mirror of https://github.com/sobolevn/git-secret
Add local ci tests.
parent
fb29858dae
commit
c9861a1079
@ -0,0 +1,66 @@
|
||||
FROM debian:stable
|
||||
|
||||
ENV DEBIAN_FRONTEND="noninteractive" container="docker"
|
||||
|
||||
RUN apt-get update \
|
||||
&& apt-get upgrade -y \
|
||||
&& apt-get install -y \
|
||||
apt-utils \
|
||||
curl \
|
||||
locales \
|
||||
lsb-release \
|
||||
net-tools \
|
||||
openssh-server \
|
||||
python-pip \
|
||||
python2.7 \
|
||||
sudo \
|
||||
systemd \
|
||||
&& pip install --upgrade pip \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
|
||||
&& if ! getent passwd <%= @username %>; then \
|
||||
useradd -d /home/<%= @username %> -m -s /bin/bash -p '*' <%= @username %>; \
|
||||
fi \
|
||||
&& echo "<%= @username %> ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \
|
||||
&& echo "Defaults !requiretty" >> /etc/sudoers \
|
||||
&& mkdir -p /home/<%= @username %>/.ssh \
|
||||
&& chown -R <%= @username %> /home/<%= @username %>/.ssh \
|
||||
&& chmod 0700 /home/<%= @username %>/.ssh \
|
||||
&& echo '<%= IO.read(@public_key).strip %>' >> /home/<%= @username %>/.ssh/authorized_keys \
|
||||
&& chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys \
|
||||
&& chmod 0600 /home/<%= @username %>/.ssh/authorized_keys \
|
||||
&& echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen \
|
||||
&& cd /lib/systemd/system/sysinit.target.wants/; ls | grep -v systemd-tmpfiles-setup | /usr/bin/xargs rm -f $1 \
|
||||
&& /bin/rm -f /lib/systemd/system/multi-user.target.wants/* \
|
||||
&& /bin/rm -f /etc/systemd/system/*.wants/* \
|
||||
&& /bin/rm -f /lib/systemd/system/local-fs.target.wants/* \
|
||||
&& /bin/rm -f /lib/systemd/system/sockets.target.wants/*udev* \
|
||||
&& /bin/rm -f /lib/systemd/system/sockets.target.wants/*initctl* \
|
||||
&& /bin/rm -f /lib/systemd/system/basic.target.wants/* \
|
||||
&& /bin/rm -f /lib/systemd/system/anaconda.target.wants/* \
|
||||
&& /bin/rm -f /lib/systemd/system/plymouth* \
|
||||
&& /bin/rm -f /lib/systemd/system/systemd-update-utmp* \
|
||||
&& sed -ri 's/^#?UsePAM\s+.*/UsePAM no/' /etc/ssh/sshd_config \
|
||||
&& sed -ri 's/^#?PubkeyAuthentication\s+.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config \
|
||||
&& sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \
|
||||
&& echo "UseDNS=no" >> /etc/ssh/sshd_config \
|
||||
&& systemctl set-default multi-user.target \
|
||||
&& ln -s /lib/systemd/system/sshd.service /etc/systemd/system/multi-user.target.wants/sshd.service \
|
||||
&& ln -s /lib/systemd/system/systemd-journald.service /etc/systemd/system/multi-user.target.wants/systemd-journald.service \
|
||||
&& echo $'[Unit]\
|
||||
\nDescription=Finish boot up\
|
||||
\nAfter=ssh.service\
|
||||
\n\
|
||||
\n[Service]\
|
||||
\nType=oneshot\
|
||||
\nRemainAfterExit=yes\
|
||||
\nExecStartPre=/bin/sleep 3s\
|
||||
\nExecStart=/bin/rm -f /run/nologin\
|
||||
\n\
|
||||
\n[Install]\
|
||||
\nWantedBy=default.target' >> /etc/systemd/system/FinishBootUp.service \
|
||||
&& ln -s /etc/systemd/system/FinishBootUp.service /etc/systemd/system/multi-user.target.wants/FinishBootUp.service
|
||||
|
||||
EXPOSE 22
|
||||
|
||||
VOLUME [ "/sys/fs/cgroup" ]
|
@ -0,0 +1,69 @@
|
||||
FROM fedora:latest
|
||||
|
||||
ENV container="docker"
|
||||
|
||||
RUN dnf clean all \
|
||||
&& dnf makecache \
|
||||
&& dnf install -y \
|
||||
curl \
|
||||
findutils \
|
||||
gcc \
|
||||
glibc-langpack-en.x86_64 \
|
||||
libffi-devel \
|
||||
net-tools \
|
||||
openssh-server \
|
||||
openssl-devel \
|
||||
python2-devel \
|
||||
python2-pip \
|
||||
redhat-lsb \
|
||||
redhat-rpm-config \
|
||||
sudo \
|
||||
systemd \
|
||||
&& pip install --upgrade pip \
|
||||
&& dnf clean all \
|
||||
&& if ! getent passwd <%= @username %>; then \
|
||||
useradd -d /home/<%= @username %> -m -s /usr/bin/bash -p '*' <%= @username %>; \
