Merge branch 'release/v3.8.0'

passbolt · Jan 13, 2023 · fb4f97b · fb4f97b
2 parents cf7aebf + 2414ede
commit fb4f97b
Show file tree

Hide file tree

Showing 31 changed files with 769 additions and 514 deletions.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -6,7 +6,6 @@ variables:
   DOCKER_TLS_CERTDIR: ""
 
 stages:
-  - scanning
   - build
   - test-vulnerabilities
   - test
@@ -15,8 +14,9 @@ stages:
 
 include:
   - local: '/.gitlab-ci/Jobs/build_image.yml'
-  - local: '/.gitlab-ci/Jobs/container_security_scan.yml'
+  - local: '/.gitlab-ci/Jobs/rules.yml'
   - local: '/.gitlab-ci/Jobs/test_vulnerabilities.yaml'
   - local: '/.gitlab-ci/Jobs/test_images.yaml'
   - local: '/.gitlab-ci/Jobs/publish.yaml'
   - local: '/.gitlab-ci/Jobs/docker-compose-file-upload.yml'
+  - local: '/.gitlab-ci/Jobs/entrypoint_test.yml'
diff --git a/.gitlab-ci/Jobs/build_image.yml b/.gitlab-ci/Jobs/build_image.yml
@@ -1,4 +1,5 @@
 .build:
+  extends: .rules
   stage: build
   image:
     name: gcr.io/kaniko-project/executor:debug
@@ -22,40 +23,40 @@
         --destination $CI_REGISTRY_IMAGE:${PASSBOLT_FLAVOUR:-local}-${DOCKER_TAG}-$(date +%s) \
         --destination $CI_REGISTRY_IMAGE:${PASSBOLT_FLAVOUR:-local}-${DOCKER_TAG}-latest
 
-.testing-build:
+.stable-build:
   extends: .build
-  rules:
-    - if: '($CI_PIPELINE_SOURCE == "schedule" || $CI_COMMIT_BRANCH == "develop"  || $CI_COMMIT_MESSAGE =~ /test-image/ ) && $PASSBOLT_FLAVOUR =~ /ce|pro/'
-      when: on_success
+  variables:
+    COMPONENT: "stable"
+    PASSBOLT_FLAVOUR: "ce"
+    OPPOSITE_FLAVOUR: "pro"
 
-.stable-build:
+.stable-build-pro:
   extends: .build
   variables:
     COMPONENT: "stable"
-  rules:
-    - if: '$CI_COMMIT_BRANCH == "master" && $PASSBOLT_FLAVOUR =~ /ce|pro/'
-      when: on_success
+    PASSBOLT_FLAVOUR: "pro"
+    OPPOSITE_FLAVOUR: "ce"
 
-build-testing-docker:
-  extends: .testing-build
+build-stable-docker:
+  extends: .stable-build
   variables:
     DOCKERFILE_PATH: "debian/Dockerfile"
     DOCKER_TAG: "root"
 
-build-testing-rootless:
-  extends: .testing-build
+build-stable-rootless:
+  extends: .stable-build
   variables:
     DOCKERFILE_PATH: "debian/Dockerfile.rootless"
     DOCKER_TAG: "rootless"
 
-build-stable-docker:
-  extends: .stable-build
+build-pro-stable-docker:
+  extends: .stable-build-pro
   variables:
     DOCKERFILE_PATH: "debian/Dockerfile"
     DOCKER_TAG: "root"
 
-build-stable-rootless:
-  extends: .stable-build
+build-pro-stable-rootless:
+  extends: .stable-build-pro
   variables:
     DOCKERFILE_PATH: "debian/Dockerfile.rootless"
     DOCKER_TAG: "rootless"
diff --git a/.gitlab-ci/Jobs/container_security_scan.yml b/.gitlab-ci/Jobs/container_security_scan.yml
diff --git a/.gitlab-ci/Jobs/entrypoint_test.yml b/.gitlab-ci/Jobs/entrypoint_test.yml
@@ -0,0 +1,9 @@
+entrypoint-tests:
+  extends: .rules
+  stage: test
+  image: registry.gitlab.com/passbolt/passbolt-ci-docker-images/debian-bullseye-11-slim:latest
+  before_script:
+    - apt update && apt install curl git -y
+    - curl -fsSL https://git.io/shellspec | sh -s -- --yes
+  script:
+    - /root/.local/bin/shellspec -s /bin/bash -f d
diff --git a/.gitlab-ci/Jobs/publish.yaml b/.gitlab-ci/Jobs/publish.yaml
@@ -35,7 +35,7 @@
     IMAGE_NAME: "passbolt/passbolt"
     PASSBOLT_IMAGE_FLAVOUR: "ce"
   rules:
-    - if: '$PASSBOLT_VERSION && $CI_COMMIT_BRANCH == "master" && $PASSBOLT_FLAVOUR == "ce"'
+    - if: '$PASSBOLT_VERSION && $CI_COMMIT_BRANCH == "master" && $PASSBOLT_PUBLISH == "ce"'
       when: on_success
 
