Adds release-ci script to test installation (#664)

* Adds release-ci script to test installation * Fixes CI * Fixes CI * Renames some variables to follow the same SECRETS_ convention
3 years ago · 19941f91f4
parent fcf25ff546
commit 19941f91f4
54 changed files with 253 additions and 129 deletions
--- a/.ci/release-ci/centos/Dockerfile
+++ b/.ci/release-ci/centos/Dockerfile
@ -0,0 +1,15 @@
+FROM centos:8
+
+LABEL maintainer="mail@sobolevn.me"
+LABEL vendor="git-secret team"
+
+RUN dnf -y update \
+  && dnf install -y \
+    # Required for our install script:
+    wget \
+    sudo \
+  && dnf clean all \
+  && rm -rf /var/cache/yum \
+  && adduser --password='' nonroot \
+  && echo 'nonroot ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+USER nonroot
--- a/.ci/release-ci/debian/Dockerfile
+++ b/.ci/release-ci/debian/Dockerfile
@ -0,0 +1,23 @@
+FROM debian:10.9-slim
+
+LABEL maintainer="mail@sobolevn.me"
+LABEL vendor="git-secret team"
+
+ENV DEBIAN_FRONTEND='noninteractive'
+
+RUN apt-get update \
+  && apt-get install --no-install-recommends -y \
+    # Required to work with https-based repos and custom signed packages:
+    apt-transport-https \
+    ca-certificates \
+    # Required for our install script:
+    gnupg \
+    sudo \
+    wget \
+  # Cleaning cache:
+  && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
+  && apt-get clean -y && rm -rf /var/lib/apt/lists/* \
+  && adduser --disabled-password nonroot \
+  && adduser nonroot sudo \
+  && echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+USER nonroot
--- a/.ci/release-ci/fedora/Dockerfile
+++ b/.ci/release-ci/fedora/Dockerfile
@ -0,0 +1,15 @@
+FROM fedora:34
+
+LABEL maintainer="mail@sobolevn.me"
+LABEL vendor="git-secret team"
+
+RUN dnf -y update \
+  && dnf install -y \
+    # Required for our install script:
+    wget \
+    sudo \
+  && dnf clean all \
+  && rm -rf /var/cache/yum \
+  && adduser --password='' nonroot \
+  && echo 'nonroot ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+USER nonroot
--- a/.ci/release-ci/ubuntu/Dockerfile
+++ b/.ci/release-ci/ubuntu/Dockerfile
@ -0,0 +1,23 @@
+FROM debian:10.9-slim
+
+LABEL maintainer="mail@sobolevn.me"
+LABEL vendor="git-secret team"
+
+ENV DEBIAN_FRONTEND='noninteractive'
+
+RUN apt-get update \
+  && apt-get install --no-install-recommends -y \
+    # Required to work with https-based repos and custom signed packages:
+    apt-transport-https \
+    ca-certificates \
+    # Required for our install script:
+    gnupg \
+    sudo \
+    wget \
+  # Cleaning cache:
+  && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
+  && apt-get clean -y && rm -rf /var/lib/apt/lists/* \
+  && adduser --disabled-password nonroot \
+  && adduser nonroot sudo \
+  && echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+USER nonroot
--- a/.ci/releaser/alpine/Dockerfile
+++ b/.ci/releaser/alpine/Dockerfile
@ -3,10 +3,12 @@

 # TODO: Move to native image
 # see: https://github.com/jordansissel/fpm/issues/1782
+# Or we can switch to
+# https://github.com/goreleaser/nfpm
 FROM alpine:3.13

 ENV CODE_DIR='/code'
-ENV SECRET_PROJECT_ROOT="$CODE_DIR"
+ENV SECRETS_PROJECT_ROOT="$CODE_DIR"

