Adds release-ci script to test installation (#664)

* Adds release-ci script to test installation

* Fixes CI

* Fixes CI

* Renames some variables to follow the same SECRETS_ convention
This commit is contained in:
Nikita Sobolev 2021-05-05 15:59:28 +03:00 committed by GitHub
parent fcf25ff546
commit 19941f91f4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
54 changed files with 239 additions and 115 deletions

View File

@ -0,0 +1,15 @@
FROM centos:8
LABEL maintainer="mail@sobolevn.me"
LABEL vendor="git-secret team"
RUN dnf -y update \
&& dnf install -y \
# Required for our install script:
wget \
sudo \
&& dnf clean all \
&& rm -rf /var/cache/yum \
&& adduser --password='' nonroot \
&& echo 'nonroot ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
USER nonroot

View File

@ -0,0 +1,23 @@
FROM debian:10.9-slim
LABEL maintainer="mail@sobolevn.me"
LABEL vendor="git-secret team"
ENV DEBIAN_FRONTEND='noninteractive'
RUN apt-get update \
&& apt-get install --no-install-recommends -y \
# Required to work with https-based repos and custom signed packages:
apt-transport-https \
ca-certificates \
# Required for our install script:
gnupg \
sudo \
wget \
# Cleaning cache:
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
&& apt-get clean -y && rm -rf /var/lib/apt/lists/* \
&& adduser --disabled-password nonroot \
&& adduser nonroot sudo \
&& echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
USER nonroot

View File

@ -0,0 +1,15 @@
FROM fedora:34
LABEL maintainer="mail@sobolevn.me"
LABEL vendor="git-secret team"
RUN dnf -y update \
&& dnf install -y \
# Required for our install script:
wget \
sudo \
&& dnf clean all \
&& rm -rf /var/cache/yum \
&& adduser --password='' nonroot \
&& echo 'nonroot ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
USER nonroot

View File

@ -0,0 +1,23 @@
FROM debian:10.9-slim
LABEL maintainer="mail@sobolevn.me"
LABEL vendor="git-secret team"
ENV DEBIAN_FRONTEND='noninteractive'
RUN apt-get update \
&& apt-get install --no-install-recommends -y \
# Required to work with https-based repos and custom signed packages:
apt-transport-https \
ca-certificates \
# Required for our install script:
gnupg \
sudo \
wget \
# Cleaning cache:
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
&& apt-get clean -y && rm -rf /var/lib/apt/lists/* \
&& adduser --disabled-password nonroot \
&& adduser nonroot sudo \
&& echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
USER nonroot

View File

@ -3,10 +3,12 @@
# TODO: Move to native image # TODO: Move to native image
# see: https://github.com/jordansissel/fpm/issues/1782 # see: https://github.com/jordansissel/fpm/issues/1782
# Or we can switch to
# https://github.com/goreleaser/nfpm
FROM alpine:3.13 FROM alpine:3.13
ENV CODE_DIR='/code' ENV CODE_DIR='/code'
ENV SECRET_PROJECT_ROOT="$CODE_DIR" ENV SECRETS_PROJECT_ROOT="$CODE_DIR"
RUN apk add --no-cache --update \ RUN apk add --no-cache --update \
# fpm deps: # fpm deps:

View File

@ -1,20 +0,0 @@
name: misspell
on:
workflow_dispatch:
schedule:
- cron: '0 0 * * *'
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: sobolevn/misspell-fixer-action@0.1.0
- uses: peter-evans/create-pull-request@v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
commit-message: 'Fixes by misspell-fixer'
title: 'Typos fix by misspell-fixer'

25
.github/workflows/release-ci.yml vendored Normal file
View File

@ -0,0 +1,25 @@
name: installation-
on:
workflow_dispatch:
schedule:
- cron: '0 0 * * *'
jobs:
build:
runs-on: ubuntu-latest
matrix:
include:
- release-type: deb
release-env: [debian, ubuntu]
- release-type: rpm
release-env: [centos, fedora]
steps:
- uses: actions/checkout@v2
- name: Run checks
run: |
SECRETS_RELEASE_ENV="${{ matrix.release-env }}" \
SECRETS_RELEASE_TYPE="${{ matrix.release-type }}" \
make release-ci