 publish-ce:
@@ -62,7 +62,7 @@ publish-pro:
     - *docker-authentication
     - *publish-command
   rules:
-    - if: '$PASSBOLT_VERSION && $CI_COMMIT_BRANCH == "master" && $PASSBOLT_FLAVOUR == "pro"'
+    - if: '$PASSBOLT_VERSION && $CI_COMMIT_BRANCH == "master" && $PASSBOLT_PUBLISH == "pro"'
       when: on_success
 
 publish-pro-non-root:

diff --git a/.gitlab-ci/Jobs/rules.yml b/.gitlab-ci/Jobs/rules.yml
@@ -0,0 +1,4 @@
+.rules:
+  rules:
+  - if:  '$CI_COMMIT_BRANCH && $PASSBOLT_PUBLISH != "OPPOSITE_FLAVOUR"'
+    when: on_success
diff --git a/.gitlab-ci/Jobs/test_images.yaml b/.gitlab-ci/Jobs/test_images.yaml
@@ -1,7 +1,10 @@
 services:
-  - docker:19.03.0-dind
+  - name: registry.gitlab.com/passbolt/passbolt-ci-docker-images/dind:latest
+    alias: docker
+    command: ["--tls=false"]
 
 .test-images:
+  extends: .rules
   stage: test
   image:
     name: registry.gitlab.com/passbolt/passbolt-ci-docker-images/ruby:latest
@@ -10,19 +13,17 @@ services:
     - rake spec:$TEST_NAME
   variables:
     PASSBOLT_COMPONENT: stable
-  rules:
-  - if: '($CI_PIPELINE_SOURCE == "schedule" || $CI_COMMIT_BRANCH == "develop" || $CI_COMMIT_MESSAGE =~ /test-image/ || $CI_COMMIT_BRANCH == "master" ) && $PASSBOLT_FLAVOUR == "ce"'
-    when: on_success
+    PASSBOLT_FLAVOUR: ce
+    OPPOSITE_FLAVOUR: pro
 
 .test-pro-images:
   extends: .test-images
   before_script:
     - cat $SUBSCRIPTION_KEY > subscription_key.txt
   variables:
     PASSBOLT_COMPONENT: stable
-  rules:
-  - if: '($CI_PIPELINE_SOURCE == "schedule" || $CI_COMMIT_BRANCH == "develop" || $CI_COMMIT_MESSAGE =~ /test-image/ || $CI_COMMIT_BRANCH == "master" ) && $PASSBOLT_FLAVOUR == "pro"'
-    when: on_success
+    PASSBOLT_FLAVOUR: pro
+    OPPOSITE_FLAVOUR: ce
 
 ce-docker-image:
   extends: .test-images

diff --git a/.gitlab-ci/Jobs/test_vulnerabilities.yaml b/.gitlab-ci/Jobs/test_vulnerabilities.yaml
@@ -1,4 +1,5 @@
 .test-vulnerabilities:
+  extends: .rules
   stage: test-vulnerabilities
   image:
     name: registry.gitlab.com/passbolt/passbolt-ci-docker-images/aquasec:latest
@@ -8,13 +9,29 @@
     DOCKER_TAG: root
   script:
     - trivy image --ignore-unfixed $CI_REGISTRY_IMAGE:${PASSBOLT_FLAVOUR}-${DOCKER_TAG}-latest
-  rules:
-    - if: '($CI_PIPELINE_SOURCE == "schedule" || $CI_COMMIT_BRANCH == "master" || $CI_COMMIT_BRANCH == "develop" || $CI_COMMIT_MESSAGE =~ /test-image/ ) && $PASSBOLT_FLAVOUR =~ /ce|pro/'
-      when: on_success
 
