mirror of
https://github.com/sobolevn/git-secret
synced 2024-10-31 21:20:29 +00:00
Adds release-ci script to test installation (#664)
* Adds release-ci script to test installation * Fixes CI * Fixes CI * Renames some variables to follow the same SECRETS_ convention
This commit is contained in:
parent
fcf25ff546
commit
19941f91f4
15
.ci/release-ci/centos/Dockerfile
Normal file
15
.ci/release-ci/centos/Dockerfile
Normal file
@ -0,0 +1,15 @@
|
||||
FROM centos:8
|
||||
|
||||
LABEL maintainer="mail@sobolevn.me"
|
||||
LABEL vendor="git-secret team"
|
||||
|
||||
RUN dnf -y update \
|
||||
&& dnf install -y \
|
||||
# Required for our install script:
|
||||
wget \
|
||||
sudo \
|
||||
&& dnf clean all \
|
||||
&& rm -rf /var/cache/yum \
|
||||
&& adduser --password='' nonroot \
|
||||
&& echo 'nonroot ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
|
||||
USER nonroot
|
23
.ci/release-ci/debian/Dockerfile
Normal file
23
.ci/release-ci/debian/Dockerfile
Normal file
@ -0,0 +1,23 @@
|
||||
FROM debian:10.9-slim
|
||||
|
||||
LABEL maintainer="mail@sobolevn.me"
|
||||
LABEL vendor="git-secret team"
|
||||
|
||||
ENV DEBIAN_FRONTEND='noninteractive'
|
||||
|
||||
RUN apt-get update \
|
||||
&& apt-get install --no-install-recommends -y \
|
||||
# Required to work with https-based repos and custom signed packages:
|
||||
apt-transport-https \
|
||||
ca-certificates \
|
||||
# Required for our install script:
|
||||
gnupg \
|
||||
sudo \
|
||||
wget \
|
||||
# Cleaning cache:
|
||||
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
|
||||
&& apt-get clean -y && rm -rf /var/lib/apt/lists/* \
|
||||
&& adduser --disabled-password nonroot \
|
||||
&& adduser nonroot sudo \
|
||||
&& echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
|
||||
USER nonroot
|
15
.ci/release-ci/fedora/Dockerfile
Normal file
15
.ci/release-ci/fedora/Dockerfile
Normal file
@ -0,0 +1,15 @@
|
||||
FROM fedora:34
|
||||
|
||||
LABEL maintainer="mail@sobolevn.me"
|
||||
LABEL vendor="git-secret team"
|
||||
|
||||
RUN dnf -y update \
|
||||
&& dnf install -y \
|
||||
# Required for our install script:
|
||||
wget \
|
||||
sudo \
|
||||
&& dnf clean all \
|
||||
&& rm -rf /var/cache/yum \
|
||||
&& adduser --password='' nonroot \
|
||||
&& echo 'nonroot ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
|
||||
USER nonroot
|
23
.ci/release-ci/ubuntu/Dockerfile
Normal file
23
.ci/release-ci/ubuntu/Dockerfile
Normal file
@ -0,0 +1,23 @@
|
||||
FROM debian:10.9-slim
|
||||
|
||||
LABEL maintainer="mail@sobolevn.me"
|
||||
LABEL vendor="git-secret team"
|
||||
|
||||
ENV DEBIAN_FRONTEND='noninteractive'
|
||||
|
||||
RUN apt-get update \
|
||||
&& apt-get install --no-install-recommends -y \
|
||||
# Required to work with https-based repos and custom signed packages:
|
||||
apt-transport-https \
|
||||
ca-certificates \
|
||||
# Required for our install script:
|
||||
gnupg \
|
||||
sudo \
|
||||
wget \
|
||||
# Cleaning cache:
|
||||
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
|
||||
&& apt-get clean -y && rm -rf /var/lib/apt/lists/* \
|
||||
&& adduser --disabled-password nonroot \
|
||||
&& adduser nonroot sudo \
|
||||
&& echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
|
||||
USER nonroot
|
@ -3,10 +3,12 @@
|
||||
|
||||
# TODO: Move to native image
|
||||
# see: https://github.com/jordansissel/fpm/issues/1782
|
||||
# Or we can switch to
|
||||
