Merge pull request #114 from newcontext-oss/feature/add_alpine_integr…

…ation_tests

add integration tests for alpine linux

.Dockerfiles/alpine/latest/Dockerfile

@@ -0,0 +1,53 @@
+FROM alpine:latest
+
+# - build tools are for: fig2dev which is needed by gnupg builds
+# - openssh is for scp
+# - tini is for PID 1
+# - changing alpine from 3.6 to 3.7 is for ansible 2.4,
+#   but need to install ansible 2.3 for dependencies first
+# - shellcheck is not in the apk repository (xz/tar needed for shellcheck)
+# - bundler/rspec is not found on kitchen verify (symlink needed)
+
+RUN apk add --no-cache --update \
+	curl net-tools \
+	openssh-server openssh \
+  sudo bash tini \
+  ansible git rsync xz \
+	gcc autoconf automake g++ libffi-dev tar libxpm-dev make \
+	autoconf automake imagemagick-dev texinfo gettext-dev libgcrypt-dev \
+	libgpg-error-dev libassuan-dev libksba-dev npth-dev libxfont-dev \
+	libwmf-dev libx11-dev libxt-dev libxext-dev libxml2-dev libexif-dev perl \
+	ruby-dev ruby-bundler \
+ && ln -s /usr/bin/bundle /usr/local/bin/bundle \
+ && ln -s /usr/bin/rspec /usr/local/bin/rspec \
+ && sed -i -e 's/v3\.6/v3.7/g' /etc/apk/repositories \
+ && apk add --update-cache --upgrade ansible \
+ && sed -i -e 's/v3\.7/v3.6/g' /etc/apk/repositories \
+ && apk add --update-cache \
+ && curl --silent -L -o shellcheck.tar.xz https://storage.googleapis.com/shellcheck/shellcheck-latest.linux.x86_64.tar.xz \
+ && tar -vxf shellcheck.tar.xz \
+ && mv shellcheck-latest/shellcheck /usr/local/bin/ \
+ && sudo mkdir -p /usr/local/src/ \
+ && git clone https://github.com/Distrotech/transfig.git && cd transfig \
+ && make && make install \
+ && cp -R /usr/X11R7/bin/fig2dev /usr/local/bin \
+ && if ! getent passwd <%= @username %>; then \
+      adduser -h /home/<%= @username %> -s /bin/bash <%= @username %>; \
+      passwd -d <%= @username %>; \
+    fi \
+ && echo "<%= @username %> ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \
+ && echo "Defaults !requiretty" >> /etc/sudoers \
+ && mkdir -p /home/<%= @username %>/.ssh \
+ && chown -R <%= @username %> /home/<%= @username %>/.ssh \
+ && chmod 0700 /home/<%= @username %>/.ssh \
+ && echo '<%= IO.read(@public_key).strip %>' >> /home/<%= @username %>/.ssh/authorized_keys \
+ && chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys \
+ && chmod 0600 /home/<%= @username %>/.ssh/authorized_keys \
+ && sed -ri 's/^#?PubkeyAuthentication\s+.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config \
+ && sed -ri 's/^#?UsePrivilegeSeparation\s+.*/UsePrivilegeSeparation no/' /etc/ssh/sshd_config \
+ && echo "UseDNS=no" >> /etc/ssh/sshd_config \
+ && ssh-keygen -A
+
+EXPOSE 22
+
+VOLUME [ "/sys/fs/cgroup" ]

.Dockerfiles/ubuntu/rolling/Dockerfile

@@ -7,6 +7,7 @@ RUN apt-get update \
  && apt-get install -y \
 	apt-utils \
 	curl \
+  rsync \
 	locales \
 	lsb-release \
 	net-tools \

.ci-tests/integration/gnupg-git/default.yml

@@ -10,7 +10,7 @@
         name: "{{ item }}"
       with_items: "{{ build_tools }}"
 
-    - name: Check wether deb-src repos are enabled
+    - name: Check whether deb-src repos are enabled
       command: grep -c -e "^deb-src.*" /etc/apt/sources.list
       register: deb_src_check
       ignore_errors: yes

.ci-tests/integration/gnupg-git/serverspec/default_spec.rb

@@ -10,6 +10,10 @@
     describe command('find /tmp/git-secret/build -name "*.rpm"') do
       its(:stdout) { should match /git-secret.*rpm/ }
     end
+  elsif host_inventory['platform'] == 'alpine'
+    describe command('find /tmp/git-secret/build -name "*.apk"') do
+      its(:stdout) { should match /git-secret.*apk/ }
+    end
   else
     describe command('find /tmp/git-secret/build -name "*.deb"') do
       its(:stdout) { should match /git-secret.*deb/ }
@@ -28,17 +32,21 @@
     describe command('rpm --query --info git-secret') do
       its(:exit_status) { should eq 0 }
     end
+  elsif host_inventory['platform'] == 'alpine'
+    describe command('apk info git-secret') do
+      its(:exit_status) { should eq 0 }
+    end
   else
     describe command('dpkg-query --status git-secret') do
       its(:exit_status) { should eq 0 }
     end
   end
 
