diff --git a/.ci/release-ci/alpine/Dockerfile b/.ci/release-ci/alpine/Dockerfile new file mode 100644 index 00000000..d1740761 --- /dev/null +++ b/.ci/release-ci/alpine/Dockerfile @@ -0,0 +1,9 @@ +FROM alpine:3.13 + +LABEL maintainer="mail@sobolevn.me" +LABEL vendor="git-secret team" + +RUN apk add --no-cache --update \ + # Required for our install script: + bash \ + wget diff --git a/.ci/releaser/alpine/Dockerfile b/.ci/releaser/alpine/Dockerfile index bd364cd7..14a74f0f 100644 --- a/.ci/releaser/alpine/Dockerfile +++ b/.ci/releaser/alpine/Dockerfile @@ -3,33 +3,35 @@ # TODO: Move to native image # see: https://github.com/jordansissel/fpm/issues/1782 -# Or we can switch to +# Or we can completely switch to # https://github.com/goreleaser/nfpm FROM alpine:3.13 ENV CODE_DIR='/code' ENV SECRETS_PROJECT_ROOT="$CODE_DIR" +# hadolint ignore=DL4006 RUN apk add --no-cache --update \ - # fpm deps: - ruby \ - ruby-dev \ - ruby-etc \ - gcc \ - libffi-dev \ - make \ - libc-dev \ - rpm \ - tar \ - # Direct dependencies: - bash \ - gawk \ - git \ - gnupg \ - # Assumed to be present: - curl - -# Installing fpm: -RUN gem install --no-document fpm + # fpm deps: + ruby \ + ruby-dev \ + ruby-etc \ + gcc \ + libffi-dev \ + make \ + libc-dev \ + rpm \ + tar \ + # Direct dependencies: + bash \ + gawk \ + git \ + gnupg \ + # Assumed to be present: + curl \ + # Installing `nfpm`, it builds alpine packages: + && curl -sfL https://install.goreleaser.com/github.com/goreleaser/nfpm.sh | sh \ + # Installing `fpm`, it build all other packages: + && gem install --no-document fpm WORKDIR $CODE_DIR diff --git a/.github/workflows/release-ci.yml b/.github/workflows/release-ci.yml index 486ad4ba..60fe102c 100644 --- a/.github/workflows/release-ci.yml +++ b/.github/workflows/release-ci.yml @@ -20,6 +20,8 @@ jobs: release-env: centos - release-type: rpm release-env: fedora + - release-type: apk + release-env: alpine steps: - uses: actions/checkout@v2 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 50ca2281..92500dad 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,6 +8,10 @@ on: jobs: release: + environment: + name: artifactory + url: https://gitsecret.jfrog.io/artifactory + runs-on: ubuntu-latest strategy: matrix: diff --git a/docs/create_posts.sh b/docs/create_posts.sh index ac237bfe..56be2ef6 100644 --- a/docs/create_posts.sh +++ b/docs/create_posts.sh @@ -64,6 +64,7 @@ function copy_install_scripts { # so, installation instructions will always be up-to-date: cp utils/deb/install.sh docs/_includes/install-deb.sh cp utils/rpm/install.sh docs/_includes/install-rpm.sh + cp utils/apk/install.sh docs/_includes/install-akp.sh } diff --git a/docs/installation.md b/docs/installation.md index e3034bc6..68f936cd 100644 --- a/docs/installation.md +++ b/docs/installation.md @@ -53,6 +53,16 @@ You can find the `rpm` repository [here](https://gitsecret.jfrog.io/artifactory/ --- +### Alpine + +You can find the `apk` repository [here](https://gitsecret.jfrog.io/artifactory/git-secret-apk/). + +```bash +{% include install-apk.sh %} +``` + +--- + ### Arch Linux The _Arch_ way to install git-secret is to use the directions for diff --git a/utils/apk/build.sh b/utils/apk/build.sh index 8fce4bb4..ccdfe54b 100644 --- a/utils/apk/build.sh +++ b/utils/apk/build.sh @@ -5,10 +5,23 @@ set -e # shellcheck disable=SC1090,SC1091 source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh" -preinstall_files '-c' +# preinstall_files '-c' # Building .apk package: -cd "$SCRIPT_DEST_DIR" && build_package 'apk' +# cd "$SCRIPT_DEST_DIR" -# Cleaning up: -clean_up_files && cd "$SECRETS_PROJECT_ROOT" +# We need this export for `config.yml` to expand the version properly. +export SCRIPT_VERSION + +# Here's the deal. We use a custom builder here, +# because `fpm` produces a broken package. +# It is possible to install it locally, +# but it fails to be installed from our Artifactory. +# So, we switched. +# But, we only switched one repo for now, +# because we are not sure that other affected packages will be fine. +# And also `fpm` supports more tools: like pacman. +nfpm package \ + -f "$SECRETS_PROJECT_ROOT/utils/apk/config.yml" \ + --packager 'apk' \ + --target "$SCRIPT_DEST_DIR" diff --git a/utils/apk/config.yml b/utils/apk/config.yml new file mode 100644 index 00000000..e5357a02 --- /dev/null +++ b/utils/apk/config.yml @@ -0,0 +1,52 @@ +# Name. (required) +name: git-secret + +# Architecture. (required) +arch: all + +# Platform. +# Defaults to `linux`. +platform: linux + +# Version. (required) +# This will expand any env var you set in the field, eg version: v${SEMVER} +version: $SCRIPT_VERSION +version_schema: none + +# Section. +section: default + +# Priority. +priority: main + +# Maintaner. +maintainer: Nikita Sobolev + +# Description. +# Defaults to `no description given`. +description: A bash-tool to store your private data inside a git repository. + +# Vendor. +vendor: git-secret team + +# Package's homepage. +homepage: https://git-secret.io + +# License. +license: MIT + +# Dependencies. +depends: + - git + - bash + - gnupg + - gawk + - coreutils + +contents: + - src: git-secret + dst: /usr/bin/git-secret + - src: man/man1/*.1 + dst: /usr/share/man/man1 + - src: man/man7/*.7 + dst: /usr/share/man/man7 diff --git a/utils/apk/install.sh b/utils/apk/install.sh new file mode 100644 index 00000000..2bf4efce --- /dev/null +++ b/utils/apk/install.sh @@ -0,0 +1,5 @@ +sh -c "echo 'https://gitsecret.jfrog.io/artifactory/git-secret-apk/all/main'" >> /etc/apk/repositories +wget -O /etc/apk/keys/git-secret-apk.rsa.pub 'https://gitsecret.jfrog.io/artifactory/api/security/keypair/public/repositories/git-secret-apk' +apk update && apk add git-secret +# Testing, that it worked: +git secret --version diff --git a/utils/build-utils.sh b/utils/build-utils.sh index 866a9a52..d1df97cb 100755 --- a/utils/build-utils.sh +++ b/utils/build-utils.sh @@ -43,11 +43,7 @@ function preinstall_files { # Install the manualls: install -m "$EXEC_PERM" -d "$SCRIPT_DEST_DIR/usr/share/man/man1" install -m "$EXEC_PERM" -d "$SCRIPT_DEST_DIR/usr/share/man/man7" - for file in man/man1/* ; do - if [[ "$file" == *.md ]]; then - continue - fi - + for file in man/man1/*.1 ; do install -D "$dir_switch" \ -b -m "$READ_PERM" "$dir_switch" "$file" \ "$SCRIPT_DEST_DIR/usr/share/$file"