From 19941f91f42b95ea3b003a499618ebe629e0433e Mon Sep 17 00:00:00 2001 From: Nikita Sobolev Date: Wed, 5 May 2021 15:59:28 +0300 Subject: [PATCH] Adds release-ci script to test installation (#664) * Adds release-ci script to test installation * Fixes CI * Fixes CI * Renames some variables to follow the same SECRETS_ convention --- .ci/release-ci/centos/Dockerfile | 15 ++++++ .ci/release-ci/debian/Dockerfile | 23 +++++++++ .ci/release-ci/fedora/Dockerfile | 15 ++++++ .ci/release-ci/ubuntu/Dockerfile | 23 +++++++++ .ci/releaser/alpine/Dockerfile | 4 +- .github/workflows/misspell.yml | 20 -------- .github/workflows/release-ci.yml | 25 +++++++++ .github/workflows/test.yml | 4 +- Makefile | 43 +++++++++++----- docs/_includes/install-deb.sh | 4 ++ docs/_includes/install-rpm.sh | 4 ++ ...et-add.md => 2021-05-05-git-secret-add.md} | 2 +- ...et-cat.md => 2021-05-05-git-secret-cat.md} | 2 +- ...es.md => 2021-05-05-git-secret-changes.md} | 2 +- ...lean.md => 2021-05-05-git-secret-clean.md} | 2 +- ...-hide.md => 2021-05-05-git-secret-hide.md} | 2 +- ...-init.md => 2021-05-05-git-secret-init.md} | 2 +- ...md => 2021-05-05-git-secret-killperson.md} | 2 +- ...-list.md => 2021-05-05-git-secret-list.md} | 2 +- ...ove.md => 2021-05-05-git-secret-remove.md} | 2 +- ...eal.md => 2021-05-05-git-secret-reveal.md} | 2 +- ...-tell.md => 2021-05-05-git-secret-tell.md} | 2 +- ...sage.md => 2021-05-05-git-secret-usage.md} | 2 +- ...s.md => 2021-05-05-git-secret-whoknows.md} | 2 +- ...git-secret.md => 2021-05-05-git-secret.md} | 2 +- docs/create_posts.sh | 10 ++++ docs/installation.md | 12 ++--- man/man1/git-secret-add.1 | Bin 1681 -> 1674 bytes man/man1/git-secret-cat.1 | Bin 1472 -> 1465 bytes man/man1/git-secret-changes.1 | Bin 1672 -> 1665 bytes man/man1/git-secret-clean.1 | Bin 1102 -> 1095 bytes man/man1/git-secret-hide.1 | Bin 3109 -> 3102 bytes man/man1/git-secret-init.1 | Bin 1423 -> 1416 bytes man/man1/git-secret-killperson.1 | Bin 1010 -> 1003 bytes man/man1/git-secret-list.1 | Bin 1136 -> 1129 bytes man/man1/git-secret-remove.1 | Bin 1113 -> 1106 bytes man/man1/git-secret-reveal.1 | Bin 1763 -> 1756 bytes man/man1/git-secret-tell.1 | Bin 2202 -> 2195 bytes man/man1/git-secret-usage.1 | Bin 855 -> 848 bytes man/man1/git-secret-whoknows.1 | Bin 986 -> 979 bytes man/man7/git-secret.7 | Bin 10001 -> 9994 bytes tests/_test_base.bash | 48 +++++++++--------- tests/test_make_install.bats | 2 +- utils/apk/build.sh | 4 +- utils/apk/deploy.sh | 6 +-- utils/build-utils.sh | 35 +++++++------ utils/deb/build.sh | 4 +- utils/deb/deploy.sh | 2 +- utils/deb/install.sh | 5 ++ utils/rpm/build.sh | 4 +- utils/rpm/deploy.sh | 2 +- utils/rpm/git-secret.repo | 2 +- utils/rpm/install.sh | 6 +++ utils/tests.sh | 4 +- 54 files changed, 239 insertions(+), 115 deletions(-) create mode 100644 .ci/release-ci/centos/Dockerfile create mode 100644 .ci/release-ci/debian/Dockerfile create mode 100644 .ci/release-ci/fedora/Dockerfile create mode 100644 .ci/release-ci/ubuntu/Dockerfile delete mode 100644 .github/workflows/misspell.yml create mode 100644 .github/workflows/release-ci.yml create mode 100644 docs/_includes/install-deb.sh create mode 100644 docs/_includes/install-rpm.sh rename docs/_posts/{2021-05-04-git-secret-add.md => 2021-05-05-git-secret-add.md} (97%) rename docs/_posts/{2021-05-04-git-secret-cat.md => 2021-05-05-git-secret-cat.md} (97%) rename docs/_posts/{2021-05-04-git-secret-changes.md => 2021-05-05-git-secret-changes.md} (97%) rename docs/_posts/{2021-05-04-git-secret-clean.md => 2021-05-05-git-secret-clean.md} (96%) rename docs/_posts/{2021-05-04-git-secret-hide.md => 2021-05-05-git-secret-hide.md} (98%) rename docs/_posts/{2021-05-04-git-secret-init.md => 2021-05-05-git-secret-init.md} (97%) rename docs/_posts/{2021-05-04-git-secret-killperson.md => 2021-05-05-git-secret-killperson.md} (96%) rename docs/_posts/{2021-05-04-git-secret-list.md => 2021-05-05-git-secret-list.md} (96%) rename docs/_posts/{2021-05-04-git-secret-remove.md => 2021-05-05-git-secret-remove.md} (96%) rename docs/_posts/{2021-05-04-git-secret-reveal.md => 2021-05-05-git-secret-reveal.md} (97%) rename docs/_posts/{2021-05-04-git-secret-tell.md => 2021-05-05-git-secret-tell.md} (98%) rename docs/_posts/{2021-05-04-git-secret-usage.md => 