conjur-debify 3.0.2 → 3.0.3.pre.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +11 -2
- data/Jenkinsfile +130 -27
- data/README.md +1 -1
- data/VERSION +1 -1
- data/features/package.feature +7 -7
- data/image-tags +4 -1
- data/lib/conjur/debify/action/publish.rb +18 -2
- data/lib/conjur/debify.rb +86 -79
- data/push-image.sh +8 -2
- data/push-manifest.sh +14 -0
- metadata +10 -10
- data/tag-image.sh +0 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 788f898e4a97e29086970287c68f11820f3745417a7a79b45464fff1526fc905
|
4
|
+
data.tar.gz: e00b6dccc458b1ff4dcbaf3b91a6f501f7019ecc5220915ae3455bc13501aff7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4769c7bbb7433f7b85ab9a96eaaa5902f4b3cfd963acee183559d13e06d3cab8fab36e7d56048dace446e1d0e4291ffc957892baf5deaed80672ece0d1a5da52
|
7
|
+
data.tar.gz: dbffcf72245096ffee0767a0bcf854a36ef03273340c14233ff5dbf32e73288d3de5a516594e7f11d6ca0ed9c9deddf17d245ac9a648659fd9666f58b5827b6c
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,12 @@
|
|
1
|
+
## [3.0.3]
|
2
|
+
### Added
|
3
|
+
- Build arm64 image on separate agent with dedicated architecture
|
4
|
+
- Upload artifacts for all packaged architectures to artifactory
|
5
|
+
|
6
|
+
### Fixed
|
7
|
+
- Fixed regressions introduced by incorrect linting fixes. Most significantly,
|
8
|
+
preventing the `VERSION` file from being included in release packages.
|
9
|
+
|
1
10
|
## [3.0.2]
|
2
11
|
### Changed
|
3
12
|
- Allow Base Image to be configured on execution.
|
@@ -35,11 +44,11 @@
|
|
35
44
|
|
36
45
|
- Refine bundler related steps in `debify package` flow: only `package.sh` file configures
|
37
46
|
and invokes bundler. `Dockerfile.fpm` only copies files and adjusts folder structure.
|
38
|
-
- Remove bundler 1.* support
|
47
|
+
- Remove bundler 1.* support
|
39
48
|
|
40
49
|
# 2.0.0
|
41
50
|
### Changed
|
42
|
-
- Debify now receives the flag `--output` as input to indicate the file type that it should package (e.g `rpm`). If this
|
51
|
+
- Debify now receives the flag `--output` as input to indicate the file type that it should package (e.g `rpm`). If this
|
43
52
|
flag is not given, the default value is `deb`.
|
44
53
|
[conjurinc/debify#56](https://github.com/conjurinc/debify/issues/56)
|
45
54
|
|
data/Jenkinsfile
CHANGED
@@ -2,23 +2,33 @@
|
|
2
2
|
|
3
3
|
// Automated release, promotion and dependencies
|
4
4
|
properties([
|
5
|
+
// Include the automated release parameters for the build
|
5
6
|
release.addParams(),
|
6
|
-
|
7
|
+
// Dependencies of the project that should trigger builds
|
8
|
+
dependencies([])
|
7
9
|
])
|
8
10
|
|
11
|
+
// Performs release promotion. No other stages will be run
|
9
12
|
if (params.MODE == "PROMOTE") {
|
10
|
-
release.promote(params.VERSION_TO_PROMOTE) { sourceVersion, targetVersion, assetDirectory ->
|
11
|
-
|
13
|
+
release.promote(params.VERSION_TO_PROMOTE) { infrapool, sourceVersion, targetVersion, assetDirectory ->
|
14
|
+
// Any assets from sourceVersion Github release are available in assetDirectory
|
15
|
+
// Any version number updates from sourceVersion to targetVersion occur here
|
16
|
+
// Any publishing of targetVersion artifacts occur here
|
17
|
+
// Anything added to assetDirectory will be attached to the Github Release
|
18
|
+
|
19
|
+
//Note: assetDirectory is on the infrapool agent, not the local Jenkins agent.