 RUN apk add --no-cache --update \
  # fpm deps:
--- a/.github/workflows/misspell.yml
+++ b/.github/workflows/misspell.yml
@ -1,20 +0,0 @@
-name: misspell
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: '0 0 * * *'
-
-jobs:
-  build:
-
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v2
-    - uses: sobolevn/misspell-fixer-action@0.1.0
-    - uses: peter-evans/create-pull-request@v3
-      with:
-        token: ${{ secrets.GITHUB_TOKEN }}
-        commit-message: 'Fixes by misspell-fixer'
-        title: 'Typos fix by misspell-fixer'
--- a/.github/workflows/release-ci.yml
+++ b/.github/workflows/release-ci.yml
@ -0,0 +1,25 @@
+name: installation-
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    matrix:
+      include:
+        - release-type: deb
+          release-env: [debian, ubuntu]
+        - release-type: rpm
+          release-env: [centos, fedora]
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Run checks
+      run: |
+        SECRETS_RELEASE_ENV="${{ matrix.release-env }}" \
+        SECRETS_RELEASE_TYPE="${{ matrix.release-type }}" \
+        make release-ci
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -19,7 +19,7 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        docker-based-test:
+        docker-env:
          - debian-gnupg1  # We need to test legacy version of gnupg
          - debian-gnupg2
          - ubuntu
@ -29,7 +29,7 @@ jobs:
    steps:
    - uses: actions/checkout@v2
    - name: Run checks
-      run: GITSECRET_DOCKER_ENV="${{ matrix.docker-based-test }}" make docker-ci
+      run: SECRETS_DOCKER_ENV="${{ matrix.docker-env }}" make docker-ci

  osx-ci:
    runs-on: macos-latest
--- a/43
+++ b/43
@ -37,26 +37,26 @@ uninstall:
 # Using a sub-shell we get the raw *nix paths, e.g. /c/Something
 .PHONY: test
 test: clean build
-	export SECRET_PROJECT_ROOT="$(shell echo $${PWD})"; \
+	export SECRETS_PROJECT_ROOT="$(shell echo $${PWD})"; \
 	export PATH="$(shell echo $${PWD})/vendor/bats-core/bin:$(shell echo $${PWD}):$(shell echo $${PATH})"; \
 	${SHELL} ./utils/tests.sh

 # We use this script in CI and you can do this too!
 # What happens here?
-# 1. We pass `GITSECRET_DOCKER_ENV` variable into this job
+# 1. We pass `SECRETS_DOCKER_ENV` variable into this job
 # 2. Based on it, we select a proper `docker` image to run test on
 # 3. We execute `make test` inside the `docker` container
 .PHONY: docker-ci
 docker-ci: clean
-	@[ -z "${GITSECRET_DOCKER_ENV}" ] \
-		&& echo 'GITSECRET_DOCKER_ENV is unset' && exit 1 || true
+	@[ -z "${SECRETS_DOCKER_ENV}" ] \
+		&& echo 'SECRETS_DOCKER_ENV is unset' && exit 1 || true
 	docker build \
-		-f ".ci/docker-ci/$${GITSECRET_DOCKER_ENV}/Dockerfile" \
-		-t "gitsecret-$${GITSECRET_DOCKER_ENV}:latest" .
+		-f ".ci/docker-ci/$${SECRETS_DOCKER_ENV}/Dockerfile" \
+		-t "gitsecret-$${SECRETS_DOCKER_ENV}:latest" .
 	docker run --rm \
 		--volume="$${PWD}:/code" \
 		-w /code \
-		"gitsecret-$${GITSECRET_DOCKER_ENV}" \
+		"gitsecret-$${SECRETS_DOCKER_ENV}" \
 		make test

 .PHONY: lint-shell
@ -122,22 +122,37 @@ docs: build-docs
 # Packaging:
 #

-.PHONY: release-build
-release-build: clean build
-	@[ -z "${GITSECRET_RELEASE_TYPE}" ] \
-		&& echo 'GITSECRET_RELEASE_TYPE is unset' && exit 1 || true
+.PHONY: build-release
+build-release: clean build
+	@[ -z "${SECRETS_RELEASE_TYPE}" ] \
+		&& echo 'SECRETS_RELEASE_TYPE is unset' && exit 1 || true
 	docker build \
 		-f ".ci/releaser/alpine/Dockerfile" \
 		-t "gitsecret-releaser:latest" .
 	docker run \
 		--volume="$${PWD}:/code" \
 		--rm gitsecret-releaser \
-		bash "./utils/$${GITSECRET_RELEASE_TYPE}/build.sh"
+		bash "./utils/$${SECRETS_RELEASE_TYPE}/build.sh"