2021-05-05-git-secret-usage.md} (95%) rename docs/_posts/{2021-05-04-git-secret-whoknows.md => 2021-05-05-git-secret-whoknows.md} (96%) rename docs/_posts/{2021-05-04-git-secret.md => 2021-05-05-git-secret.md} (99%) create mode 100644 utils/deb/install.sh create mode 100644 utils/rpm/install.sh diff --git a/.ci/release-ci/centos/Dockerfile b/.ci/release-ci/centos/Dockerfile new file mode 100644 index 00000000..17977c6d --- /dev/null +++ b/.ci/release-ci/centos/Dockerfile @@ -0,0 +1,15 @@ +FROM centos:8 + +LABEL maintainer="mail@sobolevn.me" +LABEL vendor="git-secret team" + +RUN dnf -y update \ + && dnf install -y \ + # Required for our install script: + wget \ + sudo \ + && dnf clean all \ + && rm -rf /var/cache/yum \ + && adduser --password='' nonroot \ + && echo 'nonroot ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers +USER nonroot diff --git a/.ci/release-ci/debian/Dockerfile b/.ci/release-ci/debian/Dockerfile new file mode 100644 index 00000000..6c78fa89 --- /dev/null +++ b/.ci/release-ci/debian/Dockerfile @@ -0,0 +1,23 @@ +FROM debian:10.9-slim + +LABEL maintainer="mail@sobolevn.me" +LABEL vendor="git-secret team" + +ENV DEBIAN_FRONTEND='noninteractive' + +RUN apt-get update \ + && apt-get install --no-install-recommends -y \ + # Required to work with https-based repos and custom signed packages: + apt-transport-https \ + ca-certificates \ + # Required for our install script: + gnupg \ + sudo \ + wget \ + # Cleaning cache: + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && apt-get clean -y && rm -rf /var/lib/apt/lists/* \ + && adduser --disabled-password nonroot \ + && adduser nonroot sudo \ + && echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers +USER nonroot diff --git a/.ci/release-ci/fedora/Dockerfile b/.ci/release-ci/fedora/Dockerfile new file mode 100644 index 00000000..53efede8 --- /dev/null +++ b/.ci/release-ci/fedora/Dockerfile @@ -0,0 +1,15 @@ +FROM fedora:34 + +LABEL maintainer="mail@sobolevn.me" +LABEL vendor="git-secret team" + +RUN dnf -y update \ + && dnf install -y \ + # Required for our install script: + wget \ + sudo \ + && dnf clean all \ + && rm -rf /var/cache/yum \ + && adduser --password='' nonroot \ + && echo 'nonroot ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers +USER nonroot diff --git a/.ci/release-ci/ubuntu/Dockerfile b/.ci/release-ci/ubuntu/Dockerfile new file mode 100644 index 00000000..6c78fa89 --- /dev/null +++ b/.ci/release-ci/ubuntu/Dockerfile @@ -0,0 +1,23 @@ +FROM debian:10.9-slim + +LABEL maintainer="mail@sobolevn.me" +LABEL vendor="git-secret team" + +ENV DEBIAN_FRONTEND='noninteractive' + +RUN apt-get update \ + && apt-get install --no-install-recommends -y \ + # Required to work with https-based repos and custom signed packages: + apt-transport-https \ + ca-certificates \ + # Required for our install script: + gnupg \ + sudo \ + wget \ + # Cleaning cache: + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && apt-get clean -y && rm -rf /var/lib/apt/lists/* \ + && adduser --disabled-password nonroot \ + && adduser nonroot sudo \ + && echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers +USER nonroot diff --git a/.ci/releaser/alpine/Dockerfile b/.ci/releaser/alpine/Dockerfile index 20ef1602..bd364cd7 100644 --- a/.ci/releaser/alpine/Dockerfile +++ b/.ci/releaser/alpine/Dockerfile @@ -3,10 +3,12 @@ # TODO: Move to native image # see: https://github.com/jordansissel/fpm/issues/1782 +# Or we can switch to +# https://github.com/goreleaser/nfpm FROM alpine:3.13 ENV CODE_DIR='/code' -ENV SECRET_PROJECT_ROOT="$CODE_DIR" +ENV SECRETS_PROJECT_ROOT="$CODE_DIR" RUN apk add --no-cache --update \ # fpm deps: diff --git a/.github/workflows/misspell.yml b/.github/workflows/misspell.yml deleted file mode 100644 index b0bcb2be..00000000 --- a/.github/workflows/misspell.