|
||||
fi \
|
||||
&& echo "<%= @username %> ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \
|
||||
&& echo "Defaults !requiretty" >> /etc/sudoers \
|
||||
&& mkdir -p /home/<%= @username %>/.ssh \
|
||||
&& chown -R <%= @username %> /home/<%= @username %>/.ssh \
|
||||
&& chmod 0700 /home/<%= @username %>/.ssh \
|
||||
&& echo '<%= IO.read(@public_key).strip %>' >> /home/<%= @username %>/.ssh/authorized_keys \
|
||||
&& chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys \
|
||||
&& chmod 0600 /home/<%= @username %>/.ssh/authorized_keys \
|
||||
&& export LANG="en_US.UTF-8" && echo "LANG=\"en_US.UTF-8\"" > /etc/locale.conf \
|
||||
&& cd /lib/systemd/system/sysinit.target.wants/; ls | grep -v systemd-tmpfiles-setup | /usr/bin/xargs rm -f $1 \
|
||||
&& /usr/bin/rm -f /lib/systemd/system/multi-user.target.wants/* \
|
||||
&& /usr/bin/rm -f /etc/systemd/system/*.wants/* \
|
||||
&& /usr/bin/rm -f /lib/systemd/system/local-fs.target.wants/* \
|
||||
&& /usr/bin/rm -f /lib/systemd/system/sockets.target.wants/*udev* \
|
||||
&& /usr/bin/rm -f /lib/systemd/system/sockets.target.wants/*initctl* \
|
||||
&& /usr/bin/rm -f /lib/systemd/system/basic.target.wants/* \
|
||||
&& /usr/bin/rm -f /lib/systemd/system/anaconda.target.wants/* \
|
||||
&& /usr/bin/rm -f /lib/systemd/system/plymouth* \
|
||||
&& /usr/bin/rm -f /lib/systemd/system/systemd-update-utmp* \
|
||||
&& sed -ri 's/^#?PubkeyAuthentication\s+.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config \
|
||||
&& sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \
|
||||
&& echo "UseDNS=no" >> /etc/ssh/sshd_config \
|
||||
&& systemctl set-default multi-user.target \
|
||||
&& ln -s /lib/systemd/system/sshd.service /etc/systemd/system/multi-user.target.wants/sshd.service \
|
||||
&& ln -s /lib/systemd/system/systemd-journald.service /etc/systemd/system/multi-user.target.wants/systemd-journald.service \
|
||||
&& echo $'[Unit]\
|
||||
\nDescription=Finish boot up\
|
||||
\nAfter=ssh.service\
|
||||
\n\
|
||||
\n[Service]\
|
||||
\nType=oneshot\
|
||||
\nRemainAfterExit=yes\
|
||||
\nExecStartPre=/bin/sleep 3s\
|
||||
\nExecStart=/bin/rm -f /run/nologin\
|
||||
\n\
|
||||
\n[Install]\
|
||||
\nWantedBy=default.target' >> /etc/systemd/system/FinishBootUp.service \
|
||||
&& ln -s /etc/systemd/system/FinishBootUp.service /etc/systemd/system/multi-user.target.wants/FinishBootUp.service
|
||||
|
||||
|
||||
EXPOSE 22
|
||||
|
||||
VOLUME [ "/sys/fs/cgroup" ]
|
@ -0,0 +1,66 @@
|
||||
FROM ubuntu:latest
|
||||
|
||||
ENV DEBIAN_FRONTEND="noninteractive" container="docker"
|
||||
|
||||
RUN apt-get update \
|
||||
&& apt-get upgrade -y \
|
||||
&& apt-get install -y \
|
||||
apt-utils \
|
||||
curl \
|
||||
locales \
|
||||
lsb-release \
|
||||
net-tools \
|
||||
openssh-server \
|
||||
python-pip \
|
||||
python2.7 \
|
||||
sudo \
|
||||
systemd \
|
||||
&& pip install --upgrade pip \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
|
||||
&& if ! getent passwd <%= @username %>; then \
|
||||
useradd -d /home/<%= @username %> -m -s /bin/bash -p '*' <%= @username %>; \
|
||||
fi \
|
||||
&& echo "<%= @username %> ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \
|
||||
&& echo "Defaults !requiretty" >> /etc/sudoers \
|
||||
&& mkdir -p /home/<%= @username %>/.ssh \
|
||||
&& chown -R <%= @username %> /home/<%= @username %>/.ssh \
|
||||
&& chmod 0700 /home/<%= @username %>/.ssh \
|
||||
&& echo '<%= IO.read(@public_key).strip %>' >> /home/<%= @username %>/.ssh/authorized_keys \
|
||||
&& chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys \
|
||||
&& chmod 0600 /home/<%= @username %>/.ssh/authorized_keys \
|
||||
&& echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && /usr/sbin/locale-gen \
|
||||
&& cd /lib/systemd/system/sysinit.target.wants/; ls | grep -v systemd-tmpfiles-setup | xargs rm -f $1 \
