
- sh './publish-rubygem.sh'
105
- sh "cp conjur-debify-*.gem release-assets/."
192
+ script {
193
+ release(INFRAPOOL_EXECUTORV2_AGENT_0) { billOfMaterialsDirectory, assetDirectory ->
194
+ /* Publish release artifacts to all the appropriate locations
195
+ Copy any artifacts to assetDirectory on the infrapool node
196
+ to attach them to the Github release.
197
+
198
+ If your assets are on the infrapool node in the target
199
+ directory, use a copy like this:
200
+ infrapool.agentSh "cp target/* ${assetDirectory}"
201
+ Note That this will fail if there are no assets, add :||
202
+ if you want the release to succeed with no assets.
203
+
204
+ If your assets are in target on the main Jenkins agent, use:
205
+ infrapool.agentPut(from: 'target/', to: assetDirectory)
206
+ */
207
+ INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './publish-rubygem.sh'
208
+ INFRAPOOL_EXECUTORV2_AGENT_0.agentSh "cp conjur-debify-*.gem release-assets/."
209
+ }
106
210
  }
107
211
  }
108
212
  }
109
213
  }
110
-
111
214
  post {
112
215
  always {
113
- cleanupAndNotify(currentBuild.currentResult)
216
+ releaseInfraPoolAgent()
114
217
  }
115
218
  }
116
- }
219
+ }
data/README.md CHANGED
@@ -116,7 +116,7 @@ COMMAND OPTIONS
116
116
  --additional-files=arg - Specify files to add to the FPM image that are not included from the git repo (default: none)
117
117
  -d, --dir=arg - Set the current working directory (default: none)
118
118
  --dockerfile=arg - Specify a custom Dockerfile.fpm (default: none)
119
- -i, --image=arg - Image name (default: cyberark/phusion-ruby-fips)
119
+ -i, --image=arg - Image name (default: cyberark/ubuntu-ruby-builder)
120
120
  -o, --output=arg - Set the output file type of the fpm command (e.g rpm) (default: none)
121
121
  -t, --image-tag=arg - Image tag, e.g. 4.5-stable, 4.6-stable (default: latest)
122
122
  -v, --version=arg - Specify the deb version; by default, it's read from the VERSION file (default: none)
data/VERSION CHANGED
@@ -1 +1 @@
1
- 3.0.2
1
+ 3.0.3-10
@@ -8,16 +8,16 @@ Feature: Packaging
8
8
  And I successfully run `env DEBUG=true GLI_DEBUG=true debify package -d ../../example --output rpm -v 0.0.1-suffix example -- --post-install /distrib/postinstall.sh`
9
9
 
10
10
  Scenario: 'example' project can be packaged successfully
11
- Then the stdout should contain "conjur-example_0.0.1-suffix_amd64.deb"
12
- And the stdout should contain "conjur-example-dev_0.0.1-suffix_amd64.deb"
13
- And the stdout should contain "conjur-example-0.0.1_suffix-1.x86_64.rpm"
14
- And the stdout should contain "conjur-example-dev-0.0.1_suffix-1.x86_64.rpm"
11
+ Then the output should match /conjur-example_0\.0\.1-suffix_(amd64|arm64)\.deb/
12
+ And the output should match /conjur-example-dev_0\.0\.1-suffix_(amd64|arm64)\.deb/
13
+ And the output should match /conjur-example-0\.0\.1_suffix-1\.(x86_64|aarch64)\.rpm/
14
+ And the output should match /conjur-example-dev-0\.0\.1_suffix-1\.(x86_64|aarch64)\.rpm/
15
15
 
16
16
  Scenario: 'clean' command will delete non-Git-managed files
17
17
  When I successfully run `env DEBUG=true GLI_DEBUG=true debify clean -d ../../example --force`
18
- And I successfully run `find ../../example`
19
- Then the stdout from "find ../../example" should not contain "conjur-example_0.0.1-suffix_amd64.deb"
20
- And the stdout from "find ../../example" should not contain "conjur-example-0.0.1_suffix-1.x86_64.rpm"
18
+ And I cd to "../../example"
19
+ Then a file matching %r</conjur-example_0\.0\.1-suffix_(amd64|arm64)\.deb/> should not exist
20
+ And a file matching %r</conjur-example-0\.0\.1_suffix-1\.(x86_64|aarch64)\.rpm/> should not exist
21
21
 