 .PHONY: release
-release: release-build
+release: build-release
 	docker run \
 		--volume="$${PWD}:/code" \
 		-e SECRETS_ARTIFACTORY_CREDENTIALS \
 		--rm gitsecret-releaser \
-		bash "./utils/$${GITSECRET_RELEASE_TYPE}/deploy.sh"
+		bash "./utils/$${SECRETS_RELEASE_TYPE}/deploy.sh"
+
+.PHONY: release-ci
+release-ci:
+	@[ -z "${SECRETS_RELEASE_ENV}" ] \
+		&& echo 'SECRETS_RELEASE_ENV is unset' && exit 1 || true
+	@[ -z "${SECRETS_RELEASE_TYPE}" ] \
+		&& echo 'SECRETS_RELEASE_TYPE is unset' && exit 1 || true
+	docker build \
+		-f ".ci/release-ci/$${SECRETS_RELEASE_ENV}/Dockerfile" \
+		-t "gitsecret-release-$${SECRETS_RELEASE_ENV}:latest" .
+	docker run --rm \
+		--volume="$${PWD}:/code" \
+		-w /code \
+		"gitsecret-release-$${SECRETS_RELEASE_ENV}" \
+		bash -c "set -e; bash "./utils/$${SECRETS_RELEASE_TYPE}/install.sh""
--- a/docs/_includes/install-deb.sh
+++ b/docs/_includes/install-deb.sh
@ -0,0 +1,4 @@
+sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list"
+wget -qO - 'https://gitsecret.jfrog.io/artifactory/api/gpg/key/public' | sudo apt-key add -
+sudo apt-get update && sudo apt-get install -y git-secret
+git secret --version
--- a/docs/_includes/install-rpm.sh
+++ b/docs/_includes/install-rpm.sh
@ -0,0 +1,4 @@
+wget https://raw.githubusercontent.com/sobolevn/git-secret/master/utils/rpm/git-secret.repo -O git-secret-rpm.repo
+# Inspect what's inside! You can also enable `gpg` check on repo level.
+sudo mv git-secret-rpm.repo /etc/yum.repos.d/
+sudo yum install -y git-secret
--- a/docs/_posts/2021-05-05-git-secret-add.md
+++ b/docs/_posts/2021-05-05-git-secret-add.md
@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-add'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-add
 categories: command
 ---
--- a/docs/_posts/2021-05-05-git-secret-cat.md
+++ b/docs/_posts/2021-05-05-git-secret-cat.md
@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-cat'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-cat
 categories: command
 ---
--- a/docs/_posts/2021-05-05-git-secret-changes.md
+++ b/docs/_posts/2021-05-05-git-secret-changes.md
@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-changes'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-changes
 categories: command
 ---
--- a/docs/_posts/2021-05-05-git-secret-clean.md
+++ b/docs/_posts/2021-05-05-git-secret-clean.md
@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-clean'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-clean
 categories: command
 ---
--- a/docs/_posts/2021-05-05-git-secret-hide.md
+++ b/docs/_posts/2021-05-05-git-secret-hide.md
@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-hide'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-hide
 categories: command
 ---
--- a/docs/_posts/2021-05-05-git-secret-init.md
+++ b/docs/_posts/2021-05-05-git-secret-init.md
@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-init'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-init
 categories: command
 ---
--- a/docs/_posts/2021-05-05-git-secret-killperson.md
+++ b/docs/_posts/2021-05-05-git-secret-killperson.md
@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-killperson'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-killperson
 categories: command
 ---
--- a/docs/_posts/2021-05-05-git-secret-list.md
+++ b/docs/_posts/2021-05-05-git-secret-list.md
@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-list'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-list
 categories: command
 ---
--- a/docs/_posts/2021-05-05-git-secret-remove.md
+++ b/docs/_posts/2021-05-05-git-secret-remove.md
@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-remove'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-remove
 categories: command
 ---
--- a/docs/_posts/2021-05-05-git-secret-reveal.md
+++ b/docs/_posts/2021-05-05-git-secret-reveal.md
@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-reveal'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-reveal
 categories: command
 ---
--- a/docs/_posts/2021-05-05-git-secret-tell.md
+++ b/docs/_posts/2021-05-05-git-secret-tell.md
@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-tell'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-tell
 categories: command
 ---
--- a/docs/_posts/2021-05-05-git-secret-usage.md
+++ b/docs/_posts/2021-05-05-git-secret-usage.md
@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-usage'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-usage
 categories: command
 ---
--- a/docs/_posts/2021-05-05-git-secret-whoknows.md
+++ b/docs/_posts/2021-05-05-git-secret-whoknows.md
@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-whoknows'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-whoknows
 categories: command
 ---
--- a/docs/_posts/2021-05-05-git-secret.md
+++ b/docs/_posts/2021-05-05-git-secret.md
@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret
 categories: usage
 ---
--- a/docs/create_posts.sh
+++ b/docs/create_posts.sh
@ -58,5 +58,15 @@ categories: usage
  cat "$MAN7_LOCATION/git-secret.7.md" >> "$usage_filename"
 }

