conjur-debify 3.0.3.pre.10 → 3.0.3.pre.1914

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 436c92c5c492573a754e82a9b35ef13aca64a795fd4a01e125951488a107978c
-  data.tar.gz: bdecbbddaf1e13882847e3d11eb8e2c4ae597f95c036dcb74021c3ff1dc340f5
+  metadata.gz: b361743dc7723ab21f23aa6b3192161d8a4ef64f175654db610f3a0c30390486
+  data.tar.gz: 70d7d42091e3a99882af0a649e36188eda5f1da138c149ae718978675b119bff
 SHA512:
-  metadata.gz: a971c4675b727301536f00a606dbe54d1f011fc660daa29708c060fe2be55967a21caa872f5aaeca3c4cef04f37b79cea3887d83a86222b2326801553e822490
-  data.tar.gz: 4529e3f15f359cdd0009c6cbd2ba3c70db72ee122aea0f9de41bf1573df45f393a77030b987a58b61ea718222b5d3ed9b2e01b3a8157abf3eea7bd5a02927298
+  metadata.gz: 5156842479768b6005995b228589e61834bab51a19f553c1e602b59c0ef31d57419959622bad33754a76899d0bb6bb1f5323735447fcba73792ec8ced473defe
+  data.tar.gz: 1841a0b4ec0b5507593b7d8f38cdccc512e9f0b9b3a40fc8e94bba35bd5ef73024918a257a96d50ed0d09e4b7c98f6c021de7a53785e728748917a7930780c78

data/CHANGELOG.md

@@ -1,11 +1,4 @@
 ## [3.0.3]
-### Added
-- Build arm64 image on separate agent with dedicated architecture
-- Upload artifacts for all packaged architectures to artifactory
-
-### Fixed
-- Fixed regressions introduced by incorrect linting fixes. Most significantly,
-  preventing the `VERSION` file from being included in release packages.
 
 ## [3.0.2]
 ### Changed
@@ -44,11 +37,11 @@
 
 - Refine bundler related steps in `debify package` flow: only `package.sh` file configures
   and invokes bundler. `Dockerfile.fpm` only copies files and adjusts folder structure.
-- Remove bundler 1.* support
+- Remove bundler 1.* support 
 
 # 2.0.0
 ### Changed
-- Debify now receives the flag `--output` as input to indicate the file type that it should package (e.g `rpm`). If this
+- Debify now receives the flag `--output` as input to indicate the file type that it should package (e.g `rpm`). If this 
   flag is not given, the default value is `deb`.
   [conjurinc/debify#56](https://github.com/conjurinc/debify/issues/56)
 

data/Jenkinsfile

@@ -2,33 +2,23 @@
 
 // Automated release, promotion and dependencies
 properties([
-  // Include the automated release parameters for the build
   release.addParams(),
-  // Dependencies of the project that should trigger builds
-  dependencies([])
+  dependencies(['cyberark/conjur-base-image'])
 ])
 
-// Performs release promotion.  No other stages will be run
 if (params.MODE == "PROMOTE") {
-  release.promote(params.VERSION_TO_PROMOTE) { infrapool, sourceVersion, targetVersion, assetDirectory ->
-    // Any assets from sourceVersion Github release are available in assetDirectory
-    // Any version number updates from sourceVersion to targetVersion occur here
-    // Any publishing of targetVersion artifacts occur here
-    // Anything added to assetDirectory will be attached to the Github Release
-
-    //Note: assetDirectory is on the infrapool agent, not the local Jenkins agent.
-    infrapool.agentSh './publish-rubygem.sh'
+  release.promote(params.VERSION_TO_PROMOTE) { sourceVersion, targetVersion, assetDirectory ->
+    sh './publish-rubygem.sh'
   }
-  release.copyEnterpriseRelease(params.VERSION_TO_PROMOTE)
   return
 }
 
 pipeline {
-  agent { label 'conjur-enterprise-common-agent' }
+  agent { label 'executor-v2' }
 
