diff --git a/.expeditor/verify.pipeline.yml b/.expeditor/verify.pipeline.yml index 4155273..53fa4a1 100644 --- a/.expeditor/verify.pipeline.yml +++ b/.expeditor/verify.pipeline.yml @@ -11,20 +11,6 @@ expeditor: steps: -- label: run-specs-ruby-2.7 - command: - - .expeditor/run_linux_tests.sh rake - expeditor: - executor: - docker: - image: ruby:2.7 -- label: run-specs-ruby-3.0 - command: - - .expeditor/run_linux_tests.sh rake - expeditor: - executor: - docker: - image: ruby:3.0 - label: run-specs-ruby-3.1 command: - .expeditor/run_linux_tests.sh rake @@ -33,21 +19,6 @@ steps: docker: image: ruby:3.1 -- label: run-specs-ruby-3.0-windows - command: - - .expeditor/run_windows_tests.ps1 - expeditor: - executor: - docker: - host_os: windows - shell: ["powershell", "-Command"] - image: rubydistros/windows-2019:3.0 - user: 'NT AUTHORITY\SYSTEM' - environment: - - FORCE_FFI_YAJL=ext - - EXPIRE_CACHE=true - - CHEF_LICENSE=accept-no-persist - - label: run-specs-ruby-3.1-windows command: - .expeditor/run_windows_tests.ps1 diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml index 90c43a6..1b97629 100644 --- a/.github/workflows/unit.yml +++ b/.github/workflows/unit.yml @@ -15,10 +15,10 @@ jobs: runs-on: ubuntu-18.04 steps: - uses: actions/checkout@v2 - - name: Set up ruby 2.7 + - name: Set up ruby 3.1 uses: ruby/setup-ruby@v1 with: - ruby-version: 2.7 + ruby-version: 3.1 bundler-cache: true - name: run specs run: bundle exec rake spec --trace diff --git a/Gemfile b/Gemfile index 089115f..75b5b37 100644 --- a/Gemfile +++ b/Gemfile @@ -5,6 +5,7 @@ gemspec group :development do gem "chefstyle" gem "rake" + gem "appbundler" if Gem::Version.new(RUBY_VERSION) < Gem::Version.new("3.0.0") gem "contracts", "~> 0.16.1" # pin until we drop ruby < 2.7 gem "chef-zero" @@ -15,11 +16,11 @@ group :development do else gem "contracts", "~> 0.17" gem "chef-zero", ">= 15.0.4" - gem "chef", "~> 17.0" + gem "chef", ">= 18.5.0" gem "rspec", "~> 3.0" gem "aruba", "~> 2.2" - gem "knife", "~> 17.0" - gem "chef-utils", "17.10.68" # pin until we drop ruby >=3 + gem "knife", "~> 18.0" + gem "chef-utils", ">= 18.5.0" # pin until we drop ruby >=3 end end diff --git a/Rakefile b/Rakefile index d234851..2a6a2f6 100644 --- a/Rakefile +++ b/Rakefile @@ -1,6 +1,6 @@ require "bundler/gem_tasks" -WINDOWS_PLATFORM = %w{ x64-mingw32 x64-mingw-ucrt ruby }.freeze +WINDOWS_PLATFORM = /mswin|win32|mingw/.freeze unless defined? WINDOWS_PLATFORM # Style Tests begin diff --git a/chef-vault.gemspec b/chef-vault.gemspec index 6bfeae6..e7a5f77 100644 --- a/chef-vault.gemspec +++ b/chef-vault.gemspec @@ -14,7 +14,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -$:.push File.expand_path("lib", __dir__) +lib = File.expand_path("lib", __dir__) +$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib) require "chef-vault/version" Gem::Specification.new do |s| @@ -31,5 +32,5 @@ Gem::Specification.new do |s| s.bindir = "bin" s.executables = %w{ chef-vault } - s.required_ruby_version = ">= 2.7" + s.required_ruby_version = ">= 3.1" end diff --git a/habitat/plan.ps1 b/habitat/plan.ps1 new file mode 100644 index 0000000..4138603 --- /dev/null +++ b/habitat/plan.ps1 @@ -0,0 +1,86 @@ +$ErrorActionPreference = "Stop" +$PSDefaultParameterValues['*:ErrorAction']='Stop' + +$pkg_name="chef-vault" +$pkg_origin="core" +$pkg_version="4.1.12" +$pkg_revision="1" +$pkg_maintainer="The Chef Maintainers " + +$pkg_deps=@( + "chef/ruby31-plus-devkit" + "core/git" +) +$pkg_bin_dirs=@("bin" + "vendor/bin") +$project_root= (Resolve-Path "$PLAN_CONTEXT/../").Path + +function Invoke-SetupEnvironment { + Push-RuntimeEnv -IsPath GEM_PATH "$pkg_prefix/vendor" + + Set-RuntimeEnv APPBUNDLER_ALLOW_RVM "true" # prevent appbundler from clearing out the carefully constructed runtime GEM_PATH + Set-RuntimeEnv FORCE_FFI_YAJL "ext" + Set-RuntimeEnv LANG "en_US.UTF-8" + Set-RuntimeEnv LC_CTYPE "en_US.UTF-8" +} + +function Invoke-Build { + try { + $env:Path += ";c:\\Program