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: misspell - -on: - workflow_dispatch: - schedule: - - cron: '0 0 * * *' - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - uses: sobolevn/misspell-fixer-action@0.1.0 - - uses: peter-evans/create-pull-request@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - commit-message: 'Fixes by misspell-fixer' - title: 'Typos fix by misspell-fixer' diff --git a/.github/workflows/release-ci.yml b/.github/workflows/release-ci.yml new file mode 100644 index 00000000..130ca821 --- /dev/null +++ b/.github/workflows/release-ci.yml @@ -0,0 +1,25 @@ +name: installation- + +on: + workflow_dispatch: + schedule: + - cron: '0 0 * * *' + +jobs: + build: + + runs-on: ubuntu-latest + matrix: + include: + - release-type: deb + release-env: [debian, ubuntu] + - release-type: rpm + release-env: [centos, fedora] + + steps: + - uses: actions/checkout@v2 + - name: Run checks + run: | + SECRETS_RELEASE_ENV="${{ matrix.release-env }}" \ + SECRETS_RELEASE_TYPE="${{ matrix.release-type }}" \ + make release-ci diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b27e38b1..4d5c4712 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - docker-based-test: + docker-env: - debian-gnupg1 # We need to test legacy version of gnupg - debian-gnupg2 - ubuntu @@ -29,7 +29,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: Run checks - run: GITSECRET_DOCKER_ENV="${{ matrix.docker-based-test }}" make docker-ci + run: SECRETS_DOCKER_ENV="${{ matrix.docker-env }}" make docker-ci osx-ci: runs-on: macos-latest diff --git a/Makefile b/Makefile index 536ad90a..05b7c5b1 100644 --- a/Makefile +++ b/Makefile @@ -37,26 +37,26 @@ uninstall: # Using a sub-shell we get the raw *nix paths, e.g. /c/Something .PHONY: test test: clean build - export SECRET_PROJECT_ROOT="$(shell echo $${PWD})"; \ + export SECRETS_PROJECT_ROOT="$(shell echo $${PWD})"; \ export PATH="$(shell echo $${PWD})/vendor/bats-core/bin:$(shell echo $${PWD}):$(shell echo $${PATH})"; \ ${SHELL} ./utils/tests.sh # We use this script in CI and you can do this too! # What happens here? -# 1. We pass `GITSECRET_DOCKER_ENV` variable into this job +# 1. We pass `SECRETS_DOCKER_ENV` variable into this job # 2. Based on it, we select a proper `docker` image to run test on # 3. We execute `make test` inside the `docker` container .PHONY: docker-ci docker-ci: clean - @[ -z "${GITSECRET_DOCKER_ENV}" ] \ - && echo 'GITSECRET_DOCKER_ENV is unset' && exit 1 || true + @[ -z "${SECRETS_DOCKER_ENV}" ] \ + && echo 'SECRETS_DOCKER_ENV is unset' && exit 1 || true docker build \ - -f ".ci/docker-ci/$${GITSECRET_DOCKER_ENV}/Dockerfile" \ - -t "gitsecret-$${GITSECRET_DOCKER_ENV}:latest" . + -f ".ci/docker-ci/$${SECRETS_DOCKER_ENV}/Dockerfile" \ + -t "gitsecret-$${SECRETS_DOCKER_ENV}:latest" . docker run --rm \ --volume="$${PWD}:/code" \ -w /code \ - "gitsecret-$${GITSECRET_DOCKER_ENV}" \ + "gitsecret-$${SECRETS_DOCKER_ENV}" \ make test .PHONY: lint-shell @@ -122,22 +122,37 @@ docs: build-docs # Packaging: # -.PHONY: release-build -release-build: clean build - @[ -z "${GITSECRET_RELEASE_TYPE}" ] \ - && echo 'GITSECRET_RELEASE_TYPE is unset' && exit 1 || true +.PHONY: build-release +build-release: clean build + @[ -z "${SECRETS_RELEASE_TYPE}" ] \ + && echo 'SECRETS_RELEASE_TYPE is unset' && exit 1 || true docker build \ -f ".ci/releaser/alpine/Dockerfile" \ -t "gitsecret-releaser:latest" . docker run \ --volume="$${PWD}:/code" \ --rm gitsecret-releaser \ - bash "./utils/$${GITSECRET_RELEASE_TYPE}/build.sh" + bash "./utils/$${SECRETS_RELEASE_TYPE}/build.sh" .PHONY: release -release: release-build +release: build-release docker run \ --volume="$${PWD}:/code" \ -e SECRETS_ARTIFACTORY_CREDENTIALS \ --rm gitsecret-releaser \ - bash "./utils/$${GITSECRET_RELEASE_TYPE}/deploy.sh" + bash "./utils/$${SECRETS_RELEASE_TYPE}/deploy.sh" + +.PHONY: release-ci +release-ci: + @[ -z "${SECRETS_RELEASE_ENV}" ] \ + && echo 'SECRETS_RELEASE_ENV is unset' && exit 1 || true + @[ -z "${SECRETS_RELEASE_TYPE}" ] \ + && echo 'SECRETS_RELEASE_TYPE is unset' && exit 1 || true + docker build \ + -f ".ci/release-ci/$${SECRETS_RELEASE_ENV}/Dockerfile" \ + -t "gitsecret-release-$${SECRETS_RELEASE_ENV}:latest" . + docker run --rm \ + --volume="$${PWD}:/code" \ + -w /code \ + "gitsecret-release-$${SECRETS_RELEASE_ENV}" \ + bash -c "set -e; bash "./utils/$${SECRETS_RELEASE_TYPE}/install.sh"" diff --git a/docs/_includes/install-deb.sh b/docs/_includes/install-deb.sh new file mode 100644 index 00000000..59083775 --- /dev/null +++ b/docs/_includes/install-deb.sh @@ -0,0 +1,4 @@ +sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list" +wget -qO - 'https://gitsecret.jfrog.io/artifactory/api/gpg/key/public' | sudo apt-key add - +sudo