   options {
     timestamps()
-    buildDiscarder(logRotator(numToKeepStr: '30'))
+    buildDiscarder(logRotator(daysToKeepStr: '30'))
   }
 
   triggers {
@@ -36,12 +26,10 @@ pipeline {
   }
 
   environment {
-    // Sets the MODE to the specified or autocalculated value as appropriate
     MODE = release.canonicalizeMode()
   }
 
   stages {
-    // Aborts any builds triggered by another project that wouldn't include any changes
     stage ("Skip build if triggering job didn't create a release") {
       when {
         expression {
@@ -55,86 +43,34 @@ pipeline {
         }
       }
     }
-
-    stage('Get InfraPool ExecutorV2 Agent(s)') {
+    stage('Prepare') {
       steps {
-        script {
-          // Request ExecutorV2 agents for 1 hour(s)
-          INFRAPOOL_EXECUTORV2_AGENT_0 = getInfraPoolAgent.connected(type: "ExecutorV2", quantity: 1, duration: 1)[0]
-          INFRAPOOL_EXECUTORV2ARM_AGENT_0 = getInfraPoolAgent.connected(type: "ExecutorV2ARM", quantity: 1, duration: 1)[0]
-        }
+        // Initialize VERSION file
+        updateVersion("CHANGELOG.md", "${BUILD_NUMBER}")
       }
     }
-
-    stage('Prepare') {
-      parallel {
-        stage('Prepare AMD64') {
-          steps {
-            // Initialize VERSION file
-            updateVersion(INFRAPOOL_EXECUTORV2_AGENT_0, "CHANGELOG.md", "${BUILD_NUMBER}")
-          }
-        }
-
-        stage('Prepare ARM64') {
-          steps {
-            // Initialize VERSION file
-            updateVersion(INFRAPOOL_EXECUTORV2ARM_AGENT_0, "CHANGELOG.md", "${BUILD_NUMBER}")
-          }
-        }
+    stage('Build docker image') {
+      steps {
+        sh './build.sh'
       }
     }
 
-    stage('Build Docker image') {
-      parallel {
-        stage('Build AMD64 image') {
-          steps {
-            script {
-              INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './build.sh'
-            }
-          }
-        }
-
-        stage('Build ARM64 image') {
-          steps {
-            script {
-              INFRAPOOL_EXECUTORV2ARM_AGENT_0.agentSh './build.sh'
-            }
-          }
-        }
-      }
-    }
     stage('Scan Docker image') {
       parallel {
-        stage('Scan Docker image for fixable issues (AMD64 based)') {
+        stage('Scan Docker image for fixable issues') {
           steps{
             script {
-              VERSION = INFRAPOOL_EXECUTORV2_AGENT_0.agentSh(returnStdout: true, script: 'cat VERSION')
+              VERSION = sh(returnStdout: true, script: 'cat VERSION')
             }
-            scanAndReport(INFRAPOOL_EXECUTORV2_AGENT_0, "debify:${VERSION}", "HIGH", false)
+            scanAndReport("debify:${VERSION}", "HIGH", false)
           }
         }
-        stage('Scan Docker image for all issues (AMD64 based)') {
+        stage('Scan Docker image for all issues') {
           steps{
             script {
-              VERSION = INFRAPOOL_EXECUTORV2_AGENT_0.agentSh(returnStdout: true, script: 'cat VERSION')
+              VERSION = sh(returnStdout: true, script: 'cat VERSION')
             }
-            scanAndReport(INFRAPOOL_EXECUTORV2_AGENT_0, "debify:${VERSION}", "NONE", true)
-          }
-        }
-        stage('Scan Docker image for fixable issues (ARM64 based)') {
-          steps{
-            script {
-              VERSION = INFRAPOOL_EXECUTORV2ARM_AGENT_0.agentSh(returnStdout: true, script: 'cat VERSION')
-            }
-            scanAndReport(INFRAPOOL_EXECUTORV2ARM_AGENT_0, "debify:${VERSION}", "HIGH", false)
-          }
-        }
-        stage('Scan Docker image for all issues (ARM64 based)') {
-          steps{
-            script {
-              VERSION = INFRAPOOL_EXECUTORV2ARM_AGENT_0.agentSh(returnStdout: true, script: 'cat VERSION')
-            }
-            scanAndReport(INFRAPOOL_EXECUTORV2ARM_AGENT_0, "debify:${VERSION}", "NONE", true)
+            scanAndReport("debify:${VERSION}", "NONE", true)
           }
         }
       }
@@ -142,46 +78,21 @@ pipeline {
 
