parse_a_changelog 1.3.2 → 1.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +2 -0
  3. data/CHANGELOG.md +11 -1
  4. data/Dockerfile +4 -1
  5. data/Jenkinsfile +16 -1
  6. data/SECURITY.md +2 -38
  7. data/build.sh +19 -1
  8. data/build_utils.sh +59 -0
  9. data/publish.sh +117 -15
  10. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 594f7864c6c0796a0b7ca594e7a3ae300c40d95de69503965e344d59262ecc53
4
- data.tar.gz: 9ca6b5ccb862ee81fbb5eaec6b1b86b020ff7db0ec8bf7f527024936bc32d03b
3
+ metadata.gz: 385170da8c354b364628ebac03f40fc719f1ac6616689bbb8125e222def15044
4
+ data.tar.gz: 1c84465bdd1857700160d3c6f30b825a077339537a12387217e683e4f7c67cb8
5
5
  SHA512:
6
- metadata.gz: 5a184949c38c71e5519d66477c32b2235f2a0dc98eef5785658c419c07de1a8f17b026d7edab61d5b987a0aa31493330432d7f5bd449c09802f0ab37a3fc6b85
7
- data.tar.gz: effa83d57427feeab570a95166c7d7eb09274736b9d25021539ea0530081736a81bca0345b365fbba1ff6cfea13d18c14281a7e91930d77757b2309673c9ee13
6
+ metadata.gz: 66f11e4c08336c8842e3e978fe39bf742572c4686000d7770380f2af142415a1c1a911a898078298414f0ab4fa77e5ac310e2bf75b2e901dc87df88fc4dea975
7
+ data.tar.gz: a3080c71ecf4480f7f9dc98b1e0ee10229f00dfdc20807fec59c44eda902d2dae0919ad5ddff8ffe0bae72d5d65ed113453794bd78f392ecd22fe120f1fb1e5c
data/.gitignore CHANGED
@@ -1,2 +1,4 @@
1
1
  .bundle/
2
2
  rspec_junit.xml
3
+ # Temporary directory to store the CyberArk proxy CA certificate
4
+ build_ca_certificate/
data/CHANGELOG.md CHANGED
@@ -6,6 +6,14 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
6
6
 
7
7
  ## [Unreleased]
8
8
 
9
+ ## [1.3.4] - 2025-10-16
10
+ ### Changed
11
+ - Updated documentation to align with Conjur Enterprise name change to Secrets Manager. (CNJR-11000)
12
+
13
+ ## [1.3.3] - 2024-11-08
14
+ ### Changed
15
+ - Decrease Docker image size by using ruby:3-alpine base image (CNJR-5578)
16
+
9
17
  ## [1.3.2] - 2024-11-05
10
18
  ### Changed
11
19
  - Use internal auto release process (CNJR-5578)
@@ -90,7 +98,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
90
98
  - Open source license and contributing information
91
99
  - Change log and versioning information
92
100
 
93
- [Unreleased]: https://github.com/cyberark/parse-a-changelog/compare/v1.3.1...HEAD
101
+ [Unreleased]: https://github.com/cyberark/parse-a-changelog/compare/v1.3.4...HEAD
102
+ [1.3.4]: https://github.com/cyberark/parse-a-changelog/compare/v1.3.3...v1.3.4
103
+ [1.3.3]: https://github.com/cyberark/parse-a-changelog/compare/v1.3.2...v1.3.3
94
104
  [1.3.2]: https://github.com/cyberark/parse-a-changelog/compare/v1.3.0...v1.3.2
95
105
  [1.3.0]: https://github.com/cyberark/parse-a-changelog/compare/v1.2.0...v1.3.0
96
106
  [1.2.0]: https://github.com/cyberark/parse-a-changelog/compare/v1.1.0...v1.2.0
data/Dockerfile CHANGED
@@ -1,4 +1,7 @@
1
- FROM ruby:3
1
+ FROM ruby:3-alpine
2
+
3
+ # We use git in the Gemspec file
4
+ RUN apk update && apk add --no-cache git
2
5
 
3
6
  RUN gem install bundler --no-document
4
7
 
data/Jenkinsfile CHANGED
@@ -17,7 +17,12 @@ if (params.MODE == "PROMOTE") {
17
17
  // Any publishing of targetVersion artifacts occur here
18
18
  // Anything added to assetDirectory will be attached to the Github Release
19
19
 