+
+function copy_install_scripts {
+  # We test these scripts using `release-ci`,
+  # so, installation instructions will always be up-to-date:
+  cp utils/deb/install.sh docs/_includes/install-deb.sh
+  cp utils/rpm/install.sh docs/_includes/install-rpm.sh
+}
+
+
 checkout_manuals
 copy_to_posts
+copy_install_scripts
--- a/docs/installation.md
+++ b/docs/installation.md
@ -38,10 +38,7 @@ You can find the `deb` repository [here](https://gitsecret.jfrog.io/artifactory/
 Pre-requirements: make sure you have installed `apt-transport-https` and `ca-certificates`

 ```bash
-sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list"
-wget -qO - https://gitsecret.jfrog.io/artifactory/api/gpg/key/public | sudo apt-key add -
-sudo apt-get update
-sudo apt-get install git-secret
+{% include install-deb.sh %}
 ```

 ---
@ -51,12 +48,11 @@ sudo apt-get install git-secret
 You can find the `rpm` repository [here](https://gitsecret.jfrog.io/artifactory/git-secret-rpm/).

 ```bash
-wget https://raw.githubusercontent.com/sobolevn/git-secret/master/utils/rpm/git-secret.repo -O git-secret-rpm.repo
-# Inspect what's inside! You can also enable `gpg` check on repo level.
-sudo mv git-secret-rpm.repo /etc/yum.repos.d/
-sudo yum install git-secret
+{% include install-rpm.sh %}
 ```

