Archives
/
git-secret
mirror of https://github.com/sobolevn/git-secret
2
1
Fork 0
Code Issues Projects Releases Wiki Activity

[WIP] New CI

Browse Source
pull/662/head
sobolevn 3 years ago committed by Nikita Sobolev
parent 4dca9f3701
commit 8f7b9c51de
33 changed files with 59 additions and 1029 deletions
Show Stats Download Patch File Download Diff File

15
.ci/after_deploy.sh
Unescape Escape View File

@ -1,15 +0,0 @@
#!/usr/bin/env bash
set -e
# This file is required, because for some reason
# travis deploys do not trigger metadata calculation.
# See: https://github.com/sobolevn/git-secret/issues/89
# This file is only called after successful deploy.
# We need to execute custom call to the Bintray API:
curl -X POST \
--user "sobolevn:$BINTRAY_API_KEY" \
-H "X-GPG-PASSPHRASE: $BINTRAY_GPG_PASS" \
"https://api.bintray.com/calc_metadata/sobolevn/$GITSECRET_DIST"

24
.ci/ansible-setup.sh
Unescape Escape View File

@ -1,24 +0,0 @@
#!/bin/sh
## Script is specifically for use on travis-ci
set -e
## This is an example setup script that you would encapsulate the installation
# What version of avm setup to use
echo "Setting up Ansible Version Manager"
AVM_VERSION="v1.0.0"
## Install Ansible using pip and label it
export ANSIBLE_VERSIONS_0="2.9.2.0"
export INSTALL_TYPE_0="pip"
export ANSIBLE_LABEL_0="v2.9"
# Whats the default version
export ANSIBLE_DEFAULT_VERSION="v2.9"
## Create a temp dir to download avm
avm_dir="$(mktemp -d 2> /dev/null || mktemp -d -t 'mytmpdir')"
git clone https://github.com/ahelal/avm.git "${avm_dir}" > /dev/null 2>&1
## Run the setup
/bin/sh ${avm_dir}/setup.sh
exit 0

18
.ci/docker/debian/Dockerfile
Unescape Escape View File

@ -0,0 +1,18 @@
FROM debian:10.9-slim
ENV DEBIAN_FRONTEND="noninteractive"
RUN apt-get update \
&& apt-get upgrade -y \
&& apt-get install -y \
# Direct dependencies:
curl \
gawk \
git \
gnupg \
# Assumed to be present:
procps \
make \
# Cleaning cache:
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
&& apt-get clean -y && rm -rf /var/lib/apt/lists/*

4
.ci/github_release_script.sh
Unescape Escape View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
# https://github.com/travis-ci/dpl/issues/155
# https://gist.github.com/Jaskaranbir/d5b065173b3a6f164e47a542472168c1
@ -10,7 +10,7 @@ echo "LAST_RELEASE_TAG=$LAST_RELEASE_TAG"
# An automatic changelog generator
gem install github_changelog_generator
# move the manual log out of the way else it will be used by the tool.
# move the manual log out of the way else it will be used by the tool.
rm CHANGELOG.md
# Generate CHANGELOG.md