View File

@ -19,7 +19,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy: strategy:
matrix: matrix:
docker-based-test: docker-env:
- debian-gnupg1 # We need to test legacy version of gnupg - debian-gnupg1 # We need to test legacy version of gnupg
- debian-gnupg2 - debian-gnupg2
- ubuntu - ubuntu
@ -29,7 +29,7 @@ jobs:
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: Run checks - name: Run checks
run: GITSECRET_DOCKER_ENV="${{ matrix.docker-based-test }}" make docker-ci run: SECRETS_DOCKER_ENV="${{ matrix.docker-env }}" make docker-ci
osx-ci: osx-ci:
runs-on: macos-latest runs-on: macos-latest

View File

@ -37,26 +37,26 @@ uninstall:
# Using a sub-shell we get the raw *nix paths, e.g. /c/Something # Using a sub-shell we get the raw *nix paths, e.g. /c/Something
.PHONY: test .PHONY: test
test: clean build test: clean build
export SECRET_PROJECT_ROOT="$(shell echo $${PWD})"; \ export SECRETS_PROJECT_ROOT="$(shell echo $${PWD})"; \
export PATH="$(shell echo $${PWD})/vendor/bats-core/bin:$(shell echo $${PWD}):$(shell echo $${PATH})"; \ export PATH="$(shell echo $${PWD})/vendor/bats-core/bin:$(shell echo $${PWD}):$(shell echo $${PATH})"; \
${SHELL} ./utils/tests.sh ${SHELL} ./utils/tests.sh
# We use this script in CI and you can do this too! # We use this script in CI and you can do this too!
# What happens here? # What happens here?
# 1. We pass `GITSECRET_DOCKER_ENV` variable into this job # 1. We pass `SECRETS_DOCKER_ENV` variable into this job
# 2. Based on it, we select a proper `docker` image to run test on # 2. Based on it, we select a proper `docker` image to run test on
# 3. We execute `make test` inside the `docker` container # 3. We execute `make test` inside the `docker` container
.PHONY: docker-ci .PHONY: docker-ci
docker-ci: clean docker-ci: clean
@[ -z "${GITSECRET_DOCKER_ENV}" ] \ @[ -z "${SECRETS_DOCKER_ENV}" ] \
&& echo 'GITSECRET_DOCKER_ENV is unset' && exit 1 || true && echo 'SECRETS_DOCKER_ENV is unset' && exit 1 || true
docker build \ docker build \
-f ".ci/docker-ci/$${GITSECRET_DOCKER_ENV}/Dockerfile" \ -f ".ci/docker-ci/$${SECRETS_DOCKER_ENV}/Dockerfile" \
-t "gitsecret-$${GITSECRET_DOCKER_ENV}:latest" . -t "gitsecret-$${SECRETS_DOCKER_ENV}:latest" .
docker run --rm \ docker run --rm \
--volume="$${PWD}:/code" \ --volume="$${PWD}:/code" \
-w /code \ -w /code \
"gitsecret-$${GITSECRET_DOCKER_ENV}" \ "gitsecret-$${SECRETS_DOCKER_ENV}" \
make test make test
.PHONY: lint-shell .PHONY: lint-shell
@ -122,22 +122,37 @@ docs: build-docs
# Packaging: # Packaging:
# #
.PHONY: release-build .PHONY: build-release
release-build: clean build build-release: clean build
@[ -z "${GITSECRET_RELEASE_TYPE}" ] \ @[ -z "${SECRETS_RELEASE_TYPE}" ] \
&& echo 'GITSECRET_RELEASE_TYPE is unset' && exit 1 || true && echo 'SECRETS_RELEASE_TYPE is unset' && exit 1 || true
docker build \ docker build \
-f ".ci/releaser/alpine/Dockerfile" \ -f ".ci/releaser/alpine/Dockerfile" \
-t "gitsecret-releaser:latest" . -t "gitsecret-releaser:latest" .
docker run \ docker run \
--volume="$${PWD}:/code" \ --volume="$${PWD}:/code" \
--rm gitsecret-releaser \ --rm gitsecret-releaser \
bash "./utils/$${GITSECRET_RELEASE_TYPE}/build.sh" bash "./utils/$${SECRETS_RELEASE_TYPE}/build.sh"
.PHONY: release .PHONY: release
release: release-build release: build-release
docker run \ docker run \
--volume="$${PWD}:/code" \ --volume="$${PWD}:/code" \
-e SECRETS_ARTIFACTORY_CREDENTIALS \ -e SECRETS_ARTIFACTORY_CREDENTIALS \
--rm gitsecret-releaser \ --rm gitsecret-releaser \
bash "./utils/$${GITSECRET_RELEASE_TYPE}/deploy.sh" bash "./utils/$${SECRETS_RELEASE_TYPE}/deploy.sh"
.PHONY: release-ci
release-ci:
@[ -z "${SECRETS_RELEASE_ENV}" ] \
&& echo 'SECRETS_RELEASE_ENV is unset' && exit 1 || true
@[ -z "${SECRETS_RELEASE_TYPE}" ] \
&& echo 'SECRETS_RELEASE_TYPE is unset' && exit 1 || true
docker build \
-f ".ci/release-ci/$${SECRETS_RELEASE_ENV}/Dockerfile" \
-t "gitsecret-release-$${SECRETS_RELEASE_ENV}:latest" .
docker run --rm \
--volume="$${PWD}:/code" \
-w /code \
"gitsecret-release-$${SECRETS_RELEASE_ENV}" \
bash -c "set -e; bash "./utils/$${SECRETS_RELEASE_TYPE}/install.sh""

