mirror of https://github.com/sobolevn/git-secret
[WIP] New CI
parent
4dca9f3701
commit
8f7b9c51de
@ -1,15 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -e
|
||||
|
||||
# This file is required, because for some reason
|
||||
# travis deploys do not trigger metadata calculation.
|
||||
# See: https://github.com/sobolevn/git-secret/issues/89
|
||||
|
||||
# This file is only called after successful deploy.
|
||||
|
||||
# We need to execute custom call to the Bintray API:
|
||||
curl -X POST \
|
||||
--user "sobolevn:$BINTRAY_API_KEY" \
|
||||
-H "X-GPG-PASSPHRASE: $BINTRAY_GPG_PASS" \
|
||||
"https://api.bintray.com/calc_metadata/sobolevn/$GITSECRET_DIST"
|
@ -1,24 +0,0 @@
|
||||
#!/bin/sh
|
||||
## Script is specifically for use on travis-ci
|
||||
|
||||
set -e
|
||||
|
||||
## This is an example setup script that you would encapsulate the installation
|
||||
# What version of avm setup to use
|
||||
echo "Setting up Ansible Version Manager"
|
||||
AVM_VERSION="v1.0.0"
|
||||
## Install Ansible using pip and label it
|
||||
export ANSIBLE_VERSIONS_0="2.9.2.0"
|
||||
export INSTALL_TYPE_0="pip"
|
||||
export ANSIBLE_LABEL_0="v2.9"
|
||||
# Whats the default version
|
||||
export ANSIBLE_DEFAULT_VERSION="v2.9"
|
||||
|
||||
## Create a temp dir to download avm
|
||||
avm_dir="$(mktemp -d 2> /dev/null || mktemp -d -t 'mytmpdir')"
|
||||
git clone https://github.com/ahelal/avm.git "${avm_dir}" > /dev/null 2>&1
|
||||
|
||||
## Run the setup
|
||||
/bin/sh ${avm_dir}/setup.sh
|
||||
|
||||
exit 0
|
@ -0,0 +1,18 @@
|
||||
FROM debian:10.9-slim
|
||||
|
||||
ENV DEBIAN_FRONTEND="noninteractive"
|
||||
|
||||
RUN apt-get update \
|
||||
&& apt-get upgrade -y \
|
||||
&& apt-get install -y \
|
||||
# Direct dependencies:
|
||||
curl \
|
||||
gawk \
|
||||
git \
|
||||
gnupg \
|
||||
# Assumed to be present:
|
||||
procps \
|
||||
make \
|
||||
# Cleaning cache:
|
||||
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
|
||||
&& apt-get clean -y && rm -rf /var/lib/apt/lists/*
|
@ -1,153 +0,0 @@
|
||||
---
|
||||
# host to test against
|
||||
- hosts: test-kitchen
|
||||
remote_user: root
|
||||
tasks:
|
||||
- include_tasks: tasks/dependencies.yml
|
||||
|
||||
- name: Install build tools
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
with_items: "{{ build_tools }}"
|
||||
|
||||
- name: Check whether deb-src repos are enabled
|
||||
command: grep -c -e "^deb-src.*" /etc/apt/sources.list
|
||||
register: deb_src_check
|
||||
ignore_errors: yes
|
||||
when:
|
||||
- ansible_os_family == "Debian"
|
||||
|
||||
- name: Set deb-src check results
|
||||
set_fact:
|
||||
deb_src_check_result: "{{ deb_src_check.stdout | default(0) }}"
|
||||
|
||||
- name: Enable Ubuntu main & restricted source repo
|
||||
replace:
|
||||
path: '/etc/apt/sources.list'
|
||||
regexp: '^(#\s)(.*main\srestricted)$'
|
||||
replace: '\2 # enabled'
|
||||
when:
|
||||
- ansible_distribution == "Ubuntu"
|
||||
- deb_src_check_result|int < 1
|
||||
|
||||
- name: Remove dpkg excludes on Ubuntu
|
||||
replace:
|
||||
path: '/etc/dpkg/dpkg.cfg.d/excludes'
|
||||
regexp: '^(path-exclude=/usr/share/man/.*)'
|
||||
replace: '#\1'
|
||||
when:
|
||||
- ansible_distribution == "Ubuntu"
|
||||
|
||||
- name: Enable Debian source repos
|
||||
replace:
|
||||
path: '/etc/apt/sources.list'
|
||||
regexp: '^(deb)(.*)$'
|
||||
replace: '\1\2\ndeb-src\2'
|
||||
when:
|
||||
- ansible_distribution == "Debian"
|
||||
- deb_src_check_result|int < 1
|
||||
|
||||
- name: Install gnupg build dependencies for Debian based distros
|
||||
apt:
|
||||
name: gnupg2
|
||||
state: build-dep
|
||||
update_cache: yes
|
||||
when:
|
||||
- ansible_os_family == "Debian"
|
||||
|
||||
- name: Install gnupg build dependencies for RedHat based distros
|
||||
command: bash -lc "dnf -y install 'dnf-command(builddep)' && dnf builddep -y gnupg2"
|
||||
when:
|
||||
