conjur-debify 3.0.2 → 3.0.3.pre.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8bd35d7a7a35d9c093b4194dedda6ea1d0221b8e0c20296b96195c16b28215cf
-  data.tar.gz: 8e42219970968e197d1adf38212d5e8b9a14f744687085b6a83b22d2a950fe3e
+  metadata.gz: 788f898e4a97e29086970287c68f11820f3745417a7a79b45464fff1526fc905
+  data.tar.gz: e00b6dccc458b1ff4dcbaf3b91a6f501f7019ecc5220915ae3455bc13501aff7
 SHA512:
-  metadata.gz: aaf81d2fe3303db79ba608ce5a3defa99a1cb756030a94d944fc61b37005720fdb7f4d59e3ada15d2752c3de931f3208e912c6bb85561c8e2f320386adee1b09
-  data.tar.gz: a32bb3780243b3ec25efb50c5c6016db49e8d777cf51e2f822772d6f907212d4c966b411f8ea5af79c69a7fd3adc5ad3c7dfdb62b35b5f023a5245bdd381dede
+  metadata.gz: 4769c7bbb7433f7b85ab9a96eaaa5902f4b3cfd963acee183559d13e06d3cab8fab36e7d56048dace446e1d0e4291ffc957892baf5deaed80672ece0d1a5da52
+  data.tar.gz: dbffcf72245096ffee0767a0bcf854a36ef03273340c14233ff5dbf32e73288d3de5a516594e7f11d6ca0ed9c9deddf17d245ac9a648659fd9666f58b5827b6c

data/CHANGELOG.md

@@ -1,3 +1,12 @@
+## [3.0.3]
+### Added
+- Build arm64 image on separate agent with dedicated architecture
+- Upload artifacts for all packaged architectures to artifactory
+
+### Fixed
+- Fixed regressions introduced by incorrect linting fixes. Most significantly,
+  preventing the `VERSION` file from being included in release packages.
+
 ## [3.0.2]
 ### Changed
 - Allow Base Image to be configured on execution.
@@ -35,11 +44,11 @@
 
 - Refine bundler related steps in `debify package` flow: only `package.sh` file configures
   and invokes bundler. `Dockerfile.fpm` only copies files and adjusts folder structure.
-- Remove bundler 1.* support 
+- Remove bundler 1.* support
 
 # 2.0.0
 ### Changed
-- Debify now receives the flag `--output` as input to indicate the file type that it should package (e.g `rpm`). If this 
+- Debify now receives the flag `--output` as input to indicate the file type that it should package (e.g `rpm`). If this
   flag is not given, the default value is `deb`.
   [conjurinc/debify#56](https://github.com/conjurinc/debify/issues/56)
 

data/Jenkinsfile

@@ -2,23 +2,33 @@
 
 // Automated release, promotion and dependencies
 properties([
+  // Include the automated release parameters for the build
   release.addParams(),
-  dependencies(['cyberark/conjur-base-image'])
+  // Dependencies of the project that should trigger builds
+  dependencies([])
 ])
 
+// Performs release promotion.  No other stages will be run
 if (params.MODE == "PROMOTE") {
-  release.promote(params.VERSION_TO_PROMOTE) { sourceVersion, targetVersion, assetDirectory ->
-    sh './publish-rubygem.sh'
+  release.promote(params.VERSION_TO_PROMOTE) { infrapool, sourceVersion, targetVersion, assetDirectory ->
+    // Any assets from sourceVersion Github release are available in assetDirectory
+    // Any version number updates from sourceVersion to targetVersion occur here
+    // Any publishing of targetVersion artifacts occur here
+    // Anything added to assetDirectory will be attached to the Github Release
+
+    //Note: assetDirectory is on the infrapool agent, not the local Jenkins agent.
+    infrapool.agentSh './publish-rubygem.sh'
   }
+  release.copyEnterpriseRelease(params.VERSION_TO_PROMOTE)
   return
 }
 
 pipeline {
-  agent { label 'executor-v2' }
+  agent { label 'conjur-enterprise-common-agent' }
 
