Adds release-ci script to test installation (#664)

* Adds release-ci script to test installation

* Fixes CI

* Fixes CI

* Renames some variables to follow the same SECRETS_ convention

.ci/release-ci/centos/Dockerfile

@@ -0,0 +1,15 @@
+FROM centos:8
+
+LABEL maintainer="mail@sobolevn.me"
+LABEL vendor="git-secret team"
+
+RUN dnf -y update \
+  && dnf install -y \
+    # Required for our install script:
+    wget \
+    sudo \
+  && dnf clean all \
+  && rm -rf /var/cache/yum \
+  && adduser --password='' nonroot \
+  && echo 'nonroot ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+USER nonroot

.ci/release-ci/debian/Dockerfile

@@ -0,0 +1,23 @@
+FROM debian:10.9-slim
+
+LABEL maintainer="mail@sobolevn.me"
+LABEL vendor="git-secret team"
+
+ENV DEBIAN_FRONTEND='noninteractive'
+
+RUN apt-get update \
+  && apt-get install --no-install-recommends -y \
+    # Required to work with https-based repos and custom signed packages:
+    apt-transport-https \
+    ca-certificates \
+    # Required for our install script:
+    gnupg \
+    sudo \
+    wget \
+  # Cleaning cache:
+  && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
+  && apt-get clean -y && rm -rf /var/lib/apt/lists/* \
+  && adduser --disabled-password nonroot \
+  && adduser nonroot sudo \
+  && echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+USER nonroot

.ci/release-ci/fedora/Dockerfile

@@ -0,0 +1,15 @@
+FROM fedora:34
+
+LABEL maintainer="mail@sobolevn.me"
+LABEL vendor="git-secret team"
+
+RUN dnf -y update \
+  && dnf install -y \
+    # Required for our install script:
+    wget \
+    sudo \
+  && dnf clean all \
+  && rm -rf /var/cache/yum \
+  && adduser --password='' nonroot \
+  && echo 'nonroot ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+USER nonroot

.ci/release-ci/ubuntu/Dockerfile

@@ -0,0 +1,23 @@
+FROM debian:10.9-slim
+
+LABEL maintainer="mail@sobolevn.me"
+LABEL vendor="git-secret team"
+
+ENV DEBIAN_FRONTEND='noninteractive'
+
+RUN apt-get update \
+  && apt-get install --no-install-recommends -y \
+    # Required to work with https-based repos and custom signed packages:
+    apt-transport-https \
+    ca-certificates \
+    # Required for our install script:
+    gnupg \
+    sudo \
+    wget \
+  # Cleaning cache:
+  && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
+  && apt-get clean -y && rm -rf /var/lib/apt/lists/* \
+  && adduser --disabled-password nonroot \
+  && adduser nonroot sudo \
+  && echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+USER nonroot

.ci/releaser/alpine/Dockerfile

@@ -3,10 +3,12 @@
 
 # TODO: Move to native image
 # see: https://github.com/jordansissel/fpm/issues/1782
+# Or we can switch to
+# https://github.com/goreleaser/nfpm
 FROM alpine:3.13
 
 ENV CODE_DIR='/code'
-ENV SECRET_PROJECT_ROOT="$CODE_DIR"
+ENV SECRETS_PROJECT_ROOT="$CODE_DIR"
 
 RUN apk add --no-cache --update \
   # fpm deps:

.github/workflows/misspell.yml

@@ -1,20 +0,0 @@
-name: misspell
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: '0 0 * * *'
-
-jobs:
-  build:
-
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v2
-    - uses: sobolevn/misspell-fixer-action@0.1.0
-    - uses: peter-evans/create-pull-request@v3
-      with:
-        token: ${{ secrets.GITHUB_TOKEN }}
-        commit-message: 'Fixes by misspell-fixer'
-        title: 'Typos fix by misspell-fixer'

.github/workflows/release-ci.yml

@@ -0,0 +1,25 @@
+name: installation-
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    matrix:
+      include:
+        - release-type: deb
+          release-env: [debian, ubuntu]
+        - release-type: rpm
+          release-env: [centos, fedora]
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Run checks
+      run: |
+        SECRETS_RELEASE_ENV="${{ matrix.release-env }}" \
+        SECRETS_RELEASE_TYPE="${{ matrix.release-type }}" \
+        make release-ci

