Package chef-vault as an hab package

Gemfile

@@ -5,6 +5,7 @@ gemspec
 group :development do
   gem "chefstyle"
   gem "rake"
+  gem "appbundler"
   if Gem::Version.new(RUBY_VERSION) < Gem::Version.new("3.0.0")
     gem "contracts", "~> 0.16.1" # pin until we drop ruby < 2.7
     gem "chef-zero"
@@ -15,11 +16,11 @@ group :development do
   else
     gem "contracts", "~> 0.17"
     gem "chef-zero", ">= 15.0.4"
-    gem "chef", "~> 17.0"
+    gem "chef", ">= 18.5.0"
     gem "rspec", "~> 3.0"
     gem "aruba", "~> 2.2"
-    gem "knife", "~> 17.0"
-    gem "chef-utils", "17.10.68" # pin until we drop ruby >=3
+    gem "knife", "~> 18.0"
+    gem "chef-utils", ">= 18.5.0" # pin until we drop ruby >=3
   end
 end
 

chef-vault.gemspec

@@ -31,5 +31,5 @@ Gem::Specification.new do |s|
   s.bindir           = "bin"
   s.executables      = %w{ chef-vault }
 
-  s.required_ruby_version = ">= 2.7"
+  s.required_ruby_version = ">= 3.1"
 end

habitat/plan.ps1

@@ -0,0 +1,86 @@
+$ErrorActionPreference = "Stop"
+$PSDefaultParameterValues['*:ErrorAction']='Stop'
+
+$pkg_name="chef-vault"
+$pkg_origin="core"
+$pkg_version="4.1.12"
+$pkg_revision="1"
+$pkg_maintainer="The Chef Maintainers <[email protected]>"
+
+$pkg_deps=@(
+  "chef/ruby31-plus-devkit"
+  "core/git"
+)
+$pkg_bin_dirs=@("bin"
+                "vendor/bin")
+$project_root= (Resolve-Path "$PLAN_CONTEXT/../").Path
+
+function Invoke-SetupEnvironment {
+    Push-RuntimeEnv -IsPath GEM_PATH "$pkg_prefix/vendor"
+
+    Set-RuntimeEnv APPBUNDLER_ALLOW_RVM "true" # prevent appbundler from clearing out the carefully constructed runtime GEM_PATH
+    Set-RuntimeEnv FORCE_FFI_YAJL "ext"
+    Set-RuntimeEnv LANG "en_US.UTF-8"
+    Set-RuntimeEnv LC_CTYPE "en_US.UTF-8"
+}
+
+function Invoke-Build {
+    try {
+        $env:Path += ";c:\\Program Files\\Git\\bin"
+        Push-Location $project_root
+        $env:GEM_HOME = "$HAB_CACHE_SRC_PATH/$pkg_dirname/vendor"
+
+        Write-BuildLine " ** Configuring bundler for this build environment"
+        bundle config --local without integration deploy maintenance
+        bundle config --local jobs 4
+        bundle config --local retry 5
+        bundle config --local silence_root_warning 1
+        Write-BuildLine " ** Using bundler to retrieve the Ruby dependencies"
+        bundle install
+
+        gem build chef-vault.gemspec
+	Write-BuildLine " ** Using gem to  install"
+	gem install chef-vault*.gem --no-document
+
+
+        If ($lastexitcode -ne 0) { Exit $lastexitcode }
+    } finally {
+        Pop-Location
+    }
+}
+
+function Invoke-Install {
+    Write-BuildLine "** Copy built & cached gems to install directory"
+    Copy-Item -Path "$HAB_CACHE_SRC_PATH/$pkg_dirname/*" -Destination $pkg_prefix -Recurse -Force -Exclude @("gem_make.out", "mkmf.log", "Makefile",
+                     "*/latest", "latest",
+                     "*/JSON-Schema-Test-Suite", "JSON-Schema-Test-Suite")
+
+    try {
+        Push-Location $pkg_prefix
+        bundle config --local gemfile $project_root/Gemfile
+         Write-BuildLine "** generating binstubs for chef-vault with precise version pins"
+	 Write-BuildLine "** generating binstubs for chef-vault with precise version pins $project_root $pkg_prefix/bin " 
+            Invoke-Expression -Command "appbundler.bat $project_root $pkg_prefix/bin chef-vault"
+            If ($lastexitcode -ne 0) { Exit $lastexitcode }
+	Write-BuildLine " ** Running the chef-vault project's 'rake install' to install the path-based gems so they look like any other installed gem."
+
+        If ($lastexitcode -ne 0) { Exit $lastexitcode }
+    } finally {
+        Pop-Location
+    }
+}
+
+function Invoke-After {
+    # We don't need the cache of downloaded .gem files ...
+    Remove-Item $pkg_prefix/vendor/cache -Recurse -Force
+    # We don't need the gem docs.
+    Remove-Item $pkg_prefix/vendor/doc -Recurse -Force
+    # We don't need to ship the test suites for every gem dependency,
+    # only inspec's for package verification.
+    Get-ChildItem $pkg_prefix/vendor/gems -Filter "spec" -Directory -Recurse -Depth 1 `
+        | Where-Object -FilterScript { $_.FullName -notlike "*chef-vault*" }             `
+        | Remove-Item -Recurse -Force
+    # Remove the byproducts of compiling gems with extensions
+    Get-ChildItem $pkg_prefix/vendor/gems -Include @("gem_make.out", "mkmf.log", "Makefile") -File -Recurse `
+        | Remove-Item -Force
+}

