conjur-debify 1.12.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/Dockerfile +7 -21
- data/Rakefile +2 -1
- data/VERSION +1 -1
- data/ci/test.sh +0 -5
- data/distrib/entrypoint.sh +4 -7
- data/features/package.feature +1 -0
- data/features/sandbox.feature +4 -0
- data/features/step_definitions/debify_steps.rb +1 -2
- data/lib/conjur/debify.rb +96 -83
- data/lib/conjur/fpm/package.sh +40 -27
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6f76a5ea0e2c4fc01e0666594176690174cf1894f478570118056908c03c5e81
|
4
|
+
data.tar.gz: ebdb065547d044394079979326f759118e264a640a5feb41341fdba6386de661
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ed14d2fecc7c4229f8c3c59d289acd39b7defd6c046b5417d332d7adfe6b921cdc5dc16b81f95825b07e9d595f92ecc7924508fc0529f6ccce00bd182e0d8f65
|
7
|
+
data.tar.gz: 9c8aaaa932d2971d549a2db859c2e47c16f26890fc25ed6491c5cd854fb4d363af289312947e5f9deb950d55b044a6bc32158472445c391241bd19604d7a5725
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,11 @@
|
|
1
1
|
## [Unreleased]
|
2
2
|
|
3
|
+
# 2.0.0
|
4
|
+
### Changed
|
5
|
+
- Debify now receives the flag `--output` as input to indicate the file type that it should package (e.g `rpm`). If this
|
6
|
+
flag is not given, the default value is `deb`.
|
7
|
+
[conjurinc/debify#56](https://github.com/conjurinc/debify/issues/56)
|
8
|
+
|
3
9
|
# 1.12.0
|
4
10
|
|
5
11
|
### Added
|
data/Dockerfile
CHANGED
@@ -1,32 +1,18 @@
|
|
1
1
|
FROM ruby:2.6-stretch
|
2
2
|
|
3
|
-
### DockerInDocker support is take from
|
4
|
-
### https://github.com/jpetazzo/dind/blob/master/Dockerfile . I
|
5
|
-
### elected to base this image on ruby, then pull in the (slightly
|
6
|
-
### outdated) support for DockerInDocker. Creation of the official
|
7
|
-
### docker:dind image much more complicated and didn't lend itself to
|
8
|
-
### also running ruby.
|
9
|
-
|
10
3
|
RUN apt-get update -qq && \
|
11
4
|
apt-get dist-upgrade -qqy && \
|
12
5
|
apt-get install -qqy \
|
13
6
|
apt-transport-https \
|
14
7
|
ca-certificates \
|
15
|
-
curl
|
16
|
-
lxc \
|
17
|
-
iptables
|
8
|
+
curl
|
18
9
|
|
19
|
-
# Install Docker
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
# Define additional metadata for our image.
|
27
|
-
VOLUME /var/lib/docker
|
28
|
-
|
29
|
-
### End of DockerInDocker support
|
10
|
+
# Install Docker client tools
|
11
|
+
ENV DOCKERVERSION=20.10.0
|
12
|
+
RUN curl -fsSLO https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKERVERSION}.tgz \
|
13
|
+
&& tar xzvf docker-${DOCKERVERSION}.tgz --strip 1 \
|
14
|
+
-C /usr/local/bin docker/docker \
|
15
|
+
&& rm docker-${DOCKERVERSION}.tgz
|
30
16
|
|
31
17
|
RUN mkdir -p /debify
|
32
18
|
WORKDIR /debify
|
data/Rakefile
CHANGED
@@ -33,7 +33,8 @@ if cucumber?
|
|
33
33
|
Cucumber::Rake::Task.new(:features) do |t|
|
34
34
|
opts = "features --format junit -o #{CUKE_RESULTS} --format pretty -x"
|
35
35
|
opts += " --tags #{ENV['TAGS']}" if ENV['TAGS']
|
36
|
-
|
36
|
+
opts += " --tags ~@skip"