   options {
     timestamps()
-    buildDiscarder(logRotator(daysToKeepStr: '30'))
+    buildDiscarder(logRotator(numToKeepStr: '30'))
   }
 
   triggers {
@@ -26,10 +36,12 @@ pipeline {
   }
 
   environment {
+    // Sets the MODE to the specified or autocalculated value as appropriate
     MODE = release.canonicalizeMode()
   }
 
   stages {
+    // Aborts any builds triggered by another project that wouldn't include any changes
     stage ("Skip build if triggering job didn't create a release") {
       when {
         expression {
@@ -43,34 +55,86 @@ pipeline {
         }
       }
     }
-    stage('Prepare') {
+
+    stage('Get InfraPool ExecutorV2 Agent(s)') {
       steps {
-        // Initialize VERSION file
-        updateVersion("CHANGELOG.md", "${BUILD_NUMBER}")
+        script {
+          // Request ExecutorV2 agents for 1 hour(s)
+          INFRAPOOL_EXECUTORV2_AGENT_0 = getInfraPoolAgent.connected(type: "ExecutorV2", quantity: 1, duration: 1)[0]
+          INFRAPOOL_EXECUTORV2ARM_AGENT_0 = getInfraPoolAgent.connected(type: "ExecutorV2ARM", quantity: 1, duration: 1)[0]
+        }
       }
     }
-    stage('Build docker image') {
-      steps {
-        sh './build.sh'
+
+    stage('Prepare') {
+      parallel {
+        stage('Prepare AMD64') {
+          steps {
+            // Initialize VERSION file
+            updateVersion(INFRAPOOL_EXECUTORV2_AGENT_0, "CHANGELOG.md", "${BUILD_NUMBER}")
+          }
+        }
+
+        stage('Prepare ARM64') {
+          steps {
+            // Initialize VERSION file
+            updateVersion(INFRAPOOL_EXECUTORV2ARM_AGENT_0, "CHANGELOG.md", "${BUILD_NUMBER}")
+          }
+        }
       }
     }
 
+    stage('Build Docker image') {
+      parallel {
+        stage('Build AMD64 image') {
+          steps {
+            script {
+              INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './build.sh'
+            }
+          }
+        }
+
+        stage('Build ARM64 image') {
+          steps {
+            script {
+              INFRAPOOL_EXECUTORV2ARM_AGENT_0.agentSh './build.sh'
+            }
+          }
+        }
+      }
+    }
     stage('Scan Docker image') {
       parallel {
-        stage('Scan Docker image for fixable issues') {
+        stage('Scan Docker image for fixable issues (AMD64 based)') {
           steps{
             script {
-              VERSION = sh(returnStdout: true, script: 'cat VERSION')
+              VERSION = INFRAPOOL_EXECUTORV2_AGENT_0.agentSh(returnStdout: true, script: 'cat VERSION')
             }
-            scanAndReport("debify:${VERSION}", "HIGH", false)
+            scanAndReport(INFRAPOOL_EXECUTORV2_AGENT_0, "debify:${VERSION}", "HIGH", false)
           }
         }
-        stage('Scan Docker image for all issues') {
+        stage('Scan Docker image for all issues (AMD64 based)') {
           steps{
             script {
-              VERSION = sh(returnStdout: true, script: 'cat VERSION')
+              VERSION = INFRAPOOL_EXECUTORV2_AGENT_0.agentSh(returnStdout: true, script: 'cat VERSION')
             }
-            scanAndReport("debify:${VERSION}", "NONE", true)
+            scanAndReport(INFRAPOOL_EXECUTORV2_AGENT_0, "debify:${VERSION}", "NONE", true)
+          }
+        }
+        stage('Scan Docker image for fixable issues (ARM64 based)') {
+          steps{
+            script {
+              VERSION = INFRAPOOL_EXECUTORV2ARM_AGENT_0.agentSh(returnStdout: true, script: 'cat VERSION')
+            }
+            scanAndReport(INFRAPOOL_EXECUTORV2ARM_AGENT_0, "debify:${VERSION}", "HIGH", false)
+          }
+        }
+        stage('Scan Docker image for all issues (ARM64 based)') {
+          steps{
+            script {
+              VERSION = INFRAPOOL_EXECUTORV2ARM_AGENT_0.agentSh(returnStdout: true, script: 'cat VERSION')
+            }
+            scanAndReport(INFRAPOOL_EXECUTORV2ARM_AGENT_0, "debify:${VERSION}", "NONE", true)
           }
         }
       }
@@ -78,21 +142,46 @@ pipeline {
 