153
.ci/integration/gnupg-git/default.yml
Unescape Escape View File

@ -1,153 +0,0 @@
---
# host to test against
- hosts: test-kitchen
remote_user: root
tasks:
- include_tasks: tasks/dependencies.yml
- name: Install build tools
package:
name: "{{ item }}"
with_items: "{{ build_tools }}"
- name: Check whether deb-src repos are enabled
command: grep -c -e "^deb-src.*" /etc/apt/sources.list
register: deb_src_check
ignore_errors: yes
when:
- ansible_os_family == "Debian"
- name: Set deb-src check results
set_fact:
deb_src_check_result: "{{ deb_src_check.stdout | default(0) }}"
- name: Enable Ubuntu main & restricted source repo
replace:
path: '/etc/apt/sources.list'
regexp: '^(#\s)(.*main\srestricted)$'
replace: '\2 # enabled'
when:
- ansible_distribution == "Ubuntu"
- deb_src_check_result|int < 1
- name: Remove dpkg excludes on Ubuntu
replace:
path: '/etc/dpkg/dpkg.cfg.d/excludes'
regexp: '^(path-exclude=/usr/share/man/.*)'
replace: '#\1'
when:
- ansible_distribution == "Ubuntu"
- name: Enable Debian source repos
replace:
path: '/etc/apt/sources.list'
regexp: '^(deb)(.*)$'
replace: '\1\2\ndeb-src\2'
when:
- ansible_distribution == "Debian"
- deb_src_check_result|int < 1
- name: Install gnupg build dependencies for Debian based distros
apt:
name: gnupg2
state: build-dep
update_cache: yes
when:
- ansible_os_family == "Debian"
- name: Install gnupg build dependencies for RedHat based distros
command: bash -lc "dnf -y install 'dnf-command(builddep)' && dnf builddep -y gnupg2"
when:
- ansible_os_family == "RedHat"
- name: Install gnupg build dependencies for Alpine based distros
command: bash -lc "apk add gnutls-dev libksba-dev libgcrypt-dev libgpg-error-dev npth-dev zlib-dev libassuan-dev bzip2-dev sqlite-dev libusb-dev"
when:
- ansible_os_family == "Alpine"
- name: Install rspec in /usr/local/bin for RedHat based distros
command: bash -lc "gem install -n /usr/local/bin rspec"
when:
- ansible_os_family == "RedHat"
- name: Make directory /usr/local/src/ for Alpine based distros
command: bash -lc "mkdir -p /usr/local/src/"
when:
- ansible_os_family == "Alpine"
- name: Set gnupg src directory
set_fact:
gpg_src_path: /usr/local/src/gpg-gnupg
- name: Get GnuPG from github
git:
repo: 'https://github.com/gpg/gnupg.git'
dest: "{{ gpg_src_path }}"
update: true
- name: get latest tag name
shell: "git describe --tags `git rev-list --tags --max-count=1`"
args:
chdir: "{{ gpg_src_path }}"
register: latest_tag
- name: Checkout latest tag
git:
repo: 'https://github.com/gpg/gnupg.git'
dest: "{{ gpg_src_path }}"
version: "{{ latest_tag.stdout }}"
- name: Run gnupg autogen
command: bash -lc "cd {{ gpg_src_path }} && ./autogen.sh "
changed_when: False
- name: Disable development msg for gnupg
lineinfile:
path: "{{ gpg_src_path }}/configure"
regexp: '^development_version=.*'
line: 'development_version=no'
- name: Set gnupg build config
set_fact:
gpg_build_config: >-
--sysconfdir=/etc
--prefix=/usr
--enable-symcryptrun
--docdir=/usr/share/doc/gnupg-2.2.0
--disable-rpath
--enable-maintainer-mode
changed_when: False
- name: Configure gnupg build
command: bash -lc "cd {{ gpg_src_path }} && ./configure {{ gpg_build_config }}"
changed_when: False
# disable gnupg doc build on alpine as it is not detecting an absence of graphical tools such as fig2dev on alpine
- name: Disable making docs on Alpine
lineinfile:
path: "{{ gpg_src_path }}/Makefile"
regexp: '^doc = doc$'
line: 'doc = '
when:
- ansible_os_family == "Alpine"
# disable gnupg doc build on Ubuntu-Rolling because it won't build
# ( See https://travis-ci.org/sobolevn/git-secret/jobs/439870332 )
- name: Disable making docs on Ubuntu-Rolling
lineinfile:
path: "{{ gpg_src_path }}/Makefile"
regexp: '^doc = doc$'
line: 'doc = '
when:
- ansible_distribution == "Ubuntu"
- name: Compile gnupg src
command: bash -lc "cd {{ gpg_src_path }} && make"
changed_when: False
- name: Install compiled gnupg
command: bash -lc "cd {{ gpg_src_path }} && make install"
changed_when: False
- include_tasks: tasks/prep-tests.yml
- include_tasks: tasks/run-tests.yml

53
.ci/integration/gnupg-git/serverspec/default_spec.rb
Unescape Escape View File

