slosilo 0.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: c502ebb0a07b26d44dc5761d60efe6e0287031c7705fea7d6b41e9958b1c8280
+  data.tar.gz: e4b042d59298a7df94407881e319e35c62257ae705e9151b39f9664fd561f30e
+SHA512:
+  metadata.gz: c21146818734f623efc4c81e283627e72a85ac5265b5a48f68e100881de30877ea23380ecdc16b67597f65ef7831afa6f0acaf310396415d5b03f7603c74f2ef
+  data.tar.gz: 06311b28a0a5b35e021988c99881a13005cd5d6343f85ebeaa78805c7f91e51df1ca084254ebbd2c980be866572d31d237e46fa163a6bd16300cfd2789e02850

data/.github/CODEOWNERS

@@ -0,0 +1,10 @@
+* @cyberark/conjur-core-team @conjurinc/conjur-core-team @conjurdemos/conjur-core-team @conjur-enterprise/community-and-integrations
+
+# Changes to .trivyignore require Security Architect approval
+.trivyignore @cyberark/security-architects @conjurinc/security-architects @conjurdemos/security-architects @conjur-enterprise/conjur-security
+
+# Changes to .codeclimate.yml require Quality Architect approval
+.codeclimate.yml @cyberark/quality-architects @conjurinc/quality-architects @conjurdemos/quality-architects @conjur-enterprise/conjur-quality
+
+# Changes to SECURITY.md require Security Architect approval
+SECURITY.md @cyberark/security-architects @conjurinc/security-architects @conjurdemos/security-architects @conjur-enterprise/conjur-security

data/.gitignore

@@ -0,0 +1,21 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+.rvmrc
+.project
+.kateproject.d
+.idea