     stage('Run feature tests') {
       steps {
-        sh './test.sh'
+        script {
+          INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './test.sh'
+          INFRAPOOL_EXECUTORV2_AGENT_0.agentStash name: 'test-results', includes: 'features/reports/*.xml'
+        }
       }
       post { always {
+        unstash 'test-results'
         junit 'features/reports/*.xml'
       }}
     }
 
     stage('Push Docker image') {
+      parallel {
+        stage('Push AMD64 image') {
+          steps {
+            script {
+              INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './push-image.sh amd64'
+            }
+          }
+        }
+
+        stage('Push ARM64 image') {
+          steps {
+            script {
+              INFRAPOOL_EXECUTORV2ARM_AGENT_0.agentSh './push-image.sh arm64'
+            }
+          }
+        }
+      }
+    }
+
+    stage('Push Docker manifest with multi-arch') {
       steps {
-        sh './tag-image.sh'
-        sh './push-image.sh'
+        script {
+          INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './push-manifest.sh'
+        }
       }
     }
 
-    stage('Publish to RubyGems') {
+    stage('Release') {
       when {
         expression {
           MODE == "RELEASE"
@@ -100,17 +189,31 @@ pipeline {
       }
 
       steps {
-        release {
-          sh './publish-rubygem.sh'
-          sh "cp conjur-debify-*.gem release-assets/."
+        script {
+          release(INFRAPOOL_EXECUTORV2_AGENT_0) { billOfMaterialsDirectory, assetDirectory ->
+            /* Publish release artifacts to all the appropriate locations
+               Copy any artifacts to assetDirectory on the infrapool node
+               to attach them to the Github release.
+
+               If your assets are on the infrapool node in the target
+               directory, use a copy like this:
+                  infrapool.agentSh "cp target/* ${assetDirectory}"
+               Note That this will fail if there are no assets, add :||
+               if you want the release to succeed with no assets.
+
+               If your assets are in target on the main Jenkins agent, use:
+                 infrapool.agentPut(from: 'target/', to: assetDirectory)
+            */
+            INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './publish-rubygem.sh'
+            INFRAPOOL_EXECUTORV2_AGENT_0.agentSh "cp conjur-debify-*.gem release-assets/."
+          }
         }
       }
     }
   }
-
   post {
     always {
-      cleanupAndNotify(currentBuild.currentResult)
+      releaseInfraPoolAgent()
     }
   }
-}
+}

data/README.md

@@ -116,7 +116,7 @@ COMMAND OPTIONS
     --additional-files=arg - Specify files to add to the FPM image that are not included from the git repo (default: none)
     -d, --dir=arg          - Set the current working directory (default: none)
     --dockerfile=arg       - Specify a custom Dockerfile.fpm (default: none)
-    -i, --image=arg        - Image name (default: cyberark/phusion-ruby-fips)
+    -i, --image=arg        - Image name (default: cyberark/ubuntu-ruby-builder)
     -o, --output=arg       - Set the output file type of the fpm command (e.g rpm) (default: none)
     -t, --image-tag=arg    - Image tag, e.g. 4.5-stable, 4.6-stable (default: latest)
     -v, --version=arg      - Specify the deb version; by default, it's read from the VERSION file (default: none)

data/VERSION

@@ -1 +1 @@
-3.0.2
+3.0.3-9

data/features/package.feature

@@ -8,16 +8,16 @@ Feature: Packaging
     And I successfully run `env DEBUG=true GLI_DEBUG=true debify package -d ../../example --output rpm  -v 0.0.1-suffix example  -- --post-install /distrib/postinstall.sh`
 