22
22
  Scenario: 'example' project can be published
23
23
  When I successfully run `env DEBUG=true GLI_DEBUG=true debify publish -v 0.0.1-suffix -d ../../example 5.0 example`
data/image-tags CHANGED
@@ -9,9 +9,12 @@ show_master_tags() {
9
9
  }
10
10
 
11
11
  show_branch_tags() {
12
+ VERSION=$(< VERSION)
13
+ docker run --rm debify:$VERSION config script > docker-debify
14
+ chmod +x docker-debify
12
15
  # tail and tr, to remove the grottiness from the detect-version
13
16
  # output
14
- local version="$(DEBIFY_IMAGE=debify:$(<VERSION) ./docker-debify detect-version | tail -1 | tr -d '\r')"
17
+ local version="$(DEBIFY_IMAGE=debify:$VERSION ./docker-debify detect-version | tail -1 | tr -d '\r')"
15
18
 
16
19
  echo "$BRANCH_NAME $version"
17
20
  }
@@ -38,7 +38,7 @@ module Conjur::Debify
38
38
  art_user, art_password = fetch_art_creds
39
39
  end
40
40
 
41
- # Publish deb package
41
+ # Publish AMD64 deb package
42
42
  component = cmd_options[:component] || detect_component
43
43
  deb_info = "#{distribution}/#{component}/amd64"
44
44
  package_name = "conjur-#{project_name}_#{version}_amd64.deb"
@@ -53,10 +53,26 @@ module Conjur::Debify
53
53
  deb_info: deb_info
54
54
  )
55
55
 
56
+ # (Optional) Publish ARM64 deb package
57
+ unless Dir.glob('*_arm64.deb').empty?
58
+ deb_info = "#{distribution}/#{component}/arm64"
59
+ package_name = "conjur-#{project_name}_#{version}_arm64.deb"
60
+ publish_package(
61
+ publish_image: publish_image,
62
+ art_url: art_url,
63
+ art_user: art_user,
64
+ art_password: art_password,
65
+ art_repo: deb_art_repo,
66
+ package_name: package_name,
67
+ dir: dir,
68
+ deb_info: deb_info
69
+ )
70
+ end
71
+
56
72
  # Publish RPM package
57
73
  # The rpm builder replaces dashes with underscores in the version
58
74
  rpm_version = version.tr('-', '_')
59
- package_name = "conjur-#{project_name}-#{rpm_version}-1.x86_64.rpm"
75
+ package_name = "conjur-#{project_name}-#{rpm_version}-1.*.rpm"
60
76
  rpm_art_repo = cmd_options['rpm-repo']
61
77
  publish_package(
62
78
  publish_image: publish_image,
data/lib/conjur/debify.rb CHANGED
@@ -5,6 +5,7 @@ require 'gli'
5
5
  require 'json'
6
6
  require 'base64'
7
7
  require 'tmpdir'
8
+ require 'rbconfig'
8
9
 
9
10
  require 'conjur/debify/utils'
10
11
 
@@ -31,24 +32,24 @@ Docker.options[:read_timeout] = 300
31
32
  module DebugMixin
32
33
  DEBUG = ENV['DEBUG'].nil? ? true : ENV['DEBUG'].downcase == 'true'
33
34
 
34
- def debug *a
35
+ def debug(* a)
35
36
  DebugMixin.debug *a
36
37
  end
37
38
 
38
- def self.debug *a
39
+ def self.debug(* a)
39
40
  $stderr.puts *a if DEBUG
40
41
  end
41
42
 
42
- def debug_write *a
43
+ def debug_write(* a)
43
44
  DebugMixin.debug_write *a
44
45
  end
45
46
 
46
- def self.debug_write *a
47
+ def self.debug_write(* a)
47
48
  $stderr.write *a if DEBUG
48
49
  end
49
50
 
50
51
  # you can give this to various docker methods to print output if debug is on
51
- def self.docker_debug *a
52
+ def self.docker_debug(* a)
52
53
  if a.length == 2 && a[0].is_a?(Symbol)
53
54
  debug a.last
54
55
  else
@@ -90,8 +91,26 @@ def detect_version
90
91
  end
91
92
  end
92
93
 