# https://github.com/goreleaser/nfpm
|
||||
FROM alpine:3.13
|
||||
|
||||
ENV CODE_DIR='/code'
|
||||
ENV SECRET_PROJECT_ROOT="$CODE_DIR"
|
||||
ENV SECRETS_PROJECT_ROOT="$CODE_DIR"
|
||||
|
||||
RUN apk add --no-cache --update \
|
||||
# fpm deps:
|
||||
|
20
.github/workflows/misspell.yml
vendored
20
.github/workflows/misspell.yml
vendored
@ -1,20 +0,0 @@
|
||||
name: misspell
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
schedule:
|
||||
- cron: '0 0 * * *'
|
||||
|
||||
jobs:
|
||||
build:
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: sobolevn/misspell-fixer-action@0.1.0
|
||||
- uses: peter-evans/create-pull-request@v3
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
commit-message: 'Fixes by misspell-fixer'
|
||||
title: 'Typos fix by misspell-fixer'
|
25
.github/workflows/release-ci.yml
vendored
Normal file
25
.github/workflows/release-ci.yml
vendored
Normal file
@ -0,0 +1,25 @@
|
||||
name: installation-
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
schedule:
|
||||
- cron: '0 0 * * *'
|
||||
|
||||
jobs:
|
||||
build:
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
matrix:
|
||||
include:
|
||||
- release-type: deb
|
||||
release-env: [debian, ubuntu]
|
||||
- release-type: rpm
|
||||
release-env: [centos, fedora]
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Run checks
|
||||
run: |
|
||||
SECRETS_RELEASE_ENV="${{ matrix.release-env }}" \
|
||||
SECRETS_RELEASE_TYPE="${{ matrix.release-type }}" \
|
||||
make release-ci
|
4
.github/workflows/test.yml
vendored
4
.github/workflows/test.yml
vendored
@ -19,7 +19,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
matrix:
|
||||
docker-based-test:
|
||||
docker-env:
|
||||
- debian-gnupg1 # We need to test legacy version of gnupg
|
||||
- debian-gnupg2
|
||||
- ubuntu
|
||||
@ -29,7 +29,7 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Run checks
|
||||
run: GITSECRET_DOCKER_ENV="${{ matrix.docker-based-test }}" make docker-ci
|
||||
run: SECRETS_DOCKER_ENV="${{ matrix.docker-env }}" make docker-ci
|
||||
|
||||
osx-ci:
|
||||
runs-on: macos-latest
|
||||
|
43
Makefile
43
Makefile
@ -37,26 +37,26 @@ uninstall:
|
||||
# Using a sub-shell we get the raw *nix paths, e.g. /c/Something
|
||||
.PHONY: test
|
||||
test: clean build
|
||||
export SECRET_PROJECT_ROOT="$(shell echo $${PWD})"; \
|
||||
export SECRETS_PROJECT_ROOT="$(shell echo $${PWD})"; \
|
||||
export PATH="$(shell echo $${PWD})/vendor/bats-core/bin:$(shell echo $${PWD}):$(shell echo $${PATH})"; \
|
||||
${SHELL} ./utils/tests.sh
|
||||
|
||||
# We use this script in CI and you can do this too!
|
||||
# What happens here?
|
||||
# 1. We pass `GITSECRET_DOCKER_ENV` variable into this job
|
||||
# 1. We pass `SECRETS_DOCKER_ENV` variable into this job
|
||||
# 2. Based on it, we select a proper `docker` image to run test on
|
||||
# 3. We execute `make test` inside the `docker` container
|
||||
.PHONY: docker-ci
|
||||
docker-ci: clean
|
||||
@[ -z "${GITSECRET_DOCKER_ENV}" ] \
|
||||
&& echo 'GITSECRET_DOCKER_ENV is unset' && exit 1 || true
|
||||
@[ -z "${SECRETS_DOCKER_ENV}" ] \
|
||||
&& echo 'SECRETS_DOCKER_ENV is unset' && exit 1 || true
|
||||
docker build \
|
||||
-f ".ci/docker-ci/$${GITSECRET_DOCKER_ENV}/Dockerfile" \
|
||||
-t "gitsecret-$${GITSECRET_DOCKER_ENV}:latest" .
|
||||
-f ".ci/docker-ci/$${SECRETS_DOCKER_ENV}/Dockerfile" \
|
||||
-t "gitsecret-$${SECRETS_DOCKER_ENV}:latest" .
