Adds release-ci script to test installation (#664)

* Adds release-ci script to test installation

* Fixes CI

* Fixes CI

* Renames some variables to follow the same SECRETS_ convention
This commit is contained in:
Nikita Sobolev 2021-05-05 15:59:28 +03:00 committed by GitHub
parent fcf25ff546
commit 19941f91f4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
54 changed files with 239 additions and 115 deletions

View File

@ -0,0 +1,15 @@
FROM centos:8
LABEL maintainer="mail@sobolevn.me"
LABEL vendor="git-secret team"
RUN dnf -y update \
&& dnf install -y \
# Required for our install script:
wget \
sudo \
&& dnf clean all \
&& rm -rf /var/cache/yum \
&& adduser --password='' nonroot \
&& echo 'nonroot ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
USER nonroot

View File

@ -0,0 +1,23 @@
FROM debian:10.9-slim
LABEL maintainer="mail@sobolevn.me"
LABEL vendor="git-secret team"
ENV DEBIAN_FRONTEND='noninteractive'
RUN apt-get update \
&& apt-get install --no-install-recommends -y \
# Required to work with https-based repos and custom signed packages:
apt-transport-https \
ca-certificates \
# Required for our install script:
gnupg \
sudo \
wget \
# Cleaning cache:
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
&& apt-get clean -y && rm -rf /var/lib/apt/lists/* \
&& adduser --disabled-password nonroot \
&& adduser nonroot sudo \
&& echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
USER nonroot

View File

@ -0,0 +1,15 @@
FROM fedora:34
LABEL maintainer="mail@sobolevn.me"
LABEL vendor="git-secret team"
RUN dnf -y update \
&& dnf install -y \
# Required for our install script:
wget \
sudo \
&& dnf clean all \
&& rm -rf /var/cache/yum \
&& adduser --password='' nonroot \
&& echo 'nonroot ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
USER nonroot

View File

@ -0,0 +1,23 @@
FROM debian:10.9-slim
LABEL maintainer="mail@sobolevn.me"
LABEL vendor="git-secret team"
ENV DEBIAN_FRONTEND='noninteractive'
RUN apt-get update \
&& apt-get install --no-install-recommends -y \
# Required to work with https-based repos and custom signed packages:
apt-transport-https \
ca-certificates \
# Required for our install script:
gnupg \
sudo \
wget \
# Cleaning cache:
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
&& apt-get clean -y && rm -rf /var/lib/apt/lists/* \
&& adduser --disabled-password nonroot \
&& adduser nonroot sudo \
&& echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
USER nonroot

View File

@ -3,10 +3,12 @@
# TODO: Move to native image
# see: https://github.com/jordansissel/fpm/issues/1782
# Or we can switch to
# https://github.com/goreleaser/nfpm
FROM alpine:3.13
ENV CODE_DIR='/code'
ENV SECRET_PROJECT_ROOT="$CODE_DIR"
ENV SECRETS_PROJECT_ROOT="$CODE_DIR"
RUN apk add --no-cache --update \
# fpm deps:

View File

@ -1,20 +0,0 @@
name: misspell
on:
workflow_dispatch:
schedule:
- cron: '0 0 * * *'
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: sobolevn/misspell-fixer-action@0.1.0
- uses: peter-evans/create-pull-request@v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
commit-message: 'Fixes by misspell-fixer'
title: 'Typos fix by misspell-fixer'

25
.github/workflows/release-ci.yml vendored Normal file
View File

@ -0,0 +1,25 @@
name: installation-
on:
workflow_dispatch:
schedule:
- cron: '0 0 * * *'
jobs:
build:
runs-on: ubuntu-latest
matrix:
include:
- release-type: deb
release-env: [debian, ubuntu]
- release-type: rpm
release-env: [centos, fedora]
steps:
- uses: actions/checkout@v2
- name: Run checks
run: |
SECRETS_RELEASE_ENV="${{ matrix.release-env }}" \
SECRETS_RELEASE_TYPE="${{ matrix.release-type }}" \
make release-ci

View File

@ -19,7 +19,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
docker-based-test:
docker-env:
- debian-gnupg1 # We need to test legacy version of gnupg
- debian-gnupg2
- ubuntu
@ -29,7 +29,7 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: Run checks
run: GITSECRET_DOCKER_ENV="${{ matrix.docker-based-test }}" make docker-ci
run: SECRETS_DOCKER_ENV="${{ matrix.docker-env }}" make docker-ci
osx-ci:
runs-on: macos-latest