+---
+
 ### Arch Linux

 The _Arch_ way to install git-secret is to use the directions for
--- a/man/man1/git-secret-add.1
+++ b/man/man1/git-secret-add.1
@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-ADD" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-ADD" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-add\fR \- starts to track added files\.
--- a/man/man1/git-secret-cat.1
+++ b/man/man1/git-secret-cat.1
@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-CAT" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-CAT" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-cat\fR \- decrypts files passed on command line to stdout
--- a/man/man1/git-secret-changes.1
+++ b/man/man1/git-secret-changes.1
@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-CHANGES" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-CHANGES" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-changes\fR \- view diff of the hidden files\.
--- a/man/man1/git-secret-clean.1
+++ b/man/man1/git-secret-clean.1
@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-CLEAN" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-CLEAN" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-clean\fR \- removes all the hidden files\.
--- a/man/man1/git-secret-hide.1
+++ b/man/man1/git-secret-hide.1
@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-HIDE" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-HIDE" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-hide\fR \- encrypts all added files with the inner keyring\.
--- a/man/man1/git-secret-init.1
+++ b/man/man1/git-secret-init.1
@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-INIT" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-INIT" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-init\fR \- initializes git\-secret repository\.
--- a/man/man1/git-secret-killperson.1
+++ b/man/man1/git-secret-killperson.1
@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-KILLPERSON" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-KILLPERSON" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-killperson\fR \- deletes key identified by an email from the inner keyring\.
--- a/man/man1/git-secret-list.1
+++ b/man/man1/git-secret-list.1
@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-LIST" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-LIST" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-list\fR \- prints all the added files\.
--- a/man/man1/git-secret-remove.1
+++ b/man/man1/git-secret-remove.1
@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-REMOVE" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-REMOVE" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-remove\fR \- removes files from index\.
--- a/man/man1/git-secret-reveal.1
+++ b/man/man1/git-secret-reveal.1
@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-REVEAL" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-REVEAL" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-reveal\fR \- decrypts all added files\.
--- a/man/man1/git-secret-tell.1
+++ b/man/man1/git-secret-tell.1
@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-TELL" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-TELL" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-tell\fR \- adds a person, who can access private data\.
--- a/man/man1/git-secret-usage.1
+++ b/man/man1/git-secret-usage.1
@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-USAGE" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-USAGE" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-usage\fR \- prints all the available commands\.
--- a/man/man1/git-secret-whoknows.1
+++ b/man/man1/git-secret-whoknows.1
@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-WHOKNOWS" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-WHOKNOWS" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-whoknows\fR \- prints email\-labels for each key in the keyring\.
--- a/man/man7/git-secret.7
+++ b/man/man7/git-secret.7
@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET" "7" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET" "7" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\fR \- bash tool to store private data inside a git repo\.
--- a/tests/_test_base.bash
+++ b/tests/_test_base.bash
@ -4,12 +4,12 @@
 # https://github.com/bats-core/bats-core

 # shellcheck disable=SC1090
-source "$SECRET_PROJECT_ROOT/src/version.sh"
+source "$SECRETS_PROJECT_ROOT/src/version.sh"
 # shellcheck disable=SC1090
-source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools.sh"
-source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools_freebsd.sh"
-source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools_linux.sh"
-source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools_osx.sh"
+source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools.sh"
+source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools_freebsd.sh"
+source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools_linux.sh"
+source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools_osx.sh"

 # Constants:
 FIXTURES_DIR="$BATS_TEST_DIRNAME/fixtures"
@ -47,27 +47,27 @@ GPGTEST="$SECRETS_GPG_COMMAND --homedir=$TEST_GPG_HOMEDIR --no-permission-warnin
 # See tests/fixtures/gpg/README.md for more
 # on key fixtures 'user[1-5]@gitsecret.io'
 # these two are 'normal' keys.
-export TEST_DEFAULT_USER="user1@gitsecret.io"
-export TEST_SECOND_USER="user2@gitsecret.io"
+export TEST_DEFAULT_USER='user1@gitsecret.io'
+export TEST_SECOND_USER='user2@gitsecret.io'

 # TEST_NONAME_USER (user3) created with '--quick-key-generate'
 # and has only an email, no username.
-export TEST_NONAME_USER="user3@gitsecret.io"
+export TEST_NONAME_USER='user3@gitsecret.io'

 # TEST_EXPIRED_USER (user4) has expired
-export TEST_EXPIRED_USER="user4@gitsecret.io"    # this key expires 2018-09-24
+export TEST_EXPIRED_USER='user4@gitsecret.io'    # this key expires 2018-09-24

 # fixture filename is named this,
 # but key has no email and a comment, as per #527
-export TEST_NOEMAIL_COMMENT_USER="user5@gitsecret.io"
+export TEST_NOEMAIL_COMMENT_USER='user5@gitsecret.io'

-export TEST_ATTACKER_USER="attacker1@gitsecret.io"
+export TEST_ATTACKER_USER='attacker1@gitsecret.io'