|
||||
docker run --rm \
|
||||
--volume="$${PWD}:/code" \
|
||||
-w /code \
|
||||
"gitsecret-$${GITSECRET_DOCKER_ENV}" \
|
||||
"gitsecret-$${SECRETS_DOCKER_ENV}" \
|
||||
make test
|
||||
|
||||
.PHONY: lint-shell
|
||||
@ -122,22 +122,37 @@ docs: build-docs
|
||||
# Packaging:
|
||||
#
|
||||
|
||||
.PHONY: release-build
|
||||
release-build: clean build
|
||||
@[ -z "${GITSECRET_RELEASE_TYPE}" ] \
|
||||
&& echo 'GITSECRET_RELEASE_TYPE is unset' && exit 1 || true
|
||||
.PHONY: build-release
|
||||
build-release: clean build
|
||||
@[ -z "${SECRETS_RELEASE_TYPE}" ] \
|
||||
&& echo 'SECRETS_RELEASE_TYPE is unset' && exit 1 || true
|
||||
docker build \
|
||||
-f ".ci/releaser/alpine/Dockerfile" \
|
||||
-t "gitsecret-releaser:latest" .
|
||||
docker run \
|
||||
--volume="$${PWD}:/code" \
|
||||
--rm gitsecret-releaser \
|
||||
bash "./utils/$${GITSECRET_RELEASE_TYPE}/build.sh"
|
||||
bash "./utils/$${SECRETS_RELEASE_TYPE}/build.sh"
|
||||
|
||||
.PHONY: release
|
||||
release: release-build
|
||||
release: build-release
|
||||
docker run \
|
||||
--volume="$${PWD}:/code" \
|
||||
-e SECRETS_ARTIFACTORY_CREDENTIALS \
|
||||
--rm gitsecret-releaser \
|
||||
bash "./utils/$${GITSECRET_RELEASE_TYPE}/deploy.sh"
|
||||
bash "./utils/$${SECRETS_RELEASE_TYPE}/deploy.sh"
|
||||
|
||||
.PHONY: release-ci
|
||||
release-ci:
|
||||
@[ -z "${SECRETS_RELEASE_ENV}" ] \
|
||||
&& echo 'SECRETS_RELEASE_ENV is unset' && exit 1 || true
|
||||
@[ -z "${SECRETS_RELEASE_TYPE}" ] \
|
||||
&& echo 'SECRETS_RELEASE_TYPE is unset' && exit 1 || true
|
||||
docker build \
|
||||
-f ".ci/release-ci/$${SECRETS_RELEASE_ENV}/Dockerfile" \
|
||||
-t "gitsecret-release-$${SECRETS_RELEASE_ENV}:latest" .
|
||||
docker run --rm \
|
||||
--volume="$${PWD}:/code" \
|
||||
-w /code \
|
||||
"gitsecret-release-$${SECRETS_RELEASE_ENV}" \
|
||||
bash -c "set -e; bash "./utils/$${SECRETS_RELEASE_TYPE}/install.sh""
|
||||
|
4
docs/_includes/install-deb.sh
Normal file
4
docs/_includes/install-deb.sh
Normal file
@ -0,0 +1,4 @@
|
||||
sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list"
|
||||
wget -qO - 'https://gitsecret.jfrog.io/artifactory/api/gpg/key/public' | sudo apt-key add -
|
||||
sudo apt-get update && sudo apt-get install -y git-secret
|
||||
git secret --version
|
4
docs/_includes/install-rpm.sh
Normal file
4
docs/_includes/install-rpm.sh
Normal file
@ -0,0 +1,4 @@
|
||||
wget https://raw.githubusercontent.com/sobolevn/git-secret/master/utils/rpm/git-secret.repo -O git-secret-rpm.repo
