mirror of
https://github.com/sobolevn/git-secret
synced 2024-10-31 21:20:29 +00:00
Adds release-ci script to test installation (#664)
* Adds release-ci script to test installation * Fixes CI * Fixes CI * Renames some variables to follow the same SECRETS_ convention
This commit is contained in:
parent
fcf25ff546
commit
19941f91f4
15
.ci/release-ci/centos/Dockerfile
Normal file
15
.ci/release-ci/centos/Dockerfile
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
FROM centos:8
|
||||||
|
|
||||||
|
LABEL maintainer="mail@sobolevn.me"
|
||||||
|
LABEL vendor="git-secret team"
|
||||||
|
|
||||||
|
RUN dnf -y update \
|
||||||
|
&& dnf install -y \
|
||||||
|
# Required for our install script:
|
||||||
|
wget \
|
||||||
|
sudo \
|
||||||
|
&& dnf clean all \
|
||||||
|
&& rm -rf /var/cache/yum \
|
||||||
|
&& adduser --password='' nonroot \
|
||||||
|
&& echo 'nonroot ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
|
||||||
|
USER nonroot
|
23
.ci/release-ci/debian/Dockerfile
Normal file
23
.ci/release-ci/debian/Dockerfile
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
FROM debian:10.9-slim
|
||||||
|
|
||||||
|
LABEL maintainer="mail@sobolevn.me"
|
||||||
|
LABEL vendor="git-secret team"
|
||||||
|
|
||||||
|
ENV DEBIAN_FRONTEND='noninteractive'
|
||||||
|
|
||||||
|
RUN apt-get update \
|
||||||
|
&& apt-get install --no-install-recommends -y \
|
||||||
|
# Required to work with https-based repos and custom signed packages:
|
||||||
|
apt-transport-https \
|
||||||
|
ca-certificates \
|
||||||
|
# Required for our install script:
|
||||||
|
gnupg \
|
||||||
|
sudo \
|
||||||
|
wget \
|
||||||
|
# Cleaning cache:
|
||||||
|
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
|
||||||
|
&& apt-get clean -y && rm -rf /var/lib/apt/lists/* \
|
||||||
|
&& adduser --disabled-password nonroot \
|
||||||
|
&& adduser nonroot sudo \
|
||||||
|
&& echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
|
||||||
|
USER nonroot
|
15
.ci/release-ci/fedora/Dockerfile
Normal file
15
.ci/release-ci/fedora/Dockerfile
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
FROM fedora:34
|
||||||
|
|
||||||
|
LABEL maintainer="mail@sobolevn.me"
|
||||||
|
LABEL vendor="git-secret team"
|
||||||
|
|
||||||
|
RUN dnf -y update \
|
||||||
|
&& dnf install -y \
|
||||||
|
# Required for our install script:
|
||||||
|
wget \
|
||||||
|
sudo \
|
||||||
|
&& dnf clean all \
|
||||||
|
&& rm -rf /var/cache/yum \
|
||||||
|
&& adduser --password='' nonroot \
|
||||||
|
&& echo 'nonroot ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
|
||||||
|
USER nonroot
|
23
.ci/release-ci/ubuntu/Dockerfile
Normal file
23
.ci/release-ci/ubuntu/Dockerfile
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
FROM debian:10.9-slim
|
||||||
|
|
||||||
|
LABEL maintainer="mail@sobolevn.me"
|
||||||
|
LABEL vendor="git-secret team"
|
||||||
|
|
||||||
|
ENV DEBIAN_FRONTEND='noninteractive'
|
||||||
|
|
||||||
|
RUN apt-get update \
|
||||||
|
&& apt-get install --no-install-recommends -y \
|
||||||
|
# Required to work with https-based repos and custom signed packages:
|
||||||
|
apt-transport-https \
|
||||||
|
ca-certificates \
|
||||||
|
# Required for our install script:
|
||||||
|
gnupg \
|
||||||
|
sudo \
|
||||||
|
wget \
|
||||||
|
# Cleaning cache:
|
||||||
|
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
|
||||||
|
&& apt-get clean -y && rm -rf /var/lib/apt/lists/* \
|
||||||
|
&& adduser --disabled-password nonroot \
|
||||||
|
&& adduser nonroot sudo \
|
||||||
|
&& echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
|
||||||
|
USER nonroot
|
@ -3,10 +3,12 @@
|
|||||||
|
|
||||||
# TODO: Move to native image
|
# TODO: Move to native image
|
||||||
# see: https://github.com/jordansissel/fpm/issues/1782
|
# see: https://github.com/jordansissel/fpm/issues/1782
|
||||||
|
# Or we can switch to
|
||||||
|
# https://github.com/goreleaser/nfpm
|
||||||
FROM alpine:3.13
|
FROM alpine:3.13
|
||||||
|
|
||||||
ENV CODE_DIR='/code'
|
ENV CODE_DIR='/code'
|
||||||
ENV SECRET_PROJECT_ROOT="$CODE_DIR"
|
ENV SECRETS_PROJECT_ROOT="$CODE_DIR"
|
||||||