data/.gitleaks.toml

@@ -0,0 +1,221 @@
+title = "Secretless Broker gitleaks config"
+
+# This is the config file for gitleaks. You can configure gitleaks what to search for and what to whitelist.
+# If GITLEAKS_CONFIG environment variable
+# is set, gitleaks will load configurations from that path. If option --config-path is set, gitleaks will load
+# configurations from that path. Gitleaks does not whitelist anything by default.
+# - https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04B-3_Meli_paper.pdf
+# - https://github.com/dxa4481/truffleHogRegexes/blob/master/truffleHogRegexes/regexes.json
+[[rules]]
+description = "AWS Client ID"
+regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
+tags = ["key", "AWS"]
+
+[[rules]]
+description = "AWS Secret Key"
+regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]'''
+tags = ["key", "AWS"]
+
+[[rules]]
+description = "AWS MWS key"
+regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
+tags = ["key", "AWS", "MWS"]
+
+[[rules]]
+description = "PKCS8"
+regex = '''-----BEGIN PRIVATE KEY-----'''
+tags = ["key", "PKCS8"]
+
+[[rules]]
+description = "RSA"
+regex = '''-----BEGIN RSA PRIVATE KEY-----'''
+tags = ["key", "RSA"]
+
+[[rules]]
+description = "SSH"
+regex = '''-----BEGIN OPENSSH PRIVATE KEY-----'''
+tags = ["key", "SSH"]
+
+[[rules]]
+description = "PGP"
+regex = '''-----BEGIN PGP PRIVATE KEY BLOCK-----'''
+tags = ["key", "PGP"]
+
+[[rules]]
+description = "Facebook Secret Key"
+regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]'''
+tags = ["key", "Facebook"]
+
+[[rules]]
+description = "Facebook Client ID"
+regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]'''
+tags = ["key", "Facebook"]
+
+[[rules]]
+description = "Facebook access token"
+regex = '''EAACEdEose0cBA[0-9A-Za-z]+'''
+tags = ["key", "Facebook"]
+
+[[rules]]
+description = "Twitter Secret Key"
+regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}['\"]'''
+tags = ["key", "Twitter"]
+
+[[rules]]
+description = "Twitter Client ID"
+regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{18,25}['\"]'''
+tags = ["client", "Twitter"]
+
+[[rules]]
+description = "Github"
+regex = '''(?i)github(.{0,20})?(?-i)['\"][0-9a-zA-Z]{35,40}['\"]'''
+tags = ["key", "Github"]
+
+[[rules]]
+description = "LinkedIn Client ID"
+regex = '''(?i)linkedin(.{0,20})?(?-i)['\"][0-9a-z]{12}['\"]'''
+tags = ["client", "Twitter"]
+
+[[rules]]
+description = "LinkedIn Secret Key"
+regex = '''(?i)linkedin(.{0,20})?['\"][0-9a-z]{16}['\"]'''
+tags = ["secret", "Twitter"]
+
+[[rules]]
+description = "Slack"
+regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?'''
+tags = ["key", "Slack"]
+
+[[rules]]
+description = "EC"
+regex = '''-----BEGIN EC PRIVATE KEY-----'''
+tags = ["key", "EC"]
+
+[[rules]]
+description = "Generic API key"
+regex = '''(?i)(api_key|apikey)(.{0,20})?['|"][0-9a-zA-Z]{32,45}['|"]'''
+tags = ["key", "API", "generic"]
+
+[[rules]]
+description = "Generic Secret"
+regex = '''(?i)secret(.{0,20})?['|"][0-9a-zA-Z]{32,45}['|"]'''
+tags = ["key", "Secret", "generic"]
+
+[[rules]]
+description = "Google API key"
+regex = '''AIza[0-9A-Za-z\\-_]{35}'''
+tags = ["key", "Google"]
+
+[[rules]]
+description = "Google Cloud Platform API key"
+regex = '''(?i)(google|gcp|youtube|drive|yt)(.{0,20})?['\"][AIza[0-9a-z\\-_]{35}]['\"]'''
+tags = ["key", "Google", "GCP"]
+
+[[rules]]
+description = "Google OAuth"
+regex = '''(?i)(google|gcp|auth)(.{0,20})?['"][0-9]+-[0-9a-z_]{32}\.apps\.googleusercontent\.com['"]'''
+tags = ["key", "Google", "OAuth"]
+
+[[rules]]
+description = "Google OAuth access token"
+regex = '''ya29\.[0-9A-Za-z\-_]+'''
+tags = ["key", "Google", "OAuth"]
+
+[[rules]]
+description = "Heroku API key"
+regex = '''(?i)heroku(.{0,20})?['"][0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['"]'''
+tags = ["key", "Heroku"]
+
+[[rules]]
+description = "MailChimp API key"
+regex = '''(?i)(mailchimp|mc)(.{0,20})?['"][0-9a-f]{32}-us[0-9]{1,2}['"]'''
+tags = ["key", "Mailchimp"]
+
+[[rules]]
+description = "Mailgun API key"
+regex = '''(?i)(mailgun|mg)(.{0,20})?['"][0-9a-z]{32}['"]'''
+tags = ["key", "Mailgun"]
+
+[[rules]]
+description = "Password in URL"
+regex = '''[a-zA-Z]{3,10}:\/\/[^\/\s:@]{3,20}:[^\/\s:@]{3,20}@.{1,100}\/?.?'''
+tags = ["key", "URL", "generic"]
+
+[[rules]]
+description = "PayPal Braintree access token"
+regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'''
+tags = ["key", "Paypal"]
+
+[[rules]]
+description = "Picatic API key"
+regex = '''sk_live_[0-9a-z]{32}'''
+tags = ["key", "Picatic"]
+
+[[rules]]
+description = "Slack Webhook"
+regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}'''
+tags = ["key", "slack"]
+
+[[rules]]
+description = "Stripe API key"
+regex = '''(?i)stripe(.{0,20})?['\"][sk|rk]_live_[0-9a-zA-Z]{24}'''
+tags = ["key", "Stripe"]
+
+[[rules]]
+description = "Square access token"
+regex = '''sq0atp-[0-9A-Za-z\-_]{22}'''
+tags = ["key", "square"]
+
+[[rules]]
+description = "Square OAuth secret"
+regex = '''sq0csp-[0-9A-Za-z\\-_]{43}'''
+tags = ["key", "square"]
+
+[[rules]]
+description = "Twilio API key"
+regex = '''(?i)twilio(.{0,20})?['\"][0-9a-f]{32}['\"]'''
+tags = ["key", "twilio"]
+
+[whitelist]
+files = [
+  "(.*?)(jpg|gif|doc|pdf|bin)$",
+  ".gitleaks.toml"
+]
+regexes = [
+]
+commits = [
+  "3a496cef2d737f69038630f3c884a159f783bd06", # old commit to add test data
+  "047e58e40c87f9d19d68c21a533b706616ab1ef2", # old commit to add test data
+  "5345e49e7d63589fc637c2b0c7156bf97e9c72b8", # old commit to add test data
+  "9c31229cedceedd75e06c381fe7218571a03c26d" # old commit to add test data
+]
+
+# Additional Examples
+
+# [[rules]]
+# description = "Generic Key"
+# regex = '''(?i)key(.{0,6})?(:|=|=>|:=)'''
+# entropies = [
+#     "4.1-4.3",
+#     "5.5-6.3",
+# ]
+# entropyROI = "line"
+# filetypes = [".go", ".py", ".c"]
+# tags = ["key"]
+# severity = "8"
+#
+#
+# [[rules]]
+# description = "Generic Key"
+# regex = '''(?i)key(.{0,6})?(:|=|=>|:=)'''
+# entropies = ["4.1-4.3"]
+# filetypes = [".gee"]
+# entropyROI = "line"
+# tags = ["key"]
+# severity = "medium"
+
+# [[rules]]
+# description = "Any pem file"
+# filetypes = [".key"]
+# tags = ["pem"]
+# severity = "high"