.github/workflows/test.yml

@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        docker-based-test:
+        docker-env:
           - debian-gnupg1  # We need to test legacy version of gnupg
           - debian-gnupg2
           - ubuntu
@@ -29,7 +29,7 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - name: Run checks
-      run: GITSECRET_DOCKER_ENV="${{ matrix.docker-based-test }}" make docker-ci
+      run: SECRETS_DOCKER_ENV="${{ matrix.docker-env }}" make docker-ci
 
   osx-ci:
     runs-on: macos-latest

Makefile

@@ -37,26 +37,26 @@ uninstall:
 # Using a sub-shell we get the raw *nix paths, e.g. /c/Something
 .PHONY: test
 test: clean build
-	export SECRET_PROJECT_ROOT="$(shell echo $${PWD})"; \
+	export SECRETS_PROJECT_ROOT="$(shell echo $${PWD})"; \
 	export PATH="$(shell echo $${PWD})/vendor/bats-core/bin:$(shell echo $${PWD}):$(shell echo $${PATH})"; \
 	${SHELL} ./utils/tests.sh
 
 # We use this script in CI and you can do this too!
 # What happens here?
-# 1. We pass `GITSECRET_DOCKER_ENV` variable into this job
+# 1. We pass `SECRETS_DOCKER_ENV` variable into this job
 # 2. Based on it, we select a proper `docker` image to run test on
 # 3. We execute `make test` inside the `docker` container
 .PHONY: docker-ci
 docker-ci: clean
-	@[ -z "${GITSECRET_DOCKER_ENV}" ] \
+	@[ -z "${SECRETS_DOCKER_ENV}" ] \
-		&& echo 'GITSECRET_DOCKER_ENV is unset' && exit 1 || true
+		&& echo 'SECRETS_DOCKER_ENV is unset' && exit 1 || true
 	docker build \
-		-f ".ci/docker-ci/$${GITSECRET_DOCKER_ENV}/Dockerfile" \
+		-f ".ci/docker-ci/$${SECRETS_DOCKER_ENV}/Dockerfile" \
-		-t "gitsecret-$${GITSECRET_DOCKER_ENV}:latest" .
+		-t "gitsecret-$${SECRETS_DOCKER_ENV}:latest" .
 	docker run --rm \
 		--volume="$${PWD}:/code" \
 		-w /code \
-		"gitsecret-$${GITSECRET_DOCKER_ENV}" \
+		"gitsecret-$${SECRETS_DOCKER_ENV}" \
 		make test
 
 .PHONY: lint-shell
@@ -122,22 +122,37 @@ docs: build-docs
 # Packaging:
 #
 
-.PHONY: release-build
+.PHONY: build-release
-release-build: clean build
+build-release: clean build
-	@[ -z "${GITSECRET_RELEASE_TYPE}" ] \
+	@[ -z "${SECRETS_RELEASE_TYPE}" ] \
-		&& echo 'GITSECRET_RELEASE_TYPE is unset' && exit 1 || true
+		&& echo 'SECRETS_RELEASE_TYPE is unset' && exit 1 || true
 	docker build \
 		-f ".ci/releaser/alpine/Dockerfile" \
 		-t "gitsecret-releaser:latest" .
 	docker run \
 		--volume="$${PWD}:/code" \
 		--rm gitsecret-releaser \
-		bash "./utils/$${GITSECRET_RELEASE_TYPE}/build.sh"
+		bash "./utils/$${SECRETS_RELEASE_TYPE}/build.sh"
 