|
|
||||||
RUN apk add --no-cache --update \
|
RUN apk add --no-cache --update \
|
||||||
# fpm deps:
|
# fpm deps:
|
||||||
|
20
.github/workflows/misspell.yml
vendored
20
.github/workflows/misspell.yml
vendored
@ -1,20 +0,0 @@
|
|||||||
name: misspell
|
|
||||||
|
|
||||||
on:
|
|
||||||
workflow_dispatch:
|
|
||||||
schedule:
|
|
||||||
- cron: '0 0 * * *'
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
build:
|
|
||||||
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v2
|
|
||||||
- uses: sobolevn/misspell-fixer-action@0.1.0
|
|
||||||
- uses: peter-evans/create-pull-request@v3
|
|
||||||
with:
|
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
commit-message: 'Fixes by misspell-fixer'
|
|
||||||
title: 'Typos fix by misspell-fixer'
|
|
25
.github/workflows/release-ci.yml
vendored
Normal file
25
.github/workflows/release-ci.yml
vendored
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
name: installation-
|
||||||
|
|
||||||
|
on:
|
||||||
|
workflow_dispatch:
|
||||||
|
schedule:
|
||||||
|
- cron: '0 0 * * *'
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
matrix:
|
||||||
|
include:
|
||||||
|
- release-type: deb
|
||||||
|
release-env: [debian, ubuntu]
|
||||||
|
- release-type: rpm
|
||||||
|
release-env: [centos, fedora]
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2
|
||||||
|
- name: Run checks
|
||||||
|
run: |
|
||||||
|
SECRETS_RELEASE_ENV="${{ matrix.release-env }}" \
|
||||||
|
SECRETS_RELEASE_TYPE="${{ matrix.release-type }}" \
|
||||||
|
make release-ci
|
4
.github/workflows/test.yml
vendored
4
.github/workflows/test.yml
vendored
@ -19,7 +19,7 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
docker-based-test:
|
docker-env:
|
||||||
- debian-gnupg1 # We need to test legacy version of gnupg
|
- debian-gnupg1 # We need to test legacy version of gnupg
|
||||||
- debian-gnupg2
|
- debian-gnupg2
|
||||||
- ubuntu
|
- ubuntu
|
||||||
@ -29,7 +29,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- name: Run checks
|
- name: Run checks
|
||||||
run: GITSECRET_DOCKER_ENV="${{ matrix.docker-based-test }}" make docker-ci
|
run: SECRETS_DOCKER_ENV="${{ matrix.docker-env }}" make docker-ci
|
||||||
|
|
||||||
osx-ci:
|
osx-ci:
|
||||||
runs-on: macos-latest
|
runs-on: macos-latest
|
||||||
|
43
Makefile
43
Makefile
@ -37,26 +37,26 @@ uninstall:
|
|||||||
# Using a sub-shell we get the raw *nix paths, e.g. /c/Something
|
# Using a sub-shell we get the raw *nix paths, e.g. /c/Something
|
||||||
.PHONY: test
|
.PHONY: test
|
||||||
test: clean build
|
test: clean build
|
||||||
export SECRET_PROJECT_ROOT="$(shell echo $${PWD})"; \
|
export SECRETS_PROJECT_ROOT="$(shell echo $${PWD})"; \
|
||||||
export PATH="$(shell echo $${PWD})/vendor/bats-core/bin:$(shell echo $${PWD}):$(shell echo $${PATH})"; \
|
export PATH="$(shell echo $${PWD})/vendor/bats-core/bin:$(shell echo $${PWD}):$(shell echo $${PATH})"; \
|
||||||
${SHELL} ./utils/tests.sh
|
${SHELL} ./utils/tests.sh
|
||||||
|
|
||||||
# We use this script in CI and you can do this too!
|
# We use this script in CI and you can do this too!
|
||||||
# What happens here?
|
# What happens here?
|
||||||
# 1. We pass `GITSECRET_DOCKER_ENV` variable into this job
|
# 1. We pass `SECRETS_DOCKER_ENV` variable into this job
|
||||||
# 2. Based on it, we select a proper `docker` image to run test on
|
# 2. Based on it, we select a proper `docker` image to run test on
|
||||||
# 3. We execute `make test` inside the `docker` container
|
# 3. We execute `make test` inside the `docker` container
|
||||||
.PHONY: docker-ci
|
.PHONY: docker-ci
|
||||||
docker-ci: clean
|
docker-ci: clean
|
||||||
@[ -z "${GITSECRET_DOCKER_ENV}" ] \
|
@[ -z "${SECRETS_DOCKER_ENV}" ] \
|
||||||
&& echo 'GITSECRET_DOCKER_ENV is unset' && exit 1 || true
|
&& echo 'SECRETS_DOCKER_ENV is unset' && exit 1 || true
|
||||||
docker build \
|
docker build \
|
||||||
-f ".ci/docker-ci/$${GITSECRET_DOCKER_ENV}/Dockerfile" \
|
-f ".ci/docker-ci/$${SECRETS_DOCKER_ENV}/Dockerfile" \
|
||||||
-t "gitsecret-$${GITSECRET_DOCKER_ENV}:latest" .
|
-t "gitsecret-$${SECRETS_DOCKER_ENV}:latest" .