   Scenario: 'example' project can be packaged successfully
-    Then the stdout should contain "conjur-example_0.0.1-suffix_amd64.deb"
-    And the stdout should contain "conjur-example-dev_0.0.1-suffix_amd64.deb"
-    And the stdout should contain "conjur-example-0.0.1_suffix-1.x86_64.rpm"
-    And the stdout should contain "conjur-example-dev-0.0.1_suffix-1.x86_64.rpm"
+    Then the output should match /conjur-example_0\.0\.1-suffix_(amd64|arm64)\.deb/
+    And the output should match /conjur-example-dev_0\.0\.1-suffix_(amd64|arm64)\.deb/
+    And the output should match /conjur-example-0\.0\.1_suffix-1\.(x86_64|aarch64)\.rpm/
+    And the output should match /conjur-example-dev-0\.0\.1_suffix-1\.(x86_64|aarch64)\.rpm/
 
   Scenario: 'clean' command will delete non-Git-managed files
     When I successfully run `env DEBUG=true GLI_DEBUG=true debify clean -d ../../example --force`
-    And I successfully run `find ../../example`
-    Then the stdout from "find ../../example" should not contain "conjur-example_0.0.1-suffix_amd64.deb"
-    And the stdout from "find ../../example" should not contain "conjur-example-0.0.1_suffix-1.x86_64.rpm"
+    And I cd to "../../example"
+    Then a file matching %r</conjur-example_0\.0\.1-suffix_(amd64|arm64)\.deb/> should not exist
+    And a file matching %r</conjur-example-0\.0\.1_suffix-1\.(x86_64|aarch64)\.rpm/> should not exist
 
   Scenario: 'example' project can be published
     When I successfully run `env DEBUG=true GLI_DEBUG=true debify publish -v 0.0.1-suffix -d ../../example 5.0 example`

data/image-tags

@@ -9,9 +9,12 @@ show_master_tags() {
 }
 
 show_branch_tags() {
+  VERSION=$(< VERSION)
+  docker run --rm debify:$VERSION config script > docker-debify
+  chmod +x docker-debify
   # tail and tr, to remove the grottiness from the detect-version
   # output
-  local version="$(DEBIFY_IMAGE=debify:$(<VERSION) ./docker-debify detect-version | tail -1 | tr -d '\r')"
+  local version="$(DEBIFY_IMAGE=debify:$VERSION ./docker-debify detect-version | tail -1 | tr -d '\r')"
   
   echo "$BRANCH_NAME $version"
 }

data/lib/conjur/debify/action/publish.rb

@@ -38,7 +38,7 @@ module Conjur::Debify
             art_user, art_password = fetch_art_creds
           end
 
-          # Publish deb package
+          # Publish AMD64 deb package
           component = cmd_options[:component] || detect_component
           deb_info = "#{distribution}/#{component}/amd64"
           package_name = "conjur-#{project_name}_#{version}_amd64.deb"
@@ -53,10 +53,26 @@ module Conjur::Debify
             deb_info: deb_info
           )
 
+          # (Optional) Publish ARM64 deb package
+          unless Dir.glob('*_arm64.deb').empty?
+            deb_info = "#{distribution}/#{component}/arm64"
+            package_name = "conjur-#{project_name}_#{version}_arm64.deb"
+            publish_package(
+              publish_image: publish_image,
+              art_url: art_url,
+              art_user: art_user,
+              art_password: art_password,
+              art_repo: deb_art_repo,
+              package_name: package_name,
+              dir: dir,
+              deb_info: deb_info
+            )
+          end
+
           # Publish RPM package
           # The rpm builder replaces dashes with underscores in the version
           rpm_version = version.tr('-', '_')
-          package_name = "conjur-#{project_name}-#{rpm_version}-1.x86_64.rpm"
+          package_name = "conjur-#{project_name}-#{rpm_version}-1.*.rpm"
           rpm_art_repo = cmd_options['rpm-repo']
           publish_package(
             publish_image: publish_image,

data/lib/conjur/debify.rb

@@ -5,6 +5,7 @@ require 'gli'
 require 'json'
 require 'base64'
 require 'tmpdir'
+require 'rbconfig'
 
 require 'conjur/debify/utils'
 