|
||||
# Inspect what's inside! You can also enable `gpg` check on repo level.
|
||||
sudo mv git-secret-rpm.repo /etc/yum.repos.d/
|
||||
sudo yum install -y git-secret
|
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret-add'
|
||||
date: 2021-05-04 12:15:29 +0300
|
||||
date: 2021-05-05 15:37:26 +0300
|
||||
permalink: git-secret-add
|
||||
categories: command
|
||||
---
|
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret-cat'
|
||||
date: 2021-05-04 12:15:29 +0300
|
||||
date: 2021-05-05 15:37:26 +0300
|
||||
permalink: git-secret-cat
|
||||
categories: command
|
||||
---
|
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret-changes'
|
||||
date: 2021-05-04 12:15:29 +0300
|
||||
date: 2021-05-05 15:37:26 +0300
|
||||
permalink: git-secret-changes
|
||||
categories: command
|
||||
---
|
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret-clean'
|
||||
date: 2021-05-04 12:15:29 +0300
|
||||
date: 2021-05-05 15:37:26 +0300
|
||||
permalink: git-secret-clean
|
||||
categories: command
|
||||
---
|
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret-hide'
|
||||
date: 2021-05-04 12:15:29 +0300
|
||||
date: 2021-05-05 15:37:26 +0300
|
||||
permalink: git-secret-hide
|
||||
categories: command
|
||||
---
|
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret-init'
|
||||
date: 2021-05-04 12:15:29 +0300
|
||||
date: 2021-05-05 15:37:26 +0300
|
||||
permalink: git-secret-init
|
||||
categories: command
|
||||
---
|
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret-killperson'
|
||||
date: 2021-05-04 12:15:29 +0300
|
||||
date: 2021-05-05 15:37:26 +0300
|
||||
permalink: git-secret-killperson
|
||||
categories: command
|
||||
---
|
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret-list'
|
||||
date: 2021-05-04 12:15:29 +0300
|
||||
date: 2021-05-05 15:37:26 +0300
|
||||
permalink: git-secret-list
|
||||
categories: command
|
||||
---
|
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret-remove'
|
||||
date: 2021-05-04 12:15:29 +0300
|
||||
date: 2021-05-05 15:37:26 +0300
|
||||
permalink: git-secret-remove
|
||||
categories: command
|
||||
---
|
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret-reveal'
|
||||
date: 2021-05-04 12:15:29 +0300
|
||||
date: 2021-05-05 15:37:26 +0300
|
||||
permalink: git-secret-reveal
|
||||
categories: command
|
||||
---
|
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret-tell'
|
||||
date: 2021-05-04 12:15:29 +0300
|
||||
date: 2021-05-05 15:37:26 +0300
|
||||
permalink: git-secret-tell
|
||||
categories: command
|
||||
---
|
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret-usage'
|
||||
date: 2021-05-04 12:15:29 +0300
|
||||
date: 2021-05-05 15:37:26 +0300
|
||||
permalink: git-secret-usage
|
||||
categories: command
|
||||
---
|
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret-whoknows'
|
||||
date: 2021-05-04 12:15:29 +0300
|
||||
date: 2021-05-05 15:37:26 +0300
|
||||
permalink: git-secret-whoknows
|
||||
categories: command
|
||||
---
|
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret'
|
||||
date: 2021-05-04 12:15:29 +0300
|
||||
date: 2021-05-05 15:37:26 +0300
|
||||
permalink: git-secret
|
||||
categories: usage
|
||||
---
|
@ -58,5 +58,15 @@ categories: usage
|
||||
cat "$MAN7_LOCATION/git-secret.7.md" >> "$usage_filename"
|
||||
}
|
||||
|
||||
|
||||
function copy_install_scripts {
|
||||
# We test these scripts using `release-ci`,
|
||||
# so, installation instructions will always be up-to-date:
|
||||
cp utils/deb/install.sh docs/_includes/install-deb.sh
|
||||
cp utils/rpm/install.sh docs/_includes/install-rpm.sh
|
||||
}
|
||||
|
||||
|
||||
checkout_manuals
|
||||
copy_to_posts
|
||||
copy_install_scripts
|
||||
|
@ -38,10 +38,7 @@ You can find the `deb` repository [here](https://gitsecret.jfrog.io/artifactory/
|
||||
Pre-requirements: make sure you have installed `apt-transport-https` and `ca-certificates`
|
||||
|
||||
```bash
|
||||
sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list"
|
||||
wget -qO - https://gitsecret.jfrog.io/artifactory/api/gpg/key/public | sudo apt-key add -
|
||||
sudo apt-get update
|
||||
sudo apt-get install git-secret
|
||||
{% include install-deb.sh %}
|
||||
```
|
||||
|
||||
---
|
||||
@ -51,12 +48,11 @@ sudo apt-get install git-secret
|
||||
You can find the `rpm` repository [here](https://gitsecret.jfrog.io/artifactory/git-secret-rpm/).
