Add alpine to test matrix and fix tests

.Dockerfiles/alpine/latest/Dockerfile

@@ -1,38 +1,29 @@
 FROM alpine:latest
 
-# - build tools are for: fig2dev which is needed by gnupg builds
-# - openssh is for scp
-# - tini is for PID 1
-# - changing alpine from 3.6 to 3.7 is for ansible 2.4,
-#   but need to install ansible 2.3 for dependencies first
-# - shellcheck is not in the apk repository (xz/tar needed for shellcheck)
-# - bundler/rspec is not found on kitchen verify (symlink needed)
-
 RUN apk add --no-cache --update \
-	curl net-tools \
+	bash \
-	openssh-server openssh \
+	build-base \
-  sudo bash tini \
+	coreutils \
-  ansible git rsync xz \
+	curl \
-	gcc autoconf automake g++ libffi-dev tar libxpm-dev make \
+	findutils \
-	autoconf automake imagemagick-dev texinfo gettext-dev libgcrypt-dev \
+	gcc \
-	libgpg-error-dev libassuan-dev libksba-dev npth-dev libxfont-dev \
+	libffi-dev \
-	libwmf-dev libx11-dev libxt-dev libxext-dev libxml2-dev libexif-dev perl \
+	musl-dev \
-	ruby-dev ruby-bundler \
+	net-tools \
- && ln -s /usr/bin/bundle /usr/local/bin/bundle \
+	openrc \
- && ln -s /usr/bin/rspec /usr/local/bin/rspec \
+	openssh \
- && sed -i -e 's/v3\.6/v3.7/g' /etc/apk/repositories \
+	openssh-server \
- && apk add --update-cache --upgrade ansible \
+	openssh-sftp-server \
- && sed -i -e 's/v3\.7/v3.6/g' /etc/apk/repositories \
+	openssl-dev \
- && apk add --update-cache \
+	py-boto \
- && curl --silent -L -o shellcheck.tar.xz https://storage.googleapis.com/shellcheck/shellcheck-latest.linux.x86_64.tar.xz \
+	py2-pip \
- && tar -vxf shellcheck.tar.xz \
+	python2-dev \
- && mv shellcheck-latest/shellcheck /usr/local/bin/ \
+	rsyslog \
- && sudo mkdir -p /usr/local/src/ \
+	sudo \
- && git clone https://github.com/Distrotech/transfig.git && cd transfig \
+	xz \
- && make && make install \
+ && pip install --upgrade pip \
- && cp -R /usr/X11R7/bin/fig2dev /usr/local/bin \
  && if ! getent passwd <%= @username %>; then \
-      adduser -h /home/<%= @username %> -s /bin/bash <%= @username %>; \
+      adduser -h /home/<%= @username %> -s /bin/bash -D <%= @username %>; \
       passwd -d <%= @username %>; \
     fi \
  && echo "<%= @username %> ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \
@@ -44,10 +35,10 @@ RUN apk add --no-cache --update \
  && chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys \
  && chmod 0600 /home/<%= @username %>/.ssh/authorized_keys \
  && sed -ri 's/^#?PubkeyAuthentication\s+.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config \
+ && sed -ri 's/^#?PasswordAuthentication\s+.*/PasswordAuthentication no/' /etc/ssh/sshd_config \
+ && sed -ri 's/^#?ChallengeResponseAuthentication\s+.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config \
  && sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \
  && echo "UseDNS=no" >> /etc/ssh/sshd_config \
- && ssh-keygen -A
+ && rc-update add sshd
 
 EXPOSE 22
-
-VOLUME [ "/sys/fs/cgroup" ]

.ci/integration/gnupg1/default.yml

@@ -18,6 +18,8 @@
           distribution: Fedora
         - name: gnupg1
           distribution: Debian
+        - name: gnupg1
+          distribution: Alpine
 
     - name: Check for gpg1 binary
       stat:

.ci/integration/gnupg1/serverspec/default_spec.rb

@@ -6,7 +6,7 @@ describe 'git-secret::test' do
     it { should be_installed }
   end
 
-  if host_inventory['platform'] == 'fedora'
+  if host_inventory['platform'] == 'fedora' || host_inventory['platform'] == 'redhat'
     describe command('find /tmp/git-secret/build -name "*.rpm"') do
       its(:stdout) { should match /git-secret.*rpm/ }
     end
@@ -16,7 +16,7 @@ describe 'git-secret::test' do
     end
   else
     describe command('find /tmp/git-secret/build -name "*.deb"') do
-      its(:stdout) { should match /git-secret.*deb/ }
+      its(:stdout) { should match(/git-secret.*deb/) }
     end
   end
 