     stage('Run feature tests') {
       steps {
-        script {
-          INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './test.sh'
-          INFRAPOOL_EXECUTORV2_AGENT_0.agentStash name: 'test-results', includes: 'features/reports/*.xml'
-        }
+        sh './test.sh'
       }
       post { always {
-        unstash 'test-results'
         junit 'features/reports/*.xml'
       }}
     }
 
     stage('Push Docker image') {
-      parallel {
-        stage('Push AMD64 image') {
-          steps {
-            script {
-              INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './push-image.sh amd64'
-            }
-          }
-        }
-
-        stage('Push ARM64 image') {
-          steps {
-            script {
-              INFRAPOOL_EXECUTORV2ARM_AGENT_0.agentSh './push-image.sh arm64'
-            }
-          }
-        }
-      }
-    }
-
-    stage('Push Docker manifest with multi-arch') {
       steps {
-        script {
-          INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './push-manifest.sh'
-        }
+        sh './tag-image.sh'
+        sh './push-image.sh'
       }
     }
 
-    stage('Release') {
+    stage('Publish to RubyGems') {
       when {
         expression {
           MODE == "RELEASE"
@@ -189,31 +100,17 @@ pipeline {
       }
 
       steps {
-        script {
-          release(INFRAPOOL_EXECUTORV2_AGENT_0) { billOfMaterialsDirectory, assetDirectory ->
-            /* Publish release artifacts to all the appropriate locations
-               Copy any artifacts to assetDirectory on the infrapool node
-               to attach them to the Github release.
-
-               If your assets are on the infrapool node in the target
-               directory, use a copy like this:
-                  infrapool.agentSh "cp target/* ${assetDirectory}"
-               Note That this will fail if there are no assets, add :||
-               if you want the release to succeed with no assets.
-
-               If your assets are in target on the main Jenkins agent, use:
-                 infrapool.agentPut(from: 'target/', to: assetDirectory)
-            */
-            INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './publish-rubygem.sh'
-            INFRAPOOL_EXECUTORV2_AGENT_0.agentSh "cp conjur-debify-*.gem release-assets/."
-          }
+        release {
+          sh './publish-rubygem.sh'
+          sh "cp conjur-debify-*.gem release-assets/."
         }
       }
     }
   }
+
   post {
     always {
-      releaseInfraPoolAgent()
+      cleanupAndNotify(currentBuild.currentResult)
     }
   }
-}
+}

data/README.md

@@ -116,7 +116,7 @@ COMMAND OPTIONS
     --additional-files=arg - Specify files to add to the FPM image that are not included from the git repo (default: none)
     -d, --dir=arg          - Set the current working directory (default: none)
     --dockerfile=arg       - Specify a custom Dockerfile.fpm (default: none)
-    -i, --image=arg        - Image name (default: cyberark/ubuntu-ruby-builder)
+    -i, --image=arg        - Image name (default: cyberark/phusion-ruby-fips)
     -o, --output=arg       - Set the output file type of the fpm command (e.g rpm) (default: none)
     -t, --image-tag=arg    - Image tag, e.g. 4.5-stable, 4.6-stable (default: latest)
     -v, --version=arg      - Specify the deb version; by default, it's read from the VERSION file (default: none)

data/VERSION

@@ -1 +1 @@
-3.0.3-10
+3.0.3-1914

data/features/package.feature

@@ -8,16 +8,16 @@ Feature: Packaging
     And I successfully run `env DEBUG=true GLI_DEBUG=true debify package -d ../../example --output rpm  -v 0.0.1-suffix example  -- --post-install /distrib/postinstall.sh`
 