|
||||
&& /bin/rm -f /lib/systemd/system/multi-user.target.wants/* \
|
||||
&& /bin/rm -f /etc/systemd/system/*.wants/* \
|
||||
&& /bin/rm -f /lib/systemd/system/local-fs.target.wants/* \
|
||||
&& /bin/rm -f /lib/systemd/system/sockets.target.wants/*udev* \
|
||||
&& /bin/rm -f /lib/systemd/system/sockets.target.wants/*initctl* \
|
||||
&& /bin/rm -f /lib/systemd/system/basic.target.wants/* \
|
||||
&& /bin/rm -f /lib/systemd/system/anaconda.target.wants/* \
|
||||
&& /bin/rm -f /lib/systemd/system/plymouth* \
|
||||
&& /bin/rm -f /lib/systemd/system/systemd-update-utmp* \
|
||||
&& sed -ri 's/^#?UsePAM\s+.*/UsePAM no/' /etc/ssh/sshd_config \
|
||||
&& sed -ri 's/^#?PubkeyAuthentication\s+.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config \
|
||||
&& sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \
|
||||
&& echo "UseDNS=no" >> /etc/ssh/sshd_config \
|
||||
&& systemctl set-default multi-user.target \
|
||||
&& ln -s /lib/systemd/system/sshd.service /etc/systemd/system/multi-user.target.wants/sshd.service \
|
||||
&& ln -s /lib/systemd/system/systemd-journald.service /etc/systemd/system/multi-user.target.wants/systemd-journald.service \
|
||||
&& echo $'[Unit]\
|
||||
\nDescription=Finish boot up\
|
||||
\nAfter=ssh.service\
|
||||
\n\
|
||||
\n[Service]\
|
||||
\nType=oneshot\
|
||||
\nRemainAfterExit=yes\
|
||||
\nExecStartPre=/bin/sleep 3s\
|
||||
\nExecStart=/bin/rm -f /run/nologin\
|
||||
\n\
|
||||
\n[Install]\
|
||||
\nWantedBy=default.target' >> /etc/systemd/system/FinishBootUp.service \
|
||||
&& ln -s /etc/systemd/system/FinishBootUp.service /etc/systemd/system/multi-user.target.wants/FinishBootUp.service
|
||||
|
||||
EXPOSE 22
|
||||
|
||||
VOLUME [ "/sys/fs/cgroup" ]
|
@ -0,0 +1,66 @@
|
||||
FROM ubuntu:rolling
|
||||
|
||||
ENV DEBIAN_FRONTEND="noninteractive" container="docker"
|
||||
|
||||
RUN apt-get update \
|
||||
&& apt-get upgrade -y \
|
||||
&& apt-get install -y \
|
||||
apt-utils \
|
||||
curl \
|
||||
locales \
|
||||
lsb-release \
|
||||
net-tools \
|
||||
openssh-server \
|
||||
python-pip \
|
||||
python2.7 \
|
||||
sudo \
|
||||
systemd \
|
||||
&& pip install --upgrade pip \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
|
||||
&& if ! getent passwd <%= @username %>; then \
|
||||
useradd -d /home/<%= @username %> -m -s /bin/bash -p '*' <%= @username %>; \
|
||||
fi \
|
||||
&& echo "<%= @username %> ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \
|
||||
&& echo "Defaults !requiretty" >> /etc/sudoers \
|
||||
&& mkdir -p /home/<%= @username %>/.ssh \
|
||||
&& chown -R <%= @username %> /home/<%= @username %>/.ssh \
|
||||
&& chmod 0700 /home/<%= @username %>/.ssh \
|
||||
&& echo '<%= IO.read(@public_key).strip %>' >> /home/<%= @username %>/.ssh/authorized_keys \
|
||||
&& chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys \
|
||||
&& chmod 0600 /home/<%= @username %>/.ssh/authorized_keys \
|
||||
&& echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && /usr/sbin/locale-gen \
|
||||
&& cd /lib/systemd/system/sysinit.target.wants/; ls | grep -v systemd-tmpfiles-setup | xargs rm -f $1 \
|
||||
&& /bin/rm -f /lib/systemd/system/multi-user.target.wants/* \
|
||||
&& /bin/rm -f /etc/systemd/system/*.wants/* \
|
||||
&& /bin/rm -f /lib/systemd/system/local-fs.target.wants/* \
|
||||
&& /bin/rm -f /lib/systemd/system/sockets.target.wants/*udev* \
|
||||
&& /bin/rm -f /lib/systemd/system/sockets.target.wants/*initctl* \
|
||||
&& /bin/rm -f /lib/systemd/system/basic.target.wants/* \
|
||||
&& /bin/rm -f /lib/systemd/system/anaconda.target.wants/* \
|
||||
&& /bin/rm -f /lib/systemd/system/plymouth* \
|
||||
&& /bin/rm -f /lib/systemd/system/systemd-update-utmp* \
|
||||
&& sed -ri 's/^#?UsePAM\s+.*/UsePAM no/' /etc/ssh/sshd_config \
|
||||
&& sed -ri 's/^#?PubkeyAuthentication\s+.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config \