View File

@ -37,26 +37,26 @@ uninstall:
# Using a sub-shell we get the raw *nix paths, e.g. /c/Something
.PHONY: test
test: clean build
export SECRET_PROJECT_ROOT="$(shell echo $${PWD})"; \
export SECRETS_PROJECT_ROOT="$(shell echo $${PWD})"; \
export PATH="$(shell echo $${PWD})/vendor/bats-core/bin:$(shell echo $${PWD}):$(shell echo $${PATH})"; \
${SHELL} ./utils/tests.sh
# We use this script in CI and you can do this too!
# What happens here?
# 1. We pass `GITSECRET_DOCKER_ENV` variable into this job
# 1. We pass `SECRETS_DOCKER_ENV` variable into this job
# 2. Based on it, we select a proper `docker` image to run test on
# 3. We execute `make test` inside the `docker` container
.PHONY: docker-ci
docker-ci: clean
@[ -z "${GITSECRET_DOCKER_ENV}" ] \
&& echo 'GITSECRET_DOCKER_ENV is unset' && exit 1 || true
@[ -z "${SECRETS_DOCKER_ENV}" ] \
&& echo 'SECRETS_DOCKER_ENV is unset' && exit 1 || true
docker build \
-f ".ci/docker-ci/$${GITSECRET_DOCKER_ENV}/Dockerfile" \
-t "gitsecret-$${GITSECRET_DOCKER_ENV}:latest" .
-f ".ci/docker-ci/$${SECRETS_DOCKER_ENV}/Dockerfile" \
-t "gitsecret-$${SECRETS_DOCKER_ENV}:latest" .
docker run --rm \
--volume="$${PWD}:/code" \
-w /code \
"gitsecret-$${GITSECRET_DOCKER_ENV}" \
"gitsecret-$${SECRETS_DOCKER_ENV}" \
make test
.PHONY: lint-shell
@ -122,22 +122,37 @@ docs: build-docs
# Packaging:
#
.PHONY: release-build
release-build: clean build
@[ -z "${GITSECRET_RELEASE_TYPE}" ] \
&& echo 'GITSECRET_RELEASE_TYPE is unset' && exit 1 || true
.PHONY: build-release
build-release: clean build
@[ -z "${SECRETS_RELEASE_TYPE}" ] \
&& echo 'SECRETS_RELEASE_TYPE is unset' && exit 1 || true
docker build \
-f ".ci/releaser/alpine/Dockerfile" \
-t "gitsecret-releaser:latest" .
docker run \
--volume="$${PWD}:/code" \
--rm gitsecret-releaser \
bash "./utils/$${GITSECRET_RELEASE_TYPE}/build.sh"
bash "./utils/$${SECRETS_RELEASE_TYPE}/build.sh"
.PHONY: release
release: release-build
release: build-release
docker run \
--volume="$${PWD}:/code" \
-e SECRETS_ARTIFACTORY_CREDENTIALS \
--rm gitsecret-releaser \
bash "./utils/$${GITSECRET_RELEASE_TYPE}/deploy.sh"
bash "./utils/$${SECRETS_RELEASE_TYPE}/deploy.sh"
.PHONY: release-ci
release-ci:
@[ -z "${SECRETS_RELEASE_ENV}" ] \
&& echo 'SECRETS_RELEASE_ENV is unset' && exit 1 || true
@[ -z "${SECRETS_RELEASE_TYPE}" ] \
&& echo 'SECRETS_RELEASE_TYPE is unset' && exit 1 || true
docker build \
-f ".ci/release-ci/$${SECRETS_RELEASE_ENV}/Dockerfile" \
-t "gitsecret-release-$${SECRETS_RELEASE_ENV}:latest" .
docker run --rm \
--volume="$${PWD}:/code" \
-w /code \
"gitsecret-release-$${SECRETS_RELEASE_ENV}" \
bash -c "set -e; bash "./utils/$${SECRETS_RELEASE_TYPE}/install.sh""

View File

@ -0,0 +1,4 @@
sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list"
wget -qO - 'https://gitsecret.jfrog.io/artifactory/api/gpg/key/public' | sudo apt-key add -
sudo apt-get update && sudo apt-get install -y git-secret
git secret --version

View File

@ -0,0 +1,4 @@
wget https://raw.githubusercontent.com/sobolevn/git-secret/master/utils/rpm/git-secret.repo -O git-secret-rpm.repo
# Inspect what's inside! You can also enable `gpg` check on repo level.
sudo mv git-secret-rpm.repo /etc/yum.repos.d/
sudo yum install -y git-secret