|
20
|
+
infrapool.agentSh './publish-rubygem.sh'
|
12
21
|
}
|
22
|
+
release.copyEnterpriseRelease(params.VERSION_TO_PROMOTE)
|
13
23
|
return
|
14
24
|
}
|
15
25
|
|
16
26
|
pipeline {
|
17
|
-
agent { label '
|
27
|
+
agent { label 'conjur-enterprise-common-agent' }
|
18
28
|
|
19
29
|
options {
|
20
30
|
timestamps()
|
21
|
-
buildDiscarder(logRotator(
|
31
|
+
buildDiscarder(logRotator(numToKeepStr: '30'))
|
22
32
|
}
|
23
33
|
|
24
34
|
triggers {
|
@@ -26,10 +36,12 @@ pipeline {
|
|
26
36
|
}
|
27
37
|
|
28
38
|
environment {
|
39
|
+
// Sets the MODE to the specified or autocalculated value as appropriate
|
29
40
|
MODE = release.canonicalizeMode()
|
30
41
|
}
|
31
42
|
|
32
43
|
stages {
|
44
|
+
// Aborts any builds triggered by another project that wouldn't include any changes
|
33
45
|
stage ("Skip build if triggering job didn't create a release") {
|
34
46
|
when {
|
35
47
|
expression {
|
@@ -43,34 +55,86 @@ pipeline {
|
|
43
55
|
}
|
44
56
|
}
|
45
57
|
}
|
46
|
-
|
58
|
+
|
59
|
+
stage('Get InfraPool ExecutorV2 Agent(s)') {
|
47
60
|
steps {
|
48
|
-
|
49
|
-
|
61
|
+
script {
|
62
|
+
// Request ExecutorV2 agents for 1 hour(s)
|
63
|
+
INFRAPOOL_EXECUTORV2_AGENT_0 = getInfraPoolAgent.connected(type: "ExecutorV2", quantity: 1, duration: 1)[0]
|
64
|
+
INFRAPOOL_EXECUTORV2ARM_AGENT_0 = getInfraPoolAgent.connected(type: "ExecutorV2ARM", quantity: 1, duration: 1)[0]
|
65
|
+
}
|
50
66
|
}
|
51
67
|
}
|
52
|
-
|
53
|
-
|
54
|
-
|
68
|
+
|
69
|
+
stage('Prepare') {
|
70
|
+
parallel {
|
71
|
+
stage('Prepare AMD64') {
|
72
|
+
steps {
|
73
|
+
// Initialize VERSION file
|
74
|
+
updateVersion(INFRAPOOL_EXECUTORV2_AGENT_0, "CHANGELOG.md", "${BUILD_NUMBER}")
|
75
|
+
}
|
76
|
+
}
|
77
|
+
|
78
|
+
stage('Prepare ARM64') {
|
79
|
+
steps {
|
80
|
+
// Initialize VERSION file
|
81
|
+
updateVersion(INFRAPOOL_EXECUTORV2ARM_AGENT_0, "CHANGELOG.md", "${BUILD_NUMBER}")
|
82
|
+
}
|
83
|
+
}
|
55
84
|
}
|
56
85
|
}
|
57
86
|
|
87
|
+
stage('Build Docker image') {
|
88
|
+
parallel {
|
89
|
+
stage('Build AMD64 image') {
|
90
|
+
steps {
|
91
|
+
script {
|
92
|
+
INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './build.sh'
|
93
|
+
}
|
94
|
+
}
|
95
|
+
}
|
96
|
+
|
97
|
+
stage('Build ARM64 image') {
|
98
|
+
steps {
|
99
|
+
script {
|
100
|
+
INFRAPOOL_EXECUTORV2ARM_AGENT_0.agentSh './build.sh'
|
101
|
+
}
|
102
|
+
}
|
103
|
+
}
|
104
|
+
}
|
105
|
+
}
|
58
106
|
stage('Scan Docker image') {
|
59
107
|
parallel {
|
60
|
-
stage('Scan Docker image for fixable issues') {
|
108
|
+
stage('Scan Docker image for fixable issues (AMD64 based)') {
|
61
109
|
steps{
|
62
110
|
script {
|
63
|
-
VERSION =
|
111
|
+
VERSION = INFRAPOOL_EXECUTORV2_AGENT_0.agentSh(returnStdout: true, script: 'cat VERSION')
|
64
112
|
}
|
65
|
-
scanAndReport("debify:${VERSION}", "HIGH", false)
|
113
|
+
scanAndReport(INFRAPOOL_EXECUTORV2_AGENT_0, "debify:${VERSION}", "HIGH", false)
|
66
114
|
}
|
67
115
|
}
|
68
|
-
stage('Scan Docker image for all issues') {
|
116
|
+
stage('Scan Docker image for all issues (AMD64 based)') {
|
69
117
|
steps{
|
70
118
|
script {
|
71
|
-
VERSION =
|
119
|
+
VERSION = INFRAPOOL_EXECUTORV2_AGENT_0.agentSh(returnStdout: true, script: 'cat VERSION')
|
72
120
|
}
|
73
|
-
scanAndReport("debify:${VERSION}", "NONE", true)
|
121
|
+
scanAndReport(INFRAPOOL_EXECUTORV2_AGENT_0, "debify:${VERSION}", "NONE", true)
|
122
|
+
}
|
123
|
+
}
|
124
|
+
stage('Scan Docker image for fixable issues (ARM64 based)') {
|
125
|
+
steps{
|
126
|
+
script {
|
127
|
+
VERSION = INFRAPOOL_EXECUTORV2ARM_AGENT_0.agentSh(returnStdout: true, script: 'cat VERSION')
|
128
|
+
}
|
129
|
+
scanAndReport(INFRAPOOL_EXECUTORV2ARM_AGENT_0, "debify:${VERSION}", "HIGH", false)
|
130
|
+
}
|
131
|
+
}
|
132
|
+