Files\\Git\\bin" + Push-Location $project_root + $env:GEM_HOME = "$HAB_CACHE_SRC_PATH/$pkg_dirname/vendor" + + Write-BuildLine " ** Configuring bundler for this build environment" + bundle config --local without integration deploy maintenance + bundle config --local jobs 4 + bundle config --local retry 5 + bundle config --local silence_root_warning 1 + Write-BuildLine " ** Using bundler to retrieve the Ruby dependencies" + bundle install + + gem build chef-vault.gemspec + Write-BuildLine " ** Using gem to install" + gem install chef-vault*.gem --no-document + + + If ($lastexitcode -ne 0) { Exit $lastexitcode } + } finally { + Pop-Location + } +} + +function Invoke-Install { + Write-BuildLine "** Copy built & cached gems to install directory" + Copy-Item -Path "$HAB_CACHE_SRC_PATH/$pkg_dirname/*" -Destination $pkg_prefix -Recurse -Force -Exclude @("gem_make.out", "mkmf.log", "Makefile", + "*/latest", "latest", + "*/JSON-Schema-Test-Suite", "JSON-Schema-Test-Suite") + + try { + Push-Location $pkg_prefix + bundle config --local gemfile $project_root/Gemfile + Write-BuildLine "** generating binstubs for chef-vault with precise version pins" + Write-BuildLine "** generating binstubs for chef-vault with precise version pins $project_root $pkg_prefix/bin " + Invoke-Expression -Command "appbundler.bat $project_root $pkg_prefix/bin chef-vault" + If ($lastexitcode -ne 0) { Exit $lastexitcode } + Write-BuildLine " ** Running the chef-vault project's 'rake install' to install the path-based gems so they look like any other installed gem." + + If ($lastexitcode -ne 0) { Exit $lastexitcode } + } finally { + Pop-Location + } +} + +function Invoke-After { + # We don't need the cache of downloaded .gem files ... + Remove-Item $pkg_prefix/vendor/cache -Recurse -Force + # We don't need the gem docs. + Remove-Item $pkg_prefix/vendor/doc -Recurse -Force + # We don't need to ship the test suites for every gem dependency, + # only inspec's for package verification. + Get-ChildItem $pkg_prefix/vendor/gems -Filter "spec" -Directory -Recurse -Depth 1 ` + | Where-Object -FilterScript { $_.FullName -notlike "*chef-vault*" } ` + | Remove-Item -Recurse -Force + # Remove the byproducts of compiling gems with extensions + Get-ChildItem $pkg_prefix/vendor/gems -Include @("gem_make.out", "mkmf.log", "Makefile") -File -Recurse ` + | Remove-Item -Force +} \ No newline at end of file diff --git a/habitat/plan.sh b/habitat/plan.sh new file mode 100644 index 0000000..94fe4b9 --- /dev/null +++ b/habitat/plan.sh @@ -0,0 +1,162 @@ +_chef_client_ruby="core/ruby31" +pkg_name=chef-vault +pkg_origin=ngupta26 +pkg_description="Gem that allows you to encrypt a Chef Data Bag Item using the public keys of a list of chef nodes. This allows only those chef nodes to decrypt the encrypted values." +pkg_license=('Apache-2.0') +pkg_bin_dirs=( + bin + vendor/bin +) +pkg_build_deps=( + core/make + core/gcc + core/git + core/libarchive +) +pkg_deps=( + $_chef_client_ruby + core/coreutils +) +pkg_svc_user=root + +pkg_version() { + cat "${SRC_PATH}/VERSION" +} + +do_before() { + do_default_before + update_pkg_version + # We must wait until we update the pkg_version to use the pkg_version + pkg_filename="${pkg_name}-${pkg_version}.tar.gz" +} + +do_download() { + build_line "Locally creating archive of latest repository commit at ${HAB_CACHE_SRC_PATH}/${pkg_filename}" + # source is in this repo, so we're going to create an archive from the + # appropriate path within the repo and place the generated tarball in the + # location expected by do_unpack + ( cd "${SRC_PATH}" || exit_with "unable to enter hab-src directory" 1 + git archive --prefix="${pkg_name}-${pkg_version}/" --output="${HAB_CACHE_SRC_PATH}/${pkg_filename}" HEAD + ) +} + +do_verify() { + build_line "Skipping checksum verification on the archive we just created." + return 0 +} + +# Setup environment variables for Ruby Gems +do_setup_environment() { + push_runtime_env GEM_PATH "${pkg_prefix}/vendor" + + set_runtime_env