module Conjur::Debify module Action class Publish def detect_component branch = ENV['GIT_BRANCH'] || ENV['BRANCH_NAME'] || `git rev-parse --abbrev-ref HEAD`.strip if %w[master origin/master].include?(branch) 'stable' else branch.gsub('/', '.') end end attr_reader :distribution, :project_name, :cmd_options def initialize(distribution, project_name, cmd_options) @distribution = distribution @project_name = project_name @cmd_options = cmd_options end def run dir = cmd_options[:dir] || '.' dir = File.expand_path(dir) raise "Directory #{dir} does not exist or is not a directory" unless File.directory?(dir) Dir.chdir dir do version = cmd_options[:version] || detect_version publish_image = create_image DebugMixin.debug_write "Built base publish image '#{publish_image.id}'\n" art_url = cmd_options[:url] deb_art_repo = cmd_options[:repo] art_user = ENV['ARTIFACTORY_USER'] art_password = ENV['ARTIFACTORY_PASSWORD'] art_user, art_password = fetch_art_creds unless art_user && art_password # Publish AMD64 deb package component = cmd_options[:component] || detect_component deb_info = "#{distribution}/#{component}/amd64" package_name = "conjur-#{project_name}_#{version}_amd64.deb" publish_package( publish_image:, art_url:, art_user:, art_password:, art_repo: deb_art_repo, package_name:, dir:, deb_info: ) # (Optional) Publish ARM64 deb package unless Dir.glob('*_arm64.deb').empty? deb_info = "#{distribution}/#{component}/arm64" package_name = "conjur-#{project_name}_#{version}_arm64.deb" publish_package( publish_image:, art_url:, art_user:, art_password:, art_repo: deb_art_repo, package_name:, dir:, deb_info: ) end # Publish RPM package # The rpm builder replaces dashes with underscores in the version rpm_version = version.tr('-', '_') package_name = "conjur-#{project_name}-#{rpm_version}-1.*.rpm" rpm_art_repo = cmd_options['rpm-repo'] publish_package( publish_image:, art_url:, art_user:, art_password:, art_repo: rpm_art_repo, package_name:, dir: ) end end def create_image Docker::Image.build_from_dir File.expand_path('../../publish', File.dirname(__FILE__)), tag: 'debify-publish', &DebugMixin::DOCKER end def fetch_art_creds require 'conjur/cli' require 'conjur/authn' Conjur::Config.load Conjur::Config.apply conjur = Conjur::Authn.connect nil, noask: true account = Conjur.configuration.account username_var = [account, 'variable', 'ci/artifactory/users/jenkins/username'].join(':') password_var = [account, 'variable', 'ci/artifactory/users/jenkins/password'].join(':') [conjur.resource(username_var).value, conjur.resource(password_var).value] end def publish_package( publish_image:, art_url:, art_user:, art_password:, art_repo:, package_name:, dir:, deb_info: nil ) cmd_args = [ 'jfrog', 'rt', 'upload', '--url', art_url, '--user', art_user, '--password', art_password ] cmd_args += ['--deb', deb_info] if deb_info cmd_args += [package_name, "#{art_repo}/"] options = { 'Image' => publish_image.id, 'Cmd' => cmd_args, 'HostConfig' => { 'Binds' => [ [dir, '/src'].join(':') ] }, 'WorkingDir' => '/src' } options['Privileged'] = true if Docker.version['Version'] >= '1.10.0' publish(options) end def publish(options) container = Docker::Container.create(options) begin container.tap(&:start!).streaming_logs(follow: true, stdout: true, stderr: true) do |_stream, chunk| puts "#{chunk}" end status = container.wait raise 'Failed to publish package' unless status['StatusCode'] == 0 ensure container.delete(force: true) end end end end end