   Scenario: 'example' project can be packaged successfully
-    Then the output should match /conjur-example_0\.0\.1-suffix_(amd64|arm64)\.deb/
-    And the output should match /conjur-example-dev_0\.0\.1-suffix_(amd64|arm64)\.deb/
-    And the output should match /conjur-example-0\.0\.1_suffix-1\.(x86_64|aarch64)\.rpm/
-    And the output should match /conjur-example-dev-0\.0\.1_suffix-1\.(x86_64|aarch64)\.rpm/
+    Then the stdout should contain "conjur-example_0.0.1-suffix_amd64.deb"
+    And the stdout should contain "conjur-example-dev_0.0.1-suffix_amd64.deb"
+    And the stdout should contain "conjur-example-0.0.1_suffix-1.x86_64.rpm"
+    And the stdout should contain "conjur-example-dev-0.0.1_suffix-1.x86_64.rpm"
 
   Scenario: 'clean' command will delete non-Git-managed files
     When I successfully run `env DEBUG=true GLI_DEBUG=true debify clean -d ../../example --force`
-    And I cd to "../../example"
-    Then a file matching %r</conjur-example_0\.0\.1-suffix_(amd64|arm64)\.deb/> should not exist
-    And a file matching %r</conjur-example-0\.0\.1_suffix-1\.(x86_64|aarch64)\.rpm/> should not exist
+    And I successfully run `find ../../example`
+    Then the stdout from "find ../../example" should not contain "conjur-example_0.0.1-suffix_amd64.deb"
+    And the stdout from "find ../../example" should not contain "conjur-example-0.0.1_suffix-1.x86_64.rpm"
 
   Scenario: 'example' project can be published
     When I successfully run `env DEBUG=true GLI_DEBUG=true debify publish -v 0.0.1-suffix -d ../../example 5.0 example`

data/image-tags

@@ -9,12 +9,9 @@ show_master_tags() {
 }
 
 show_branch_tags() {
-  VERSION=$(< VERSION)
-  docker run --rm debify:$VERSION config script > docker-debify
-  chmod +x docker-debify
   # tail and tr, to remove the grottiness from the detect-version
   # output
-  local version="$(DEBIFY_IMAGE=debify:$VERSION ./docker-debify detect-version | tail -1 | tr -d '\r')"
+  local version="$(DEBIFY_IMAGE=debify:$(<VERSION) ./docker-debify detect-version | tail -1 | tr -d '\r')"
   
   echo "$BRANCH_NAME $version"
 }

data/lib/conjur/debify/action/publish.rb

@@ -38,7 +38,7 @@ module Conjur::Debify
             art_user, art_password = fetch_art_creds
           end
 
-          # Publish AMD64 deb package
+          # Publish deb package
           component = cmd_options[:component] || detect_component
           deb_info = "#{distribution}/#{component}/amd64"
           package_name = "conjur-#{project_name}_#{version}_amd64.deb"
@@ -53,26 +53,10 @@ module Conjur::Debify
             deb_info: deb_info
           )
 
-          # (Optional) Publish ARM64 deb package
-          unless Dir.glob('*_arm64.deb').empty?
-            deb_info = "#{distribution}/#{component}/arm64"
-            package_name = "conjur-#{project_name}_#{version}_arm64.deb"
-            publish_package(
-              publish_image: publish_image,
-              art_url: art_url,
-              art_user: art_user,
-              art_password: art_password,
-              art_repo: deb_art_repo,
-              package_name: package_name,
-              dir: dir,
-              deb_info: deb_info
-            )
-          end
-
           # Publish RPM package
           # The rpm builder replaces dashes with underscores in the version
           rpm_version = version.tr('-', '_')
-          package_name = "conjur-#{project_name}-#{rpm_version}-1.*.rpm"
+          package_name = "conjur-#{project_name}-#{rpm_version}-1.x86_64.rpm"
           rpm_art_repo = cmd_options['rpm-repo']
           publish_package(
             publish_image: publish_image,

data/lib/conjur/debify.rb

@@ -5,7 +5,6 @@ require 'gli'
 require 'json'
 require 'base64'
 require 'tmpdir'
-require 'rbconfig'
 
 require 'conjur/debify/utils'
 