habitat/plan.sh

@@ -0,0 +1,79 @@
+pkg_name=chef-vault
+pkg_origin=core
+pkg_version="4.1.12"
+pkg_description="Gem that allows you to encrypt a Chef Data Bag Item using the public keys of a list of chef nodes. This allows only those chef nodes to decrypt the encrypted values."
+pkg_license=('Apache-2.0')
+pkg_deps=(
+  core/ruby31
+  core/bash
+  core/git
+)
+pkg_build_deps=(
+  core/gcc
+  core/make
+)
+pkg_bin_dirs=(bin)
+
+# Setup environment variables for Ruby Gems
+do_setup_environment() {
+  build_line "Setting up GEM_HOME and GEM_PATH"
+  export GEM_HOME="$pkg_prefix/lib"
+  export GEM_PATH="$GEM_HOME"
+}
+
+# Unpack the source files into the cache directory
+do_unpack() {
+  local unpack_dir="$HAB_CACHE_SRC_PATH/$pkg_dirname"
+  build_line "Creating unpack directory: $unpack_dir"
+  mkdir -pv "$unpack_dir"
+  cp -RT "$PLAN_CONTEXT"/.. "$unpack_dir/"
+}
+
+# Build the gem from the gemspec file
+do_build() {
+  build_line "Building the gem from the gemspec file"
+  pushd "$HAB_CACHE_SRC_PATH/$pkg_dirname" > /dev/null
+  gem build chef-vault.gemspec
+  popd > /dev/null
+}
+
+# Install the built gem into the package directory
+do_install() {
+  build_line "Installing the gem"
+  pushd "$HAB_CACHE_SRC_PATH/$pkg_dirname" > /dev/null
+  gem install chef-vault-*.gem --no-document
+  popd > /dev/null
+
+  wrap_chef_vault_bin
+}
+
+# Create a wrapper script to properly set paths and execute the chef-vault command
+wrap_chef_vault_bin() {
+  local bin="$pkg_prefix/bin/chef-vault"
+  local real_bin="$GEM_HOME/gems/chef-vault-${pkg_version}/bin/chef-vault"
+  build_line "Adding wrapper $bin to $real_bin"
+
+#   build_line "Creating wrapper script: $bin"
+  cat <<EOF > "$bin"
+#!$(pkg_path_for core/bash)/bin/bash
+set -e
+
+# Set the PATH for chef-vault to include necessary binaries
+export PATH="/sbin:/usr/sbin:/usr/local/sbin:/usr/local/bin:/usr/bin:/bin:\$PATH"
+
+# Set Ruby paths defined from 'do_setup_environment()'
+export GEM_HOME="$GEM_HOME"
+export GEM_PATH="$GEM_PATH"
+
+# Execute the chef-vault binary
+exec $(pkg_path_for core/ruby31)/bin/ruby $real_bin "\$@"
+EOF
+
+  # Ensure the wrapper script is executable
+  chmod -v 755 "$bin"
+}
+
+# No additional stripping needed
+do_strip() {
+  return 0
+}