Archives
/
git-secret
mirror of https://github.com/sobolevn/git-secret
2
1
Fork 0
Code Issues Projects Releases Wiki Activity

Add local ci tests.

Browse Source
pull/107/head
Carlos Hernandez 7 years ago
parent fb29858dae
commit c9861a1079
23 changed files with 971 additions and 2 deletions
Show Stats Download Patch File Download Diff File

66
.Dockerfiles/debian/stable/Dockerfile
Unescape Escape View File

@ -0,0 +1,66 @@
FROM debian:stable
ENV DEBIAN_FRONTEND="noninteractive" container="docker"
RUN apt-get update \
&& apt-get upgrade -y \
&& apt-get install -y \
apt-utils \
curl \
locales \
lsb-release \
net-tools \
openssh-server \
python-pip \
python2.7 \
sudo \
systemd \
&& pip install --upgrade pip \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
&& if ! getent passwd <%= @username %>; then \
useradd -d /home/<%= @username %> -m -s /bin/bash -p '*' <%= @username %>; \
fi \
&& echo "<%= @username %> ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \
&& echo "Defaults !requiretty" >> /etc/sudoers \
&& mkdir -p /home/<%= @username %>/.ssh \
&& chown -R <%= @username %> /home/<%= @username %>/.ssh \
&& chmod 0700 /home/<%= @username %>/.ssh \
&& echo '<%= IO.read(@public_key).strip %>' >> /home/<%= @username %>/.ssh/authorized_keys \
&& chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys \
&& chmod 0600 /home/<%= @username %>/.ssh/authorized_keys \
&& echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen \
&& cd /lib/systemd/system/sysinit.target.wants/; ls | grep -v systemd-tmpfiles-setup | /usr/bin/xargs rm -f $1 \
&& /bin/rm -f /lib/systemd/system/multi-user.target.wants/* \
&& /bin/rm -f /etc/systemd/system/*.wants/* \
&& /bin/rm -f /lib/systemd/system/local-fs.target.wants/* \
&& /bin/rm -f /lib/systemd/system/sockets.target.wants/*udev* \
&& /bin/rm -f /lib/systemd/system/sockets.target.wants/*initctl* \
&& /bin/rm -f /lib/systemd/system/basic.target.wants/* \
&& /bin/rm -f /lib/systemd/system/anaconda.target.wants/* \
&& /bin/rm -f /lib/systemd/system/plymouth* \
&& /bin/rm -f /lib/systemd/system/systemd-update-utmp* \
&& sed -ri 's/^#?UsePAM\s+.*/UsePAM no/' /etc/ssh/sshd_config \
&& sed -ri 's/^#?PubkeyAuthentication\s+.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config \
&& sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \
&& echo "UseDNS=no" >> /etc/ssh/sshd_config \
&& systemctl set-default multi-user.target \
&& ln -s /lib/systemd/system/sshd.service /etc/systemd/system/multi-user.target.wants/sshd.service \
&& ln -s /lib/systemd/system/systemd-journald.service /etc/systemd/system/multi-user.target.wants/systemd-journald.service \
&& echo $'[Unit]\
\nDescription=Finish boot up\
\nAfter=ssh.service\
\n\
\n[Service]\
\nType=oneshot\
\nRemainAfterExit=yes\
\nExecStartPre=/bin/sleep 3s\
\nExecStart=/bin/rm -f /run/nologin\
\n\
\n[Install]\
\nWantedBy=default.target' >> /etc/systemd/system/FinishBootUp.service \
&& ln -s /etc/systemd/system/FinishBootUp.service /etc/systemd/system/multi-user.target.wants/FinishBootUp.service
EXPOSE 22
VOLUME [ "/sys/fs/cgroup" ]