- ansible_os_family == "RedHat"
|
||||
|
||||
- name: Install gnupg build dependencies for Alpine based distros
|
||||
command: bash -lc "apk add gnutls-dev libksba-dev libgcrypt-dev libgpg-error-dev npth-dev zlib-dev libassuan-dev bzip2-dev sqlite-dev libusb-dev"
|
||||
when:
|
||||
- ansible_os_family == "Alpine"
|
||||
|
||||
- name: Install rspec in /usr/local/bin for RedHat based distros
|
||||
command: bash -lc "gem install -n /usr/local/bin rspec"
|
||||
when:
|
||||
- ansible_os_family == "RedHat"
|
||||
|
||||
- name: Make directory /usr/local/src/ for Alpine based distros
|
||||
command: bash -lc "mkdir -p /usr/local/src/"
|
||||
when:
|
||||
- ansible_os_family == "Alpine"
|
||||
|
||||
- name: Set gnupg src directory
|
||||
set_fact:
|
||||
gpg_src_path: /usr/local/src/gpg-gnupg
|
||||
|
||||
- name: Get GnuPG from github
|
||||
git:
|
||||
repo: 'https://github.com/gpg/gnupg.git'
|
||||
dest: "{{ gpg_src_path }}"
|
||||
update: true
|
||||
|
||||
- name: get latest tag name
|
||||
shell: "git describe --tags `git rev-list --tags --max-count=1`"
|
||||
args:
|
||||
chdir: "{{ gpg_src_path }}"
|
||||
register: latest_tag
|
||||
|
||||
- name: Checkout latest tag
|
||||
git:
|
||||
repo: 'https://github.com/gpg/gnupg.git'
|
||||
dest: "{{ gpg_src_path }}"
|
||||
version: "{{ latest_tag.stdout }}"
|
||||
|
||||
- name: Run gnupg autogen
|
||||
command: bash -lc "cd {{ gpg_src_path }} && ./autogen.sh "
|
||||
changed_when: False
|
||||
|
||||
- name: Disable development msg for gnupg
|
||||
lineinfile:
|
||||
path: "{{ gpg_src_path }}/configure"
|
||||
regexp: '^development_version=.*'
|
||||
line: 'development_version=no'
|
||||
|
||||
- name: Set gnupg build config
|
||||
set_fact:
|
||||
gpg_build_config: >-
|
||||
--sysconfdir=/etc
|
||||
--prefix=/usr
|
||||
--enable-symcryptrun
|
||||
--docdir=/usr/share/doc/gnupg-2.2.0
|
||||
--disable-rpath
|
||||
--enable-maintainer-mode
|
||||
changed_when: False
|
||||
|
||||
- name: Configure gnupg build
|
||||
command: bash -lc "cd {{ gpg_src_path }} && ./configure {{ gpg_build_config }}"
|
||||
changed_when: False
|
||||
|
||||
# disable gnupg doc build on alpine as it is not detecting an absence of graphical tools such as fig2dev on alpine
|
||||
- name: Disable making docs on Alpine
|
||||
lineinfile:
|
||||
path: "{{ gpg_src_path }}/Makefile"
|
||||
regexp: '^doc = doc$'
|
||||
line: 'doc = '
|
||||
when:
|
||||
- ansible_os_family == "Alpine"
|
||||
|
||||
# disable gnupg doc build on Ubuntu-Rolling because it won't build
|
||||
# ( See https://travis-ci.org/sobolevn/git-secret/jobs/439870332 )
|
||||
- name: Disable making docs on Ubuntu-Rolling
|
||||
lineinfile:
|
||||
path: "{{ gpg_src_path }}/Makefile"
|
||||
regexp: '^doc = doc$'
|
||||
line: 'doc = '
|
||||
when:
|
||||
- ansible_distribution == "Ubuntu"
|
||||
|
||||
- name: Compile gnupg src
|
||||
command: bash -lc "cd {{ gpg_src_path }} && make"
|
||||
changed_when: False
|
||||
|
||||
- name: Install compiled gnupg
|
||||
command: bash -lc "cd {{ gpg_src_path }} && make install"
|
||||
changed_when: False
|
||||
|
||||
- include_tasks: tasks/prep-tests.yml
|
||||
- include_tasks: tasks/run-tests.yml
|
@ -1,53 +0,0 @@
|
||||
require_relative './spec_helper'
|
||||
|
||||
describe 'git-secret::test' do
|
||||
|
||||
describe package('git-secret') do
|
||||
it { should be_installed }
|
||||
end
|
||||
|
||||
if host_inventory['platform'] == 'fedora'
|
||||
describe command('find /tmp/git-secret/build -name "*.rpm"') do
|
||||
its(:stdout) { should match /git-secret.*rpm/ }
|
||||
end
|
||||
elsif host_inventory['platform'] == 'alpine'
|
||||
describe command('find /tmp/git-secret/build -name "*.apk"') do
|
||||
its(:stdout) { should match /git-secret.*apk/ }
|
||||
end
|
||||
else
|
||||
describe command('find /tmp/git-secret/build -name "*.deb"') do
|
||||
its(:stdout) { should match /git-secret.*deb/ }
|