-  describe command('man --where "git-secret"') do
+  describe command('man -w "git-secret"') do
     its(:exit_status) { should eq 0 }
   end
 
-  describe command('man --where "git-secret-init"') do
+  describe command('man -w "git-secret-init"') do
     its(:exit_status) { should eq 0 }
   end
 

.ci-tests/integration/gnupg1/default.yml

@@ -12,6 +12,8 @@
       when:
         - ansible_distribution == item.distribution
       with_items:
+        - name: gnupg
+          distribution: Alpine
         - name: gnupg
           distribution: Fedora
         - name: gnupg1

.ci-tests/integration/gnupg1/serverspec/default_spec.rb

@@ -10,6 +10,10 @@
     describe command('find /tmp/git-secret/build -name "*.rpm"') do
       its(:stdout) { should match /git-secret.*rpm/ }
     end
+  elsif host_inventory['platform'] == 'alpine'
+    describe command('find /tmp/git-secret/build -name "*.apk"') do
+      its(:stdout) { should match /git-secret.*apk/ }
+    end
   else
     describe command('find /tmp/git-secret/build -name "*.deb"') do
       its(:stdout) { should match /git-secret.*deb/ }
@@ -28,17 +32,21 @@
     describe command('rpm --query --info git-secret') do
       its(:exit_status) { should eq 0 }
     end
+  elsif host_inventory['platform'] == 'alpine'
+    describe command('apk info git-secret') do
+      its(:exit_status) { should eq 0 }
+    end
   else
     describe command('dpkg-query --status git-secret') do
       its(:exit_status) { should eq 0 }
     end
   end
 
-  describe command('man --where "git-secret"') do
+  describe command('man -w "git-secret"') do
     its(:exit_status) { should eq 0 }
   end
 
-  describe command('man --where "git-secret-init"') do
+  describe command('man -w "git-secret-init"') do
     its(:exit_status) { should eq 0 }
   end
 

.ci-tests/integration/gnupg2/default.yml

@@ -12,6 +12,8 @@
       when:
         - ansible_distribution == item.distribution
       with_items:
+        - name: gnupg
+          distribution: Alpine
         - name: gnupg2
           distribution: Fedora
         - name: gnupg2

.ci-tests/integration/gnupg2/serverspec/default_spec.rb

@@ -10,6 +10,10 @@
     describe command('find /tmp/git-secret/build -name "*.rpm"') do
       its(:stdout) { should match /git-secret.*rpm/ }
     end
+  elsif host_inventory['platform'] == 'alpine'
+    describe command('find /tmp/git-secret/build -name "*.apk"') do
+      its(:stdout) { should match /git-secret.*apk/ }
+    end
   else
     describe command('find /tmp/git-secret/build -name "*.deb"') do
       its(:stdout) { should match /git-secret.*deb/ }
@@ -28,17 +32,21 @@
     describe command('rpm --query --info git-secret') do
       its(:exit_status) { should eq 0 }
     end
+  elsif host_inventory['platform'] == 'alpine'
+    describe command('apk info git-secret') do
+      its(:exit_status) { should eq 0 }
+    end
   else
     describe command('dpkg-query --status git-secret') do
       its(:exit_status) { should eq 0 }
     end
   end
 
-  describe command('man --where "git-secret"') do
+  describe command('man -w "git-secret"') do
     its(:exit_status) { should eq 0 }
   end
 
-  describe command('man --where "git-secret-init"') do
+  describe command('man -w "git-secret-init"') do
     its(:exit_status) { should eq 0 }
   end
 

.ci-tests/integration/tasks/prep-tests.yml

@@ -11,6 +11,8 @@
       os_pkg_type: "deb"
     - os_family: Suse
       os_pkg_type: "rpm"
+    - os_family: Alpine
+      os_pkg_type: "apk"
   changed_when: false
   tags:
     - skip_ansible_lint
@@ -29,3 +31,6 @@
   synchronize:
     src: /opt/workspace/
     dest: /tmp/git-secret
+    archive: false
+    owner: no
+    recursive: yes

.ci-tests/integration/tasks/run-tests.yml

@@ -63,3 +63,5 @@
       os_family: "RedHat"
     - command: "dpkg --force-all --install"
       os_family: "Debian"
+    - command: "apk add --allow-untrusted"
+      os_family: "Alpine"

.ci-tests/integration/vars/Alpine.yml

@@ -0,0 +1,7 @@
+---
+test_dependencies:
+  - gawk
+  - man
+
+build_tools:
+  - make

