parse_a_changelog 1.3.2 → 1.3.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 594f7864c6c0796a0b7ca594e7a3ae300c40d95de69503965e344d59262ecc53
-  data.tar.gz: 9ca6b5ccb862ee81fbb5eaec6b1b86b020ff7db0ec8bf7f527024936bc32d03b
+  metadata.gz: 684eac9caf9ec74bb72c8dd649d71b47baf57c698d11f34ef9d30d49e4b7ebf2
+  data.tar.gz: f3c459ea80b75a2f25f62e9000d9e4863f8177e05db04e42ccda47641f37e313
 SHA512:
-  metadata.gz: 5a184949c38c71e5519d66477c32b2235f2a0dc98eef5785658c419c07de1a8f17b026d7edab61d5b987a0aa31493330432d7f5bd449c09802f0ab37a3fc6b85
-  data.tar.gz: effa83d57427feeab570a95166c7d7eb09274736b9d25021539ea0530081736a81bca0345b365fbba1ff6cfea13d18c14281a7e91930d77757b2309673c9ee13
+  metadata.gz: 873fe4fe84e8c8f8ca7822f243c582f072d787d80070954618d0b77078214e9de7ffb0cf5741f113ce9b85b12101d52c3af7dc10e59127a56a8c3fb2cf1a65c3
+  data.tar.gz: 22e35de5e29599402757262c5ef93863f246712bd57592841b699d7e8beb66c4590085a494fffc97ad2b6183ad496b08f7059194b1f8c9a27a36a0491b680c8b

data/.gitignore

@@ -1,2 +1,4 @@
 .bundle/
 rspec_junit.xml
+# Temporary directory to store the CyberArk proxy CA certificate
+build_ca_certificate/

data/CHANGELOG.md

@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## [1.3.3] - 2024-11-08
+### Changed
+- Decrease Docker image size by using ruby:3-alpine base image (CNJR-5578)
+
 ## [1.3.2] - 2024-11-05
 ### Changed
 - Use internal auto release process (CNJR-5578)

data/Dockerfile

@@ -1,4 +1,7 @@
-FROM ruby:3
+FROM ruby:3-alpine
+
+# We use git in the Gemspec file
+RUN apk update && apk add --no-cache git
 
 RUN gem install bundler --no-document
 

data/Jenkinsfile

@@ -17,7 +17,12 @@ if (params.MODE == "PROMOTE") {
     // Any publishing of targetVersion artifacts occur here
     // Anything added to assetDirectory will be attached to the Github Release
 
-    infrapool.agentSh "./publish.sh v${targetVersion}"
+    // Pull existing images from internal registry in order to promote
+    infrapool.agentSh """
+      docker pull registry.tld/parse-a-changelog:${sourceVersion}
+      # Promote source version to target version.
+      ./publish.sh --promote --source ${sourceVersion} --target ${targetVersion}
+    """
 
     // Ensure the working directory is a safe git directory for the subsequent
     // promotion operations after this block.
@@ -121,6 +126,15 @@ pipeline {
       }
     }
 
+    // Allows for the promotion of images.
+    stage('Push images to internal registry') {
+      steps {
+        script {
+          infrapool.agentSh './publish.sh --internal'
+        }
+      }
+    }
+
     stage('Release') {
       when {
         expression {
@@ -144,6 +158,7 @@ pipeline {
                 If your assets are in target on the main Jenkins agent, use:
                   infrapool.agentPut(from: 'target/', to: assetDirectory)
             */
+            infrapool.agentSh './publish.sh --edge'
           }
         }
       }

data/build.sh

@@ -2,4 +2,22 @@
 
 set -eux
 
-docker build . --tag parse-a-changelog
+. build_utils.sh
+
+VERSION=unreleased
+# Version derived from CHANGELOG and automated release library
+[ -f VERSION ] && VERSION=$(<VERSION)
+FULL_VERSION_TAG="$VERSION-$(git_tag)"
+
+function main() {
+  retrieve_cyberark_ca_cert
+  build_docker_image
+}
+
+function build_docker_image() {
+  docker build . \
+    --tag parse-a-changelog:latest \
+    --tag "parse-a-changelog:${FULL_VERSION_TAG}"
+}
+
+main