||||
end
|
||||
end
|
||||
|
||||
describe file('/.git-secret_test-passed') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
describe file('/.git-secret_lint-passed') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
if host_inventory['platform'] == 'fedora'
|
||||
describe command('rpm --query --info git-secret') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
elsif host_inventory['platform'] == 'alpine'
|
||||
describe command('apk info git-secret') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
else
|
||||
describe command('dpkg-query --status git-secret') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
end
|
||||
|
||||
describe command('man -w "git-secret"') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
|
||||
describe command('man -w "git-secret-init"') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
|
||||
end
|
@ -1,11 +0,0 @@
|
||||
require 'serverspec'
|
||||
|
||||
# :backend can be either :exec or :ssh
|
||||
# since we are running local we use :exec
|
||||
set :backend, :exec
|
||||
|
||||
RSpec.configure do |c|
|
||||
c.before :all do
|
||||
c.path = '/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin'
|
||||
end
|
||||
end
|
@ -1,46 +0,0 @@
|
||||
---
|
||||
# host to test against
|
||||
- hosts: test-kitchen
|
||||
remote_user: root
|
||||
tasks:
|
||||
- include_tasks: tasks/dependencies.yml
|
||||
|
||||
- name: Remove dpkg excludes on Ubuntu
|
||||
replace:
|
||||
path: '/etc/dpkg/dpkg.cfg.d/excludes'
|
||||
regexp: '^(path-exclude=/usr/share/man/.*)'
|
||||
replace: '#\1'
|
||||
when:
|
||||
- ansible_distribution == "Ubuntu"
|
||||
|
||||
- name: Install gnupg
|
||||
package:
|
||||
name: "{{ item.name }}"
|
||||
state: present
|
||||
when:
|
||||
- ansible_distribution == item.distribution
|
||||
with_items:
|
||||
- name: gnupg1
|
||||
distribution: Alpine
|
||||
- name: gnupg1
|
||||
distribution: Fedora
|
||||
- name: gnupg1
|
||||
distribution: Debian
|
||||
- name: gnupg1
|
||||
distribution: Alpine
|
||||
|
||||
- name: Check for gpg1 binary
|
||||
stat:
|
||||
path: /usr/bin/gpg1
|
||||
register: gpg1
|
||||
|
||||
- name: Make gpg1 default binary
|
||||
file:
|
||||
src: /usr/bin/gpg1
|
||||
dest: /usr/bin/gpg
|
||||
state: link
|
||||
force: yes
|
||||
when: gpg1.stat.exists
|
||||
|
||||
- include_tasks: tasks/prep-tests.yml
|
||||
- include_tasks: tasks/run-tests.yml
|
@ -1,53 +0,0 @@
|
||||
require_relative './spec_helper'
|
||||
|
||||
describe 'git-secret::test' do
|
||||
|
||||
describe package('git-secret') do
|
||||
it { should be_installed }
|
||||
end
|
||||
|
||||
if host_inventory['platform'] == 'fedora' || host_inventory['platform'] == 'redhat'
|
||||
describe command('find /tmp/git-secret/build -name "*.rpm"') do
|
||||
its(:stdout) { should match /git-secret.*rpm/ }
|
||||
end
|
||||
elsif host_inventory['platform'] == 'alpine'
|
||||
describe command('find /tmp/git-secret/build -name "*.apk"') do
|
||||
its(:stdout) { should match /git-secret.*apk/ }
|
||||
end
|
||||
else
|
||||
describe command('find /tmp/git-secret/build -name "*.deb"') do
|
||||
its(:stdout) { should match(/git-secret.*deb/) }
|
||||
end
|
||||
end
|
||||
|
||||
describe file('/.git-secret_test-passed') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
describe file('/.git-secret_lint-passed') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
if host_inventory['platform'] == 'fedora' || host_inventory['platform'] == 'redhat'
|
||||
describe command('rpm --query --info git-secret') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
elsif host_inventory['platform'] == 'alpine'
|
||||
describe command('apk info git-secret') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
else
|
||||
describe command('dpkg-query --status git-secret') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
end
|
||||
|
||||
