git-safe 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 2b7839df797b7a01ee24bafccc8f6086ed5142ffbe7d7cf5901899a410e895d6
+  data.tar.gz: 0032cd4ceed5039f1e0e3b60cb872ec8a68aa3cbfe17e745198b2842c19cb329
+SHA512:
+  metadata.gz: 68d399eb56a55c992bcc12f7d4bf7e3f87b1a2b3a670e93bffba1d27703d70d3ee117eb28a6a66a1a90671cca2242d1f40720a4040366d951735562d8df9fa5c
+  data.tar.gz: 9ab7a7a5e919e57787702a2300dacdb006a35339a6a1d0fa6850d6360178ce1f23328ea4df45a5e364ac64de5f1eb1b46a9fcf8a64655ab1bdebb1d32a9ac977

data/.gitignore

@@ -0,0 +1,12 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status
+spec/support/working-dirs/*

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.travis.yml

@@ -0,0 +1,7 @@
+---
+sudo: false
+language: ruby
+cache: bundler
+rvm:
+  - 2.6.5
+before_install: gem install bundler -v 1.17.2

data/Gemfile

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in git-safe.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,45 @@
+PATH
+  remote: .
+  specs:
+    git-safe (0.1.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    coderay (1.1.2)
+    diff-lcs (1.4.4)
+    method_source (1.0.0)
+    pry (0.13.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    rake (10.5.0)
+    rspec (3.9.0)
+      rspec-core (~> 3.9.0)
+      rspec-expectations (~> 3.9.0)
+      rspec-mocks (~> 3.9.0)
+    rspec-core (3.9.3)
+      rspec-support (~> 3.9.3)
+    rspec-expectations (3.9.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.9.0)
+    rspec-its (1.3.0)
+      rspec-core (>= 3.0.0)
+      rspec-expectations (>= 3.0.0)
+    rspec-mocks (3.9.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.9.0)
+    rspec-support (3.9.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.17)
+  git-safe!
+  pry
+  rake (~> 10.0)
+  rspec (~> 3.0)
+  rspec-its (~> 1.3)
+
+BUNDLED WITH
+   1.17.2

data/README.md

@@ -0,0 +1,43 @@
+# Git::Safe
+
+This ruby git gem can safely be executed in concurrent environments with multiple ssh keys
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'git-safe'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install git-safe
+
+## Usage
+Configuration
+```ruby
+require 'git_safe'
+GitPusher.configure do |config|
+  config.logger = Logger.new(STDOUT)
+end
+```
+
+Initialize with work_tree and an optional ssh_private_key (string or path)
+```ruby
+git_safe = GitSafe.init('/my/work/tree', ssh_private_key: 'path-to-file-or-string')
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/git-safe.

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "git/safe"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/git-safe.gemspec

@@ -0,0 +1,31 @@
+
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "git-safe/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "git-safe"
+  spec.version       = GitSafe::VERSION
+  spec.authors       = ["Perry Hertler"]
+  spec.email         = ["perry@hertler.org"]
+
+  spec.summary       = %q{A concurrent-safe way to perform multiple ssh configuration git operations against "origin".}
+  spec.description   = %q{Some applications need to access git "origin" from multiple threads or processes with different security access approaches. This gem makes it possible}
+  spec.homepage      = "https://github.com/perrqh/git-safe-ruby"
+
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.17"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "rspec-its", "~> 1.3"
+  spec.add_development_dependency "pry"
+end

data/lib/git-safe/command_error.rb

@@ -0,0 +1,3 @@
+module GitSafe
+  class CommandError < StandardError; end
+end

data/lib/git-safe/configuration.rb

@@ -0,0 +1,46 @@
+module GitSafe
+  class Configuration
+    OPTIONS = {
+      logger:                              ::Logger.new(STDOUT),
+      branch:                              'master',
+      remote:                              'origin',
+      clone_command_repo_dir_replace_text: '<REPO_DIR>',
+      ssh_private_key:                     nil, # path or string
+    }.freeze
+
+    # Defines accessors for all OPTIONS
+    OPTIONS.each_pair do |key, _value|
+      attr_accessor key
+    end
+
+    # Initializes defaults to be the environment varibales of the same names
+    def initialize
+      OPTIONS.each_pair do |key, value|
+        send("#{key}=", value)
+      end
+    end
+
+    # Allows config options to be read like a hash
+    #
+    # @param [Symbol] option Key for a given attribute
+    def [](option)
+      send(option)
+    end
+
+    # Returns a hash of all configurable options
+    def to_hash
+      OPTIONS.each_with_object({}) do |option, hash|
+        key       = option.first
+        hash[key] = send(key)
+      end
+    end
+
+    # Returns a hash of all configurable options merged with +hash+
+    #
+    # @param [Hash] hash A set of configuration options that will take 
+    # precedence over the defaults
+    def merge(hash)
+      to_hash.merge(hash)
+    end
+  end
+end