 .PHONY: release
-release: release-build
+release: build-release
 	docker run \
 		--volume="$${PWD}:/code" \
 		-e SECRETS_ARTIFACTORY_CREDENTIALS \
 		--rm gitsecret-releaser \
-		bash "./utils/$${GITSECRET_RELEASE_TYPE}/deploy.sh"
+		bash "./utils/$${SECRETS_RELEASE_TYPE}/deploy.sh"
+
+.PHONY: release-ci
+release-ci:
+	@[ -z "${SECRETS_RELEASE_ENV}" ] \
+		&& echo 'SECRETS_RELEASE_ENV is unset' && exit 1 || true
+	@[ -z "${SECRETS_RELEASE_TYPE}" ] \
+		&& echo 'SECRETS_RELEASE_TYPE is unset' && exit 1 || true
+	docker build \
+		-f ".ci/release-ci/$${SECRETS_RELEASE_ENV}/Dockerfile" \
+		-t "gitsecret-release-$${SECRETS_RELEASE_ENV}:latest" .
+	docker run --rm \
+		--volume="$${PWD}:/code" \
+		-w /code \
+		"gitsecret-release-$${SECRETS_RELEASE_ENV}" \
+		bash -c "set -e; bash "./utils/$${SECRETS_RELEASE_TYPE}/install.sh""

docs/_includes/install-deb.sh

@@ -0,0 +1,4 @@
+sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list"
+wget -qO - 'https://gitsecret.jfrog.io/artifactory/api/gpg/key/public' | sudo apt-key add -
+sudo apt-get update && sudo apt-get install -y git-secret
+git secret --version

docs/_includes/install-rpm.sh

@@ -0,0 +1,4 @@
+wget https://raw.githubusercontent.com/sobolevn/git-secret/master/utils/rpm/git-secret.repo -O git-secret-rpm.repo
+# Inspect what's inside! You can also enable `gpg` check on repo level.
+sudo mv git-secret-rpm.repo /etc/yum.repos.d/
+sudo yum install -y git-secret

docs/_posts/2021-05-05-git-secret-add.md

@@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-add'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-add
 categories: command
 ---

docs/_posts/2021-05-05-git-secret-cat.md

@@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-cat'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-cat
 categories: command
 ---

docs/_posts/2021-05-05-git-secret-changes.md

@@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-changes'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-changes
 categories: command
 ---

docs/_posts/2021-05-05-git-secret-clean.md

@@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-clean'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-clean
 categories: command
 ---

docs/_posts/2021-05-05-git-secret-hide.md

@@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-hide'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-hide
 categories: command
 ---

docs/_posts/2021-05-05-git-secret-init.md

@@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-init'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-init
 categories: command
 ---

docs/_posts/2021-05-05-git-secret-killperson.md

@@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-killperson'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-killperson
 categories: command
 ---

docs/_posts/2021-05-05-git-secret-list.md

@@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-list'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-list
 categories: command
 ---

docs/_posts/2021-05-05-git-secret-remove.md

@@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-remove'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-remove
 categories: command
 ---

docs/_posts/2021-05-05-git-secret-reveal.md

@@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-reveal'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-reveal
 categories: command
 ---

docs/_posts/2021-05-05-git-secret-tell.md

@@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-tell'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-tell
 categories: command
 ---

docs/_posts/2021-05-05-git-secret-usage.md

@@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-usage'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-usage
 categories: command
 ---

docs/_posts/2021-05-05-git-secret-whoknows.md

@@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret-whoknows'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret-whoknows
 categories: command
 ---

docs/_posts/2021-05-05-git-secret.md

@@ -1,7 +1,7 @@
 ---
 layout: post
 title:  'git-secret'
-date:   2021-05-04 12:15:29 +0300
+date:   2021-05-05 15:37:26 +0300
 permalink: git-secret
 categories: usage
 ---

docs/create_posts.sh

@@ -58,5 +58,15 @@ categories: usage
   cat "$MAN7_LOCATION/git-secret.7.md" >> "$usage_filename"
 }
 
+
+function copy_install_scripts {
+  # We test these scripts using `release-ci`,
+  # so, installation instructions will always be up-to-date:
+  cp utils/deb/install.sh docs/_includes/install-deb.sh
+  cp utils/rpm/install.sh docs/_includes/install-rpm.sh
+}
+
+
 checkout_manuals
 copy_to_posts
+copy_install_scripts

docs/installation.md

@@ -38,10 +38,7 @@ You can find the `deb` repository [here](https://gitsecret.jfrog.io/artifactory/
 Pre-requirements: make sure you have installed `apt-transport-https` and `ca-certificates`
 
 ```bash
-sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list"
+{% include install-deb.sh %}
-wget -qO - https://gitsecret.jfrog.io/artifactory/api/gpg/key/public | sudo apt-key add -
-sudo apt-get update
-sudo apt-get install git-secret
 ```
 