@@ -32,24 +31,24 @@ Docker.options[:read_timeout] = 300
 module DebugMixin
   DEBUG = ENV['DEBUG'].nil? ? true : ENV['DEBUG'].downcase == 'true'
 
-  def debug(* a)
+  def debug *a
     DebugMixin.debug *a
   end
 
-  def self.debug(* a)
+  def self.debug *a
     $stderr.puts *a if DEBUG
   end
 
-  def debug_write(* a)
+  def debug_write *a
     DebugMixin.debug_write *a
   end
 
-  def self.debug_write(* a)
+  def self.debug_write *a
     $stderr.write *a if DEBUG
   end
 
   # you can give this to various docker methods to print output if debug is on
-  def self.docker_debug(* a)
+  def self.docker_debug *a
     if a.length == 2 && a[0].is_a?(Symbol)
       debug a.last
     else
@@ -91,26 +90,8 @@ def detect_version
   end
 end
 
-def detect_architecture
-  architecture = RbConfig::CONFIG['arch']
-  result_map = {}
-
-  case architecture
-  when /x86_64|amd64/
-    result_map['deb'] = 'amd64'
-    result_map['rpm'] = 'x86_64'
-  when /arm64|aarch64/
-    result_map['deb'] = 'arm64'
-    result_map['rpm'] = 'aarch64'
-  else
-    raise "Unsupported architecture type: #{architecture}"
-  end
-
-  result_map
-end
-
 def git_files
-  files = (`git ls-files -z`.split("\x0") + %w[Gemfile.lock VERSION]).uniq
+  files = (`git ls-files -z`.split("\x0") + ['Gemfile.lock', 'VERSION']).uniq
   # Since submodule directories are listed, but are not files, we remove them.
   # Currently, `conjur-project-config` is the only submodule in Conjur, and it
   # can safely be removed because it's a developer-only tool.  If we add another
@@ -160,7 +141,7 @@ command "clean" do |c|
   c.desc "Force file deletion even if if this doesn't look like a Jenkins environment"
   c.switch [:force]
 
-  c.action do |_, cmd_options, _|
+  c.action do |global_options, cmd_options, args|
     def looks_like_jenkins?
       require 'etc'
       Etc.getlogin == 'jenkins' && ENV['BUILD_NUMBER']
@@ -168,12 +149,12 @@ command "clean" do |c|
 
     require 'set'
     perform_deletion = cmd_options[:force] || looks_like_jenkins?
-    unless perform_deletion
+    if !perform_deletion
       $stderr.puts "No --force, and this doesn't look like Jenkins. I won't actually delete anything"
     end
-    @ignore_list = Array(cmd_options[:ignore]) + %w[. .. .git]
+    @ignore_list = Array(cmd_options[:ignore]) + ['.', '..', '.git']
 
-    def ignore_file?(f)
+    def ignore_file? f
       @ignore_list.find { |ignore| f.index(ignore) == 0 }
     end
 
@@ -191,7 +172,7 @@ command "clean" do |c|
         File.directory?(file) || ignore_file?(file)
       }
       if perform_deletion
-        image = Docker::Image.create 'fromImage' => "alpine:3.19.0"
+        image = Docker::Image.create 'fromImage' => "alpine:3.3"
         options = {
           'Cmd' => ["sh", "-c", "while true; do sleep 1; done"],
           'Image' => image.id,
@@ -209,7 +190,7 @@ command "clean" do |c|
             file = "/src/#{file}"
             cmd = ["rm", "-f", file]
 