data/lib/git-safe/git.rb

@@ -0,0 +1,160 @@
+require 'open3'
+
+module GitSafe
+  class Git
+    include PrivateKeyFile
+
+    attr_reader :options, :work_tree, :ssh_private_key, :logger
+
+    def initialize(work_tree, options)
+      @work_tree       = work_tree
+      @options         = options
+      @ssh_private_key = options[:ssh_private_key]
+      @logger          = options[:logger]
+      FileUtils.mkdir_p(work_tree)
+    end
+
+    def init
+      execute_git_cmd("git #{git_locale} init")
+    end
+
+    def status
+      execute_git_cmd("git #{git_locale} status")
+    end
+
+    def config_set(name_values = {})
+      name_values.keys.each do |key|
+        execute_git_cmd("git #{git_locale} config #{key} #{name_values[key]}") if name_values[key]
+      end
+    end
+
+    def config_get(name)
+      execute_git_cmd("git #{git_locale} config #{name}")
+    end
+
+    def add_and_commit(commit_msg)
+      execute_git_cmd("git #{git_locale} add .")
+      execute_git_cmd("git #{git_locale} commit -m '#{commit_msg}'")
+    end
+
+    def last_commit_sha
+      execute_git_cmd("git #{git_locale} rev-parse HEAD")
+    end
+
+    def last_commit_timestamp
+      execute_git_cmd("git #{git_locale} log -1 --format=%cd ")
+    end
+
+    def branch_a
+      execute_git_cmd("git #{git_locale} branch -a")
+    end
+
+    def checkout(branch: nil, create: false, sha: nil)
+      co          = "git #{git_locale} checkout"
+      create_flag = create ? ' -b' : ''
+      if branch
+        co = "#{co}#{create_flag} #{branch}"
+      elsif sha
+        co = "#{co} #{sha}"
+      end
+      execute_git_cmd(co)
+    end
+
+    def merge(to_merge_name)
+      execute_git_cmd("git #{git_locale} merge #{to_merge_name}")
+    end
+
+    def push(remote: 'origin', branch: 'master', force: false)
+      force_flag = force ? '-f ' : ''
+      execute_git_cmd("git #{git_locale} push #{force_flag}#{remote} #{branch}")
+    end
+
+    def fetch
+      execute_git_cmd("#{ssh_cmd}git #{git_locale} fetch")
+    ensure
+      safe_unlink_private_key_tmp_file
+    end
+
+    def pull(branch: 'master')
+      execute_git_cmd("#{ssh_cmd}git #{git_locale} pull origin #{branch}")
+    ensure
+      safe_unlink_private_key_tmp_file
+    end
+
+    def clone(remote_uri, depth: nil)
+      if options[:clone_command]
+        execute_git_cmd(options[:clone_command].gsub(options[:clone_command_repo_dir_replace_text], work_tree))
+      else
+        depth_cmd = depth ? " --depth=#{depth}" : ''
+        execute_git_cmd("#{ssh_cmd}git clone #{remote_uri}#{depth_cmd} #{work_tree}")
+      end
+    ensure
+      safe_unlink_private_key_tmp_file
+    end
+
+    def git_locale
+      "#{work_tree_flag} --git-dir=#{work_tree}/.git"
+    end
+
+    def work_tree_flag
+      "--work-tree=#{work_tree}"
+    end
+
+    def add_remote(uri, name: 'origin')
+      execute_git_cmd("git #{git_locale} remote add #{name} #{uri}")
+    end
+
+    def has_remote?
+      git_config&.match(/\[remote/)
+    end
+
+    def remotes
+      return [] unless has_git_config? && remote_strs = execute_git_cmd("git #{git_locale} remote -v")
+
+      remote_strs.split("\n").collect do |remote_str|
+        name, uri, type = remote_str.split(' ')
+        { name: name,
+          uri:  uri,
+          type: type.gsub('(', '').gsub(')', '') }
+      end
+    end
+
+    def clone_or_fetch_and_merge(remote_uri, branch: 'master', remote_name: 'origin', depth: nil, force_fresh_clone: false, git_config: {})
+      delete_work_tree if force_fresh_clone
+
+      unless has_remote?
+        clone(remote_uri, depth: depth)
+      end
+
+      config_set(git_config)
+      fetch
+      checkout(branch: branch)
+      merge("#{remote_name}/#{branch}")
+    end
+
+    def git_config
+      File.read(git_config_path) if has_git_config?
+    end
+
+    def has_git_config?
+      File.exists?(git_config_path)
+    end
+
+    def git_config_path
+      "#{work_tree}/.git/config"
+    end
+
+    def delete_work_tree
+      FileUtils.rm_rf(work_tree) if Dir.exists?(work_tree)
+    end
+
+    alias_method :work_tree_is_git_repo?, :has_git_config?
+
+    def execute_git_cmd(git_cmd)
+      stdout_str, stderr_str, status = Open3.capture3(git_cmd)
+      raise CommandError.new("error executing '#{git_cmd}', status: #{status.exitstatus}, std_error: #{stderr_str}") unless status.exitstatus == 0
+
+      [stdout_str, stderr_str].reject { |out| out.nil? || out.strip == '' }.join(',')
+    end
+  end
+end