View File

@ -0,0 +1,4 @@
sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list"
wget -qO - 'https://gitsecret.jfrog.io/artifactory/api/gpg/key/public' | sudo apt-key add -
sudo apt-get update && sudo apt-get install -y git-secret
git secret --version

View File

@ -0,0 +1,4 @@
wget https://raw.githubusercontent.com/sobolevn/git-secret/master/utils/rpm/git-secret.repo -O git-secret-rpm.repo
# Inspect what's inside! You can also enable `gpg` check on repo level.
sudo mv git-secret-rpm.repo /etc/yum.repos.d/
sudo yum install -y git-secret

View File

@ -1,7 +1,7 @@
--- ---
layout: post layout: post
title: 'git-secret-add' title: 'git-secret-add'
date: 2021-05-04 12:15:29 +0300 date: 2021-05-05 15:37:26 +0300
permalink: git-secret-add permalink: git-secret-add
categories: command categories: command
--- ---

View File

@ -1,7 +1,7 @@
--- ---
layout: post layout: post
title: 'git-secret-cat' title: 'git-secret-cat'
date: 2021-05-04 12:15:29 +0300 date: 2021-05-05 15:37:26 +0300
permalink: git-secret-cat permalink: git-secret-cat
categories: command categories: command
--- ---

View File

@ -1,7 +1,7 @@
--- ---
layout: post layout: post
title: 'git-secret-changes' title: 'git-secret-changes'
date: 2021-05-04 12:15:29 +0300 date: 2021-05-05 15:37:26 +0300
permalink: git-secret-changes permalink: git-secret-changes
categories: command categories: command
--- ---

View File

@ -1,7 +1,7 @@
--- ---
layout: post layout: post
title: 'git-secret-clean' title: 'git-secret-clean'
date: 2021-05-04 12:15:29 +0300 date: 2021-05-05 15:37:26 +0300
permalink: git-secret-clean permalink: git-secret-clean
categories: command categories: command
--- ---

View File

@ -1,7 +1,7 @@
--- ---
layout: post layout: post
title: 'git-secret-hide' title: 'git-secret-hide'
date: 2021-05-04 12:15:29 +0300 date: 2021-05-05 15:37:26 +0300
permalink: git-secret-hide permalink: git-secret-hide
categories: command categories: command
--- ---

View File

@ -1,7 +1,7 @@
--- ---
layout: post layout: post
title: 'git-secret-init' title: 'git-secret-init'
date: 2021-05-04 12:15:29 +0300 date: 2021-05-05 15:37:26 +0300
permalink: git-secret-init permalink: git-secret-init
categories: command categories: command
--- ---

View File

@ -1,7 +1,7 @@
--- ---
layout: post layout: post
title: 'git-secret-killperson' title: 'git-secret-killperson'
date: 2021-05-04 12:15:29 +0300 date: 2021-05-05 15:37:26 +0300
permalink: git-secret-killperson permalink: git-secret-killperson
categories: command categories: command
--- ---