|
||||||
docker run --rm \
|
docker run --rm \
|
||||||
--volume="$${PWD}:/code" \
|
--volume="$${PWD}:/code" \
|
||||||
-w /code \
|
-w /code \
|
||||||
"gitsecret-$${GITSECRET_DOCKER_ENV}" \
|
"gitsecret-$${SECRETS_DOCKER_ENV}" \
|
||||||
make test
|
make test
|
||||||
|
|
||||||
.PHONY: lint-shell
|
.PHONY: lint-shell
|
||||||
@ -122,22 +122,37 @@ docs: build-docs
|
|||||||
# Packaging:
|
# Packaging:
|
||||||
#
|
#
|
||||||
|
|
||||||
.PHONY: release-build
|
.PHONY: build-release
|
||||||
release-build: clean build
|
build-release: clean build
|
||||||
@[ -z "${GITSECRET_RELEASE_TYPE}" ] \
|
@[ -z "${SECRETS_RELEASE_TYPE}" ] \
|
||||||
&& echo 'GITSECRET_RELEASE_TYPE is unset' && exit 1 || true
|
&& echo 'SECRETS_RELEASE_TYPE is unset' && exit 1 || true
|
||||||
docker build \
|
docker build \
|
||||||
-f ".ci/releaser/alpine/Dockerfile" \
|
-f ".ci/releaser/alpine/Dockerfile" \
|
||||||
-t "gitsecret-releaser:latest" .
|
-t "gitsecret-releaser:latest" .
|
||||||
docker run \
|
docker run \
|
||||||
--volume="$${PWD}:/code" \
|
--volume="$${PWD}:/code" \
|
||||||
--rm gitsecret-releaser \
|
--rm gitsecret-releaser \
|
||||||
bash "./utils/$${GITSECRET_RELEASE_TYPE}/build.sh"
|
bash "./utils/$${SECRETS_RELEASE_TYPE}/build.sh"
|
||||||
|
|
||||||
.PHONY: release
|
.PHONY: release
|
||||||
release: release-build
|
release: build-release
|
||||||
docker run \
|
docker run \
|
||||||
--volume="$${PWD}:/code" \
|
--volume="$${PWD}:/code" \
|
||||||
-e SECRETS_ARTIFACTORY_CREDENTIALS \
|
-e SECRETS_ARTIFACTORY_CREDENTIALS \
|
||||||
--rm gitsecret-releaser \
|
--rm gitsecret-releaser \
|
||||||
bash "./utils/$${GITSECRET_RELEASE_TYPE}/deploy.sh"
|
bash "./utils/$${SECRETS_RELEASE_TYPE}/deploy.sh"
|
||||||
|
|
||||||
|
.PHONY: release-ci
|
||||||
|
release-ci:
|
||||||
|
@[ -z "${SECRETS_RELEASE_ENV}" ] \
|
||||||
|
&& echo 'SECRETS_RELEASE_ENV is unset' && exit 1 || true
|
||||||
|
@[ -z "${SECRETS_RELEASE_TYPE}" ] \
|
||||||
|
&& echo 'SECRETS_RELEASE_TYPE is unset' && exit 1 || true
|
||||||
|
docker build \
|
||||||
|
-f ".ci/release-ci/$${SECRETS_RELEASE_ENV}/Dockerfile" \
|
||||||
|
-t "gitsecret-release-$${SECRETS_RELEASE_ENV}:latest" .
|
||||||
|
docker run --rm \
|
||||||
|
--volume="$${PWD}:/code" \
|
||||||
|
-w /code \
|
||||||
|
"gitsecret-release-$${SECRETS_RELEASE_ENV}" \
|
||||||
|
bash -c "set -e; bash "./utils/$${SECRETS_RELEASE_TYPE}/install.sh""
|
||||||
|
4
docs/_includes/install-deb.sh
Normal file
4
docs/_includes/install-deb.sh
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list"
|
||||||
|
wget -qO - 'https://gitsecret.jfrog.io/artifactory/api/gpg/key/public' | sudo apt-key add -
|
||||||
|
sudo apt-get update && sudo apt-get install -y git-secret
|
||||||
|
git secret --version
|
4
docs/_includes/install-rpm.sh
Normal file
4
docs/_includes/install-rpm.sh
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
wget https://raw.githubusercontent.com/sobolevn/git-secret/master/utils/rpm/git-secret.repo -O git-secret-rpm.repo