|
37
|
+
t.cucumber_opts = opts
|
37
38
|
t.fork = false
|
38
39
|
end
|
39
40
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
|
1
|
+
2.0.0
|
data/ci/test.sh
CHANGED
@@ -2,11 +2,6 @@
|
|
2
2
|
|
3
3
|
bundle
|
4
4
|
|
5
|
-
# Some tests need to be logged in to the registry, to pull a base
|
6
|
-
# image if it's not already available. Have entrypoint.sh do something
|
7
|
-
# simple, and log in as a side effect.
|
8
|
-
/debify/distrib/entrypoint.sh detect-version
|
9
|
-
|
10
5
|
for target in spec cucumber; do
|
11
6
|
bundle exec rake $target
|
12
7
|
done
|
data/distrib/entrypoint.sh
CHANGED
@@ -6,17 +6,14 @@ set +x
|
|
6
6
|
|
7
7
|
creds=( $(ruby /debify/distrib/conjur_creds.rb) )
|
8
8
|
|
9
|
-
# If there are creds, use them to log in to the registry.
|
10
|
-
# the magic DockerInDocker wrapper script so debify can interact with
|
11
|
-
# the Docker daemon.
|
9
|
+
# If there are creds, use them to log in to the registry.
|
12
10
|
#
|
13
|
-
# If there are no creds,
|
11
|
+
# If there are no creds, any commands that do
|
14
12
|
# Docker stuff will fail, but the non-Docker commands (e.g. the config
|
15
13
|
# subcommands) will work fine.
|
16
14
|
if [[ ${#creds[*]} > 0 ]]; then
|
17
15
|
echo -n "${creds[1]}" | docker login registry.tld -u ${creds[0]} --password-stdin >/dev/null 2>&1
|
18
|
-
exec wrapdocker debify "$@"
|
19
|
-
else
|
20
|
-
exec debify "$@"
|
21
16
|
fi
|
22
17
|
|
18
|
+
exec debify "$@"
|
19
|
+
|
data/features/package.feature
CHANGED
data/features/sandbox.feature
CHANGED
@@ -2,6 +2,10 @@
|
|
2
2
|
Feature: Running a sandbox
|
3
3
|
Background:
|
4
4
|
Given I successfully run `docker pull registry.tld/conjur-appliance-cuke-master:4.9-stable`
|
5
|
+
# The extra containers will use the `alpine` image, so we need to pull it first on the
|
6
|
+
# host to use the authenticated DockerHub connection. This avoids hitting DockerHub
|
7
|
+
# rate limits.
|
8
|
+
And I successfully run `docker pull alpine`
|
5
9
|
|
6
10
|
Scenario: sandbox for 'example' project be started
|
7
11
|
Given I successfully start a sandbox for "example" with arguments "-t 4.9-stable --no-pull"
|
@@ -12,11 +12,10 @@ When /^I start a container named "(.*?)"(?: on network "(.*?)")*$/ do |name, net
|
|
12
12
|
networks << network
|
13
13
|
end
|
14
14
|
|
15
|
-
alpine = Docker::Image.create('fromImage' => 'alpine')
|
16
15
|
options = {
|
17
16
|
'name' => name,
|
18
17
|
'Cmd' => [ "sh", "-c", "while true; do sleep 1; done" ],
|
19
|
-
'Image' => alpine
|
18
|
+
'Image' => 'alpine'
|
20
19
|
}
|
21
20
|
options['HostConfig'] = { 'NetworkMode' => net_name } if net_name
|
22
21
|
|
data/lib/conjur/debify.rb
CHANGED
@@ -13,6 +13,8 @@ require 'active_support/core_ext'
|
|
13
13
|
|
14
14
|
include GLI::App
|
15
15
|
|
16
|
+
DEFAULT_FILE_TYPE = "deb"
|
17
|
+
|
16
18
|
config_file '.debifyrc'
|
17
19
|
|
18
20
|
desc 'Set an environment variable (e.g. TERM=xterm) when starting a container'
|
@@ -50,7 +52,7 @@ module DebugMixin
|
|
50
52
|
if a.length == 2 && a[0].is_a?(Symbol)
|
51
53
|
debug a.last
|
52
54
|
else
|
53
|
-
|
55
|
+
a.each do |line|
|
54
56
|
begin
|
55
57
|
line = JSON.parse(line)
|
56
58
|
line.keys.each do |k|
|
@@ -80,7 +82,7 @@ def detect_version
|
|
80
82
|
base_version = File.read("VERSION").strip
|
81
83
|
commits_since = `git log #{base_commit}..HEAD --pretty='%h'`.split("\n").size
|
82
84
|
hash = `git rev-parse --short HEAD`.strip
|
83
|
-
[
|
85
|
+
[[base_version, commits_since].join('.'), hash].join("-")
|
84
86
|
else
|
85
87
|
`git describe --long --tags --abbrev=7 --match 'v*.*.*' | sed -e 's/^v//'`.strip.tap do |version|
|
86
88
|
raise "No Git version (tag) for project" if version.empty?