-            _, _, status = container.exec cmd, &DebugMixin::DOCKER
+            stdout, stderr, status = container.exec cmd, &DebugMixin::DOCKER
             $stderr.puts "Failed to delete #{file}" unless status == 0
           end
         ensure
@@ -274,15 +255,15 @@ command "package" do |c|
   c.flag [:'additional-files']
 
   c.desc "Image name"
-  c.default_value "cyberark/ubuntu-ruby-builder"
+  c.default_value "cyberark/phusion-ruby-fips"
   c.flag [:i, :image]
 
   c.desc "Image tag, e.g. 4.5-stable, 4.6-stable"
   c.default_value "latest"
   c.flag [:t, :'image-tag']
 
-  c.action do |_, cmd_options, args|
-    raise "project-name is required" unless (project_name = args.shift)
+  c.action do |global_options, cmd_options, args|
+    raise "project-name is required" unless project_name = args.shift
 
     fpm_args = []
     if (delimeter = args.shift) == '--'
@@ -358,20 +339,30 @@ command "package" do |c|
       }
       options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
 
-      file_path, dev_file_path = determine_file_path(file_type, detect_architecture, project_name, version)
-
       container = Docker::Container.create options
       begin
         DebugMixin.debug_write "Packaging #{project_name} in container #{container.id}\n"
-        container.tap(&:start!).streaming_logs(follow: true, stdout: true, stderr: true) { |_, chunk| $stderr.puts "#{chunk}" }
+        container.tap(&:start!).streaming_logs(follow: true, stdout: true, stderr: true) { |stream, chunk| $stderr.puts "#{chunk}" }
         status = container.wait
         raise "Failed to package #{project_name}" unless status['StatusCode'] == 0
 
-        copy_packages_from_container(
-          container,
-          file_path,
-          dev_file_path
-        )
+        if file_type == "deb"
+          # Copy deb packages
+          copy_packages_from_container(
+            container,
+            "conjur-#{project_name}_#{version}_amd64.deb",
+            "conjur-#{project_name}-dev_#{version}_amd64.deb"
+          )
+        elsif file_type == "rpm"
+          # Copy rpm packages
+          # The rpm builder replaces dashes with underscores in the version
+          rpm_version = version.tr('-', '_')
+          copy_packages_from_container(
+            container,
+            "conjur-#{project_name}-#{rpm_version}-1.x86_64.rpm",
+            "conjur-#{project_name}-dev-#{rpm_version}-1.x86_64.rpm"
+          )
+        end
       ensure
         container.delete(force: true)
       end
@@ -379,33 +370,13 @@ command "package" do |c|
   end
 end
 
-def determine_file_path(file_type, architecture_map, project_name, version)
-  if file_type == "deb"
-    architecture = architecture_map[file_type]
-    file_path = "conjur-#{project_name}_#{version}_#{architecture}.#{file_type}"
-    dev_file_path = "conjur-#{project_name}-dev_#{version}_#{architecture}.#{file_type}"
-  elsif file_type == "rpm"
-    architecture = architecture_map[file_type]
-
-    # The rpm builder replaces dashes with underscores in the version
-    version = version.tr('-', '_')
-
-    file_path = "conjur-#{project_name}-#{version}-1.#{architecture}.#{file_type}"
-    dev_file_path = "conjur-#{project_name}-dev-#{version}-1.#{architecture}.#{file_type}"
-  else
-    raise "Unrecognized file type: #{file_type}, must be one of the following: deb, rpm"
-  end
-
-  [file_path, dev_file_path]
-end
-
-def container_command(container, *args)
-  stdout, _, exitcode = container.exec args, &DebugMixin::DOCKER
+def container_command container, *args
+  stdout, stderr, exitcode = container.exec args, &DebugMixin::DOCKER
   exit_now! "Command failed : #{args.join(' ')}", exitcode unless exitcode == 0
   stdout
 end
 
