Fixes alpine releases, refs #659

2024-10-31 21:20:29 +00:00 · 2021-05-06 13:16:48 +03:00 · 2021-05-06 13:16:48 +03:00 · d2b9184f19
commit d2b9184f19
parent 11daa7fa8f
10 changed files with 124 additions and 30 deletions
--- a/.ci/release-ci/alpine/Dockerfile
+++ b/.ci/release-ci/alpine/Dockerfile
@ -0,0 +1,9 @@
+FROM alpine:3.13
+
+LABEL maintainer="mail@sobolevn.me"
+LABEL vendor="git-secret team"
+
+RUN apk add --no-cache --update \
+  # Required for our install script:
+  bash \
+  wget
--- a/.ci/releaser/alpine/Dockerfile
+++ b/.ci/releaser/alpine/Dockerfile
@ -3,33 +3,35 @@

 # TODO: Move to native image
 # see: https://github.com/jordansissel/fpm/issues/1782
-# Or we can switch to
+# Or we can completely switch to
 # https://github.com/goreleaser/nfpm
 FROM alpine:3.13

 ENV CODE_DIR='/code'
 ENV SECRETS_PROJECT_ROOT="$CODE_DIR"

+# hadolint ignore=DL4006
 RUN apk add --no-cache --update \
-  # fpm deps:
-  ruby \
-  ruby-dev \
-  ruby-etc \
-  gcc \
-  libffi-dev \
-  make \
-  libc-dev \
-  rpm \
-  tar \
-  # Direct dependencies:
-  bash \
-  gawk \
-  git \
-  gnupg \
-  # Assumed to be present:
-  curl
-
-# Installing fpm:
-RUN gem install --no-document fpm
+    # fpm deps:
+    ruby \
+    ruby-dev \
+    ruby-etc \
+    gcc \
+    libffi-dev \
+    make \
+    libc-dev \
+    rpm \
+    tar \
+    # Direct dependencies:
+    bash \
+    gawk \
+    git \
+    gnupg \
+    # Assumed to be present:
+    curl \
+  # Installing `nfpm`, it builds alpine packages:
+  && curl -sfL https://install.goreleaser.com/github.com/goreleaser/nfpm.sh | sh \
+  # Installing `fpm`, it build all other packages:
+  && gem install --no-document fpm

 WORKDIR $CODE_DIR
--- a/.github/workflows/release-ci.yml
+++ b/.github/workflows/release-ci.yml
@ -20,6 +20,8 @@ jobs:
            release-env: centos
          - release-type: rpm
            release-env: fedora
+          - release-type: apk
+            release-env: alpine

    steps:
    - uses: actions/checkout@v2
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -8,6 +8,10 @@ on:

 jobs:
  release:
+    environment:
+      name: artifactory
+      url: https://gitsecret.jfrog.io/artifactory
+
    runs-on: ubuntu-latest
    strategy:
      matrix:
--- a/docs/create_posts.sh
+++ b/docs/create_posts.sh
@ -64,6 +64,7 @@ function copy_install_scripts {
  # so, installation instructions will always be up-to-date:
  cp utils/deb/install.sh docs/_includes/install-deb.sh
  cp utils/rpm/install.sh docs/_includes/install-rpm.sh
+  cp utils/apk/install.sh docs/_includes/install-akp.sh
 }


--- a/docs/installation.md
+++ b/docs/installation.md
@ -53,6 +53,16 @@ You can find the `rpm` repository [here](https://gitsecret.jfrog.io/artifactory/

 ---

+### Alpine
+
+You can find the `apk` repository [here](https://gitsecret.jfrog.io/artifactory/git-secret-apk/).
+
+```bash
+{% include install-apk.sh %}
+```
+
+---
+
 ### Arch Linux

 The _Arch_ way to install git-secret is to use the directions for
--- a/utils/apk/build.sh
+++ b/utils/apk/build.sh
@ -5,10 +5,23 @@ set -e
 # shellcheck disable=SC1090,SC1091
 source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"

-preinstall_files '-c'
+# preinstall_files '-c'

 # Building .apk package:
-cd "$SCRIPT_DEST_DIR" && build_package 'apk'
+# cd "$SCRIPT_DEST_DIR"

-# Cleaning up:
-clean_up_files && cd "$SECRETS_PROJECT_ROOT"
+# We need this export for `config.yml` to expand the version properly.
+export SCRIPT_VERSION
+
+# Here's the deal. We use a custom builder here,
+# because `fpm` produces a broken package.
+# It is possible to install it locally,
+# but it fails to be installed from our Artifactory.
+# So, we switched.
+# But, we only switched one repo for now,
+# because we are not sure that other affected packages will be fine.
+# And also `fpm` supports more tools: like pacman.
+nfpm package \
+  -f "$SECRETS_PROJECT_ROOT/utils/apk/config.yml" \
+  --packager 'apk' \
+  --target "$SCRIPT_DEST_DIR"
--- a/utils/apk/config.yml
+++ b/utils/apk/config.yml
@ -0,0 +1,52 @@
+# Name. (required)
+name: git-secret
+
+# Architecture. (required)
+arch: all
+
+# Platform.
+# Defaults to `linux`.
+platform: linux
+
+# Version. (required)
+# This will expand any env var you set in the field, eg version: v${SEMVER}
+version: $SCRIPT_VERSION
+version_schema: none
+
+# Section.
+section: default
+
+# Priority.
+priority: main
+
+# Maintaner.
+maintainer: Nikita Sobolev <mail@sobolevn.me>
+
+# Description.
+# Defaults to `no description given`.
+description: A bash-tool to store your private data inside a git repository.
+
+# Vendor.
+vendor: git-secret team
+
+# Package's homepage.
+homepage: https://git-secret.io
+
+# License.
+license: MIT
+
+# Dependencies.
+depends:
+  - git
+  - bash
+  - gnupg
+  - gawk
+  - coreutils
+
+contents:
+  - src: git-secret
+    dst: /usr/bin/git-secret
+  - src: man/man1/*.1
+    dst: /usr/share/man/man1
+  - src: man/man7/*.7
+    dst: /usr/share/man/man7
--- a/utils/apk/install.sh
+++ b/utils/apk/install.sh
@ -0,0 +1,5 @@
+sh -c "echo 'https://gitsecret.jfrog.io/artifactory/git-secret-apk/all/main'" >> /etc/apk/repositories
+wget -O /etc/apk/keys/git-secret-apk.rsa.pub 'https://gitsecret.jfrog.io/artifactory/api/security/keypair/public/repositories/git-secret-apk'
+apk update && apk add git-secret
+# Testing, that it worked:
+git secret --version
--- a/utils/build-utils.sh
+++ b/utils/build-utils.sh
@ -43,11 +43,7 @@ function preinstall_files {
  # Install the manualls:
  install -m "$EXEC_PERM" -d "$SCRIPT_DEST_DIR/usr/share/man/man1"
  install -m "$EXEC_PERM" -d "$SCRIPT_DEST_DIR/usr/share/man/man7"
-  for file in man/man1/* ; do
-    if [[ "$file" == *.md ]]; then
-      continue
-    fi
-
+  for file in man/man1/*.1 ; do
    install -D "$dir_switch" \
      -b -m "$READ_PERM" "$dir_switch" "$file" \
      "$SCRIPT_DEST_DIR/usr/share/$file"