|
@@ -125,15 +127,15 @@ DESC
|
|
125
127
|
arg_name "project-name -- <fpm-arguments>"
|
126
128
|
command "clean" do |c|
|
127
129
|
c.desc "Set the current working directory"
|
128
|
-
c.flag [
|
130
|
+
c.flag [:d, "dir"]
|
129
131
|
|
130
132
|
c.desc "Ignore (don't delete) a file or directory"
|
131
|
-
c.flag [
|
133
|
+
c.flag [:i, :ignore]
|
132
134
|
|
133
135
|
c.desc "Force file deletion even if if this doesn't look like a Jenkins environment"
|
134
|
-
c.switch [
|
136
|
+
c.switch [:force]
|
135
137
|
|
136
|
-
c.action do |global_options,cmd_options,args|
|
138
|
+
c.action do |global_options, cmd_options, args|
|
137
139
|
def looks_like_jenkins?
|
138
140
|
require 'etc'
|
139
141
|
Etc.getlogin == 'jenkins' && ENV['BUILD_NUMBER']
|
@@ -144,10 +146,10 @@ command "clean" do |c|
|
|
144
146
|
if !perform_deletion
|
145
147
|
$stderr.puts "No --force, and this doesn't look like Jenkins. I won't actually delete anything"
|
146
148
|
end
|
147
|
-
@ignore_list = Array(cmd_options[:ignore]) + [
|
149
|
+
@ignore_list = Array(cmd_options[:ignore]) + ['.', '..', '.git']
|
148
150
|
|
149
151
|
def ignore_file? f
|
150
|
-
@ignore_list.find{|ignore| f.index(ignore) == 0}
|
152
|
+
@ignore_list.find { |ignore| f.index(ignore) == 0 }
|
151
153
|
end
|
152
154
|
|
153
155
|
dir = cmd_options[:dir] || '.'
|
@@ -160,16 +162,16 @@ command "clean" do |c|
|
|
160
162
|
end
|
161
163
|
find_files.compact!
|
162
164
|
delete_files = (find_files - git_files)
|
163
|
-
delete_files.delete_if{|file|
|
165
|
+
delete_files.delete_if { |file|
|
164
166
|
File.directory?(file) || ignore_file?(file)
|
165
167
|
}
|
166
168
|
if perform_deletion
|
167
169
|
image = Docker::Image.create 'fromImage' => "alpine:3.3"
|
168
170
|
options = {
|
169
|
-
'Cmd'
|
171
|
+
'Cmd' => ["sh", "-c", "while true; do sleep 1; done"],
|
170
172
|
'Image' => image.id,
|
171
173
|
'Binds' => [
|
172
|
-
[
|
174
|
+
[dir, "/src"].join(':'),
|
173
175
|
]
|
174
176
|
}
|
175
177
|
options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
|
@@ -180,7 +182,7 @@ command "clean" do |c|
|
|
180
182
|
puts file
|
181
183
|
|
182
184
|
file = "/src/#{file}"
|
183
|
-
cmd = [
|
185
|
+
cmd = ["rm", "-f", file]
|
184
186
|
|
185
187
|
stdout, stderr, status = container.exec cmd, &DebugMixin::DOCKER
|
186
188
|
$stderr.puts "Failed to delete #{file}" unless status == 0
|
@@ -232,18 +234,21 @@ DESC
|
|
232
234
|
arg_name "project-name -- <fpm-arguments>"
|
233
235
|
command "package" do |c|
|
234
236
|
c.desc "Set the current working directory"
|
235
|
-
c.flag [
|
237
|
+
c.flag [:d, "dir"]
|
238
|
+
|
239
|
+
c.desc "Set the output file type of the fpm command (e.g rpm)"
|
240
|
+
c.flag [:o, :output]
|
236
241
|
|
237
242
|
c.desc "Specify the deb version; by default, it's read from the VERSION file"
|
238
|
-
c.flag [
|
243
|
+
c.flag [:v, :version]
|
239
244
|
|
240
245
|
c.desc "Specify a custom Dockerfile.fpm"
|
241
|
-
c.flag [
|
246
|
+
c.flag [:dockerfile]
|
242
247
|
|
243
248
|
c.desc "Specify files to add to the FPM image that are not included from the git repo"
|
244
|
-
c.flag [
|
249
|
+
c.flag [:'additional-files']
|
245
250
|
|
246
|
-
c.action do |global_options,cmd_options,args|