View File

@ -1,7 +1,7 @@
--- ---
layout: post layout: post
title: 'git-secret-list' title: 'git-secret-list'
date: 2021-05-04 12:15:29 +0300 date: 2021-05-05 15:37:26 +0300
permalink: git-secret-list permalink: git-secret-list
categories: command categories: command
--- ---

View File

@ -1,7 +1,7 @@
--- ---
layout: post layout: post
title: 'git-secret-remove' title: 'git-secret-remove'
date: 2021-05-04 12:15:29 +0300 date: 2021-05-05 15:37:26 +0300
permalink: git-secret-remove permalink: git-secret-remove
categories: command categories: command
--- ---

View File

@ -1,7 +1,7 @@
--- ---
layout: post layout: post
title: 'git-secret-reveal' title: 'git-secret-reveal'
date: 2021-05-04 12:15:29 +0300 date: 2021-05-05 15:37:26 +0300
permalink: git-secret-reveal permalink: git-secret-reveal
categories: command categories: command
--- ---

View File

@ -1,7 +1,7 @@
--- ---
layout: post layout: post
title: 'git-secret-tell' title: 'git-secret-tell'
date: 2021-05-04 12:15:29 +0300 date: 2021-05-05 15:37:26 +0300
permalink: git-secret-tell permalink: git-secret-tell
categories: command categories: command
--- ---

View File

@ -1,7 +1,7 @@
--- ---
layout: post layout: post
title: 'git-secret-usage' title: 'git-secret-usage'
date: 2021-05-04 12:15:29 +0300 date: 2021-05-05 15:37:26 +0300
permalink: git-secret-usage permalink: git-secret-usage
categories: command categories: command
--- ---

View File

@ -1,7 +1,7 @@
--- ---
layout: post layout: post
title: 'git-secret-whoknows' title: 'git-secret-whoknows'
date: 2021-05-04 12:15:29 +0300 date: 2021-05-05 15:37:26 +0300
permalink: git-secret-whoknows permalink: git-secret-whoknows
categories: command categories: command
--- ---

View File

@ -1,7 +1,7 @@
--- ---
layout: post layout: post
title: 'git-secret' title: 'git-secret'
date: 2021-05-04 12:15:29 +0300 date: 2021-05-05 15:37:26 +0300
permalink: git-secret permalink: git-secret
categories: usage categories: usage
--- ---

View File

@ -58,5 +58,15 @@ categories: usage
cat "$MAN7_LOCATION/git-secret.7.md" >> "$usage_filename" cat "$MAN7_LOCATION/git-secret.7.md" >> "$usage_filename"
} }
function copy_install_scripts {
# We test these scripts using `release-ci`,
# so, installation instructions will always be up-to-date:
cp utils/deb/install.sh docs/_includes/install-deb.sh
cp utils/rpm/install.sh docs/_includes/install-rpm.sh
}
checkout_manuals checkout_manuals
copy_to_posts copy_to_posts
copy_install_scripts

View File

@ -38,10 +38,7 @@ You can find the `deb` repository [here](https://gitsecret.jfrog.io/artifactory/
Pre-requirements: make sure you have installed `apt-transport-https` and `ca-certificates` Pre-requirements: make sure you have installed `apt-transport-https` and `ca-certificates`
```bash ```bash
sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list" {% include install-deb.sh %}
wget -qO - https://gitsecret.jfrog.io/artifactory/api/gpg/key/public | sudo apt-key add -
sudo apt-get update
sudo apt-get install git-secret
``` ```
--- ---
@ -51,12 +48,11 @@ sudo apt-get install git-secret
You can find the `rpm` repository [here](https://gitsecret.jfrog.io/artifactory/git-secret-rpm/). You can find the `rpm` repository [here](https://gitsecret.jfrog.io/artifactory/git-secret-rpm/).
```bash ```bash
wget https://raw.githubusercontent.com/sobolevn/git-secret/master/utils/rpm/git-secret.repo -O git-secret-rpm.repo {% include install-rpm.sh %}
# Inspect what's inside! You can also enable `gpg` check on repo level.
sudo mv git-secret-rpm.repo /etc/yum.repos.d/
sudo yum install git-secret
``` ```
---
### Arch Linux ### Arch Linux
The _Arch_ way to install git-secret is to use the directions for The _Arch_ way to install git-secret is to use the directions for