-export TEST_DEFAULT_FILENAME="space file" # has spaces
-export TEST_SECOND_FILENAME="space file two" # has spaces
-export TEST_THIRD_FILENAME="space file three"  # has spaces
-export TEST_FOURTH_FILENAME="space file three [] * $"  # has spaces and special chars
+export TEST_DEFAULT_FILENAME='space file' # has spaces
+export TEST_SECOND_FILENAME='space file two' # has spaces
+export TEST_THIRD_FILENAME='space file three'  # has spaces
+export TEST_FOURTH_FILENAME='space file three [] * $'  # has spaces and special chars


 function test_user_password {
@ -83,14 +83,14 @@ function test_user_password {
 function stop_gpg_agent {
  local username
  username=$(id -u -n)
-  if [[ "$GITSECRET_DIST" == "windows" ]]; then
+  if [[ "$SECRETS_DOCKER_ENV" == 'windows' ]]; then
    ps -l -u "$username" | gawk \
      '/gpg-agent/ { if ( $0 !~ "awk" ) { system("kill "$1) } }' >> "$TEST_GPG_OUTPUT_FILE" 2>&1
  else
    local ps_is_busybox
-    ps_is_busybox=_exe_is_busybox "ps"
-    if [[ $ps_is_busybox -eq "1" ]]; then
-      echo "# git-secret: tests: not stopping gpg-agent on busybox" >&3
+    ps_is_busybox=_exe_is_busybox 'ps'
+    if [[ $ps_is_busybox -eq '1' ]]; then
+      echo '# git-secret: tests: not stopping gpg-agent on busybox' >&3
    else
      ps -wx -U "$username" | gawk \
        '/gpg-agent --homedir/ { if ( $0 !~ "awk" ) { system("kill "$1) } }' >> "$TEST_GPG_OUTPUT_FILE" 2>&1
@ -104,7 +104,7 @@ function get_gpgtest_prefix {
    # shellcheck disable=SC2086
    echo "echo \"$(test_user_password $1)\" | "
  else
-    echo ""
+    echo ''
  fi
 }

@ -242,7 +242,7 @@ function set_state_secret_add {
  local filename="$1"
  local content="$2"
  echo "$content" > "$filename"      # we add a newline
-  echo "$filename" >> ".gitignore"
+  echo "$filename" >> '.gitignore'

  git secret add "$filename" >> "$TEST_GPG_OUTPUT_FILE" 2>&1
 }
@ -251,7 +251,7 @@ function set_state_secret_add_without_newline {
  local filename="$1"
  local content="$2"
  echo -n "$content" > "$filename"      # we do not add a newline
-  echo "$filename" >> ".gitignore"
+  echo "$filename" >> '.gitignore'

  git secret add "$filename" >> "$TEST_GPG_OUTPUT_FILE" 2>&1
 }
@ -275,7 +275,7 @@ function unset_current_state {
  secrets_dir=$(_get_secrets_dir)

  rm -rf "$secrets_dir"
-  rm -rf ".gitignore"
+  rm -rf '.gitignore'

  # unsets `git` state
  remove_git_repository
@ -308,7 +308,7 @@ function unset_current_state {
  rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_FOURTH_FILENAME}"  2>&1 | sed 's/^/# unset_current_state: rm /'

  # return to the base dir:
-  cd "$SECRET_PROJECT_ROOT" || exit 1
+  cd "$SECRETS_PROJECT_ROOT" || exit 1
 }

 # show output if we wind up manually removing the test output file in a trap
--- a/tests/test_make_install.bats
+++ b/tests/test_make_install.bats
@ -7,7 +7,7 @@ INSTALL_BASE="${TMPDIR}/git-secret-test-install"

@test "install git-secret to DESTDIR='$INSTALL_BASE'" {
  rm -f "$INSTALL_BASE/usr/bin/git-secret"
-  cd "$SECRET_PROJECT_ROOT"
+  cd "$SECRETS_PROJECT_ROOT"