@@ -31,24 +32,24 @@ Docker.options[:read_timeout] = 300
 module DebugMixin
   DEBUG = ENV['DEBUG'].nil? ? true : ENV['DEBUG'].downcase == 'true'
 
-  def debug *a
+  def debug(* a)
     DebugMixin.debug *a
   end
 
-  def self.debug *a
+  def self.debug(* a)
     $stderr.puts *a if DEBUG
   end
 
-  def debug_write *a
+  def debug_write(* a)
     DebugMixin.debug_write *a
   end
 
-  def self.debug_write *a
+  def self.debug_write(* a)
     $stderr.write *a if DEBUG
   end
 
   # you can give this to various docker methods to print output if debug is on
-  def self.docker_debug *a
+  def self.docker_debug(* a)
     if a.length == 2 && a[0].is_a?(Symbol)
       debug a.last
     else
@@ -90,8 +91,26 @@ def detect_version
   end
 end
 
+def detect_architecture
+  architecture = RbConfig::CONFIG['arch']
+  result_map = {}
+
+  case architecture
+  when /x86_64|amd64/
+    result_map['deb'] = 'amd64'
+    result_map['rpm'] = 'x86_64'
+  when /arm64|aarch64/
+    result_map['deb'] = 'arm64'
+    result_map['rpm'] = 'aarch64'
+  else
+    raise "Unsupported architecture type: #{architecture}"
+  end
+
+  result_map
+end
+
 def git_files
-  files = (`git ls-files -z`.split("\x0") + ['Gemfile.lock', 'VERSION']).uniq
+  files = (`git ls-files -z`.split("\x0") + %w[Gemfile.lock VERSION]).uniq
   # Since submodule directories are listed, but are not files, we remove them.
   # Currently, `conjur-project-config` is the only submodule in Conjur, and it
   # can safely be removed because it's a developer-only tool.  If we add another
@@ -141,7 +160,7 @@ command "clean" do |c|
   c.desc "Force file deletion even if if this doesn't look like a Jenkins environment"
   c.switch [:force]
 
-  c.action do |global_options, cmd_options, args|
+  c.action do |_, cmd_options, _|
     def looks_like_jenkins?
       require 'etc'
       Etc.getlogin == 'jenkins' && ENV['BUILD_NUMBER']
@@ -149,12 +168,12 @@ command "clean" do |c|
 
     require 'set'
     perform_deletion = cmd_options[:force] || looks_like_jenkins?
-    if !perform_deletion
+    unless perform_deletion
       $stderr.puts "No --force, and this doesn't look like Jenkins. I won't actually delete anything"
     end
-    @ignore_list = Array(cmd_options[:ignore]) + ['.', '..', '.git']
+    @ignore_list = Array(cmd_options[:ignore]) + %w[. .. .git]
 
-    def ignore_file? f
+    def ignore_file?(f)
       @ignore_list.find { |ignore| f.index(ignore) == 0 }
     end
 
@@ -172,7 +191,7 @@ command "clean" do |c|
         File.directory?(file) || ignore_file?(file)
       }
       if perform_deletion
-        image = Docker::Image.create 'fromImage' => "alpine:3.3"
+        image = Docker::Image.create 'fromImage' => "alpine:3.19.0"
         options = {
           'Cmd' => ["sh", "-c", "while true; do sleep 1; done"],
           'Image' => image.id,
@@ -190,7 +209,7 @@ command "clean" do |c|
             file = "/src/#{file}"
             cmd = ["rm", "-f", file]
 