@ -1,53 +0,0 @@
require_relative './spec_helper'
describe 'git-secret::test' do
describe package('git-secret') do
it { should be_installed }
end
if host_inventory['platform'] == 'fedora'
describe command('find /tmp/git-secret/build -name "*.rpm"') do
its(:stdout) { should match /git-secret.*rpm/ }
end
elsif host_inventory['platform'] == 'alpine'
describe command('find /tmp/git-secret/build -name "*.apk"') do
its(:stdout) { should match /git-secret.*apk/ }
end
else
describe command('find /tmp/git-secret/build -name "*.deb"') do
its(:stdout) { should match /git-secret.*deb/ }
end
end
describe file('/.git-secret_test-passed') do
it { should exist }
end
describe file('/.git-secret_lint-passed') do
it { should exist }
end
if host_inventory['platform'] == 'fedora'
describe command('rpm --query --info git-secret') do
its(:exit_status) { should eq 0 }
end
elsif host_inventory['platform'] == 'alpine'
describe command('apk info git-secret') do
its(:exit_status) { should eq 0 }
end
else
describe command('dpkg-query --status git-secret') do
its(:exit_status) { should eq 0 }
end
end
describe command('man -w "git-secret"') do
its(:exit_status) { should eq 0 }
end
describe command('man -w "git-secret-init"') do
its(:exit_status) { should eq 0 }
end
end

11
.ci/integration/gnupg-git/serverspec/spec_helper.rb
Unescape Escape View File

@ -1,11 +0,0 @@
require 'serverspec'
# :backend can be either :exec or :ssh
# since we are running local we use :exec
set :backend, :exec
RSpec.configure do |c|
c.before :all do
c.path = '/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin'
end
end

46
.ci/integration/gnupg1/default.yml
Unescape Escape View File

@ -1,46 +0,0 @@
---
# host to test against
- hosts: test-kitchen
remote_user: root
tasks:
- include_tasks: tasks/dependencies.yml
- name: Remove dpkg excludes on Ubuntu
replace:
path: '/etc/dpkg/dpkg.cfg.d/excludes'
regexp: '^(path-exclude=/usr/share/man/.*)'
replace: '#\1'
when:
- ansible_distribution == "Ubuntu"
- name: Install gnupg
package:
name: "{{ item.name }}"
state: present
when:
- ansible_distribution == item.distribution
with_items:
- name: gnupg1
distribution: Alpine
- name: gnupg1
distribution: Fedora
- name: gnupg1
distribution: Debian
- name: gnupg1
distribution: Alpine
- name: Check for gpg1 binary
stat:
path: /usr/bin/gpg1
register: gpg1
- name: Make gpg1 default binary
file:
src: /usr/bin/gpg1
dest: /usr/bin/gpg
state: link
force: yes
when: gpg1.stat.exists
- include_tasks: tasks/prep-tests.yml
- include_tasks: tasks/run-tests.yml

53
.ci/integration/gnupg1/serverspec/default_spec.rb
Unescape Escape View File

@ -1,53 +0,0 @@
require_relative './spec_helper'
describe 'git-secret::test' do
describe package('git-secret') do
it { should be_installed }
end
if host_inventory['platform'] == 'fedora' || host_inventory['platform'] == 'redhat'
describe command('find /tmp/git-secret/build -name "*.rpm"') do
its(:stdout) { should match /git-secret.*rpm/ }
end
elsif host_inventory['platform'] == 'alpine'
describe command('find /tmp/git-secret/build -name "*.apk"') do
its(:stdout) { should match /git-secret.*apk/ }
end
else
describe command('find /tmp/git-secret/build -name "*.deb"') do
its(:stdout) { should match(/git-secret.*deb/) }
end
end
describe file('/.git-secret_test-passed') do
it { should exist }
end
describe file('/.git-secret_lint-passed') do
it { should exist }
end
if host_inventory['platform'] == 'fedora' || host_inventory['platform'] == 'redhat'
describe command('rpm --query --info git-secret') do
its(:exit_status) { should eq 0 }
end
elsif host_inventory['platform'] == 'alpine'
describe command('apk info git-secret') do
its(:exit_status) { should eq 0 }
end
else
describe command('dpkg-query --status git-secret') do
its(:exit_status) { should eq 0 }
end
end
describe command('man -w "git-secret"') do
its(:exit_status) { should eq 0 }
end
describe command('man -w "git-secret-init"') do
its(:exit_status) { should eq 0 }
end
end