describe command('man -w "git-secret"') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
|
||||
describe command('man -w "git-secret-init"') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
|
||||
end
|
@ -1,11 +0,0 @@
|
||||
require 'serverspec'
|
||||
|
||||
# :backend can be either :exec or :ssh
|
||||
# since we are running local we use :exec
|
||||
set :backend, :exec
|
||||
|
||||
RSpec.configure do |c|
|
||||
c.before :all do
|
||||
c.path = '/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin'
|
||||
end
|
||||
end
|
@ -1,50 +0,0 @@
|
||||
---
|
||||
# host to test against
|
||||
- hosts: test-kitchen
|
||||
remote_user: root
|
||||
tasks:
|
||||
- include_tasks: tasks/dependencies.yml
|
||||
|
||||
- name: Remove dpkg excludes on Ubuntu
|
||||
replace:
|
||||
path: '/etc/dpkg/dpkg.cfg.d/excludes'
|
||||
regexp: '^(path-exclude=/usr/share/man/.*)'
|
||||
replace: '#\1'
|
||||
when:
|
||||
- ansible_distribution == "Ubuntu"
|
||||
|
||||
- name: Install gnupg
|
||||
package:
|
||||
name: "{{ item.name }}"
|
||||
state: present
|
||||
when:
|
||||
- ansible_distribution == item.distribution
|
||||
with_items:
|
||||
- name: gnupg
|
||||
distribution: Alpine
|
||||
- name: gnupg2
|
||||
distribution: Fedora
|
||||
- name: gnupg2
|
||||
distribution: Ubuntu
|
||||
- name: gnupg
|
||||
distribution: Debian
|
||||
- name: gnupg
|
||||
distribution: Alpine
|
||||
|
||||
- name: Check for gpg2 binary
|
||||
stat:
|
||||
path: /usr/bin/gpg2
|
||||
register: gpg2
|
||||
|
||||
- name: Make gpg2 default binary
|
||||
file:
|
||||
src: /usr/bin/gpg2
|
||||
dest: /usr/bin/gpg
|
||||
state: link
|
||||
force: yes
|
||||
when:
|
||||
- gpg2.stat.exists
|
||||
- gpg2.stat.islnk == False
|
||||
|
||||
- include_tasks: tasks/prep-tests.yml
|
||||
- include_tasks: tasks/run-tests.yml
|
@ -1,53 +0,0 @@
|
||||
require_relative './spec_helper'
|
||||
|
||||
describe 'git-secret::test' do
|
||||
|
||||
describe package('git-secret') do
|
||||
it { should be_installed }
|
||||
end
|
||||
|
||||
if host_inventory['platform'] == 'fedora' || host_inventory['platform'] == 'redhat'
|
||||
describe command('find /tmp/git-secret/build -name "*.rpm"') do
|
||||
its(:stdout) { should match(/git-secret.*rpm/) }
|
||||
end
|
||||
elsif host_inventory['platform'] == 'alpine'
|
||||
describe command('find /tmp/git-secret/build -name "*.apk"') do
|
||||
its(:stdout) { should match /git-secret.*apk/ }
|
||||
end
|
||||
else
|
||||
describe command('find /tmp/git-secret/build -name "*.deb"') do
|
||||
its(:stdout) { should match(/git-secret.*deb/) }
|
||||
end
|
||||
end
|
||||
|
||||
describe file('/.git-secret_test-passed') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
describe file('/.git-secret_lint-passed') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
if host_inventory['platform'] == 'fedora' || host_inventory['platform'] == 'redhat'
|
||||
describe command('rpm --query --info git-secret') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
elsif host_inventory['platform'] == 'alpine'
|
||||
describe command('apk info git-secret') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
else
|
||||
describe command('dpkg-query --status git-secret') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
end
|
||||
|
||||
describe command('man -w "git-secret"') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
|
||||
describe command('man -w "git-secret-init"') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
|
||||
end
|
@ -1,11 +0,0 @@
|
||||
require 'serverspec'
|
||||
|
||||
# :backend can be either :exec or :ssh
|
||||
# since we are running local we use :exec
|
||||
set :backend, :exec
|
||||
|
||||
RSpec.configure do |c|
|
||||
c.before :all do
|
||||
c.path = '/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin'
|
||||
end
|
||||
end
|
@ -1,36 +0,0 @@
|
||||
---
|
||||
- name: Load a variable file based on the OS type, or a default if not found.