|
251
|
+
c.action do |global_options, cmd_options, args|
|
247
252
|
raise "project-name is required" unless project_name = args.shift
|
248
253
|
|
249
254
|
fpm_args = []
|
@@ -279,23 +284,29 @@ command "package" do |c|
|
|
279
284
|
FileUtils.mkdir_p(File.dirname(destination_path))
|
280
285
|
FileUtils.cp(original_file, destination_path)
|
281
286
|
end
|
282
|
-
|
287
|
+
|
283
288
|
# rename specified dockerfile to 'Dockerfile' during copy, incase name is different
|
284
289
|
dockerfile_path = cmd_options[:dockerfile] || File.expand_path("debify/Dockerfile.fpm", pwd)
|
285
290
|
temp_dockerfile = File.join(temp_dir, "Dockerfile")
|
286
|
-
|
291
|
+
|
287
292
|
# change image variable in specified Dockerfile
|
288
293
|
dockerfile = File.read(dockerfile_path)
|
289
294
|
replace_image = dockerfile.gsub("@@image@@", fpm_image.id)
|
290
|
-
File.open(temp_dockerfile, "w") {|file| file.puts replace_image}
|
295
|
+
File.open(temp_dockerfile, "w") { |file| file.puts replace_image }
|
291
296
|
|
292
297
|
# build image from project being debified dir
|
293
298
|
image = Docker::Image.build_from_dir temp_dir, &DebugMixin::DOCKER
|
294
299
|
|
295
300
|
DebugMixin.debug_write "Built fpm image '#{image.id}' for project #{project_name}\n"
|
296
301
|
|
302
|
+
container_cmd_options = [project_name, version]
|
303
|
+
|
304
|
+
# Set the output file type if present
|
305
|
+
file_type = cmd_options[:output] || DEFAULT_FILE_TYPE
|
306
|
+
container_cmd_options << "--file-type=#{file_type}"
|
307
|
+
|
297
308
|
options = {
|
298
|
-
'Cmd'
|
309
|
+
'Cmd' => container_cmd_options + fpm_args,
|
299
310
|
'Image' => image.id
|
300
311
|
}
|
301
312
|
options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
|
@@ -307,21 +318,23 @@ command "package" do |c|
|
|
307
318
|
status = container.wait
|
308
319
|
raise "Failed to package #{project_name}" unless status['StatusCode'] == 0
|
309
320
|
|
310
|
-
|
311
|
-
|
312
|
-
|
313
|
-
|
314
|
-
|
315
|
-
|
316
|
-
|
317
|
-
|
318
|
-
|
319
|
-
|
320
|
-
|
321
|
-
|
322
|
-
|
323
|
-
|
324
|
-
|
321
|
+
if file_type == "deb"
|
322
|
+
# Copy deb packages
|
323
|
+
copy_packages_from_container(
|
324
|
+
container,
|
325
|
+
"conjur-#{project_name}_#{version}_amd64.deb",
|
326
|
+
"conjur-#{project_name}-dev_#{version}_amd64.deb"
|
327
|
+
)
|
328
|
+
elsif file_type == "rpm"
|
329
|
+
# Copy rpm packages
|
330
|
+
# The rpm builder replaces dashes with underscores in the version
|
331
|
+
rpm_version = version.tr('-', '_')
|
332
|
+
copy_packages_from_container(
|
333
|
+
container,
|
334
|
+
"conjur-#{project_name}-#{rpm_version}-1.x86_64.rpm",
|
335
|
+
"conjur-#{project_name}-dev-#{rpm_version}-1.x86_64.rpm"
|
336
|
+
)
|
337
|
+
end
|
325
338
|
ensure
|
326
339
|
container.delete(force: true)
|
327
340
|
end
|
@@ -344,10 +357,10 @@ end
|
|
344
357
|
|
345
358
|
def network_options(cmd)
|
346
359
|
cmd.desc "Specify link for test container"
|
347
|
-
cmd.flag [
|
360
|
+
cmd.flag [:l, :link], :multiple => true
|
348
361
|
|
349
362
|
cmd.desc 'Attach to the specified network'
|
350
|
-
cmd.flag [
|
363
|
+
cmd.flag [:n, :net]
|
351
364
|
end
|
352
365
|
|
353
366
|
def short_id(id)