|
||||
|
||||
```bash
|
||||
wget https://raw.githubusercontent.com/sobolevn/git-secret/master/utils/rpm/git-secret.repo -O git-secret-rpm.repo
|
||||
# Inspect what's inside! You can also enable `gpg` check on repo level.
|
||||
sudo mv git-secret-rpm.repo /etc/yum.repos.d/
|
||||
sudo yum install git-secret
|
||||
{% include install-rpm.sh %}
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
### Arch Linux
|
||||
|
||||
The _Arch_ way to install git-secret is to use the directions for
|
||||
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -4,12 +4,12 @@
|
||||
# https://github.com/bats-core/bats-core
|
||||
|
||||
# shellcheck disable=SC1090
|
||||
source "$SECRET_PROJECT_ROOT/src/version.sh"
|
||||
source "$SECRETS_PROJECT_ROOT/src/version.sh"
|
||||
# shellcheck disable=SC1090
|
||||
source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools.sh"
|
||||
source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools_freebsd.sh"
|
||||
source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools_linux.sh"
|
||||
source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools_osx.sh"
|
||||
source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools.sh"
|
||||
source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools_freebsd.sh"
|
||||
source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools_linux.sh"
|
||||
source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools_osx.sh"
|
||||
|
||||
# Constants:
|
||||
FIXTURES_DIR="$BATS_TEST_DIRNAME/fixtures"
|
||||
@ -47,27 +47,27 @@ GPGTEST="$SECRETS_GPG_COMMAND --homedir=$TEST_GPG_HOMEDIR --no-permission-warnin
|
||||
# See tests/fixtures/gpg/README.md for more
|
||||
# on key fixtures 'user[1-5]@gitsecret.io'
|
||||
# these two are 'normal' keys.
|
||||
export TEST_DEFAULT_USER="user1@gitsecret.io"
|
||||
export TEST_SECOND_USER="user2@gitsecret.io"
|
||||
export TEST_DEFAULT_USER='user1@gitsecret.io'
|
||||
export TEST_SECOND_USER='user2@gitsecret.io'
|
||||
|
||||
# TEST_NONAME_USER (user3) created with '--quick-key-generate'
|
||||
# and has only an email, no username.
|
||||
export TEST_NONAME_USER="user3@gitsecret.io"
|
||||
export TEST_NONAME_USER='user3@gitsecret.io'
|
||||
|
||||
# TEST_EXPIRED_USER (user4) has expired
|
||||
export TEST_EXPIRED_USER="user4@gitsecret.io" # this key expires 2018-09-24
|
||||
export TEST_EXPIRED_USER='user4@gitsecret.io' # this key expires 2018-09-24
|
||||
|
||||
# fixture filename is named this,
|
||||
# but key has no email and a comment, as per #527
|
||||
export TEST_NOEMAIL_COMMENT_USER="user5@gitsecret.io"
|
||||
export TEST_NOEMAIL_COMMENT_USER='user5@gitsecret.io'
|
||||
|
||||
export TEST_ATTACKER_USER="attacker1@gitsecret.io"
|
||||
export TEST_ATTACKER_USER='attacker1@gitsecret.io'
|
||||
|
||||
|
||||
export TEST_DEFAULT_FILENAME="space file" # has spaces
|
||||
export TEST_SECOND_FILENAME="space file two" # has spaces
|
||||
export TEST_THIRD_FILENAME="space file three" # has spaces
|
||||
export TEST_FOURTH_FILENAME="space file three [] * $" # has spaces and special chars
|
||||
export TEST_DEFAULT_FILENAME='space file' # has spaces
|
||||
