diff --git a/.ci/release-ci/centos/Dockerfile b/.ci/release-ci/centos/Dockerfile new file mode 100644 index 00000000..17977c6d --- /dev/null +++ b/.ci/release-ci/centos/Dockerfile @@ -0,0 +1,15 @@ +FROM centos:8 + +LABEL maintainer="mail@sobolevn.me" +LABEL vendor="git-secret team" + +RUN dnf -y update \ + && dnf install -y \ + # Required for our install script: + wget \ + sudo \ + && dnf clean all \ + && rm -rf /var/cache/yum \ + && adduser --password='' nonroot \ + && echo 'nonroot ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers +USER nonroot diff --git a/.ci/release-ci/debian/Dockerfile b/.ci/release-ci/debian/Dockerfile new file mode 100644 index 00000000..6c78fa89 --- /dev/null +++ b/.ci/release-ci/debian/Dockerfile @@ -0,0 +1,23 @@ +FROM debian:10.9-slim + +LABEL maintainer="mail@sobolevn.me" +LABEL vendor="git-secret team" + +ENV DEBIAN_FRONTEND='noninteractive' + +RUN apt-get update \ + && apt-get install --no-install-recommends -y \ + # Required to work with https-based repos and custom signed packages: + apt-transport-https \ + ca-certificates \ + # Required for our install script: + gnupg \ + sudo \ + wget \ + # Cleaning cache: + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && apt-get clean -y && rm -rf /var/lib/apt/lists/* \ + && adduser --disabled-password nonroot \ + && adduser nonroot sudo \ + && echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers +USER nonroot diff --git a/.ci/release-ci/fedora/Dockerfile b/.ci/release-ci/fedora/Dockerfile new file mode 100644 index 00000000..53efede8 --- /dev/null +++ b/.ci/release-ci/fedora/Dockerfile @@ -0,0 +1,15 @@ +FROM fedora:34 + +LABEL maintainer="mail@sobolevn.me" +LABEL vendor="git-secret team" + +RUN dnf -y update \ + && dnf install -y \ + # Required for our install script: + wget \ + sudo \ + && dnf clean all \ + && rm -rf /var/cache/yum \ + && adduser --password='' nonroot \ + && echo 'nonroot ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers +USER nonroot diff --git a/.ci/release-ci/ubuntu/Dockerfile b/.ci/release-ci/ubuntu/Dockerfile new file mode 100644 index 00000000..6c78fa89 --- /dev/null +++ b/.ci/release-ci/ubuntu/Dockerfile @@ -0,0 +1,23 @@ +FROM debian:10.9-slim + +LABEL maintainer="mail@sobolevn.me" +LABEL vendor="git-secret team" + +ENV DEBIAN_FRONTEND='noninteractive' + +RUN apt-get update \ + && apt-get install --no-install-recommends -y \ + # Required to work with https-based repos and custom signed packages: + apt-transport-https \ + ca-certificates \ + # Required for our install script: + gnupg \ + sudo \ + wget \ + # Cleaning cache: + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && apt-get clean -y && rm -rf /var/lib/apt/lists/* \ + && adduser --disabled-password nonroot \ + && adduser nonroot sudo \ + && echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers +USER nonroot diff --git a/.ci/releaser/alpine/Dockerfile b/.ci/releaser/alpine/Dockerfile index 20ef1602..bd364cd7 100644 --- a/.ci/releaser/alpine/Dockerfile +++ b/.ci/releaser/alpine/Dockerfile @@ -3,10 +3,12 @@ # TODO: Move to native image # see: https://github.com/jordansissel/fpm/issues/1782 +# Or we can switch to +# https://github.com/goreleaser/nfpm FROM alpine:3.13 ENV CODE_DIR='/code' -ENV SECRET_PROJECT_ROOT="$CODE_DIR" +ENV SECRETS_PROJECT_ROOT="$CODE_DIR" RUN apk add --no-cache --update \ # fpm deps: diff --git a/.github/workflows/misspell.yml b/.github/workflows/misspell.yml deleted file mode 100644 index b0bcb2be..00000000 --- a/.github/workflows/misspell.