Add alpine to test matrix and fix tests

7 years ago · 0cabcbc92a
parent 395664f495
commit 0cabcbc92a
11 changed files with 66 additions and 45 deletions
--- a/.Dockerfiles/alpine/latest/Dockerfile
+++ b/.Dockerfiles/alpine/latest/Dockerfile
@ -1,38 +1,29 @@
 FROM alpine:latest

-# - build tools are for: fig2dev which is needed by gnupg builds
-# - openssh is for scp
-# - tini is for PID 1
-# - changing alpine from 3.6 to 3.7 is for ansible 2.4,
-#   but need to install ansible 2.3 for dependencies first
-# - shellcheck is not in the apk repository (xz/tar needed for shellcheck)
-# - bundler/rspec is not found on kitchen verify (symlink needed)
-
 RUN apk add --no-cache --update \
-	curl net-tools \
-	openssh-server openssh \
-  sudo bash tini \
-  ansible git rsync xz \
-	gcc autoconf automake g++ libffi-dev tar libxpm-dev make \
-	autoconf automake imagemagick-dev texinfo gettext-dev libgcrypt-dev \
-	libgpg-error-dev libassuan-dev libksba-dev npth-dev libxfont-dev \
-	libwmf-dev libx11-dev libxt-dev libxext-dev libxml2-dev libexif-dev perl \
-	ruby-dev ruby-bundler \
- && ln -s /usr/bin/bundle /usr/local/bin/bundle \
- && ln -s /usr/bin/rspec /usr/local/bin/rspec \
- && sed -i -e 's/v3\.6/v3.7/g' /etc/apk/repositories \
- && apk add --update-cache --upgrade ansible \
- && sed -i -e 's/v3\.7/v3.6/g' /etc/apk/repositories \
- && apk add --update-cache \
- && curl --silent -L -o shellcheck.tar.xz https://storage.googleapis.com/shellcheck/shellcheck-latest.linux.x86_64.tar.xz \
- && tar -vxf shellcheck.tar.xz \
- && mv shellcheck-latest/shellcheck /usr/local/bin/ \
- && sudo mkdir -p /usr/local/src/ \
- && git clone https://github.com/Distrotech/transfig.git && cd transfig \
- && make && make install \
- && cp -R /usr/X11R7/bin/fig2dev /usr/local/bin \
+	bash \
+	build-base \
+	coreutils \
+	curl \
+	findutils \
+	gcc \
+	libffi-dev \
+	musl-dev \
+	net-tools \
+	openrc \
+	openssh \
+	openssh-server \
+	openssh-sftp-server \
+	openssl-dev \
+	py-boto \
+	py2-pip \
+	python2-dev \
+	rsyslog \
+	sudo \
+	xz \
+ && pip install --upgrade pip \
 && if ! getent passwd <%= @username %>; then \
-      adduser -h /home/<%= @username %> -s /bin/bash <%= @username %>; \
+      adduser -h /home/<%= @username %> -s /bin/bash -D <%= @username %>; \
      passwd -d <%= @username %>; \
    fi \
 && echo "<%= @username %> ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \
@ -44,10 +35,10 @@ RUN apk add --no-cache --update \
 && chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys \
 && chmod 0600 /home/<%= @username %>/.ssh/authorized_keys \
 && sed -ri 's/^#?PubkeyAuthentication\s+.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config \
+ && sed -ri 's/^#?PasswordAuthentication\s+.*/PasswordAuthentication no/' /etc/ssh/sshd_config \
+ && sed -ri 's/^#?ChallengeResponseAuthentication\s+.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config \
 && sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \
 && echo "UseDNS=no" >> /etc/ssh/sshd_config \
- && ssh-keygen -A
+ && rc-update add sshd

 EXPOSE 22
-
-VOLUME [ "/sys/fs/cgroup" ]
--- a/.ci/integration/gnupg1/default.yml
+++ b/.ci/integration/gnupg1/default.yml
@ -18,6 +18,8 @@
          distribution: Fedora
        - name: gnupg1
          distribution: Debian
+        - name: gnupg1
+          distribution: Alpine

    - name: Check for gpg1 binary
      stat:
--- a/.ci/integration/gnupg1/serverspec/default_spec.rb
+++ b/.ci/integration/gnupg1/serverspec/default_spec.rb
@ -6,7 +6,7 @@ describe 'git-secret::test' do
    it { should be_installed }
  end

-  if host_inventory['platform'] == 'fedora'
+  if host_inventory['platform'] == 'fedora' || host_inventory['platform'] == 'redhat'
    describe command('find /tmp/git-secret/build -name "*.rpm"') do
      its(:stdout) { should match /git-secret.*rpm/ }
    end
@ -16,7 +16,7 @@ describe 'git-secret::test' do
    end
  else
    describe command('find /tmp/git-secret/build -name "*.deb"') do
-      its(:stdout) { should match /git-secret.*deb/ }
+      its(:stdout) { should match(/git-secret.*deb/) }
    end
  end