|
||||||
|
# Inspect what's inside! You can also enable `gpg` check on repo level.
|
||||||
|
sudo mv git-secret-rpm.repo /etc/yum.repos.d/
|
||||||
|
sudo yum install -y git-secret
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: 'git-secret-add'
|
title: 'git-secret-add'
|
||||||
date: 2021-05-04 12:15:29 +0300
|
date: 2021-05-05 15:37:26 +0300
|
||||||
permalink: git-secret-add
|
permalink: git-secret-add
|
||||||
categories: command
|
categories: command
|
||||||
---
|
---
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: 'git-secret-cat'
|
title: 'git-secret-cat'
|
||||||
date: 2021-05-04 12:15:29 +0300
|
date: 2021-05-05 15:37:26 +0300
|
||||||
permalink: git-secret-cat
|
permalink: git-secret-cat
|
||||||
categories: command
|
categories: command
|
||||||
---
|
---
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: 'git-secret-changes'
|
title: 'git-secret-changes'
|
||||||
date: 2021-05-04 12:15:29 +0300
|
date: 2021-05-05 15:37:26 +0300
|
||||||
permalink: git-secret-changes
|
permalink: git-secret-changes
|
||||||
categories: command
|
categories: command
|
||||||
---
|
---
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: 'git-secret-clean'
|
title: 'git-secret-clean'
|
||||||
date: 2021-05-04 12:15:29 +0300
|
date: 2021-05-05 15:37:26 +0300
|
||||||
permalink: git-secret-clean
|
permalink: git-secret-clean
|
||||||
categories: command
|
categories: command
|
||||||
---
|
---
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: 'git-secret-hide'
|
title: 'git-secret-hide'
|
||||||
date: 2021-05-04 12:15:29 +0300
|
date: 2021-05-05 15:37:26 +0300
|
||||||
permalink: git-secret-hide
|
permalink: git-secret-hide
|
||||||
categories: command
|
categories: command
|
||||||
---
|
---
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: 'git-secret-init'
|
title: 'git-secret-init'
|
||||||
date: 2021-05-04 12:15:29 +0300
|
date: 2021-05-05 15:37:26 +0300
|
||||||
permalink: git-secret-init
|
permalink: git-secret-init
|
||||||
categories: command
|
categories: command
|
||||||
---
|
---
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: 'git-secret-killperson'
|
title: 'git-secret-killperson'
|
||||||
date: 2021-05-04 12:15:29 +0300
|
date: 2021-05-05 15:37:26 +0300
|
||||||
permalink: git-secret-killperson
|
permalink: git-secret-killperson
|
||||||
categories: command
|
categories: command
|
||||||
---
|
---
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: 'git-secret-list'
|
title: 'git-secret-list'
|
||||||
date: 2021-05-04 12:15:29 +0300
|
date: 2021-05-05 15:37:26 +0300
|
||||||
permalink: git-secret-list
|
permalink: git-secret-list
|
||||||
categories: command
|
categories: command
|
||||||
---
|
---
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: 'git-secret-remove'
|
title: 'git-secret-remove'
|
||||||
date: 2021-05-04 12:15:29 +0300
|
date: 2021-05-05 15:37:26 +0300
|
||||||
permalink: git-secret-remove
|
permalink: git-secret-remove
|
||||||
categories: command
|
categories: command
|
||||||
---
|
---
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: 'git-secret-reveal'
|
title: 'git-secret-reveal'
|
||||||
date: 2021-05-04 12:15:29 +0300
|
date: 2021-05-05 15:37:26 +0300
|
||||||
permalink: git-secret-reveal
|
permalink: git-secret-reveal
|
||||||
categories: command
|
categories: command
|
||||||
---
|
---
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: 'git-secret-tell'
|
title: 'git-secret-tell'
|
||||||
date: 2021-05-04 12:15:29 +0300
|
date: 2021-05-05 15:37:26 +0300
|
||||||
permalink: git-secret-tell
|
permalink: git-secret-tell
|
||||||
categories: command
|
categories: command
|
||||||
---
|
---
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: 'git-secret-usage'
|
title: 'git-secret-usage'
|
||||||
date: 2021-05-04 12:15:29 +0300
|
date: 2021-05-05 15:37:26 +0300
|
||||||
permalink: git-secret-usage
|
permalink: git-secret-usage
|
||||||
categories: command
|
categories: command
|
||||||
---
|
---
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: 'git-secret-whoknows'
|
title: 'git-secret-whoknows'
|
||||||
date: 2021-05-04 12:15:29 +0300
|
date: 2021-05-05 15:37:26 +0300
|
||||||
permalink: git-secret-whoknows
|
permalink: git-secret-whoknows
|
||||||
categories: command
|
categories: command
|
||||||
---
|
---
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: 'git-secret'
|
title: 'git-secret'
|
||||||
date: 2021-05-04 12:15:29 +0300
|
date: 2021-05-05 15:37:26 +0300
|
||||||
permalink: git-secret
|
permalink: git-secret
|
||||||
categories: usage
|
categories: usage
|
||||||
---
|
---
|
@ -58,5 +58,15 @@ categories: usage
|
|||||||
cat "$MAN7_LOCATION/git-secret.7.md" >> "$usage_filename"
|
cat "$MAN7_LOCATION/git-secret.7.md" >> "$usage_filename"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function copy_install_scripts {
|
||||||
|
# We test these scripts using `release-ci`,
|
||||||
|
# so, installation instructions will always be up-to-date:
|
||||||
|
cp utils/deb/install.sh docs/_includes/install-deb.sh
|
||||||
|
cp utils/rpm/install.sh docs/_includes/install-rpm.sh
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
checkout_manuals
|
checkout_manuals
|
||||||
copy_to_posts
|
copy_to_posts
|
||||||
|
copy_install_scripts
|
||||||
|
@ -38,10 +38,7 @@ You can find the `deb` repository [here](https://gitsecret.jfrog.io/artifactory/
|
|||||||
Pre-requirements: make sure you have installed `apt-transport-https` and `ca-certificates`
|
Pre-requirements: make sure you have installed `apt-transport-https` and `ca-certificates`
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list"
|
{% include install-deb.sh %}
|
||||||
wget -qO - https://gitsecret.jfrog.io/artifactory/api/gpg/key/public | sudo apt-key add -
|
|
||||||
sudo apt-get update
|
|
||||||
sudo apt-get install git-secret
|
|
||||||
```
|
```
|
||||||
|
|
||||||
---
|
---
|
||||||
@ -51,12 +48,11 @@ sudo apt-get install git-secret
|
|||||||
You can find the `rpm` repository [here](https://gitsecret.jfrog.io/artifactory/git-secret-rpm/).
|
You can find the `rpm` repository [here](https://gitsecret.jfrog.io/artifactory/git-secret-rpm/).