stage('Scan Docker image for all issues (ARM64 based)') {
|
133
|
+
steps{
|
134
|
+
script {
|
135
|
+
VERSION = INFRAPOOL_EXECUTORV2ARM_AGENT_0.agentSh(returnStdout: true, script: 'cat VERSION')
|
136
|
+
}
|
137
|
+
scanAndReport(INFRAPOOL_EXECUTORV2ARM_AGENT_0, "debify:${VERSION}", "NONE", true)
|
74
138
|
}
|
75
139
|
}
|
76
140
|
}
|
@@ -78,21 +142,46 @@ pipeline {
|
|
78
142
|
|
79
143
|
stage('Run feature tests') {
|
80
144
|
steps {
|
81
|
-
|
145
|
+
script {
|
146
|
+
INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './test.sh'
|
147
|
+
INFRAPOOL_EXECUTORV2_AGENT_0.agentStash name: 'test-results', includes: 'features/reports/*.xml'
|
148
|
+
}
|
82
149
|
}
|
83
150
|
post { always {
|
151
|
+
unstash 'test-results'
|
84
152
|
junit 'features/reports/*.xml'
|
85
153
|
}}
|
86
154
|
}
|
87
155
|
|
88
156
|
stage('Push Docker image') {
|
157
|
+
parallel {
|
158
|
+
stage('Push AMD64 image') {
|
159
|
+
steps {
|
160
|
+
script {
|
161
|
+
INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './push-image.sh amd64'
|
162
|
+
}
|
163
|
+
}
|
164
|
+
}
|
165
|
+
|
166
|
+
stage('Push ARM64 image') {
|
167
|
+
steps {
|
168
|
+
script {
|
169
|
+
INFRAPOOL_EXECUTORV2ARM_AGENT_0.agentSh './push-image.sh arm64'
|
170
|
+
}
|
171
|
+
}
|
172
|
+
}
|
173
|
+
}
|
174
|
+
}
|
175
|
+
|
176
|
+
stage('Push Docker manifest with multi-arch') {
|
89
177
|
steps {
|
90
|
-
|
91
|
-
|
178
|
+
script {
|
179
|
+
INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './push-manifest.sh'
|
180
|
+
}
|
92
181
|
}
|
93
182
|
}
|
94
183
|
|
95
|
-
stage('
|
184
|
+
stage('Release') {
|
96
185
|
when {
|
97
186
|
expression {
|
98
187
|
MODE == "RELEASE"
|
@@ -100,17 +189,31 @@ pipeline {
|
|
100
189
|
}
|
101
190
|
|
102
191
|
steps {
|
103
|
-
|
104
|
-
|
105
|
-
|
192
|
+
script {
|
193
|
+
release(INFRAPOOL_EXECUTORV2_AGENT_0) { billOfMaterialsDirectory, assetDirectory ->
|
194
|
+
/* Publish release artifacts to all the appropriate locations
|
195
|
+
Copy any artifacts to assetDirectory on the infrapool node
|
196
|
+
to attach them to the Github release.
|
197
|
+
|
198
|
+
If your assets are on the infrapool node in the target
|
199
|
+
directory, use a copy like this:
|
200
|
+
infrapool.agentSh "cp target/* ${assetDirectory}"
|
201
|
+
Note That this will fail if there are no assets, add :||
|
202
|
+
if you want the release to succeed with no assets.
|
203
|
+
|
204
|
+
If your assets are in target on the main Jenkins agent, use:
|
205
|
+
infrapool.agentPut(from: 'target/', to: assetDirectory)
|
206
|
+
*/
|
207
|
+
INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './publish-rubygem.sh'
|
208
|
+
INFRAPOOL_EXECUTORV2_AGENT_0.agentSh "cp conjur-debify-*.gem release-assets/."
|
209
|
+
}
|
106
210
|
}
|
107
211
|
}
|
108
212
|
}
|
109
213
|
}
|
110
|
-
|
111
214
|
post {
|
112
215
|
always {
|
113
|
-
|
216
|
+
releaseInfraPoolAgent()
|
114
217
|
}
|
115
218
|
}
|
116
|
-
}
|
219
|
+
}
|
data/README.md
CHANGED
@@ -116,7 +116,7 @@ COMMAND OPTIONS
|
|
116
116
|
--additional-files=arg - Specify files to add to the FPM image that are not included from the git repo (default: none)
|
117
117
|
-d, --dir=arg - Set the current working directory (default: none)
|
118
118
|
--dockerfile=arg - Specify a custom Dockerfile.fpm (default: none)
|
119
|
-
-i, --image=arg - Image name (default: cyberark/
|
119
|
+
-i, --image=arg - Image name (default: cyberark/ubuntu-ruby-builder)
|
120
120
|
-o, --output=arg - Set the output file type of the fpm command (e.g rpm) (default: none)
|
121
121
|
-t, --image-tag=arg - Image tag, e.g. 4.5-stable, 4.6-stable (default: latest)
|
122
122
|
-v, --version=arg - Specify the deb version; by default, it's read from the VERSION file (default: none)
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.0.