View File

@ -1,7 +1,7 @@
---
layout: post
title: 'git-secret-add'
date: 2021-05-04 12:15:29 +0300
date: 2021-05-05 15:37:26 +0300
permalink: git-secret-add
categories: command
---

View File

@ -1,7 +1,7 @@
---
layout: post
title: 'git-secret-cat'
date: 2021-05-04 12:15:29 +0300
date: 2021-05-05 15:37:26 +0300
permalink: git-secret-cat
categories: command
---

View File

@ -1,7 +1,7 @@
---
layout: post
title: 'git-secret-changes'
date: 2021-05-04 12:15:29 +0300
date: 2021-05-05 15:37:26 +0300
permalink: git-secret-changes
categories: command
---

View File

@ -1,7 +1,7 @@
---
layout: post
title: 'git-secret-clean'
date: 2021-05-04 12:15:29 +0300
date: 2021-05-05 15:37:26 +0300
permalink: git-secret-clean
categories: command
---

View File

@ -1,7 +1,7 @@
---
layout: post
title: 'git-secret-hide'
date: 2021-05-04 12:15:29 +0300
date: 2021-05-05 15:37:26 +0300
permalink: git-secret-hide
categories: command
---

View File

@ -1,7 +1,7 @@
---
layout: post
title: 'git-secret-init'
date: 2021-05-04 12:15:29 +0300
date: 2021-05-05 15:37:26 +0300
permalink: git-secret-init
categories: command
---

View File

@ -1,7 +1,7 @@
---
layout: post
title: 'git-secret-killperson'
date: 2021-05-04 12:15:29 +0300
date: 2021-05-05 15:37:26 +0300
permalink: git-secret-killperson
categories: command
---

View File

@ -1,7 +1,7 @@
---
layout: post
title: 'git-secret-list'
date: 2021-05-04 12:15:29 +0300
date: 2021-05-05 15:37:26 +0300
permalink: git-secret-list
categories: command
---

View File

@ -1,7 +1,7 @@
---
layout: post
title: 'git-secret-remove'
date: 2021-05-04 12:15:29 +0300
date: 2021-05-05 15:37:26 +0300
permalink: git-secret-remove
categories: command
---

View File

@ -1,7 +1,7 @@
---
layout: post
title: 'git-secret-reveal'
date: 2021-05-04 12:15:29 +0300
date: 2021-05-05 15:37:26 +0300
permalink: git-secret-reveal
categories: command
---

View File

@ -1,7 +1,7 @@
---
layout: post
title: 'git-secret-tell'
date: 2021-05-04 12:15:29 +0300
date: 2021-05-05 15:37:26 +0300
permalink: git-secret-tell
categories: command
---

View File

@ -1,7 +1,7 @@
---
layout: post
title: 'git-secret-usage'
date: 2021-05-04 12:15:29 +0300
date: 2021-05-05 15:37:26 +0300
permalink: git-secret-usage
categories: command
---

View File

@ -1,7 +1,7 @@
---
layout: post
title: 'git-secret-whoknows'
date: 2021-05-04 12:15:29 +0300
date: 2021-05-05 15:37:26 +0300
permalink: git-secret-whoknows
categories: command
---

View File

@ -1,7 +1,7 @@
---
layout: post
title: 'git-secret'
date: 2021-05-04 12:15:29 +0300
date: 2021-05-05 15:37:26 +0300
permalink: git-secret
categories: usage
---

View File

@ -58,5 +58,15 @@ categories: usage
cat "$MAN7_LOCATION/git-secret.7.md" >> "$usage_filename"
}
function copy_install_scripts {
# We test these scripts using `release-ci`,
# so, installation instructions will always be up-to-date:
cp utils/deb/install.sh docs/_includes/install-deb.sh
cp utils/rpm/install.sh docs/_includes/install-rpm.sh
}
checkout_manuals
copy_to_posts
copy_install_scripts