data/build_utils.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+
+set -euo pipefail
+
+####
+# Functions to generate version numbers for this project
+####
+
+git_tag() {
+  git rev-parse --short HEAD
+}
+
+# generate less specific versions, eg. given 1.2.3 will print 1.2 and 1
+# (note: the argument itself is not printed, append it explicitly if needed)
+gen_versions() {
+  local version=$1
+  while [[ $version = *.* ]]; do
+    version=${version%.*}
+    echo $version
+  done
+}
+
+function tag_and_push() {
+  local source="$1"
+  shift
+  local target="$1"
+  shift
+
+  docker tag "${source}" "${target}"
+  docker push "${target}"
+}
+
+function retrieve_cyberark_ca_cert() {
+  # On CyberArk dev laptops, golang module dependencies are downloaded with a
+  # corporate proxy in the middle. For these connections to succeed we need to
+  # configure the proxy CA certificate in build containers.
+  #
+  # To allow this script to also work on non-CyberArk laptops where the CA
+  # certificate is not available, we update container certificates based on
+  # a (potentially empty) certificate directory, rather than relying on the
+  # CA file itself.
+  mkdir -p "$(repo_root)/build_ca_certificate"
+
+  # Only attempt to extract the certificate if the security
+  # command is available.
+  #
+  # The certificate file must have the .crt extension to be imported
+  # by `update-ca-certificates`.
+  if command -v security &> /dev/null
+  then
+    security find-certificate \
+      -a -c "CyberArk Root CA" \
+      -p > build_ca_certificate/cyberark_root.crt
+  fi
+}
+
+repo_root() {
+  git rev-parse --show-toplevel
+}

data/publish.sh

@@ -2,24 +2,126 @@
 
 set -e
 
-# This script will publish to rubygems and dockerhub
+# The following is used to:
+# Publish images on pre-release and tag as edge
+# Promote pre-releases to releases and tag as latest
 
-# Clone the release-tools repository if it doesn't exist
-if [ ! -d release-tools ]; then
-  git clone git@github.com:conjurinc/release-tools.git
+. build_utils.sh
+
+function print_help() {
+  echo "Build Usage: $0 --internal"
+  echo "Release Usage: $0 --edge"
+  echo "Promote Usage: $0 --promote --source <VERSION> --target <VERSION>"
+  echo " --internal: publish images to registry.tld"
+  echo " --edge: publish docker images to docker hub"
+  echo " --source <VERSION>: specify version number of local image"
+  echo " --target <VERSION>: specify version number of remote image"
+}
+
+# Fail if no arguments are given.
+if [[ $# -lt 1 ]]; then
+  print_help
+  exit 1
 fi
 
-export PATH=$PWD/release-tools/bin/:$PATH
+PUBLISH_INTERNAL=false
+PUBLISH_EDGE=false
+PROMOTE=false
 
-# Build and publish rubygem
-summon --yaml "RUBYGEMS_API_KEY: !var rubygems/api-key" \
-  publish-rubygem parse_a_changelog
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+  --internal)
+    PUBLISH_INTERNAL=true
+    ;;
+  --edge)
+    PUBLISH_EDGE=true
+    ;;
+  --promote)
+    PROMOTE=true
+    ;;
+  --source)
+    SOURCE_ARG="$2"
+    shift
+    ;;
+  --target)
+    TARGET_ARG="$2"
+    shift
+    ;;
+  --help)
+    print_help
+    exit 1
+    ;;
+  *)
+    echo "Unknown option: ${1}"
+    print_help
+    exit 1
+    ;;
+  esac
+  shift
+done
 