data/.kateproject

@@ -0,0 +1,4 @@
+{
+  "name": "Slosilo"
+, "files": [ { "git": 1 } ]
+}

data/CHANGELOG.md

@@ -0,0 +1,50 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
+
+## [3.0.2] - 2023-11-14
+
+### Changed
+
+- Moved slosilo to Github Enterprise.
+- Updated to use Ruby 3+ and conjur-enterprise/release-tools' publish-rubygem.
+
+## [3.0.1] - 2023-02-10
+
+### Fixed
+
+- The symmetric cipher class now encrypts and decrypts in a thread-safe manner.
+   [cyberark/slosilo#31](https://github.com/cyberark/slosilo/pull/31)
+
+## [3.0.0] - 2022-02-01
+
+### Changed
+
+- Transition to Ruby 3. Consuming projects based on Ruby 2 shall use slosilo V2.X.X.
+
+## [2.2.2] - 2014-01-01
+
+## Added
+
+- Add rake task `slosilo:recalculate_fingerprints` which rehashes the fingerprints in the keystore.
+**Note**: After migrating the slosilo keystore, run the above rake task to ensure the fingerprints are correctly hashed.
+
+## [2.2.1] - 2014-01-01
+
+### Changed
+
+- Use SHA256 algorithm instead of MD5 for public key fingerprints.
+
+## [2.1.1] - 2014-01-01
+
+### Added
+
+- Add support for JWT-formatted tokens, with arbitrary expiration.
+
+## [2.0.1] - 2014-01-01
+
+### Fixed
+
+- Fixes a bug that occurs when signing tokens containing Unicode data

data/CONTRIBUTING.md

@@ -0,0 +1,16 @@
+# Contributing
+  
+For general contribution and community guidelines, please see the [community repo](https://github.com/cyberark/community).
+
+## Contributing Workflow
+
+1. [Fork the project](https://help.github.com/en/github/getting-started-with-github/fork-a-repo)
+2. [Clone your fork](https://help.github.com/en/github/creating-cloning-and-archiving-repositories/cloning-a-repository)
+3. Make local changes to your fork by editing files
+3. [Commit your changes](https://help.github.com/en/github/managing-files-in-a-repository/adding-a-file-to-a-repository-using-the-command-line)
+4. [Push your local changes to the remote server](https://help.github.com/en/github/using-git/pushing-commits-to-a-remote-repository)
+5. [Create new Pull Request](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request-from-a-fork)
+
+From here your pull request will be reviewed and once you've responded to all
+feedback it will be merged into the project. Congratulations, you're a
+contributor!