  # set DESTDIR for this command and 'run' make install
  DESTDIR="$INSTALL_BASE" run make install
--- a/utils/apk/build.sh
+++ b/utils/apk/build.sh
@ -3,7 +3,7 @@
 set -e

 # shellcheck disable=SC1090,SC1091
-source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
+source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"

 preinstall_files '-c'

@ -11,4 +11,4 @@ preinstall_files '-c'
 cd "$SCRIPT_DEST_DIR" && build_package 'apk'

 # Cleaning up:
-clean_up_files && cd "$SECRET_PROJECT_ROOT"
+clean_up_files && cd "$SECRETS_PROJECT_ROOT"
--- a/utils/apk/deploy.sh
+++ b/utils/apk/deploy.sh
@ -8,11 +8,9 @@ if [ -z "$SECRETS_ARTIFACTORY_CREDENTIALS" ]; then
 fi

 # shellcheck disable=SC1090,SC1091
-source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
-# shellcheck disable=SC1090,SC1091
-source "$SECRET_PROJECT_ROOT/src/version.sh"
+source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"

-VERSION_NAME="git-secret-${GITSECRET_VERSION}.apk"
+VERSION_NAME="git-secret-${SCRIPT_VERSION}.apk"

 # Artifactory location:
 BASE_API_URL='https://gitsecret.jfrog.io/artifactory'
--- a/utils/build-utils.sh
+++ b/utils/build-utils.sh
@ -2,13 +2,16 @@

 set -e

+# shellcheck disable=SC1090,SC1091
+source "$SECRETS_PROJECT_ROOT/src/version.sh"
+
 # Initializing and settings:
 READ_PERM=0644
 EXEC_PERM=0755

 SCRIPT_NAME='git-secret'
 SCRIPT_DESCRIPTION='A bash-tool to store your private data inside a git repository.'
-SCRIPT_VERSION="$(bash "${PWD}"/git-secret --version)"
+SCRIPT_VERSION="$GITSECRET_VERSION"

 # This may be overridden:
 if [[ -z "$SCRIPT_BUILD_DIR" ]]; then
@ -38,8 +41,8 @@ function preinstall_files {
    "$SCRIPT_DEST_DIR/usr/bin/$SCRIPT_NAME"

  # Install the manualls:
-  install -m "$EXEC_PERM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man1"
-  install -m "$EXEC_PERM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man7"
+  install -m "$EXEC_PERM" -d "$SCRIPT_DEST_DIR/usr/share/man/man1"
+  install -m "$EXEC_PERM" -d "$SCRIPT_DEST_DIR/usr/share/man/man7"
  for file in man/man1/* ; do
    if [[ "$file" == *.md ]]; then
      continue
@ -62,21 +65,21 @@ function build_package {
  # coreutils is for sha256sum
  # See https://github.com/jordansissel/fpm for docs:
  fpm \
-    -s dir \
-    -t "$build_type" \
-    -a all \
-    -n "$SCRIPT_NAME" \
+    --input-type 'dir' \
+    --output-type "$build_type" \
+    --chdir "$SCRIPT_DEST_DIR" \
+    --architecture 'all' \
+    --name "$SCRIPT_NAME" \
    --version "$SCRIPT_VERSION" \
    --description "$SCRIPT_DESCRIPTION" \
-    --url "https://git-secret.io" \
-    --maintainer "Nikita Sobolev (mail@sobolevn.me)" \
-    --license "MIT" \
-    -C "$SCRIPT_DEST_DIR" \
-    -d "bash" \
-    -d "coreutils" \
-    -d "gawk" \
-    -d "git" \
-    -d "gnupg" \
+    --url 'https://git-secret.io' \
+    --maintainer 'Nikita Sobolev (mail@sobolevn.me)' \
+    --license 'MIT' \
+    --depends 'bash' \
+    --depends 'coreutils' \
+    --depends 'gawk' \
+    --depends 'git' \
+    --depends 'gnupg' \
    --deb-no-default-config-files \
    .
 }
--- a/utils/deb/build.sh
+++ b/utils/deb/build.sh
@ -3,7 +3,7 @@
 set -e