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: misspell - -on: - workflow_dispatch: - schedule: - - cron: '0 0 * * *' - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - uses: sobolevn/misspell-fixer-action@0.1.0 - - uses: peter-evans/create-pull-request@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - commit-message: 'Fixes by misspell-fixer' - title: 'Typos fix by misspell-fixer' diff --git a/.github/workflows/release-ci.yml b/.github/workflows/release-ci.yml new file mode 100644 index 00000000..130ca821 --- /dev/null +++ b/.github/workflows/release-ci.yml @@ -0,0 +1,25 @@ +name: installation- + +on: + workflow_dispatch: + schedule: + - cron: '0 0 * * *' + +jobs: + build: + + runs-on: ubuntu-latest + matrix: + include: + - release-type: deb + release-env: [debian, ubuntu] + - release-type: rpm + release-env: [centos, fedora] + + steps: + - uses: actions/checkout@v2 + - name: Run checks + run: | + SECRETS_RELEASE_ENV="${{ matrix.release-env }}" \ + SECRETS_RELEASE_TYPE="${{ matrix.release-type }}" \ + make release-ci diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b27e38b1..4d5c4712 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - docker-based-test: + docker-env: - debian-gnupg1 # We need to test legacy version of gnupg - debian-gnupg2 - ubuntu @@ -29,7 +29,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: Run checks - run: GITSECRET_DOCKER_ENV="${{ matrix.docker-based-test }}" make docker-ci + run: SECRETS_DOCKER_ENV="${{ matrix.docker-env }}" make docker-ci osx-ci: runs-on: macos-latest diff --git a/Makefile b/Makefile index 536ad90a..05b7c5b1 100644 --- a/Makefile +++ b/Makefile @@ -37,26 +37,26 @@ uninstall: # Using a sub-shell we get the raw *nix paths, e.g. /c/Something .PHONY: test test: clean build - export SECRET_PROJECT_ROOT="$(shell echo $${PWD})"; \ + export SECRETS_PROJECT_ROOT="$(shell echo $${PWD})"; \ export PATH="$(shell echo $${PWD})/vendor/bats-core/bin:$(shell echo $${PWD}):$(shell echo $${PATH})"; \ ${SHELL} ./utils/tests.sh # We use this script in CI and you can do this too! # What happens here? -# 1. We pass `GITSECRET_DOCKER_ENV` variable into this job +# 1. We pass `SECRETS_DOCKER_ENV` variable into this job # 2. Based on it, we select a proper `docker` image to run test on # 3. We execute `make test` inside the `docker` container .PHONY: docker-ci docker-ci: clean - @[ -z "${GITSECRET_DOCKER_ENV}" ] \ - && echo 'GITSECRET_DOCKER_ENV is unset' && exit 1 || true + @[ -z "${SECRETS_DOCKER_ENV}" ] \ + && echo 'SECRETS_DOCKER_ENV is unset' && exit 1 || true docker build \ - -f ".ci/docker-ci/$${GITSECRET_DOCKER_ENV}/Dockerfile" \ - -t "gitsecret-$${GITSECRET_DOCKER_ENV}:latest" . + -f ".ci/docker-ci/$${SECRETS_DOCKER_ENV}/Dockerfile" \ + -t "gitsecret-$${SECRETS_DOCKER_ENV}:latest" . docker run --rm \ --volume="$${PWD}:/code" \ -w /code \ - "gitsecret-$${GITSECRET_DOCKER_ENV}" \ + "gitsecret-$${SECRETS_DOCKER_ENV}" \ make test .PHONY: lint-shell @@ -122,22 +122,37 @@ docs: build-docs # Packaging: # -.PHONY: release-build -release-build: clean build - @[ -z "${GITSECRET_RELEASE_TYPE}" ] \ - && echo 'GITSECRET_RELEASE_TYPE is unset' && exit 1 || true +.PHONY: build-release +build-release: clean build + @[ -z "${SECRETS_RELEASE_TYPE}" ] \ + && echo 'SECRETS_RELEASE_TYPE is unset' && exit 1 || true docker build \ -f ".ci/releaser/alpine/Dockerfile" \ -t "gitsecret-releaser:latest" . docker run \ --volume="$${PWD}:/code" \ --rm gitsecret-releaser \ - bash "./utils/$${GITSECRET_RELEASE_TYPE}/build.sh" + bash "./utils/$${SECRETS_RELEASE_TYPE}/build.sh" .PHONY: release -release: release-build +release: build-release docker run \ --volume="$${PWD}:/code" \ -e SECRETS_ARTIFACTORY_CREDENTIALS \ --rm gitsecret-releaser \ - bash "./utils/$${GITSECRET_RELEASE_TYPE}/deploy.sh" + bash "./utils/$${SECRETS_RELEASE_TYPE}/deploy.sh" + +.PHONY: release-ci +release-ci: + @[ -z "${SECRETS_RELEASE_ENV}" ] \ + && echo 'SECRETS_RELEASE_ENV is unset' && exit 1 || true + @[ -z "${SECRETS_RELEASE_TYPE}" ] \ + && echo 'SECRETS_RELEASE_TYPE is unset' && exit 1 || true + docker build \ + -f ".ci/release-ci/$${SECRETS_RELEASE_ENV}/Dockerfile" \ + -t "gitsecret-release-$${SECRETS_RELEASE_ENV}:latest" . + docker run --rm \ + --volume="$${PWD}:/code" \ + -w /code \ + "gitsecret-release-$${SECRETS_RELEASE_ENV}" \ + bash -c "set -e; bash "./utils/$${SECRETS_RELEASE_TYPE}/install.sh"" diff --git a/docs/_includes/install-deb.sh b/docs/_includes/install-deb.sh new file mode 100644 index 00000000..59083775 --- /dev/null +++ b/docs/_includes/install-deb.sh @@ -0,0 +1,4 @@ +sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list" +wget -qO - 'https://gitsecret.jfrog.io/artifactory/api/gpg/key/public' | sudo apt-key add - +sudo apt-get update && sudo apt-get install -y git-secret +git secret --version diff --git a/docs/_includes/install-rpm.sh b/docs/_includes/install-rpm.sh new file mode 100644 index 00000000..24fb0fbc --- /dev/null +++ b/docs/_includes/install-rpm.sh @@ -0,0 +1,4 @@ +wget https://raw.githubusercontent.com/sobolevn/git-secret/master/utils/rpm/git-secret.repo -O git-secret-rpm.repo +# Inspect what's inside! You can also enable `gpg` check on repo level. +sudo mv git-secret-rpm.repo /etc/yum.repos.d/ +sudo yum install -y git-secret diff --git a/docs/_posts/2021-05-04-git-secret-add.md b/docs/_posts/2021-05-05-git-secret-add.md similarity index 97% rename from docs/_posts/2021-05-04-git-secret-add.md rename to docs/_posts/2021-05-05-git-secret-add.md index 8cfe22bc..3ef4074a 100644 --- a/docs/_posts/2021-05-04-git-secret-add.md +++ b/docs/_posts/2021-05-05-git-secret-add.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-add' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-add categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret-cat.md b/docs/_posts/2021-05-05-git-secret-cat.md similarity index 97% rename from docs/_posts/2021-05-04-git-secret-cat.md rename to docs/_posts/2021-05-05-git-secret-cat.md index 23703836..bac7ff7f 100644 --- a/docs/_posts/2021-05-04-git-secret-cat.md +++ b/docs/_posts/2021-05-05-git-secret-cat.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-cat' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-cat categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret-changes.md b/docs/_posts/2021-05-05-git-secret-changes.md similarity index 97% rename from docs/_posts/2021-05-04-git-secret-changes.md rename to docs/_posts/2021-05-05-git-secret-changes.md index 50b5c0cf..a5b00e69 100644 --- a/docs/_posts/2021-05-04-git-secret-changes.md +++ b/docs/_posts/2021-05-05-git-secret-changes.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-changes' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-changes categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret-clean.md b/docs/_posts/2021-05-05-git-secret-clean.md similarity index 96% rename from docs/_posts/2021-05-04-git-secret-clean.md rename to docs/_posts/2021-05-05-git-secret-clean.md index ec6c0880..286301f1 100644 --- a/docs/_posts/2021-05-04-git-secret-clean.md +++ b/docs/_posts/2021-05-05-git-secret-clean.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-clean' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-clean categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret-hide.md b/docs/_posts/2021-05-05-git-secret-hide.md similarity index 98% rename from docs/_posts/2021-05-04-git-secret-hide.md rename to docs/_posts/2021-05-05-git-secret-hide.md index 6ecf4abc..f7ee849e 100644 --- a/docs/_posts/2021-05-04-git-secret-hide.md +++ b/docs/_posts/2021-05-05-git-secret-hide.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-hide' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-hide categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret-init.md b/docs/_posts/2021-05-05-git-secret-init.md similarity index 97% rename from docs/_posts/2021-05-04-git-secret-init.md rename to docs/_posts/2021-05-05-git-secret-init.md index 0aee93d7..821ac799 100644 --- a/docs/_posts/2021-05-04-git-secret-init.md +++ b/docs/_posts/2021-05-05-git-secret-init.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-init' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-init categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret-killperson.md b/docs/_posts/2021-05-05-git-secret-killperson.md similarity index 96% rename from docs/_posts/2021-05-04-git-secret-killperson.md rename to docs/_posts/2021-05-05-git-secret-killperson.md index 1c11ed3b..5451a0d4 100644 --- a/docs/_posts/2021-05-04-git-secret-killperson.md +++ b/docs/_posts/2021-05-05-git-secret-killperson.