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -4,12 +4,12 @@
# https://github.com/bats-core/bats-core # https://github.com/bats-core/bats-core
# shellcheck disable=SC1090 # shellcheck disable=SC1090
source "$SECRET_PROJECT_ROOT/src/version.sh" source "$SECRETS_PROJECT_ROOT/src/version.sh"
# shellcheck disable=SC1090 # shellcheck disable=SC1090
source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools.sh" source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools.sh"
source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools_freebsd.sh" source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools_freebsd.sh"
source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools_linux.sh" source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools_linux.sh"
source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools_osx.sh" source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools_osx.sh"
# Constants: # Constants:
FIXTURES_DIR="$BATS_TEST_DIRNAME/fixtures" FIXTURES_DIR="$BATS_TEST_DIRNAME/fixtures"
@ -47,27 +47,27 @@ GPGTEST="$SECRETS_GPG_COMMAND --homedir=$TEST_GPG_HOMEDIR --no-permission-warnin
# See tests/fixtures/gpg/README.md for more # See tests/fixtures/gpg/README.md for more
# on key fixtures 'user[1-5]@gitsecret.io' # on key fixtures 'user[1-5]@gitsecret.io'
# these two are 'normal' keys. # these two are 'normal' keys.
export TEST_DEFAULT_USER="user1@gitsecret.io" export TEST_DEFAULT_USER='user1@gitsecret.io'
export TEST_SECOND_USER="user2@gitsecret.io" export TEST_SECOND_USER='user2@gitsecret.io'
# TEST_NONAME_USER (user3) created with '--quick-key-generate' # TEST_NONAME_USER (user3) created with '--quick-key-generate'
# and has only an email, no username. # and has only an email, no username.
export TEST_NONAME_USER="user3@gitsecret.io" export TEST_NONAME_USER='user3@gitsecret.io'
# TEST_EXPIRED_USER (user4) has expired # TEST_EXPIRED_USER (user4) has expired
export TEST_EXPIRED_USER="user4@gitsecret.io" # this key expires 2018-09-24 export TEST_EXPIRED_USER='user4@gitsecret.io' # this key expires 2018-09-24
# fixture filename is named this, # fixture filename is named this,
# but key has no email and a comment, as per #527 # but key has no email and a comment, as per #527
export TEST_NOEMAIL_COMMENT_USER="user5@gitsecret.io" export TEST_NOEMAIL_COMMENT_USER='user5@gitsecret.io'
export TEST_ATTACKER_USER="attacker1@gitsecret.io" export TEST_ATTACKER_USER='attacker1@gitsecret.io'
export TEST_DEFAULT_FILENAME="space file" # has spaces export TEST_DEFAULT_FILENAME='space file' # has spaces
export TEST_SECOND_FILENAME="space file two" # has spaces export TEST_SECOND_FILENAME='space file two' # has spaces
export TEST_THIRD_FILENAME="space file three" # has spaces export TEST_THIRD_FILENAME='space file three' # has spaces
export TEST_FOURTH_FILENAME="space file three [] * $" # has spaces and special chars export TEST_FOURTH_FILENAME='space file three [] * $' # has spaces and special chars
function test_user_password { function test_user_password {
@ -83,14 +83,14 @@ function test_user_password {
function stop_gpg_agent { function stop_gpg_agent {
local username local username
username=$(id -u -n) username=$(id -u -n)
if [[ "$GITSECRET_DIST" == "windows" ]]; then if [[ "$SECRETS_DOCKER_ENV" == 'windows' ]]; then
ps -l -u "$username" | gawk \ ps -l -u "$username" | gawk \
'/gpg-agent/ { if ( $0 !~ "awk" ) { system("kill "$1) } }' >> "$TEST_GPG_OUTPUT_FILE" 2>&1 '/gpg-agent/ { if ( $0 !~ "awk" ) { system("kill "$1) } }' >> "$TEST_GPG_OUTPUT_FILE" 2>&1
else else
local ps_is_busybox local ps_is_busybox
ps_is_busybox=_exe_is_busybox "ps" ps_is_busybox=_exe_is_busybox 'ps'
if [[ $ps_is_busybox -eq "1" ]]; then if [[ $ps_is_busybox -eq '1' ]]; then
echo "# git-secret: tests: not stopping gpg-agent on busybox" >&3 echo '# git-secret: tests: not stopping gpg-agent on busybox' >&3
else else
ps -wx -U "$username" | gawk \ ps -wx -U "$username" | gawk \
'/gpg-agent --homedir/ { if ( $0 !~ "awk" ) { system("kill "$1) } }' >> "$TEST_GPG_OUTPUT_FILE" 2>&1 '/gpg-agent --homedir/ { if ( $0 !~ "awk" ) { system("kill "$1) } }' >> "$TEST_GPG_OUTPUT_FILE" 2>&1
@ -104,7 +104,7 @@ function get_gpgtest_prefix {
# shellcheck disable=SC2086 # shellcheck disable=SC2086
echo "echo \"$(test_user_password $1)\" | " echo "echo \"$(test_user_password $1)\" | "
else else
echo "" echo ''
fi fi
} }
@ -242,7 +242,7 @@ function set_state_secret_add {
local filename="$1" local filename="$1"
local content="$2" local content="$2"
echo "$content" > "$filename" # we add a newline echo "$content" > "$filename" # we add a newline
echo "$filename" >> ".gitignore" echo "$filename" >> '.gitignore'
git secret add "$filename" >> "$TEST_GPG_OUTPUT_FILE" 2>&1 git secret add "$filename" >> "$TEST_GPG_OUTPUT_FILE" 2>&1
} }
@ -251,7 +251,7 @@ function set_state_secret_add_without_newline {
local filename="$1" local filename="$1"
local content="$2" local content="$2"
echo -n "$content" > "$filename" # we do not add a newline echo -n "$content" > "$filename" # we do not add a newline
echo "$filename" >> ".gitignore" echo "$filename" >> '.gitignore'
git secret add "$filename" >> "$TEST_GPG_OUTPUT_FILE" 2>&1 git secret add "$filename" >> "$TEST_GPG_OUTPUT_FILE" 2>&1
} }
@ -275,7 +275,7 @@ function unset_current_state {
secrets_dir=$(_get_secrets_dir) secrets_dir=$(_get_secrets_dir)
rm -rf "$secrets_dir" rm -rf "$secrets_dir"
rm -rf ".gitignore" rm -rf '.gitignore'
# unsets `git` state # unsets `git` state
remove_git_repository remove_git_repository
@ -308,7 +308,7 @@ function unset_current_state {
rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_FOURTH_FILENAME}" 2>&1 | sed 's/^/# unset_current_state: rm /' rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_FOURTH_FILENAME}" 2>&1 | sed 's/^/# unset_current_state: rm /'
# return to the base dir: # return to the base dir:
cd "$SECRET_PROJECT_ROOT" || exit 1 cd "$SECRETS_PROJECT_ROOT" || exit 1
} }
# show output if we wind up manually removing the test output file in a trap # show output if we wind up manually removing the test output file in a trap