11
.ci/integration/gnupg1/serverspec/spec_helper.rb
Unescape Escape View File

@ -1,11 +0,0 @@
require 'serverspec'
# :backend can be either :exec or :ssh
# since we are running local we use :exec
set :backend, :exec
RSpec.configure do |c|
c.before :all do
c.path = '/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin'
end
end

50
.ci/integration/gnupg2/default.yml
Unescape Escape View File

@ -1,50 +0,0 @@
---
# host to test against
- hosts: test-kitchen
remote_user: root
tasks:
- include_tasks: tasks/dependencies.yml
- name: Remove dpkg excludes on Ubuntu
replace:
path: '/etc/dpkg/dpkg.cfg.d/excludes'
regexp: '^(path-exclude=/usr/share/man/.*)'
replace: '#\1'
when:
- ansible_distribution == "Ubuntu"
- name: Install gnupg
package:
name: "{{ item.name }}"
state: present
when:
- ansible_distribution == item.distribution
with_items:
- name: gnupg
distribution: Alpine
- name: gnupg2
distribution: Fedora
- name: gnupg2
distribution: Ubuntu
- name: gnupg
distribution: Debian
- name: gnupg
distribution: Alpine
- name: Check for gpg2 binary
stat:
path: /usr/bin/gpg2
register: gpg2
- name: Make gpg2 default binary
file:
src: /usr/bin/gpg2
dest: /usr/bin/gpg
state: link
force: yes
when:
- gpg2.stat.exists
- gpg2.stat.islnk == False
- include_tasks: tasks/prep-tests.yml
- include_tasks: tasks/run-tests.yml

53
.ci/integration/gnupg2/serverspec/default_spec.rb
Unescape Escape View File

@ -1,53 +0,0 @@
require_relative './spec_helper'
describe 'git-secret::test' do
describe package('git-secret') do
it { should be_installed }
end
if host_inventory['platform'] == 'fedora' || host_inventory['platform'] == 'redhat'
describe command('find /tmp/git-secret/build -name "*.rpm"') do
its(:stdout) { should match(/git-secret.*rpm/) }
end
elsif host_inventory['platform'] == 'alpine'
describe command('find /tmp/git-secret/build -name "*.apk"') do
its(:stdout) { should match /git-secret.*apk/ }
end
else
describe command('find /tmp/git-secret/build -name "*.deb"') do
its(:stdout) { should match(/git-secret.*deb/) }
end
end
describe file('/.git-secret_test-passed') do
it { should exist }
end
describe file('/.git-secret_lint-passed') do
it { should exist }
end
if host_inventory['platform'] == 'fedora' || host_inventory['platform'] == 'redhat'
describe command('rpm --query --info git-secret') do
its(:exit_status) { should eq 0 }
end
elsif host_inventory['platform'] == 'alpine'
describe command('apk info git-secret') do
its(:exit_status) { should eq 0 }
end
else
describe command('dpkg-query --status git-secret') do
its(:exit_status) { should eq 0 }
end
end
describe command('man -w "git-secret"') do
its(:exit_status) { should eq 0 }
end
describe command('man -w "git-secret-init"') do
its(:exit_status) { should eq 0 }
end
end

11
.ci/integration/gnupg2/serverspec/spec_helper.rb
Unescape Escape View File

@ -1,11 +0,0 @@
require 'serverspec'
# :backend can be either :exec or :ssh
# since we are running local we use :exec
set :backend, :exec
RSpec.configure do |c|
c.before :all do
c.path = '/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin'
end
end