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in slosilo.gemspec
+gemspec

data/Jenkinsfile

@@ -0,0 +1,132 @@
+#!/usr/bin/env groovy
+@Library("product-pipelines-shared-library") _
+
+// Automated release, promotion and dependencies
+properties([
+  // Include the automated release parameters for the build
+  release.addParams(),
+  // Dependencies of the project that should trigger builds
+  dependencies([])
+])
+
+// Performs release promotion.  No other stages will be run
+if (params.MODE == "PROMOTE") {
+  release.promote(params.VERSION_TO_PROMOTE) { infrapool, sourceVersion, targetVersion, assetDirectory ->
+    // Any assets from sourceVersion Github release are available in assetDirectory
+    // Any version number updates from sourceVersion to targetVersion occur here
+    // Any publishing of targetVersion artifacts occur here
+    // Anything added to assetDirectory will be attached to the Github Release
+
+    //Note: assetDirectory is on the infrapool agent, not the local Jenkins agent.
+
+    // Publish container images to internal registry
+    //INFRAPOOL_EXECUTORV2_AGENT_0.agentSh "summon --yaml 'RUBYGEMS_API_KEY: !var rubygems/api-key' ${toolsDirectory}/bin/publish-rubygem slosilo"
+
+    INFRAPOOL_EXECUTORV2_AGENT_0.agentSh "./publish.sh"
+    
+    INFRAPOOL_EXECUTORV2_AGENT_0.agentSh "cp slosilo*.gem ${assetDirectory}"
+  }
+  release.copyEnterpriseRelease(params.VERSION_TO_PROMOTE)
+  return
+}
+
+pipeline {
+  agent { label 'conjur-enterprise-common-agent' }
+
+  triggers {
+    cron(getDailyCronString())
+  }
+
+  environment {
+    // Sets the MODE to the specified or autocalculated value as appropriate
+    MODE = release.canonicalizeMode()
+  }
+
+  options {
+    timestamps()
+    buildDiscarder(logRotator(daysToKeepStr: '30'))
+  }
+
+  stages {
+    stage('Get InfraPool Agent') {
+      steps {
+        script {
+          INFRAPOOL_EXECUTORV2_AGENT_0 = getInfraPoolAgent.connected(type: "ExecutorV2", quantity: 1, duration: 1)[0]
+          INFRAPOOL_EXECUTORV2_RHEL_EE_AGENT_0 = getInfraPoolAgent.connected(type: "ExecutorV2RHELEE", quantity: 1, duration: 1)[0]
+        }
+      }
+    }
+
+    // Generates a VERSION file based on the current build number and latest version in CHANGELOG.md
+    stage('Validate Changelog and set version') {
+      steps {
+        script {
+          updateVersion(INFRAPOOL_EXECUTORV2_AGENT_0, "CHANGELOG.md", "${BUILD_NUMBER}")
+        }
+      }
+    }
+
+    stage('Test') {
+      parallel {
+        
+        stage('Run tests on EE') {
+          steps {
+            script {
+              INFRAPOOL_EXECUTORV2_RHEL_EE_AGENT_0.agentSh './test.sh'
+            }
+          }
+          post { always {
+            script {
+              INFRAPOOL_EXECUTORV2_RHEL_EE_AGENT_0.agentStash name: 'eeTestResults', includes: 'spec/reports/*.xml', allowEmpty:true
+            }
+          }}
+        }
+
+        stage('Run tests') {
+          steps {
+            script {
+              INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './test.sh'
+              INFRAPOOL_EXECUTORV2_AGENT_0.agentStash name: 'TestResults', includes: 'spec/coverage/*.xml', allowEmpty:true
+            }
+          }
+        }
+
+      }
+    }
+
+    stage('Release') {
+      when {
+        expression {
+          MODE == "RELEASE"
+        }
+      }
+
+      steps {
+        script {
+          release(INFRAPOOL_EXECUTORV2_AGENT_0) { billOfMaterialsDirectory, assetDirectory, toolsDirectory ->
+            // Publish release artifacts to all the appropriate locations
+            // Copy any artifacts to assetDirectory to attach them to the Github release
+
+            // Publish container images to internal registry
+            INFRAPOOL_EXECUTORV2_AGENT_0.agentSh "summon ${toolsDirectory}/bin/publish-rubygem slosilo"
+
+            INFRAPOOL_EXECUTORV2_AGENT_0.agentSh "cp slosilo*.gem ${assetDirectory}"
+          }
+        }
+      }
+    }
+  }
+
+  post {
+    always {
+      dir('ee-results'){
+        unstash 'eeTestResults'
+      }
+      unstash 'TestResults'
+      junit 'spec/reports/*.xml, ee-results/spec/reports/*.xml'
+      cobertura coberturaReportFile: 'spec/coverage/coverage.xml'
+      codacy action: 'reportCoverage', filePath: "spec/coverage/coverage.xml"
+      releaseInfraPoolAgent(".infrapool/release_agents")
+    }
+  }
+}