View File

@ -7,7 +7,7 @@ INSTALL_BASE="${TMPDIR}/git-secret-test-install"
@test "install git-secret to DESTDIR='$INSTALL_BASE'" { @test "install git-secret to DESTDIR='$INSTALL_BASE'" {
rm -f "$INSTALL_BASE/usr/bin/git-secret" rm -f "$INSTALL_BASE/usr/bin/git-secret"
cd "$SECRET_PROJECT_ROOT" cd "$SECRETS_PROJECT_ROOT"
# set DESTDIR for this command and 'run' make install # set DESTDIR for this command and 'run' make install
DESTDIR="$INSTALL_BASE" run make install DESTDIR="$INSTALL_BASE" run make install

View File

@ -3,7 +3,7 @@
set -e set -e
# shellcheck disable=SC1090,SC1091 # shellcheck disable=SC1090,SC1091
source "$SECRET_PROJECT_ROOT/utils/build-utils.sh" source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
preinstall_files '-c' preinstall_files '-c'
@ -11,4 +11,4 @@ preinstall_files '-c'
cd "$SCRIPT_DEST_DIR" && build_package 'apk' cd "$SCRIPT_DEST_DIR" && build_package 'apk'
# Cleaning up: # Cleaning up:
clean_up_files && cd "$SECRET_PROJECT_ROOT" clean_up_files && cd "$SECRETS_PROJECT_ROOT"