|
@@ -363,7 +376,7 @@ end
|
|
363
376
|
# instead. (Docker doesn't add full container ids as network aliases,
|
364
377
|
# only short ids).
|
365
378
|
def shorten_source_id(link)
|
366
|
-
src,dest = link.split(':')
|
379
|
+
src, dest = link.split(':')
|
367
380
|
src && dest ? "#{short_id(src)}:#{dest}" : link
|
368
381
|
end
|
369
382
|
|
@@ -413,32 +426,32 @@ DESC
|
|
413
426
|
arg_name "project-name test-script"
|
414
427
|
command "test" do |c|
|
415
428
|
c.desc "Set the current working directory"
|
416
|
-
c.flag [
|
429
|
+
c.flag [:d, :dir]
|
417
430
|
|
418
431
|
c.desc "Keep the Conjur appliance container after the command finishes"
|
419
432
|
c.default_value false
|
420
|
-
c.switch [
|
433
|
+
c.switch [:k, :keep]
|
421
434
|
|
422
435
|
c.desc "Image name"
|
423
436
|
c.default_value "registry.tld/conjur-appliance-cuke-master"
|
424
|
-
c.flag [
|
437
|
+
c.flag [:i, :image]
|
425
438
|
|
426
439
|
c.desc "Image tag, e.g. 4.5-stable, 4.6-stable"
|
427
|
-
c.flag [
|
440
|
+
c.flag [:t, "image-tag"]
|
428
441
|
|
429
442
|
c.desc "'docker pull' the Conjur container image"
|
430
443
|
c.default_value true
|
431
|
-
c.switch [
|
444
|
+
c.switch [:pull]
|
432
445
|
|
433
446
|
c.desc "Specify the deb version; by default, it's read from the VERSION file"
|
434
|
-
c.flag [
|
447
|
+
c.flag [:v, :version]
|
435
448
|
|
436
449
|
c.desc "Specify volume for test container"
|
437
|
-
c.flag [
|
450
|
+
c.flag [:'volumes-from'], :multiple => true
|
438
451
|
|
439
452
|
network_options(c)
|
440
453
|
|
441
|
-
c.action do |global_options,cmd_options,args|
|
454
|
+
c.action do |global_options, cmd_options, args|
|
442
455
|
raise "project-name is required" unless project_name = args.shift
|
443
456
|
raise "test-script is required" unless test_script = args.shift
|
444
457
|
raise "Received extra command-line arguments" if args.shift
|
@@ -451,7 +464,7 @@ command "test" do |c|
|
|
451
464
|
|
452
465
|
Dir.chdir dir do
|
453
466
|
image_tag = cmd_options["image-tag"] or raise "image-tag is required"
|
454
|
-
appliance_image_id = [
|
467
|
+
appliance_image_id = [cmd_options[:image], image_tag].join(":")
|
455
468
|
version = cmd_options[:version] || detect_version
|
456
469
|
package_name = "conjur-#{project_name}_#{version}_amd64.deb"
|
457
470
|
dev_package_name = "conjur-#{project_name}-dev_#{version}_amd64.deb"
|
@@ -459,7 +472,7 @@ command "test" do |c|
|
|
459
472
|
raise "#{test_script} does not exist or is not a file" unless File.file?(test_script)
|
460
473
|
|
461
474
|
begin
|
462
|
-
tries ||=2
|
475
|
+
tries ||= 2
|
463
476
|
Docker::Image.create 'fromImage' => appliance_image_id, &DebugMixin::DOCKER if cmd_options[:pull]
|
464
477
|
rescue
|
465
478
|
login_to_registry appliance_image_id
|
@@ -498,7 +511,7 @@ RUN touch /etc/service/conjur/down
|
|
498
511
|
packages << dev_package_name if File.exist? dev_package_name
|
499
512
|
|
500
513
|
begin
|
501
|
-
tries ||=2
|
514
|
+
tries ||= 2
|
502
515
|
appliance_image = build_test_image(appliance_image_id, project_name, packages)
|
503
516
|
rescue
|
504
517
|
login_to_registry appliance_image_id
|
@@ -519,7 +532,7 @@ RUN touch /etc/service/conjur/down
|
|
519
532
|
] + global_options[:env],
|
520
533
|
'HostConfig' => {
|
521
534
|
'Binds' => [
|
522
|
-
[
|
535
|
+
[dir, "/src/#{project_name}"].join(':')
|
523
536
|
]
|
524
537
|
}
|
525
538
|
}
|
@@ -532,16 +545,16 @@ RUN touch /etc/service/conjur/down
|
|
532
545
|
|
533
546
|
if global_options[:'local-bundle']
|
534
547
|
host_config['Binds']
|
535
|
-
.push([
|
536
|
-
.push([
|
548
|
+
.push([vendor_dir, "/src/#{project_name}/vendor"].join(':'))
|
549
|
+
.push([dot_bundle_dir, "/src/#{project_name}/.bundle"].join(':'))
|
537
550
|
end
|
538
551
|
|
539
|
-
container = Docker::Container.create(options.tap {|o| DebugMixin.debug_write "creating container with options #{o.inspect}"})
|
552
|
+
container = Docker::Container.create(options.tap { |o| DebugMixin.debug_write "creating container with options #{o.inspect}" })
|
540
553
|
|
541
554
|
begin
|
542
555
|
DebugMixin.debug_write "Testing #{project_name} in container #{container.id}\n"
|
543
556
|
|
544
|
-
spawn("docker logs -f #{container.id}", [
|
557
|
+
spawn("docker logs -f #{container.id}", [:out, :err] => $stderr).tap do |pid|
|
545
558
|
Process.detach pid
|
546
559
|
end
|
547
560
|
container.start!