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-killperson' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-killperson categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret-list.md b/docs/_posts/2021-05-05-git-secret-list.md similarity index 96% rename from docs/_posts/2021-05-04-git-secret-list.md rename to docs/_posts/2021-05-05-git-secret-list.md index 882f1881..80417cc9 100644 --- a/docs/_posts/2021-05-04-git-secret-list.md +++ b/docs/_posts/2021-05-05-git-secret-list.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-list' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-list categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret-remove.md b/docs/_posts/2021-05-05-git-secret-remove.md similarity index 96% rename from docs/_posts/2021-05-04-git-secret-remove.md rename to docs/_posts/2021-05-05-git-secret-remove.md index 48e67133..fd22a79b 100644 --- a/docs/_posts/2021-05-04-git-secret-remove.md +++ b/docs/_posts/2021-05-05-git-secret-remove.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-remove' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-remove categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret-reveal.md b/docs/_posts/2021-05-05-git-secret-reveal.md similarity index 97% rename from docs/_posts/2021-05-04-git-secret-reveal.md rename to docs/_posts/2021-05-05-git-secret-reveal.md index bfb50d4c..af31a268 100644 --- a/docs/_posts/2021-05-04-git-secret-reveal.md +++ b/docs/_posts/2021-05-05-git-secret-reveal.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-reveal' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-reveal categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret-tell.md b/docs/_posts/2021-05-05-git-secret-tell.md similarity index 98% rename from docs/_posts/2021-05-04-git-secret-tell.md rename to docs/_posts/2021-05-05-git-secret-tell.md index 5ed3cd84..e606e5ab 100644 --- a/docs/_posts/2021-05-04-git-secret-tell.md +++ b/docs/_posts/2021-05-05-git-secret-tell.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-tell' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-tell categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret-usage.md b/docs/_posts/2021-05-05-git-secret-usage.md similarity index 95% rename from docs/_posts/2021-05-04-git-secret-usage.md rename to docs/_posts/2021-05-05-git-secret-usage.md index b68833f9..9ec4f962 100644 --- a/docs/_posts/2021-05-04-git-secret-usage.md +++ b/docs/_posts/2021-05-05-git-secret-usage.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-usage' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-usage categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret-whoknows.md b/docs/_posts/2021-05-05-git-secret-whoknows.md similarity index 96% rename from docs/_posts/2021-05-04-git-secret-whoknows.md rename to docs/_posts/2021-05-05-git-secret-whoknows.md index 2bdd74fa..cd305f14 100644 --- a/docs/_posts/2021-05-04-git-secret-whoknows.md +++ b/docs/_posts/2021-05-05-git-secret-whoknows.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-whoknows' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-whoknows categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret.md b/docs/_posts/2021-05-05-git-secret.md similarity index 99% rename from docs/_posts/2021-05-04-git-secret.md rename to docs/_posts/2021-05-05-git-secret.md index b6aabfb5..321c54df 100644 --- a/docs/_posts/2021-05-04-git-secret.md +++ b/docs/_posts/2021-05-05-git-secret.