69
.Dockerfiles/fedora/latest/Dockerfile
Unescape Escape View File

@ -0,0 +1,69 @@
FROM fedora:latest
ENV container="docker"
RUN dnf clean all \
&& dnf makecache \
&& dnf install -y \
curl \
findutils \
gcc \
glibc-langpack-en.x86_64 \
libffi-devel \
net-tools \
openssh-server \
openssl-devel \
python2-devel \
python2-pip \
redhat-lsb \
redhat-rpm-config \
sudo \
systemd \
&& pip install --upgrade pip \
&& dnf clean all \
&& if ! getent passwd <%= @username %>; then \
useradd -d /home/<%= @username %> -m -s /usr/bin/bash -p '*' <%= @username %>; \
fi \
&& echo "<%= @username %> ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \
&& echo "Defaults !requiretty" >> /etc/sudoers \
&& mkdir -p /home/<%= @username %>/.ssh \
&& chown -R <%= @username %> /home/<%= @username %>/.ssh \
&& chmod 0700 /home/<%= @username %>/.ssh \
&& echo '<%= IO.read(@public_key).strip %>' >> /home/<%= @username %>/.ssh/authorized_keys \
&& chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys \
&& chmod 0600 /home/<%= @username %>/.ssh/authorized_keys \
&& export LANG="en_US.UTF-8" && echo "LANG=\"en_US.UTF-8\"" > /etc/locale.conf \
&& cd /lib/systemd/system/sysinit.target.wants/; ls | grep -v systemd-tmpfiles-setup | /usr/bin/xargs rm -f $1 \
&& /usr/bin/rm -f /lib/systemd/system/multi-user.target.wants/* \
&& /usr/bin/rm -f /etc/systemd/system/*.wants/* \
&& /usr/bin/rm -f /lib/systemd/system/local-fs.target.wants/* \
&& /usr/bin/rm -f /lib/systemd/system/sockets.target.wants/*udev* \
&& /usr/bin/rm -f /lib/systemd/system/sockets.target.wants/*initctl* \
&& /usr/bin/rm -f /lib/systemd/system/basic.target.wants/* \
&& /usr/bin/rm -f /lib/systemd/system/anaconda.target.wants/* \
&& /usr/bin/rm -f /lib/systemd/system/plymouth* \
&& /usr/bin/rm -f /lib/systemd/system/systemd-update-utmp* \
&& sed -ri 's/^#?PubkeyAuthentication\s+.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config \
&& sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \
&& echo "UseDNS=no" >> /etc/ssh/sshd_config \
&& systemctl set-default multi-user.target \
&& ln -s /lib/systemd/system/sshd.service /etc/systemd/system/multi-user.target.wants/sshd.service \
&& ln -s /lib/systemd/system/systemd-journald.service /etc/systemd/system/multi-user.target.wants/systemd-journald.service \
&& echo $'[Unit]\
\nDescription=Finish boot up\
\nAfter=ssh.service\
\n\
\n[Service]\
\nType=oneshot\
\nRemainAfterExit=yes\
\nExecStartPre=/bin/sleep 3s\
\nExecStart=/bin/rm -f /run/nologin\
\n\
\n[Install]\
\nWantedBy=default.target' >> /etc/systemd/system/FinishBootUp.service \
&& ln -s /etc/systemd/system/FinishBootUp.service /etc/systemd/system/multi-user.target.wants/FinishBootUp.service
EXPOSE 22
VOLUME [ "/sys/fs/cgroup" ]

