Rakefile in rspec-terraform-0.5.0.pre.3 vs Rakefile in rspec-terraform-0.5.0.pre.4
- old
+ new
@@ -1,34 +1,61 @@
# frozen_string_literal: true
-require 'yaml'
require 'rake_circle_ci'
+require 'rake_git'
+require 'rake_git_crypt'
require 'rake_github'
-require 'rake_ssh'
require 'rake_gpg'
-require 'securerandom'
+require 'rake_ssh'
require 'rspec/core/rake_task'
require 'rubocop/rake_task'
+require 'securerandom'
+require 'yaml'
task default: %i[
library:fix
test:unit
]
+RakeGitCrypt.define_standard_tasks(
+ namespace: :git_crypt,
+
+ provision_secrets_task_name: :'secrets:provision',
+ destroy_secrets_task_name: :'secrets:destroy',
+
+ install_commit_task_name: :'git:commit',
+ uninstall_commit_task_name: :'git:commit',
+
+ gpg_user_key_paths: %w[
+ config/gpg
+ config/secrets/ci/gpg.public
+ ]
+)
+
+namespace :git do
+ RakeGit.define_commit_task(
+ argument_names: [:message]
+ ) do |t, args|
+ t.message = args.message
+ end
+end
+
namespace :encryption do
namespace :directory do
desc 'Ensure CI secrets directory exists.'
task :ensure do
FileUtils.mkdir_p('config/secrets/ci')
end
end
namespace :passphrase do
- desc 'Generate encryption passphrase used by CI.'
+ desc 'Generate encryption passphrase for CI GPG key'
task generate: ['directory:ensure'] do
- File.write('config/secrets/ci/encryption.passphrase',
- SecureRandom.base64(36))
+ File.write(
+ 'config/secrets/ci/encryption.passphrase',
+ SecureRandom.base64(36)
+ )
end
end
end
namespace :keys do
@@ -37,28 +64,54 @@
path: 'config/secrets/ci/',
comment: 'maintainers@infrablocks.io'
)
end
- namespace :gpg do
- RakeGPG.define_generate_key_task(
- output_directory: 'config/secrets/ci',
- name_prefix: 'gpg',
- owner_name: 'InfraBlocks Maintainers',
- owner_email: 'maintainers@infrablocks.io',
- owner_comment: 'rspec-terraform CI Key'
- )
+ namespace :secrets do
+ namespace :gpg do
+ RakeGPG.define_generate_key_task(
+ output_directory: 'config/secrets/ci',
+ name_prefix: 'gpg',
+ owner_name: 'InfraBlocks Maintainers',
+ owner_email: 'maintainers@infrablocks.io',
+ owner_comment: 'rollo CI Key'
+ )
+ end
+
+ desc 'Generate key used by CI to access secrets.'
+ task generate: [:'gpg:generate']
end
end
namespace :secrets do
- desc 'Regenerate all generatable secrets.'
- task regenerate: %w[
+ namespace :directory do
+ desc 'Ensure secrets directory exists and is set up correctly'
+ task :ensure do
+ FileUtils.mkdir_p('config/secrets')
+ unless File.exist?('config/secrets/.unlocked')
+ File.write('config/secrets/.unlocked', 'true')
+ end
+ end
+ end
+
+ desc 'Generate all generatable secrets.'
+ task generate: %w[
encryption:passphrase:generate
keys:deploy:generate
- keys:gpg:generate
+ keys:secrets:generate
]
+
+ desc 'Provision all secrets.'
+ task provision: [:generate]
+
+ desc 'Delete all secrets.'
+ task :destroy do
+ rm_rf 'config/secrets'
+ end
+
+ desc 'Rotate all secrets.'
+ task rotate: [:'git_crypt:reinstall']
end
RuboCop::RakeTask.new
namespace :library do
@@ -114,10 +167,9 @@
end
namespace :pipeline do
desc 'Prepare CircleCI Pipeline'
task prepare: %i[
- circle_ci:project:follow
circle_ci:env_vars:ensure
circle_ci:checkout_keys:ensure
circle_ci:ssh_keys:ensure
github:deploy_keys:ensure
]