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
wget https://raw.githubusercontent.com/sobolevn/git-secret/master/utils/rpm/git-secret.repo -O git-secret-rpm.repo
|
{% include install-rpm.sh %}
|
||||||
# Inspect what's inside! You can also enable `gpg` check on repo level.
|
|
||||||
sudo mv git-secret-rpm.repo /etc/yum.repos.d/
|
|
||||||
sudo yum install git-secret
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
### Arch Linux
|
### Arch Linux
|
||||||
|
|
||||||
The _Arch_ way to install git-secret is to use the directions for
|
The _Arch_ way to install git-secret is to use the directions for
|
||||||
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -4,12 +4,12 @@
|
|||||||
# https://github.com/bats-core/bats-core
|
# https://github.com/bats-core/bats-core
|
||||||
|
|
||||||
# shellcheck disable=SC1090
|
# shellcheck disable=SC1090
|
||||||
source "$SECRET_PROJECT_ROOT/src/version.sh"
|
source "$SECRETS_PROJECT_ROOT/src/version.sh"
|
||||||
# shellcheck disable=SC1090
|
# shellcheck disable=SC1090
|
||||||
source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools.sh"
|
source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools.sh"
|
||||||
source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools_freebsd.sh"
|
source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools_freebsd.sh"
|
||||||
source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools_linux.sh"
|
source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools_linux.sh"
|
||||||
source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools_osx.sh"
|
source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools_osx.sh"
|
||||||
|
|
||||||
# Constants:
|
# Constants:
|
||||||
FIXTURES_DIR="$BATS_TEST_DIRNAME/fixtures"
|
FIXTURES_DIR="$BATS_TEST_DIRNAME/fixtures"
|
||||||
@ -47,27 +47,27 @@ GPGTEST="$SECRETS_GPG_COMMAND --homedir=$TEST_GPG_HOMEDIR --no-permission-warnin
|
|||||||
# See tests/fixtures/gpg/README.md for more
|
# See tests/fixtures/gpg/README.md for more
|
||||||
# on key fixtures 'user[1-5]@gitsecret.io'
|
# on key fixtures 'user[1-5]@gitsecret.io'
|
||||||
# these two are 'normal' keys.
|
# these two are 'normal' keys.
|
||||||
export TEST_DEFAULT_USER="user1@gitsecret.io"
|
export TEST_DEFAULT_USER='user1@gitsecret.io'
|
||||||
export TEST_SECOND_USER="user2@gitsecret.io"
|
export TEST_SECOND_USER='user2@gitsecret.io'
|
||||||
|
|
||||||
# TEST_NONAME_USER (user3) created with '--quick-key-generate'
|
# TEST_NONAME_USER (user3) created with '--quick-key-generate'
|
||||||
# and has only an email, no username.
|
# and has only an email, no username.
|
||||||
export TEST_NONAME_USER="user3@gitsecret.io"
|
export TEST_NONAME_USER='user3@gitsecret.io'
|
||||||
|
|
||||||
# TEST_EXPIRED_USER (user4) has expired
|
# TEST_EXPIRED_USER (user4) has expired
|
||||||
export TEST_EXPIRED_USER="user4@gitsecret.io" # this key expires 2018-09-24
|
export TEST_EXPIRED_USER='user4@gitsecret.io' # this key expires 2018-09-24
|
||||||
|
|
||||||
# fixture filename is named this,
|
# fixture filename is named this,
|
||||||
# but key has no email and a comment, as per #527
|
# but key has no email and a comment, as per #527
|
||||||
export TEST_NOEMAIL_COMMENT_USER="user5@gitsecret.io"
|
export TEST_NOEMAIL_COMMENT_USER='user5@gitsecret.io'
|
||||||
|
|
||||||
export TEST_ATTACKER_USER="attacker1@gitsecret.io"
|
export TEST_ATTACKER_USER='attacker1@gitsecret.io'
|
||||||
|
|
||||||
|
|
||||||
export TEST_DEFAULT_FILENAME="space file" # has spaces
|
export TEST_DEFAULT_FILENAME='space file' # has spaces
|
||||||
export TEST_SECOND_FILENAME="space file two" # has spaces
|
export TEST_SECOND_FILENAME='space file two' # has spaces
|
||||||
export TEST_THIRD_FILENAME="space file three" # has spaces
|
export TEST_THIRD_FILENAME='space file three' # has spaces
|
||||||
export TEST_FOURTH_FILENAME="space file three [] * $" # has spaces and special chars
|
export TEST_FOURTH_FILENAME='space file three [] * $' # has spaces and special chars
|
||||||
|
|
||||||
|
|
||||||
function test_user_password {
|
function test_user_password {
|
||||||
@ -83,14 +83,14 @@ function test_user_password {
|
|||||||
function stop_gpg_agent {