|
||||
&& sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \
|
||||
&& echo "UseDNS=no" >> /etc/ssh/sshd_config \
|
||||
&& systemctl set-default multi-user.target \
|
||||
&& ln -s /lib/systemd/system/sshd.service /etc/systemd/system/multi-user.target.wants/sshd.service \
|
||||
&& ln -s /lib/systemd/system/systemd-journald.service /etc/systemd/system/multi-user.target.wants/systemd-journald.service \
|
||||
&& echo $'[Unit]\
|
||||
\nDescription=Finish boot up\
|
||||
\nAfter=ssh.service\
|
||||
\n\
|
||||
\n[Service]\
|
||||
\nType=oneshot\
|
||||
\nRemainAfterExit=yes\
|
||||
\nExecStartPre=/bin/sleep 3s\
|
||||
\nExecStart=/bin/rm -f /run/nologin\
|
||||
\n\
|
||||
\n[Install]\
|
||||
\nWantedBy=default.target' >> /etc/systemd/system/FinishBootUp.service \
|
||||
&& ln -s /etc/systemd/system/FinishBootUp.service /etc/systemd/system/multi-user.target.wants/FinishBootUp.service
|
||||
|
||||
EXPOSE 22
|
||||
|
||||
VOLUME [ "/sys/fs/cgroup" ]
|
@ -0,0 +1,131 @@
|
||||
---
|
||||
# host to test against
|
||||
- hosts: test-kitchen
|
||||
remote_user: root
|
||||
tasks:
|
||||
- include_tasks: tasks/dependencies.yml
|
||||
|
||||
- name: Install build tools
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
with_items: "{{ build_tools }}"
|
||||
|
||||
- name: Check wether deb-src repos are enabled
|
||||
command: grep -c -e "^deb-src.*" /etc/apt/sources.list
|
||||
register: deb_src_check
|
||||
ignore_errors: yes
|
||||
when:
|
||||
- ansible_os_family == "Debian"
|
||||
|
||||
- name: Set deb-src check results
|
||||
set_fact:
|
||||
deb_src_check_result: "{{ deb_src_check.stdout | default(0) | int }}"
|
||||
|
||||
- name: Enable Ubuntu main & restricted source repo
|
||||
replace:
|
||||
path: '/etc/apt/sources.list'
|
||||
regexp: '^(#\s)(.*main\srestricted)$'
|
||||
replace: '\2 # enabled'
|
||||
when:
|
||||
- ansible_distribution == "Ubuntu"
|
||||
- deb_src_check_result >= 1
|
||||
|
||||
- name: Enable Debian source repos
|
||||
replace:
|
||||
path: '/etc/apt/sources.list'
|
||||
regexp: '^(deb)(.*)$'
|
||||
replace: '\1\2\ndeb-src\2'
|
||||
when:
|
||||
- ansible_distribution == "Debian"
|
||||
- deb_src_check_result >= 1
|
||||
|
||||
- name: Install gnupg build dependencies for Debian based distros
|
||||
apt:
|
||||
name: gnupg2
|
||||
state: build-dep
|
||||
update_cache: yes
|
||||
when:
|
||||
- ansible_os_family == "Debian"
|
||||
|
||||
- name: Install gnupg build dependencies for RedHat based distros
|
||||
command: bash -lc "yum --assumeyes install yum-utils && yum-builddep --assumeyes gnupg2"
|
||||
when:
|
||||
- ansible_os_family == "RedHat"
|
||||
|
||||
- name: Get GnuPG github api content
|
||||
uri:
|
||||
url: https://api.github.com/repos/gpg/gnupg/tags
|
||||
method: GET
|
||||
return_content: yes
|
||||
body_format: json
|
||||
register: gnupg_tags
|
||||
|
||||
- name: Set url for latest gnupg release source
|
||||
set_fact:
|
||||
gnupg_tarball_url: >-
|
||||
{{
|
||||
gnupg_tags.json |
|
||||
selectattr('name','match','gnupg-2.*') |
|
||||
map(attribute='tarball_url') | first
|
||||
}}
|
||||
|
||||
- name: Download latest release of gnupg source
|
||||
get_url:
|
||||
url: "{{ gnupg_tarball_url }}"
|
||||
dest: /tmp/gnupg.tar.gz
|
||||
force: yes
|
||||
retries: 5
|
||||
delay: 10
|
||||
|
||||
- name: Extract gnupg source tarball
|
||||
unarchive:
|
||||
src: /tmp/gnupg.tar.gz
|
||||
dest: /usr/local/src/
|
||||
|
||||
- name: Find gnupg src directory
|
||||
find:
|
||||
paths: /usr/local/src
|
||||
patterns: "gpg-gnupg*"
|
||||
file_type: directory
|
||||
recurse: no
|
||||
register: found_gpg_src
|
||||
|
||||
- name: Set gnupg src directory
|
||||
set_fact:
|
||||
gpg_src_path: "{{ found_gpg_src.files | map(attribute='path') | first }}"
|
||||
|
||||
- name: Run gnupg autogen
|
||||
command: bash -lc "cd {{ gpg_src_path }} && ./autogen.sh "