20
- infrapool.agentSh "./publish.sh v${targetVersion}"
20
+ // Pull existing images from internal registry in order to promote
21
+ infrapool.agentSh """
22
+ docker pull registry.tld/parse-a-changelog:${sourceVersion}
23
+ # Promote source version to target version.
24
+ ./publish.sh --promote --source ${sourceVersion} --target ${targetVersion}
25
+ """
21
26
 
22
27
  // Ensure the working directory is a safe git directory for the subsequent
23
28
  // promotion operations after this block.
@@ -121,6 +126,15 @@ pipeline {
121
126
  }
122
127
  }
123
128
 
129
+ // Allows for the promotion of images.
130
+ stage('Push images to internal registry') {
131
+ steps {
132
+ script {
133
+ infrapool.agentSh './publish.sh --internal'
134
+ }
135
+ }
136
+ }
137
+
124
138
  stage('Release') {
125
139
  when {
126
140
  expression {
@@ -144,6 +158,7 @@ pipeline {
144
158
  If your assets are in target on the main Jenkins agent, use:
145
159
  infrapool.agentPut(from: 'target/', to: assetDirectory)
146
160
  */
161
+ infrapool.agentSh './publish.sh --edge'
147
162
  }
148
163
  }
149
164
  }
data/SECURITY.md CHANGED
@@ -1,42 +1,6 @@
1
1
  # Security Policies and Procedures
2
2
 
3
- This document outlines security procedures and general policies for the CyberArk Conjur
4
- suite of tools and products.
5
-
6
- * [Reporting a Bug](#reporting-a-bug)
7
- * [Disclosure Policy](#disclosure-policy)
8
- * [Comments on this Policy](#comments-on-this-policy)
9
-
10
3
  ## Reporting a Bug
4
+ CyberArk takes product security very seriously. If you believe you have found a vulnerability in one of our products, we ask that you follow responsible disclosure guidelines and contact product_security@cyberark.com and work with us toward a quick resolution to protect our customers.
11
5
 
12
- The CyberArk Conjur team and community take all security bugs in the Conjur suite seriously.
13
- Thank you for improving the security of the Conjur suite. We appreciate your efforts and
14
- responsible disclosure and will make every effort to acknowledge your
15
- contributions.
16
-
17
- Report security bugs by emailing the lead maintainers at security@conjur.org.
18
-
19
- The maintainers will acknowledge your email within 2 business days. Subsequently, we will
20
- send a more detailed response within 2 business days of our acknowledgement indicating
21
- the next steps in handling your report. After the initial reply to your report, the security
22
- team will endeavor to keep you informed of the progress towards a fix and full
23
- announcement, and may ask for additional information or guidance.
24
-
25
- Report security bugs in third-party modules to the person or team maintaining
26
- the module.
27
-
28
- ## Disclosure Policy
29
-
30
- When the security team receives a security bug report, they will assign it to a
31
- primary handler. This person will coordinate the fix and release process,
32
- involving the following steps:
33
-
34
- * Confirm the problem and determine the affected versions.
35
- * Audit code to find any potential similar problems.
36
- * Prepare fixes for all releases still under maintenance. These fixes will be
37
- released as fast as possible.
38
-
39
- ## Comments on this Policy
40
-
41
- If you have suggestions on how this process could be improved please submit a
42
- pull request.
6
+ Refer to [CyberArk's Security Vulnerability Policy](https://www.cyberark.com/cyberark-security-vulinerability-policy.pdf) for more details
data/build.sh CHANGED
@@ -2,4 +2,22 @@
2
2
 