 ---
@@ -51,12 +48,11 @@ sudo apt-get install git-secret
 You can find the `rpm` repository [here](https://gitsecret.jfrog.io/artifactory/git-secret-rpm/).
 
 ```bash
-wget https://raw.githubusercontent.com/sobolevn/git-secret/master/utils/rpm/git-secret.repo -O git-secret-rpm.repo
+{% include install-rpm.sh %}
-# Inspect what's inside! You can also enable `gpg` check on repo level.
-sudo mv git-secret-rpm.repo /etc/yum.repos.d/
-sudo yum install git-secret
 ```
 
+---
+
 ### Arch Linux
 
 The _Arch_ way to install git-secret is to use the directions for

man/man1/git-secret-add.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-ADD" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-ADD" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-add\fR \- starts to track added files\.

man/man1/git-secret-cat.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-CAT" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-CAT" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-cat\fR \- decrypts files passed on command line to stdout

man/man1/git-secret-changes.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-CHANGES" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-CHANGES" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-changes\fR \- view diff of the hidden files\.

man/man1/git-secret-clean.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-CLEAN" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-CLEAN" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-clean\fR \- removes all the hidden files\.

man/man1/git-secret-hide.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-HIDE" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-HIDE" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-hide\fR \- encrypts all added files with the inner keyring\.

man/man1/git-secret-init.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-INIT" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-INIT" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-init\fR \- initializes git\-secret repository\.

man/man1/git-secret-killperson.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-KILLPERSON" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-KILLPERSON" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-killperson\fR \- deletes key identified by an email from the inner keyring\.

man/man1/git-secret-list.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-LIST" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-LIST" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-list\fR \- prints all the added files\.

man/man1/git-secret-remove.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-REMOVE" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-REMOVE" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-remove\fR \- removes files from index\.

man/man1/git-secret-reveal.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-REVEAL" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-REVEAL" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-reveal\fR \- decrypts all added files\.

man/man1/git-secret-tell.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-TELL" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-TELL" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-tell\fR \- adds a person, who can access private data\.

man/man1/git-secret-usage.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-USAGE" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-USAGE" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-usage\fR \- prints all the available commands\.

man/man1/git-secret-whoknows.1

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-WHOKNOWS" "1" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET\-WHOKNOWS" "1" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\-whoknows\fR \- prints email\-labels for each key in the keyring\.

man/man7/git-secret.7

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET" "7" "May 2021" "sobolevn" "git-secret 0.4.0.alpha1"
+.TH "GIT\-SECRET" "7" "May 2021" "sobolevn" "git-secret 0.4.0"
 .
 .SH "NAME"
 \fBgit\-secret\fR \- bash tool to store private data inside a git repo\.

tests/_test_base.bash

@@ -4,12 +4,12 @@
 # https://github.com/bats-core/bats-core
 
 # shellcheck disable=SC1090
-source "$SECRET_PROJECT_ROOT/src/version.sh"
+source "$SECRETS_PROJECT_ROOT/src/version.sh"
 # shellcheck disable=SC1090
-source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools.sh"
+source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools.sh"
-source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools_freebsd.sh"
+source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools_freebsd.sh"
-source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools_linux.sh"
+source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools_linux.sh"
-source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools_osx.sh"
+source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools_osx.sh"
 
 # Constants:
 FIXTURES_DIR="$BATS_TEST_DIRNAME/fixtures"
@@ -47,27 +47,27 @@ GPGTEST="$SECRETS_GPG_COMMAND --homedir=$TEST_GPG_HOMEDIR --no-permission-warnin
 # See tests/fixtures/gpg/README.md for more
 # on key fixtures 'user[1-5]@gitsecret.io'
 # these two are 'normal' keys.
-export TEST_DEFAULT_USER="user1@gitsecret.io"
+export TEST_DEFAULT_USER='user1@gitsecret.io'
-export TEST_SECOND_USER="user2@gitsecret.io"
+export TEST_SECOND_USER='user2@gitsecret.io'
 