apt-get update && sudo apt-get install -y git-secret +git secret --version diff --git a/docs/_includes/install-rpm.sh b/docs/_includes/install-rpm.sh new file mode 100644 index 00000000..24fb0fbc --- /dev/null +++ b/docs/_includes/install-rpm.sh @@ -0,0 +1,4 @@ +wget https://raw.githubusercontent.com/sobolevn/git-secret/master/utils/rpm/git-secret.repo -O git-secret-rpm.repo +# Inspect what's inside! You can also enable `gpg` check on repo level. +sudo mv git-secret-rpm.repo /etc/yum.repos.d/ +sudo yum install -y git-secret diff --git a/docs/_posts/2021-05-04-git-secret-add.md b/docs/_posts/2021-05-05-git-secret-add.md similarity index 97% rename from docs/_posts/2021-05-04-git-secret-add.md rename to docs/_posts/2021-05-05-git-secret-add.md index 8cfe22bc..3ef4074a 100644 --- a/docs/_posts/2021-05-04-git-secret-add.md +++ b/docs/_posts/2021-05-05-git-secret-add.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-add' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-add categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret-cat.md b/docs/_posts/2021-05-05-git-secret-cat.md similarity index 97% rename from docs/_posts/2021-05-04-git-secret-cat.md rename to docs/_posts/2021-05-05-git-secret-cat.md index 23703836..bac7ff7f 100644 --- a/docs/_posts/2021-05-04-git-secret-cat.md +++ b/docs/_posts/2021-05-05-git-secret-cat.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-cat' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-cat categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret-changes.md b/docs/_posts/2021-05-05-git-secret-changes.md similarity index 97% rename from docs/_posts/2021-05-04-git-secret-changes.md rename to docs/_posts/2021-05-05-git-secret-changes.md index 50b5c0cf..a5b00e69 100644 --- a/docs/_posts/2021-05-04-git-secret-changes.md +++ b/docs/_posts/2021-05-05-git-secret-changes.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-changes' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-changes categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret-clean.md b/docs/_posts/2021-05-05-git-secret-clean.md similarity index 96% rename from docs/_posts/2021-05-04-git-secret-clean.md rename to docs/_posts/2021-05-05-git-secret-clean.md index ec6c0880..286301f1 100644 --- a/docs/_posts/2021-05-04-git-secret-clean.md +++ b/docs/_posts/2021-05-05-git-secret-clean.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-clean' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-clean categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret-hide.md b/docs/_posts/2021-05-05-git-secret-hide.md similarity index 98% rename from docs/_posts/2021-05-04-git-secret-hide.md rename to docs/_posts/2021-05-05-git-secret-hide.md index 6ecf4abc..f7ee849e 100644 --- a/docs/_posts/2021-05-04-git-secret-hide.md +++ b/docs/_posts/2021-05-05-git-secret-hide.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-hide' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-hide categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret-init.md b/docs/_posts/2021-05-05-git-secret-init.md similarity index 97% rename from docs/_posts/2021-05-04-git-secret-init.md rename to docs/_posts/2021-05-05-git-secret-init.md index 0aee93d7..821ac799 100644 --- a/docs/_posts/2021-05-04-git-secret-init.md +++ b/docs/_posts/2021-05-05-git-secret-init.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-init' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-init categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret-killperson.md b/docs/_posts/2021-05-05-git-secret-killperson.md similarity index 96% rename from docs/_posts/2021-05-04-git-secret-killperson.md rename to docs/_posts/2021-05-05-git-secret-killperson.md index 1c11ed3b..5451a0d4 100644 --- a/docs/_posts/2021-05-04-git-secret-killperson.md +++ b/docs/_posts/2021-05-05-git-secret-killperson.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-killperson' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-killperson categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret-list.md b/docs/_posts/2021-05-05-git-secret-list.md similarity index 96% rename from docs/_posts/2021-05-04-git-secret-list.md rename to docs/_posts/2021-05-05-git-secret-list.md index 882f1881..80417cc9 100644 --- a/docs/_posts/2021-05-04-git-secret-list.md +++ b/docs/_posts/2021-05-05-git-secret-list.