94
+ def detect_architecture
95
+ architecture = RbConfig::CONFIG['arch']
96
+ result_map = {}
97
+
98
+ case architecture
99
+ when /x86_64|amd64/
100
+ result_map['deb'] = 'amd64'
101
+ result_map['rpm'] = 'x86_64'
102
+ when /arm64|aarch64/
103
+ result_map['deb'] = 'arm64'
104
+ result_map['rpm'] = 'aarch64'
105
+ else
106
+ raise "Unsupported architecture type: #{architecture}"
107
+ end
108
+
109
+ result_map
110
+ end
111
+
93
112
  def git_files
94
- files = (`git ls-files -z`.split("\x0") + ['Gemfile.lock', 'VERSION']).uniq
113
+ files = (`git ls-files -z`.split("\x0") + %w[Gemfile.lock VERSION]).uniq
95
114
  # Since submodule directories are listed, but are not files, we remove them.
96
115
  # Currently, `conjur-project-config` is the only submodule in Conjur, and it
97
116
  # can safely be removed because it's a developer-only tool. If we add another
@@ -141,7 +160,7 @@ command "clean" do |c|
141
160
  c.desc "Force file deletion even if if this doesn't look like a Jenkins environment"
142
161
  c.switch [:force]
143
162
 
144
- c.action do |global_options, cmd_options, args|
163
+ c.action do |_, cmd_options, _|
145
164
  def looks_like_jenkins?
146
165
  require 'etc'
147
166
  Etc.getlogin == 'jenkins' && ENV['BUILD_NUMBER']
@@ -149,12 +168,12 @@ command "clean" do |c|
149
168
 
150
169
  require 'set'
151
170
  perform_deletion = cmd_options[:force] || looks_like_jenkins?
152
- if !perform_deletion
171
+ unless perform_deletion
153
172
  $stderr.puts "No --force, and this doesn't look like Jenkins. I won't actually delete anything"
154
173
  end
155
- @ignore_list = Array(cmd_options[:ignore]) + ['.', '..', '.git']
174
+ @ignore_list = Array(cmd_options[:ignore]) + %w[. .. .git]
156
175
 
157
- def ignore_file? f
176
+ def ignore_file?(f)
158
177
  @ignore_list.find { |ignore| f.index(ignore) == 0 }
159
178
  end
160
179
 
@@ -172,7 +191,7 @@ command "clean" do |c|
172
191
  File.directory?(file) || ignore_file?(file)
173
192
  }
174
193
  if perform_deletion
175
- image = Docker::Image.create 'fromImage' => "alpine:3.3"
194
+ image = Docker::Image.create 'fromImage' => "alpine:3.19.0"
176
195
  options = {
177
196
  'Cmd' => ["sh", "-c", "while true; do sleep 1; done"],
178
197
  'Image' => image.id,
@@ -190,7 +209,7 @@ command "clean" do |c|
190
209
  file = "/src/#{file}"
191
210
  cmd = ["rm", "-f", file]
192
211
 
193
- stdout, stderr, status = container.exec cmd, &DebugMixin::DOCKER
212
+ _, _, status = container.exec cmd, &DebugMixin::DOCKER
194
213
  $stderr.puts "Failed to delete #{file}" unless status == 0
195
214
  end
196
215
  ensure
@@ -255,15 +274,15 @@ command "package" do |c|
255
274
  c.flag [:'additional-files']
256
275
 
257
276
  c.desc "Image name"
258
- c.default_value "cyberark/phusion-ruby-fips"
277
+ c.default_value "cyberark/ubuntu-ruby-builder"
259
278
  c.flag [:i, :image]
260
279
 
261
280
  c.desc "Image tag, e.g. 4.5-stable, 4.6-stable"
262
281
  c.default_value "latest"
263
282
  c.flag [:t, :'image-tag']
264
283
 
265
- c.action do |global_options, cmd_options, args|
266
- raise "project-name is required" unless project_name = args.shift
284
+ c.action do |_, cmd_options, args|
285
+ raise "project-name is required" unless (project_name = args.shift)
267
286
 
268
287
  fpm_args = []
269
288
  if (delimeter = args.shift) == '--'
@@ -339,30 +358,20 @@ command "package" do |c|
339
358
  }
340
359
  options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
341
360
 