66
.Dockerfiles/ubuntu/latest/Dockerfile
Unescape Escape View File

@ -0,0 +1,66 @@
FROM ubuntu:latest
ENV DEBIAN_FRONTEND="noninteractive" container="docker"
RUN apt-get update \
&& apt-get upgrade -y \
&& apt-get install -y \
apt-utils \
curl \
locales \
lsb-release \
net-tools \
openssh-server \
python-pip \
python2.7 \
sudo \
systemd \
&& pip install --upgrade pip \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
&& if ! getent passwd <%= @username %>; then \
useradd -d /home/<%= @username %> -m -s /bin/bash -p '*' <%= @username %>; \
fi \
&& echo "<%= @username %> ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \
&& echo "Defaults !requiretty" >> /etc/sudoers \
&& mkdir -p /home/<%= @username %>/.ssh \
&& chown -R <%= @username %> /home/<%= @username %>/.ssh \
&& chmod 0700 /home/<%= @username %>/.ssh \
&& echo '<%= IO.read(@public_key).strip %>' >> /home/<%= @username %>/.ssh/authorized_keys \
&& chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys \
&& chmod 0600 /home/<%= @username %>/.ssh/authorized_keys \
&& echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && /usr/sbin/locale-gen \
&& cd /lib/systemd/system/sysinit.target.wants/; ls | grep -v systemd-tmpfiles-setup | xargs rm -f $1 \
&& /bin/rm -f /lib/systemd/system/multi-user.target.wants/* \
&& /bin/rm -f /etc/systemd/system/*.wants/* \
&& /bin/rm -f /lib/systemd/system/local-fs.target.wants/* \
&& /bin/rm -f /lib/systemd/system/sockets.target.wants/*udev* \
&& /bin/rm -f /lib/systemd/system/sockets.target.wants/*initctl* \
&& /bin/rm -f /lib/systemd/system/basic.target.wants/* \
&& /bin/rm -f /lib/systemd/system/anaconda.target.wants/* \
&& /bin/rm -f /lib/systemd/system/plymouth* \
&& /bin/rm -f /lib/systemd/system/systemd-update-utmp* \
&& sed -ri 's/^#?UsePAM\s+.*/UsePAM no/' /etc/ssh/sshd_config \
&& sed -ri 's/^#?PubkeyAuthentication\s+.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config \
&& sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \
&& echo "UseDNS=no" >> /etc/ssh/sshd_config \
&& systemctl set-default multi-user.target \
&& ln -s /lib/systemd/system/sshd.service /etc/systemd/system/multi-user.target.wants/sshd.service \
&& ln -s /lib/systemd/system/systemd-journald.service /etc/systemd/system/multi-user.target.wants/systemd-journald.service \
&& echo $'[Unit]\
\nDescription=Finish boot up\
\nAfter=ssh.service\
\n\
\n[Service]\
\nType=oneshot\
\nRemainAfterExit=yes\
\nExecStartPre=/bin/sleep 3s\
\nExecStart=/bin/rm -f /run/nologin\
\n\
\n[Install]\
\nWantedBy=default.target' >> /etc/systemd/system/FinishBootUp.service \
&& ln -s /etc/systemd/system/FinishBootUp.service /etc/systemd/system/multi-user.target.wants/FinishBootUp.service
EXPOSE 22
VOLUME [ "/sys/fs/cgroup" ]

66
.Dockerfiles/ubuntu/rolling/Dockerfile
Unescape Escape View File

@ -0,0 +1,66 @@
FROM ubuntu:rolling
ENV DEBIAN_FRONTEND="noninteractive" container="docker"
RUN apt-get update \
&& apt-get upgrade -y \
&& apt-get install -y \
apt-utils \
curl \
locales \
lsb-release \
net-tools \
openssh-server \
python-pip \
python2.7 \
sudo \
systemd \
&& pip install --upgrade pip \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
&& if ! getent passwd <%= @username %>; then \
useradd -d /home/<%= @username %> -m -s /bin/bash -p '*' <%= @username %>; \
fi \
&& echo "<%= @username %> ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \
&& echo "Defaults !requiretty" >> /etc/sudoers \
&& mkdir -p /home/<%= @username %>/.ssh \
&& chown -R <%= @username %> /home/<%= @username %>/.ssh \
&& chmod 0700 /home/<%= @username %>/.ssh \
&& echo '<%= IO.read(@public_key).strip %>' >> /home/<%= @username %>/.ssh/authorized_keys \
&& chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys \
&& chmod 0600 /home/<%= @username %>/.ssh/authorized_keys \
&& echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && /usr/sbin/locale-gen \
&& cd /lib/systemd/system/sysinit.target.wants/; ls | grep -v systemd-tmpfiles-setup | xargs rm -f $1 \
&& /bin/rm -f /lib/systemd/system/multi-user.target.wants/* \
&& /bin/rm -f /etc/systemd/system/*.wants/* \
&& /bin/rm -f /lib/systemd/system/local-fs.target.wants/* \
&& /bin/rm -f /lib/systemd/system/sockets.target.wants/*udev* \
&& /bin/rm -f /lib/systemd/system/sockets.target.wants/*initctl* \
&& /bin/rm -f /lib/systemd/system/basic.target.wants/* \
&& /bin/rm -f /lib/systemd/system/anaconda.target.wants/* \
&& /bin/rm -f /lib/systemd/system/plymouth* \
&& /bin/rm -f /lib/systemd/system/systemd-update-utmp* \
&& sed -ri 's/^#?UsePAM\s+.*/UsePAM no/' /etc/ssh/sshd_config \
&& sed -ri 's/^#?PubkeyAuthentication\s+.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config \
&& sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \
&& echo "UseDNS=no" >> /etc/ssh/sshd_config \
&& systemctl set-default multi-user.target \
&& ln -s /lib/systemd/system/sshd.service /etc/systemd/system/multi-user.target.wants/sshd.service \
&& ln -s /lib/systemd/system/systemd-journald.service /etc/systemd/system/multi-user.target.wants/systemd-journald.service \
&& echo $'[Unit]\
\nDescription=Finish boot up\
\nAfter=ssh.service\
\n\
\n[Service]\
\nType=oneshot\
\nRemainAfterExit=yes\
\nExecStartPre=/bin/sleep 3s\
\nExecStart=/bin/rm -f /run/nologin\
\n\
\n[Install]\
\nWantedBy=default.target' >> /etc/systemd/system/FinishBootUp.service \
&& ln -s /etc/systemd/system/FinishBootUp.service /etc/systemd/system/multi-user.target.wants/FinishBootUp.service
EXPOSE 22
VOLUME [ "/sys/fs/cgroup" ]

