conjur-debify 3.0.3.pre.10 → 3.0.3.pre.145

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 436c92c5c492573a754e82a9b35ef13aca64a795fd4a01e125951488a107978c
-  data.tar.gz: bdecbbddaf1e13882847e3d11eb8e2c4ae597f95c036dcb74021c3ff1dc340f5
+  metadata.gz: 749d66a8a64cbc22abc88af81e4f1851ee888d178c875d8c384da86e9c84a472
+  data.tar.gz: 7d0713e5b38339ce6ac39d4c6714593d00ace8f6515e8c8d3f5b0914a2a14d48
 SHA512:
-  metadata.gz: a971c4675b727301536f00a606dbe54d1f011fc660daa29708c060fe2be55967a21caa872f5aaeca3c4cef04f37b79cea3887d83a86222b2326801553e822490
-  data.tar.gz: 4529e3f15f359cdd0009c6cbd2ba3c70db72ee122aea0f9de41bf1573df45f393a77030b987a58b61ea718222b5d3ed9b2e01b3a8157abf3eea7bd5a02927298
+  metadata.gz: '07198fe9a64df0947c30bf59ec95af4c63ca81abbfc7dff9d46188b480f21e373bbcccdd84ff3be97b0c37d41db7dd4f05f34ed82376de62f28206c23423c2b0'
+  data.tar.gz: 2ac3dc9e0bbda1d32a046fcd376f5b8aabf24df4b1a09695a3300e935e3d4ed8ab301e0cf6ae8a1af12c8de84554375b9971d92deec45011fc1e67f357e41314

data/Dockerfile

@@ -10,7 +10,7 @@ RUN apt-get update -qq && \
     rm -rf /var/lib/apt/lists/*
 
 # Install Docker client tools
-ENV DOCKERVERSION=24.0.2
+ENV DOCKERVERSION=27.0.3
 RUN curl -fsSLO https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKERVERSION}.tgz \
   && tar xzvf docker-${DOCKERVERSION}.tgz --strip 1 \
                  -C /usr/local/bin docker/docker \

data/VERSION

@@ -1 +1 @@
-3.0.3-10
+3.0.3-145

data/lib/conjur/debify/action/publish.rb

@@ -1,10 +1,9 @@
 module Conjur::Debify
   module Action
     class Publish
-
       def detect_component
         branch = ENV['GIT_BRANCH'] || ENV['BRANCH_NAME'] || `git rev-parse --abbrev-ref HEAD`.strip
-        if %w(master origin/master).include?(branch)
+        if %w[master origin/master].include?(branch)
           'stable'
         else
           branch.gsub('/', '.')
@@ -12,6 +11,7 @@ module Conjur::Debify
       end
 
       attr_reader :distribution, :project_name, :cmd_options
+
       def initialize(distribution, project_name, cmd_options)
         @distribution = distribution
         @project_name = project_name
@@ -34,23 +34,21 @@ module Conjur::Debify
 
           art_user = ENV['ARTIFACTORY_USER']
           art_password = ENV['ARTIFACTORY_PASSWORD']
-          unless art_user && art_password
-            art_user, art_password = fetch_art_creds
-          end
+          art_user, art_password = fetch_art_creds unless art_user && art_password
 
           # Publish AMD64 deb package
           component = cmd_options[:component] || detect_component
           deb_info = "#{distribution}/#{component}/amd64"
           package_name = "conjur-#{project_name}_#{version}_amd64.deb"
           publish_package(
-            publish_image: publish_image,
-            art_url: art_url,
-            art_user: art_user,
-            art_password: art_password,
+            publish_image:,
+            art_url:,
+            art_user:,
+            art_password:,
             art_repo: deb_art_repo,
-            package_name: package_name,
-            dir: dir,
-            deb_info: deb_info
+            package_name:,
+            dir:,
+            deb_info:
           )
 
           # (Optional) Publish ARM64 deb package
@@ -58,14 +56,14 @@ module Conjur::Debify
             deb_info = "#{distribution}/#{component}/arm64"
             package_name = "conjur-#{project_name}_#{version}_arm64.deb"
             publish_package(
-              publish_image: publish_image,
-              art_url: art_url,
-              art_user: art_user,
-              art_password: art_password,
+              publish_image:,
+              art_url:,
+              art_user:,
+              art_password:,
               art_repo: deb_art_repo,
-              package_name: package_name,
-              dir: dir,
-              deb_info: deb_info
+              package_name:,
+              dir:,
+              deb_info:
             )
           end
 
@@ -75,19 +73,20 @@ module Conjur::Debify
           package_name = "conjur-#{project_name}-#{rpm_version}-1.*.rpm"
           rpm_art_repo = cmd_options['rpm-repo']
           publish_package(
-            publish_image: publish_image,
-            art_url: art_url,
-            art_user: art_user,
-            art_password: art_password,
+            publish_image:,
+            art_url:,
+            art_user:,
+            art_password:,
             art_repo: rpm_art_repo,
-            package_name: package_name,
-            dir: dir
+            package_name:,
+            dir:
           )
         end
       end
 
       def create_image
-        Docker::Image.build_from_dir File.expand_path('../../publish', File.dirname(__FILE__)), tag: "debify-publish", &DebugMixin::DOCKER
+        Docker::Image.build_from_dir File.expand_path('../../publish', File.dirname(__FILE__)), tag: 'debify-publish',
+                                     &DebugMixin::DOCKER
       end
 
       def fetch_art_creds
@@ -98,8 +97,8 @@ module Conjur::Debify
         conjur = Conjur::Authn.connect nil, noask: true
 
         account = Conjur.configuration.account
-        username_var = [account, "variable", "ci/artifactory/users/jenkins/username"].join(':')
-        password_var = [account, "variable", 'ci/artifactory/users/jenkins/password'].join(':')
+        username_var = [account, 'variable', 'ci/artifactory/users/jenkins/username'].join(':')
+        password_var = [account, 'variable', 'ci/artifactory/users/jenkins/password'].join(':')
         [conjur.resource(username_var).value, conjur.resource(password_var).value]
       end
 