-def wait_for_conjur(container)
+def wait_for_conjur appliance_image, container
   container_command container, '/opt/conjur/evoke/bin/wait_for_conjur'
 rescue
   $stderr.puts container.logs(stdout: true, stderr: true)
@@ -509,8 +480,8 @@ command "test" do |c|
   network_options(c)
 
   c.action do |global_options, cmd_options, args|
-    raise "project-name is required" unless (project_name = args.shift)
-    raise "test-script is required" unless (test_script = args.shift)
+    raise "project-name is required" unless project_name = args.shift
+    raise "test-script is required" unless test_script = args.shift
     raise "Received extra command-line arguments" if args.shift
 
     dir = cmd_options[:dir] || '.'
@@ -582,11 +553,11 @@ RUN touch /etc/service/conjur/down
       options = {
         'Image' => appliance_image.id,
         'name' => project_name,
-        'Env' => %w[
-          CONJUR_AUTHN_LOGIN=admin
-          CONJUR_ENV=appliance
-          CONJUR_AUTHN_API_KEY=SEcret12!!!!
-          CONJUR_ADMIN_PASSWORD=SEcret12!!!!
+        'Env' => [
+          "CONJUR_AUTHN_LOGIN=admin",
+          "CONJUR_ENV=appliance",
+          "CONJUR_AUTHN_API_KEY=SEcret12!!!!",
+          "CONJUR_ADMIN_PASSWORD=SEcret12!!!!",
         ] + global_options[:env],
         'HostConfig' => {
           'Binds' => [
@@ -619,9 +590,9 @@ RUN touch /etc/service/conjur/down
 
         # Wait for pg/main so that migrations can run
         30.times do
-          stdout, _, exitcode = container.exec %w(sv status pg/main), &DebugMixin::DOCKER
+          stdout, stderr, exitcode = container.exec %w(sv status pg/main), &DebugMixin::DOCKER
           status = stdout.join
-          break if exitcode == 0 && status =~ /^run/
+          break if exitcode == 0 && status =~ /^run\:/
           sleep 1
         end
 
@@ -636,7 +607,7 @@ RUN touch /etc/service/conjur/down
 
         container_command container, "rm", "/etc/service/conjur/down"
         container_command container, "sv", "start", "conjur"
-        wait_for_conjur container
+        wait_for_conjur appliance_image, container
 
         system "./#{test_script} #{container.id}"
         exit_now! "#{test_script} failed with exit code #{$?.exitstatus}", $?.exitstatus unless $?.exitstatus == 0
@@ -732,11 +703,11 @@ command "sandbox" do |c|
         'name' => "#{project_name}-sandbox",
         'Image' => appliance_image.id,
         'WorkingDir' => "/src/#{project_name}",
-        'Env' => %w[
-          CONJUR_AUTHN_LOGIN=admin
-          CONJUR_ENV=appliance
-          CONJUR_AUTHN_API_KEY=SEcret12!!!!
-          CONJUR_ADMIN_PASSWORD=SEcret12!!!!
+        'Env' => [
+          "CONJUR_AUTHN_LOGIN=admin",
+          "CONJUR_ENV=appliance",
+          "CONJUR_AUTHN_API_KEY=SEcret12!!!!",
+          "CONJUR_ADMIN_PASSWORD=SEcret12!!!!",
         ] + global_options[:env]
       }
 
@@ -775,7 +746,7 @@ command "sandbox" do |c|
       $stdout.puts container.id
       container.start!
 