|
1
|
+
3.0.3-9
|
data/features/package.feature
CHANGED
@@ -8,16 +8,16 @@ Feature: Packaging
|
|
8
8
|
And I successfully run `env DEBUG=true GLI_DEBUG=true debify package -d ../../example --output rpm -v 0.0.1-suffix example -- --post-install /distrib/postinstall.sh`
|
9
9
|
|
10
10
|
Scenario: 'example' project can be packaged successfully
|
11
|
-
Then the
|
12
|
-
And the
|
13
|
-
And the
|
14
|
-
And the
|
11
|
+
Then the output should match /conjur-example_0\.0\.1-suffix_(amd64|arm64)\.deb/
|
12
|
+
And the output should match /conjur-example-dev_0\.0\.1-suffix_(amd64|arm64)\.deb/
|
13
|
+
And the output should match /conjur-example-0\.0\.1_suffix-1\.(x86_64|aarch64)\.rpm/
|
14
|
+
And the output should match /conjur-example-dev-0\.0\.1_suffix-1\.(x86_64|aarch64)\.rpm/
|
15
15
|
|
16
16
|
Scenario: 'clean' command will delete non-Git-managed files
|
17
17
|
When I successfully run `env DEBUG=true GLI_DEBUG=true debify clean -d ../../example --force`
|
18
|
-
And I
|
19
|
-
Then
|
20
|
-
And
|
18
|
+
And I cd to "../../example"
|
19
|
+
Then a file matching %r</conjur-example_0\.0\.1-suffix_(amd64|arm64)\.deb/> should not exist
|
20
|
+
And a file matching %r</conjur-example-0\.0\.1_suffix-1\.(x86_64|aarch64)\.rpm/> should not exist
|
21
21
|
|
22
22
|
Scenario: 'example' project can be published
|
23
23
|
When I successfully run `env DEBUG=true GLI_DEBUG=true debify publish -v 0.0.1-suffix -d ../../example 5.0 example`
|
data/image-tags
CHANGED
@@ -9,9 +9,12 @@ show_master_tags() {
|
|
9
9
|
}
|
10
10
|
|
11
11
|
show_branch_tags() {
|
12
|
+
VERSION=$(< VERSION)
|
13
|
+
docker run --rm debify:$VERSION config script > docker-debify
|
14
|
+
chmod +x docker-debify
|
12
15
|
# tail and tr, to remove the grottiness from the detect-version
|
13
16
|
# output
|
14
|
-
local version="$(DEBIFY_IMAGE=debify:$
|
17
|
+
local version="$(DEBIFY_IMAGE=debify:$VERSION ./docker-debify detect-version | tail -1 | tr -d '\r')"
|
15
18
|
|
16
19
|
echo "$BRANCH_NAME $version"
|
17
20
|
}
|
@@ -38,7 +38,7 @@ module Conjur::Debify
|
|
38
38
|
art_user, art_password = fetch_art_creds
|
39
39
|
end
|
40
40
|
|
41
|
-
# Publish deb package
|
41
|
+
# Publish AMD64 deb package
|
42
42
|
component = cmd_options[:component] || detect_component
|
43
43
|
deb_info = "#{distribution}/#{component}/amd64"
|
44
44
|
package_name = "conjur-#{project_name}_#{version}_amd64.deb"
|
@@ -53,10 +53,26 @@ module Conjur::Debify
|
|
53
53
|
deb_info: deb_info
|
54
54
|
)
|
55
55
|
|
56
|
+
# (Optional) Publish ARM64 deb package
|
57
|
+
unless Dir.glob('*_arm64.deb').empty?
|
58
|
+
deb_info = "#{distribution}/#{component}/arm64"
|
59
|
+
package_name = "conjur-#{project_name}_#{version}_arm64.deb"
|
60
|
+
publish_package(
|
61
|
+
publish_image: publish_image,
|
62
|
+
art_url: art_url,
|
63
|
+
art_user: art_user,
|
64
|
+
art_password: art_password,
|
65
|
+
art_repo: deb_art_repo,
|
66
|
+
package_name: package_name,
|
67
|
+
dir: dir,
|
68
|
+
deb_info: deb_info
|
69
|
+
)
|
70
|
+
end
|
71
|
+
|
56
72
|
# Publish RPM package
|
57
73
|
# The rpm builder replaces dashes with underscores in the version
|
58
74
|
rpm_version = version.tr('-', '_')
|
59
|
-
package_name = "conjur-#{project_name}-#{rpm_version}-1
|
75
|
+
package_name = "conjur-#{project_name}-#{rpm_version}-1.*.rpm"
|
60
76
|
rpm_art_repo = cmd_options['rpm-repo']
|
61
77