export TEST_SECOND_FILENAME='space file two' # has spaces
|
||||
export TEST_THIRD_FILENAME='space file three' # has spaces
|
||||
export TEST_FOURTH_FILENAME='space file three [] * $' # has spaces and special chars
|
||||
|
||||
|
||||
function test_user_password {
|
||||
@ -83,14 +83,14 @@ function test_user_password {
|
||||
function stop_gpg_agent {
|
||||
local username
|
||||
username=$(id -u -n)
|
||||
if [[ "$GITSECRET_DIST" == "windows" ]]; then
|
||||
if [[ "$SECRETS_DOCKER_ENV" == 'windows' ]]; then
|
||||
ps -l -u "$username" | gawk \
|
||||
'/gpg-agent/ { if ( $0 !~ "awk" ) { system("kill "$1) } }' >> "$TEST_GPG_OUTPUT_FILE" 2>&1
|
||||
else
|
||||
local ps_is_busybox
|
||||
ps_is_busybox=_exe_is_busybox "ps"
|
||||
if [[ $ps_is_busybox -eq "1" ]]; then
|
||||
echo "# git-secret: tests: not stopping gpg-agent on busybox" >&3
|
||||
ps_is_busybox=_exe_is_busybox 'ps'
|
||||
if [[ $ps_is_busybox -eq '1' ]]; then
|
||||
echo '# git-secret: tests: not stopping gpg-agent on busybox' >&3
|
||||
else
|
||||
ps -wx -U "$username" | gawk \
|
||||
'/gpg-agent --homedir/ { if ( $0 !~ "awk" ) { system("kill "$1) } }' >> "$TEST_GPG_OUTPUT_FILE" 2>&1
|
||||
@ -104,7 +104,7 @@ function get_gpgtest_prefix {
|
||||
# shellcheck disable=SC2086
|
||||
echo "echo \"$(test_user_password $1)\" | "
|
||||
else
|
||||
echo ""
|
||||
echo ''
|
||||
fi
|
||||
}
|
||||
|
||||
@ -242,7 +242,7 @@ function set_state_secret_add {
|
||||
local filename="$1"
|
||||
local content="$2"
|
||||
echo "$content" > "$filename" # we add a newline
|
||||
echo "$filename" >> ".gitignore"
|
||||
echo "$filename" >> '.gitignore'
|
||||
|
||||
git secret add "$filename" >> "$TEST_GPG_OUTPUT_FILE" 2>&1
|
||||
}
|
||||
@ -251,7 +251,7 @@ function set_state_secret_add_without_newline {
|
||||
local filename="$1"
|
||||
local content="$2"
|
||||
echo -n "$content" > "$filename" # we do not add a newline
|
||||
echo "$filename" >> ".gitignore"
|
||||
echo "$filename" >> '.gitignore'
|
||||
|
||||
git secret add "$filename" >> "$TEST_GPG_OUTPUT_FILE" 2>&1
|
||||
}
|
||||
@ -275,7 +275,7 @@ function unset_current_state {
|
||||
secrets_dir=$(_get_secrets_dir)
|
||||
|
||||
rm -rf "$secrets_dir"
|
||||
rm -rf ".gitignore"
|
||||
rm -rf '.gitignore'
|
||||
|
||||
# unsets `git` state
|
||||
remove_git_repository
|
||||
@ -308,7 +308,7 @@ function unset_current_state {
|
||||
rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_FOURTH_FILENAME}" 2>&1 | sed 's/^/# unset_current_state: rm /'
|
||||
|
||||
# return to the base dir:
|
||||
cd "$SECRET_PROJECT_ROOT" || exit 1
|
||||
cd "$SECRETS_PROJECT_ROOT" || exit 1
|
||||
}
|
||||
|
||||
# show output if we wind up manually removing the test output file in a trap
|
||||
|
@ -7,7 +7,7 @@ INSTALL_BASE="${TMPDIR}/git-secret-test-install"
|
||||
|
||||
@test "install git-secret to DESTDIR='$INSTALL_BASE'" {
|
||||
rm -f "$INSTALL_BASE/usr/bin/git-secret"
|
||||
cd "$SECRET_PROJECT_ROOT"
|
||||
cd "$SECRETS_PROJECT_ROOT"
|
||||
|
||||
# set DESTDIR for this command and 'run' make install
|
||||
DESTDIR="$INSTALL_BASE" run make install
|
||||
|
@ -3,7 +3,7 @@
|
||||
set -e
|
||||
|
||||
# shellcheck disable=SC1090,SC1091
|