|
@@ -592,29 +605,29 @@ Once in the container, use "/opt/conjur/evoke/bin/dev-install" to install the de
|
|
592
605
|
DESC
|
593
606
|
command "sandbox" do |c|
|
594
607
|
c.desc "Set the current working directory"
|
595
|
-
c.flag [
|
608
|
+
c.flag [:d, :dir]
|
596
609
|
|
597
610
|
c.desc "Image name"
|
598
611
|
c.default_value "registry.tld/conjur-appliance-cuke-master"
|
599
|
-
c.flag [
|
612
|
+
c.flag [:i, :image]
|
600
613
|
|
601
614
|
c.desc "Image tag, e.g. 4.5-stable, 4.6-stable"
|
602
|
-
c.flag [
|
615
|
+
c.flag [:t, "image-tag"]
|
603
616
|
|
604
617
|
c.desc "Bind another source directory into the container. Use <src>:<dest>, where both are full paths."
|
605
|
-
c.flag [
|
618
|
+
c.flag [:"bind"], :multiple => true
|
606
619
|
|
607
620
|
c.desc "'docker pull' the Conjur container image"
|
608
621
|
c.default_value false
|
609
|
-
c.switch [
|
622
|
+
c.switch [:pull]
|
610
623
|
|
611
624
|
network_options(c)
|
612
625
|
|
613
626
|
c.desc "Specify volume for container"
|
614
|
-
c.flag [
|
627
|
+
c.flag [:'volumes-from'], :multiple => true
|
615
628
|
|
616
629
|
c.desc "Expose a port from the container to host. Use <host>:<container>."
|
617
|
-
c.flag [
|
630
|
+
c.flag [:p, :port], :multiple => true
|
618
631
|
|
619
632
|
c.desc 'Run dev-install in /src/<project-name>'
|
620
633
|
c.default_value false
|
@@ -625,9 +638,9 @@ command "sandbox" do |c|
|
|
625
638
|
c.switch [:kill]
|
626
639
|
|
627
640
|
c.desc 'A command to run in the sandbox'
|
628
|
-
c.flag [
|
641
|
+
c.flag [:c, :command]
|
629
642
|
|
630
|
-
c.action do |global_options,cmd_options,args|
|
643
|
+
c.action do |global_options, cmd_options, args|
|
631
644
|
raise "Received extra command-line arguments" if args.shift
|
632
645
|
|
633
646
|
dir = cmd_options[:dir] || '.'
|
@@ -637,11 +650,11 @@ command "sandbox" do |c|
|
|
637
650
|
|
638
651
|
Dir.chdir dir do
|
639
652
|
image_tag = cmd_options["image-tag"] or raise "image-tag is required"
|
640
|
-
appliance_image_id = [
|
653
|
+
appliance_image_id = [cmd_options[:image], image_tag].join(":")
|
641
654
|
|
642
655
|
appliance_image = if cmd_options[:pull]
|
643
656
|
begin
|
644
|
-
tries ||=2
|
657
|
+
tries ||= 2
|
645
658
|
Docker::Image.create 'fromImage' => appliance_image_id, &DebugMixin::DOCKER if cmd_options[:pull]
|
646
659
|
rescue
|
647
660
|
login_to_registry appliance_image_id
|
@@ -671,14 +684,14 @@ command "sandbox" do |c|
|
|
671
684
|
|
672
685
|
options['HostConfig'] = host_config = {}
|
673
686
|
host_config['Binds'] = [
|
674
|
-
[
|
675
|
-
[
|
687
|
+
[File.expand_path(".ssh/id_rsa", ENV['HOME']), "/root/.ssh/id_rsa", 'ro'].join(':'),
|
688
|
+
[dir, "/src/#{project_name}"].join(':'),
|
676
689
|
] + Array(cmd_options[:bind])
|
677
690
|
|
678
691
|
if global_options[:'local-bundle']
|
679
692
|
host_config['Binds']
|
680
|
-
.push([
|
681
|
-
.push([
|
693
|
+
.push([vendor_dir, "/src/#{project_name}/vendor"].join(':'))