|
publish_package(
|
62
78
|
publish_image: publish_image,
|
data/lib/conjur/debify.rb
CHANGED
@@ -5,6 +5,7 @@ require 'gli'
|
|
5
5
|
require 'json'
|
6
6
|
require 'base64'
|
7
7
|
require 'tmpdir'
|
8
|
+
require 'rbconfig'
|
8
9
|
|
9
10
|
require 'conjur/debify/utils'
|
10
11
|
|
@@ -31,24 +32,24 @@ Docker.options[:read_timeout] = 300
|
|
31
32
|
module DebugMixin
|
32
33
|
DEBUG = ENV['DEBUG'].nil? ? true : ENV['DEBUG'].downcase == 'true'
|
33
34
|
|
34
|
-
def debug
|
35
|
+
def debug(* a)
|
35
36
|
DebugMixin.debug *a
|
36
37
|
end
|
37
38
|
|
38
|
-
def self.debug
|
39
|
+
def self.debug(* a)
|
39
40
|
$stderr.puts *a if DEBUG
|
40
41
|
end
|
41
42
|
|
42
|
-
def debug_write
|
43
|
+
def debug_write(* a)
|
43
44
|
DebugMixin.debug_write *a
|
44
45
|
end
|
45
46
|
|
46
|
-
def self.debug_write
|
47
|
+
def self.debug_write(* a)
|
47
48
|
$stderr.write *a if DEBUG
|
48
49
|
end
|
49
50
|
|
50
51
|
# you can give this to various docker methods to print output if debug is on
|
51
|
-
def self.docker_debug
|
52
|
+
def self.docker_debug(* a)
|
52
53
|
if a.length == 2 && a[0].is_a?(Symbol)
|
53
54
|
debug a.last
|
54
55
|
else
|
@@ -90,8 +91,26 @@ def detect_version
|
|
90
91
|
end
|
91
92
|
end
|
92
93
|
|
94
|
+
def detect_architecture
|
95
|
+
architecture = RbConfig::CONFIG['arch']
|
96
|
+
result_map = {}
|
97
|
+
|
98
|
+
case architecture
|
99
|
+
when /x86_64|amd64/
|
100
|
+
result_map['deb'] = 'amd64'
|
101
|
+
result_map['rpm'] = 'x86_64'
|
102
|
+
when /arm64|aarch64/
|
103
|
+
result_map['deb'] = 'arm64'
|
104
|
+
result_map['rpm'] = 'aarch64'
|
105
|
+
else
|
106
|
+
raise "Unsupported architecture type: #{architecture}"
|
107
|
+
end
|
108
|
+
|
109
|
+
result_map
|
110
|
+
end
|
111
|
+
|
93
112
|
def git_files
|
94
|
-
files = (`git ls-files -z`.split("\x0") + [
|
113
|
+
files = (`git ls-files -z`.split("\x0") + %w[Gemfile.lock VERSION]).uniq
|
95
114
|
# Since submodule directories are listed, but are not files, we remove them.
|
96
115
|
# Currently, `conjur-project-config` is the only submodule in Conjur, and it
|
97
116
|
# can safely be removed because it's a developer-only tool. If we add another
|
@@ -141,7 +160,7 @@ command "clean" do |c|
|
|
141
160
|
c.desc "Force file deletion even if if this doesn't look like a Jenkins environment"
|
142
161
|
c.switch [:force]
|
143
162
|
|
144
|
-
c.action do |
|
163
|
+
c.action do |_, cmd_options, _|
|
145
164
|
def looks_like_jenkins?
|
146
165
|
require 'etc'
|
147
166
|
Etc.getlogin == 'jenkins' && ENV['BUILD_NUMBER']
|
@@ -149,12 +168,12 @@ command "clean" do |c|
|
|
149
168
|
|
150
169
|
require 'set'
|
151
170
|
perform_deletion = cmd_options[:force] || looks_like_jenkins?
|
152
|
-
|
171
|
+
unless perform_deletion
|
153
172
|
$stderr.puts "No --force, and this doesn't look like Jenkins. I won't actually delete anything"
|
154
173
|
end
|
155
|
-
@ignore_list = Array(cmd_options[:ignore]) + [
|
174
|
+
@ignore_list = Array(cmd_options[:ignore]) + %w[. .. .git]
|
156
175
|
|
157
|
-
def ignore_file?
|
176
|
+
def ignore_file?(f)
|
158
177
|
@ignore_list.find { |ignore| f.index(ignore) == 0 }
|
159
178
|
end
|
160
179
|
|
@@ -172,7 +191,7 @@ command "clean" do |c|
|
|
172
191
|
File.directory?(file) || ignore_file?(file)
|
173
192
|
}
|
174
193
|
if perform_deletion
|
175
|
-
image = Docker::Image.create 'fromImage' => "alpine:3.