 # TEST_NONAME_USER (user3) created with '--quick-key-generate'
 # and has only an email, no username.
-export TEST_NONAME_USER="user3@gitsecret.io"
+export TEST_NONAME_USER='user3@gitsecret.io'
 
 # TEST_EXPIRED_USER (user4) has expired
-export TEST_EXPIRED_USER="user4@gitsecret.io"    # this key expires 2018-09-24
+export TEST_EXPIRED_USER='user4@gitsecret.io'    # this key expires 2018-09-24
 
 # fixture filename is named this,
 # but key has no email and a comment, as per #527
-export TEST_NOEMAIL_COMMENT_USER="user5@gitsecret.io"
+export TEST_NOEMAIL_COMMENT_USER='user5@gitsecret.io'
 
-export TEST_ATTACKER_USER="attacker1@gitsecret.io"
+export TEST_ATTACKER_USER='attacker1@gitsecret.io'
 
 
-export TEST_DEFAULT_FILENAME="space file" # has spaces
+export TEST_DEFAULT_FILENAME='space file' # has spaces
-export TEST_SECOND_FILENAME="space file two" # has spaces
+export TEST_SECOND_FILENAME='space file two' # has spaces
-export TEST_THIRD_FILENAME="space file three"  # has spaces
+export TEST_THIRD_FILENAME='space file three'  # has spaces
-export TEST_FOURTH_FILENAME="space file three [] * $"  # has spaces and special chars
+export TEST_FOURTH_FILENAME='space file three [] * $'  # has spaces and special chars
 
 
 function test_user_password {
@@ -83,14 +83,14 @@ function test_user_password {
 function stop_gpg_agent {
   local username
   username=$(id -u -n)
-  if [[ "$GITSECRET_DIST" == "windows" ]]; then
+  if [[ "$SECRETS_DOCKER_ENV" == 'windows' ]]; then
     ps -l -u "$username" | gawk \
       '/gpg-agent/ { if ( $0 !~ "awk" ) { system("kill "$1) } }' >> "$TEST_GPG_OUTPUT_FILE" 2>&1
   else
     local ps_is_busybox
-    ps_is_busybox=_exe_is_busybox "ps"
+    ps_is_busybox=_exe_is_busybox 'ps'
-    if [[ $ps_is_busybox -eq "1" ]]; then
+    if [[ $ps_is_busybox -eq '1' ]]; then
-      echo "# git-secret: tests: not stopping gpg-agent on busybox" >&3
+      echo '# git-secret: tests: not stopping gpg-agent on busybox' >&3
     else
       ps -wx -U "$username" | gawk \
         '/gpg-agent --homedir/ { if ( $0 !~ "awk" ) { system("kill "$1) } }' >> "$TEST_GPG_OUTPUT_FILE" 2>&1
@@ -104,7 +104,7 @@ function get_gpgtest_prefix {
     # shellcheck disable=SC2086
     echo "echo \"$(test_user_password $1)\" | "
   else
-    echo ""
+    echo ''
   fi
 }
 
@@ -242,7 +242,7 @@ function set_state_secret_add {
   local filename="$1"
   local content="$2"
   echo "$content" > "$filename"      # we add a newline
-  echo "$filename" >> ".gitignore"
+  echo "$filename" >> '.gitignore'
 
   git secret add "$filename" >> "$TEST_GPG_OUTPUT_FILE" 2>&1
 }
@@ -251,7 +251,7 @@ function set_state_secret_add_without_newline {
   local filename="$1"
   local content="$2"
   echo -n "$content" > "$filename"      # we do not add a newline
-  echo "$filename" >> ".gitignore"
+  echo "$filename" >> '.gitignore'
 
   git secret add "$filename" >> "$TEST_GPG_OUTPUT_FILE" 2>&1
 }
@@ -275,7 +275,7 @@ function unset_current_state {
   secrets_dir=$(_get_secrets_dir)
 
   rm -rf "$secrets_dir"
-  rm -rf ".gitignore"
+  rm -rf '.gitignore'
 
   # unsets `git` state
   remove_git_repository
@@ -308,7 +308,7 @@ function unset_current_state {
   rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_FOURTH_FILENAME}"  2>&1 | sed 's/^/# unset_current_state: rm /'
 