View File

@ -38,10 +38,7 @@ You can find the `deb` repository [here](https://gitsecret.jfrog.io/artifactory/
Pre-requirements: make sure you have installed `apt-transport-https` and `ca-certificates`
```bash
sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list"
wget -qO - https://gitsecret.jfrog.io/artifactory/api/gpg/key/public | sudo apt-key add -
sudo apt-get update
sudo apt-get install git-secret
{% include install-deb.sh %}
```
---
@ -51,12 +48,11 @@ sudo apt-get install git-secret
You can find the `rpm` repository [here](https://gitsecret.jfrog.io/artifactory/git-secret-rpm/).
```bash
wget https://raw.githubusercontent.com/sobolevn/git-secret/master/utils/rpm/git-secret.repo -O git-secret-rpm.repo
# Inspect what's inside! You can also enable `gpg` check on repo level.
sudo mv git-secret-rpm.repo /etc/yum.repos.d/
sudo yum install git-secret
{% include install-rpm.sh %}
```
---
### Arch Linux
The _Arch_ way to install git-secret is to use the directions for

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -4,12 +4,12 @@
# https://github.com/bats-core/bats-core
# shellcheck disable=SC1090
source "$SECRET_PROJECT_ROOT/src/version.sh"
source "$SECRETS_PROJECT_ROOT/src/version.sh"
# shellcheck disable=SC1090
source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools.sh"
source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools_freebsd.sh"
source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools_linux.sh"
source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools_osx.sh"
source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools.sh"
source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools_freebsd.sh"
source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools_linux.sh"
source "$SECRETS_PROJECT_ROOT/src/_utils/_git_secret_tools_osx.sh"
# Constants:
FIXTURES_DIR="$BATS_TEST_DIRNAME/fixtures"
@ -47,27 +47,27 @@ GPGTEST="$SECRETS_GPG_COMMAND --homedir=$TEST_GPG_HOMEDIR --no-permission-warnin
# See tests/fixtures/gpg/README.md for more
# on key fixtures 'user[1-5]@gitsecret.io'
# these two are 'normal' keys.
export TEST_DEFAULT_USER="user1@gitsecret.io"
export TEST_SECOND_USER="user2@gitsecret.io"
export TEST_DEFAULT_USER='user1@gitsecret.io'
export TEST_SECOND_USER='user2@gitsecret.io'
# TEST_NONAME_USER (user3) created with '--quick-key-generate'
# and has only an email, no username.
export TEST_NONAME_USER="user3@gitsecret.io"
export TEST_NONAME_USER='user3@gitsecret.io'
# TEST_EXPIRED_USER (user4) has expired
export TEST_EXPIRED_USER="user4@gitsecret.io" # this key expires 2018-09-24
export TEST_EXPIRED_USER='user4@gitsecret.io' # this key expires 2018-09-24
# fixture filename is named this,
# but key has no email and a comment, as per #527
export TEST_NOEMAIL_COMMENT_USER="user5@gitsecret.io"
export TEST_NOEMAIL_COMMENT_USER='user5@gitsecret.io'
export TEST_ATTACKER_USER="attacker1@gitsecret.io"
export TEST_ATTACKER_USER='attacker1@gitsecret.io'
export TEST_DEFAULT_FILENAME="space file" # has spaces
export TEST_SECOND_FILENAME="space file two" # has spaces
export TEST_THIRD_FILENAME="space file three" # has spaces
export TEST_FOURTH_FILENAME="space file three [] * $" # has spaces and special chars
export TEST_DEFAULT_FILENAME='space file' # has spaces
export TEST_SECOND_FILENAME='space file two' # has spaces
export TEST_THIRD_FILENAME='space file three' # has spaces
export TEST_FOURTH_FILENAME='space file three [] * $' # has spaces and special chars
function test_user_password {
@ -83,14 +83,14 @@ function test_user_password {
function stop_gpg_agent {
local username
username=$(id -u -n)
if [[ "$GITSECRET_DIST" == "windows" ]]; then
if [[ "$SECRETS_DOCKER_ENV" == 'windows' ]]; then
ps -l -u "$username" | gawk \
'/gpg-agent/ { if ( $0 !~ "awk" ) { system("kill "$1) } }' >> "$TEST_GPG_OUTPUT_FILE" 2>&1
else
local ps_is_busybox
ps_is_busybox=_exe_is_busybox "ps"
if [[ $ps_is_busybox -eq "1" ]]; then
echo "# git-secret: tests: not stopping gpg-agent on busybox" >&3
ps_is_busybox=_exe_is_busybox 'ps'
if [[ $ps_is_busybox -eq '1' ]]; then
echo '# git-secret: tests: not stopping gpg-agent on busybox' >&3
else
ps -wx -U "$username" | gawk \
'/gpg-agent --homedir/ { if ( $0 !~ "awk" ) { system("kill "$1) } }' >> "$TEST_GPG_OUTPUT_FILE" 2>&1
@ -104,7 +104,7 @@ function get_gpgtest_prefix {
# shellcheck disable=SC2086
echo "echo \"$(test_user_password $1)\" | "
else
echo ""
echo ''
fi
}
@ -242,7 +242,7 @@ function set_state_secret_add {
local filename="$1"
local content="$2"
echo "$content" > "$filename" # we add a newline
echo "$filename" >> ".gitignore"
echo "$filename" >> '.gitignore'
git secret add "$filename" >> "$TEST_GPG_OUTPUT_FILE" 2>&1
}
@ -251,7 +251,7 @@ function set_state_secret_add_without_newline {
local filename="$1"
local content="$2"
echo -n "$content" > "$filename" # we do not add a newline
echo "$filename" >> ".gitignore"
echo "$filename" >> '.gitignore'
git secret add "$filename" >> "$TEST_GPG_OUTPUT_FILE" 2>&1
}
@ -275,7 +275,7 @@ function unset_current_state {
secrets_dir=$(_get_secrets_dir)
rm -rf "$secrets_dir"
rm -rf ".gitignore"
rm -rf '.gitignore'
# unsets `git` state
remove_git_repository
@ -308,7 +308,7 @@ function unset_current_state {
rm -vrf "${TEST_GPG_HOMEDIR:?}/${TEST_FOURTH_FILENAME}" 2>&1 | sed 's/^/# unset_current_state: rm /'
# return to the base dir:
cd "$SECRET_PROJECT_ROOT" || exit 1
cd "$SECRETS_PROJECT_ROOT" || exit 1
}
# show output if we wind up manually removing the test output file in a trap