|
694
|
+
.push([dot_bundle_dir, "/src/#{project_name}/.bundle"].join(':'))
|
682
695
|
end
|
683
696
|
|
684
697
|
host_config['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
|
@@ -690,7 +703,7 @@ command "sandbox" do |c|
|
|
690
703
|
port_bindings = Hash.new({})
|
691
704
|
cmd_options[:port].each do |mapping|
|
692
705
|
hport, cport = mapping.split(':')
|
693
|
-
port_bindings["#{cport}/tcp"] = [{
|
706
|
+
port_bindings["#{cport}/tcp"] = [{'HostPort' => hport}]
|
694
707
|
end
|
695
708
|
host_config['PortBindings'] = port_bindings
|
696
709
|
end
|
@@ -700,7 +713,7 @@ command "sandbox" do |c|
|
|
700
713
|
previous.delete(:force => true) if previous
|
701
714
|
end
|
702
715
|
|
703
|
-
container = Docker::Container.create(options.tap {|o| DebugMixin.debug_write "creating container with options #{o.inspect}"})
|
716
|
+
container = Docker::Container.create(options.tap { |o| DebugMixin.debug_write "creating container with options #{o.inspect}" })
|
704
717
|
$stdout.puts container.id
|
705
718
|
container.start!
|
706
719
|
|
@@ -736,27 +749,27 @@ DESC
|
|
736
749
|
arg_name "distribution project-name"
|
737
750
|
command "publish" do |c|
|
738
751
|
c.desc "Set the current working directory"
|
739
|
-
c.flag [
|
752
|
+
c.flag [:d, :dir]
|
740
753
|
|
741
754
|
c.desc "Specify the deb package version; by default, it's computed automatically"
|
742
|
-
c.flag [
|
755
|
+
c.flag [:v, :version]
|
743
756
|
|
744
757
|
c.desc "Component to publish to, either 'stable' or the name of the git branch"
|
745
|
-
c.flag [
|
758
|
+
c.flag [:c, :component]
|
746
759
|
|
747
760
|
c.desc "Artifactory URL to publish to"
|
748
761
|
c.default_value "https://conjurinc.jfrog.io/conjurinc"
|
749
|
-
c.flag [
|
762
|
+
c.flag [:u, :url]
|
750
763
|
|
751
764
|
c.desc "Artifactory Debian repo to publish package to"
|
752
765
|
c.default_value "debian-private"
|
753
|
-
c.flag [
|
766
|
+
c.flag [:r, :repo]
|
754
767
|
|
755
768
|
c.desc "Artifactory RPM repo to publish package to"
|
756
769
|
c.default_value "redhat-private"
|
757
770
|
c.flag ['rpm-repo']
|
758
771
|
|
759
|
-
c.action do |global_options,cmd_options,args|
|
772
|
+
c.action do |global_options, cmd_options, args|
|
760
773
|
require 'conjur/debify/action/publish'
|
761
774
|
raise "distribution is required" unless distribution = args.shift
|
762
775
|
raise "project-name is required" unless project_name = args.shift
|
@@ -769,8 +782,8 @@ end
|
|
769
782
|
desc "Auto-detect and print the repository version"
|
770
783
|
command "detect-version" do |c|
|
771
784
|
c.desc "Set the current working directory"
|
772
|
-
c.flag [
|
773
|
-
c.action do |global_options,cmd_options,args|
|
785
|
+
c.flag [:d, :dir]
|
786
|
+
c.action do |global_options, cmd_options, args|
|
774
787
|
raise "Received extra command-line arguments" if args.shift
|
775
788
|
|
776
789
|
dir = cmd_options[:dir] || '.'