@@ -115,21 +114,24 @@ module Conjur::Debify
       )
 
         cmd_args = [
-          "jfrog", "rt", "upload",
-          "--url", art_url,
-          "--user", art_user,
-          "--password", art_password,
+          'jfrog', 'rt', 'upload',
+          '--url', art_url,
+          '--user', art_user,
+          '--password', art_password
         ]
 
-        cmd_args += ["--deb", deb_info] if deb_info
+        cmd_args += ['--deb', deb_info] if deb_info
         cmd_args += [package_name, "#{art_repo}/"]
 
         options = {
           'Image' => publish_image.id,
           'Cmd' => cmd_args,
-          'Binds' => [
-            [ dir, "/src" ].join(':')
-          ]
+          'HostConfig' => {
+            'Binds' => [
+              [dir, '/src'].join(':')
+            ]
+          },
+          'WorkingDir' => '/src'
         }
         options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
 
@@ -139,14 +141,15 @@ module Conjur::Debify
       def publish(options)
         container = Docker::Container.create(options)
         begin
-          container.tap(&:start!).streaming_logs(follow: true, stdout: true, stderr: true) { |stream, chunk| puts "#{chunk}" }
+          container.tap(&:start!).streaming_logs(follow: true, stdout: true, stderr: true) do |_stream, chunk|
+            puts "#{chunk}"
+          end
           status = container.wait
-          raise "Failed to publish package" unless status['StatusCode'] == 0
+          raise 'Failed to publish package' unless status['StatusCode'] == 0
         ensure
           container.delete(force: true)
         end
       end
-
     end
   end
 end

data/lib/conjur/debify.rb

@@ -1,4 +1,4 @@
-require "conjur/debify/version"
+require 'conjur/debify/version'
 require 'docker'
 require 'fileutils'
 require 'gli'
@@ -14,18 +14,17 @@ require 'active_support/core_ext'
 
 include GLI::App
 
-DEFAULT_FILE_TYPE = "deb"
+DEFAULT_FILE_TYPE = 'deb'
 
 config_file '.debifyrc'
 
 desc 'Set an environment variable (e.g. TERM=xterm) when starting a container'
-flag [:env], :multiple => true
+flag [:env], multiple: true
 
 desc 'Mount local bundle to reuse gems from previous installation'
 default_value true
 switch [:'local-bundle']
 
-
 Docker.options[:read_timeout] = 300
 
 # This is used to turn on DEBUG notices.
@@ -33,19 +32,19 @@ module DebugMixin
   DEBUG = ENV['DEBUG'].nil? ? true : ENV['DEBUG'].downcase == 'true'
 
   def debug(* a)
-    DebugMixin.debug *a
+    DebugMixin.debug(*a)
   end
 
   def self.debug(* a)
-    $stderr.puts *a if DEBUG
+    warn(*a) if DEBUG
   end
 
   def debug_write(* a)
-    DebugMixin.debug_write *a
+    DebugMixin.debug_write(*a)
   end
 
   def self.debug_write(* a)
-    $stderr.write *a if DEBUG
+    $stderr.write(*a) if DEBUG
   end
 
   # you can give this to various docker methods to print output if debug is on
@@ -54,16 +53,14 @@ module DebugMixin
       debug a.last
     else
       a.each do |line|
-        begin
-          line = JSON.parse(line)
-          line.keys.each do |k|
-            debug line[k]
-          end
-        rescue JSON::ParserError
-          # Docker For Mac is spitting out invalid JSON, so just print
-          # out the line if parsing fails.
-          debug line
+        line = JSON.parse(line)
+        line.keys.each do |k|
+          debug line[k]
         end
+      rescue JSON::ParserError
+        # Docker For Mac is spitting out invalid JSON, so just print
+        # out the line if parsing fails.
+        debug line
       end
     end
   end
@@ -79,14 +76,14 @@ subcommand_option_handling :normal
 arguments :strict
 
 def detect_version
-  if File.exist?("VERSION") && !(base_commit = `git log --pretty='%h' VERSION | head -n 1`.strip).empty?
-    base_version = File.read("VERSION").strip
+  if File.exist?('VERSION') && !(base_commit = `git log --pretty='%h' VERSION | head -n 1`.strip).empty?
+    base_version = File.read('VERSION').strip
     commits_since = `git log #{base_commit}..HEAD --pretty='%h'`.split("\n").size
     hash = `git rev-parse --short HEAD`.strip
-    [[base_version, commits_since].join('.'), hash].join("-")
+    [[base_version, commits_since].join('.'), hash].join('-')
   else
     `git describe --long --tags --abbrev=7 --match 'v*.*.*' | sed -e 's/^v//'`.strip.tap do |version|
-      raise "No Git version (tag) for project" if version.empty?
+      raise 'No Git version (tag) for project' if version.empty?
     end
   end
 end
@@ -121,41 +118,41 @@ end
 
 def login_to_registry(appliance_image_id)
   config_file = File.expand_path('~/.docker/config.json')
-  if File.exist? config_file
-    json_config = JSON.parse(File.read(config_file))
-    registry = appliance_image_id.split('/')[0]
-
-    json_auth = json_config['auths'][registry]['auth']
-    if json_auth
-      username, password = Base64.decode64(json_auth).split(':')
-      Docker.authenticate! username: username, password: password, serveraddress: registry
-    end
-  end
+  return unless File.exist? config_file
+
+  json_config = JSON.parse(File.read(config_file))
+  registry = appliance_image_id.split('/')[0]
+
+  json_auth = json_config['auths'][registry]['auth']
+  return unless json_auth
+
+  username, password = Base64.decode64(json_auth).split(':')
+  Docker.authenticate! username:, password:, serveraddress: registry
 end
 
-desc "Clean current working directory of non-Git-managed files"
-long_desc <<DESC
-Reliable builds depend on having a clean working directory.
+desc 'Clean current working directory of non-Git-managed files'
+long_desc <<~DESC
+  Reliable builds depend on having a clean working directory.
 