131
.ci-tests/integration/gnupg-git/default.yml
Unescape Escape View File

@ -0,0 +1,131 @@
---
# host to test against
- hosts: test-kitchen
remote_user: root
tasks:
- include_tasks: tasks/dependencies.yml
- name: Install build tools
package:
name: "{{ item }}"
with_items: "{{ build_tools }}"
- name: Check wether deb-src repos are enabled
command: grep -c -e "^deb-src.*" /etc/apt/sources.list
register: deb_src_check
ignore_errors: yes
when:
- ansible_os_family == "Debian"
- name: Set deb-src check results
set_fact:
deb_src_check_result: "{{ deb_src_check.stdout | default(0) | int }}"
- name: Enable Ubuntu main & restricted source repo
replace:
path: '/etc/apt/sources.list'
regexp: '^(#\s)(.*main\srestricted)$'
replace: '\2 # enabled'
when:
- ansible_distribution == "Ubuntu"
- deb_src_check_result >= 1
- name: Enable Debian source repos
replace:
path: '/etc/apt/sources.list'
regexp: '^(deb)(.*)$'
replace: '\1\2\ndeb-src\2'
when:
- ansible_distribution == "Debian"
- deb_src_check_result >= 1
- name: Install gnupg build dependencies for Debian based distros
apt:
name: gnupg2
state: build-dep
update_cache: yes
when:
- ansible_os_family == "Debian"
- name: Install gnupg build dependencies for RedHat based distros
command: bash -lc "yum --assumeyes install yum-utils && yum-builddep --assumeyes gnupg2"
when:
- ansible_os_family == "RedHat"
- name: Get GnuPG github api content
uri:
url: https://api.github.com/repos/gpg/gnupg/tags
method: GET
return_content: yes
body_format: json
register: gnupg_tags
- name: Set url for latest gnupg release source
set_fact:
gnupg_tarball_url: >-
{{
gnupg_tags.json |
selectattr('name','match','gnupg-2.*') |
map(attribute='tarball_url') | first
}}
- name: Download latest release of gnupg source
get_url:
url: "{{ gnupg_tarball_url }}"
dest: /tmp/gnupg.tar.gz
force: yes
retries: 5
delay: 10
- name: Extract gnupg source tarball
unarchive:
src: /tmp/gnupg.tar.gz
dest: /usr/local/src/
- name: Find gnupg src directory
find:
paths: /usr/local/src
patterns: "gpg-gnupg*"
file_type: directory
recurse: no
register: found_gpg_src
- name: Set gnupg src directory
set_fact:
gpg_src_path: "{{ found_gpg_src.files | map(attribute='path') | first }}"
- name: Run gnupg autogen
command: bash -lc "cd {{ gpg_src_path }} && ./autogen.sh "
changed_when: False
- name: Disable development msg for gnupg
lineinfile:
path: "{{ gpg_src_path }}/configure"
regexp: '^development_version=.*'
line: 'development_version=no'
- name: Set gnupg build config
set_fact:
gpg_build_config: >-
--sysconfdir=/etc
--prefix=/usr
--enable-symcryptrun
--docdir=/usr/share/doc/gnupg-2.2.0
--disable-rpath
--enable-maintainer-mode
changed_when: False
- name: Configure gnupg build
command: bash -lc "cd {{ gpg_src_path }} && ./configure {{ gpg_build_config }}"
changed_when: False
- name: Compile gnupg src
command: bash -lc "cd {{ gpg_src_path }} && make"
changed_when: False
- name: Install compiled gnupg
command: bash -lc "cd {{ gpg_src_path }} && make install"
changed_when: False
- include_tasks: tasks/prep-tests.yml
- include_tasks: tasks/run-tests.yml