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-list' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-list categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret-remove.md b/docs/_posts/2021-05-05-git-secret-remove.md similarity index 96% rename from docs/_posts/2021-05-04-git-secret-remove.md rename to docs/_posts/2021-05-05-git-secret-remove.md index 48e67133..fd22a79b 100644 --- a/docs/_posts/2021-05-04-git-secret-remove.md +++ b/docs/_posts/2021-05-05-git-secret-remove.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-remove' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-remove categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret-reveal.md b/docs/_posts/2021-05-05-git-secret-reveal.md similarity index 97% rename from docs/_posts/2021-05-04-git-secret-reveal.md rename to docs/_posts/2021-05-05-git-secret-reveal.md index bfb50d4c..af31a268 100644 --- a/docs/_posts/2021-05-04-git-secret-reveal.md +++ b/docs/_posts/2021-05-05-git-secret-reveal.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-reveal' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-reveal categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret-tell.md b/docs/_posts/2021-05-05-git-secret-tell.md similarity index 98% rename from docs/_posts/2021-05-04-git-secret-tell.md rename to docs/_posts/2021-05-05-git-secret-tell.md index 5ed3cd84..e606e5ab 100644 --- a/docs/_posts/2021-05-04-git-secret-tell.md +++ b/docs/_posts/2021-05-05-git-secret-tell.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-tell' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-tell categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret-usage.md b/docs/_posts/2021-05-05-git-secret-usage.md similarity index 95% rename from docs/_posts/2021-05-04-git-secret-usage.md rename to docs/_posts/2021-05-05-git-secret-usage.md index b68833f9..9ec4f962 100644 --- a/docs/_posts/2021-05-04-git-secret-usage.md +++ b/docs/_posts/2021-05-05-git-secret-usage.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-usage' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-usage categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret-whoknows.md b/docs/_posts/2021-05-05-git-secret-whoknows.md similarity index 96% rename from docs/_posts/2021-05-04-git-secret-whoknows.md rename to docs/_posts/2021-05-05-git-secret-whoknows.md index 2bdd74fa..cd305f14 100644 --- a/docs/_posts/2021-05-04-git-secret-whoknows.md +++ b/docs/_posts/2021-05-05-git-secret-whoknows.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret-whoknows' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret-whoknows categories: command --- diff --git a/docs/_posts/2021-05-04-git-secret.md b/docs/_posts/2021-05-05-git-secret.md similarity index 99% rename from docs/_posts/2021-05-04-git-secret.md rename to docs/_posts/2021-05-05-git-secret.md index b6aabfb5..321c54df 100644 --- a/docs/_posts/2021-05-04-git-secret.md +++ b/docs/_posts/2021-05-05-git-secret.md @@ -1,7 +1,7 @@ --- layout: post title: 'git-secret' -date: 2021-05-04 12:15:29 +0300 +date: 2021-05-05 15:37:26 +0300 permalink: git-secret categories: usage --- diff --git a/docs/create_posts.sh b/docs/create_posts.sh index d0ce5787..ac237bfe 100644 --- a/docs/create_posts.sh +++ b/docs/create_posts.sh @@ -58,5 +58,15 @@ categories: usage cat "$MAN7_LOCATION/git-secret.7.md" >> "$usage_filename" } + +function copy_install_scripts { + # We test these scripts using `release-ci`, + # so, installation instructions will always be up-to-date: + cp utils/deb/install.sh docs/_includes/install-deb.sh + cp utils/rpm/install.sh docs/_includes/install-rpm.sh +} + + checkout_manuals copy_to_posts +copy_install_scripts diff --git a/docs/installation.md b/docs/installation.md index a58b9bac..e3034bc6 100644 --- a/docs/installation.md +++ b/docs/installation.md @@ -38,10 +38,7 @@ You can find the `deb` repository [here](https://gitsecret.jfrog.io/artifactory/ Pre-requirements: make sure you have installed `apt-transport-https` and `ca-certificates` ```bash -sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list" -wget -qO - https://gitsecret.jfrog.io/artifactory/api/gpg/key/public | sudo apt-key add - -sudo apt-get