-# Publish to Docker Hub
-TAG_NAME=$1
-DOCKERHUB_IMAGE="cyberark/parse-a-changelog"
-docker tag parse-a-changelog "${DOCKERHUB_IMAGE}:latest"
-docker tag parse-a-changelog "${DOCKERHUB_IMAGE}:${TAG_NAME}"
+readonly IMAGE_NAME="parse-a-changelog"
+readonly REGISTRY='cyberark'
+readonly LOCAL_REGISTRY='registry.tld'
+# Version derived from CHANGLEOG and automated release library
+VERSION=$(<VERSION)
+readonly VERSION
+FULL_VERSION_TAG="$VERSION-$(git_tag)"
+readonly FULL_VERSION_TAG
 
-docker push "${DOCKERHUB_IMAGE}:latest"
-docker push "${DOCKERHUB_IMAGE}:${TAG_NAME}"
+if [[ ${PUBLISH_INTERNAL} = true ]]; then
+  echo "Publishing built images internally to registry.tld."
+  SOURCE_TAG=$FULL_VERSION_TAG
+  REMOTE_TAG=$VERSION
+
+  tag_and_push "${IMAGE_NAME}:${SOURCE_TAG}" "${LOCAL_REGISTRY}/${IMAGE_NAME}:${REMOTE_TAG}"
+fi
+
+if [[ ${PUBLISH_EDGE} = true ]]; then
+  echo "Performing edge release."
+  SOURCE_TAG=$FULL_VERSION_TAG
+  REMOTE_TAG=edge
+  readonly TAGS=(
+    "$VERSION"
+    "$REMOTE_TAG"
+  )
+
+  for tag in "${TAGS[@]}"; do
+    tag_and_push "$IMAGE_NAME:$SOURCE_TAG" "$REGISTRY/$IMAGE_NAME:$tag"
+  done
+fi
+
+if [[ ${PROMOTE} = true ]]; then
+  if [[ -z ${SOURCE_ARG:-} || -z ${TARGET_ARG:-} ]]; then
+    echo "When promoting, --source and --target flags are required."
+    print_help
+    exit 1
+  fi
+
+  # First publish the RubyGem
+  echo "Publishing RubyGem"
+  # Clone the release-tools repository if it doesn't exist
+  if [ ! -d release-tools ]; then
+    git clone git@github.com:conjurinc/release-tools.git
+  fi
+  export PATH=$PWD/release-tools/bin/:$PATH
+  # Build and publish rubygem
+  summon --yaml "RUBYGEMS_API_KEY: !var rubygems/api-key" \
+    publish-rubygem parse_a_changelog
+
+  # Update vars to utilize build_utils
+  SOURCE_TAG=$SOURCE_ARG
+  REMOTE_TAG=$TARGET_ARG
+
+  echo "Promoting image to $REMOTE_TAG"
+  readonly TAGS=(
+    "$REMOTE_TAG"
+    "latest"
+  )
+
+  # Publish images to docker hub
+  for tag in "${TAGS[@]}" $(gen_versions "$REMOTE_TAG"); do
+    echo "Tagging and pushing $REGISTRY/$IMAGE_NAME:$tag"
+    tag_and_push "${LOCAL_REGISTRY}/$IMAGE_NAME:$SOURCE_TAG" "$REGISTRY/$IMAGE_NAME:$tag"
+  done
+fi

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: parse_a_changelog
 version: !ruby/object:Gem::Version
-  version: 1.3.2
+  version: 1.3.3
 platform: ruby
 authors:
 - John Tuttle
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-11-05 00:00:00.000000000 Z
+date: 2024-11-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: treetop
@@ -92,6 +92,7 @@ files:
 - SECURITY.md
 - bin/parse
 - build.sh
+- build_utils.sh
 - lib/grammar.tt
 - lib/parse_a_changelog.rb
 - parse_a_changelog.gemspec