-Because debify runs some commands in volume-mounted Docker containers,
-it is capable of creating root-owned files.
+  Because debify runs some commands in volume-mounted Docker containers,
+  it is capable of creating root-owned files.
 
-This command will delete all files in the working directory that are not
-git-managed. The command is designed to run in Jenkins. Therefore, it will
-only perform file deletion if:
+  This command will delete all files in the working directory that are not
+  git-managed. The command is designed to run in Jenkins. Therefore, it will
+  only perform file deletion if:
 
-* The current user, as provided by Etc.getlogin, is 'jenkins'
-* The BUILD_NUMBER environment variable is set
+  * The current user, as provided by Etc.getlogin, is 'jenkins'
+  * The BUILD_NUMBER environment variable is set
 
-File deletion can be compelled using the "force" option.
+  File deletion can be compelled using the "force" option.
 DESC
-arg_name "project-name -- <fpm-arguments>"
-command "clean" do |c|
-  c.desc "Set the current working directory"
-  c.flag [:d, "dir"]
+arg_name 'project-name -- <fpm-arguments>'
+command 'clean' do |c|
+  c.desc 'Set the current working directory'
+  c.flag [:d, 'dir']
 
   c.desc "Ignore (don't delete) a file or directory"
-  c.flag [:i, :ignore]
+  c.flag %i[i ignore]
 
   c.desc "Force file deletion even if if this doesn't look like a Jenkins environment"
   c.switch [:force]
@@ -168,9 +165,7 @@ command "clean" do |c|
 
     require 'set'
     perform_deletion = cmd_options[:force] || looks_like_jenkins?
-    unless perform_deletion
-      $stderr.puts "No --force, and this doesn't look like Jenkins. I won't actually delete anything"
-    end
+    warn "No --force, and this doesn't look like Jenkins. I won't actually delete anything" unless perform_deletion
     @ignore_list = Array(cmd_options[:ignore]) + %w[. .. .git]
 
     def ignore_file?(f)
@@ -187,16 +182,16 @@ command "clean" do |c|
       end
       find_files.compact!
       delete_files = (find_files - git_files)
-      delete_files.delete_if { |file|
+      delete_files.delete_if do |file|
         File.directory?(file) || ignore_file?(file)
-      }
+      end
       if perform_deletion
-        image = Docker::Image.create 'fromImage' => "alpine:3.19.0"
+        image = Docker::Image.create 'fromImage' => 'alpine:3.19.0'
         options = {
-          'Cmd' => ["sh", "-c", "while true; do sleep 1; done"],
+          'Cmd' => ['sh', '-c', 'while true; do sleep 1; done'],
           'Image' => image.id,
           'Binds' => [
-            [dir, "/src"].join(':'),
+            [dir, '/src'].join(':')
           ]
         }
         options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
@@ -207,10 +202,10 @@ command "clean" do |c|
             puts file
 
             file = "/src/#{file}"
-            cmd = ["rm", "-f", file]
+            cmd = ['rm', '-f', file]
 
             _, _, status = container.exec cmd, &DebugMixin::DOCKER
-            $stderr.puts "Failed to delete #{file}" unless status == 0
+            warn "Failed to delete #{file}" unless status == 0
           end
         ensure
           container.delete force: true
@@ -235,80 +230,77 @@ def copy_packages_from_container(container, package_name, dev_package_name)
   end
 end
 
-desc "Build a debian package for a project"
-long_desc <<DESC
-The package is built using fpm (https://github.com/jordansissel/fpm).
+desc 'Build a debian package for a project'
+long_desc <<~DESC
+  The package is built using fpm (https://github.com/jordansissel/fpm).
 
-The project directory is required to contain:
+  The project directory is required to contain:
 
-* A Gemfile and Gemfile.lock
-* A shell script called debify.sh
+  * A Gemfile and Gemfile.lock
+  * A shell script called debify.sh
 
-debify.sh is invoked by the package build process to create any custom
-files, other than the project source tree. For example, config files can be
-created in /opt/conjur/etc.
+  debify.sh is invoked by the package build process to create any custom
+  files, other than the project source tree. For example, config files can be
+  created in /opt/conjur/etc.
 
-The distrib folder in the project source tree is intended to create scripts
-for package pre-install, post-install etc. The distrib folder is not included
-in the deb package, so its contents should be copied to the file system or
-packaged using fpm arguments.
+  The distrib folder in the project source tree is intended to create scripts
+  for package pre-install, post-install etc. The distrib folder is not included
+  in the deb package, so its contents should be copied to the file system or
+  packaged using fpm arguments.
 