45
.ci-tests/integration/gnupg-git/serverspec/default_spec.rb
Unescape Escape View File

@ -0,0 +1,45 @@
require_relative './spec_helper'
describe 'git-secret::test' do
describe package('git-secret') do
it { should be_installed }
end
if host_inventory['platform'] == 'fedora'
describe command('find /tmp/git-secret/build -name "*.rpm"') do
its(:stdout) { should match /git-secret.*rpm/ }
end
else
describe command('find /tmp/git-secret/build -name "*.deb"') do
its(:stdout) { should match /git-secret.*deb/ }
end
end
describe file('/.git-secret_test-passed') do
it { should exist }
end
describe file('/.git-secret_lint-passed') do
it { should exist }
end
if host_inventory['platform'] == 'fedora'
describe command('rpm --query --info git-secret') do
its(:exit_status) { should eq 0 }
end
else
describe command('dpkg-query --status git-secret') do
its(:exit_status) { should eq 0 }
end
end
describe command('man --where "git-secret"') do
its(:exit_status) { should eq 0 }
end
describe command('man --where "git-secret-init"') do
its(:exit_status) { should eq 0 }
end
end

11
.ci-tests/integration/gnupg-git/serverspec/spec_helper.rb
Unescape Escape View File

@ -0,0 +1,11 @@
require 'serverspec'
# :backend can be either :exec or :ssh
# since we are running local we use :exec
set :backend, :exec
RSpec.configure do |c|
c.before :all do
c.path = '/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin'
end
end

34
.ci-tests/integration/gnupg1/default.yml
Unescape Escape View File

@ -0,0 +1,34 @@
---
# host to test against
- hosts: test-kitchen
remote_user: root
tasks:
- include_tasks: tasks/dependencies.yml
- name: Install gnupg
package:
name: "{{ item.name }}"
state: present
when:
- ansible_distribution == item.distribution
with_items:
- name: gnupg
distribution: Fedora
- name: gnupg1
distribution: Debian
- name: Check for gpg1 binary
stat:
path: /usr/bin/gpg1
register: gpg1
- name: Make gpg1 default binary
file:
src: /usr/bin/gpg1
dest: /usr/bin/gpg
state: link
force: yes
when: gpg1.stat.exists
- include_tasks: tasks/prep-tests.yml
- include_tasks: tasks/run-tests.yml

45
.ci-tests/integration/gnupg1/serverspec/default_spec.rb
Unescape Escape View File

@ -0,0 +1,45 @@
require_relative './spec_helper'
describe 'git-secret::test' do
describe package('git-secret') do
it { should be_installed }
end
if host_inventory['platform'] == 'fedora'
describe command('find /tmp/git-secret/build -name "*.rpm"') do
its(:stdout) { should match /git-secret.*rpm/ }
end
else
describe command('find /tmp/git-secret/build -name "*.deb"') do
its(:stdout) { should match /git-secret.*deb/ }
end
end
describe file('/.git-secret_test-passed') do
it { should exist }
end
describe file('/.git-secret_lint-passed') do
it { should exist }
end
if host_inventory['platform'] == 'fedora'
describe command('rpm --query --info git-secret') do
its(:exit_status) { should eq 0 }
end
else
describe command('dpkg-query --status git-secret') do
its(:exit_status) { should eq 0 }
end
end
describe command('man --where "git-secret"') do
its(:exit_status) { should eq 0 }
end
describe command('man --where "git-secret-init"') do
its(:exit_status) { should eq 0 }
end
end