361
+ file_path, dev_file_path = determine_file_path(file_type, detect_architecture, project_name, version)
362
+
342
363
  container = Docker::Container.create options
343
364
  begin
344
365
  DebugMixin.debug_write "Packaging #{project_name} in container #{container.id}\n"
345
- container.tap(&:start!).streaming_logs(follow: true, stdout: true, stderr: true) { |stream, chunk| $stderr.puts "#{chunk}" }
366
+ container.tap(&:start!).streaming_logs(follow: true, stdout: true, stderr: true) { |_, chunk| $stderr.puts "#{chunk}" }
346
367
  status = container.wait
347
368
  raise "Failed to package #{project_name}" unless status['StatusCode'] == 0
348
369
 
349
- if file_type == "deb"
350
- # Copy deb packages
351
- copy_packages_from_container(
352
- container,
353
- "conjur-#{project_name}_#{version}_amd64.deb",
354
- "conjur-#{project_name}-dev_#{version}_amd64.deb"
355
- )
356
- elsif file_type == "rpm"
357
- # Copy rpm packages
358
- # The rpm builder replaces dashes with underscores in the version
359
- rpm_version = version.tr('-', '_')
360
- copy_packages_from_container(
361
- container,
362
- "conjur-#{project_name}-#{rpm_version}-1.x86_64.rpm",
363
- "conjur-#{project_name}-dev-#{rpm_version}-1.x86_64.rpm"
364
- )
365
- end
370
+ copy_packages_from_container(
371
+ container,
372
+ file_path,
373
+ dev_file_path
374
+ )
366
375
  ensure
367
376
  container.delete(force: true)
368
377
  end
@@ -370,13 +379,33 @@ command "package" do |c|
370
379
  end
371
380
  end
372
381
 
373
- def container_command container, *args
374
- stdout, stderr, exitcode = container.exec args, &DebugMixin::DOCKER
382
+ def determine_file_path(file_type, architecture_map, project_name, version)
383
+ if file_type == "deb"
384
+ architecture = architecture_map[file_type]
385
+ file_path = "conjur-#{project_name}_#{version}_#{architecture}.#{file_type}"
386
+ dev_file_path = "conjur-#{project_name}-dev_#{version}_#{architecture}.#{file_type}"
387
+ elsif file_type == "rpm"
388
+ architecture = architecture_map[file_type]
389
+
390
+ # The rpm builder replaces dashes with underscores in the version
391
+ version = version.tr('-', '_')
392
+
393
+ file_path = "conjur-#{project_name}-#{version}-1.#{architecture}.#{file_type}"
394
+ dev_file_path = "conjur-#{project_name}-dev-#{version}-1.#{architecture}.#{file_type}"
395
+ else
396
+ raise "Unrecognized file type: #{file_type}, must be one of the following: deb, rpm"
397
+ end
398
+
399
+ [file_path, dev_file_path]
400
+ end
401
+
402
+ def container_command(container, *args)
403
+ stdout, _, exitcode = container.exec args, &DebugMixin::DOCKER
375
404
  exit_now! "Command failed : #{args.join(' ')}", exitcode unless exitcode == 0
376
405
  stdout
377
406
  end
378
407
 
379
- def wait_for_conjur appliance_image, container
408
+ def wait_for_conjur(container)
380
409
  container_command container, '/opt/conjur/evoke/bin/wait_for_conjur'
381
410
  rescue
382
411
  $stderr.puts container.logs(stdout: true, stderr: true)
@@ -480,8 +509,8 @@ command "test" do |c|
480
509
  network_options(c)
481
510
 
482
511
  c.action do |global_options, cmd_options, args|
483
- raise "project-name is required" unless project_name = args.shift
484
- raise "test-script is required" unless test_script = args.shift
512
+ raise "project-name is required" unless (project_name = args.shift)
513
+ raise "test-script is required" unless (test_script = args.shift)
485
514
  raise "Received extra command-line arguments" if args.shift
486
515
 
487
516
  dir = cmd_options[:dir] || '.'
@@ -553,11 +582,11 @@ RUN touch /etc/service/conjur/down
553
582
  options = {
554
583
  'Image' => appliance_image.id,
555
584
  'name' => project_name,
556
- 'Env' => [
557
- "CONJUR_AUTHN_LOGIN=admin",
558
- "CONJUR_ENV=appliance",
559
- "CONJUR_AUTHN_API_KEY=SEcret12!!!!",
560
- "CONJUR_ADMIN_PASSWORD=SEcret12!!!!",
585
+ 'Env' => %w[
586
+ CONJUR_AUTHN_LOGIN=admin
587
+ CONJUR_ENV=appliance
588
+ CONJUR_AUTHN_API_KEY=SEcret12!!!!
589
+ CONJUR_ADMIN_PASSWORD=SEcret12!!!!
561
590
  ] + global_options[:env],
562
591
  'HostConfig' => {
563
592
  'Binds' => [
@@ -590,9 +619,9 @@ RUN touch /etc/service/conjur/down
590
619
 