-All arguments to this command which follow the double-dash are propagated to
-the fpm command.
+  All arguments to this command which follow the double-dash are propagated to
+  the fpm command.
 DESC
-arg_name "project-name -- <fpm-arguments>"
-command "package" do |c|
-  c.desc "Set the current working directory"
-  c.flag [:d, "dir"]
+arg_name 'project-name -- <fpm-arguments>'
+command 'package' do |c|
+  c.desc 'Set the current working directory'
+  c.flag [:d, 'dir']
 
-  c.desc "Set the output file type of the fpm command (e.g rpm)"
-  c.flag [:o, :output]
+  c.desc 'Set the output file type of the fpm command (e.g rpm)'
+  c.flag %i[o output]
 
   c.desc "Specify the deb version; by default, it's read from the VERSION file"
-  c.flag [:v, :version]
+  c.flag %i[v version]
 
-  c.desc "Specify a custom Dockerfile.fpm"
+  c.desc 'Specify a custom Dockerfile.fpm'
   c.flag [:dockerfile]
 
-  c.desc "Specify files to add to the FPM image that are not included from the git repo"
+  c.desc 'Specify files to add to the FPM image that are not included from the git repo'
   c.flag [:'additional-files']
 
-  c.desc "Image name"
-  c.default_value "cyberark/ubuntu-ruby-builder"
-  c.flag [:i, :image]
+  c.desc 'Image name'
+  c.default_value 'cyberark/ubuntu-ruby-builder'
+  c.flag %i[i image]
 
-  c.desc "Image tag, e.g. 4.5-stable, 4.6-stable"
-  c.default_value "latest"
-  c.flag [:t, :'image-tag']
+  c.desc 'Image tag, e.g. 4.5-stable, 4.6-stable'
+  c.default_value 'latest'
+  c.flag %i[t image-tag]
 
   c.action do |_, cmd_options, args|
-    raise "project-name is required" unless (project_name = args.shift)
+    raise 'project-name is required' unless (project_name = args.shift)
 
     fpm_args = []
-    if (delimeter = args.shift) == '--'
-      fpm_args = args.dup
-    else
-      raise "Unexpected argument '#{delimeter}'"
-    end
+    raise "Unexpected argument '#{delimeter}'" unless (delimeter = args.shift) == '--'
+
+    fpm_args = args.dup
 
     dir = cmd_options[:dir] || '.'
     pwd = File.dirname(__FILE__)
 
     additional_files = []
-    if cmd_options[:'additional-files']
-      additional_files = cmd_options[:'additional-files'].split(',').map(&:strip)
-    end
+    additional_files = cmd_options[:'additional-files'].split(',').map(&:strip) if cmd_options[:'additional-files']
 
     dockerfile = File.read(File.expand_path('fpm/Dockerfile.template', File.dirname(__FILE__)))
-    replace_image = dockerfile.gsub("@@image@@", cmd_options[:'image'] + ":" + cmd_options[:'image-tag'])
-    File.open(File.expand_path('fpm/Dockerfile', File.dirname(__FILE__)), "w") { |file| file.puts replace_image }
+    replace_image = dockerfile.gsub('@@image@@', cmd_options[:image] + ':' + cmd_options[:'image-tag'])
+    File.open(File.expand_path('fpm/Dockerfile', File.dirname(__FILE__)), 'w') { |file| file.puts replace_image }
 
     begin
       tries ||= 2
-      fpm_image = Docker::Image.build_from_dir File.expand_path('fpm', File.dirname(__FILE__)), architecture: "x86_64", tag: "debify-fpm", &DebugMixin::DOCKER
-    rescue
+      fpm_image = Docker::Image.build_from_dir File.expand_path('fpm', File.dirname(__FILE__)),
+                                               architecture: 'x86_64', tag: 'debify-fpm', &DebugMixin::DOCKER
+    rescue StandardError
       image_id = File.readlines(File.expand_path('fpm/Dockerfile', File.dirname(__FILE__)))
-                     .find { | line | line =~ /^FROM/ }
+                     .find { |line| line =~ /^FROM/ }
                      .split(' ')
                      .last
       login_to_registry image_id
@@ -333,13 +325,13 @@ command "package" do |c|
       end
 
       # rename specified dockerfile to 'Dockerfile' during copy, incase name is different
-      dockerfile_path = cmd_options[:dockerfile] || File.expand_path("debify/Dockerfile.fpm", pwd)
-      temp_dockerfile = File.join(temp_dir, "Dockerfile")
+      dockerfile_path = cmd_options[:dockerfile] || File.expand_path('debify/Dockerfile.fpm', pwd)
+      temp_dockerfile = File.join(temp_dir, 'Dockerfile')
 
       # change image variable in specified Dockerfile
       dockerfile = File.read(dockerfile_path)
-      replace_image = dockerfile.gsub("@@image@@", fpm_image.id)
-      File.open(temp_dockerfile, "w") { |file| file.puts replace_image }
+      replace_image = dockerfile.gsub('@@image@@', fpm_image.id)
+      File.open(temp_dockerfile, 'w') { |file| file.puts replace_image }
 
       # build image from project being debified dir
       image = Docker::Image.build_from_dir temp_dir, &DebugMixin::DOCKER
@@ -363,7 +355,9 @@ command "package" do |c|
       container = Docker::Container.create options
       begin
         DebugMixin.debug_write "Packaging #{project_name} in container #{container.id}\n"
-        container.tap(&:start!).streaming_logs(follow: true, stdout: true, stderr: true) { |_, chunk| $stderr.puts "#{chunk}" }
+        container.tap(&:start!).streaming_logs(follow: true, stdout: true, stderr: true) do |_, chunk|
+          warn "#{chunk}"
+        end
         status = container.wait
         raise "Failed to package #{project_name}" unless status['StatusCode'] == 0
 
@@ -380,11 +374,11 @@ command "package" do |c|
 end
 
 def determine_file_path(file_type, architecture_map, project_name, version)
-  if file_type == "deb"
+  if file_type == 'deb'
     architecture = architecture_map[file_type]
     file_path = "conjur-#{project_name}_#{version}_#{architecture}.#{file_type}"
     dev_file_path = "conjur-#{project_name}-dev_#{version}_#{architecture}.#{file_type}"
-  elsif file_type == "rpm"
+  elsif file_type == 'rpm'
     architecture = architecture_map[file_type]
 
