Version 0.4.0 release

pull/667/head
sobolevn 3 years ago
parent adce5a5d61
commit 77013fa47f
No known key found for this signature in database
GPG Key ID: FF672D568AE3C73E

@ -15,6 +15,11 @@ LAST_RELEASE_TAG=$(curl \
| jq .tag_name | sed 's/"//g'
)
echo "LAST_RELEASE_TAG=$LAST_RELEASE_TAG"
if [ "$LAST_RELEASE_TAG" = 'null' ]; then
# Most likely, we are facing rate-limiting problems,
# just try again later.
exit 1
fi
NEW_CHANGELOG='CHANGELOG-RELEASE.md'

@ -1,10 +1,5 @@
# Initially copied from
# https://github.com/jordansissel/fpm/blob/master/Dockerfile
# TODO: Move to native image
# see: https://github.com/jordansissel/fpm/issues/1782
# Or we can completely switch to
# https://github.com/goreleaser/nfpm
FROM alpine:3.13
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
@ -30,9 +25,11 @@ RUN apk add --no-cache --update \
gnupg \
# Assumed to be present:
curl \
# envsubst for `nfpm`:
gettext \
# Installing `nfpm`, it builds alpine packages:
&& curl -sfL https://install.goreleaser.com/github.com/goreleaser/nfpm.sh | sh \
# Installing `fpm`, it build all other packages:
# Installing `fpm`, it builds all other packages:
&& gem install --no-document fpm
WORKDIR $CODE_DIR