View File

@ -8,11 +8,9 @@ if [ -z "$SECRETS_ARTIFACTORY_CREDENTIALS" ]; then
fi fi
# shellcheck disable=SC1090,SC1091 # shellcheck disable=SC1090,SC1091
source "$SECRET_PROJECT_ROOT/utils/build-utils.sh" source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
# shellcheck disable=SC1090,SC1091
source "$SECRET_PROJECT_ROOT/src/version.sh"
VERSION_NAME="git-secret-${GITSECRET_VERSION}.apk" VERSION_NAME="git-secret-${SCRIPT_VERSION}.apk"
# Artifactory location: # Artifactory location:
BASE_API_URL='https://gitsecret.jfrog.io/artifactory' BASE_API_URL='https://gitsecret.jfrog.io/artifactory'

View File

@ -2,13 +2,16 @@
set -e set -e
# shellcheck disable=SC1090,SC1091
source "$SECRETS_PROJECT_ROOT/src/version.sh"
# Initializing and settings: # Initializing and settings:
READ_PERM=0644 READ_PERM=0644
EXEC_PERM=0755 EXEC_PERM=0755
SCRIPT_NAME='git-secret' SCRIPT_NAME='git-secret'
SCRIPT_DESCRIPTION='A bash-tool to store your private data inside a git repository.' SCRIPT_DESCRIPTION='A bash-tool to store your private data inside a git repository.'
SCRIPT_VERSION="$(bash "${PWD}"/git-secret --version)" SCRIPT_VERSION="$GITSECRET_VERSION"
# This may be overridden: # This may be overridden:
if [[ -z "$SCRIPT_BUILD_DIR" ]]; then if [[ -z "$SCRIPT_BUILD_DIR" ]]; then
@ -38,8 +41,8 @@ function preinstall_files {
"$SCRIPT_DEST_DIR/usr/bin/$SCRIPT_NAME" "$SCRIPT_DEST_DIR/usr/bin/$SCRIPT_NAME"
# Install the manualls: # Install the manualls:
install -m "$EXEC_PERM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man1" install -m "$EXEC_PERM" -d "$SCRIPT_DEST_DIR/usr/share/man/man1"
install -m "$EXEC_PERM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man7" install -m "$EXEC_PERM" -d "$SCRIPT_DEST_DIR/usr/share/man/man7"
for file in man/man1/* ; do for file in man/man1/* ; do
if [[ "$file" == *.md ]]; then if [[ "$file" == *.md ]]; then
continue continue
@ -62,21 +65,21 @@ function build_package {
# coreutils is for sha256sum # coreutils is for sha256sum
# See https://github.com/jordansissel/fpm for docs: # See https://github.com/jordansissel/fpm for docs:
fpm \ fpm \
-s dir \ --input-type 'dir' \
-t "$build_type" \ --output-type "$build_type" \
-a all \ --chdir "$SCRIPT_DEST_DIR" \
-n "$SCRIPT_NAME" \ --architecture 'all' \
--name "$SCRIPT_NAME" \
--version "$SCRIPT_VERSION" \ --version "$SCRIPT_VERSION" \
--description "$SCRIPT_DESCRIPTION" \ --description "$SCRIPT_DESCRIPTION" \
--url "https://git-secret.io" \ --url 'https://git-secret.io' \
--maintainer "Nikita Sobolev (mail@sobolevn.me)" \ --maintainer 'Nikita Sobolev (mail@sobolevn.me)' \
--license "MIT" \ --license 'MIT' \
-C "$SCRIPT_DEST_DIR" \ --depends 'bash' \
-d "bash" \ --depends 'coreutils' \
-d "coreutils" \ --depends 'gawk' \
-d "gawk" \ --depends 'git' \
-d "git" \ --depends 'gnupg' \
-d "gnupg" \
--deb-no-default-config-files \ --deb-no-default-config-files \
. .
} }

View File

@ -3,7 +3,7 @@
set -e set -e
# shellcheck disable=SC1090,SC1091 # shellcheck disable=SC1090,SC1091
source "$SECRET_PROJECT_ROOT/utils/build-utils.sh" source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
preinstall_files '-c' preinstall_files '-c'
@ -11,4 +11,4 @@ preinstall_files '-c'
cd "$SCRIPT_DEST_DIR" && build_package 'deb' cd "$SCRIPT_DEST_DIR" && build_package 'deb'
# Cleaning up: # Cleaning up:
clean_up_files && cd "$SECRET_PROJECT_ROOT" clean_up_files && cd "$SECRETS_PROJECT_ROOT"