-      wait_for_conjur container
+      wait_for_conjur appliance_image, container
 
       if cmd_options[:'dev-install']
         container_command(container, "/opt/conjur/evoke/bin/dev-install", project_name)
@@ -827,10 +798,10 @@ command "publish" do |c|
   c.default_value "redhat-private"
   c.flag ['rpm-repo']
 
-  c.action do |_, cmd_options, args|
+  c.action do |global_options, cmd_options, args|
     require 'conjur/debify/action/publish'
-    raise "distribution is required" unless (distribution = args.shift)
-    raise "project-name is required" unless (project_name = args.shift)
+    raise "distribution is required" unless distribution = args.shift
+    raise "project-name is required" unless project_name = args.shift
     raise "Received extra command-line arguments" if args.shift
 
     Conjur::Debify::Action::Publish.new(distribution, project_name, cmd_options).run
@@ -841,7 +812,7 @@ desc "Auto-detect and print the repository version"
 command "detect-version" do |c|
   c.desc "Set the current working directory"
   c.flag [:d, :dir]
-  c.action do |_, cmd_options, args|
+  c.action do |global_options, cmd_options, args|
     raise "Received extra command-line arguments" if args.shift
 
     dir = cmd_options[:dir] || '.'
@@ -859,7 +830,7 @@ desc 'Show the given configuration'
 arg_name 'configuration'
 command 'config' do |c|
   c.action do |_, _, args|
-    raise 'no configuration provided' unless (config = args.shift)
+    raise 'no configuration provided' unless config = args.shift
     raise "Received extra command-line arguments" if args.shift
 
     File.open(File.join('distrib', config)).each do |line|
@@ -867,3 +838,25 @@ command 'config' do |c|
     end
   end
 end
+
+
+pre do |global, command, options, args|
+  # Pre logic here
+  # Return true to proceed; false to abort and not call the
+  # chosen command
+  # Use skips_pre before a command to skip this block
+  # on that command only
+  true
+end
+
+post do |global, command, options, args|
+  # Post logic here
+  # Use skips_post before a command to skip this
+  # block on that command only
+end
+
+on_error do |exception|
+  # Error logic here
+  # return false to skip default error handling
+  true
+end

data/push-image.sh

@@ -1,12 +1,6 @@
 #!/bin/bash -ex
 
-TAG=$(< VERSION)
-ARCH="$1"
-if [ -z "$ARCH" ]; then
-  ARCH="amd64"
-fi
-
 for t in $(./image-tags); do
-  docker tag "debify:$TAG" "registry.tld/conjurinc/debify:$t-$ARCH"
-  docker push "registry.tld/conjurinc/debify:$t-$ARCH"
+  docker push registry.tld/conjurinc/debify:$t
 done
+

data/tag-image.sh

@@ -0,0 +1,6 @@
+#!/bin/bash -ex
+
+TAG=$(< VERSION)
+for t in $(./image-tags); do
+  docker tag debify:$TAG registry.tld/conjurinc/debify:$t
+done

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: conjur-debify
 version: !ruby/object:Gem::Version
-  version: 3.0.3.pre.10
+  version: 3.0.3.pre.1914
 platform: ruby
 authors:
 - CyberArk Software, Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-01-11 00:00:00.000000000 Z
+date: 2023-09-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gli
@@ -223,7 +223,6 @@ files:
 - lib/conjur/publish/Dockerfile
 - publish-rubygem.sh
 - push-image.sh
-- push-manifest.sh
 - secrets.yml
 - spec/action/publish_spec.rb
 - spec/data/Makefile
@@ -231,6 +230,7 @@ files:
 - spec/debify_utils_spec.rb
 - spec/spec_helper.rb
 - spec/utils_spec.rb
+- tag-image.sh
 - test.sh
 homepage: https://github.com/conjurinc/debify
 licenses:

data/push-manifest.sh

@@ -1,14 +0,0 @@
-#!/bin/bash -ex
-
-for t in $(./image-tags); do
-  docker pull "registry.tld/conjurinc/debify:$t-amd64"
-  docker pull "registry.tld/conjurinc/debify:$t-arm64"
-
-  docker manifest create \
-    --insecure \
-    "registry.tld/conjurinc/debify:$t" \
-    --amend "registry.tld/conjurinc/debify:$t-amd64" \
-    --amend "registry.tld/conjurinc/debify:$t-arm64"
-
-  docker manifest push --insecure "registry.tld/conjurinc/debify:$t"
-done