@ -56,6 +56,7 @@ You can find the `rpm` repository [here](https://gitsecret.jfrog.io/artifactory/
### Alpine
You can find the `apk` repository [here](https://gitsecret.jfrog.io/artifactory/git-secret-apk/).
See list of supported architectures [here](https://github.com/sobolevn/git-secret/blob/master/utils/apk/meta.sh)
```bash
{% include install-apk.sh %}

@ -7,18 +7,32 @@ source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
# We need this export for `config.yml` to expand the version properly.
export SCRIPT_VERSION
# shellcheck disable=SC1090,SC1091
source "$SECRETS_PROJECT_ROOT/utils/apk/meta.sh"
# Create dest dir:
mkdir -p "$SCRIPT_DEST_DIR"
# Here's the deal. We use a custom builder here,
# because `fpm` produces a broken package.
# It is possible to install it locally,
# but it fails to be installed from our Artifactory.
# So, we switched.
# But, we only switched one repo for now,
# because we are not sure that other affected packages will be fine.
# And also `fpm` supports more tools: like pacman.
nfpm package \
-f "$SECRETS_PROJECT_ROOT/utils/apk/config.yml" \
--packager 'apk' \
--target "$SCRIPT_DEST_DIR"
for architecture in "${ALPINE_ARCHITECTURES[@]}"; do
ALPINE_ARCHITECTURE="$architecture"
export ALPINE_ARCHITECTURE
config_file="$SCRIPT_BUILD_DIR/${architecture}.yml"
envsubst < "$SECRETS_PROJECT_ROOT/utils/apk/nfpm.yml" > "$config_file"
# Here's the deal. We use a custom builder here,
# because `fpm` produces a broken package.
# It is possible to install it locally,
# but it used to fail when installed from our Artifactory.
# So, we switched to `nfpm` instead.
# But, we only switched one repo for now,
# because we are not sure that other affected packages will be fine.
# And also `fpm` supports more tools: like pacman.
nfpm package \
--config "$config_file" \
--packager 'apk' \
--target "$SCRIPT_DEST_DIR"
done
# Cleaning up:
clean_up_files

@ -4,42 +4,29 @@ set -e
# shellcheck disable=SC1090,SC1091
source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
# shellcheck disable=SC1090,SC1091
source "$SECRETS_PROJECT_ROOT/utils/apk/meta.sh"
VERSION_NAME="git-secret-${SCRIPT_VERSION}.apk"
# Artifactory location:
BASE_API_URL='https://gitsecret.jfrog.io/artifactory'
# This folder should contain just one `.apk` file:
APK_FILE_LOCATION="$(locate_release 'apk')"
APK_FILE_NAME="$(basename "$APK_FILE_LOCATION")"
function upload_with_architecture {
local arch="$1"
local file_location
file_location="$(locate_release 'apk' "$arch")"
curl -sS -u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
--max-time 10 \
--retry 3 \
--retry-delay 5 \
-XPUT "$BASE_API_URL/git-secret-apk/all/main/$arch/$VERSION_NAME" \
-T "$APK_FILE_LOCATION"
-T "$file_location"
}
# Full list is here:
# http://dl-cdn.alpinelinux.org/alpine/v3.13/main/
ARCHITECTURES=(
'aarch64'
'armhf'
'armv7'
'mips64'
'ppc64le'
's390x'
'x86_64'
'x86'
)
for architecture in "${ARCHITECTURES[@]}"; do
for architecture in "${ALPINE_ARCHITECTURES[@]}"; do
upload_with_architecture "$architecture"
done
@ -51,4 +38,4 @@ curl -sS -u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
-XPOST "$BASE_API_URL/api/alpine/git-secret-apk/reindex"
echo
echo "Done: released $APK_FILE_NAME"
echo 'Done: released alpine packages'

@ -1,5 +1,6 @@
sh -c "echo 'https://gitsecret.jfrog.io/artifactory/git-secret-apk/all/main'" >> /etc/apk/repositories
wget -O /etc/apk/keys/git-secret-apk.rsa.pub 'https://gitsecret.jfrog.io/artifactory/api/security/keypair/public/repositories/git-secret-apk'
apk update && apk add git-secret
# Testing, that it worked:
git secret --version

@ -0,0 +1,13 @@
# Full list is here:
# http://dl-cdn.alpinelinux.org/alpine/v3.13/main/
# shellcheck disable=SC2034
ALPINE_ARCHITECTURES=(
'aarch64'
'armhf'
'armv7'
'mips64'
'ppc64le'
's390x'
'x86'
'x86_64'
)

@ -2,7 +2,7 @@
name: git-secret
# Architecture. (required)
arch: all
arch: $ALPINE_ARCHITECTURE
# Platform.
# Defaults to `linux`.

@ -23,7 +23,11 @@ SCRIPT_DEST_DIR="$SCRIPT_BUILD_DIR/buildroot"
function locate_release {
local release_type="$1"
find "$SCRIPT_DEST_DIR" -maxdepth 1 -name "*.$release_type" | head -1
local arch="${2:-all}"
find "$SCRIPT_DEST_DIR" \
-maxdepth 1 \
-name "*${arch}.$release_type" | head -1
}
@ -38,33 +42,34 @@ function preinstall_files {
# Coping the files inside the build folder:
install -D "$dir_switch" \
-b -m "$EXEC_PERM" "$dir_switch" "$SCRIPT_NAME" \
"$SCRIPT_DEST_DIR/usr/bin/$SCRIPT_NAME"
"$SCRIPT_BUILD_DIR/usr/bin/$SCRIPT_NAME"
# Install the manualls:
install -m "$EXEC_PERM" -d "$SCRIPT_DEST_DIR/usr/share/man/man1"
install -m "$EXEC_PERM" -d "$SCRIPT_DEST_DIR/usr/share/man/man7"
install -m "$EXEC_PERM" -d "$SCRIPT_BUILD_DIR/usr/share/man/man1"
install -m "$EXEC_PERM" -d "$SCRIPT_BUILD_DIR/usr/share/man/man7"
for file in man/man1/*.1 ; do
install -D "$dir_switch" \
-b -m "$READ_PERM" "$dir_switch" "$file" \
"$SCRIPT_DEST_DIR/usr/share/$file"
"$SCRIPT_BUILD_DIR/usr/share/$file"
done
install -D "$dir_switch" \
-b -m "$READ_PERM" "$dir_switch" 'man/man7/git-secret.7' \
"$SCRIPT_DEST_DIR/usr/share/man/man7/git-secret.7"
"$SCRIPT_BUILD_DIR/usr/share/man/man7/git-secret.7"
}
function build_package {
# Only requires `rpm`, `apk`, or `deb` as first argument:
local build_type="$1"
local arch_type="${2:-all}"
# coreutils is for sha256sum
# See https://github.com/jordansissel/fpm for docs:
fpm \
--input-type 'dir' \
--output-type "$build_type" \
--chdir "$SCRIPT_DEST_DIR" \
--architecture 'all' \
--chdir "$SCRIPT_BUILD_DIR" \
--architecture "$arch_type" \
--name "$SCRIPT_NAME" \
--version "$SCRIPT_VERSION" \
--description "$SCRIPT_DESCRIPTION" \
@ -82,5 +87,8 @@ function build_package {
function clean_up_files {
rm -rf "${SCRIPT_DEST_DIR:?}/usr"
# Pre-installed files:
rm -rf "${SCRIPT_BUILD_DIR:?}/usr"
# nfpm configs:
rm -rf "$SCRIPT_BUILD_DIR"/*.yml
}

@ -11,4 +11,4 @@ preinstall_files '-c'
cd "$SCRIPT_DEST_DIR" && build_package 'deb'
# Cleaning up:
clean_up_files && cd "$SECRETS_PROJECT_ROOT"
clean_up_files

@ -1,5 +1,6 @@
sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list"
wget -qO - 'https://gitsecret.jfrog.io/artifactory/api/gpg/key/public' | sudo apt-key add -
sudo apt-get update && sudo apt-get install -y git-secret
# Testing, that it worked:
git secret --version

@ -12,4 +12,4 @@ preinstall_files '-c'
cd "$SCRIPT_DEST_DIR" && build_package 'rpm'
# Cleaning up:
clean_up_files && cd "$SECRETS_PROJECT_ROOT"
clean_up_files

@ -2,5 +2,6 @@ wget https://raw.githubusercontent.com/sobolevn/git-secret/master/utils/rpm/git-
# Inspect what's inside! You can also enable `gpg` check on repo level.
sudo mv git-secret-rpm.repo /etc/yum.repos.d/
sudo yum install -y git-secret
# Testing, that it worked:
git secret --version

Loading…
Cancel
Save