|
||||
include_vars: "{{ item }}"
|
||||
with_first_found:
|
||||
- "{{ ansible_distribution }}.yml"
|
||||
- "{{ ansible_os_family }}.yml"
|
||||
- "default.yml"
|
||||
|
||||
- name: Install Dependencies
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
with_items: "{{ test_dependencies }}"
|
||||
|
||||
- name: Get ShellCheck
|
||||
get_url:
|
||||
url: https://github.com/koalaman/shellcheck/releases/download/v0.7.1/shellcheck-v0.7.1.linux.x86_64.tar.xz
|
||||
dest: /tmp/shellcheck.tar.xz
|
||||
|
||||
- name: Install ShellCheck
|
||||
command: tar xvf /tmp/shellcheck.tar.xz -C /usr/bin --strip-components=1
|
||||
args:
|
||||
warn: no
|
||||
creates: /usr/bin/shellcheck
|
||||
|
||||
- name: Install fpm
|
||||
gem:
|
||||
name: fpm
|
||||
state: present
|
||||
user_install: no
|
||||
|
||||
# here the package is installed but a non-zero status code is returned that we ignore
|
||||
- name: Install apk packaging dependencies for Alpine based distros
|
||||
command: bash -lc "gem install etc || :"
|
||||
when:
|
||||
- ansible_os_family == "Alpine"
|
@ -1,36 +0,0 @@
|
||||
---
|
||||
- name: Get OS package type
|
||||
set_fact:
|
||||
os_pkg_type: "{{ item.os_pkg_type }}"
|
||||
when:
|
||||
- item.os_family == ansible_os_family
|
||||
with_items:
|
||||
- os_family: RedHat
|
||||
os_pkg_type: "rpm"
|
||||
- os_family: Debian
|
||||
os_pkg_type: "deb"
|
||||
- os_family: Suse
|
||||
os_pkg_type: "rpm"
|
||||
- os_family: Alpine
|
||||
os_pkg_type: "apk"
|
||||
changed_when: false
|
||||
tags:
|
||||
- skip_ansible_lint
|
||||
|
||||
- name: Get gpg version
|
||||
command: gpg --version
|
||||
register: gpg_version
|
||||
changed_when: False
|
||||
|
||||
- name: Print gpg version
|
||||
debug:
|
||||
msg: "Running test against {{ gpg_version.stdout_lines | first | string }}."
|
||||
changed_when: False
|
||||
|
||||
- name: Copy git-secret src
|
||||
synchronize:
|
||||
src: /opt/workspace/
|
||||
dest: /tmp/git-secret
|
||||
archive: false
|
||||
owner: no
|
||||
recursive: yes
|
@ -1,69 +0,0 @@
|
||||
---
|
||||
- name: Run ci-test
|
||||
command: bash -lc "cd /tmp/git-secret && make test"
|
||||
changed_when: False
|
||||
ignore_errors: yes
|
||||
register: test_results
|
||||
environment:
|
||||
PATH: /usr/local/bin:{{ ansible_env.PATH }}
|
||||
|
||||
- name: Print ci-test results
|
||||
debug:
|
||||
var: test_results.stdout_lines
|
||||
|
||||
- name: Create file when ci-test passes
|
||||
file:
|
||||
path: /.git-secret_test-passed
|
||||
state: touch
|
||||
when:
|
||||
- test_results.rc == 0
|
||||
|
||||
- name: Run lint
|
||||
command: bash -lc "cd /tmp/git-secret && make lint"
|
||||
ignore_errors: yes
|
||||
register: lint_results
|
||||
changed_when: False
|
||||
|
||||
- name: Print lint results
|
||||
debug:
|
||||
var: lint_results.stdout_lines
|
||||
|
||||
- name: Create file when lint passes
|
||||
file:
|
||||
path: /.git-secret_lint-passed
|
||||
state: touch
|
||||
when:
|
||||
- lint_results.rc == 0
|
||||
|
||||
- name: Create git-secret {{ os_pkg_type }} package
|
||||
command: bash -lc "cd /tmp/git-secret && make build-{{ os_pkg_type }}"
|
||||
changed_when: False
|
||||
ignore_errors: yes
|
||||
register: test_results
|
||||
environment:
|
||||
PATH: /usr/local/bin:{{ ansible_env.PATH }}
|
||||
|
||||
- name: Find git-secret {{ os_pkg_type }} file
|
||||
find:
|
||||
paths: /tmp/git-secret/build
|
||||
patterns: "*.{{ os_pkg_type }}"
|
||||
recurse: yes
|
||||
register: pkg_location
|
||||
|
||||
- name: Set git-secret {{ os_pkg_type }} location
|
||||
set_fact:
|
||||
pkg_path: "{{ pkg_location.files | map(attribute='path') | first }}"
|
||||
when:
|
||||
- pkg_location is defined