3
3
  set -eux
4
4
 
5
- docker build . --tag parse-a-changelog
5
+ . build_utils.sh
6
+
7
+ VERSION=unreleased
8
+ # Version derived from CHANGELOG and automated release library
9
+ [ -f VERSION ] && VERSION=$(<VERSION)
10
+ FULL_VERSION_TAG="$VERSION-$(git_tag)"
11
+
12
+ function main() {
13
+ retrieve_cyberark_ca_cert
14
+ build_docker_image
15
+ }
16
+
17
+ function build_docker_image() {
18
+ docker build . \
19
+ --tag parse-a-changelog:latest \
20
+ --tag "parse-a-changelog:${FULL_VERSION_TAG}"
21
+ }
22
+
23
+ main
data/build_utils.sh ADDED
@@ -0,0 +1,59 @@
1
+ #!/bin/bash
2
+
3
+ set -euo pipefail
4
+
5
+ ####
6
+ # Functions to generate version numbers for this project
7
+ ####
8
+
9
+ git_tag() {
10
+ git rev-parse --short HEAD
11
+ }
12
+
13
+ # generate less specific versions, eg. given 1.2.3 will print 1.2 and 1
14
+ # (note: the argument itself is not printed, append it explicitly if needed)
15
+ gen_versions() {
16
+ local version=$1
17
+ while [[ $version = *.* ]]; do
18
+ version=${version%.*}
19
+ echo $version
20
+ done
21
+ }
22
+
23
+ function tag_and_push() {
24
+ local source="$1"
25
+ shift
26
+ local target="$1"
27
+ shift
28
+
29
+ docker tag "${source}" "${target}"
30
+ docker push "${target}"
31
+ }
32
+
33
+ function retrieve_cyberark_ca_cert() {
34
+ # On CyberArk dev laptops, golang module dependencies are downloaded with a
35
+ # corporate proxy in the middle. For these connections to succeed we need to
36
+ # configure the proxy CA certificate in build containers.
37
+ #
38
+ # To allow this script to also work on non-CyberArk laptops where the CA
39
+ # certificate is not available, we update container certificates based on
40
+ # a (potentially empty) certificate directory, rather than relying on the
41
+ # CA file itself.
42
+ mkdir -p "$(repo_root)/build_ca_certificate"
43
+
44
+ # Only attempt to extract the certificate if the security
45
+ # command is available.
46
+ #
47
+ # The certificate file must have the .crt extension to be imported
48
+ # by `update-ca-certificates`.
49
+ if command -v security &> /dev/null
50
+ then
51
+ security find-certificate \
52
+ -a -c "CyberArk Root CA" \
53
+ -p > build_ca_certificate/cyberark_root.crt
54
+ fi
55
+ }
56
+
57
+ repo_root() {
58
+ git rev-parse --show-toplevel
59
+ }
data/publish.sh CHANGED
@@ -2,24 +2,126 @@
2
2
 
3
3
  set -e
4
4
 
5
- # This script will publish to rubygems and dockerhub
5
+ # The following is used to:
6
+ # Publish images on pre-release and tag as edge
7
+ # Promote pre-releases to releases and tag as latest
6
8
 
7
- # Clone the release-tools repository if it doesn't exist
8
- if [ ! -d release-tools ]; then
9
- git clone git@github.com:conjurinc/release-tools.git
9
+ . build_utils.sh
10
+
11
+ function print_help() {
12
+ echo "Build Usage: $0 --internal"
13
+ echo "Release Usage: $0 --edge"
14
+ echo "Promote Usage: $0 --promote --source <VERSION> --target <VERSION>"
15
+ echo " --internal: publish images to registry.tld"
16
+ echo " --edge: publish docker images to docker hub"
17
+ echo " --source <VERSION>: specify version number of local image"
18
+ echo " --target <VERSION>: specify version number of remote image"
19
+ }
20
+
21
+ # Fail if no arguments are given.
22
+ if [[ $# -lt 1 ]]; then
23
+ print_help
24
+ exit 1
10
25
  fi
11
26
 
12
- export PATH=$PWD/release-tools/bin/:$PATH
27
+ PUBLISH_INTERNAL=false
28
+ PUBLISH_EDGE=false
29
+ PROMOTE=false
13
30
 
14
- # Build and publish rubygem
15
- summon --yaml "RUBYGEMS_API_KEY: !var rubygems/api-key" \
16
- publish-rubygem parse_a_changelog
31
+ while [[ $# -gt 0 ]]; do
32
+ case "$1" in
33
+ --internal)
34
+ PUBLISH_INTERNAL=true
35
+ ;;
36
+ --edge)
37
+ PUBLISH_EDGE=true
38
+ ;;
39
+ --promote)
40
+ PROMOTE=true
41
+ ;;
42
+ --source)
43
+ SOURCE_ARG="$2"
44
+ shift
45
+ ;;
46
+ --target)
47
+ TARGET_ARG="$2"
48
+ shift
49
+ ;;
50
+ --help)
51
+ print_help
52
+ exit 1
53
+ ;;
54
+ *)
55
+ echo "Unknown option: ${1}"
56
+ print_help
57
+ exit 1
58
+ ;;
59
+ esac
60
+ shift
61
+ done
17
62
 