View File

@ -7,7 +7,7 @@ INSTALL_BASE="${TMPDIR}/git-secret-test-install"
@test "install git-secret to DESTDIR='$INSTALL_BASE'" {
rm -f "$INSTALL_BASE/usr/bin/git-secret"
cd "$SECRET_PROJECT_ROOT"
cd "$SECRETS_PROJECT_ROOT"
# set DESTDIR for this command and 'run' make install
DESTDIR="$INSTALL_BASE" run make install

View File

@ -3,7 +3,7 @@
set -e
# shellcheck disable=SC1090,SC1091
source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
preinstall_files '-c'
@ -11,4 +11,4 @@ preinstall_files '-c'
cd "$SCRIPT_DEST_DIR" && build_package 'apk'
# Cleaning up:
clean_up_files && cd "$SECRET_PROJECT_ROOT"
clean_up_files && cd "$SECRETS_PROJECT_ROOT"

View File

@ -8,11 +8,9 @@ if [ -z "$SECRETS_ARTIFACTORY_CREDENTIALS" ]; then
fi
# shellcheck disable=SC1090,SC1091
source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
# shellcheck disable=SC1090,SC1091
source "$SECRET_PROJECT_ROOT/src/version.sh"
source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
VERSION_NAME="git-secret-${GITSECRET_VERSION}.apk"
VERSION_NAME="git-secret-${SCRIPT_VERSION}.apk"
# Artifactory location:
BASE_API_URL='https://gitsecret.jfrog.io/artifactory'

View File

@ -2,13 +2,16 @@
set -e
# shellcheck disable=SC1090,SC1091
source "$SECRETS_PROJECT_ROOT/src/version.sh"
# Initializing and settings:
READ_PERM=0644
EXEC_PERM=0755
SCRIPT_NAME='git-secret'
SCRIPT_DESCRIPTION='A bash-tool to store your private data inside a git repository.'
SCRIPT_VERSION="$(bash "${PWD}"/git-secret --version)"
SCRIPT_VERSION="$GITSECRET_VERSION"
# This may be overridden:
if [[ -z "$SCRIPT_BUILD_DIR" ]]; then
@ -38,8 +41,8 @@ function preinstall_files {
"$SCRIPT_DEST_DIR/usr/bin/$SCRIPT_NAME"
# Install the manualls:
install -m "$EXEC_PERM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man1"
install -m "$EXEC_PERM" -d "${SCRIPT_DEST_DIR}/usr/share/man/man7"
install -m "$EXEC_PERM" -d "$SCRIPT_DEST_DIR/usr/share/man/man1"
install -m "$EXEC_PERM" -d "$SCRIPT_DEST_DIR/usr/share/man/man7"
for file in man/man1/* ; do
if [[ "$file" == *.md ]]; then
continue
@ -62,21 +65,21 @@ function build_package {
# coreutils is for sha256sum
# See https://github.com/jordansissel/fpm for docs:
fpm \
-s dir \
-t "$build_type" \
-a all \
-n "$SCRIPT_NAME" \
--input-type 'dir' \
--output-type "$build_type" \
--chdir "$SCRIPT_DEST_DIR" \
--architecture 'all' \
--name "$SCRIPT_NAME" \
--version "$SCRIPT_VERSION" \
--description "$SCRIPT_DESCRIPTION" \
--url "https://git-secret.io" \
--maintainer "Nikita Sobolev (mail@sobolevn.me)" \
--license "MIT" \
-C "$SCRIPT_DEST_DIR" \
-d "bash" \
-d "coreutils" \
-d "gawk" \
-d "git" \
-d "gnupg" \
--url 'https://git-secret.io' \
--maintainer 'Nikita Sobolev (mail@sobolevn.me)' \
--license 'MIT' \
--depends 'bash' \
--depends 'coreutils' \
--depends 'gawk' \
--depends 'git' \
--depends 'gnupg' \
--deb-no-default-config-files \
.
}