11
.ci-tests/integration/gnupg1/serverspec/spec_helper.rb
Unescape Escape View File

@ -0,0 +1,11 @@
require 'serverspec'
# :backend can be either :exec or :ssh
# since we are running local we use :exec
set :backend, :exec
RSpec.configure do |c|
c.before :all do
c.path = '/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin'
end
end

38
.ci-tests/integration/gnupg2/default.yml
Unescape Escape View File

@ -0,0 +1,38 @@
---
# host to test against
- hosts: test-kitchen
remote_user: root
tasks:
- include_tasks: tasks/dependencies.yml
- name: Install gnupg
package:
name: "{{ item.name }}"
state: present
when:
- ansible_distribution == item.distribution
with_items:
- name: gnupg2
distribution: Fedora
- name: gnupg2
distribution: Ubuntu
- name: gnupg
distribution: Debian
- name: Check for gpg2 binary
stat:
path: /usr/bin/gpg2
register: gpg2
- name: Make gpg2 default binary
file:
src: /usr/bin/gpg2
dest: /usr/bin/gpg
state: link
force: yes
when:
- gpg2.stat.exists
- gpg2.stat.islnk == False
- include_tasks: tasks/prep-tests.yml
- include_tasks: tasks/run-tests.yml

45
.ci-tests/integration/gnupg2/serverspec/default_spec.rb
Unescape Escape View File

@ -0,0 +1,45 @@
require_relative './spec_helper'
describe 'git-secret::test' do
describe package('git-secret') do
it { should be_installed }
end
if host_inventory['platform'] == 'fedora'
describe command('find /tmp/git-secret/build -name "*.rpm"') do
its(:stdout) { should match /git-secret.*rpm/ }
end
else
describe command('find /tmp/git-secret/build -name "*.deb"') do
its(:stdout) { should match /git-secret.*deb/ }
end
end
describe file('/.git-secret_test-passed') do
it { should exist }
end
describe file('/.git-secret_lint-passed') do
it { should exist }
end
if host_inventory['platform'] == 'fedora'
describe command('rpm --query --info git-secret') do
its(:exit_status) { should eq 0 }
end
else
describe command('dpkg-query --status git-secret') do
its(:exit_status) { should eq 0 }
end
end
describe command('man --where "git-secret"') do
its(:exit_status) { should eq 0 }
end
describe command('man --where "git-secret-init"') do
its(:exit_status) { should eq 0 }
end
end

11
.ci-tests/integration/gnupg2/serverspec/spec_helper.rb
Unescape Escape View File

@ -0,0 +1,11 @@
require 'serverspec'
# :backend can be either :exec or :ssh
# since we are running local we use :exec
set :backend, :exec
RSpec.configure do |c|
c.before :all do
c.path = '/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin'
end
end

30
.ci-tests/integration/tasks/dependencies.yml
Unescape Escape View File

@ -0,0 +1,30 @@
---
- name: Load a variable file based on the OS type, or a default if not found.
include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution }}.yml"
- "{{ ansible_os_family }}.yml"
- "default.yml"
- name: Install Dependencies
package:
name: "{{ item }}"
state: present
with_items: "{{ test_dependencies }}"
- name: Get bats
git:
repo: 'https://github.com/sstephenson/bats.git'
dest: /opt/bats
- name: Install bats
file:
src: /opt/bats/libexec/bats
dest: /usr/bin/bats
state: link
- name: Install fpm
gem:
name: fpm
state: present
user_install: no

31
.ci-tests/integration/tasks/prep-tests.yml
Unescape Escape View File

@ -0,0 +1,31 @@
---
- name: Get OS package type
set_fact:
os_pkg_type: "{{ item.os_pkg_type }}"
when:
- item.os_family == ansible_os_family
with_items:
- os_family: RedHat
os_pkg_type: "rpm"
- os_family: Debian
os_pkg_type: "deb"
- os_family: Suse
os_pkg_type: "rpm"
changed_when: false
tags:
- skip_ansible_lint
- name: Get gpg version
command: gpg --version
register: gpg_version
changed_when: False
- name: Print gpg version
debug:
msg: "Running test againts {{ gpg_version.stdout_lines | first | string }}."
changed_when: False
- name: Copy git-secret src
synchronize:
src: /opt/workspace/
dest: /tmp/git-secret