   # return to the base dir:
-  cd "$SECRET_PROJECT_ROOT" || exit 1
+  cd "$SECRETS_PROJECT_ROOT" || exit 1
 }
 
 # show output if we wind up manually removing the test output file in a trap

tests/test_make_install.bats

@@ -7,7 +7,7 @@ INSTALL_BASE="${TMPDIR}/git-secret-test-install"
 
 @test "install git-secret to DESTDIR='$INSTALL_BASE'" {
   rm -f "$INSTALL_BASE/usr/bin/git-secret"
-  cd "$SECRET_PROJECT_ROOT"
+  cd "$SECRETS_PROJECT_ROOT"
 
   # set DESTDIR for this command and 'run' make install
   DESTDIR="$INSTALL_BASE" run make install

utils/apk/build.sh

@@ -3,7 +3,7 @@
 set -e
 
 # shellcheck disable=SC1090,SC1091
-source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
+source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
 
 preinstall_files '-c'
 
@@ -11,4 +11,4 @@ preinstall_files '-c'
 cd "$SCRIPT_DEST_DIR" && build_package 'apk'
 
 # Cleaning up:
-clean_up_files && cd "$SECRET_PROJECT_ROOT"
+clean_up_files && cd "$SECRETS_PROJECT_ROOT"

utils/apk/deploy.sh

@@ -8,11 +8,9 @@ if [ -z "$SECRETS_ARTIFACTORY_CREDENTIALS" ]; then
 fi
 
 # shellcheck disable=SC1090,SC1091
-source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
+source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
-# shellcheck disable=SC1090,SC1091
-source "$SECRET_PROJECT_ROOT/src/version.sh"
 
-VERSION_NAME="git-secret-${GITSECRET_VERSION}.apk"
+VERSION_NAME="git-secret-${SCRIPT_VERSION}.apk"
 
 # Artifactory location:
 BASE_API_URL='https://gitsecret.jfrog.io/artifactory'

utils/build-utils.sh

@@ -2,13 +2,16 @@
 
 set -e
 
+# shellcheck disable=SC1090,SC1091
+source "$SECRETS_PROJECT_ROOT/src/version.sh"
+
 # Initializing and settings:
 READ_PERM=0644
 EXEC_PERM=0755
 
 SCRIPT_NAME='git-secret'
 SCRIPT_DESCRIPTION='A bash-tool to store your private data inside a git repository.'
-SCRIPT_VERSION="$(bash "${PWD}"/git-secret --version)"
+SCRIPT_VERSION="$GITSECRET_VERSION"
 
 # This may be overridden:
 if [[ -z "$SCRIPT_BUILD_DIR" ]]; then
@@ -38,8 +41,8 @@ function preinstall_files {
     "$SCRIPT_DEST_DIR/usr/bin/$SCRIPT_NAME"
 
   # Install the manualls:
-  install -m "$EXEC_PERM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man1"
+  install -m "$EXEC_PERM" -d "$SCRIPT_DEST_DIR/usr/share/man/man1"
-  install -m "$EXEC_PERM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man7"
+  install -m "$EXEC_PERM" -d "$SCRIPT_DEST_DIR/usr/share/man/man7"
   for file in man/man1/* ; do
     if [[ "$file" == *.md ]]; then
       continue
@@ -62,21 +65,21 @@ function build_package {
   # coreutils is for sha256sum
   # See https://github.com/jordansissel/fpm for docs:
   fpm \
-    -s dir \
+    --input-type 'dir' \
-    -t "$build_type" \
+    --output-type "$build_type" \
-    -a all \
+    --chdir "$SCRIPT_DEST_DIR" \
-    -n "$SCRIPT_NAME" \
+    --architecture 'all' \
+    --name "$SCRIPT_NAME" \
     --version "$SCRIPT_VERSION" \
     --description "$SCRIPT_DESCRIPTION" \
-    --url "https://git-secret.io" \
+    --url 'https://git-secret.io' \
-    --maintainer "Nikita Sobolev (mail@sobolevn.me)" \
+    --maintainer 'Nikita Sobolev (mail@sobolevn.me)' \
-    --license "MIT" \
+    --license 'MIT' \
-    -C "$SCRIPT_DEST_DIR" \
+    --depends 'bash' \
-    -d "bash" \
+    --depends 'coreutils' \
-    -d "coreutils" \
+    --depends 'gawk' \
-    -d "gawk" \
+    --depends 'git' \
-    -d "git" \
+    --depends 'gnupg' \
-    -d "gnupg" \
     --deb-no-default-config-files \
     .
 }