|
@@ -787,7 +800,7 @@ end
|
|
787
800
|
desc 'Show the given configuration'
|
788
801
|
arg_name 'configuration'
|
789
802
|
command 'config' do |c|
|
790
|
-
c.action do |_,_,args|
|
803
|
+
c.action do |_, _, args|
|
791
804
|
raise 'no configuration provided' unless config = args.shift
|
792
805
|
raise "Received extra command-line arguments" if args.shift
|
793
806
|
|
@@ -798,7 +811,7 @@ command 'config' do |c|
|
|
798
811
|
end
|
799
812
|
|
800
813
|
|
801
|
-
pre do |global,command,options,args|
|
814
|
+
pre do |global, command, options, args|
|
802
815
|
# Pre logic here
|
803
816
|
# Return true to proceed; false to abort and not call the
|
804
817
|
# chosen command
|
@@ -807,7 +820,7 @@ pre do |global,command,options,args|
|
|
807
820
|
true
|
808
821
|
end
|
809
822
|
|
810
|
-
post do |global,command,options,args|
|
823
|
+
post do |global, command, options, args|
|
811
824
|
# Post logic here
|
812
825
|
# Use skips_post before a command to skip this
|
813
826
|
# block on that command only
|
data/lib/conjur/fpm/package.sh
CHANGED
@@ -8,14 +8,33 @@ version=$1
|
|
8
8
|
shift
|
9
9
|
|
10
10
|
if [ -z "$project_name" ]; then
|
11
|
-
|
12
|
-
|
11
|
+
echo Project name argument is required
|
12
|
+
exit 1
|
13
13
|
fi
|
14
14
|
if [ -z "$version" ]; then
|
15
|
-
|
16
|
-
|
15
|
+
echo Version argument is required
|
16
|
+
exit 1
|
17
17
|
fi
|
18
18
|
|
19
|
+
for i in "$@"; do
|
20
|
+
case $i in
|
21
|
+
-ft=* | --file-type=*)
|
22
|
+
file_type="${i#*=}"
|
23
|
+
shift
|
24
|
+
;;
|
25
|
+
esac
|
26
|
+
done
|
27
|
+
|
28
|
+
if [ -z "$file_type" ]; then
|
29
|
+
echo "No file type given. Using deb"
|
30
|
+
file_type=deb
|
31
|
+
fi
|
32
|
+
|
33
|
+
echo Project Name is $project_name
|
34
|
+
echo Version is $version
|
35
|
+
echo file_type is $file_type
|
36
|
+
echo params at the end are $@
|
37
|
+
|
19
38
|
# Build dev package first
|
20
39
|
prefix=/src/opt/conjur/project
|
21
40
|
cp -al $prefix /dev-pkg
|
@@ -27,14 +46,12 @@ cd /dev-pkg
|
|
27
46
|
remove_matching $prefix
|
28
47
|
bundle_clean
|
29
48
|
|
30
|
-
if [
|
49
|
+
if [ $(ls | wc -l) -eq 0 ]; then
|
31
50
|
echo No dev dependencies, skipping dev package
|
32
51
|
else
|
33
|
-
|
34
|
-
do
|
35
|
-
echo "Building conjur-$project_name-dev $file_type package"
|
52
|
+
echo "Building conjur-$project_name-dev $file_type package"
|
36
53
|
|
37
|
-
|
54
|
+
fpm \
|
38
55
|
-s dir \
|
39
56
|
-t $file_type \
|
40
57
|
-n conjur-$project_name-dev \
|
@@ -50,7 +67,6 @@ else
|
|
50
67
|
--depends "conjur-$project_name = $version" \
|
51
68
|
--prefix /opt/conjur/$project_name \
|
52
69
|
--description "Conjur $project_name service - development files"
|
53
|
-
done
|
54
70
|
fi
|
55
71
|
|
56
72
|
mv /src/opt/conjur/project /src/opt/conjur/$project_name
|
@@ -67,26 +83,23 @@ mkdir -p opt/conjur/etc
|
|
67
83
|
|
68
84
|
[ -d opt/conjur/"$project_name"/distrib ] && mv opt/conjur/"$project_name"/distrib /
|
69
85
|
|
70
|
-
|
71
|
-
do
|
72
|
-
echo "Building conjur-$project_name-dev $file_type package"
|
86
|
+
echo "Building conjur-$project_name-dev $file_type package"
|
73
87
|
|
74
|
-
|
88
|
+
fpm \
|
75
89
|
-s dir \
|
76
90
|
-t $file_type \
|
77
91
|
-n conjur-$project_name \
|
78
92
|
-v $version \
|
79
93
|
-C . \
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
ls -al *.{deb,rpm}
|
94
|
+
--maintainer "CyberArk Software, Inc." \
|
95
|
+
--vendor "CyberArk Software, Inc." \
|
96
|
+
--license "Proprietary" \
|
97
|
+
--url "https://www.cyberark.com" \
|
98
|
+
--config-files opt/conjur/etc \
|
99
|
+
--deb-no-default-config-files \
|
100
|
+
--$file_type-user conjur \
|
101
|
+
--$file_type-group conjur \
|
102
|
+
--description "Conjur $project_name service" \
|
103
|
+
"$@"
|
104
|
+
|
105
|
+
ls -l
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: conjur-debify
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- CyberArk Software, Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-12-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: gli
|