@@ -28,7 +28,7 @@ describe 'git-secret::test' do
     it { should exist }
   end
 
-  if host_inventory['platform'] == 'fedora'
+  if host_inventory['platform'] == 'fedora' || host_inventory['platform'] == 'redhat'
     describe command('rpm --query --info git-secret') do
       its(:exit_status) { should eq 0 }
     end

.ci/integration/gnupg2/default.yml

@@ -20,6 +20,8 @@
           distribution: Ubuntu
         - name: gnupg
           distribution: Debian
+        - name: gnupg
+          distribution: Alpine
 
     - name: Check for gpg2 binary
       stat:

.ci/integration/gnupg2/serverspec/default_spec.rb

@@ -3,7 +3,7 @@ require_relative './spec_helper'
 describe 'git-secret::test' do
 
   describe package('git-secret') do
-    it { should be_installed }
+      it { should be_installed }
   end
 
   if host_inventory['platform'] == 'fedora' || host_inventory['platform'] == 'redhat'

.ci/integration/tasks/dependencies.yml

@@ -29,7 +29,7 @@
     dest: /tmp/shellcheck.tar.xz
 
 - name: Install ShellCheck
-  command: tar xvf /tmp/shellcheck.tar.xz -C /usr/bin --strip-components=1 --wildcards "*shellcheck"
+  command: tar xvf /tmp/shellcheck.tar.xz -C /usr/bin --strip-components=1
   args:
     warn: no
     creates: /usr/bin/shellcheck

.ci/integration/tasks/run-tests.yml

@@ -42,6 +42,8 @@
   register: test_results
   environment:
     PATH: /usr/local/bin:{{ ansible_env.PATH }}
+  when:
+    ansible_distribution != "Alpine"
 
 - name: Find git-secret {{ os_pkg_type }} file
   find:
@@ -49,14 +51,19 @@
     patterns: "*.{{ os_pkg_type }}"
     recurse: yes
   register: pkg_location
+  when:
+    ansible_distribution != "Alpine"
 
 - name: Set git-secret {{ os_pkg_type }} location
   set_fact:
     pkg_path: "{{ pkg_location.files | map(attribute='path') | first }}"
+  when:
+    ansible_distribution != "Alpine"
 
 - name: Install git-secret {{ os_pkg_type }} package
   command: bash -lc "{{ item.command }} {{ pkg_path }}"
   when:
+    - ansible_distribution != "Alpine"
     - item.os_family == ansible_os_family
   with_items:
     - command: "rpm --nodeps --install --force"

.ci/integration/vars/Alpine.yml

@@ -0,0 +1,10 @@
+---
+test_dependencies:
+  - gawk
+  - git
+  - make
+  - man
+  - procps
+  - rsync
+  - ruby
+  - ruby-dev

.kitchen.yml

@@ -111,6 +111,18 @@ platforms:
         tmpfs:
         - /run
 
+  - name: alpine-latest
+    driver_config:
+      run_command: /sbin/init
+      dockerfile: .Dockerfiles/alpine/latest/Dockerfile
+      platform: alpine
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup:ro
+        - <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container
+      run_options:
+        tmpfs:
+        - /run
+
 verifier:
   name: serverspec
   sudo_path: true
@@ -122,16 +134,12 @@ suites:
     verifier:
       patterns:
         - roles/git-secret/.ci/integration/gnupg1/serverspec/*_spec.rb
-      bundler_path: '/usr/local/bin'
-      rspec_path: '/usr/local/bin'
     excludes:
       - centos-latest
   - name: gnupg2
     verifier:
       patterns:
         - roles/git-secret/.ci/integration/gnupg2/serverspec/*_spec.rb
-      bundler_path: '/usr/local/bin'
-      rspec_path: '/usr/local/bin'
     excludes:
       - ubuntu-latest
   - name: gnupg-git
@@ -143,3 +151,4 @@ suites:
     excludes:
       - ubuntu-latest
       - centos-latest
+      - alpine-latest

tests/test_reveal.bats

@@ -38,7 +38,7 @@ function teardown {
   [ "$status" -eq 0 ]
   [ -f "$FILE_TO_HIDE" ]
 
-  cmp --silent "$FILE_TO_HIDE" "${FILE_TO_HIDE}2"
+  cmp -s "$FILE_TO_HIDE" "${FILE_TO_HIDE}2"
 
   rm "${FILE_TO_HIDE}2"
 }

tests/test_reveal_filename.bats

@@ -45,7 +45,7 @@ function teardown {
   [ "$status" -eq 0 ]
   [ -f "$FILE_TO_HIDE" ]
 
-  cmp --silent "$FILE_TO_HIDE" "${FILE_TO_HIDE}2"
+  cmp -s "$FILE_TO_HIDE" "${FILE_TO_HIDE}2"
 
   rm "${FILE_TO_HIDE}2"
 }