65
.ci-tests/integration/tasks/run-tests.yml
Unescape Escape View File

@ -0,0 +1,65 @@
---
- name: Run ci-test
command: bash -lc "cd /tmp/git-secret && make test"
changed_when: False
ignore_errors: yes
register: test_results
environment:
PATH: /usr/local/bin:{{ ansible_env.PATH }}
- name: Print ci-test results
debug:
var: test_results.stdout_lines
- name: Create file when ci-test passes
file:
path: /.git-secret_test-passed
state: touch
when:
- test_results.rc == 0
- name: Run lint
command: bash -lc "cd /tmp/git-secret && make lint"
ignore_errors: yes
register: lint_results
changed_when: False
- name: Print lint results
debug:
var: lint_results.stdout_lines
- name: Create file when lint passes
file:
path: /.git-secret_lint-passed
state: touch
when:
- lint_results.rc == 0
- name: Create git-secret {{ os_pkg_type }} package
command: bash -lc "cd /tmp/git-secret && make build-{{ os_pkg_type }}"
changed_when: False
ignore_errors: yes
register: test_results
environment:
PATH: /usr/local/bin:{{ ansible_env.PATH }}
- name: Find git-secret {{ os_pkg_type }} file
find:
paths: /tmp/git-secret/build
patterns: "*.{{ os_pkg_type }}"
recurse: yes
register: pkg_location
- name: Set git-secret {{ os_pkg_type }} location
set_fact:
pkg_path: "{{ pkg_location.files | map(attribute='path') | first }}"
- name: Install git-secret {{ os_pkg_type }} package
command: bash -lc "{{ item.command }} {{ pkg_path }}"
when:
- item.os_family == ansible_os_family
with_items:
- command: "rpm --nodeps --install --force"
os_family: "RedHat"
- command: "dpkg --force-all --install"
os_family: "Debian"

17
.ci-tests/integration/vars/Debian.yml
Unescape Escape View File

@ -0,0 +1,17 @@
---
test_dependencies:
- gawk
- make
- git
- shellcheck
- ruby-dev
- rubygems
- man
build_tools:
- autoconf
- automake
- build-essential
- imagemagick
- texinfo
- transfig

20
.ci-tests/integration/vars/Fedora.yml
Unescape Escape View File

@ -0,0 +1,20 @@
---
test_dependencies:
- ShellCheck
- gawk
- git
- make
- man
- redhat-rpm-config
- rpm-build
- rsync
- ruby-devel
- rubygems
- rubygems-devel
build_tools:
- ImageMagick
- autoconf
- automake
- texinfo
- transfig

17
.ci-tests/integration/vars/Ubuntu.yml
Unescape Escape View File

@ -0,0 +1,17 @@
---
test_dependencies:
- gawk
- git
- make
- man
- ruby-dev
- rubygems
- shellcheck
build_tools:
- autoconf
- automake
- build-essential
- imagemagick
- texinfo
- transfig

17
.ci-tests/integration/vars/default.yml
Unescape Escape View File

@ -0,0 +1,17 @@
---
test_dependencies:
- gawk
- make
- git
- shellcheck
- ruby-dev
- rubygems
- man
build_tools:
- autoconf
- automake
- build-essential
- imagemagick
- texinfo
- transfig