-            stdout, stderr, status = container.exec cmd, &DebugMixin::DOCKER
+            _, _, status = container.exec cmd, &DebugMixin::DOCKER
             $stderr.puts "Failed to delete #{file}" unless status == 0
           end
         ensure
@@ -255,15 +274,15 @@ command "package" do |c|
   c.flag [:'additional-files']
 
   c.desc "Image name"
-  c.default_value "cyberark/phusion-ruby-fips"
+  c.default_value "cyberark/ubuntu-ruby-builder"
   c.flag [:i, :image]
 
   c.desc "Image tag, e.g. 4.5-stable, 4.6-stable"
   c.default_value "latest"
   c.flag [:t, :'image-tag']
 
-  c.action do |global_options, cmd_options, args|
-    raise "project-name is required" unless project_name = args.shift
+  c.action do |_, cmd_options, args|
+    raise "project-name is required" unless (project_name = args.shift)
 
     fpm_args = []
     if (delimeter = args.shift) == '--'
@@ -339,30 +358,20 @@ command "package" do |c|
       }
       options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
 
+      file_path, dev_file_path = determine_file_path(file_type, detect_architecture, project_name, version)
+
       container = Docker::Container.create options
       begin
         DebugMixin.debug_write "Packaging #{project_name} in container #{container.id}\n"
-        container.tap(&:start!).streaming_logs(follow: true, stdout: true, stderr: true) { |stream, chunk| $stderr.puts "#{chunk}" }
+        container.tap(&:start!).streaming_logs(follow: true, stdout: true, stderr: true) { |_, chunk| $stderr.puts "#{chunk}" }
         status = container.wait
         raise "Failed to package #{project_name}" unless status['StatusCode'] == 0
 
-        if file_type == "deb"
-          # Copy deb packages
-          copy_packages_from_container(
-            container,
-            "conjur-#{project_name}_#{version}_amd64.deb",
-            "conjur-#{project_name}-dev_#{version}_amd64.deb"
-          )
-        elsif file_type == "rpm"
-          # Copy rpm packages
-          # The rpm builder replaces dashes with underscores in the version
-          rpm_version = version.tr('-', '_')
-          copy_packages_from_container(
-            container,
-            "conjur-#{project_name}-#{rpm_version}-1.x86_64.rpm",
-            "conjur-#{project_name}-dev-#{rpm_version}-1.x86_64.rpm"
-          )
-        end
+        copy_packages_from_container(
+          container,
+          file_path,
+          dev_file_path
+        )
       ensure
         container.delete(force: true)
       end
@@ -370,13 +379,33 @@ command "package" do |c|
   end
 end
 
-def container_command container, *args
-  stdout, stderr, exitcode = container.exec args, &DebugMixin::DOCKER
+def determine_file_path(file_type, architecture_map, project_name, version)
+  if file_type == "deb"
+    architecture = architecture_map[file_type]
+    file_path = "conjur-#{project_name}_#{version}_#{architecture}.#{file_type}"
+    dev_file_path = "conjur-#{project_name}-dev_#{version}_#{architecture}.#{file_type}"
+  elsif file_type == "rpm"
+    architecture = architecture_map[file_type]
+
+    # The rpm builder replaces dashes with underscores in the version
+    version = version.tr('-', '_')
+
+    file_path = "conjur-#{project_name}-#{version}-1.#{architecture}.#{file_type}"
+    dev_file_path = "conjur-#{project_name}-dev-#{version}-1.#{architecture}.#{file_type}"
+  else
+    raise "Unrecognized file type: #{file_type}, must be one of the following: deb, rpm"
+  end
+
+  [file_path, dev_file_path]
+end
+
+def container_command(container, *args)
+  stdout, _, exitcode = container.exec args, &DebugMixin::DOCKER
   exit_now! "Command failed : #{args.join(' ')}", exitcode unless exitcode == 0
   stdout
 end
 