591
620
  # Wait for pg/main so that migrations can run
592
621
  30.times do
593
- stdout, stderr, exitcode = container.exec %w(sv status pg/main), &DebugMixin::DOCKER
622
+ stdout, _, exitcode = container.exec %w(sv status pg/main), &DebugMixin::DOCKER
594
623
  status = stdout.join
595
- break if exitcode == 0 && status =~ /^run\:/
624
+ break if exitcode == 0 && status =~ /^run/
596
625
  sleep 1
597
626
  end
598
627
 
@@ -607,7 +636,7 @@ RUN touch /etc/service/conjur/down
607
636
 
608
637
  container_command container, "rm", "/etc/service/conjur/down"
609
638
  container_command container, "sv", "start", "conjur"
610
- wait_for_conjur appliance_image, container
639
+ wait_for_conjur container
611
640
 
612
641
  system "./#{test_script} #{container.id}"
613
642
  exit_now! "#{test_script} failed with exit code #{$?.exitstatus}", $?.exitstatus unless $?.exitstatus == 0
@@ -703,11 +732,11 @@ command "sandbox" do |c|
703
732
  'name' => "#{project_name}-sandbox",
704
733
  'Image' => appliance_image.id,
705
734
  'WorkingDir' => "/src/#{project_name}",
706
- 'Env' => [
707
- "CONJUR_AUTHN_LOGIN=admin",
708
- "CONJUR_ENV=appliance",
709
- "CONJUR_AUTHN_API_KEY=SEcret12!!!!",
710
- "CONJUR_ADMIN_PASSWORD=SEcret12!!!!",
735
+ 'Env' => %w[
736
+ CONJUR_AUTHN_LOGIN=admin
737
+ CONJUR_ENV=appliance
738
+ CONJUR_AUTHN_API_KEY=SEcret12!!!!
739
+ CONJUR_ADMIN_PASSWORD=SEcret12!!!!
711
740
  ] + global_options[:env]
712
741
  }
713
742
 
@@ -746,7 +775,7 @@ command "sandbox" do |c|
746
775
  $stdout.puts container.id
747
776
  container.start!
748
777
 
749
- wait_for_conjur appliance_image, container
778
+ wait_for_conjur container
750
779
 
751
780
  if cmd_options[:'dev-install']
752
781
  container_command(container, "/opt/conjur/evoke/bin/dev-install", project_name)
@@ -798,10 +827,10 @@ command "publish" do |c|
798
827
  c.default_value "redhat-private"
799
828
  c.flag ['rpm-repo']
800
829
 
801
- c.action do |global_options, cmd_options, args|
830
+ c.action do |_, cmd_options, args|
802
831
  require 'conjur/debify/action/publish'
803
- raise "distribution is required" unless distribution = args.shift
804
- raise "project-name is required" unless project_name = args.shift
832
+ raise "distribution is required" unless (distribution = args.shift)
833
+ raise "project-name is required" unless (project_name = args.shift)
805
834
  raise "Received extra command-line arguments" if args.shift
806
835
 
807
836
  Conjur::Debify::Action::Publish.new(distribution, project_name, cmd_options).run
@@ -812,7 +841,7 @@ desc "Auto-detect and print the repository version"
812
841
  command "detect-version" do |c|
813
842
  c.desc "Set the current working directory"
814
843
  c.flag [:d, :dir]
815
- c.action do |global_options, cmd_options, args|
844
+ c.action do |_, cmd_options, args|
816
845
  raise "Received extra command-line arguments" if args.shift
817
846
 
818
847
  dir = cmd_options[:dir] || '.'
@@ -830,7 +859,7 @@ desc 'Show the given configuration'
830
859
  arg_name 'configuration'
831
860
  command 'config' do |c|
832
861
  c.action do |_, _, args|
833
- raise 'no configuration provided' unless config = args.shift
862
+ raise 'no configuration provided' unless (config = args.shift)
834
863
  raise "Received extra command-line arguments" if args.shift
835
864
 