     # The rpm builder replaces dashes with underscores in the version
@@ -407,22 +401,22 @@ end
 
 def wait_for_conjur(container)
   container_command container, '/opt/conjur/evoke/bin/wait_for_conjur'
-rescue
-  $stderr.puts container.logs(stdout: true, stderr: true)
+rescue StandardError
+  warn container.logs(stdout: true, stderr: true)
   raise
 end
 
 def network_options(cmd)
-  cmd.desc "Specify link for test container"
-  cmd.flag [:l, :link], :multiple => true
+  cmd.desc 'Specify link for test container'
+  cmd.flag %i[l link], multiple: true
 
   cmd.desc 'Attach to the specified network'
-  cmd.flag [:n, :net]
+  cmd.flag %i[n net]
 end
 
 def short_id(id)
   if id =~ /\A[0-9a-f]{64}\z/ # 64 hex digits, docker only allows lower case letters in ids
-    $stderr.puts "Warning: found full container id, using short id instead (#{id[0..11]} for #{id})"
+    warn "Warning: found full container id, using short id instead (#{id[0..11]} for #{id})"
     id[0..11]
   else
     id
@@ -459,59 +453,59 @@ def add_network_config(container_config, cmd_options)
   end
 end
 
-desc "Test a Conjur debian package in a Conjur appliance container"
-long_desc <<DESC
-First, a Conjur appliance container is created and started. By default, the
-container image is registry.tld/conjur-appliance-cuke-master. An image tag
-MUST be supplied. This image is configured with all the CONJUR_ environment
-variables setup for the local environment (appliance URL, cert path, admin username and
-password, etc). The project source tree is also mounted into the container, at
-/src/<project-name>.
+desc 'Test a Conjur debian package in a Conjur appliance container'
+long_desc <<~DESC
+  First, a Conjur appliance container is created and started. By default, the
+  container image is registry.tld/conjur-appliance-cuke-master. An image tag
+  MUST be supplied. This image is configured with all the CONJUR_ environment
+  variables setup for the local environment (appliance URL, cert path, admin username and
+  password, etc). The project source tree is also mounted into the container, at
+  /src/<project-name>.
 
-This command then waits for Conjur to initialize and be healthy. It proceeds by
-installing the conjur-<project-name>_<version>_amd64.deb from the project working directory.
+  This command then waits for Conjur to initialize and be healthy. It proceeds by
+  installing the conjur-<project-name>_<version>_amd64.deb from the project working directory.
 
-Then the evoke "test-install" command is used to install the test code in the
-/src/<project-name>. Basically, the development bundle is installed and the database
-configuration (if any) is setup.
+  Then the evoke "test-install" command is used to install the test code in the
+  /src/<project-name>. Basically, the development bundle is installed and the database
+  configuration (if any) is setup.
 
-Finally, a test script from the project source tree is run, again with the container
-id as the program argument.
+  Finally, a test script from the project source tree is run, again with the container
+  id as the program argument.
 
-Then the Conjur container is deleted (use --keep to leave it running).
+  Then the Conjur container is deleted (use --keep to leave it running).
 DESC
-arg_name "project-name test-script"
-command "test" do |c|
-  c.desc "Set the current working directory"
-  c.flag [:d, :dir]
+arg_name 'project-name test-script'
+command 'test' do |c|
+  c.desc 'Set the current working directory'
+  c.flag %i[d dir]
 
-  c.desc "Keep the Conjur appliance container after the command finishes"
+  c.desc 'Keep the Conjur appliance container after the command finishes'
   c.default_value false
-  c.switch [:k, :keep]
+  c.switch %i[k keep]
 
-  c.desc "Image name"
-  c.default_value "registry.tld/conjur-appliance-cuke-master"
-  c.flag [:i, :image]
+  c.desc 'Image name'
+  c.default_value 'registry.tld/conjur-appliance-cuke-master'
+  c.flag %i[i image]
 
-  c.desc "Image tag, e.g. 4.5-stable, 4.6-stable"
-  c.flag [:t, "image-tag"]
+  c.desc 'Image tag, e.g. 4.5-stable, 4.6-stable'
+  c.flag [:t, 'image-tag']
 
   c.desc "'docker pull' the Conjur container image"
   c.default_value true
   c.switch [:pull]
 
   c.desc "Specify the deb version; by default, it's read from the VERSION file"
-  c.flag [:v, :version]
+  c.flag %i[v version]
 
-  c.desc "Specify volume for test container"
-  c.flag [:'volumes-from'], :multiple => true
+  c.desc 'Specify volume for test container'
+  c.flag [:'volumes-from'], multiple: true
 
   network_options(c)
 
   c.action do |global_options, cmd_options, args|
-    raise "project-name is required" unless (project_name = args.shift)
-    raise "test-script is required" unless (test_script = args.shift)
-    raise "Received extra command-line arguments" if args.shift
+    raise 'project-name is required' unless (project_name = args.shift)
+    raise 'test-script is required' unless (test_script = args.shift)
+    raise 'Received extra command-line arguments' if args.shift
 
     dir = cmd_options[:dir] || '.'
     dir = File.expand_path(dir)
@@ -520,8 +514,8 @@ command "test" do |c|
     raise "Directory #{dir} does not contain a .deb file" unless Dir["#{dir}/*.deb"].length >= 1
 
