Rakefile in rspec-terraform-0.5.0.pre.3 vs Rakefile in rspec-terraform-0.5.0.pre.4

- old
+ new

@@ -1,34 +1,61 @@ # frozen_string_literal: true -require 'yaml' require 'rake_circle_ci' +require 'rake_git' +require 'rake_git_crypt' require 'rake_github' -require 'rake_ssh' require 'rake_gpg' -require 'securerandom' +require 'rake_ssh' require 'rspec/core/rake_task' require 'rubocop/rake_task' +require 'securerandom' +require 'yaml' task default: %i[ library:fix test:unit ] +RakeGitCrypt.define_standard_tasks( + namespace: :git_crypt, + + provision_secrets_task_name: :'secrets:provision', + destroy_secrets_task_name: :'secrets:destroy', + + install_commit_task_name: :'git:commit', + uninstall_commit_task_name: :'git:commit', + + gpg_user_key_paths: %w[ + config/gpg + config/secrets/ci/gpg.public + ] +) + +namespace :git do + RakeGit.define_commit_task( + argument_names: [:message] + ) do |t, args| + t.message = args.message + end +end + namespace :encryption do namespace :directory do desc 'Ensure CI secrets directory exists.' task :ensure do FileUtils.mkdir_p('config/secrets/ci') end end namespace :passphrase do - desc 'Generate encryption passphrase used by CI.' + desc 'Generate encryption passphrase for CI GPG key' task generate: ['directory:ensure'] do - File.write('config/secrets/ci/encryption.passphrase', - SecureRandom.base64(36)) + File.write( + 'config/secrets/ci/encryption.passphrase', + SecureRandom.base64(36) + ) end end end namespace :keys do @@ -37,28 +64,54 @@ path: 'config/secrets/ci/', comment: 'maintainers@infrablocks.io' ) end - namespace :gpg do - RakeGPG.define_generate_key_task( - output_directory: 'config/secrets/ci', - name_prefix: 'gpg', - owner_name: 'InfraBlocks Maintainers', - owner_email: 'maintainers@infrablocks.io', - owner_comment: 'rspec-terraform CI Key' - ) + namespace :secrets do + namespace :gpg do + RakeGPG.define_generate_key_task( + output_directory: 'config/secrets/ci', + name_prefix: 'gpg', + owner_name: 'InfraBlocks Maintainers', + owner_email: 'maintainers@infrablocks.io', + owner_comment: 'rollo CI Key' + ) + end + + desc 'Generate key used by CI to access secrets.' + task generate: [:'gpg:generate'] end end namespace :secrets do - desc 'Regenerate all generatable secrets.' - task regenerate: %w[ + namespace :directory do + desc 'Ensure secrets directory exists and is set up correctly' + task :ensure do + FileUtils.mkdir_p('config/secrets') + unless File.exist?('config/secrets/.unlocked') + File.write('config/secrets/.unlocked', 'true') + end + end + end + + desc 'Generate all generatable secrets.' + task generate: %w[ encryption:passphrase:generate keys:deploy:generate - keys:gpg:generate + keys:secrets:generate ] + + desc 'Provision all secrets.' + task provision: [:generate] + + desc 'Delete all secrets.' + task :destroy do + rm_rf 'config/secrets' + end + + desc 'Rotate all secrets.' + task rotate: [:'git_crypt:reinstall'] end RuboCop::RakeTask.new namespace :library do @@ -114,10 +167,9 @@ end namespace :pipeline do desc 'Prepare CircleCI Pipeline' task prepare: %i[ - circle_ci:project:follow circle_ci:env_vars:ensure circle_ci:checkout_keys:ensure circle_ci:ssh_keys:ensure github:deploy_keys:ensure ]