utils/deb/build.sh

@@ -3,7 +3,7 @@
 set -e
 
 # shellcheck disable=SC1090,SC1091
-source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
+source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
 
 preinstall_files '-c'
 
@@ -11,4 +11,4 @@ preinstall_files '-c'
 cd "$SCRIPT_DEST_DIR" && build_package 'deb'
 
 # Cleaning up:
-clean_up_files && cd "$SECRET_PROJECT_ROOT"
+clean_up_files && cd "$SECRETS_PROJECT_ROOT"

utils/deb/deploy.sh

@@ -8,7 +8,7 @@ if [ -z "$SECRETS_ARTIFACTORY_CREDENTIALS" ]; then
 fi
 
 # shellcheck disable=SC1090,SC1091
-source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
+source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
 
 # Artifactory location:
 BASE_API_URL='https://gitsecret.jfrog.io/artifactory'

utils/deb/install.sh

@@ -0,0 +1,5 @@
+sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list"
+wget -qO - 'https://gitsecret.jfrog.io/artifactory/api/gpg/key/public' | sudo apt-key add -
+sudo apt-get update && sudo apt-get install -y git-secret
+# Testing, that it worked:
+git secret --version

utils/rpm/build.sh

@@ -3,7 +3,7 @@
 set -e
 
 # shellcheck disable=SC1090,SC1091
-source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
+source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
 
 # Copying all the required files to the build directory:
 preinstall_files '-c'
@@ -12,4 +12,4 @@ preinstall_files '-c'
 cd "$SCRIPT_DEST_DIR" && build_package 'rpm'
 
 # Cleaning up:
-clean_up_files && cd "$SECRET_PROJECT_ROOT"
+clean_up_files && cd "$SECRETS_PROJECT_ROOT"

utils/rpm/deploy.sh

@@ -8,7 +8,7 @@ if [ -z "$SECRETS_ARTIFACTORY_CREDENTIALS" ]; then
 fi
 
 # shellcheck disable=SC1090,SC1091
-source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
+source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
 
 # Artifactory location:
 BASE_API_URL='https://gitsecret.jfrog.io/artifactory'

utils/rpm/git-secret.repo

@@ -4,6 +4,6 @@ baseurl=https://gitsecret.jfrog.io/artifactory/git-secret-rpm
 enabled=1
 gpgcheck=0
 
-# Uncomment the following lines to enable repository-level GPG key check:
+## Uncomment the following lines to enable repository-level GPG key check:
 # gpgkey=https://gitsecret.jfrog.io/artifactory/git-secret-rpm/repodata/repomd.xml.key
 # repo_gpgcheck=1

utils/rpm/install.sh

@@ -0,0 +1,6 @@
+wget https://raw.githubusercontent.com/sobolevn/git-secret/master/utils/rpm/git-secret.repo -O git-secret-rpm.repo
+# Inspect what's inside! You can also enable `gpg` check on repo level.
+sudo mv git-secret-rpm.repo /etc/yum.repos.d/
+sudo yum install -y git-secret
+# Testing, that it worked:
+git secret --version

utils/tests.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# `SECRET_PROJECT_ROOT` must be set before running the script.
+# `SECRETS_PROJECT_ROOT` must be set before running the script.
 
 set -e
 
@@ -25,7 +25,7 @@ chmod 0700 "${TEST_DIR}"
     # bats expects diagnostic lines to be sent to fd 3, matching regex '^# '
     #  (IE, like: `echo '# message here' >&3`).
     # bats ... 3>&1 shows diagnostic output
-    bats "${SECRET_PROJECT_ROOT}/tests" 3>&1
+    bats "${SECRETS_PROJECT_ROOT}/tests" 3>&1
 )
 
 rm -rf "${TEST_DIR}"