data/lib/git-safe/private_key_file.rb

@@ -0,0 +1,28 @@
+module GitSafe
+  module PrivateKeyFile
+    def ssh_cmd
+      return '' unless ssh_private_key_file_path
+      "GIT_SSH_COMMAND=\"ssh -i #{ssh_private_key_file_path} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no\" "
+    end
+
+    def ssh_private_key_file_path
+      return unless ssh_private_key
+
+      if File.exist?(ssh_private_key)
+        logger.info('ssh_private_key key is a file')
+        ssh_private_key
+      else
+        logger.info('ssh_private_key key is a string')
+        ssh_tempfile.private_key_temp_file.path
+      end
+    end
+
+    def ssh_tempfile
+      @ssh_tempfile ||= SshTempfile.new(ssh_private_key)
+    end
+
+    def safe_unlink_private_key_tmp_file
+      ssh_tempfile&.safe_unlink_private_key_tmp_file
+    end
+  end
+end

data/lib/git-safe/ssh_tempfile.rb

@@ -0,0 +1,24 @@
+module GitSafe
+  class SshTempfile
+    attr_reader :private_key_string, :private_key_temp_file
+
+    def initialize(private_key_string)
+      @private_key_string    = private_key_string
+      @private_key_temp_file = create_private_key_tmp_file
+    end
+
+    def safe_unlink_private_key_tmp_file
+      private_key_temp_file&.unlink
+    end
+
+    def create_private_key_tmp_file
+      tf = Tempfile.new('git-ssh-wrapper')
+      tf << private_key_string
+      tf.puts('') # required for openssh keys
+      tf.chmod(0600)
+      tf.flush
+      tf.close
+      tf
+    end
+  end
+end

data/lib/git-safe/version.rb

@@ -0,0 +1,3 @@
+module GitSafe
+    VERSION = "0.1.0"
+end

data/lib/git_safe.rb

@@ -0,0 +1,37 @@
+require 'logger'
+require 'git-safe/ssh_tempfile'
+require 'git-safe/private_key_file'
+require 'git-safe/command_error'
+require 'git-safe/git'
+require 'git-safe/configuration'
+
+module GitSafe
+  class << self
+    def init(work_tree, options = {})
+      Git.new(work_tree, configuration.merge(options))
+    end
+
+    # A GitSafe configuration object. Must act like a hash and
+    # return sensible values for all GitSafe configuration options.
+    #
+    # @see GitSafe::Configuration.
+    attr_writer :configuration
+
+    # The configuration object.
+    #
+    # @see GitSafe.configure
+    def configuration
+      @configuration ||= Configuration.new
+    end
+
+    # Call this method to modify defaults in your initializers.
+    #
+    # @example
+    #   GitSafe.configure do |config|
+    #     config.logger          = Logger.new(STDOUT)
+    #   end
+    def configure
+      yield(configuration)
+    end
+  end
+end

metadata

@@ -0,0 +1,131 @@
+--- !ruby/object:Gem::Specification
+name: git-safe
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Perry Hertler
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2020-10-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.17'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.17'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Some applications need to access git "origin" from multiple threads or
+  processes with different security access approaches. This gem makes it possible
+email:
+- perry@hertler.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- Gemfile.lock
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- git-safe.gemspec
+- lib/git-safe/command_error.rb
+- lib/git-safe/configuration.rb
+- lib/git-safe/git.rb
+- lib/git-safe/private_key_file.rb
+- lib/git-safe/ssh_tempfile.rb
+- lib/git-safe/version.rb
+- lib/git_safe.rb
+homepage: https://github.com/perrqh/git-safe-ruby
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: A concurrent-safe way to perform multiple ssh configuration git operations
+  against "origin".
+test_files: []