||||
source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
|
||||
source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
|
||||
|
||||
preinstall_files '-c'
|
||||
|
||||
@ -11,4 +11,4 @@ preinstall_files '-c'
|
||||
cd "$SCRIPT_DEST_DIR" && build_package 'apk'
|
||||
|
||||
# Cleaning up:
|
||||
clean_up_files && cd "$SECRET_PROJECT_ROOT"
|
||||
clean_up_files && cd "$SECRETS_PROJECT_ROOT"
|
||||
|
@ -8,11 +8,9 @@ if [ -z "$SECRETS_ARTIFACTORY_CREDENTIALS" ]; then
|
||||
fi
|
||||
|
||||
# shellcheck disable=SC1090,SC1091
|
||||
source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
|
||||
# shellcheck disable=SC1090,SC1091
|
||||
source "$SECRET_PROJECT_ROOT/src/version.sh"
|
||||
source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
|
||||
|
||||
VERSION_NAME="git-secret-${GITSECRET_VERSION}.apk"
|
||||
VERSION_NAME="git-secret-${SCRIPT_VERSION}.apk"
|
||||
|
||||
# Artifactory location:
|
||||
BASE_API_URL='https://gitsecret.jfrog.io/artifactory'
|
||||
|
@ -2,13 +2,16 @@
|
||||
|
||||
set -e
|
||||
|
||||
# shellcheck disable=SC1090,SC1091
|
||||
source "$SECRETS_PROJECT_ROOT/src/version.sh"
|
||||
|
||||
# Initializing and settings:
|
||||
READ_PERM=0644
|
||||
EXEC_PERM=0755
|
||||
|
||||
SCRIPT_NAME='git-secret'
|
||||
SCRIPT_DESCRIPTION='A bash-tool to store your private data inside a git repository.'
|
||||
SCRIPT_VERSION="$(bash "${PWD}"/git-secret --version)"
|
||||
SCRIPT_VERSION="$GITSECRET_VERSION"
|
||||
|
||||
# This may be overridden:
|
||||
if [[ -z "$SCRIPT_BUILD_DIR" ]]; then
|
||||
@ -38,8 +41,8 @@ function preinstall_files {
|
||||
"$SCRIPT_DEST_DIR/usr/bin/$SCRIPT_NAME"
|
||||
|
||||
# Install the manualls:
|
||||
install -m "$EXEC_PERM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man1"
|
||||
install -m "$EXEC_PERM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man7"
|
||||
install -m "$EXEC_PERM" -d "$SCRIPT_DEST_DIR/usr/share/man/man1"
|
||||
install -m "$EXEC_PERM" -d "$SCRIPT_DEST_DIR/usr/share/man/man7"
|
||||
for file in man/man1/* ; do
|
||||
if [[ "$file" == *.md ]]; then
|
||||
continue
|
||||
@ -62,21 +65,21 @@ function build_package {
|
||||
# coreutils is for sha256sum
|
||||
# See https://github.com/jordansissel/fpm for docs:
|
||||
fpm \
|
||||
-s dir \
|
||||
-t "$build_type" \
|
||||
-a all \
|
||||
-n "$SCRIPT_NAME" \
|
||||
--input-type 'dir' \
|
||||
--output-type "$build_type" \
|
||||
--chdir "$SCRIPT_DEST_DIR" \
|
||||
--architecture 'all' \
|
||||
--name "$SCRIPT_NAME" \
|
||||
--version "$SCRIPT_VERSION" \
|
||||
--description "$SCRIPT_DESCRIPTION" \
|
||||
--url "https://git-secret.io" \
|
||||
--maintainer "Nikita Sobolev (mail@sobolevn.me)" \
|
||||
--license "MIT" \
|
||||
-C "$SCRIPT_DEST_DIR" \
|
||||
-d "bash" \
|
||||
-d "coreutils" \
|
||||
-d "gawk" \
|
||||
-d "git" \
|
||||
-d "gnupg" \
|
||||
--url 'https://git-secret.io' \
|
||||
--maintainer 'Nikita Sobolev (mail@sobolevn.me)' \
|
||||
--license 'MIT' \
|
||||
--depends 'bash' \
|
||||
--depends 'coreutils' \
|
||||
--depends 'gawk' \
|
||||
--depends 'git' \
|
||||
--depends 'gnupg' \
|
||||
--deb-no-default-config-files \
|
||||
.
