Initial commit

cfra · cfra · commit 1af6e4ea06bd · 2019-07-24T20:00:10.000+02:00
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,97 @@
+### Node ###
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+
+# nyc test coverage
+.nyc_output
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (http://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules
+jspm_packages/
+
+# Typescript v1 declaration files
+typings/
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+
+### SublimeText ###
+# cache files for sublime text
+*.tmlanguage.cache
+*.tmPreferences.cache
+*.stTheme.cache
+
+# workspace files are user-specific
+*.sublime-workspace
+
+# project files should be checked into the repository, unless a significant
+# proportion of contributors will probably not be using SublimeText
+# *.sublime-project
+
+# sftp configuration file
+sftp-config.json
+
+# Package control specific files
+Package Control.last-run
+Package Control.ca-list
+Package Control.ca-bundle
+Package Control.system-ca-bundle
+Package Control.cache/
+Package Control.ca-certs/
+Package Control.merged-ca-bundle
+Package Control.user-ca-bundle
+oscrypto-ca-bundle.crt
+bh_unicode_properties.cache
+
+# Sublime-github package stores a github token in this file
+# https://packagecontrol.io/packages/sublime-github
+GitHub.sublime-settings
+
+### Vim ###
+# swap
+.sw[a-p]
+.*.sw[a-p]
+# session
+Session.vim
+# temporary
+.netrwhist
+*~
+# auto-generated tag files
+tags
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,33 @@
+FROM alpine:3.10@sha256:6a92cd1fcdc8d8cdec60f33dda4db2cb1fcdcacf3410a8e05b3741f44a9b5998 AS builder
+
+ENV GIT_CRYPT_VERSION 0.6.0
+ENV GIT_CRYPT_CHECKSUM 777c0c7aadbbc758b69aff1339ca61697011ef7b92f1d1ee9518a8ee7702bb78
+
+RUN apk --update --no-cache add \
+   curl \
+   g++ \
+   make \
+   openssl-dev
+
+RUN curl -fSsL https://github.com/AGWA/git-crypt/archive/$GIT_CRYPT_VERSION.tar.gz \
+            -o git-crypt.tar.gz \
+    && echo "$GIT_CRYPT_CHECKSUM  git-crypt.tar.gz" | sha256sum -c - \
+    && tar xzf git-crypt.tar.gz \
+    && cd git-crypt-$GIT_CRYPT_VERSION \
+    && make \
+    && make install PREFIX=/usr
+
+FROM alpine:3.10@sha256:6a92cd1fcdc8d8cdec60f33dda4db2cb1fcdcacf3410a8e05b3741f44a9b5998
+
+RUN apk --update --no-cache add \
+    git \
+    gnupg \
+    libgcc \
+    libstdc++
+
+COPY --from=builder /usr/bin/git-crypt /usr/bin/git-crypt
+
+COPY entrypoint.sh /entrypoint.sh
+
+WORKDIR /repo
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,16 @@
+Copyright 2019 reelport GmbH
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
+associated documentation files (the "Software"), to deal in the Software without restriction,
+including without limitation the rights to use, copy, modify, merge, publish, distribute,
+sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or
+substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT
+NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT
+OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/README.md b/README.md
@@ -0,0 +1,68 @@
+# Docker Image with git-crypt
+
+[![CircleCI Build](https://circleci.com/gh/PicturePipe/docker-git-crypt.svg?style=shield)](https://circleci.com/gh/PicturePipe/workflows/docker-git-crypt "CircleCI Build")
+[![Renovate enabled](https://img.shields.io/badge/renovate-enabled-brightgreen.svg)](https://renovateapp.com/ "Renovate enabled")
+
+[Docker](https://www.docker.com) image with [git-crypt](https://github.com/AGWA/git-crypt).
+
+## Repository
+
+The docker images are available in our [repository](https://quay.io/repository/picturepipe/git-crypt):
+
+```console
+docker pull quay.io/picturepipe/git-crypt
+```
+
+## Usage
+
+This image can be used directly if you need to decrypt repositories in CI.
+
+There is also wrapper script which allows you to use this docker image to run `git-crypt` as if
+it was installed on your machine.
+
+To use that script, install it somewhere into your `PATH`:
+
+```console
+sudo cp wrapper.sh /usr/local/bin/git-crypt
+```
+
+## Tags
+
+The latest released version is tagged as `latest`.
+
+The releases will follow the upstream version, with an optional dash and number appended, if there
+are multiple releases per upstream version.
+
+So for example, the first release for upstream version `0.6.0` will be tagged `0.6.0`. If there
+is a second release for this upstream version, it will be tagged `0.6.0-1`.
+
+## Preparing a release
+
+This project uses gitflow. To create a release, first start the release branch for the version
+which you want to release:
+
+```console
+git flow release start 0.6.0
+```
+
+Perform any release related changes. At the very least, this means updating the current tag given in
+`README.md`.
+
+Now, publish the release:
+
+```console
+git flow release publish
+```
+
+This will push the branch to GitHub and trigger a run of CI. Once CI is complete and all tests have
+passed, finish the release and push the tag to GitHub:
+
+```console
+git flow release finish --push --tag
+```
+
+## License
+
+Distributed under the MIT license.
+
+Copyright 2019 reelport GmbH
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+#
+# Execute git-crypt with argv[0] set to "git-crypt". Otherwise it will
+# show /usr/bin/git-crypt in usage and also install this full path into
+# the host's git-config, which is not necessarily the location where the
+# wrapper script is installed.
+#
+exec -a "git-crypt" /usr/bin/git-crypt "$@"
diff --git a/renovate.json b/renovate.json
@@ -0,0 +1,3 @@
+{
+  "extends": ["github>PicturePipe/renovate-config"]
+}
diff --git a/wrapper.sh b/wrapper.sh
@@ -0,0 +1,40 @@
+#!/bin/sh
+#
+# This wrapper is intended to be installed in PATH e.g. as /usr/local/bin/git-crypt
+#
+# It allows to use git-crypt using the docker image.
+#
+
+set -e
+
+#
+# On some calls, git will pass along a temporary file to git-crypt.
+# For this to work, we need to mount this file into the container.
+#
+if [ -n "$2" ] && [ "${2:0:1}" = "/" ]; then
+    DOCKER_OPTS="--volume=$2:$2"
+fi
+
+#
+# If the current user has GnuPG configured, pass the GnuPG directory
+# into the container so that the keyring and/or agent can be accessed.
+#
+if [ -d "$HOME/.gnupg" ]; then
+    DOCKER_OPTS="$DOCKER_OPTS --volume=$HOME/.gnupg:/.gnupg"
+fi
+
+#
+# Unlocking the repository might require usage of pinentry which fails
+# if is not run with a terminal.
+#
+if [ x"$1" = x"unlock" ]; then
+    DOCKER_OPTS="$DOCKER_OPTS -t"
+fi
+
+exec docker run \
+        --rm \
+        --interactive \
+        --user=$(id -u):$(id -g) \
+        --volume="$(pwd)":/repo \
+        ${DOCKER_OPTS} \
+        quay.io/picturepipe/git-crypt "$@"

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+{`
	`2`	`+ "extends": ["github>PicturePipe/renovate-config"]`
	`3`	`+}`