Fixes alpine releases, refs #659

.ci/release-ci/alpine/Dockerfile

@@ -0,0 +1,9 @@
+FROM alpine:3.13
+
+LABEL maintainer="mail@sobolevn.me"
+LABEL vendor="git-secret team"
+
+RUN apk add --no-cache --update \
+  # Required for our install script:
+  bash \
+  wget

.ci/releaser/alpine/Dockerfile

@@ -3,33 +3,35 @@
 
 # TODO: Move to native image
 # see: https://github.com/jordansissel/fpm/issues/1782
-# Or we can switch to
+# Or we can completely switch to
 # https://github.com/goreleaser/nfpm
 FROM alpine:3.13
 
 ENV CODE_DIR='/code'
 ENV SECRETS_PROJECT_ROOT="$CODE_DIR"
 
+# hadolint ignore=DL4006
 RUN apk add --no-cache --update \
-  # fpm deps:
-  ruby \
-  ruby-dev \
-  ruby-etc \
-  gcc \
-  libffi-dev \
-  make \
-  libc-dev \
-  rpm \
-  tar \
-  # Direct dependencies:
-  bash \
-  gawk \
-  git \
-  gnupg \
-  # Assumed to be present:
-  curl
-
-# Installing fpm:
-RUN gem install --no-document fpm
+    # fpm deps:
+    ruby \
+    ruby-dev \
+    ruby-etc \
+    gcc \
+    libffi-dev \
+    make \
+    libc-dev \
+    rpm \
+    tar \
+    # Direct dependencies:
+    bash \
+    gawk \
+    git \
+    gnupg \
+    # Assumed to be present:
+    curl \
+  # Installing `nfpm`, it builds alpine packages:
+  && curl -sfL https://install.goreleaser.com/github.com/goreleaser/nfpm.sh | sh \
+  # Installing `fpm`, it build all other packages:
+  && gem install --no-document fpm
 
 WORKDIR $CODE_DIR

.github/workflows/release-ci.yml

@@ -20,6 +20,8 @@ jobs:
             release-env: centos
           - release-type: rpm
             release-env: fedora
+          - release-type: apk
+            release-env: alpine
 
     steps:
     - uses: actions/checkout@v2

.github/workflows/release.yml

@@ -8,6 +8,10 @@ on:
 
 jobs:
   release:
+    environment:
+      name: artifactory
+      url: https://gitsecret.jfrog.io/artifactory
+
     runs-on: ubuntu-latest
     strategy:
       matrix:

docs/create_posts.sh

@@ -64,6 +64,7 @@ function copy_install_scripts {
   # so, installation instructions will always be up-to-date:
   cp utils/deb/install.sh docs/_includes/install-deb.sh
   cp utils/rpm/install.sh docs/_includes/install-rpm.sh
+  cp utils/apk/install.sh docs/_includes/install-akp.sh
 }
 
 

docs/installation.md

@@ -53,6 +53,16 @@ You can find the `rpm` repository [here](https://gitsecret.jfrog.io/artifactory/
 
 ---
 
+### Alpine
+
+You can find the `apk` repository [here](https://gitsecret.jfrog.io/artifactory/git-secret-apk/).
+
+```bash
+{% include install-apk.sh %}
+```
+
+---
+
 ### Arch Linux
 
 The _Arch_ way to install git-secret is to use the directions for

utils/apk/build.sh

@@ -5,10 +5,23 @@ set -e
 # shellcheck disable=SC1090,SC1091
 source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
 
-preinstall_files '-c'
+# preinstall_files '-c'
 
 # Building .apk package:
-cd "$SCRIPT_DEST_DIR" && build_package 'apk'
+# cd "$SCRIPT_DEST_DIR"
 
-# Cleaning up:
-clean_up_files && cd "$SECRETS_PROJECT_ROOT"
+# We need this export for `config.yml` to expand the version properly.
+export SCRIPT_VERSION
+
+# Here's the deal. We use a custom builder here,
+# because `fpm` produces a broken package.
+# It is possible to install it locally,
+# but it fails to be installed from our Artifactory.
+# So, we switched.
+# But, we only switched one repo for now,
+# because we are not sure that other affected packages will be fine.
+# And also `fpm` supports more tools: like pacman.
+nfpm package \
+  -f "$SECRETS_PROJECT_ROOT/utils/apk/config.yml" \
+  --packager 'apk' \
+  --target "$SCRIPT_DEST_DIR"

utils/apk/config.yml

@@ -0,0 +1,52 @@
+# Name. (required)
+name: git-secret
+
+# Architecture. (required)
+arch: all
+
+# Platform.
+# Defaults to `linux`.
+platform: linux
+
+# Version. (required)
+# This will expand any env var you set in the field, eg version: v${SEMVER}
+version: $SCRIPT_VERSION
+version_schema: none
+
+# Section.
+section: default
+
+# Priority.
+priority: main
+
+# Maintaner.
+maintainer: Nikita Sobolev <mail@sobolevn.me>
+
+# Description.
+# Defaults to `no description given`.
+description: A bash-tool to store your private data inside a git repository.
+
+# Vendor.
+vendor: git-secret team
+
+# Package's homepage.
+homepage: https://git-secret.io
+
+# License.
+license: MIT
+
+# Dependencies.
+depends:
+  - git
+  - bash
+  - gnupg
+  - gawk
+  - coreutils
+
+contents:
+  - src: git-secret
+    dst: /usr/bin/git-secret
+  - src: man/man1/*.1
+    dst: /usr/share/man/man1
+  - src: man/man7/*.7
+    dst: /usr/share/man/man7

utils/apk/install.sh

@@ -0,0 +1,5 @@
+sh -c "echo 'https://gitsecret.jfrog.io/artifactory/git-secret-apk/all/main'" >> /etc/apk/repositories
+wget -O /etc/apk/keys/git-secret-apk.rsa.pub 'https://gitsecret.jfrog.io/artifactory/api/security/keypair/public/repositories/git-secret-apk'
+apk update && apk add git-secret
+# Testing, that it worked:
+git secret --version

utils/build-utils.sh

@@ -43,11 +43,7 @@ function preinstall_files {
   # Install the manualls:
   install -m "$EXEC_PERM" -d "$SCRIPT_DEST_DIR/usr/share/man/man1"
   install -m "$EXEC_PERM" -d "$SCRIPT_DEST_DIR/usr/share/man/man7"
-  for file in man/man1/* ; do
-    if [[ "$file" == *.md ]]; then
-      continue
-    fi
-
+  for file in man/man1/*.1 ; do
     install -D "$dir_switch" \
       -b -m "$READ_PERM" "$dir_switch" "$file" \
       "$SCRIPT_DEST_DIR/usr/share/$file"