-def wait_for_conjur appliance_image, container
+def wait_for_conjur(container)
   container_command container, '/opt/conjur/evoke/bin/wait_for_conjur'
 rescue
   $stderr.puts container.logs(stdout: true, stderr: true)
@@ -480,8 +509,8 @@ command "test" do |c|
   network_options(c)
 
   c.action do |global_options, cmd_options, args|
-    raise "project-name is required" unless project_name = args.shift
-    raise "test-script is required" unless test_script = args.shift
+    raise "project-name is required" unless (project_name = args.shift)
+    raise "test-script is required" unless (test_script = args.shift)
     raise "Received extra command-line arguments" if args.shift
 
     dir = cmd_options[:dir] || '.'
@@ -553,11 +582,11 @@ RUN touch /etc/service/conjur/down
       options = {
         'Image' => appliance_image.id,
         'name' => project_name,
-        'Env' => [
-          "CONJUR_AUTHN_LOGIN=admin",
-          "CONJUR_ENV=appliance",
-          "CONJUR_AUTHN_API_KEY=SEcret12!!!!",
-          "CONJUR_ADMIN_PASSWORD=SEcret12!!!!",
+        'Env' => %w[
+          CONJUR_AUTHN_LOGIN=admin
+          CONJUR_ENV=appliance
+          CONJUR_AUTHN_API_KEY=SEcret12!!!!
+          CONJUR_ADMIN_PASSWORD=SEcret12!!!!
         ] + global_options[:env],
         'HostConfig' => {
           'Binds' => [
@@ -590,9 +619,9 @@ RUN touch /etc/service/conjur/down
 
         # Wait for pg/main so that migrations can run
         30.times do
-          stdout, stderr, exitcode = container.exec %w(sv status pg/main), &DebugMixin::DOCKER
+          stdout, _, exitcode = container.exec %w(sv status pg/main), &DebugMixin::DOCKER
           status = stdout.join
-          break if exitcode == 0 && status =~ /^run\:/
+          break if exitcode == 0 && status =~ /^run/
           sleep 1
         end
 
@@ -607,7 +636,7 @@ RUN touch /etc/service/conjur/down
 
         container_command container, "rm", "/etc/service/conjur/down"
         container_command container, "sv", "start", "conjur"
-        wait_for_conjur appliance_image, container
+        wait_for_conjur container
 
         system "./#{test_script} #{container.id}"
         exit_now! "#{test_script} failed with exit code #{$?.exitstatus}", $?.exitstatus unless $?.exitstatus == 0
@@ -703,11 +732,11 @@ command "sandbox" do |c|
         'name' => "#{project_name}-sandbox",
         'Image' => appliance_image.id,
         'WorkingDir' => "/src/#{project_name}",
-        'Env' => [
-          "CONJUR_AUTHN_LOGIN=admin",
-          "CONJUR_ENV=appliance",
-          "CONJUR_AUTHN_API_KEY=SEcret12!!!!",
-          "CONJUR_ADMIN_PASSWORD=SEcret12!!!!",
+        'Env' => %w[
+          CONJUR_AUTHN_LOGIN=admin
+          CONJUR_ENV=appliance
+          CONJUR_AUTHN_API_KEY=SEcret12!!!!
+          CONJUR_ADMIN_PASSWORD=SEcret12!!!!
         ] + global_options[:env]
       }
 
@@ -746,7 +775,7 @@ command "sandbox" do |c|
       $stdout.puts container.id
       container.start!
 
-      wait_for_conjur appliance_image, container
+      wait_for_conjur container
 
       if cmd_options[:'dev-install']
         container_command(container, "/opt/conjur/evoke/bin/dev-install", project_name)
@@ -798,10 +827,10 @@ command "publish" do |c|
   c.default_value "redhat-private"
   c.flag ['rpm-repo']
 
-  c.action do |global_options, cmd_options, args|
+  c.action do |_, cmd_options, args|
     require 'conjur/debify/action/publish'
-    raise "distribution is required" unless distribution = args.shift
-    raise "project-name is required" unless project_name = args.shift
+    raise "distribution is required" unless (distribution = args.shift)
+    raise "project-name is required" unless (project_name = args.shift)
     raise "Received extra command-line arguments" if args.shift
 