|
||||
changed_when: False
|
||||
|
||||
- name: Disable development msg for gnupg
|
||||
lineinfile:
|
||||
path: "{{ gpg_src_path }}/configure"
|
||||
regexp: '^development_version=.*'
|
||||
line: 'development_version=no'
|
||||
|
||||
- name: Set gnupg build config
|
||||
set_fact:
|
||||
gpg_build_config: >-
|
||||
--sysconfdir=/etc
|
||||
--prefix=/usr
|
||||
--enable-symcryptrun
|
||||
--docdir=/usr/share/doc/gnupg-2.2.0
|
||||
--disable-rpath
|
||||
--enable-maintainer-mode
|
||||
changed_when: False
|
||||
|
||||
- name: Configure gnupg build
|
||||
command: bash -lc "cd {{ gpg_src_path }} && ./configure {{ gpg_build_config }}"
|
||||
changed_when: False
|
||||
|
||||
- name: Compile gnupg src
|
||||
command: bash -lc "cd {{ gpg_src_path }} && make"
|
||||
changed_when: False
|
||||
|
||||
- name: Install compiled gnupg
|
||||
command: bash -lc "cd {{ gpg_src_path }} && make install"
|
||||
changed_when: False
|
||||
|
||||
- include_tasks: tasks/prep-tests.yml
|
||||
- include_tasks: tasks/run-tests.yml
|
@ -0,0 +1,45 @@
|
||||
require_relative './spec_helper'
|
||||
|
||||
describe 'git-secret::test' do
|
||||
|
||||
describe package('git-secret') do
|
||||
it { should be_installed }
|
||||
end
|
||||
|
||||
if host_inventory['platform'] == 'fedora'
|
||||
describe command('find /tmp/git-secret/build -name "*.rpm"') do
|
||||
its(:stdout) { should match /git-secret.*rpm/ }
|
||||
end
|
||||
else
|
||||
describe command('find /tmp/git-secret/build -name "*.deb"') do
|
||||
its(:stdout) { should match /git-secret.*deb/ }
|
||||
end
|
||||
end
|
||||
|
||||
describe file('/.git-secret_test-passed') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
describe file('/.git-secret_lint-passed') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
if host_inventory['platform'] == 'fedora'
|
||||
describe command('rpm --query --info git-secret') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
else
|
||||
describe command('dpkg-query --status git-secret') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
end
|
||||
|
||||
describe command('man --where "git-secret"') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
|
||||
describe command('man --where "git-secret-init"') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
|
||||
end
|
@ -0,0 +1,11 @@
|
||||
require 'serverspec'
|
||||
|
||||
# :backend can be either :exec or :ssh
|
||||
# since we are running local we use :exec
|
||||
set :backend, :exec
|
||||
|
||||
RSpec.configure do |c|
|
||||
c.before :all do
|
||||
c.path = '/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin'
|
||||
end
|
||||
end
|
@ -0,0 +1,34 @@
|
||||
---
|
||||
# host to test against
|
||||
- hosts: test-kitchen
|
||||
remote_user: root
|
||||
tasks:
|
||||
- include_tasks: tasks/dependencies.yml
|
||||
|
||||
- name: Install gnupg
|
||||
package:
|
||||
name: "{{ item.name }}"
|
||||
state: present
|
||||
when:
|
||||
- ansible_distribution == item.distribution
|
||||
with_items:
|
||||
- name: gnupg
|
||||
distribution: Fedora
|
||||
- name: gnupg1
|
||||
distribution: Debian
|
||||
|
||||
- name: Check for gpg1 binary
|
||||
stat:
|
||||
path: /usr/bin/gpg1
|
||||
register: gpg1
|
||||
|
||||
- name: Make gpg1 default binary
|
||||
file:
|
||||
src: /usr/bin/gpg1
|
||||
dest: /usr/bin/gpg
|
||||
state: link
|
||||
force: yes
|
||||
when: gpg1.stat.exists
|
||||
|
||||
- include_tasks: tasks/prep-tests.yml
|
||||
- include_tasks: tasks/run-tests.yml
|
@ -0,0 +1,45 @@
|
||||
require_relative './spec_helper'
|
||||
|
||||
describe 'git-secret::test' do
|
||||
|
||||
describe package('git-secret') do
|
||||
it { should be_installed }
|
||||
end
|
||||
|
||||
if host_inventory['platform'] == 'fedora'
|
||||
describe command('find /tmp/git-secret/build -name "*.rpm"') do
|
||||
its(:stdout) { should match /git-secret.*rpm/ }
|