View File

@ -8,7 +8,7 @@ if [ -z "$SECRETS_ARTIFACTORY_CREDENTIALS" ]; then
fi fi
# shellcheck disable=SC1090,SC1091 # shellcheck disable=SC1090,SC1091
source "$SECRET_PROJECT_ROOT/utils/build-utils.sh" source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
# Artifactory location: # Artifactory location:
BASE_API_URL='https://gitsecret.jfrog.io/artifactory' BASE_API_URL='https://gitsecret.jfrog.io/artifactory'

5
utils/deb/install.sh Normal file
View File

@ -0,0 +1,5 @@
sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list"
wget -qO - 'https://gitsecret.jfrog.io/artifactory/api/gpg/key/public' | sudo apt-key add -
sudo apt-get update && sudo apt-get install -y git-secret
# Testing, that it worked:
git secret --version

View File

@ -3,7 +3,7 @@
set -e set -e
# shellcheck disable=SC1090,SC1091 # shellcheck disable=SC1090,SC1091
source "$SECRET_PROJECT_ROOT/utils/build-utils.sh" source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
# Copying all the required files to the build directory: # Copying all the required files to the build directory:
preinstall_files '-c' preinstall_files '-c'
@ -12,4 +12,4 @@ preinstall_files '-c'
cd "$SCRIPT_DEST_DIR" && build_package 'rpm' cd "$SCRIPT_DEST_DIR" && build_package 'rpm'
# Cleaning up: # Cleaning up:
clean_up_files && cd "$SECRET_PROJECT_ROOT" clean_up_files && cd "$SECRETS_PROJECT_ROOT"

View File

@ -8,7 +8,7 @@ if [ -z "$SECRETS_ARTIFACTORY_CREDENTIALS" ]; then
fi fi
# shellcheck disable=SC1090,SC1091 # shellcheck disable=SC1090,SC1091
source "$SECRET_PROJECT_ROOT/utils/build-utils.sh" source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
# Artifactory location: # Artifactory location:
BASE_API_URL='https://gitsecret.jfrog.io/artifactory' BASE_API_URL='https://gitsecret.jfrog.io/artifactory'

View File

@ -4,6 +4,6 @@ baseurl=https://gitsecret.jfrog.io/artifactory/git-secret-rpm
enabled=1 enabled=1
gpgcheck=0 gpgcheck=0
# Uncomment the following lines to enable repository-level GPG key check: ## Uncomment the following lines to enable repository-level GPG key check:
# gpgkey=https://gitsecret.jfrog.io/artifactory/git-secret-rpm/repodata/repomd.xml.key # gpgkey=https://gitsecret.jfrog.io/artifactory/git-secret-rpm/repodata/repomd.xml.key
# repo_gpgcheck=1 # repo_gpgcheck=1

6
utils/rpm/install.sh Normal file
View File

@ -0,0 +1,6 @@
wget https://raw.githubusercontent.com/sobolevn/git-secret/master/utils/rpm/git-secret.repo -O git-secret-rpm.repo
# Inspect what's inside! You can also enable `gpg` check on repo level.
sudo mv git-secret-rpm.repo /etc/yum.repos.d/
sudo yum install -y git-secret
# Testing, that it worked:
git secret --version

View File

@ -1,6 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# `SECRET_PROJECT_ROOT` must be set before running the script. # `SECRETS_PROJECT_ROOT` must be set before running the script.
set -e set -e
@ -25,7 +25,7 @@ chmod 0700 "${TEST_DIR}"
# bats expects diagnostic lines to be sent to fd 3, matching regex '^# ' # bats expects diagnostic lines to be sent to fd 3, matching regex '^# '
# (IE, like: `echo '# message here' >&3`). # (IE, like: `echo '# message here' >&3`).
# bats ... 3>&1 shows diagnostic output # bats ... 3>&1 shows diagnostic output
bats "${SECRET_PROJECT_ROOT}/tests" 3>&1 bats "${SECRETS_PROJECT_ROOT}/tests" 3>&1
) )
rm -rf "${TEST_DIR}" rm -rf "${TEST_DIR}"