     Dir.chdir dir do
-      image_tag = cmd_options["image-tag"] or raise "image-tag is required"
-      appliance_image_id = [cmd_options[:image], image_tag].join(":")
+      image_tag = cmd_options['image-tag'] or raise 'image-tag is required'
+      appliance_image_id = [cmd_options[:image], image_tag].join(':')
       version = cmd_options[:version] || detect_version
       package_name = "conjur-#{project_name}_#{version}_amd64.deb"
       dev_package_name = "conjur-#{project_name}-dev_#{version}_amd64.deb"
@@ -531,24 +525,23 @@ command "test" do |c|
       begin
         tries ||= 2
         Docker::Image.create 'fromImage' => appliance_image_id, &DebugMixin::DOCKER if cmd_options[:pull]
-      rescue
+      rescue StandardError
         login_to_registry appliance_image_id
         retry unless (tries -= 1).zero?
       end
 
-
       def build_test_image(appliance_image_id, project_name, packages)
-        packages = packages.join " "
-        dockerfile = <<-DOCKERFILE
-FROM #{appliance_image_id}
+        packages = packages.join ' '
+        dockerfile = <<~DOCKERFILE
+          FROM #{appliance_image_id}
 
-COPY #{packages} /tmp/
+          COPY #{packages} /tmp/
 
-RUN if dpkg --list | grep conjur-#{project_name}; then dpkg --force all --purge conjur-#{project_name}; fi
-RUN if [ -f /opt/conjur/etc/#{project_name}.conf ]; then rm /opt/conjur/etc/#{project_name}.conf; fi
-RUN cd /tmp; dpkg --install #{packages}
+          RUN if dpkg --list | grep conjur-#{project_name}; then dpkg --force all --purge conjur-#{project_name}; fi
+          RUN if [ -f /opt/conjur/etc/#{project_name}.conf ]; then rm /opt/conjur/etc/#{project_name}.conf; fi
+          RUN cd /tmp; dpkg --install #{packages}
 
-RUN touch /etc/service/conjur/down
+          RUN touch /etc/service/conjur/down
         DOCKERFILE
         Dir.mktmpdir do |tmpdir|
           tmpfile = Tempfile.new('Dockerfile', tmpdir)
@@ -557,7 +550,7 @@ RUN touch /etc/service/conjur/down
           tar_cmd = "tar -cvzh -C #{tmpdir} #{dockerfile_name} -C #{Dir.pwd} #{packages}"
           tar = open("| #{tar_cmd}")
           begin
-            Docker::Image.build_from_tar(tar, :dockerfile => dockerfile_name, &DebugMixin::DOCKER)
+            Docker::Image.build_from_tar(tar, dockerfile: dockerfile_name, &DebugMixin::DOCKER)
           ensure
             tar.close
           end
@@ -570,7 +563,7 @@ RUN touch /etc/service/conjur/down
       begin
         tries ||= 2
         appliance_image = build_test_image(appliance_image_id, project_name, packages)
-      rescue
+      rescue StandardError
         login_to_registry appliance_image_id
         retry unless (tries -= 1).zero?
       end
@@ -597,7 +590,10 @@ RUN touch /etc/service/conjur/down
       host_config = options['HostConfig']
 
       host_config['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
-      host_config['VolumesFrom'] = cmd_options[:'volumes-from'] if cmd_options[:'volumes-from'] && !cmd_options[:'volumes-from'].empty?
+      if cmd_options[:'volumes-from'] && !cmd_options[:'volumes-from'].empty?
+        host_config['VolumesFrom'] =
+          cmd_options[:'volumes-from']
+      end
 
       add_network_config(options, cmd_options)
 
@@ -607,21 +603,24 @@ RUN touch /etc/service/conjur/down
           .push([dot_bundle_dir, "/src/#{project_name}/.bundle"].join(':'))
       end
 
-      container = Docker::Container.create(options.tap { |o| DebugMixin.debug_write "creating container with options #{o.inspect}" })
+      container = Docker::Container.create(options.tap do |o|
+                                             DebugMixin.debug_write "creating container with options #{o.inspect}"
+                                           end)
 
       begin
         DebugMixin.debug_write "Testing #{project_name} in container #{container.id}\n"
 
-        spawn("docker logs -f #{container.id}", [:out, :err] => $stderr).tap do |pid|
+        spawn("docker logs -f #{container.id}", %i[out err] => $stderr).tap do |pid|
           Process.detach pid
         end
         container.start!
 
         # Wait for pg/main so that migrations can run
         30.times do
-          stdout, _, exitcode = container.exec %w(sv status pg/main), &DebugMixin::DOCKER
+          stdout, _, exitcode = container.exec %w[sv status pg/main], &DebugMixin::DOCKER
           status = stdout.join
           break if exitcode == 0 && status =~ /^run/
+
           sleep 1
         end
 
@@ -634,15 +633,15 @@ RUN touch /etc/service/conjur/down
 
         DebugMixin.debug_write "Starting conjur\n"
 
-        container_command container, "rm", "/etc/service/conjur/down"
-        container_command container, "sv", "start", "conjur"
+        container_command container, 'rm', '/etc/service/conjur/down'
+        container_command container, 'sv', 'start', 'conjur'
         wait_for_conjur container
 
         system "./#{test_script} #{container.id}"
         exit_now! "#{test_script} failed with exit code #{$?.exitstatus}", $?.exitstatus unless $?.exitstatus == 0
       ensure
         unless cmd_options[:keep] || ENV['KEEP_CONTAINERS']
-          DebugMixin.debug_write "deleting container"
+          DebugMixin.debug_write 'deleting container'
           container.delete(force: true)
         end
       end
@@ -650,30 +649,30 @@ RUN touch /etc/service/conjur/down
   end
 end
 
-desc "Setup a development sandbox for a Conjur debian package in a Conjur appliance container"
-long_desc <<DESC
-First, a Conjur appliance container is created and started. By default, the
-container image is registry.tld/conjur-appliance-cuke-master. An image tag
-MUST be supplied. This image is configured with all the CONJUR_ environment
-variables setup for the local environment (appliance URL, cert path, admin username and
-password, etc). The project source tree is also mounted into the container, at
-/src/<project-name>, where <project-name> is taken from the name of the current working directory.
+desc 'Setup a development sandbox for a Conjur debian package in a Conjur appliance container'
+long_desc <<~DESC
+  First, a Conjur appliance container is created and started. By default, the
+  container image is registry.tld/conjur-appliance-cuke-master. An image tag
+  MUST be supplied. This image is configured with all the CONJUR_ environment
+  variables setup for the local environment (appliance URL, cert path, admin username and
+  password, etc). The project source tree is also mounted into the container, at
+  /src/<project-name>, where <project-name> is taken from the name of the current working directory.
 