||||
end
|
||||
else
|
||||
describe command('find /tmp/git-secret/build -name "*.deb"') do
|
||||
its(:stdout) { should match /git-secret.*deb/ }
|
||||
end
|
||||
end
|
||||
|
||||
describe file('/.git-secret_test-passed') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
describe file('/.git-secret_lint-passed') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
if host_inventory['platform'] == 'fedora'
|
||||
describe command('rpm --query --info git-secret') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
else
|
||||
describe command('dpkg-query --status git-secret') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
end
|
||||
|
||||
describe command('man --where "git-secret"') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
|
||||
describe command('man --where "git-secret-init"') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
|
||||
end
|
@ -0,0 +1,11 @@
|
||||
require 'serverspec'
|
||||
|
||||
# :backend can be either :exec or :ssh
|
||||
# since we are running local we use :exec
|
||||
set :backend, :exec
|
||||
|
||||
RSpec.configure do |c|
|
||||
c.before :all do
|
||||
c.path = '/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin'
|
||||
end
|
||||
end
|
@ -0,0 +1,38 @@
|
||||
---
|
||||
# host to test against
|
||||
- hosts: test-kitchen
|
||||
remote_user: root
|
||||
tasks:
|
||||
- include_tasks: tasks/dependencies.yml
|
||||
|
||||
- name: Install gnupg
|
||||
package:
|
||||
name: "{{ item.name }}"
|
||||
state: present
|
||||
when:
|
||||
- ansible_distribution == item.distribution
|
||||
with_items:
|
||||
- name: gnupg2
|
||||
distribution: Fedora
|
||||
- name: gnupg2
|
||||
distribution: Ubuntu
|
||||
- name: gnupg
|
||||
distribution: Debian
|
||||
|
||||
- name: Check for gpg2 binary
|
||||
stat:
|
||||
path: /usr/bin/gpg2
|
||||
register: gpg2
|
||||
|
||||
- name: Make gpg2 default binary
|
||||
file:
|
||||
src: /usr/bin/gpg2
|
||||
dest: /usr/bin/gpg
|
||||
state: link
|
||||
force: yes
|
||||
when:
|
||||
- gpg2.stat.exists
|
||||
- gpg2.stat.islnk == False
|
||||
|
||||
- include_tasks: tasks/prep-tests.yml
|
||||
- include_tasks: tasks/run-tests.yml
|
@ -0,0 +1,45 @@
|
||||
require_relative './spec_helper'
|
||||
|
||||
describe 'git-secret::test' do
|
||||
|
||||
describe package('git-secret') do
|
||||
it { should be_installed }
|
||||
end
|
||||
|
||||
if host_inventory['platform'] == 'fedora'
|
||||
describe command('find /tmp/git-secret/build -name "*.rpm"') do
|
||||
its(:stdout) { should match /git-secret.*rpm/ }
|
||||
end
|
||||
else
|
||||
describe command('find /tmp/git-secret/build -name "*.deb"') do
|
||||
its(:stdout) { should match /git-secret.*deb/ }
|
||||
end
|
||||
end
|
||||
|
||||
describe file('/.git-secret_test-passed') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
describe file('/.git-secret_lint-passed') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
if host_inventory['platform'] == 'fedora'
|
||||
describe command('rpm --query --info git-secret') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
else
|
||||
describe command('dpkg-query --status git-secret') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
end
|
||||
|
||||
describe command('man --where "git-secret"') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
|
||||
describe command('man --where "git-secret-init"') do
|
||||
its(:exit_status) { should eq 0 }
|
||||
end
|
||||
|
||||
end
|
@ -0,0 +1,11 @@
|
||||
require 'serverspec'
|
||||
|
||||
# :backend can be either :exec or :ssh
|
||||
# since we are running local we use :exec
|
||||
set :backend, :exec
|
||||
|
||||
RSpec.configure do |c|
|
||||
c.before :all do
|
||||
c.path = '/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin'
|
||||
end
|
||||
end
|
@ -0,0 +1,30 @@
|
||||
---
|
||||
- name: Load a variable file based on the OS type, or a default if not found.