18
- # Publish to Docker Hub
19
- TAG_NAME=$1
20
- DOCKERHUB_IMAGE="cyberark/parse-a-changelog"
21
- docker tag parse-a-changelog "${DOCKERHUB_IMAGE}:latest"
22
- docker tag parse-a-changelog "${DOCKERHUB_IMAGE}:${TAG_NAME}"
63
+ readonly IMAGE_NAME="parse-a-changelog"
64
+ readonly REGISTRY='cyberark'
65
+ readonly LOCAL_REGISTRY='registry.tld'
66
+ # Version derived from CHANGLEOG and automated release library
67
+ VERSION=$(<VERSION)
68
+ readonly VERSION
69
+ FULL_VERSION_TAG="$VERSION-$(git_tag)"
70
+ readonly FULL_VERSION_TAG
23
71
 
24
- docker push "${DOCKERHUB_IMAGE}:latest"
25
- docker push "${DOCKERHUB_IMAGE}:${TAG_NAME}"
72
+ if [[ ${PUBLISH_INTERNAL} = true ]]; then
73
+ echo "Publishing built images internally to registry.tld."
74
+ SOURCE_TAG=$FULL_VERSION_TAG
75
+ REMOTE_TAG=$VERSION
76
+
77
+ tag_and_push "${IMAGE_NAME}:${SOURCE_TAG}" "${LOCAL_REGISTRY}/${IMAGE_NAME}:${REMOTE_TAG}"
78
+ fi
79
+
80
+ if [[ ${PUBLISH_EDGE} = true ]]; then
81
+ echo "Performing edge release."
82
+ SOURCE_TAG=$FULL_VERSION_TAG
83
+ REMOTE_TAG=edge
84
+ readonly TAGS=(
85
+ "$VERSION"
86
+ "$REMOTE_TAG"
87
+ )
88
+
89
+ for tag in "${TAGS[@]}"; do
90
+ tag_and_push "$IMAGE_NAME:$SOURCE_TAG" "$REGISTRY/$IMAGE_NAME:$tag"
91
+ done
92
+ fi
93
+
94
+ if [[ ${PROMOTE} = true ]]; then
95
+ if [[ -z ${SOURCE_ARG:-} || -z ${TARGET_ARG:-} ]]; then
96
+ echo "When promoting, --source and --target flags are required."
97
+ print_help
98
+ exit 1
99
+ fi
100
+
101
+ # First publish the RubyGem
102
+ echo "Publishing RubyGem"
103
+ # Clone the release-tools repository if it doesn't exist
104
+ if [ ! -d release-tools ]; then
105
+ git clone git@github.com:conjurinc/release-tools.git
106
+ fi
107
+ export PATH=$PWD/release-tools/bin/:$PATH
108
+ # Build and publish rubygem
109
+ summon --yaml "RUBYGEMS_API_KEY: !var rubygems/api-key" \
110
+ publish-rubygem parse_a_changelog
111
+
112
+ # Update vars to utilize build_utils
113
+ SOURCE_TAG=$SOURCE_ARG
114
+ REMOTE_TAG=$TARGET_ARG
115
+
116
+ echo "Promoting image to $REMOTE_TAG"
117
+ readonly TAGS=(
118
+ "$REMOTE_TAG"
119
+ "latest"
120
+ )
121
+
122
+ # Publish images to docker hub
123
+ for tag in "${TAGS[@]}" $(gen_versions "$REMOTE_TAG"); do
124
+ echo "Tagging and pushing $REGISTRY/$IMAGE_NAME:$tag"
125
+ tag_and_push "${LOCAL_REGISTRY}/$IMAGE_NAME:$SOURCE_TAG" "$REGISTRY/$IMAGE_NAME:$tag"
126
+ done
127
+ fi
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: parse_a_changelog
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.2
4
+ version: 1.3.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - John Tuttle
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-11-05 00:00:00.000000000 Z
11
+ date: 2025-10-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: treetop
@@ -92,6 +92,7 @@ files:
92
92
  - SECURITY.md
93
93
  - bin/parse
94
94
  - build.sh
95
+ - build_utils.sh
95
96
  - lib/grammar.tt
96
97
  - lib/parse_a_changelog.rb
97
98
  - parse_a_changelog.gemspec