|
194
|
+
image = Docker::Image.create 'fromImage' => "alpine:3.19.0"
|
176
195
|
options = {
|
177
196
|
'Cmd' => ["sh", "-c", "while true; do sleep 1; done"],
|
178
197
|
'Image' => image.id,
|
@@ -190,7 +209,7 @@ command "clean" do |c|
|
|
190
209
|
file = "/src/#{file}"
|
191
210
|
cmd = ["rm", "-f", file]
|
192
211
|
|
193
|
-
|
212
|
+
_, _, status = container.exec cmd, &DebugMixin::DOCKER
|
194
213
|
$stderr.puts "Failed to delete #{file}" unless status == 0
|
195
214
|
end
|
196
215
|
ensure
|
@@ -255,15 +274,15 @@ command "package" do |c|
|
|
255
274
|
c.flag [:'additional-files']
|
256
275
|
|
257
276
|
c.desc "Image name"
|
258
|
-
c.default_value "cyberark/
|
277
|
+
c.default_value "cyberark/ubuntu-ruby-builder"
|
259
278
|
c.flag [:i, :image]
|
260
279
|
|
261
280
|
c.desc "Image tag, e.g. 4.5-stable, 4.6-stable"
|
262
281
|
c.default_value "latest"
|
263
282
|
c.flag [:t, :'image-tag']
|
264
283
|
|
265
|
-
c.action do |
|
266
|
-
raise "project-name is required" unless project_name = args.shift
|
284
|
+
c.action do |_, cmd_options, args|
|
285
|
+
raise "project-name is required" unless (project_name = args.shift)
|
267
286
|
|
268
287
|
fpm_args = []
|
269
288
|
if (delimeter = args.shift) == '--'
|
@@ -339,30 +358,20 @@ command "package" do |c|
|
|
339
358
|
}
|
340
359
|
options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
|
341
360
|
|
361
|
+
file_path, dev_file_path = determine_file_path(file_type, detect_architecture, project_name, version)
|
362
|
+
|
342
363
|
container = Docker::Container.create options
|
343
364
|
begin
|
344
365
|
DebugMixin.debug_write "Packaging #{project_name} in container #{container.id}\n"
|
345
|
-
container.tap(&:start!).streaming_logs(follow: true, stdout: true, stderr: true) { |
|
366
|
+
container.tap(&:start!).streaming_logs(follow: true, stdout: true, stderr: true) { |_, chunk| $stderr.puts "#{chunk}" }
|
346
367
|
status = container.wait
|
347
368
|
raise "Failed to package #{project_name}" unless status['StatusCode'] == 0
|
348
369
|
|
349
|
-
|
350
|
-
|
351
|
-
|
352
|
-
|
353
|
-
|
354
|
-
"conjur-#{project_name}-dev_#{version}_amd64.deb"
|
355
|
-
)
|
356
|
-
elsif file_type == "rpm"
|
357
|
-
# Copy rpm packages
|
358
|
-
# The rpm builder replaces dashes with underscores in the version
|
359
|
-
rpm_version = version.tr('-', '_')
|
360
|
-
copy_packages_from_container(
|
361
|
-
container,
|
362
|
-
"conjur-#{project_name}-#{rpm_version}-1.x86_64.rpm",
|
363
|
-
"conjur-#{project_name}-dev-#{rpm_version}-1.x86_64.rpm"
|
364
|
-
)
|
365
|
-
end
|
370
|
+
copy_packages_from_container(
|
371
|
+
container,
|
372
|
+
file_path,
|
373
|
+
dev_file_path
|
374
|
+
)
|
366
375
|
ensure
|
367
376
|
container.delete(force: true)
|
368
377
|
end
|
@@ -370,13 +379,33 @@ command "package" do |c|
|
|
370
379
|
end
|
371
380
|
end
|
372
381
|
|
373
|
-
def
|
374
|
-
|
382
|
+
def determine_file_path(file_type, architecture_map, project_name, version)
|
383
|
+
if file_type == "deb"
|
384
|
+
architecture = architecture_map[file_type]
|
385
|
+
file_path = "conjur-#{project_name}_#{version}_#{architecture}.#{file_type}"
|
386
|
+
dev_file_path = "conjur-#{project_name}-dev_#{version}_#{architecture}.#{file_type}"
|
387
|
+
elsif file_type == "rpm"
|
388
|
+
architecture = architecture_map[file_type]
|
389
|
+
|
390
|
+
# The rpm builder replaces dashes with underscores in the version
|
391
|
+
version = version.tr('-', '_')
|
392
|
+
|
393
|
+
file_path = "conjur-#{project_name}-#{version}-1.#{architecture}.#{file_type}"
|
394
|
+
dev_file_path = "conjur-#{project_name}-dev-#{version}-1.#{architecture}.#{file_type}"
|
395
|
+
else
|
396
|
+
raise "Unrecognized file type: #{file_type}, must be one of the following: deb, rpm"
|
397
|
+
end
|
398
|
+
|
399
|
+
[file_path, dev_file_path]
|
400
|
+
end
|
401
|
+
|
402
|
+
def container_command(container, *args)
|
403
|
+
stdout, _, exitcode = container.exec args, &DebugMixin::DOCKER
|
375
404
|
exit_now! "Command failed : #{args.join(' ')}", exitcode unless exitcode == 0
|
376
405
|
stdout
|
377
406
|
end
|
378
407
|
|
379
|
-
def wait_for_conjur
|
408
|
+
def wait_for_conjur(container)
|
380
409
|
container_command container, '/opt/conjur/evoke/bin/wait_for_conjur'
|
381
410
|
rescue
|
382
411
|
$stderr.puts container.logs(stdout: true, stderr: true)
|
@@ -480,8 +509,8 @@ command "test" do |c|
|
|
480
509
|
network_options(c)
|
481
510
|
|
482
511
|
c.action do |global_options, cmd_options, args|
|
483
|
-
raise "project-name is required" unless project_name = args.shift
|
484
|
-
raise "test-script is required" unless test_script = args.shift
|
512
|
+
raise "project-name is required" unless (project_name = args.shift)
|
513
|
+
raise "test-script is required" unless (test_script = args.shift)
|
485
514
|
raise "Received extra command-line arguments" if args.shift
|
486
515
|
|
487
516
|
dir = cmd_options[:dir] || '.'