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret categories: usage --- diff --git a/docs/create_posts.sh b/docs/create_posts.sh index d0ce5787..ac237bfe 100644 --- a/docs/create_posts.sh +++ b/docs/create_posts.sh @@ -58,5 +58,15 @@ categories: usage cat "$MAN7_LOCATION/git-secret.7.md" >> "$usage_filename" } + +function copy_install_scripts { + # We test these scripts using `release-ci`, + # so, installation instructions will always be up-to-date: + cp utils/deb/install.sh docs/_includes/install-deb.sh + cp utils/rpm/install.sh docs/_includes/install-rpm.sh +} + + checkout_manuals copy_to_posts +copy_install_scripts diff --git a/docs/installation.md b/docs/installation.md index a58b9bac..e3034bc6 100644 --- a/docs/installation.md +++ b/docs/installation.md @@ -38,10 +38,7 @@ You can find the `deb` repository [here](https://gitsecret.jfrog.io/artifactory/ Pre-requirements: make sure you have installed `apt-transport-https` and `ca-certificates` ```bash -sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list" -wget -qO - https://gitsecret.jfrog.io/artifactory/api/gpg/key/public | sudo apt-key add - -sudo apt-get update -sudo apt-get install git-secret +{% include install-deb.sh %} ``` --- @@ -51,12 +48,11 @@ sudo apt-get install git-secret You can find the `rpm` repository [here](https://gitsecret.jfrog.io/artifactory/git-secret-rpm/). ```bash -wget https://raw.githubusercontent.com/sobolevn/git-secret/master/utils/rpm/git-secret.repo -O git-secret-rpm.repo -# Inspect what's inside! You can also enable `gpg` check on repo level. -sudo mv git-secret-rpm.repo /etc/yum.repos.d/ -sudo yum install git-secret +{% include install-rpm.sh %} ``` +--- + ### Arch Linux The _Arch_ way to install git-secret is to use the directions for diff --git a/man/man1/git-secret-add.1 b/man/man1/git-secret-add.1 index d94a2dd0..103acb75 100644 Binary files a/man/man1/git-secret-add.1 and b/man/man1/git-secret-add.1 differ diff --git a/man/man1/git-secret-cat.1 b/man/man1/git-secret-cat.1 index a899a34f..bff32cd5 100644 Binary files a/man/man1/git-secret-cat.1 and b/man/man1/git-secret-cat.1 differ diff --git a/man/man1/git-secret-changes.1 b/man/man1/git-secret-changes.1 index b8075203..357c5dc0 100644 Binary files a/man/man1/git-secret-changes.1 and b/man/man1/git-secret-changes.1 differ diff --git a/man/man1/git-secret-clean.1 b/man/man1/git-secret-clean.1 index 75776ab0..4602cb7e 100644 Binary files a/man/man1/git-secret-clean.1 and b/man/man1/git-secret-clean.1 differ diff --git a/man/man1/git-secret-hide.1 b/man/man1/git-secret-hide.1 index 75524218..6084dae4 100644 Binary files a/man/man1/git-secret-hide.1 and b/man/man1/git-secret-hide.1 differ diff --git a/man/man1/git-secret-init.1 b/man/man1/git-secret-init.1 index 4895cc00..313c1125 100644 Binary files a/man/man1/git-secret-init.1 and b/man/man1/git-secret-init.1 differ diff --git a/man/man1/git-secret-killperson.1 b/man/man1/git-secret-killperson.1 index cd9860d2..977fa5c9 100644 Binary files a/man/man1/git-secret-killperson.1 and b/man/man1/git-secret-killperson.1 differ diff --git a/man/man1/git-secret-list.1 b/man/man1/git-secret-list.1 index e90e935a..594ba48e 100644 Binary files a/man/man1/git-secret-list.1 and b/man/man1/git-secret-list.1 differ diff --git a/man/man1/git-secret-remove.1 b/man/man1/git-secret-remove.1 index 2a5219bd..38b3fe88 100644 Binary files a/man/man1/git-secret-remove.1 and b/man/man1/git-secret-remove.1 differ diff --git a/man/man1/git-secret-reveal.1 b/man/man1/git-secret-reveal.1 index e7fd5de8..3b283a26 100644 Binary files a/man/man1/git-secret-reveal.1 and b/man/man1/git-secret-reveal.1 differ diff --git a/man/man1/git-secret-tell.1 b/man/man1/git-secret-tell.1 index 447055a4..5129876f 100644 Binary files a/man/man1/git-secret-tell.1 and b/man/man1/git-secret-tell.1 differ diff --git a/man/man1/git-secret-usage.1 b/man/man1/git-secret-usage.1 index 20d08330..9f4f2071 100644 Binary files a/man/man1/git-secret-usage.1 and b/man/man1/git-secret-usage.1 differ diff --git a/man/man1/git-secret-whoknows.1 b/man/man1/git-secret-whoknows.1 index 1e8ae4ec..405db3f6 100644 Binary files a/man/man1/git-secret-whoknows.1 and b/man/man1/git-secret-whoknows.1 differ diff --git a/man/man7/git-secret.7 b/man/man7/git-secret.7 index 7ba19cfd..a66e6c69 100644 Binary files a/man/man7/git-secret.7 and b/man/man7/git-secret.7 differ diff --git a/tests/_test_base.bash b/tests/_test_base.bash index 671b95e1..e59157b7 100644 --- a/tests/_test_base.bash +++ b/tests/_test_base.bash @@ -4,12 +4,12 @@ # https://github.com/bats-core/bats-core # shellcheck disable=SC1090 -source "$SECRET_PROJECT_ROOT/src/version.sh" +source "$SECRETS_PROJECT_ROOT/src/version.sh" # shellcheck disable=SC1090 -source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools.sh" -source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools_freebsd.sh" -source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools_linux.sh" -source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools_osx.sh" +source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools.sh" +source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools_freebsd.sh" +source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools_linux.sh" +source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools_osx.sh" # Constants: FIXTURES_DIR="$BATS_TEST_DIRNAME/fixtures" @@ -47,27 +47,27 @@ GPGTEST="$SECRETS_GPG_COMMAND --homedir=$TEST_GPG_HOMEDIR --no-permission-warnin # See tests/fixtures/gpg/README.md for more # on key fixtures 'user[1-5]@gitsecret.io' # these two are 'normal' keys. -export TEST_DEFAULT_USER="user1@gitsecret.io" -export TEST_SECOND_USER="user2@gitsecret.io" +export TEST_DEFAULT_USER='user1@gitsecret.io' +export TEST_SECOND_USER='user2@gitsecret.io' # TEST_NONAME_USER (user3) created with '--quick-key-generate' # and has only an email, no username. -export TEST_NONAME_USER="user3@gitsecret.io" +export TEST_NONAME_USER='user3@gitsecret.io' # TEST_EXPIRED_USER (user4) has expired -export TEST_EXPIRED_USER="user4@gitsecret.io" # this key expires 2018-09-24 +export TEST_EXPIRED_USER='user4@gitsecret.io' # this key expires 2018-09-24 # fixture filename is named this, # but key has no email and a comment, as per #527 -export TEST_NOEMAIL_COMMENT_USER="user5@gitsecret.io" +export TEST_NOEMAIL_COMMENT_USER='user5@gitsecret.io' -export TEST_ATTACKER_USER="attacker1@gitsecret.io" +export TEST_ATTACKER_USER='attacker1@gitsecret.io' -export TEST_DEFAULT_FILENAME="space file" # has spaces -export TEST_SECOND_FILENAME="space file two" # has spaces -export TEST_THIRD_FILENAME="space file three" # has spaces -export TEST_FOURTH_FILENAME="space file three [] * $" # has spaces and special chars +export TEST_DEFAULT_FILENAME='space file' # has spaces +export TEST_SECOND_FILENAME='space file two' # has spaces +export TEST_THIRD_FILENAME='space file three' # has spaces +export TEST_FOURTH_FILENAME='space file three [] * $' # has spaces and special chars function test_user_password { @@ -83,14 +83,14 @@ function test_user_password { function stop_gpg_agent { local username username=$(id -u -n) - if [[ "$GITSECRET_DIST" == "windows" ]]; then + if [[ "$SECRETS_DOCKER_ENV" == 'windows' ]]; then ps -l -u "$username" | gawk \ '/gpg-agent/ { if ( $0 !~ "awk" ) { system("kill "$1) } }' >> "$TEST_GPG_OUTPUT_FILE" 2>&1 else local ps_is_busybox - ps_is_busybox=_exe_is_busybox "ps" - if [[ $ps_is_busybox -eq "1" ]]; then - echo "# git-secret: tests: not stopping gpg-agent on busybox" >&3 + ps_is_busybox=_exe_is_busybox 'ps' + if [[ $ps_is_busybox -eq '1' ]]; then + echo '# git-secret: tests: not stopping gpg-agent on busybox' >&3 else ps -wx -U "$username" | gawk \ '/gpg-agent --homedir/ { if ( $0 !~ "awk" ) { system("kill "$1) } }' >> "$TEST_GPG_OUTPUT_FILE" 2>&1 @@ -104,7 +104,7 @@ function get_gpgtest_prefix { # shellcheck disable=SC2086 echo "echo \"$(test_user_password $1)\" | " else - echo "" + echo '' fi } @@ -242,7 +242,7 @@ function set_state_secret_add { local filename="$1" local content="$2" echo "$content" > "$filename" # we add a newline - echo "$filename" >> ".gitignore" + echo "$filename" >> '.gitignore' git secret add "$filename" >> "$TEST_GPG_OUTPUT_FILE" 2>&1 } @@ -251,7 +251,7 @@ function set_state_secret_add_without_newline { local filename="$1" local content="$2" echo -n "$content" > "$filename" # we do not add a newline - echo "$filename" >> ".gitignore" + echo "$filename" >> '.gitignore' git secret add "$filename" >> "$TEST_GPG_OUTPUT_FILE" 2>&1 } @@ -275,7 +275,7 @@ function unset_current_state { secrets_dir=$(_get_secrets_dir) rm -rf "$secrets_dir" - rm -rf ".gitignore" + rm -rf '.gitignore' # unsets `git` state remove_git_repository @@ -308,7 +308,7 @@ function unset_current_state { rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_FOURTH_FILENAME}" 2>&1 | sed 's/^/# unset_current_state: rm /' # return to the base dir: - cd "$SECRET_PROJECT_ROOT" || exit 1 + cd "$SECRETS_PROJECT_ROOT" || exit 1 } # show output if we wind up manually removing the test output file in a trap diff --git a/tests/test_make_install.bats b/tests/test_make_install.bats index 01d5e236..628601f0 100644 --- a/tests/test_make_install.bats +++ b/tests/test_make_install.bats @@ -7,7 +7,7 @@ INSTALL_BASE="${TMPDIR}/git-secret-test-install" @test "install git-secret to DESTDIR='$INSTALL_BASE'" { rm -f "$INSTALL_BASE/usr/bin/git-secret" - cd "$SECRET_PROJECT_ROOT" + cd "$SECRETS_PROJECT_ROOT" # set DESTDIR for this command and 'run' make install DESTDIR="$INSTALL_BASE" run make install diff --git a/utils/apk/build.sh b/utils/apk/build.sh index ea528c00..8fce4bb4 100644 --- a/utils/apk/build.sh +++ b/utils/apk/build.sh @@ -3,7 +3,7 @@ set -e # shellcheck disable=SC1090,SC1091 -source "$SECRET_PROJECT_ROOT/utils/build-utils.sh" +source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh" preinstall_files '-c' @@ -11,4 +11,4 @@ preinstall_files '-c' cd "$SCRIPT_DEST_DIR" && build_package 'apk' # Cleaning up: -clean_up_files && cd "$SECRET_PROJECT_ROOT" +clean_up_files && cd "$SECRETS_PROJECT_ROOT" diff --git a/utils/apk/deploy.sh b/utils/apk/deploy.sh index 47591289..5753ef8a 100644 --- a/utils/apk/deploy.sh +++ b/utils/apk/deploy.sh @@ -8,11 +8,9 @@ if [ -z "$SECRETS_ARTIFACTORY_CREDENTIALS" ]; then fi # shellcheck disable=SC1090,SC1091 -source "$SECRET_PROJECT_ROOT/utils/build-utils.sh" -# shellcheck disable=SC1090,SC1091 -source "$SECRET_PROJECT_ROOT/src/version.sh" +source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh" -VERSION_NAME="git-secret-${GITSECRET_VERSION}.apk" +VERSION_NAME="git-secret-${SCRIPT_VERSION}.apk" # Artifactory location: BASE_API_URL='https://gitsecret.jfrog.io/artifactory' diff --git a/utils/build-utils.sh b/utils/build-utils.sh index 30b114ab..866a9a52 100755 --- a/utils/build-utils.sh +++ b/utils/build-utils.sh @@ -2,13 +2,16 @@ set -e +# shellcheck disable=SC1090,SC1091 +source "$SECRETS_PROJECT_ROOT/src/version.sh" + # Initializing and settings: READ_PERM=0644 EXEC_PERM=0755 SCRIPT_NAME='git-secret' SCRIPT_DESCRIPTION='A bash-tool to store your private data inside a git repository.' -SCRIPT_VERSION="$(bash "${PWD}"/git-secret --version)" +SCRIPT_VERSION="$GITSECRET_VERSION" # This may be overridden: if [[ -z "$SCRIPT_BUILD_DIR" ]]; then @@ -38,8 +41,8 @@ function preinstall_files { "$SCRIPT_DEST_DIR/usr/bin/$SCRIPT_NAME" # Install the manualls: - install -m "$EXEC_PERM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man1" - install -m "$EXEC_PERM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man7" + install -m "$EXEC_PERM" -d "$SCRIPT_DEST_DIR/usr/share/man/man1" + install -m "$EXEC_PERM" -d "$SCRIPT_DEST_DIR/usr/share/man/man7" for file in man/man1/* ; do if [[ "$file" == *.md ]]; then continue @@ -62,21 +65,21 @@ function build_package { # coreutils is for sha256sum # See https://github.com/jordansissel/fpm for docs: fpm \ - -s dir \ - -t "$build_type" \ - -a all \ - -n "$SCRIPT_NAME" \ + --input-type 'dir' \ + --output-type "$build_type" \ + --chdir "$SCRIPT_DEST_DIR" \ + --architecture 'all' \ + --name "$SCRIPT_NAME" \ --version "$SCRIPT_VERSION" \ --description "$SCRIPT_DESCRIPTION" \ - --url "https://git-secret.io" \ - --maintainer "Nikita Sobolev (mail@sobolevn.me)" \ - --license "MIT" \ - -C "$SCRIPT_DEST_DIR" \ - -d "bash" \ - -d "coreutils" \ - -d "gawk" \ - -d "git" \ - -d "gnupg" \ + --url 'https://git-secret.io' \ + --maintainer 'Nikita Sobolev (mail@sobolevn.me)' \ + --license 'MIT' \ + --depends 'bash' \ + --depends 'coreutils' \ + --depends 'gawk' \ + --depends 'git' \ + --depends 'gnupg' \ --deb-no-default-config-files \ . } diff --git a/utils/deb/build.sh b/utils/deb/build.sh index a05f7ff5..bced74a7 100755 --- a/utils/deb/build.sh +++ b/utils/deb/build.sh @@ -3,7 +3,7 @@ set -e # shellcheck disable=SC1090,SC1091 -source "$SECRET_PROJECT_ROOT/utils/build-utils.sh" +source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh" preinstall_files '-c' @@ -11,4 +11,4 @@ preinstall_files '-c' cd "$SCRIPT_DEST_DIR" && build_package 'deb' # Cleaning up: -clean_up_files && cd "$SECRET_PROJECT_ROOT" +clean_up_files && cd "$SECRETS_PROJECT_ROOT" diff --git a/utils/deb/deploy.sh b/utils/deb/deploy.sh index d8be1d4b..636bb301 100755 --- a/utils/deb/deploy.sh +++ b/utils/deb/deploy.sh @@ -8,7 +8,7 @@ if [ -z "$SECRETS_ARTIFACTORY_CREDENTIALS" ]; then fi # shellcheck disable=SC1090,SC1091 -source "$SECRET_PROJECT_ROOT/utils/build-utils.sh" +source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh" # Artifactory location: BASE_API_URL='https://gitsecret.jfrog.io/artifactory' diff --git a/utils/deb/install.sh b/utils/deb/install.sh new file mode 100644 index 00000000..37f2a566 --- /dev/null +++ b/utils/deb/install.sh @@ -0,0 +1,5 @@ +sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list" +wget -qO - 'https://gitsecret.jfrog.io/artifactory/api/gpg/key/public' | sudo apt-key add - +sudo apt-get update && sudo apt-get install -y git-secret +# Testing, that it worked: +git secret --version diff --git a/utils/rpm/build.sh b/utils/rpm/build.sh index 1e642481..190c0bc2 100755 --- a/utils/rpm/build.sh +++ b/utils/rpm/build.sh @@ -3,7 +3,7 @@ set -e # shellcheck disable=SC1090,SC1091 -source "$SECRET_PROJECT_ROOT/utils/build-utils.sh" +source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh" # Copying all the required files to the build directory: preinstall_files '-c' @@ -12,4 +12,4 @@ preinstall_files '-c' cd "$SCRIPT_DEST_DIR" && build_package 'rpm' # Cleaning up: -clean_up_files && cd "$SECRET_PROJECT_ROOT" +clean_up_files && cd "$SECRETS_PROJECT_ROOT" diff --git a/utils/rpm/deploy.sh b/utils/rpm/deploy.sh index c34a5bc9..c2045261 100644 --- a/utils/rpm/deploy.sh +++ b/utils/rpm/deploy.sh @@ -8,7 +8,7 @@ if [ -z "$SECRETS_ARTIFACTORY_CREDENTIALS" ]; then fi # shellcheck disable=SC1090,SC1091 -source "$SECRET_PROJECT_ROOT/utils/build-utils.sh" +source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh" # Artifactory location: BASE_API_URL='https://gitsecret.jfrog.io/artifactory' diff --git a/utils/rpm/git-secret.repo b/utils/rpm/git-secret.repo index 520fedf6..d29b0ce6 100644 --- a/utils/rpm/git-secret.repo +++ b/utils/rpm/git-secret.repo @@ -4,6 +4,6 @@ baseurl=https://gitsecret.jfrog.io/artifactory/git-secret-rpm enabled=1 gpgcheck=0 -# Uncomment the following lines to enable repository-level GPG key check: +## Uncomment the following lines to enable repository-level GPG key check: # gpgkey=https://gitsecret.jfrog.io/artifactory/git-secret-rpm/repodata/repomd.xml.key # repo_gpgcheck=1 diff --git a/utils/rpm/install.sh b/utils/rpm/install.sh new file mode 100644 index 00000000..9250c9a1 --- /dev/null +++ b/utils/rpm/install.sh @@ -0,0 +1,6 @@ +wget https://raw.githubusercontent.com/sobolevn/git-secret/master/utils/rpm/git-secret.repo -O git-secret-rpm.repo +# Inspect what's inside! You can also enable `gpg` check on repo level. +sudo mv git-secret-rpm.repo /etc/yum.repos.d/ +sudo yum install -y git-secret +# Testing, that it worked: +git secret --version diff --git a/utils/tests.sh b/utils/tests.sh index c0a3c947..1c58ade7 100755 --- a/utils/tests.sh +++ b/utils/tests.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -# `SECRET_PROJECT_ROOT` must be set before running the script. +# `SECRETS_PROJECT_ROOT` must be set before running the script. set -e @@ -25,7 +25,7 @@ chmod 0700 "${TEST_DIR}" # bats expects diagnostic lines to be sent to fd 3, matching regex '^# ' # (IE, like: `echo '# message here' >&3`). # bats ... 3>&1 shows diagnostic output - bats "${SECRET_PROJECT_ROOT}/tests" 3>&1 + bats "${SECRETS_PROJECT_ROOT}/tests" 3>&1 ) rm -rf "${TEST_DIR}"