.kitchen.yml

@@ -25,6 +25,22 @@ transport:
   max_ssh_sessions: 3
 
 platforms:
+  - name: alpine-latest
+    provisioner:
+      require_ansible_omnibus: false
+    driver_config:
+      run_command: /sbin/tini -v -- /usr/sbin/sshd -D -E /var/log/secure
+      dockerfile: .Dockerfiles/alpine/latest/Dockerfile
+      platform: alpine
+      cap_add:
+        - SYS_ADMIN
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup:ro
+        - <%=ENV['PWD']%>:/opt/workspace # Make the working directory available inside the container
+      run_options:
+        tmpfs:
+        - /run
+
   - name: debian-stable
     driver_config:
       run_command: /lib/systemd/systemd

.travis.yml

@@ -21,6 +21,11 @@ matrix:
       services: docker
       sudo: required
       language: ruby
+    - os: linux
+      env: GITSECRET_DIST="make"; DOCKER_DIST="alpine"
+      services: docker
+      sudo: required
+      language: ruby
     - os: linux
       env: GITSECRET_DIST="none"; GITSECRET_GPG_DEP="gnupg"; SECRETS_GPG_COMMAND="gpg"
       sudo: false

Makefile

@@ -92,6 +92,28 @@ lint:
 install-fpm:
 	@if [ ! `gem list fpm -i` == "true" ]; then gem install fpm; fi
 
+	# .apk:
+
+.PHONY: build-apk
+build-apk: clean build install-fpm
+	@chmod +x "./utils/build-utils.sh"; sync; \
+	chmod +x "./utils/apk/apk-build.sh"; sync; \
+	export SECRET_PROJECT_ROOT="${PWD}"; \
+	"./utils/apk/apk-build.sh"
+
+.PHONY: test-apk-ci
+test-apk-ci: install-test build-apk
+	@chmod +x "./utils/apk/apk-ci.sh"; sync; \
+	export SECRET_PROJECT_ROOT="${PWD}"; \
+	export PATH="${PWD}/vendor/bats/bin:${PATH}"; \
+	"./utils/apk/apk-ci.sh"
+
+.PHONY: deploy-apk
+deploy-apk: build-apk
+	@chmod +x "./utils/apk/apk-deploy.sh"; sync; \
+	export SECRET_PROJECT_ROOT="${PWD}"; \
+	"./utils/apk/apk-deploy.sh"
+
 # .deb:
 
 .PHONY: build-deb

utils/apk/apk-build.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+set -e
+
+# shellcheck disable=SC1090,SC1091
+source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh"
+
+preinstall_files "-c"
+
+# Building .deb package:
+cd "$SCRIPT_DEST_DIR" && build_package "apk"
+
+# Cleaning up:
+clean_up_files && cd "${SECRET_PROJECT_ROOT}"

utils/apk/apk-ci.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+set -e
+
+# Note that this file is created for test purposes:
+# 1. It runs inside the Docker container
+# 2. It does not use `sudo` or anything
+# 3. If you would like to install `.apk` package on your system, see `Installation`
+
+# shellcheck disable=SC1090,SC1091
+source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh"
+
+# This folder should contain just one .apk file:
+APK_FILE_LOCATION=$(locate_apk)
+
+
+# Integration tests
+function integration_tests {
+  # Installing the package:
+  apk add "$APK_FILE_LOCATION"
+
+  # Configuring the dependencies:
+  apk add --update-cache
+
+  # Testing the installation:
+  apk info | grep "git-secret"
+  which "git-secret"
+
+  # Test the manuals:
+  man --where "git-secret" # .7
+  man --where "git-secret-init" # .1
+}
+
+integration_tests
+
+# Unit tests:
+# shellcheck disable=SC1090,SC1091
+source "${SECRET_PROJECT_ROOT}/utils/tests.sh"

utils/apk/apk-deploy.sh

@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+
+set -e
+
+# shellcheck disable=SC1090,SC1091
+source "${SECRET_PROJECT_ROOT}/utils/build-utils.sh"
+
+# Variables, which will be used in `bintray.json`:
+SCRIPT_VERSION=$(bash "${PWD}/git-secret" --version)
+RELEASE_DATE=$(date +%Y-%m-%d)
+
+# add `\"override\": 1 \` into the `matrixParams`, if needed:
+echo "{ \
+  \"package\": { \
+    \"name\": \"git-secret\", \
+    \"repo\": \"apk\", \
+    \"subject\": \"sobolevn\" \
+  }, \
+  \"version\": {
+    \"name\": \"${SCRIPT_VERSION}\", \
+    \"desc\": \"Version ${SCRIPT_VERSION}\", \
+    \"released\": \"${RELEASE_DATE}\", \
+    \"vcs_tag\": \"v${SCRIPT_VERSION}\", \
+    \"gpgSign\": true \
+  }, \
+  \"files\": [{ \
+    \"includePattern\": \"build/buildroot/(.*\.apk)\", \
+    \"uploadPattern\": \"/git-secret_${SCRIPT_VERSION}_all.apk\" \
+  }], \
+  \"publish\": true \
+}" > "${SECRET_PROJECT_ROOT}/build/apk_descriptor.json"