update -sudo apt-get install git-secret +{% include install-deb.sh %} ``` --- @@ -51,12 +48,11 @@ sudo apt-get install git-secret You can find the `rpm` repository [here](https://gitsecret.jfrog.io/artifactory/git-secret-rpm/). ```bash -wget https://raw.githubusercontent.com/sobolevn/git-secret/master/utils/rpm/git-secret.repo -O git-secret-rpm.repo -# Inspect what's inside! You can also enable `gpg` check on repo level. -sudo mv git-secret-rpm.repo /etc/yum.repos.d/ -sudo yum install git-secret +{% include install-rpm.sh %} ``` +--- + ### Arch Linux The _Arch_ way to install git-secret is to use the directions for diff --git a/man/man1/git-secret-add.1 b/man/man1/git-secret-add.1 index d94a2dd0226ab3513b4e6721ac9a961f4229994b..103acb7506f18adff9623f9a058f716f06918048 100644 GIT binary patch delta 10 RcmbQp+r>L!(#DxTSOFK31fKu^ delta 18 ZcmeC;oya?361!evPC-VZ;l@cnSOGnz2Lu2B diff --git a/man/man1/git-secret-cat.1 b/man/man1/git-secret-cat.1 index a899a34f49cbb28da4ac8ebcb59d90457a597600..bff32cd5e98f681b16b03169ae12e28a848c283f 100644 GIT binary patch delta 10 RcmX@Wy_0*wq>VGxSpgXy1SkLi delta 18 ZcmdnVeSmwyBzC>ToPvx*!;O>FSph-<28{p! diff --git a/man/man1/git-secret-changes.1 b/man/man1/git-secret-changes.1 index b8075203baaf74e7a46d4aaec576b29a5ae6cb72..357c5dc04940f9d95d05bba385b78a29f777eb54 100644 GIT binary patch delta 10 RcmeC+ZRDLWZR6b6tN<4F1c(3t delta 18 ZcmZqV?ckj-ja@G>rywKIaO1SstN=Wk2JHX< diff --git a/man/man1/git-secret-clean.1 b/man/man1/git-secret-clean.1 index 75776ab01d59e288ce25e32c9a2e58618f1cd48f..4602cb7ede3ed9011ac890dd19e72eb275e5d7f1 100644 GIT binary patch delta 10 ScmX@dahzkql#R1DGXnq{5CqHs delta 18 acmX@kagJlc6n4GDoPvx*!;MomGXnrbvxdA}x2HgMv diff --git a/man/man1/git-secret-init.1 b/man/man1/git-secret-init.1 index 4895cc00f8a8b39f8c8cba6c90a4c7265645a7a9..313c112587206ff0f8f1543f07d08aab83e42741 100644 GIT binary patch delta 10 RcmeC@?%0FEC3fz1eE{) delta 18 ZcmeC+?&qE`nO!e2rywKIaO32!EC4+#2KoR1 diff --git a/man/man1/git-secret-killperson.1 b/man/man1/git-secret-killperson.1 index cd9860d2a379af926fd493611a97c7a6d32cdd3c..977fa5c99282b7492710e59d07dbd1d18f5b13a7 100644 GIT binary patch delta 10 Rcmeyw{+fNl%#90zm;oH_1iJtL delta 18 ZcmaFO{)v6UOm@A*oPvx*!;Le8m;p%Y2Ot0d diff --git a/man/man1/git-secret-list.1 b/man/man1/git-secret-list.1 index e90e935a1f2a40be2993fb859dc01d3cf2d68593..594ba48e8cf6f4ae708dca0999ac1e7dbd8b31f1 100644 GIT binary patch delta 10 Scmeys@seZ0eC diff --git a/man/man1/git-secret-remove.1 b/man/man1/git-secret-remove.1 index 2a5219bd3e285bd00780ab2b4dc1e085366caf6f..38b3fe885290dce94db926885632af0bf5e95f46 100644 GIT binary patch delta 10 Scmcb~afxHX)QxlYG6Mh`@&xVx delta 18 acmcb_ag$@hRCc|@oPvx*!;Mq-G6MicP6tx} diff --git a/man/man1/git-secret-reveal.1 b/man/man1/git-secret-reveal.1 index e7fd5de8fc3f4d27a1da250cbe163fa4f45182f7..3b283a26594c13464c250126ac00fd863c809208 100644 GIT binary patch delta 10 RcmaFNdxv+z)Qxl8*#I031epK; delta 18 Zcmcb^`QG8vpcAag)6n4GDoPvx*!;Mq+FaZEXw+BZ6 diff --git a/man/man1/git-secret-whoknows.1 b/man/man1/git-secret-whoknows.1 index 1e8ae4ecb78dcf9a9be0b49c025d8e9cdf1a80d1..405db3f653ee468f0479eb9a28a881d9d11a01c0 100644 GIT binary patch delta 10 Rcmcb`ewls3^o{dum;oCC1aSZW delta 18 Zcmcc2ev5s=bauVOoPvx*!;RBzm;ps@2G#%o diff --git a/man/man7/git-secret.7 b/man/man7/git-secret.7 index 7ba19cfd76e849210adb61624d83221dd472b6c9..a66e6c69f46930d66eb110cc804b862f186c3c6c 100644 GIT binary patch delta 10 RcmbQ}*X1{%cjJ^=H2@l=1ib(N delta 18 ZcmeD3o9H*8mt8M0rywKIaAR++8URG02O> "$TEST_GPG_OUTPUT_FILE" 2>&1 else local ps_is_busybox - ps_is_busybox=_exe_is_busybox "ps" - if [[ $ps_is_busybox -eq "1" ]]; then - echo "# git-secret: tests: not stopping gpg-agent on busybox" >&3 + ps_is_busybox=_exe_is_busybox 'ps' + if [[ $ps_is_busybox -eq '1' ]]; then + echo '# git-secret: tests: not stopping gpg-agent on busybox' >&3 else ps -wx -U "$username" | gawk \ '/gpg-agent --homedir/ { if ( $0 !