112
.kitchen.yml
Unescape Escape View File

@ -0,0 +1,112 @@
---
driver:
name: docker
use_sudo: false
provisioner:
# name of the host
hosts: test-kitchen
# use an ansible playbook to provision our server
name: ansible_playbook
ansible_verbose: false
require_ansible_repo: false
require_ansible_omnibus: true
ansible_version: 2.4
require_chef_for_busser: false
sudo_command: sudo -E -H
idempotency_test: false
sudo: true
ansible_extra_flags: "-e '{ kitchen_testrun: True }'"
additional_copy_path:
- ".ci-tests/integration/vars"
- ".ci-tests/integration/tasks"
transport:
max_ssh_sessions: 3
platforms:
- name: debian-stable
driver_config:
run_command: /lib/systemd/systemd
dockerfile: .Dockerfiles/debian/stable/Dockerfile
platform: debian
cap_add:
- SYS_ADMIN
volume:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container
run_options:
tmpfs:
- /run
- name: fedora-latest
driver_config:
run_command: /lib/systemd/systemd
dockerfile: .Dockerfiles/fedora/latest/Dockerfile
platform: fedora
cap_add:
- SYS_ADMIN
volume:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container
run_options:
tmpfs:
- /run
- name: ubuntu-latest
driver_config:
run_command: /lib/systemd/systemd
dockerfile: .Dockerfiles/ubuntu/latest/Dockerfile
platform: ubuntu
cap_add:
- SYS_ADMIN
volume:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container
run_options:
tmpfs:
- /run
- name: ubuntu-rolling
driver_config:
run_command: /lib/systemd/systemd
dockerfile: .Dockerfiles/ubuntu/rolling/Dockerfile
platform: ubuntu
cap_add:
- SYS_ADMIN
volume:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container
run_options:
tmpfs:
- /run
verifier:
name: serverspec
sudo_path: true
suites:
# suites found at /test/integration/$test-name
# in container @/tmp/kitchen
- name: gnupg1
verifier:
patterns:
- roles/git-secret/.ci-tests/integration/gnupg1/serverspec/*_spec.rb
bundler_path: '/usr/local/bin'
rspec_path: '/usr/local/bin'
- name: gnupg2
verifier:
patterns:
- roles/git-secret/.ci-tests/integration/gnupg2/serverspec/*_spec.rb
bundler_path: '/usr/local/bin'
rspec_path: '/usr/local/bin'
excludes:
- ubuntu-latest
- name: gnupg-git
verifier:
patterns:
- roles/git-secret/.ci-tests/integration/gnupg-git/serverspec/*_spec.rb
bundler_path: '/usr/local/bin'
rspec_path: '/usr/local/bin'
excludes:
- ubuntu-latest

19
CONTRIBUTING.md
Unescape Escape View File

@ -10,8 +10,14 @@ Before starting make sure you have:
- git
- bash
- bundler
- docker
- gawk
- gnupg (or gnupg2)
- ruby
- sha256sum
- [shellcheck](https://github.com/koalaman/shellcheck)
- test-kitchen
Only required if dealing with manuals, `gh-pages` or releases:
@ -21,7 +27,8 @@ Only required if dealing with manuals, `gh-pages` or releases:
1. Create your own or pick an opened issue from the [tracker][tracker]. Take a look at the [`help-wanted` tag][help-wanted]
2. Fork and clone your repository: `git clone https://github.com/${YOUR_NAME}/git-secret.git`
3. Make sure that everything works fine by running `make test`
3. Make sure that everything works on the current platform by running `make test`
4. [Run local CI tests](#running-local-ci-tests) to verify functionality on supported platforms `bundle exec kitchen verify --test-base-path="$PWD/.ci-tests/integration"`.
### Development Process
@ -46,12 +53,20 @@ It basically looks like that:
### Continuous integration
CI is done with the help of `travis`. `travis` handles multiple environments:
Local CI is done with the help [`test-kitchen`](http://kitchen.ci/). `test-kitchen` handles multiple test-suites on various platforms.
`bundle exec kitchen list` will output the list of test suites to be run aginst supported platforms.
Cloud CI is done with the help of `travis`. `travis` handles multiple environments:
- `Docker`-based jobs or so-called 'integration tests', these tests create a local release, install it with the package manager and then run unit-tests and system checks
- `OSX` jobs, which handle basic unit-tests on `OSX`
- Native `travis` jobs, which handle basic unit-tests and stylechecks
### Running local ci-tests
1. Install requied gems with `bundle install`.
2. Run ci-tests with `bundle exec kitchen verify --test-base-path="$PWD/.ci-tests/integration"`
### Release process
The release process is defined in the `git`-hooks and `.travis.yml`.

7
Gemfile
Unescape Escape View File

@ -0,0 +1,7 @@
source 'https://rubygems.org'
gem 'test-kitchen'
gem 'serverspec'
gem 'kitchen-ansible'
gem 'kitchen-docker'
gem 'kitchen-verifier-serverspec'
Write Preview
Loading…
Cancel
Save