|
@@ -553,11 +582,11 @@ RUN touch /etc/service/conjur/down
|
|
553
582
|
options = {
|
554
583
|
'Image' => appliance_image.id,
|
555
584
|
'name' => project_name,
|
556
|
-
'Env' => [
|
557
|
-
|
558
|
-
|
559
|
-
|
560
|
-
|
585
|
+
'Env' => %w[
|
586
|
+
CONJUR_AUTHN_LOGIN=admin
|
587
|
+
CONJUR_ENV=appliance
|
588
|
+
CONJUR_AUTHN_API_KEY=SEcret12!!!!
|
589
|
+
CONJUR_ADMIN_PASSWORD=SEcret12!!!!
|
561
590
|
] + global_options[:env],
|
562
591
|
'HostConfig' => {
|
563
592
|
'Binds' => [
|
@@ -590,9 +619,9 @@ RUN touch /etc/service/conjur/down
|
|
590
619
|
|
591
620
|
# Wait for pg/main so that migrations can run
|
592
621
|
30.times do
|
593
|
-
stdout,
|
622
|
+
stdout, _, exitcode = container.exec %w(sv status pg/main), &DebugMixin::DOCKER
|
594
623
|
status = stdout.join
|
595
|
-
break if exitcode == 0 && status =~ /^run
|
624
|
+
break if exitcode == 0 && status =~ /^run/
|
596
625
|
sleep 1
|
597
626
|
end
|
598
627
|
|
@@ -607,7 +636,7 @@ RUN touch /etc/service/conjur/down
|
|
607
636
|
|
608
637
|
container_command container, "rm", "/etc/service/conjur/down"
|
609
638
|
container_command container, "sv", "start", "conjur"
|
610
|
-
wait_for_conjur
|
639
|
+
wait_for_conjur container
|
611
640
|
|
612
641
|
system "./#{test_script} #{container.id}"
|
613
642
|
exit_now! "#{test_script} failed with exit code #{$?.exitstatus}", $?.exitstatus unless $?.exitstatus == 0
|
@@ -703,11 +732,11 @@ command "sandbox" do |c|
|
|
703
732
|
'name' => "#{project_name}-sandbox",
|
704
733
|
'Image' => appliance_image.id,
|
705
734
|
'WorkingDir' => "/src/#{project_name}",
|
706
|
-
'Env' => [
|
707
|
-
|
708
|
-
|
709
|
-
|
710
|
-
|
735
|
+
'Env' => %w[
|
736
|
+
CONJUR_AUTHN_LOGIN=admin
|
737
|
+
CONJUR_ENV=appliance
|
738
|
+
CONJUR_AUTHN_API_KEY=SEcret12!!!!
|
739
|
+
CONJUR_ADMIN_PASSWORD=SEcret12!!!!
|
711
740
|
] + global_options[:env]
|
712
741
|
}
|
713
742
|
|
@@ -746,7 +775,7 @@ command "sandbox" do |c|
|
|
746
775
|
$stdout.puts container.id
|
747
776
|
container.start!
|
748
777
|
|
749
|
-
wait_for_conjur
|
778
|
+
wait_for_conjur container
|
750
779
|
|
751
780
|
if cmd_options[:'dev-install']
|
752
781
|
container_command(container, "/opt/conjur/evoke/bin/dev-install", project_name)
|
@@ -798,10 +827,10 @@ command "publish" do |c|
|
|
798
827
|
c.default_value "redhat-private"
|
799
828
|
c.flag ['rpm-repo']
|
800
829
|
|
801
|
-
c.action do |
|
830
|
+
c.action do |_, cmd_options, args|
|
802
831
|
require 'conjur/debify/action/publish'
|
803
|
-
raise "distribution is required" unless distribution = args.shift
|
804
|
-
raise "project-name is required" unless project_name = args.shift
|
832
|
+
raise "distribution is required" unless (distribution = args.shift)
|
833
|
+
raise "project-name is required" unless (project_name = args.shift)
|
805
834
|
raise "Received extra command-line arguments" if args.shift
|
806
835
|
|
807
836
|
Conjur::Debify::Action::Publish.new(distribution, project_name, cmd_options).run
|
@@ -812,7 +841,7 @@ desc "Auto-detect and print the repository version"
|
|
812
841
|
command "detect-version" do |c|
|
813
842
|
c.desc "Set the current working directory"
|
814
843
|
c.flag [:d, :dir]
|
815
|
-
c.action do |
|
844
|
+
c.action do |_, cmd_options, args|
|
816
845
|
raise "Received extra command-line arguments" if args.shift
|
817
846
|
|
818
847
|
dir = cmd_options[:dir] || '.'