|
||||
include_vars: "{{ item }}"
|
||||
with_first_found:
|
||||
- "{{ ansible_distribution }}.yml"
|
||||
- "{{ ansible_os_family }}.yml"
|
||||
- "default.yml"
|
||||
|
||||
- name: Install Dependencies
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
with_items: "{{ test_dependencies }}"
|
||||
|
||||
- name: Get bats
|
||||
git:
|
||||
repo: 'https://github.com/sstephenson/bats.git'
|
||||
dest: /opt/bats
|
||||
|
||||
- name: Install bats
|
||||
file:
|
||||
src: /opt/bats/libexec/bats
|
||||
dest: /usr/bin/bats
|
||||
state: link
|
||||
|
||||
- name: Install fpm
|
||||
gem:
|
||||
name: fpm
|
||||
state: present
|
||||
user_install: no
|
@ -0,0 +1,31 @@
|
||||
---
|
||||
- name: Get OS package type
|
||||
set_fact:
|
||||
os_pkg_type: "{{ item.os_pkg_type }}"
|
||||
when:
|
||||
- item.os_family == ansible_os_family
|
||||
with_items:
|
||||
- os_family: RedHat
|
||||
os_pkg_type: "rpm"
|
||||
- os_family: Debian
|
||||
os_pkg_type: "deb"
|
||||
- os_family: Suse
|
||||
os_pkg_type: "rpm"
|
||||
changed_when: false
|
||||
tags:
|
||||
- skip_ansible_lint
|
||||
|
||||
- name: Get gpg version
|
||||
command: gpg --version
|
||||
register: gpg_version
|
||||
changed_when: False
|
||||
|
||||
- name: Print gpg version
|
||||
debug:
|
||||
msg: "Running test againts {{ gpg_version.stdout_lines | first | string }}."
|
||||
changed_when: False
|
||||
|
||||
- name: Copy git-secret src
|
||||
synchronize:
|
||||
src: /opt/workspace/
|
||||
dest: /tmp/git-secret
|
@ -0,0 +1,65 @@
|
||||
---
|
||||
- name: Run ci-test
|
||||
command: bash -lc "cd /tmp/git-secret && make test"
|
||||
changed_when: False
|
||||
ignore_errors: yes
|
||||
register: test_results
|
||||
environment:
|
||||
PATH: /usr/local/bin:{{ ansible_env.PATH }}
|
||||
|
||||
- name: Print ci-test results
|
||||
debug:
|
||||
var: test_results.stdout_lines
|
||||
|
||||
- name: Create file when ci-test passes
|
||||
file:
|
||||
path: /.git-secret_test-passed
|
||||
state: touch
|
||||
when:
|
||||
- test_results.rc == 0
|
||||
|
||||
- name: Run lint
|
||||
command: bash -lc "cd /tmp/git-secret && make lint"
|
||||
ignore_errors: yes
|
||||
register: lint_results
|
||||
changed_when: False
|
||||
|
||||
- name: Print lint results
|
||||
debug:
|
||||
var: lint_results.stdout_lines
|
||||
|
||||
- name: Create file when lint passes
|
||||
file:
|
||||
path: /.git-secret_lint-passed
|
||||
state: touch
|
||||
when:
|
||||
- lint_results.rc == 0
|
||||
|
||||
- name: Create git-secret {{ os_pkg_type }} package
|
||||
command: bash -lc "cd /tmp/git-secret && make build-{{ os_pkg_type }}"
|
||||
changed_when: False
|
||||
ignore_errors: yes
|
||||
register: test_results
|
||||
environment:
|
||||
PATH: /usr/local/bin:{{ ansible_env.PATH }}
|
||||
|
||||
- name: Find git-secret {{ os_pkg_type }} file
|
||||
find:
|
||||
paths: /tmp/git-secret/build
|
||||
patterns: "*.{{ os_pkg_type }}"
|
||||
recurse: yes
|
||||
register: pkg_location
|
||||
|
||||
- name: Set git-secret {{ os_pkg_type }} location
|
||||
set_fact:
|
||||
pkg_path: "{{ pkg_location.files | map(attribute='path') | first }}"
|
||||
|
||||
- name: Install git-secret {{ os_pkg_type }} package
|
||||
command: bash -lc "{{ item.command }} {{ pkg_path }}"
|
||||
when:
|
||||
- item.os_family == ansible_os_family
|
||||
with_items:
|
||||
- command: "rpm --nodeps --install --force"
|
||||
os_family: "RedHat"
|
||||
- command: "dpkg --force-all --install"
|
||||
os_family: "Debian"
|
@ -0,0 +1,17 @@
|
||||
---
|
||||
test_dependencies:
|
||||
- gawk
|
||||
- make
|
||||
- git
|
||||
- shellcheck
|
||||
- ruby-dev
|
||||
- rubygems
|
||||
- man
|
||||
|
||||
build_tools:
|
||||
- autoconf
|
||||
- automake
|
||||
- build-essential
|
||||
- imagemagick
|
||||
- texinfo
|
||||
- transfig
|
@ -0,0 +1,20 @@
|
||||
---
|
||||
test_dependencies:
|
||||
- ShellCheck
|
||||
- gawk
|
||||
- git
|
||||
- make
|
||||
- man
|
||||
- redhat-rpm-config
|
||||
- rpm-build
|
||||
- rsync
|
||||
- ruby-devel
|
||||
- rubygems
|