~ "awk" ) { system("kill "$1) } }' >> "$TEST_GPG_OUTPUT_FILE" 2>&1 @@ -104,7 +104,7 @@ function get_gpgtest_prefix { # shellcheck disable=SC2086 echo "echo \"$(test_user_password $1)\" | " else - echo "" + echo '' fi } @@ -242,7 +242,7 @@ function set_state_secret_add { local filename="$1" local content="$2" echo "$content" > "$filename" # we add a newline - echo "$filename" >> ".gitignore" + echo "$filename" >> '.gitignore' git secret add "$filename" >> "$TEST_GPG_OUTPUT_FILE" 2>&1 } @@ -251,7 +251,7 @@ function set_state_secret_add_without_newline { local filename="$1" local content="$2" echo -n "$content" > "$filename" # we do not add a newline - echo "$filename" >> ".gitignore" + echo "$filename" >> '.gitignore' git secret add "$filename" >> "$TEST_GPG_OUTPUT_FILE" 2>&1 } @@ -275,7 +275,7 @@ function unset_current_state { secrets_dir=$(_get_secrets_dir) rm -rf "$secrets_dir" - rm -rf ".gitignore" + rm -rf '.gitignore' # unsets `git` state remove_git_repository @@ -308,7 +308,7 @@ function unset_current_state { rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_FOURTH_FILENAME}" 2>&1 | sed 's/^/# unset_current_state: rm /' # return to the base dir: - cd "$SECRET_PROJECT_ROOT" || exit 1 + cd "$SECRETS_PROJECT_ROOT" || exit 1 } # show output if we wind up manually removing the test output file in a trap diff --git a/tests/test_make_install.bats b/tests/test_make_install.bats index 01d5e236..628601f0 100644 --- a/tests/test_make_install.bats +++ b/tests/test_make_install.bats @@ -7,7 +7,7 @@ INSTALL_BASE="${TMPDIR}/git-secret-test-install" @test "install git-secret to DESTDIR='$INSTALL_BASE'" { rm -f "$INSTALL_BASE/usr/bin/git-secret" - cd "$SECRET_PROJECT_ROOT" + cd "$SECRETS_PROJECT_ROOT" # set DESTDIR for this command and 'run' make install DESTDIR="$INSTALL_BASE" run make install diff --git a/utils/apk/build.sh b/utils/apk/build.sh index ea528c00..8fce4bb4 100644 --- a/utils/apk/build.sh +++ b/utils/apk/build.sh @@ -3,7 +3,7 @@ set -e # shellcheck disable=SC1090,SC1091 -source "$SECRET_PROJECT_ROOT/utils/build-utils.sh" +source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh" preinstall_files '-c' @@ -11,4 +11,4 @@ preinstall_files '-c' cd "$SCRIPT_DEST_DIR" && build_package 'apk' # Cleaning up: -clean_up_files && cd "$SECRET_PROJECT_ROOT" +clean_up_files && cd "$SECRETS_PROJECT_ROOT" diff --git a/utils/apk/deploy.sh b/utils/apk/deploy.sh index 47591289..5753ef8a 100644 --- a/utils/apk/deploy.sh +++ b/utils/apk/deploy.sh @@ -8,11 +8,9 @@ if [ -z "$SECRETS_ARTIFACTORY_CREDENTIALS" ]; then fi # shellcheck disable=SC1090,SC1091 -source "$SECRET_PROJECT_ROOT/utils/build-utils.sh" -# shellcheck disable=SC1090,SC1091 -source "$SECRET_PROJECT_ROOT/src/version.sh" +source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh" -VERSION_NAME="git-secret-${GITSECRET_VERSION}.apk" +VERSION_NAME="git-secret-${SCRIPT_VERSION}.apk" # Artifactory location: BASE_API_URL='https://gitsecret.jfrog.io/artifactory' diff --git a/utils/build-utils.sh b/utils/build-utils.sh index 30b114ab..866a9a52 100755 --- a/utils/build-utils.sh +++ b/utils/build-utils.sh @@ -2,13 +2,16 @@ set -e +# shellcheck disable=SC1090,SC1091 +source "$SECRETS_PROJECT_ROOT/src/version.sh" + # Initializing and settings: READ_PERM=0644 EXEC_PERM=0755 SCRIPT_NAME='git-secret' SCRIPT_DESCRIPTION='A bash-tool to store your private data inside a git repository.' -SCRIPT_VERSION="$(bash "${PWD}"/git-secret --version)" +SCRIPT_VERSION="$GITSECRET_VERSION" # This may be overridden: if [[ -z "$SCRIPT_BUILD_DIR" ]]; then @@ -38,8 +41,8 @@ function preinstall_files { "$SCRIPT_DEST_DIR/usr/bin/$SCRIPT_NAME" # Install the manualls: - install -m "$EXEC_PERM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man1" - install -m "$EXEC_PERM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man7" + install -m "$EXEC_PERM" -d "$SCRIPT_DEST_DIR/usr/share/man/man1" + install -m "$EXEC_PERM" -d "$SCRIPT_DEST_DIR/usr/share/man/man7" for file in man/man1/* ; do if [[ "$file" == *.md ]]; then continue @@ -62,21 +65,21 @@ function build_package { # coreutils is for sha256sum # See https://github.com/jordansissel/fpm for docs: fpm \ - -s dir \ - -t "$build_type" \ - -a all \ - -n "$SCRIPT_NAME" \ + --input-type 'dir' \ + --output-type "$build_type" \ + --chdir "$SCRIPT_DEST_DIR" \ + --architecture 'all' \ + --name "$SCRIPT_NAME" \ --version "$SCRIPT_VERSION" \ --description "$SCRIPT_DESCRIPTION" \ - --url "https://git-secret.io" \ - --maintainer "Nikita Sobolev (mail@sobolevn.me)" \ - --license "MIT" \ - -C "$SCRIPT_DEST_DIR" \ - -d "bash" \ - -d "coreutils" \ - -d "gawk" \ - -d "git" \ - -d "gnupg" \ + --url 'https://git-secret.io' \ + --maintainer 'Nikita Sobolev (mail@sobolevn.me)' \ + --license 'MIT' \ + --depends 'bash' \ + --depends 'coreutils' \ + --depends 'gawk' \ + --depends 'git' \ + --depends 'gnupg' \ --deb-no-default-config-files \ . } diff --git a/utils/deb/build.sh b/utils/deb/build.sh index a05f7ff5..bced74a7 100755 --- a/utils/deb/build.sh +++ b/utils/deb/build.sh @@ -3,7 +3,7 @@ set -e # shellcheck disable=SC1090,SC1091 -source "$SECRET_PROJECT_ROOT/utils/build-utils.sh" +source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh" preinstall_files '-c' @@ -11,4 +11,4 @@ preinstall_files '-c' cd "$SCRIPT_DEST_DIR" && build_package 'deb' # Cleaning up: -clean_up_files && cd "$SECRET_PROJECT_ROOT" +clean_up_files && cd "$SECRETS_PROJECT_ROOT" diff --git a/utils/deb/deploy.sh b/utils/deb/deploy.sh index d8be1d4b..636bb301 100755 --- a/utils/deb/deploy.sh +++ b/utils/deb/deploy.sh @@ -8,7 +8,7 @@ if [ -z "$SECRETS_ARTIFACTORY_CREDENTIALS" ]; then fi # shellcheck disable=SC1090,SC1091 -source "$SECRET_PROJECT_ROOT/utils/build-utils.sh" +source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh" # Artifactory location: BASE_API_URL='https://gitsecret.jfrog.io/artifactory' diff --git a/utils/deb/install.sh b/utils/deb/install.sh new file mode 100644 index 00000000..37f2a566 --- /dev/null +++ b/utils/deb/install.sh @@ -0,0 +1,5 @@ +sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list" +wget -qO - 'https://gitsecret.jfrog.io/artifactory/api/gpg/key/public' | sudo apt-key add - +sudo apt-get update && sudo apt-get install -y git-secret +# Testing, that it worked: +git secret --version diff --git a/utils/rpm/build.sh b/utils/rpm/build.sh index 1e642481..190c0bc2 100755 --- a/utils/rpm/build.sh +++ b/utils/rpm/build.sh @@ -3,7 +3,7 @@ set -e # shellcheck disable=SC1090,SC1091 -source "$SECRET_PROJECT_ROOT/utils/build-utils.sh" +source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh" # Copying all the required files to the build directory: preinstall_files '-c' @@ -12,4 +12,4 @@ preinstall_files '-c' cd "$SCRIPT_DEST_DIR" && build_package 'rpm' # Cleaning up: -clean_up_files && cd "$SECRET_PROJECT_ROOT" +clean_up_files && cd "$SECRETS_PROJECT_ROOT" diff --git a/utils/rpm/deploy.sh b/utils/rpm/deploy.sh index c34a5bc9..c2045261 100644 --- a/utils/rpm/deploy.sh +++ b/utils/rpm/deploy.sh @@ -8,7 +8,7 @@ if [ -z "$SECRETS_ARTIFACTORY_CREDENTIALS" ]; then fi # shellcheck disable=SC1090,SC1091 -source "$SECRET_PROJECT_ROOT/utils/build-utils.sh" +source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh" # Artifactory location: BASE_API_URL='https://gitsecret.jfrog.io/artifactory' diff --git a/utils/rpm/git-secret.repo b/utils/rpm/git-secret.repo index 520fedf6..d29b0ce6 100644 --- a/utils/rpm/git-secret.repo +++ b/utils/rpm/git-secret.repo @@ -4,6 +4,6 @@ baseurl=https://gitsecret.jfrog.io/artifactory/git-secret-rpm enabled=1 gpgcheck=0 -# Uncomment the following lines to enable repository-level GPG key check: +## Uncomment the following lines to enable repository-level GPG key check: # gpgkey=https://gitsecret.jfrog.io/artifactory/git-secret-rpm/repodata/repomd.xml.key # repo_gpgcheck=1 diff --git a/utils/rpm/install.sh b/utils/rpm/install.sh new file mode 100644 index 00000000..9250c9a1 --- /dev/null +++ b/utils/rpm/install.sh @@ -0,0 +1,6 @@ +wget https://raw.githubusercontent.com/sobolevn/git-secret/master/utils/rpm/git-secret.repo -O git-secret-rpm.repo +# Inspect what's inside! You can also enable `gpg` check on repo level. +sudo mv git-secret-rpm.repo /etc/yum.repos.d/ +sudo yum install -y git-secret +# Testing, that it worked: +git secret --version diff --git a/utils/tests.sh b/utils/tests.sh index c0a3c947..1c58ade7 100755 --- a/utils/tests.sh +++ b/utils/tests.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -# `SECRET_PROJECT_ROOT` must be set before running the script. +# `SECRETS_PROJECT_ROOT` must be set before running the script. set -e @@ -25,7 +25,7 @@ chmod 0700 "${TEST_DIR}" # bats expects diagnostic lines to be sent to fd 3, matching regex '^# ' # (IE, like: `echo '# message here' >&3`). # bats ... 3>&1 shows diagnostic output - bats "${SECRET_PROJECT_ROOT}/tests" 3>&1 + bats "${SECRETS_PROJECT_ROOT}/tests" 3>&1 ) rm -rf "${TEST_DIR}"