836
865
  File.open(File.join('distrib', config)).each do |line|
@@ -838,25 +867,3 @@ command 'config' do |c|
838
867
  end
839
868
  end
840
869
  end
841
-
842
-
843
- pre do |global, command, options, args|
844
- # Pre logic here
845
- # Return true to proceed; false to abort and not call the
846
- # chosen command
847
- # Use skips_pre before a command to skip this block
848
- # on that command only
849
- true
850
- end
851
-
852
- post do |global, command, options, args|
853
- # Post logic here
854
- # Use skips_post before a command to skip this
855
- # block on that command only
856
- end
857
-
858
- on_error do |exception|
859
- # Error logic here
860
- # return false to skip default error handling
861
- true
862
- end
data/push-image.sh CHANGED
@@ -1,6 +1,12 @@
1
1
  #!/bin/bash -ex
2
2
 
3
+ TAG=$(< VERSION)
4
+ ARCH="$1"
5
+ if [ -z "$ARCH" ]; then
6
+ ARCH="amd64"
7
+ fi
8
+
3
9
  for t in $(./image-tags); do
4
- docker push registry.tld/conjurinc/debify:$t
10
+ docker tag "debify:$TAG" "registry.tld/conjurinc/debify:$t-$ARCH"
11
+ docker push "registry.tld/conjurinc/debify:$t-$ARCH"
5
12
  done
6
-
data/push-manifest.sh ADDED
@@ -0,0 +1,14 @@
1
+ #!/bin/bash -ex
2
+
3
+ for t in $(./image-tags); do
4
+ docker pull "registry.tld/conjurinc/debify:$t-amd64"
5
+ docker pull "registry.tld/conjurinc/debify:$t-arm64"
6
+
7
+ docker manifest create \
8
+ --insecure \
9
+ "registry.tld/conjurinc/debify:$t" \
10
+ --amend "registry.tld/conjurinc/debify:$t-amd64" \
11
+ --amend "registry.tld/conjurinc/debify:$t-arm64"
12
+
13
+ docker manifest push --insecure "registry.tld/conjurinc/debify:$t"
14
+ done
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: conjur-debify
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.2
4
+ version: 3.0.3.pre.10
5
5
  platform: ruby
6
6
  authors:
7
7
  - CyberArk Software, Inc.
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-08-17 00:00:00.000000000 Z
11
+ date: 2024-01-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gli
@@ -164,7 +164,7 @@ dependencies:
164
164
  - - "~>"
165
165
  - !ruby/object:Gem::Version
166
166
  version: '1.0'
167
- description:
167
+ description:
168
168
  email:
169
169
  - conj_maintainers@cyberark.com
170
170
  executables:
@@ -223,6 +223,7 @@ files:
223
223
  - lib/conjur/publish/Dockerfile
224
224
  - publish-rubygem.sh
225
225
  - push-image.sh
226
+ - push-manifest.sh
226
227
  - secrets.yml
227
228
  - spec/action/publish_spec.rb
228
229
  - spec/data/Makefile
@@ -230,13 +231,12 @@ files:
230
231
  - spec/debify_utils_spec.rb
231
232
  - spec/spec_helper.rb
232
233
  - spec/utils_spec.rb
233
- - tag-image.sh
234
234
  - test.sh
235
235
  homepage: https://github.com/conjurinc/debify
236
236
  licenses:
237
237
  - MIT
238
238
  metadata: {}
239
- post_install_message:
239
+ post_install_message:
240
240
  rdoc_options: []
241
241
  require_paths:
242
242
  - lib
@@ -247,12 +247,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
247
247
  version: '0'
248
248
  required_rubygems_version: !ruby/object:Gem::Requirement
249
249
  requirements:
250
- - - ">="
250
+ - - ">"
251
251
  - !ruby/object:Gem::Version
252
- version: '0'
252
+ version: 1.3.1
253
253
  requirements: []
254
- rubygems_version: 3.2.33
255
- signing_key:
254
+ rubygems_version: 3.4.10
255
+ signing_key:
256
256
  specification_version: 4
257
257
  summary: Utility commands to build and package Conjur services as Debian packages
258
258
  test_files:
data/tag-image.sh DELETED
@@ -1,6 +0,0 @@
1
- #!/bin/bash -ex
2
-
3
- TAG=$(< VERSION)
4
- for t in $(./image-tags); do
5
- docker tag debify:$TAG registry.tld/conjurinc/debify:$t
6
- done