APPBUNDLER_ALLOW_RVM "true" # prevent appbundler from clearing out the carefully constructed runtime GEM_PATH + set_runtime_env LANG "en_US.UTF-8" + set_runtime_env LC_CTYPE "en_US.UTF-8" +} + +do_prepare() { + export GEM_HOME="${pkg_prefix}/vendor" + export CPPFLAGS="${CPPFLAGS} ${CFLAGS}" + + ( cd "$CACHE_PATH" + bundle config --local jobs "$(nproc)" + bundle config --local without server docgen maintenance pry travis integration ci chefstyle + bundle config --local shebang "$(pkg_path_for "$_chef_client_ruby")/bin/ruby" + bundle config --local retry 5 + bundle config --local silence_root_warning 1 + ) + + build_line "Setting link for /usr/bin/env to 'coreutils'" + if [ ! -f /usr/bin/env ]; then + ln -s "$(pkg_interpreter_for core/coreutils bin/env)" /usr/bin/env + fi +} + +# Unpack the source files into the cache directory +# do_unpack() { +# local unpack_dir="$HAB_CACHE_SRC_PATH/$pkg_dirname" +# build_line "Creating unpack directory: $unpack_dir" +# mkdir -pv "$unpack_dir" +# cp -RT "$PLAN_CONTEXT"/.. "$unpack_dir/" +# } + +# Build the gem from the gemspec file +do_build() { + ( cd "$CACHE_PATH" || exit_with "unable to enter hab-cache directory" 1 + build_line "Installing gem dependencies ..." + bundle install --jobs=3 --retry=3 + build_line "Installing gems from git repos properly ..." + build_line "Installing this project's gems ..." + bundle exec rake install:local + gem install chef-utils chef-config appbundler + ) +} + +# Install the built gem into the package directory +do_install() { + ( cd "$pkg_prefix" || exit_with "unable to enter pkg prefix directory" 1 + export BUNDLE_GEMFILE="${CACHE_PATH}/Gemfile" + build_line "** fixing binstub shebangs" + fix_interpreter "${pkg_prefix}/vendor/bin/*" "$_chef_client_ruby" bin/ruby + export BUNDLE_GEMFILE="${CACHE_PATH}/Gemfile" + for gem in chef-vault; do + build_line "** generating binstubs for $gem with precise version pins" + appbundler $CACHE_PATH $pkg_prefix/bin $gem + done + ) +} + +do_after() { + build_line "Trimming the fat ..." + + # We don't need the cache of downloaded .gem files ... + rm -rf "$pkg_prefix/vendor/cache" + + rm -r "$pkg_prefix/vendor/bundler" + + # We don't need the gem docs. + rm -rf "$pkg_prefix/vendor/doc" + # We don't need to ship the test suites for every gem dependency, + # only Chef's for package verification. + find "$pkg_prefix/vendor/gems" -name spec -type d | grep -v "chef-vault-${pkg_version}" \ + | while read spec_dir; do rm -rf "$spec_dir"; done +} + + +# Create a wrapper script to properly set paths and execute the chef-vault command +# wrap_chef_vault_bin() { +# local bin="$pkg_prefix/bin/chef-vault" +# local real_bin="$GEM_HOME/gems/chef-vault-${pkg_version}/bin/chef-vault" +# build_line "Adding wrapper $bin to $real_bin" + +# # build_line "Creating wrapper script: $bin" +# cat < "$bin" +# #!$(pkg_path_for core/bash)/bin/bash +# set -e + +# # Set the PATH for chef-vault to include necessary binaries +# export PATH="/sbin:/usr/sbin:/usr/local/sbin:/usr/local/bin:/usr/bin:/bin:\$PATH" + +# # Set Ruby paths defined from 'do_setup_environment()' +# export GEM_HOME="$GEM_HOME" +# export GEM_PATH="$GEM_PATH" + +# # Execute the chef-vault binary +# exec $(pkg_path_for core/ruby31)/bin/ruby $real_bin "\$@" +# EOF + +# # Ensure the wrapper script is executable +# chmod -v 755 "$bin" +# } + +do_end() { + if [ "$(readlink /usr/bin/env)" = "$(pkg_interpreter_for core/coreutils bin/env)" ]; then + build_line "Removing the symlink we created for '/usr/bin/env'" + rm /usr/bin/env + fi +} + +# No additional stripping needed +do_strip() { + return 0 +} \ No newline at end of file diff --git a/lib/chef-vault/version.rb b/lib/chef-vault/version.rb index 6436819..dbd3c56 100644 --- a/lib/chef-vault/version.rb +++ b/lib/chef-vault/version.rb @@ -15,6 +15,5 @@ # limitations under the License. class ChefVault - VERSION = "4.1.12" - MAJOR, MINOR, TINY = VERSION.split(".") + VERSION = "4.1.12".freeze end