|
@@ -830,7 +859,7 @@ desc 'Show the given configuration'
|
|
830
859
|
arg_name 'configuration'
|
831
860
|
command 'config' do |c|
|
832
861
|
c.action do |_, _, args|
|
833
|
-
raise 'no configuration provided' unless config = args.shift
|
862
|
+
raise 'no configuration provided' unless (config = args.shift)
|
834
863
|
raise "Received extra command-line arguments" if args.shift
|
835
864
|
|
836
865
|
File.open(File.join('distrib', config)).each do |line|
|
@@ -838,25 +867,3 @@ command 'config' do |c|
|
|
838
867
|
end
|
839
868
|
end
|
840
869
|
end
|
841
|
-
|
842
|
-
|
843
|
-
pre do |global, command, options, args|
|
844
|
-
# Pre logic here
|
845
|
-
# Return true to proceed; false to abort and not call the
|
846
|
-
# chosen command
|
847
|
-
# Use skips_pre before a command to skip this block
|
848
|
-
# on that command only
|
849
|
-
true
|
850
|
-
end
|
851
|
-
|
852
|
-
post do |global, command, options, args|
|
853
|
-
# Post logic here
|
854
|
-
# Use skips_post before a command to skip this
|
855
|
-
# block on that command only
|
856
|
-
end
|
857
|
-
|
858
|
-
on_error do |exception|
|
859
|
-
# Error logic here
|
860
|
-
# return false to skip default error handling
|
861
|
-
true
|
862
|
-
end
|
data/push-image.sh
CHANGED
@@ -1,6 +1,12 @@
|
|
1
1
|
#!/bin/bash -ex
|
2
2
|
|
3
|
+
TAG=$(< VERSION)
|
4
|
+
ARCH="$1"
|
5
|
+
if [ -z "$ARCH" ]; then
|
6
|
+
ARCH="amd64"
|
7
|
+
fi
|
8
|
+
|
3
9
|
for t in $(./image-tags); do
|
4
|
-
docker
|
10
|
+
docker tag "debify:$TAG" "registry.tld/conjurinc/debify:$t-$ARCH"
|
11
|
+
docker push "registry.tld/conjurinc/debify:$t-$ARCH"
|
5
12
|
done
|
6
|
-
|
data/push-manifest.sh
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/bin/bash -ex
|
2
|
+
|
3
|
+
for t in $(./image-tags); do
|
4
|
+
docker pull "registry.tld/conjurinc/debify:$t-amd64"
|
5
|
+
docker pull "registry.tld/conjurinc/debify:$t-arm64"
|
6
|
+
|
7
|
+
docker manifest create \
|
8
|
+
--insecure \
|
9
|
+
"registry.tld/conjurinc/debify:$t" \
|
10
|
+
--amend "registry.tld/conjurinc/debify:$t-amd64" \
|
11
|
+
--amend "registry.tld/conjurinc/debify:$t-arm64"
|
12
|
+
|
13
|
+
docker manifest push --insecure "registry.tld/conjurinc/debify:$t"
|
14
|
+
done
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: conjur-debify
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.0.
|
4
|
+
version: 3.0.3.pre.9
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- CyberArk Software, Inc.
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-01-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: gli
|
@@ -164,7 +164,7 @@ dependencies:
|
|
164
164
|
- - "~>"
|
165
165
|
- !ruby/object:Gem::Version
|
166
166
|
version: '1.0'
|
167
|
-
description:
|
167
|
+
description:
|
168
168
|
email:
|
169
169
|
- conj_maintainers@cyberark.com
|
170
170
|
executables:
|
@@ -223,6 +223,7 @@ files:
|
|
223
223
|
- lib/conjur/publish/Dockerfile
|
224
224
|
- publish-rubygem.sh
|
225
225
|
- push-image.sh
|
226
|
+
- push-manifest.sh
|
226
227
|
- secrets.yml
|
227
228
|
- spec/action/publish_spec.rb
|
228
229
|
- spec/data/Makefile
|
@@ -230,13 +231,12 @@ files:
|
|
230
231
|
- spec/debify_utils_spec.rb
|
231
232
|
- spec/spec_helper.rb
|
232
233
|
- spec/utils_spec.rb
|
233
|
-
- tag-image.sh
|
234
234
|
- test.sh
|
235
235
|
homepage: https://github.com/conjurinc/debify
|
236
236
|
licenses:
|
237
237
|
- MIT
|
238
238
|
metadata: {}
|
239
|
-
post_install_message:
|
239
|
+
post_install_message:
|
240
240
|
rdoc_options: []
|
241
241
|
require_paths:
|
242
242
|
- lib
|
@@ -247,12 +247,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
247
247
|
version: '0'
|
248
248
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
249
249
|
requirements:
|
250
|
-
- - "
|
250
|
+
- - ">"
|
251
251
|
- !ruby/object:Gem::Version
|
252
|
-
version:
|
252
|
+
version: 1.3.1
|
253
253
|
requirements: []
|
254
|
-
rubygems_version: 3.
|
255
|
-
signing_key:
|
254
|
+
rubygems_version: 3.4.10
|
255
|
+
signing_key:
|
256
256
|
specification_version: 4
|
257
257
|
summary: Utility commands to build and package Conjur services as Debian packages
|
258
258
|
test_files:
|