36
.ci/integration/tasks/dependencies.yml
Unescape Escape View File

@ -1,36 +0,0 @@
---
- name: Load a variable file based on the OS type, or a default if not found.
include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution }}.yml"
- "{{ ansible_os_family }}.yml"
- "default.yml"
- name: Install Dependencies
package:
name: "{{ item }}"
state: present
with_items: "{{ test_dependencies }}"
- name: Get ShellCheck
get_url:
url: https://github.com/koalaman/shellcheck/releases/download/v0.7.1/shellcheck-v0.7.1.linux.x86_64.tar.xz
dest: /tmp/shellcheck.tar.xz
- name: Install ShellCheck
command: tar xvf /tmp/shellcheck.tar.xz -C /usr/bin --strip-components=1
args:
warn: no
creates: /usr/bin/shellcheck
- name: Install fpm
gem:
name: fpm
state: present
user_install: no
# here the package is installed but a non-zero status code is returned that we ignore
- name: Install apk packaging dependencies for Alpine based distros
command: bash -lc "gem install etc || :"
when:
- ansible_os_family == "Alpine"

36
.ci/integration/tasks/prep-tests.yml
Unescape Escape View File

@ -1,36 +0,0 @@
---
- name: Get OS package type
set_fact:
os_pkg_type: "{{ item.os_pkg_type }}"
when:
- item.os_family == ansible_os_family
with_items:
- os_family: RedHat
os_pkg_type: "rpm"
- os_family: Debian
os_pkg_type: "deb"
- os_family: Suse
os_pkg_type: "rpm"
- os_family: Alpine
os_pkg_type: "apk"
changed_when: false
tags:
- skip_ansible_lint
- name: Get gpg version
command: gpg --version
register: gpg_version
changed_when: False
- name: Print gpg version
debug:
msg: "Running test against {{ gpg_version.stdout_lines | first | string }}."
changed_when: False
- name: Copy git-secret src
synchronize:
src: /opt/workspace/
dest: /tmp/git-secret
archive: false
owner: no
recursive: yes

69
.ci/integration/tasks/run-tests.yml
Unescape Escape View File

@ -1,69 +0,0 @@
---
- name: Run ci-test
command: bash -lc "cd /tmp/git-secret && make test"
changed_when: False
ignore_errors: yes
register: test_results
environment:
PATH: /usr/local/bin:{{ ansible_env.PATH }}
- name: Print ci-test results
debug:
var: test_results.stdout_lines
- name: Create file when ci-test passes
file:
path: /.git-secret_test-passed
state: touch
when:
- test_results.rc == 0
- name: Run lint
command: bash -lc "cd /tmp/git-secret && make lint"
ignore_errors: yes
register: lint_results
changed_when: False
- name: Print lint results
debug:
var: lint_results.stdout_lines
- name: Create file when lint passes
file:
path: /.git-secret_lint-passed
state: touch
when:
- lint_results.rc == 0
- name: Create git-secret {{ os_pkg_type }} package
command: bash -lc "cd /tmp/git-secret && make build-{{ os_pkg_type }}"
changed_when: False
ignore_errors: yes
register: test_results
environment:
PATH: /usr/local/bin:{{ ansible_env.PATH }}
- name: Find git-secret {{ os_pkg_type }} file
find:
paths: /tmp/git-secret/build
patterns: "*.{{ os_pkg_type }}"
recurse: yes
register: pkg_location
- name: Set git-secret {{ os_pkg_type }} location
set_fact:
pkg_path: "{{ pkg_location.files | map(attribute='path') | first }}"
when:
- pkg_location is defined
- name: Install git-secret {{ os_pkg_type }} package
command: bash -lc "{{ item.command }} {{ pkg_path }}"
when:
- item.os_family == ansible_os_family
with_items:
- command: "rpm --nodeps --install --force"
os_family: "RedHat"
- command: "dpkg --force-all --install"
os_family: "Debian"
- command: "apk add --allow-untrusted"
os_family: "Alpine"

19
.ci/integration/vars/Alpine.yml
Unescape Escape View File

@ -1,19 +0,0 @@
---
ansible_python_interpreter: /usr/bin/python3
test_dependencies:
- gawk
- git
- make
- man
- procps
- rsync
- ruby
- ruby-dev
- tar
build_tools:
- make
- tar
- autoconf
- automake
- gettext

19
.ci/integration/vars/CentOS.yml
Unescape Escape View File

@ -1,19 +0,0 @@
---
test_dependencies:
- gawk
- git
- make
- man
- redhat-rpm-config
- rpm-build
- rsync
- ruby-devel
- rubygems
- rubygems-devel
build_tools:
- ImageMagick
- autoconf
- automake
- texinfo
- transfig