-Once in the container, use "/opt/conjur/evoke/bin/dev-install" to install the development bundle of your project.
+  Once in the container, use "/opt/conjur/evoke/bin/dev-install" to install the development bundle of your project.
 DESC
-command "sandbox" do |c|
-  c.desc "Set the current working directory"
-  c.flag [:d, :dir]
+command 'sandbox' do |c|
+  c.desc 'Set the current working directory'
+  c.flag %i[d dir]
 
-  c.desc "Image name"
-  c.default_value "registry.tld/conjur-appliance-cuke-master"
-  c.flag [:i, :image]
+  c.desc 'Image name'
+  c.default_value 'registry.tld/conjur-appliance-cuke-master'
+  c.flag %i[i image]
 
-  c.desc "Image tag, e.g. 4.5-stable, 4.6-stable"
-  c.flag [:t, "image-tag"]
+  c.desc 'Image tag, e.g. 4.5-stable, 4.6-stable'
+  c.flag [:t, 'image-tag']
 
-  c.desc "Bind another source directory into the container. Use <src>:<dest>, where both are full paths."
-  c.flag [:"bind"], :multiple => true
+  c.desc 'Bind another source directory into the container. Use <src>:<dest>, where both are full paths.'
+  c.flag [:bind], multiple: true
 
   c.desc "'docker pull' the Conjur container image"
   c.default_value false
@@ -681,11 +680,11 @@ command "sandbox" do |c|
 
   network_options(c)
 
-  c.desc "Specify volume for container"
-  c.flag [:'volumes-from'], :multiple => true
+  c.desc 'Specify volume for container'
+  c.flag [:'volumes-from'], multiple: true
 
-  c.desc "Expose a port from the container to host. Use <host>:<container>."
-  c.flag [:p, :port], :multiple => true
+  c.desc 'Expose a port from the container to host. Use <host>:<container>.'
+  c.flag %i[p port], multiple: true
 
   c.desc 'Run dev-install in /src/<project-name>'
   c.default_value false
@@ -696,10 +695,10 @@ command "sandbox" do |c|
   c.switch [:kill]
 
   c.desc 'A command to run in the sandbox'
-  c.flag [:c, :command]
+  c.flag %i[c command]
 
   c.action do |global_options, cmd_options, args|
-    raise "Received extra command-line arguments" if args.shift
+    raise 'Received extra command-line arguments' if args.shift
 
     dir = cmd_options[:dir] || '.'
     dir = File.expand_path(dir)
@@ -707,20 +706,23 @@ command "sandbox" do |c|
     raise "Directory #{dir} does not exist or is not a directory" unless File.directory?(dir)
 
     Dir.chdir dir do
-      image_tag = cmd_options["image-tag"] or raise "image-tag is required"
-      appliance_image_id = [cmd_options[:image], image_tag].join(":")
+      image_tag = cmd_options['image-tag'] or raise 'image-tag is required'
+      appliance_image_id = [cmd_options[:image], image_tag].join(':')
 
       appliance_image = if cmd_options[:pull]
-        begin
-          tries ||= 2
-          Docker::Image.create 'fromImage' => appliance_image_id, &DebugMixin::DOCKER if cmd_options[:pull]
-        rescue
-          login_to_registry appliance_image_id
-          retry unless (tries -= 1).zero?
-        end
-      else
-        Docker::Image.get appliance_image_id
-      end
+                          begin
+                            tries ||= 2
+                            if cmd_options[:pull]
+                              Docker::Image.create 'fromImage' => appliance_image_id,
+&DebugMixin::DOCKER
+                            end
+                          rescue StandardError
+                            login_to_registry appliance_image_id
+                            retry unless (tries -= 1).zero?
+                          end
+                        else
+                          Docker::Image.get appliance_image_id
+                        end
 
       project_name = File.basename(Dir.getwd)
       vendor_dir = File.expand_path("tmp/debify/#{project_name}/vendor", ENV['HOME'])
@@ -742,8 +744,8 @@ command "sandbox" do |c|
 
       options['HostConfig'] = host_config = {}
       host_config['Binds'] = [
-        [File.expand_path(".ssh/id_rsa", ENV['HOME']), "/root/.ssh/id_rsa", 'ro'].join(':'),
-        [dir, "/src/#{project_name}"].join(':'),
+        [File.expand_path('.ssh/id_rsa', ENV['HOME']), '/root/.ssh/id_rsa', 'ro'].join(':'),
+        [dir, "/src/#{project_name}"].join(':')
       ] + Array(cmd_options[:bind])
 
       if global_options[:'local-bundle']
@@ -761,88 +763,92 @@ command "sandbox" do |c|
         port_bindings = Hash.new({})
         cmd_options[:port].each do |mapping|
           hport, cport = mapping.split(':')
-          port_bindings["#{cport}/tcp"] = [{'HostPort' => hport}]
+          port_bindings["#{cport}/tcp"] = [{ 'HostPort' => hport }]
         end
         host_config['PortBindings'] = port_bindings
       end
 
       if cmd_options[:kill]
-        previous = Docker::Container.get(options['name']) rescue nil
-        previous.delete(:force => true) if previous
+        previous = begin
+          Docker::Container.get(options['name'])
+        rescue StandardError
+          nil
+        end
+        previous.delete(force: true) if previous
       end
 