|
function stop_gpg_agent {
|
||||||
local username
|
local username
|
||||||
username=$(id -u -n)
|
username=$(id -u -n)
|
||||||
if [[ "$GITSECRET_DIST" == "windows" ]]; then
|
if [[ "$SECRETS_DOCKER_ENV" == 'windows' ]]; then
|
||||||
ps -l -u "$username" | gawk \
|
ps -l -u "$username" | gawk \
|
||||||
'/gpg-agent/ { if ( $0 !~ "awk" ) { system("kill "$1) } }' >> "$TEST_GPG_OUTPUT_FILE" 2>&1
|
'/gpg-agent/ { if ( $0 !~ "awk" ) { system("kill "$1) } }' >> "$TEST_GPG_OUTPUT_FILE" 2>&1
|
||||||
else
|
else
|
||||||
local ps_is_busybox
|
local ps_is_busybox
|
||||||
ps_is_busybox=_exe_is_busybox "ps"
|
ps_is_busybox=_exe_is_busybox 'ps'
|
||||||
if [[ $ps_is_busybox -eq "1" ]]; then
|
if [[ $ps_is_busybox -eq '1' ]]; then
|
||||||
echo "# git-secret: tests: not stopping gpg-agent on busybox" >&3
|
echo '# git-secret: tests: not stopping gpg-agent on busybox' >&3
|
||||||
else
|
else
|
||||||
ps -wx -U "$username" | gawk \
|
ps -wx -U "$username" | gawk \
|
||||||
'/gpg-agent --homedir/ { if ( $0 !~ "awk" ) { system("kill "$1) } }' >> "$TEST_GPG_OUTPUT_FILE" 2>&1
|
'/gpg-agent --homedir/ { if ( $0 !~ "awk" ) { system("kill "$1) } }' >> "$TEST_GPG_OUTPUT_FILE" 2>&1
|
||||||
@ -104,7 +104,7 @@ function get_gpgtest_prefix {
|
|||||||
# shellcheck disable=SC2086
|
# shellcheck disable=SC2086
|
||||||
echo "echo \"$(test_user_password $1)\" | "
|
echo "echo \"$(test_user_password $1)\" | "
|
||||||
else
|
else
|
||||||
echo ""
|
echo ''
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -242,7 +242,7 @@ function set_state_secret_add {
|
|||||||
local filename="$1"
|
local filename="$1"
|
||||||
local content="$2"
|
local content="$2"
|
||||||
echo "$content" > "$filename" # we add a newline
|
echo "$content" > "$filename" # we add a newline
|
||||||
echo "$filename" >> ".gitignore"
|
echo "$filename" >> '.gitignore'
|
||||||
|
|
||||||
git secret add "$filename" >> "$TEST_GPG_OUTPUT_FILE" 2>&1
|
git secret add "$filename" >> "$TEST_GPG_OUTPUT_FILE" 2>&1
|
||||||
}
|
}
|
||||||
@ -251,7 +251,7 @@ function set_state_secret_add_without_newline {
|
|||||||
local filename="$1"
|
local filename="$1"
|
||||||
local content="$2"
|
local content="$2"
|
||||||
echo -n "$content" > "$filename" # we do not add a newline
|
echo -n "$content" > "$filename" # we do not add a newline
|
||||||
echo "$filename" >> ".gitignore"
|
echo "$filename" >> '.gitignore'
|
||||||
|
|
||||||
git secret add "$filename" >> "$TEST_GPG_OUTPUT_FILE" 2>&1
|
git secret add "$filename" >> "$TEST_GPG_OUTPUT_FILE" 2>&1
|
||||||
}
|
}
|
||||||
@ -275,7 +275,7 @@ function unset_current_state {
|
|||||||
secrets_dir=$(_get_secrets_dir)
|
secrets_dir=$(_get_secrets_dir)
|
||||||
|
|
||||||
rm -rf "$secrets_dir"
|
rm -rf "$secrets_dir"
|
||||||
rm -rf ".gitignore"
|
rm -rf '.gitignore'
|
||||||
|
|
||||||
# unsets `git` state
|
# unsets `git` state
|
||||||
remove_git_repository
|
remove_git_repository
|
||||||
@ -308,7 +308,7 @@ function unset_current_state {
|
|||||||
rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_FOURTH_FILENAME}" 2>&1 | sed 's/^/# unset_current_state: rm /'
|
rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_FOURTH_FILENAME}" 2>&1 | sed 's/^/# unset_current_state: rm /'
|
||||||
|
|
||||||
# return to the base dir:
|
# return to the base dir:
|
||||||
cd "$SECRET_PROJECT_ROOT" || exit 1
|
cd "$SECRETS_PROJECT_ROOT" || exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
# show output if we wind up manually removing the test output file in a trap
|
# show output if we wind up manually removing the test output file in a trap
|
||||||
|
@ -7,7 +7,7 @@ INSTALL_BASE="${TMPDIR}/git-secret-test-install"
|
|||||||
|
|
||||||
@test "install git-secret to DESTDIR='$INSTALL_BASE'" {
|
@test "install git-secret to DESTDIR='$INSTALL_BASE'" {
|
||||||
rm -f "$INSTALL_BASE/usr/bin/git-secret"
|
rm -f "$INSTALL_BASE/usr/bin/git-secret"
|
||||||
cd "$SECRET_PROJECT_ROOT"
|
cd "$SECRETS_PROJECT_ROOT"
|
||||||
|
|
||||||
# set DESTDIR for this command and 'run' make install
|
# set DESTDIR for this command and 'run' make install
|
||||||
DESTDIR="$INSTALL_BASE" run make install
|
DESTDIR="$INSTALL_BASE" run make install