17
.ci/integration/vars/Debian.yml
Unescape Escape View File

@ -1,17 +0,0 @@
---
test_dependencies:
- gawk
- git
- make
- man
- ruby-dev
- rubygems
- rsync
build_tools:
- autoconf
- automake
- build-essential
- imagemagick
- texinfo
- transfig

20
.ci/integration/vars/Fedora.yml
Unescape Escape View File

@ -1,20 +0,0 @@
---
ansible_python_interpreter: /usr/bin/python3
test_dependencies:
- gawk
- git
- make
- man
- redhat-rpm-config
- rpm-build
- rsync
- ruby-devel
- rubygems
- rubygems-devel
build_tools:
- ImageMagick
- autoconf
- automake
- texinfo
- transfig

18
.ci/integration/vars/Ubuntu.yml
Unescape Escape View File

@ -1,18 +0,0 @@
---
ansible_python_interpreter: /usr/bin/python3
test_dependencies:
- gawk
- git
- make
- man
- ruby-dev
- rubygems
- rsync
build_tools:
- autoconf
- automake
- build-essential
- imagemagick
- texinfo
- transfig

17
.ci/integration/vars/default.yml
Unescape Escape View File

@ -1,17 +0,0 @@
---
ansible_python_interpreter: /usr/bin/python3
test_dependencies:
- gawk
- make
- git
- ruby-dev
- rubygems
- man
build_tools:
- autoconf
- automake
- build-essential
- imagemagick
- texinfo
- transfig

11
.editorconfig
Unescape Escape View File

@ -8,17 +8,6 @@ indent_style = space
trim_trailing_whitespace = true
end_of_line = lf
insert_final_newline = true
[*.json]
indent_size = 2
[*.py]
indent_size = 4
[*.sh]
indent_size = 2
[*.bats]
indent_size = 2
[Makefile]

1
.gitattributes vendored
Unescape Escape View File

@ -1 +0,0 @@
* text=auto

24
.github/workflows/test.yml vendored
Unescape Escape View File

@ -0,0 +1,24 @@
name: test
on:
push:
pull_request:
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
docker-based-test:
- debian
# - ubuntu
# - alpine
# - fedora
# - centos
steps:
- uses: actions/checkout@v2
- name: Run checks
run: GITSECRET_DOCKER_ENV="${{ matrix.docker-based-test }}" make ci

127
.kitchen.yml
Unescape Escape View File

@ -1,127 +0,0 @@
---
driver:
name: docker
use_sudo: false
provisioner:
# name of the host
hosts: test-kitchen
# use an ansible playbook to provision our server
name: ansible_playbook
ansible_verbose: false
require_ansible_repo: false
require_ansible_omnibus: true
ansible_version: 2.9.2
require_chef_for_busser: false
sudo_command: sudo -E -H
idempotency_test: false
sudo: true
ansible_extra_flags: "-e '{ kitchen_testrun: True }'"
additional_copy_path:
- ".ci/integration/vars"
- ".ci/integration/tasks"
transport:
max_ssh_sessions: 3
platforms:
- name: alpine-latest
driver_config:
run_command: /sbin/init
dockerfile: .Dockerfiles/alpine/latest/Dockerfile
platform: alpine
volume:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container
run_options:
tmpfs:
- /run
- /run/lock
- name: debian-latest
driver_config:
run_command: /lib/systemd/systemd
dockerfile: .Dockerfiles/debian/latest/Dockerfile
platform: debian
cap_add:
- SYS_ADMIN
volume:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container
run_options:
tmpfs:
- /run
- /run/lock
- name: fedora-latest
driver_config:
run_command: /lib/systemd/systemd
dockerfile: .Dockerfiles/fedora/latest/Dockerfile
platform: fedora
cap_add:
- SYS_ADMIN
volume:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container
run_options:
tmpfs:
- /run
- /run/lock
- name: ubuntu-latest
driver_config:
run_command: /lib/systemd/systemd
dockerfile: .Dockerfiles/ubuntu/latest/Dockerfile
platform: ubuntu
cap_add:
- SYS_ADMIN
volume:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container
run_options:
tmpfs:
- /run
- /run/lock
- name: ubuntu-rolling
driver_config:
run_command: /lib/systemd/systemd
dockerfile: .Dockerfiles/ubuntu/rolling/Dockerfile
platform: ubuntu
cap_add:
- SYS_ADMIN
volume:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container
run_options:
tmpfs:
- /run
- /run/lock
verifier:
name: serverspec
sudo_path: true
suites:
# suites found at /test/integration/$test-name
# in container @/tmp/kitchen
- name: gnupg1
verifier:
patterns:
- roles/git-secret/.ci/integration/gnupg1/serverspec/*_spec.rb
excludes:
- centos-latest
- name: gnupg2
verifier:
patterns:
- roles/git-secret/.ci/integration/gnupg2/serverspec/*_spec.rb
excludes:
- centos-latest
- name: gnupg-git
verifier:
patterns:
- roles/git-secret/.ci/integration/gnupg-git/serverspec/*_spec.rb
excludes:
- centos-latest
- alpine-latest
- debian-latest