     Conjur::Debify::Action::Publish.new(distribution, project_name, cmd_options).run
@@ -812,7 +841,7 @@ desc "Auto-detect and print the repository version"
 command "detect-version" do |c|
   c.desc "Set the current working directory"
   c.flag [:d, :dir]
-  c.action do |global_options, cmd_options, args|
+  c.action do |_, cmd_options, args|
     raise "Received extra command-line arguments" if args.shift
 
     dir = cmd_options[:dir] || '.'
@@ -830,7 +859,7 @@ desc 'Show the given configuration'
 arg_name 'configuration'
 command 'config' do |c|
   c.action do |_, _, args|
-    raise 'no configuration provided' unless config = args.shift
+    raise 'no configuration provided' unless (config = args.shift)
     raise "Received extra command-line arguments" if args.shift
 
     File.open(File.join('distrib', config)).each do |line|
@@ -838,25 +867,3 @@ command 'config' do |c|
     end
   end
 end
-
-
-pre do |global, command, options, args|
-  # Pre logic here
-  # Return true to proceed; false to abort and not call the
-  # chosen command
-  # Use skips_pre before a command to skip this block
-  # on that command only
-  true
-end
-
-post do |global, command, options, args|
-  # Post logic here
-  # Use skips_post before a command to skip this
-  # block on that command only
-end
-
-on_error do |exception|
-  # Error logic here
-  # return false to skip default error handling
-  true
-end

data/push-image.sh

@@ -1,6 +1,12 @@
 #!/bin/bash -ex
 
+TAG=$(< VERSION)
+ARCH="$1"
+if [ -z "$ARCH" ]; then
+  ARCH="amd64"
+fi
+
 for t in $(./image-tags); do
-  docker push registry.tld/conjurinc/debify:$t
+  docker tag "debify:$TAG" "registry.tld/conjurinc/debify:$t-$ARCH"
+  docker push "registry.tld/conjurinc/debify:$t-$ARCH"
 done
-

data/push-manifest.sh

@@ -0,0 +1,14 @@
+#!/bin/bash -ex
+
+for t in $(./image-tags); do
+  docker pull "registry.tld/conjurinc/debify:$t-amd64"
+  docker pull "registry.tld/conjurinc/debify:$t-arm64"
+
+  docker manifest create \
+    --insecure \
+    "registry.tld/conjurinc/debify:$t" \
+    --amend "registry.tld/conjurinc/debify:$t-amd64" \
+    --amend "registry.tld/conjurinc/debify:$t-arm64"
+
+  docker manifest push --insecure "registry.tld/conjurinc/debify:$t"
+done

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: conjur-debify
 version: !ruby/object:Gem::Version
-  version: 3.0.2
+  version: 3.0.3.pre.9
 platform: ruby
 authors:
 - CyberArk Software, Inc.
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-08-17 00:00:00.000000000 Z
+date: 2024-01-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gli
@@ -164,7 +164,7 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
-description:
+description: 
 email:
 - conj_maintainers@cyberark.com
 executables:
@@ -223,6 +223,7 @@ files:
 - lib/conjur/publish/Dockerfile
 - publish-rubygem.sh
 - push-image.sh
+- push-manifest.sh
 - secrets.yml
 - spec/action/publish_spec.rb
 - spec/data/Makefile
@@ -230,13 +231,12 @@ files:
 - spec/debify_utils_spec.rb
 - spec/spec_helper.rb
 - spec/utils_spec.rb
-- tag-image.sh
 - test.sh
 homepage: https://github.com/conjurinc/debify
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -247,12 +247,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubygems_version: 3.2.33
-signing_key:
+rubygems_version: 3.4.10
+signing_key: 
 specification_version: 4
 summary: Utility commands to build and package Conjur services as Debian packages
 test_files:

data/tag-image.sh

@@ -1,6 +0,0 @@
-#!/bin/bash -ex
-
-TAG=$(< VERSION)
-for t in $(./image-tags); do
-  docker tag debify:$TAG registry.tld/conjurinc/debify:$t
-done