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
set -e
|
set -e
|
||||||
|
|
||||||
# shellcheck disable=SC1090,SC1091
|
# shellcheck disable=SC1090,SC1091
|
||||||
source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
|
source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
|
||||||
|
|
||||||
preinstall_files '-c'
|
preinstall_files '-c'
|
||||||
|
|
||||||
@ -11,4 +11,4 @@ preinstall_files '-c'
|
|||||||
cd "$SCRIPT_DEST_DIR" && build_package 'apk'
|
cd "$SCRIPT_DEST_DIR" && build_package 'apk'
|
||||||
|
|
||||||
# Cleaning up:
|
# Cleaning up:
|
||||||
clean_up_files && cd "$SECRET_PROJECT_ROOT"
|
clean_up_files && cd "$SECRETS_PROJECT_ROOT"
|
||||||
|
@ -8,11 +8,9 @@ if [ -z "$SECRETS_ARTIFACTORY_CREDENTIALS" ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# shellcheck disable=SC1090,SC1091
|
# shellcheck disable=SC1090,SC1091
|
||||||
source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
|
source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
|
||||||
# shellcheck disable=SC1090,SC1091
|
|
||||||
source "$SECRET_PROJECT_ROOT/src/version.sh"
|
|
||||||
|
|
||||||
VERSION_NAME="git-secret-${GITSECRET_VERSION}.apk"
|
VERSION_NAME="git-secret-${SCRIPT_VERSION}.apk"
|
||||||
|
|
||||||
# Artifactory location:
|
# Artifactory location:
|
||||||
BASE_API_URL='https://gitsecret.jfrog.io/artifactory'
|
BASE_API_URL='https://gitsecret.jfrog.io/artifactory'
|
||||||
|
@ -2,13 +2,16 @@
|
|||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
|
# shellcheck disable=SC1090,SC1091
|
||||||
|
source "$SECRETS_PROJECT_ROOT/src/version.sh"
|
||||||
|
|
||||||
# Initializing and settings:
|
# Initializing and settings:
|
||||||
READ_PERM=0644
|
READ_PERM=0644
|
||||||
EXEC_PERM=0755
|
EXEC_PERM=0755
|
||||||
|
|
||||||
SCRIPT_NAME='git-secret'
|
SCRIPT_NAME='git-secret'
|
||||||
SCRIPT_DESCRIPTION='A bash-tool to store your private data inside a git repository.'
|
SCRIPT_DESCRIPTION='A bash-tool to store your private data inside a git repository.'
|
||||||
SCRIPT_VERSION="$(bash "${PWD}"/git-secret --version)"
|
SCRIPT_VERSION="$GITSECRET_VERSION"
|
||||||
|
|
||||||
# This may be overridden:
|
# This may be overridden:
|
||||||
if [[ -z "$SCRIPT_BUILD_DIR" ]]; then
|
if [[ -z "$SCRIPT_BUILD_DIR" ]]; then
|
||||||
@ -38,8 +41,8 @@ function preinstall_files {
|
|||||||
"$SCRIPT_DEST_DIR/usr/bin/$SCRIPT_NAME"
|
"$SCRIPT_DEST_DIR/usr/bin/$SCRIPT_NAME"
|
||||||
|
|
||||||
# Install the manualls:
|
# Install the manualls:
|
||||||
install -m "$EXEC_PERM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man1"
|
install -m "$EXEC_PERM" -d "$SCRIPT_DEST_DIR/usr/share/man/man1"
|
||||||
install -m "$EXEC_PERM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man7"
|
install -m "$EXEC_PERM" -d "$SCRIPT_DEST_DIR/usr/share/man/man7"
|
||||||
for file in man/man1/* ; do
|
for file in man/man1/* ; do
|
||||||
if [[ "$file" == *.md ]]; then
|
if [[ "$file" == *.md ]]; then
|
||||||
continue
|
continue
|
||||||
@ -62,21 +65,21 @@ function build_package {
|
|||||||
# coreutils is for sha256sum
|
# coreutils is for sha256sum
|
||||||
# See https://github.com/jordansissel/fpm for docs:
|
# See https://github.com/jordansissel/fpm for docs:
|
||||||
fpm \
|
fpm \
|
||||||
-s dir \
|
--input-type 'dir' \
|
||||||
-t "$build_type" \
|
--output-type "$build_type" \
|
||||||
-a all \
|
--chdir "$SCRIPT_DEST_DIR" \
|
||||||
-n "$SCRIPT_NAME" \
|
--architecture 'all' \
|
||||||
|
--name "$SCRIPT_NAME" \
|
||||||
--version "$SCRIPT_VERSION" \
|
--version "$SCRIPT_VERSION" \
|
||||||
--description "$SCRIPT_DESCRIPTION" \
|
--description "$SCRIPT_DESCRIPTION" \
|
||||||
--url "https://git-secret.io" \
|
--url 'https://git-secret.io' \
|
||||||
--maintainer "Nikita Sobolev (mail@sobolevn.me)" \
|
--maintainer 'Nikita Sobolev (mail@sobolevn.me)' \
|
||||||
--license "MIT" \
|
--license 'MIT' \
|
||||||
-C "$SCRIPT_DEST_DIR" \
|
--depends 'bash' \
|
||||||
-d "bash" \
|
--depends 'coreutils' \
|
||||||
-d "coreutils" \
|
--depends 'gawk' \
|
||||||
-d "gawk" \
|
--depends 'git' \
|
||||||
-d "git" \
|
--depends 'gnupg' \
|
||||||
-d "gnupg" \
|
|
||||||
--deb-no-default-config-files \
|
--deb-no-default-config-files \
|
||||||
.
|
.