-      container = Docker::Container.create(options.tap { |o| DebugMixin.debug_write "creating container with options #{o.inspect}" })
+      container = Docker::Container.create(options.tap do |o|
+                                             DebugMixin.debug_write "creating container with options #{o.inspect}"
+                                           end)
       $stdout.puts container.id
       container.start!
 
       wait_for_conjur container
 
       if cmd_options[:'dev-install']
-        container_command(container, "/opt/conjur/evoke/bin/dev-install", project_name)
+        container_command(container, '/opt/conjur/evoke/bin/dev-install', project_name)
         container_command(container, 'sv', 'restart', "conjur/#{project_name}")
       end
 
-      if cmd_options[:command]
-        container_command(container, '/bin/bash', '-c', cmd_options[:command])
-      end
+      container_command(container, '/bin/bash', '-c', cmd_options[:command]) if cmd_options[:command]
     end
   end
 end
 
-desc "Publish a debian package to apt repository"
-long_desc <<DESC
-Publishes a deb created with `debify package` to our private apt repository.
+desc 'Publish a debian package to apt repository'
+long_desc <<~DESC
+  Publishes a deb created with `debify package` to our private apt repository.
 
-"distribution" should match the major/minor version of the Conjur appliance you want to install to.
+  "distribution" should match the major/minor version of the Conjur appliance you want to install to.
 
-The package name is a required option. The package version can be specified as a CLI option, or it will
-be auto-detected from Git.
+  The package name is a required option. The package version can be specified as a CLI option, or it will
+  be auto-detected from Git.
 
---component should be 'stable' if run after package tests pass or 'testing' if the package is not yet ready for release.
-If you don't specify the component, it will be set to 'testing' unless the current git branch is 'master' or 'origin/master'.
-The git branch is first detected from the env var GIT_BRANCH or BRANCH_NAME, and then by checking `git rev-parse --abbrev-ref HEAD`
-(which won't give you the answer you want when detached).
+  --component should be 'stable' if run after package tests pass or 'testing' if the package is not yet ready for release.
+  If you don't specify the component, it will be set to 'testing' unless the current git branch is 'master' or 'origin/master'.
+  The git branch is first detected from the env var GIT_BRANCH or BRANCH_NAME, and then by checking `git rev-parse --abbrev-ref HEAD`
+  (which won't give you the answer you want when detached).
 
 DESC
-arg_name "distribution project-name"
-command "publish" do |c|
-  c.desc "Set the current working directory"
-  c.flag [:d, :dir]
+arg_name 'distribution project-name'
+command 'publish' do |c|
+  c.desc 'Set the current working directory'
+  c.flag %i[d dir]
 
   c.desc "Specify the deb package version; by default, it's computed automatically"
-  c.flag [:v, :version]
+  c.flag %i[v version]
 
   c.desc "Component to publish to, either 'stable' or the name of the git branch"
-  c.flag [:c, :component]
+  c.flag %i[c component]
 
-  c.desc "Artifactory URL to publish to"
-  c.default_value "https://conjurinc.jfrog.io/conjurinc"
-  c.flag [:u, :url]
+  c.desc 'Artifactory URL to publish to'
+  c.default_value 'https://conjurinc.jfrog.io/conjurinc'
+  c.flag %i[u url]
 
-  c.desc "Artifactory Debian repo to publish package to"
-  c.default_value "debian-private"
-  c.flag [:r, :repo]
+  c.desc 'Artifactory Debian repo to publish package to'
+  c.default_value 'debian-private'
+  c.flag %i[r repo]
 
-  c.desc "Artifactory RPM repo to publish package to"
-  c.default_value "redhat-private"
+  c.desc 'Artifactory RPM repo to publish package to'
+  c.default_value 'redhat-private'
   c.flag ['rpm-repo']
 
   c.action do |_, cmd_options, args|
     require 'conjur/debify/action/publish'
-    raise "distribution is required" unless (distribution = args.shift)
-    raise "project-name is required" unless (project_name = args.shift)
-    raise "Received extra command-line arguments" if args.shift
+    raise 'distribution is required' unless (distribution = args.shift)
+    raise 'project-name is required' unless (project_name = args.shift)
+    raise 'Received extra command-line arguments' if args.shift
 
     Conjur::Debify::Action::Publish.new(distribution, project_name, cmd_options).run
   end
 end
 
-desc "Auto-detect and print the repository version"
-command "detect-version" do |c|
-  c.desc "Set the current working directory"
-  c.flag [:d, :dir]
+desc 'Auto-detect and print the repository version'
+command 'detect-version' do |c|
+  c.desc 'Set the current working directory'
+  c.flag %i[d dir]
   c.action do |_, cmd_options, args|
-    raise "Received extra command-line arguments" if args.shift
+    raise 'Received extra command-line arguments' if args.shift
 
     dir = cmd_options[:dir] || '.'
     dir = File.expand_path(dir)
@@ -860,7 +866,7 @@ arg_name 'configuration'
 command 'config' do |c|
   c.action do |_, _, args|
     raise 'no configuration provided' unless (config = args.shift)
-    raise "Received extra command-line arguments" if args.shift
+    raise 'Received extra command-line arguments' if args.shift
 
     File.open(File.join('distrib', config)).each do |line|
       puts line.gsub(/@@DEBIFY_VERSION@@/, Conjur::Debify::VERSION)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: conjur-debify
 version: !ruby/object:Gem::Version
-  version: 3.0.3.pre.10
+  version: 3.0.3.pre.145
 platform: ruby
 authors:
 - CyberArk Software, Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-01-11 00:00:00.000000000 Z
+date: 2024-07-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gli