146
.travis.yml
Unescape Escape View File

@ -1,146 +0,0 @@
dist: xenial
matrix:
fast_finish: true
include:
#- os: windows
# env: GITSECRET_DIST="windows"
# sudo: required
# language: sh
- os: osx
env: GITSECRET_DIST="brew"
sudo: required
language: shell
- os: osx
name: osx-with-debug-output
env: GITSECRET_DIST="brew"; SECRETS_TEST_VERBOSE=1
sudo: required
language: shell
#- os: linux
# env: KITCHEN_REGEXP="gnupg1-alpine-latest"; SECRETS_TEST_VERBOSE=1
# services: docker
# sudo: required
# language: ruby
# rvm: 2.6
- os: linux
env: KITCHEN_REGEXP="gnupg1-debian-latest"
services: docker
sudo: required
language: ruby
rvm: 2.6
- os: linux
env: KITCHEN_REGEXP="gnupg1-fedora-latest"
services: docker
sudo: required
language: ruby
rvm: 2.6
#- os: linux
# env: KITCHEN_REGEXP="gnupg1-ubuntu-latest"
# services: docker
# sudo: required
# language: ruby
# rvm: 2.6
#- os: linux
# env: KITCHEN_REGEXP="gnupg1-ubuntu-rolling"
# services: docker
# sudo: required
# language: ruby
# rvm: 2.6
#- os: linux
# env: KITCHEN_REGEXP="gnupg2-alpine-latest"
# services: docker
# sudo: required
# language: ruby
# rvm: 2.6
# distribute deb on this successful test
- os: linux
env: KITCHEN_REGEXP="gnupg2-debian-latest"; GITSECRET_DIST="deb"
services: docker
sudo: required
language: ruby
rvm: 2.6
# distribute rpm on this successful test
- os: linux
env: KITCHEN_REGEXP="gnupg2-fedora-latest"; GITSECRET_DIST="rpm"
services: docker
sudo: required
language: ruby
rvm: 2.6
#- os: linux
# env: KITCHEN_REGEXP="gnupg2-ubuntu-latest"
# services: docker
# sudo: required
# language: ruby
# rvm: 2.6
#- os: linux
# env: KITCHEN_REGEXP="gnupg2-ubuntu-rolling"
# services: docker
# sudo: required
# language: ruby
# rvm: 2.6
- os: linux
env: KITCHEN_REGEXP="gnupg-git-fedora-latest"
services: docker
sudo: required
language: ruby
rvm: 2.6
#- os: linux
# env: KITCHEN_REGEXP="gnupg-git-ubuntu-latest"
# services: docker
# sudo: required
# language: ruby
# rvm: 2.6
#- os: linux
# env: KITCHEN_REGEXP="gnupg-git-ubuntu-rolling"
# services: docker
# sudo: required
# language: ruby
# rvm: 2.6
before_install:
- if [[ "$TRAVIS_OS_NAME" != "windows" ]]; then gem update --system && gem install bundler; fi
before_script:
- chmod +x ".ci/before_script.sh" && ".ci/before_script.sh"
script:
- chmod +x ".ci/script.sh" && ".ci/script.sh"
before_deploy:
- chmod +x ".ci/before_deploy.sh" && ".ci/before_deploy.sh" && chmod +x ".ci/github_release_script.sh"
deploy:
- provider: bintray
skip_cleanup: true
on:
all_branches: true
tag: true
condition: "$TRAVIS_TAG =~ ^v.*$ && $GITSECRET_DIST == deb"
file: "build/deb_descriptor.json"
user: "sobolevn"
key: "$BINTRAY_API_KEY"
passphrase: "$BINTRAY_GPG_PASS"
- provider: bintray
skip_cleanup: true
on:
all_branches: true
tag: true
condition: "$TRAVIS_TAG =~ ^v.*$ && $GITSECRET_DIST == rpm"
file: "build/rpm_descriptor.json"
user: "sobolevn"
key: "$BINTRAY_API_KEY"
passphrase: "$BINTRAY_GPG_PASS"
- provider: script
script: bash .ci/github_release_script.sh
on:
all_branches: true
tag: true
condition: "$TRAVIS_TAG =~ ^v.*$ && $GITSECRET_DIST == rpm"
after_deploy:
- chmod +x ".ci/after_deploy.sh" && ".ci/after_deploy.sh"
notifications:
email:
on_success: never
on_failure: change