|
||||
|
||||
- name: Install git-secret {{ os_pkg_type }} package
|
||||
command: bash -lc "{{ item.command }} {{ pkg_path }}"
|
||||
when:
|
||||
- item.os_family == ansible_os_family
|
||||
with_items:
|
||||
- command: "rpm --nodeps --install --force"
|
||||
os_family: "RedHat"
|
||||
- command: "dpkg --force-all --install"
|
||||
os_family: "Debian"
|
||||
- command: "apk add --allow-untrusted"
|
||||
os_family: "Alpine"
|
@ -1,19 +0,0 @@
|
||||
---
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
test_dependencies:
|
||||
- gawk
|
||||
- git
|
||||
- make
|
||||
- man
|
||||
- procps
|
||||
- rsync
|
||||
- ruby
|
||||
- ruby-dev
|
||||
- tar
|
||||
|
||||
build_tools:
|
||||
- make
|
||||
- tar
|
||||
- autoconf
|
||||
- automake
|
||||
- gettext
|
@ -1,19 +0,0 @@
|
||||
---
|
||||
test_dependencies:
|
||||
- gawk
|
||||
- git
|
||||
- make
|
||||
- man
|
||||
- redhat-rpm-config
|
||||
- rpm-build
|
||||
- rsync
|
||||
- ruby-devel
|
||||
- rubygems
|
||||
- rubygems-devel
|
||||
|
||||
build_tools:
|
||||
- ImageMagick
|
||||
- autoconf
|
||||
- automake
|
||||
- texinfo
|
||||
- transfig
|
@ -1,17 +0,0 @@
|
||||
---
|
||||
test_dependencies:
|
||||
- gawk
|
||||
- git
|
||||
- make
|
||||
- man
|
||||
- ruby-dev
|
||||
- rubygems
|
||||
- rsync
|
||||
|
||||
build_tools:
|
||||
- autoconf
|
||||
- automake
|
||||
- build-essential
|
||||
- imagemagick
|
||||
- texinfo
|
||||
- transfig
|
@ -1,20 +0,0 @@
|
||||
---
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
test_dependencies:
|
||||
- gawk
|
||||
- git
|
||||
- make
|
||||
- man
|
||||
- redhat-rpm-config
|
||||
- rpm-build
|
||||
- rsync
|
||||
- ruby-devel
|
||||
- rubygems
|
||||
- rubygems-devel
|
||||
|
||||
build_tools:
|
||||
- ImageMagick
|
||||
- autoconf
|
||||
- automake
|
||||
- texinfo
|
||||
- transfig
|
@ -1,18 +0,0 @@
|
||||
---
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
test_dependencies:
|
||||
- gawk
|
||||
- git
|
||||
- make
|
||||
- man
|
||||
- ruby-dev
|
||||
- rubygems
|
||||
- rsync
|
||||
|
||||
build_tools:
|
||||
- autoconf
|
||||
- automake
|
||||
- build-essential
|
||||
- imagemagick
|
||||
- texinfo
|
||||
- transfig
|
@ -1,17 +0,0 @@
|
||||
---
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
test_dependencies:
|
||||
- gawk
|
||||
- make
|
||||
- git
|
||||
- ruby-dev
|
||||
- rubygems
|
||||
- man
|
||||
|
||||
build_tools:
|
||||
- autoconf
|
||||
- automake
|
||||
- build-essential
|
||||
- imagemagick
|
||||
- texinfo
|
||||
- transfig
|
@ -1 +0,0 @@
|
||||
* text=auto
|
@ -0,0 +1,24 @@
|
||||
name: test
|
||||
|
||||
on:
|
||||
push:
|
||||
pull_request:
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
matrix:
|
||||
docker-based-test:
|
||||
- debian
|
||||
# - ubuntu
|
||||
# - alpine
|
||||
# - fedora
|
||||
# - centos
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Run checks
|
||||
run: GITSECRET_DOCKER_ENV="${{ matrix.docker-based-test }}" make ci
|
@ -1,127 +0,0 @@
|
||||
---
|
||||
driver:
|
||||
name: docker
|
||||
use_sudo: false
|
||||
|
||||
provisioner:
|
||||
# name of the host
|
||||
hosts: test-kitchen
|
||||
# use an ansible playbook to provision our server
|
||||
name: ansible_playbook
|
||||
ansible_verbose: false
|
||||
require_ansible_repo: false
|
||||
require_ansible_omnibus: true
|
||||
ansible_version: 2.9.2
|
||||
require_chef_for_busser: false
|
||||
sudo_command: sudo -E -H
|
||||
idempotency_test: false
|
||||
sudo: true
|
||||
ansible_extra_flags: "-e '{ kitchen_testrun: True }'"
|
||||
additional_copy_path:
|
||||
- ".ci/integration/vars"
|
||||
- ".ci/integration/tasks"
|
||||
|
||||
transport:
|
||||
max_ssh_sessions: 3
|
||||
|
||||