|
||||
}
|
||||
|
@ -3,7 +3,7 @@
|
||||
set -e
|
||||
|
||||
# shellcheck disable=SC1090,SC1091
|
||||
source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
|
||||
source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
|
||||
|
||||
preinstall_files '-c'
|
||||
|
||||
@ -11,4 +11,4 @@ preinstall_files '-c'
|
||||
cd "$SCRIPT_DEST_DIR" && build_package 'deb'
|
||||
|
||||
# Cleaning up:
|
||||
clean_up_files && cd "$SECRET_PROJECT_ROOT"
|
||||
clean_up_files && cd "$SECRETS_PROJECT_ROOT"
|
||||
|
@ -8,7 +8,7 @@ if [ -z "$SECRETS_ARTIFACTORY_CREDENTIALS" ]; then
|
||||
fi
|
||||
|
||||
# shellcheck disable=SC1090,SC1091
|
||||
source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
|
||||
source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
|
||||
|
||||
# Artifactory location:
|
||||
BASE_API_URL='https://gitsecret.jfrog.io/artifactory'
|
||||
|
5
utils/deb/install.sh
Normal file
5
utils/deb/install.sh
Normal file
@ -0,0 +1,5 @@
|
||||
sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list"
|
||||
wget -qO - 'https://gitsecret.jfrog.io/artifactory/api/gpg/key/public' | sudo apt-key add -
|
||||
sudo apt-get update && sudo apt-get install -y git-secret
|
||||
# Testing, that it worked:
|
||||
git secret --version
|
@ -3,7 +3,7 @@
|
||||
set -e
|
||||
|
||||
# shellcheck disable=SC1090,SC1091
|
||||
source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
|
||||
source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
|
||||
|
||||
# Copying all the required files to the build directory:
|
||||
preinstall_files '-c'
|
||||
@ -12,4 +12,4 @@ preinstall_files '-c'
|
||||
cd "$SCRIPT_DEST_DIR" && build_package 'rpm'
|
||||
|
||||
# Cleaning up:
|
||||
clean_up_files && cd "$SECRET_PROJECT_ROOT"
|
||||
clean_up_files && cd "$SECRETS_PROJECT_ROOT"
|
||||
|
@ -8,7 +8,7 @@ if [ -z "$SECRETS_ARTIFACTORY_CREDENTIALS" ]; then
|
||||
fi
|
||||
|
||||
# shellcheck disable=SC1090,SC1091
|
||||
source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
|
||||
source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
|
||||
|
||||
# Artifactory location:
|
||||
BASE_API_URL='https://gitsecret.jfrog.io/artifactory'
|
||||
|
@ -4,6 +4,6 @@ baseurl=https://gitsecret.jfrog.io/artifactory/git-secret-rpm
|
||||
enabled=1
|
||||
gpgcheck=0
|
||||
|
||||
# Uncomment the following lines to enable repository-level GPG key check:
|
||||
## Uncomment the following lines to enable repository-level GPG key check:
|
||||
# gpgkey=https://gitsecret.jfrog.io/artifactory/git-secret-rpm/repodata/repomd.xml.key
|
||||
# repo_gpgcheck=1
|
||||
|
6
utils/rpm/install.sh
Normal file
6
utils/rpm/install.sh
Normal file
@ -0,0 +1,6 @@
|
||||
wget https://raw.githubusercontent.com/sobolevn/git-secret/master/utils/rpm/git-secret.repo -O git-secret-rpm.repo
|
||||
# Inspect what's inside! You can also enable `gpg` check on repo level.
|
||||
sudo mv git-secret-rpm.repo /etc/yum.repos.d/
|
||||
sudo yum install -y git-secret
|
||||
# Testing, that it worked:
|
||||
git secret --version
|
@ -1,6 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# `SECRET_PROJECT_ROOT` must be set before running the script.
|
||||
# `SECRETS_PROJECT_ROOT` must be set before running the script.
|
||||
|
||||
set -e
|
||||
|
||||
@ -25,7 +25,7 @@ chmod 0700 "${TEST_DIR}"
|
||||
# bats expects diagnostic lines to be sent to fd 3, matching regex '^# '
|
||||
# (IE, like: `echo '# message here' >&3`).
|
||||
# bats ... 3>&1 shows diagnostic output
|
||||
bats "${SECRET_PROJECT_ROOT}/tests" 3>&1
|
||||
bats "${SECRETS_PROJECT_ROOT}/tests" 3>&1
|
||||
)
|
||||
|
||||
rm -rf "${TEST_DIR}"
|
||||
|
Loading…
Reference in New Issue
Block a user