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2020 CyberArk Software Ltd. All rights reserved.
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,152 @@
+# Slosilo
+
+Slosilo is providing a ruby interface to some cryptographic primitives:
+- symmetric encryption,
+- a mixin for easy encryption of object attributes,
+- asymmetric encryption and signing,
+- a keystore in a postgres sequel db -- it allows easy storage and retrieval of keys,
+- a keystore in files.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'slosilo'
+
+And then execute:
+
+    $ bundle
+
+## Compatibility
+
+Version 3.0 introduced full transition to Ruby 3.
+Consumers who use slosilo in Ruby 2 projects, shall use slosilo V2.X.X.
+
+Version 2.0 introduced new symmetric encryption scheme using AES-256-GCM
+for authenticated encryption. It allows you to provide AAD on all symmetric
+encryption primitives. It's also **NOT COMPATIBLE** with CBC used in version <2.
+
+This means you'll have to migrate all your existing data. There's no easy way to
+do this currently provided; it's recommended to create a database migration and
+put relevant code fragments in it directly. (This will also have the benefit of making
+the migration self-contained.)
+
+Since symmetric encryption is used in processing asymetrically encrypted messages,
+this incompatibility extends to those too.
+
+## Usage
+
+### Symmetric encryption
+
+```ruby
+sym = Slosilo::Symmetric.new
+key = sym.random_key
+# additional authenticated data
+message_id = "message 001"
+ciphertext = sym.encrypt "secret message", key: key, aad: message_id
+```
+
+```ruby
+sym = Slosilo::Symmetric.new
+message = sym.decrypt ciphertext, key: key, aad: message_id
+```
+
+### Encryption mixin
+
+```ruby
+require 'slosilo'
+
+class Foo
+  attr_accessor :foo
+  attr_encrypted :foo, aad: :id
+
+  def raw_foo
+    @foo
+  end
+
+  def id
+    "unique record id"
+  end
+end
+
+Slosilo::encryption_key = Slosilo::Symmetric.new.random_key
+
+obj = Foo.new
+obj.foo = "bar"
+obj.raw_foo # => "\xC4\xEF\x87\xD3b\xEA\x12\xDF\xD0\xD4hk\xEDJ\v\x1Cr\xF2#\xA3\x11\xA4*k\xB7\x8F\x8F\xC2\xBD\xBB\xFF\xE3"
+obj.foo # => "bar"
+```
+
+You can safely use it in ie. ActiveRecord::Base or Sequel::Model subclasses.
+
+### Asymmetric encryption and signing
+
+```ruby
+private_key = Slosilo::Key.new
+public_key = private_key.public
+```
+
+#### Key dumping
+```ruby
+k = public_key.to_s # => "-----BEGIN PUBLIC KEY----- ...
+(Slosilo::Key.new k) == public_key # => true
+```
+
+#### Encryption
+
+```ruby
+encrypted = public_key.encrypt_message "eagle one sees many clouds"
+# => "\xA3\x1A\xD2\xFC\xB0 ...
+
+public_key.decrypt_message encrypted
+# => OpenSSL::PKey::RSAError: private key needed.
+
+private_key.decrypt_message encrypted
+# => "eagle one sees many clouds"
+```
+
+#### Signing
+
+```ruby
+token = private_key.signed_token "missile launch not authorized"
+# => {"data"=>"missile launch not authorized", "timestamp"=>"2014-10-13 12:41:25 UTC", "signature"=>"bSImk...DzV3o", "key"=>"455f7ac42d2d483f750b4c380761821d"}
+
+public_key.token_valid? token # => true
+
+token["data"] = "missile launch authorized"
+public_key.token_valid? token # => false
+```
+
+### Keystore
+
+```ruby
+Slosilo::encryption_key = ENV['SLOSILO_KEY']
+Slosilo.adapter = Slosilo::Adapters::FileAdapter.new "~/.keys"
+
+Slosilo[:own] = Slosilo::Key.new
+Slosilo[:their] = Slosilo::Key.new File.read("foo.pem")
+
+msg = Slosilo[:their].encrypt_message 'bar'
+p Slosilo[:own].signed_token msg
+```
+
+### Keystore in database
+
+Add a migration to create the necessary table:
+
+    require 'slosilo/adapters/sequel_adapter/migration'
+
+Remember to migrate your database
+
+    $ rake db:migrate
+
+Then
+```ruby
+Slosilo.adapter = Slosilo::Adapters::SequelAdapter.new
+```
+
+## Contributing
+
+We welcome contributions of all kinds to this repository. For instructions on
+how to get started and descriptions of our development workflows, please see our
+[contributing guide](CONTRIBUTING.md).

data/Rakefile

@@ -0,0 +1,17 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+
+begin
+  require 'rspec/core/rake_task'
+  RSpec::Core::RakeTask.new(:spec)
+rescue LoadError
+  $stderr.puts "RSpec Rake tasks not available in environment #{ENV['RACK_ENV']}"
+end
+
+task :jenkins do
+  require 'ci/reporter/rake/rspec'
+  Rake::Task["ci:setup:rspec"].invoke
+  Rake::Task["spec"].invoke
+end
+
+task :default => :spec