@ -28,7 +28,7 @@ describe 'git-secret::test' do
    it { should exist }
  end

-  if host_inventory['platform'] == 'fedora'
+  if host_inventory['platform'] == 'fedora' || host_inventory['platform'] == 'redhat'
    describe command('rpm --query --info git-secret') do
      its(:exit_status) { should eq 0 }
    end
--- a/.ci/integration/gnupg2/default.yml
+++ b/.ci/integration/gnupg2/default.yml
@ -20,6 +20,8 @@
          distribution: Ubuntu
        - name: gnupg
          distribution: Debian
+        - name: gnupg
+          distribution: Alpine

    - name: Check for gpg2 binary
      stat:
--- a/.ci/integration/tasks/dependencies.yml
+++ b/.ci/integration/tasks/dependencies.yml
@ -29,7 +29,7 @@
    dest: /tmp/shellcheck.tar.xz

 - name: Install ShellCheck
-  command: tar xvf /tmp/shellcheck.tar.xz -C /usr/bin --strip-components=1 --wildcards "*shellcheck"
+  command: tar xvf /tmp/shellcheck.tar.xz -C /usr/bin --strip-components=1
  args:
    warn: no
    creates: /usr/bin/shellcheck
--- a/.ci/integration/tasks/run-tests.yml
+++ b/.ci/integration/tasks/run-tests.yml
@ -42,6 +42,8 @@
  register: test_results
  environment:
    PATH: /usr/local/bin:{{ ansible_env.PATH }}
+  when:
+    ansible_distribution != "Alpine"

 - name: Find git-secret {{ os_pkg_type }} file
  find:
@ -49,14 +51,19 @@
    patterns: "*.{{ os_pkg_type }}"
    recurse: yes
  register: pkg_location
+  when:
+    ansible_distribution != "Alpine"

 - name: Set git-secret {{ os_pkg_type }} location
  set_fact:
    pkg_path: "{{ pkg_location.files | map(attribute='path') | first }}"
+  when:
+    ansible_distribution != "Alpine"

 - name: Install git-secret {{ os_pkg_type }} package
  command: bash -lc "{{ item.command }} {{ pkg_path }}"
  when:
+    - ansible_distribution != "Alpine"
    - item.os_family == ansible_os_family
  with_items:
    - command: "rpm --nodeps --install --force"
--- a/.ci/integration/vars/Alpine.yml
+++ b/.ci/integration/vars/Alpine.yml
@ -0,0 +1,10 @@
+---
+test_dependencies:
+  - gawk
+  - git
+  - make
+  - man
+  - procps
+  - rsync
+  - ruby
+  - ruby-dev
--- a/.kitchen.yml
+++ b/.kitchen.yml
@ -111,6 +111,18 @@ platforms:
        tmpfs:
        - /run

+  - name: alpine-latest
+    driver_config:
+      run_command: /sbin/init
+      dockerfile: .Dockerfiles/alpine/latest/Dockerfile
+      platform: alpine
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup:ro
+        - <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container
+      run_options:
+        tmpfs:
+        - /run
+
 verifier:
  name: serverspec
  sudo_path: true
@ -122,16 +134,12 @@ suites:
    verifier:
      patterns:
        - roles/git-secret/.ci/integration/gnupg1/serverspec/*_spec.rb
-      bundler_path: '/usr/local/bin'
-      rspec_path: '/usr/local/bin'
    excludes:
      - centos-latest
  - name: gnupg2
    verifier:
      patterns:
        - roles/git-secret/.ci/integration/gnupg2/serverspec/*_spec.rb
-      bundler_path: '/usr/local/bin'
-      rspec_path: '/usr/local/bin'
    excludes:
      - ubuntu-latest
  - name: gnupg-git
@ -143,3 +151,4 @@ suites:
    excludes:
      - ubuntu-latest
      - centos-latest
+      - alpine-latest
--- a/tests/test_reveal.bats
+++ b/tests/test_reveal.bats
@ -38,7 +38,7 @@ function teardown {
  [ "$status" -eq 0 ]
  [ -f "$FILE_TO_HIDE" ]

-  cmp --silent "$FILE_TO_HIDE" "${FILE_TO_HIDE}2"
+  cmp -s "$FILE_TO_HIDE" "${FILE_TO_HIDE}2"

  rm "${FILE_TO_HIDE}2"
 }
--- a/tests/test_reveal_filename.bats
+++ b/tests/test_reveal_filename.bats
@ -45,7 +45,7 @@ function teardown {
  [ "$status" -eq 0 ]
  [ -f "$FILE_TO_HIDE" ]

-  cmp --silent "$FILE_TO_HIDE" "${FILE_TO_HIDE}2"
+  cmp -s "$FILE_TO_HIDE" "${FILE_TO_HIDE}2"

  rm "${FILE_TO_HIDE}2"
 }