|
||||||
}
|
}
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
set -e
|
set -e
|
||||||
|
|
||||||
# shellcheck disable=SC1090,SC1091
|
# shellcheck disable=SC1090,SC1091
|
||||||
source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
|
source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
|
||||||
|
|
||||||
preinstall_files '-c'
|
preinstall_files '-c'
|
||||||
|
|
||||||
@ -11,4 +11,4 @@ preinstall_files '-c'
|
|||||||
cd "$SCRIPT_DEST_DIR" && build_package 'deb'
|
cd "$SCRIPT_DEST_DIR" && build_package 'deb'
|
||||||
|
|
||||||
# Cleaning up:
|
# Cleaning up:
|
||||||
clean_up_files && cd "$SECRET_PROJECT_ROOT"
|
clean_up_files && cd "$SECRETS_PROJECT_ROOT"
|
||||||
|
@ -8,7 +8,7 @@ if [ -z "$SECRETS_ARTIFACTORY_CREDENTIALS" ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# shellcheck disable=SC1090,SC1091
|
# shellcheck disable=SC1090,SC1091
|
||||||
source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
|
source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
|
||||||
|
|
||||||
# Artifactory location:
|
# Artifactory location:
|
||||||
BASE_API_URL='https://gitsecret.jfrog.io/artifactory'
|
BASE_API_URL='https://gitsecret.jfrog.io/artifactory'
|
||||||
|
5
utils/deb/install.sh
Normal file
5
utils/deb/install.sh
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list"
|
||||||
|
wget -qO - 'https://gitsecret.jfrog.io/artifactory/api/gpg/key/public' | sudo apt-key add -
|
||||||
|
sudo apt-get update && sudo apt-get install -y git-secret
|
||||||
|
# Testing, that it worked:
|
||||||
|
git secret --version
|
@ -3,7 +3,7 @@
|
|||||||
set -e
|
set -e
|
||||||
|
|
||||||
# shellcheck disable=SC1090,SC1091
|
# shellcheck disable=SC1090,SC1091
|
||||||
source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
|
source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
|
||||||
|
|
||||||
# Copying all the required files to the build directory:
|
# Copying all the required files to the build directory:
|
||||||
preinstall_files '-c'
|
preinstall_files '-c'
|
||||||
@ -12,4 +12,4 @@ preinstall_files '-c'
|
|||||||
cd "$SCRIPT_DEST_DIR" && build_package 'rpm'
|
cd "$SCRIPT_DEST_DIR" && build_package 'rpm'
|
||||||
|
|
||||||
# Cleaning up:
|
# Cleaning up:
|
||||||
clean_up_files && cd "$SECRET_PROJECT_ROOT"
|
clean_up_files && cd "$SECRETS_PROJECT_ROOT"
|
||||||
|
@ -8,7 +8,7 @@ if [ -z "$SECRETS_ARTIFACTORY_CREDENTIALS" ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# shellcheck disable=SC1090,SC1091
|
# shellcheck disable=SC1090,SC1091
|
||||||
source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
|
source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
|
||||||
|
|
||||||
# Artifactory location:
|
# Artifactory location:
|
||||||
BASE_API_URL='https://gitsecret.jfrog.io/artifactory'
|
BASE_API_URL='https://gitsecret.jfrog.io/artifactory'
|
||||||
|
@ -4,6 +4,6 @@ baseurl=https://gitsecret.jfrog.io/artifactory/git-secret-rpm
|
|||||||
enabled=1
|
enabled=1
|
||||||
gpgcheck=0
|
gpgcheck=0
|
||||||
|
|
||||||
# Uncomment the following lines to enable repository-level GPG key check:
|
## Uncomment the following lines to enable repository-level GPG key check:
|
||||||
# gpgkey=https://gitsecret.jfrog.io/artifactory/git-secret-rpm/repodata/repomd.xml.key
|
# gpgkey=https://gitsecret.jfrog.io/artifactory/git-secret-rpm/repodata/repomd.xml.key
|
||||||
# repo_gpgcheck=1
|
# repo_gpgcheck=1
|
||||||
|
6
utils/rpm/install.sh
Normal file
6
utils/rpm/install.sh
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
wget https://raw.githubusercontent.com/sobolevn/git-secret/master/utils/rpm/git-secret.repo -O git-secret-rpm.repo
|
||||||
|
# Inspect what's inside! You can also enable `gpg` check on repo level.
|
||||||
|
sudo mv git-secret-rpm.repo /etc/yum.repos.d/
|
||||||
|
sudo yum install -y git-secret
|
||||||
|
# Testing, that it worked:
|
||||||
|
git secret --version
|
@ -1,6 +1,6 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
# `SECRET_PROJECT_ROOT` must be set before running the script.
|
# `SECRETS_PROJECT_ROOT` must be set before running the script.
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
@ -25,7 +25,7 @@ chmod 0700 "${TEST_DIR}"
|
|||||||
# bats expects diagnostic lines to be sent to fd 3, matching regex '^# '
|
# bats expects diagnostic lines to be sent to fd 3, matching regex '^# '
|
||||||
# (IE, like: `echo '# message here' >&3`).
|
# (IE, like: `echo '# message here' >&3`).
|
||||||
# bats ... 3>&1 shows diagnostic output
|
# bats ... 3>&1 shows diagnostic output
|
||||||
bats "${SECRET_PROJECT_ROOT}/tests" 3>&1
|
bats "${SECRETS_PROJECT_ROOT}/tests" 3>&1
|
||||||
)
|
)
|
||||||
|
|
||||||
rm -rf "${TEST_DIR}"
|
rm -rf "${TEST_DIR}"
|
||||||
|
Loading…
Reference in New Issue
Block a user