 # shellcheck disable=SC1090,SC1091
-source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
+source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"

 preinstall_files '-c'

@ -11,4 +11,4 @@ preinstall_files '-c'
 cd "$SCRIPT_DEST_DIR" && build_package 'deb'

 # Cleaning up:
-clean_up_files && cd "$SECRET_PROJECT_ROOT"
+clean_up_files && cd "$SECRETS_PROJECT_ROOT"
--- a/utils/deb/deploy.sh
+++ b/utils/deb/deploy.sh
@ -8,7 +8,7 @@ if [ -z "$SECRETS_ARTIFACTORY_CREDENTIALS" ]; then
 fi

 # shellcheck disable=SC1090,SC1091
-source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
+source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"

 # Artifactory location:
 BASE_API_URL='https://gitsecret.jfrog.io/artifactory'
--- a/utils/deb/install.sh
+++ b/utils/deb/install.sh
@ -0,0 +1,5 @@
+sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list"
+wget -qO - 'https://gitsecret.jfrog.io/artifactory/api/gpg/key/public' | sudo apt-key add -
+sudo apt-get update && sudo apt-get install -y git-secret
+# Testing, that it worked:
+git secret --version
--- a/utils/rpm/build.sh
+++ b/utils/rpm/build.sh
@ -3,7 +3,7 @@
 set -e

 # shellcheck disable=SC1090,SC1091
-source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
+source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"

 # Copying all the required files to the build directory:
 preinstall_files '-c'
@ -12,4 +12,4 @@ preinstall_files '-c'
 cd "$SCRIPT_DEST_DIR" && build_package 'rpm'

 # Cleaning up:
-clean_up_files && cd "$SECRET_PROJECT_ROOT"
+clean_up_files && cd "$SECRETS_PROJECT_ROOT"
--- a/utils/rpm/deploy.sh
+++ b/utils/rpm/deploy.sh
@ -8,7 +8,7 @@ if [ -z "$SECRETS_ARTIFACTORY_CREDENTIALS" ]; then
 fi

 # shellcheck disable=SC1090,SC1091
-source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
+source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"

 # Artifactory location:
 BASE_API_URL='https://gitsecret.jfrog.io/artifactory'
--- a/utils/rpm/git-secret.repo
+++ b/utils/rpm/git-secret.repo
@ -4,6 +4,6 @@ baseurl=https://gitsecret.jfrog.io/artifactory/git-secret-rpm
 enabled=1
 gpgcheck=0

-# Uncomment the following lines to enable repository-level GPG key check:
+## Uncomment the following lines to enable repository-level GPG key check:
 # gpgkey=https://gitsecret.jfrog.io/artifactory/git-secret-rpm/repodata/repomd.xml.key
 # repo_gpgcheck=1
--- a/utils/rpm/install.sh
+++ b/utils/rpm/install.sh
@ -0,0 +1,6 @@
+wget https://raw.githubusercontent.com/sobolevn/git-secret/master/utils/rpm/git-secret.repo -O git-secret-rpm.repo
+# Inspect what's inside! You can also enable `gpg` check on repo level.
+sudo mv git-secret-rpm.repo /etc/yum.repos.d/
+sudo yum install -y git-secret
+# Testing, that it worked:
+git secret --version
--- a/utils/tests.sh
+++ b/utils/tests.sh
@ -1,6 +1,6 @@
 #!/usr/bin/env bash

-# `SECRET_PROJECT_ROOT` must be set before running the script.
+# `SECRETS_PROJECT_ROOT` must be set before running the script.

 set -e

@ -25,7 +25,7 @@ chmod 0700 "${TEST_DIR}"
    # bats expects diagnostic lines to be sent to fd 3, matching regex '^# '
    #  (IE, like: `echo '# message here' >&3`).
    # bats ... 3>&1 shows diagnostic output
-    bats "${SECRET_PROJECT_ROOT}/tests" 3>&1
+    bats "${SECRETS_PROJECT_ROOT}/tests" 3>&1
 )

 rm -rf "${TEST_DIR}"