platforms:
|
||||
- name: alpine-latest
|
||||
driver_config:
|
||||
run_command: /sbin/init
|
||||
dockerfile: .Dockerfiles/alpine/latest/Dockerfile
|
||||
platform: alpine
|
||||
volume:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
- <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container
|
||||
run_options:
|
||||
tmpfs:
|
||||
- /run
|
||||
- /run/lock
|
||||
|
||||
- name: debian-latest
|
||||
driver_config:
|
||||
run_command: /lib/systemd/systemd
|
||||
dockerfile: .Dockerfiles/debian/latest/Dockerfile
|
||||
platform: debian
|
||||
cap_add:
|
||||
- SYS_ADMIN
|
||||
volume:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
- <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container
|
||||
run_options:
|
||||
tmpfs:
|
||||
- /run
|
||||
- /run/lock
|
||||
|
||||
- name: fedora-latest
|
||||
driver_config:
|
||||
run_command: /lib/systemd/systemd
|
||||
dockerfile: .Dockerfiles/fedora/latest/Dockerfile
|
||||
platform: fedora
|
||||
cap_add:
|
||||
- SYS_ADMIN
|
||||
volume:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
- <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container
|
||||
run_options:
|
||||
tmpfs:
|
||||
- /run
|
||||
- /run/lock
|
||||
|
||||
- name: ubuntu-latest
|
||||
driver_config:
|
||||
run_command: /lib/systemd/systemd
|
||||
dockerfile: .Dockerfiles/ubuntu/latest/Dockerfile
|
||||
platform: ubuntu
|
||||
cap_add:
|
||||
- SYS_ADMIN
|
||||
volume:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
- <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container
|
||||
run_options:
|
||||
tmpfs:
|
||||
- /run
|
||||
- /run/lock
|
||||
|
||||
- name: ubuntu-rolling
|
||||
driver_config:
|
||||
run_command: /lib/systemd/systemd
|
||||
dockerfile: .Dockerfiles/ubuntu/rolling/Dockerfile
|
||||
platform: ubuntu
|
||||
cap_add:
|
||||
- SYS_ADMIN
|
||||
volume:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
- <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container
|
||||
run_options:
|
||||
tmpfs:
|
||||
- /run
|
||||
- /run/lock
|
||||
|
||||
verifier:
|
||||
name: serverspec
|
||||
sudo_path: true
|
||||
|
||||
suites:
|
||||
# suites found at /test/integration/$test-name
|
||||
# in container @/tmp/kitchen
|
||||
- name: gnupg1
|
||||
verifier:
|
||||
patterns:
|
||||
- roles/git-secret/.ci/integration/gnupg1/serverspec/*_spec.rb
|
||||
excludes:
|
||||
- centos-latest
|
||||
- name: gnupg2
|
||||
verifier:
|
||||
patterns:
|
||||
- roles/git-secret/.ci/integration/gnupg2/serverspec/*_spec.rb
|
||||
excludes:
|
||||
- centos-latest
|
||||
- name: gnupg-git
|
||||
verifier:
|
||||
patterns:
|
||||
- roles/git-secret/.ci/integration/gnupg-git/serverspec/*_spec.rb
|
||||
excludes:
|
||||
- centos-latest
|
||||
- alpine-latest
|
||||
- debian-latest
|
@ -1,146 +0,0 @@
|
||||
dist: xenial
|
||||
|
||||
matrix:
|
||||
fast_finish: true
|
||||
include:
|
||||
#- os: windows
|
||||
# env: GITSECRET_DIST="windows"
|
||||
# sudo: required
|
||||
# language: sh
|
||||
- os: osx
|
||||
env: GITSECRET_DIST="brew"
|
||||
sudo: required
|
||||
language: shell
|
||||
- os: osx
|
||||
name: osx-with-debug-output
|
||||
env: GITSECRET_DIST="brew"; SECRETS_TEST_VERBOSE=1
|
||||
sudo: required
|
||||
language: shell
|
||||
#- os: linux
|
||||
# env: KITCHEN_REGEXP="gnupg1-alpine-latest"; SECRETS_TEST_VERBOSE=1
|
||||
# services: docker
|
||||
# sudo: required
|
||||
# language: ruby
|
||||
# rvm: 2.6
|
||||
- os: linux
|
||||
env: KITCHEN_REGEXP="gnupg1-debian-latest"
|
||||
services: docker
|
||||
sudo: required
|
||||
language: ruby
|
||||
rvm: 2.6
|
||||
- os: linux
|
||||
env: KITCHEN_REGEXP="gnupg1-fedora-latest"
|
||||
services: docker
|
||||
sudo: required