7
Gemfile
Unescape Escape View File

@ -1,7 +0,0 @@
source 'https://rubygems.org'
gem 'test-kitchen'
gem 'serverspec'
gem 'kitchen-ansible'
gem 'kitchen-docker'
gem 'kitchen-verifier-serverspec'

12
Makefile
Unescape Escape View File

@ -44,6 +44,16 @@ test: clean build
export PATH="$(shell echo $${PWD})/vendor/bats-core/bin:$(shell echo $${PWD}):$(shell echo $${PATH})"; \
"./utils/tests.sh"
# We use this script in CI and you can do this too!
# What happens here?
# 1. We pass `GITSECRET_DOCKER_ENV` variable into this job
# 2. Based on it, we select a proper `docker` image to run test on
# 3. We execute `make test` inside the `docker` container
.PHONY: ci
ci: clean
docker build -f ".ci/docker/$${GITSECRET_DOCKER_ENV}/Dockerfile" -t "$${GITSECRET_DOCKER_ENV}:latest" .
docker run --rm --volume="$${PWD}:/code" -w /code "$${GITSECRET_DOCKER_ENV}" make test
#
# Manuals:
#
@ -157,7 +167,7 @@ deploy-rpm: build-rpm
# make:
.PHONY: test-make-ci
test-make-ci: clean
test-make-ci: clean
chmod +x "./utils/make/make-ci.sh"; sync; \
export SECRET_PROJECT_ROOT="${PWD}"; \
export PATH="${PWD}/vendor/bats-core/bin:${PATH}"; \

2
src/version.sh
Unescape Escape View File

@ -1,4 +1,4 @@
#!/usr/bin/env bash
# shellcheck disable=2034
GITSECRET_VERSION='0.3.3'
GITSECRET_VERSION='0.4.0.alpha1'

5
tests/test_hide_continue.bats
Unescape Escape View File

@ -27,8 +27,9 @@ function teardown {
unset_current_state
}
@test "run 'hide -F' with missing input file" {
mv "$FILE_TO_HIDE" "$FILE_TO_HIDE.was" # move the first file out of the way
mv "$FILE_TO_HIDE" "$FILE_TO_HIDE.was" # move the first file out of the way
run git secret hide -F
#echo "# output of 'git secret hide -F' is: $output" >&3
@ -45,6 +46,6 @@ function teardown {
[ -f "$encrypted_file2" ]
# put back first file so teardown() succeeds
mv "$FILE_TO_HIDE.was" "$FILE_TO_HIDE"
mv "$FILE_TO_HIDE.was" "$FILE_TO_HIDE"
}

0
utils/build-utils.sh
Unescape Escape View File

0
utils/rpm/rpm-build.sh
Unescape Escape View File

Write Preview
Loading…
Cancel
Save