View File

@ -3,7 +3,7 @@
set -e
# shellcheck disable=SC1090,SC1091
source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
preinstall_files '-c'
@ -11,4 +11,4 @@ preinstall_files '-c'
cd "$SCRIPT_DEST_DIR" && build_package 'deb'
# Cleaning up:
clean_up_files && cd "$SECRET_PROJECT_ROOT"
clean_up_files && cd "$SECRETS_PROJECT_ROOT"

View File

@ -8,7 +8,7 @@ if [ -z "$SECRETS_ARTIFACTORY_CREDENTIALS" ]; then
fi
# shellcheck disable=SC1090,SC1091
source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
# Artifactory location:
BASE_API_URL='https://gitsecret.jfrog.io/artifactory'

5
utils/deb/install.sh Normal file
View File

@ -0,0 +1,5 @@
sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list"
wget -qO - 'https://gitsecret.jfrog.io/artifactory/api/gpg/key/public' | sudo apt-key add -
sudo apt-get update && sudo apt-get install -y git-secret
# Testing, that it worked:
git secret --version

View File

@ -3,7 +3,7 @@
set -e
# shellcheck disable=SC1090,SC1091
source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
# Copying all the required files to the build directory:
preinstall_files '-c'
@ -12,4 +12,4 @@ preinstall_files '-c'
cd "$SCRIPT_DEST_DIR" && build_package 'rpm'
# Cleaning up:
clean_up_files && cd "$SECRET_PROJECT_ROOT"
clean_up_files && cd "$SECRETS_PROJECT_ROOT"

View File

@ -8,7 +8,7 @@ if [ -z "$SECRETS_ARTIFACTORY_CREDENTIALS" ]; then
fi
# shellcheck disable=SC1090,SC1091
source "$SECRET_PROJECT_ROOT/utils/build-utils.sh"
source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
# Artifactory location:
BASE_API_URL='https://gitsecret.jfrog.io/artifactory'

View File

@ -4,6 +4,6 @@ baseurl=https://gitsecret.jfrog.io/artifactory/git-secret-rpm
enabled=1
gpgcheck=0
# Uncomment the following lines to enable repository-level GPG key check:
## Uncomment the following lines to enable repository-level GPG key check:
# gpgkey=https://gitsecret.jfrog.io/artifactory/git-secret-rpm/repodata/repomd.xml.key
# repo_gpgcheck=1

6
utils/rpm/install.sh Normal file
View File

@ -0,0 +1,6 @@
wget https://raw.githubusercontent.com/sobolevn/git-secret/master/utils/rpm/git-secret.repo -O git-secret-rpm.repo
# Inspect what's inside! You can also enable `gpg` check on repo level.
sudo mv git-secret-rpm.repo /etc/yum.repos.d/
sudo yum install -y git-secret
# Testing, that it worked:
git secret --version

View File

@ -1,6 +1,6 @@
#!/usr/bin/env bash
# `SECRET_PROJECT_ROOT` must be set before running the script.
# `SECRETS_PROJECT_ROOT` must be set before running the script.
set -e
@ -25,7 +25,7 @@ chmod 0700 "${TEST_DIR}"
# bats expects diagnostic lines to be sent to fd 3, matching regex '^# '
# (IE, like: `echo '# message here' >&3`).
# bats ... 3>&1 shows diagnostic output
bats "${SECRET_PROJECT_ROOT}/tests" 3>&1
bats "${SECRETS_PROJECT_ROOT}/tests" 3>&1
)
rm -rf "${TEST_DIR}"