|
||||
language: ruby
|
||||
rvm: 2.6
|
||||
#- os: linux
|
||||
# env: KITCHEN_REGEXP="gnupg1-ubuntu-latest"
|
||||
# services: docker
|
||||
# sudo: required
|
||||
# language: ruby
|
||||
# rvm: 2.6
|
||||
#- os: linux
|
||||
# env: KITCHEN_REGEXP="gnupg1-ubuntu-rolling"
|
||||
# services: docker
|
||||
# sudo: required
|
||||
# language: ruby
|
||||
# rvm: 2.6
|
||||
#- os: linux
|
||||
# env: KITCHEN_REGEXP="gnupg2-alpine-latest"
|
||||
# services: docker
|
||||
# sudo: required
|
||||
# language: ruby
|
||||
# rvm: 2.6
|
||||
# distribute deb on this successful test
|
||||
- os: linux
|
||||
env: KITCHEN_REGEXP="gnupg2-debian-latest"; GITSECRET_DIST="deb"
|
||||
services: docker
|
||||
sudo: required
|
||||
language: ruby
|
||||
rvm: 2.6
|
||||
# distribute rpm on this successful test
|
||||
- os: linux
|
||||
env: KITCHEN_REGEXP="gnupg2-fedora-latest"; GITSECRET_DIST="rpm"
|
||||
services: docker
|
||||
sudo: required
|
||||
language: ruby
|
||||
rvm: 2.6
|
||||
#- os: linux
|
||||
# env: KITCHEN_REGEXP="gnupg2-ubuntu-latest"
|
||||
# services: docker
|
||||
# sudo: required
|
||||
# language: ruby
|
||||
# rvm: 2.6
|
||||
#- os: linux
|
||||
# env: KITCHEN_REGEXP="gnupg2-ubuntu-rolling"
|
||||
# services: docker
|
||||
# sudo: required
|
||||
# language: ruby
|
||||
# rvm: 2.6
|
||||
- os: linux
|
||||
env: KITCHEN_REGEXP="gnupg-git-fedora-latest"
|
||||
services: docker
|
||||
sudo: required
|
||||
language: ruby
|
||||
rvm: 2.6
|
||||
#- os: linux
|
||||
# env: KITCHEN_REGEXP="gnupg-git-ubuntu-latest"
|
||||
# services: docker
|
||||
# sudo: required
|
||||
# language: ruby
|
||||
# rvm: 2.6
|
||||
#- os: linux
|
||||
# env: KITCHEN_REGEXP="gnupg-git-ubuntu-rolling"
|
||||
# services: docker
|
||||
# sudo: required
|
||||
# language: ruby
|
||||
# rvm: 2.6
|
||||
|
||||
before_install:
|
||||
- if [[ "$TRAVIS_OS_NAME" != "windows" ]]; then gem update --system && gem install bundler; fi
|
||||
|
||||
before_script:
|
||||
- chmod +x ".ci/before_script.sh" && ".ci/before_script.sh"
|
||||
|
||||
script:
|
||||
- chmod +x ".ci/script.sh" && ".ci/script.sh"
|
||||
|
||||
before_deploy:
|
||||
- chmod +x ".ci/before_deploy.sh" && ".ci/before_deploy.sh" && chmod +x ".ci/github_release_script.sh"
|
||||
|
||||
deploy:
|
||||
- provider: bintray
|
||||
skip_cleanup: true
|
||||
on:
|
||||
all_branches: true
|
||||
tag: true
|
||||
condition: "$TRAVIS_TAG =~ ^v.*$ && $GITSECRET_DIST == deb"
|
||||
file: "build/deb_descriptor.json"
|
||||
user: "sobolevn"
|
||||
key: "$BINTRAY_API_KEY"
|
||||
passphrase: "$BINTRAY_GPG_PASS"
|
||||
- provider: bintray
|
||||
skip_cleanup: true
|
||||
on:
|
||||
all_branches: true
|
||||
tag: true
|
||||
condition: "$TRAVIS_TAG =~ ^v.*$ && $GITSECRET_DIST == rpm"
|
||||
file: "build/rpm_descriptor.json"
|
||||
user: "sobolevn"
|
||||
key: "$BINTRAY_API_KEY"
|
||||
passphrase: "$BINTRAY_GPG_PASS"
|
||||
- provider: script
|
||||
script: bash .ci/github_release_script.sh
|
||||
on:
|
||||
all_branches: true
|
||||
tag: true
|
||||
condition: "$TRAVIS_TAG =~ ^v.*$ && $GITSECRET_DIST == rpm"
|
||||
|
||||
after_deploy:
|
||||
- chmod +x ".ci/after_deploy.sh" && ".ci/after_deploy.sh"
|
||||
|
||||
notifications:
|
||||
email:
|
||||
on_success: never
|
||||
on_failure: change
|
@ -1,7 +0,0 @@
|
||||
source 'https://rubygems.org'
|
||||
|
||||
gem 'test-kitchen'
|
||||
gem 'serverspec'
|
||||
gem 'kitchen-ansible'
|
||||
gem 'kitchen-docker'
|
||||
gem 'kitchen-verifier-serverspec'
|
@ -1,4 +1,4 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# shellcheck disable=2034
|
||||
GITSECRET_VERSION='0.3.3'
|
||||
GITSECRET_VERSION='0.4.0.alpha1'
|
||||
|
Loading…
Reference in New Issue