||||
- rubygems-devel
|
||||
|
||||
build_tools:
|
||||
- ImageMagick
|
||||
- autoconf
|
||||
- automake
|
||||
- texinfo
|
||||
- transfig
|
@ -0,0 +1,17 @@
|
||||
---
|
||||
test_dependencies:
|
||||
- gawk
|
||||
- git
|
||||
- make
|
||||
- man
|
||||
- ruby-dev
|
||||
- rubygems
|
||||
- shellcheck
|
||||
|
||||
build_tools:
|
||||
- autoconf
|
||||
- automake
|
||||
- build-essential
|
||||
- imagemagick
|
||||
- texinfo
|
||||
- transfig
|
@ -0,0 +1,17 @@
|
||||
---
|
||||
test_dependencies:
|
||||
- gawk
|
||||
- make
|
||||
- git
|
||||
- shellcheck
|
||||
- ruby-dev
|
||||
- rubygems
|
||||
- man
|
||||
|
||||
build_tools:
|
||||
- autoconf
|
||||
- automake
|
||||
- build-essential
|
||||
- imagemagick
|
||||
- texinfo
|
||||
- transfig
|
@ -0,0 +1,112 @@
|
||||
---
|
||||
driver:
|
||||
name: docker
|
||||
use_sudo: false
|
||||
|
||||
provisioner:
|
||||
# name of the host
|
||||
hosts: test-kitchen
|
||||
# use an ansible playbook to provision our server
|
||||
name: ansible_playbook
|
||||
ansible_verbose: false
|
||||
require_ansible_repo: false
|
||||
require_ansible_omnibus: true
|
||||
ansible_version: 2.4
|
||||
require_chef_for_busser: false
|
||||
sudo_command: sudo -E -H
|
||||
idempotency_test: false
|
||||
sudo: true
|
||||
ansible_extra_flags: "-e '{ kitchen_testrun: True }'"
|
||||
additional_copy_path:
|
||||
- ".ci-tests/integration/vars"
|
||||
- ".ci-tests/integration/tasks"
|
||||
|
||||
transport:
|
||||
max_ssh_sessions: 3
|
||||
|
||||
platforms:
|
||||
- name: debian-stable
|
||||
driver_config:
|
||||
run_command: /lib/systemd/systemd
|
||||
dockerfile: .Dockerfiles/debian/stable/Dockerfile
|
||||
platform: debian
|
||||
cap_add:
|
||||
- SYS_ADMIN
|
||||
volume:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
- <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container
|
||||
run_options:
|
||||
tmpfs:
|
||||
- /run
|
||||
|
||||
- name: fedora-latest
|
||||
driver_config:
|
||||
run_command: /lib/systemd/systemd
|
||||
dockerfile: .Dockerfiles/fedora/latest/Dockerfile
|
||||
platform: fedora
|
||||
cap_add:
|
||||
- SYS_ADMIN
|
||||
volume:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
- <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container
|
||||
run_options:
|
||||
tmpfs:
|
||||
- /run
|
||||
|
||||
- name: ubuntu-latest
|
||||
driver_config:
|
||||
run_command: /lib/systemd/systemd
|
||||
dockerfile: .Dockerfiles/ubuntu/latest/Dockerfile
|
||||
platform: ubuntu
|
||||
cap_add:
|
||||
- SYS_ADMIN
|
||||
volume:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
- <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container
|
||||
run_options:
|
||||
tmpfs:
|
||||
- /run
|
||||
|
||||
- name: ubuntu-rolling
|
||||
driver_config:
|
||||
run_command: /lib/systemd/systemd
|
||||
dockerfile: .Dockerfiles/ubuntu/rolling/Dockerfile
|
||||
platform: ubuntu
|
||||
cap_add:
|
||||
- SYS_ADMIN
|
||||
volume:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
- <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container
|
||||
run_options:
|
||||
tmpfs:
|
||||
- /run
|
||||
|
||||
verifier:
|
||||
name: serverspec
|
||||
sudo_path: true
|
||||
|
||||
suites:
|
||||
# suites found at /test/integration/$test-name
|
||||
# in container @/tmp/kitchen
|
||||
- name: gnupg1
|
||||
verifier:
|
||||
patterns:
|
||||
- roles/git-secret/.ci-tests/integration/gnupg1/serverspec/*_spec.rb
|
||||
bundler_path: '/usr/local/bin'
|
||||
rspec_path: '/usr/local/bin'
|
||||
- name: gnupg2
|
||||
verifier:
|
||||
patterns:
|
||||
- roles/git-secret/.ci-tests/integration/gnupg2/serverspec/*_spec.rb
|
||||
bundler_path: '/usr/local/bin'
|
||||
rspec_path: '/usr/local/bin'
|
||||
excludes:
|
||||
- ubuntu-latest
|
||||
- name: gnupg-git
|
||||
verifier:
|
||||
patterns:
|
||||
- roles/git-secret/.ci-tests/integration/gnupg-git/serverspec/*_spec.rb
|
||||
bundler_path: '/usr/local/bin'
|
||||
rspec_path: '/usr/local/bin'
|
||||
excludes:
|
||||
- ubuntu-latest
|
Loading…
Reference in New Issue