-docker:
+docker-ce:
   extends: .test-vulnerabilities
-docker-non-root:
+  variables:
+    PASSBOLT_FLAVOUR: "ce"
+    OPPOSITE_FLAVOUR: "pro"
+
+docker-ce-rootless:
+  extends: .test-vulnerabilities
+  variables:
+    PASSBOLT_FLAVOUR: "ce"
+    DOCKER_TAG: "rootless"
+    OPPOSITE_FLAVOUR: "pro"
+
+docker-pro:
+  extends: .test-vulnerabilities
+  variables:
+    PASSBOLT_FLAVOUR: "pro"
+    OPPOSITE_FLAVOUR: "ce"
+
+docker-pro-rootless:
   extends: .test-vulnerabilities
   variables:
+    PASSBOLT_FLAVOUR: "pro"
     DOCKER_TAG: "rootless"
+    OPPOSITE_FLAVOUR: "ce"
diff --git a/.shellspec b/.shellspec
@@ -0,0 +1,13 @@
+--require spec_helper
+
+## Default kcov (coverage) options
+# --kcov-options "--include-path=. --path-strip-level=1"
+# --kcov-options "--include-pattern=.sh"
+# --kcov-options "--exclude-pattern=/.shellspec,/spec/,/coverage/,/report/"
+
+## Example: Include script "myprog" with no extension
+# --kcov-options "--include-pattern=.sh,myprog"
+
+## Example: Only specified files/directories
+# --kcov-options "--include-pattern=myprog,/lib/"
+--execdir @basedir/debian/scripts
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,7 +2,18 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
-## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v3.7.5...HEAD)
+## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v3.8.0...HEAD)
+
+## [3.8.0](https://github.com/passbolt/passbolt_docker/compare/v3.7.5...v3.8.0) - 2023-01-13
+
+### Added
+
+- Support for docker secrets
+- Shellspec for entrypoint testing
+
+### Changed
+
+- Entrypoint refactor in separated libraries for increased testability
 
 ## [3.7.5](https://github.com/passbolt/passbolt_docker/compare/v3.7.4...v3.7.5) - 2022-12-01
 

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -2,51 +2,50 @@ GEM
   remote: https://rubygems.org/
   specs:
     coderay (1.1.3)
-    diff-lcs (1.4.4)
-    docker-api (2.0.0)
+    diff-lcs (1.5.0)
+    docker-api (2.2.0)
       excon (>= 0.47.0)
       multi_json
-    excon (0.79.0)
+    excon (0.97.0)
     method_source (1.0.0)
     multi_json (1.15.0)
-    net-scp (3.0.0)
-      net-ssh (>= 2.6.5, < 7.0.0)
-    net-ssh (6.1.0)
+    net-scp (4.0.0)
+      net-ssh (>= 2.6.5, < 8.0.0)
+    net-ssh (7.0.1)
     net-telnet (0.1.1)
-    pry (0.14.0)
+    pry (0.14.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    rake (13.0.3)
-    rspec (3.10.0)
-      rspec-core (~> 3.10.0)
-      rspec-expectations (~> 3.10.0)
-      rspec-mocks (~> 3.10.0)
-    rspec-core (3.10.1)
-      rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.1)
+    rake (13.0.6)
+    rspec (3.12.0)
+      rspec-core (~> 3.12.0)
+      rspec-expectations (~> 3.12.0)
+      rspec-mocks (~> 3.12.0)
+    rspec-core (3.12.0)
+      rspec-support (~> 3.12.0)
+    rspec-expectations (3.12.2)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
+      rspec-support (~> 3.12.0)
     rspec-its (1.3.0)
       rspec-core (>= 3.0.0)
       rspec-expectations (>= 3.0.0)
-    rspec-mocks (3.10.2)
+    rspec-mocks (3.12.2)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-support (3.10.2)
-    serverspec (2.41.5)
+      rspec-support (~> 3.12.0)
+    rspec-support (3.12.0)
+    serverspec (2.42.1)
       multi_json
       rspec (~> 3.0)
       rspec-its
       specinfra (~> 2.72)
     sfl (2.3)
-    specinfra (2.82.23)
+    specinfra (2.84.0)
       net-scp
       net-ssh (>= 2.7)
       net-telnet (= 0.1.1)
       sfl
 
 PLATFORMS
-  ruby
   x86_64-linux
 
 DEPENDENCIES
@@ -56,4 +55,4 @@ DEPENDENCIES
   serverspec
 
 BUNDLED WITH
-   2.2.6
+   2.4.1