Merge branch 'main' into allow-ignoring-expirations

Gemfile.lock

@@ -1,12 +1,10 @@
 PATH
   remote: .
   specs:
-    entitlements (0.1.6)
+    entitlements-app (0.1.8)
       concurrent-ruby (= 1.1.9)
       contracts (= 0.16.0)
-      faraday (>= 0.17.3, < 0.18)
       net-ldap (~> 0.17.0)
-      octokit (~> 4.18)
       optimist (= 3.0.0)
 
 GEM
@@ -22,23 +20,16 @@ GEM
     ast (2.4.2)
     concurrent-ruby (1.1.9)
     contracts (0.16.0)
-    contracts-rspec (0.1.0)
     crack (0.4.5)
       rexml
     diff-lcs (1.5.0)
     docile (1.4.0)
-    faraday (0.17.5)
-      multipart-post (>= 1.2, < 3)
     hashdiff (1.0.1)
     i18n (1.10.0)
       concurrent-ruby (~> 1.0)
     json (2.6.2)
     minitest (5.15.0)
-    multipart-post (2.2.2)
     net-ldap (0.17.1)
-    octokit (4.22.0)
-      faraday (>= 0.9)
-      sawyer (~> 0.8.0, >= 0.5.3)
     optimist (3.0.0)
     parallel (1.22.1)
     parser (3.1.2.0)
@@ -86,9 +77,6 @@ GEM
       rubocop (>= 1.7.0, < 2.0)
     ruby-progressbar (1.11.0)
     rugged (0.27.5)
-    sawyer (0.8.2)
-      addressable (>= 2.3.5)
-      faraday (> 0.8, < 2.0)
     simplecov (0.16.1)
       docile (~> 1.1)
       json (>= 1.8, < 3)
@@ -109,8 +97,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  contracts-rspec (= 0.1.0)
-  entitlements!
+  entitlements-app!
   rake (= 13.0.6)
   rspec (= 3.8.0)
   rspec-core (= 3.8.0)
@@ -124,4 +111,4 @@ DEPENDENCIES
   webmock (= 3.4.2)
 
 BUNDLED WITH
-   2.3.8
+   2.3.15

VERSION

@@ -1 +1 @@
-0.1.6
+0.1.8

docs/plugins.md

@@ -6,7 +6,7 @@ Your `entitlements-app` config `config/entitlements.yaml` runs through ERB inter
 <%-
   unless ENV['CI_MODE']
     begin
-      require_relative "/data/entitlements/lib/entitlements-and-plugins"
+      require_relative "/data/entitlements-app/lib/entitlements-and-plugins"
     rescue Exception
       begin
         require_relative "lib/entitlements-and-plugins"

entitlements-app.gemspec

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 Gem::Specification.new do |s|
-  s.name = "entitlements"
+  s.name = ENV['GEM_NAME'] ? ENV['GEM_NAME'] : 'entitlements-app'
   s.version = File.read("VERSION").chomp
   s.summary = "git-managed LDAP group configurations"
   s.description = "The Ruby Gem that Powers Entitlements - GitHub's Identity and Access Management System"
@@ -11,15 +11,13 @@ Gem::Specification.new do |s|
   s.files = Dir.glob("lib/**/*") + %w[bin/deploy-entitlements VERSION]
   s.homepage = "https://github.com/github/entitlements-app"
   s.executables = %w[deploy-entitlements]
+  s.required_ruby_version = '~> 2.0'
 
   s.add_dependency "concurrent-ruby", "= 1.1.9"
   s.add_dependency "contracts", "= 0.16.0"
-  s.add_dependency "faraday", ">= 0.17.3", "< 0.18"
   s.add_dependency "net-ldap", "~> 0.17.0"
-  s.add_dependency "octokit", "~> 4.18"
   s.add_dependency "optimist", "= 3.0.0"
 
-  s.add_development_dependency "contracts-rspec", "= 0.1.0"
   s.add_development_dependency "rake", "= 13.0.6"
   s.add_development_dependency "rspec", "= 3.8.0"
   s.add_development_dependency "rspec-core", "= 3.8.0"

script/cibuild

@@ -2,5 +2,5 @@
 set -e
 
 cd "$(dirname "$0")/.."
-docker build -t entitlements -f spec/acceptance/Dockerfile.entitlements .
-docker run -w "/data/entitlements" entitlements bash -c "script/test"
+docker build -t entitlements-app -f spec/acceptance/Dockerfile.entitlements-app .
+docker run -w "/data/entitlements-app" entitlements-app bash -c "script/test"

script/cibuild-entitlements-app-acceptance

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 export DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && cd .. && pwd )"
-export APP_NAME="entitlements"
+export APP_NAME="entitlements-app"
 export GIT_SERVER_NAME="git-server"
 export LDAP_SERVER_NAME="ldap-server"
 

script/cibuild-entitlements-app-code-lint

@@ -2,6 +2,6 @@
 set -e
 
 cd "$(dirname "$0")/.."
-docker build -t entitlements -f spec/acceptance/Dockerfile.entitlements .
-docker run -w "/data/entitlements/" entitlements \
+docker build -t entitlements-app -f spec/acceptance/Dockerfile.entitlements-app .
+docker run -w "/data/entitlements-app/" entitlements-app \
   bash -c "script/bootstrap && bin/rubocop "$@" lib/ spec/"

script/release

@@ -0,0 +1,42 @@
+#!/bin/bash
+# Tag and push a release.
+
+set -e
+set -x
+
+# Make sure we're in the project root.
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && cd .. && pwd )"
+cd ${DIR}
+
+# Build a new gem archive.
+rm -rf entitlements-*.gem
+
+GEM_NAME='entitlements' gem build -q entitlements-app.gemspec
+gem build -q entitlements-app.gemspec
+
+# Make sure we're on the main branch.
+
+(git branch --no-color | grep -q '* main') || {
+  echo "Only release from the main branch."
+  exit 1
+}
+
+# Figure out what version we're releasing.
+
+tag=v`ls entitlements-app-*.gem | sed 's/^entitlements-app-\(.*\)\.gem$/\1/'`
+
+# Make sure we haven't released this version before.
+
+git fetch -t origin
+
+(git tag -l | grep -q "$tag") && {
+  echo "Whoops, there's already a '${tag}' tag."
+  exit 1
+}
+
+# Tag it and bag it.
+
+gem push entitlements-app-*.gem && rm -f entitlements-app-*.gem
+gem push entitlements-*.gem && rm -f entitlements-*.gem
+git tag "$tag" &&  git push origin main &&  git push origin "$tag"

spec/acceptance/Dockerfile.entitlements-app

@@ -3,7 +3,7 @@ LABEL maintainer="GitHub Security Ops <opensource+entitlements-app@github.com>"
 ENV HOME /root
 ENV RELEASE=buster
 ENV container docker
-WORKDIR /data/entitlements
+WORKDIR /data/entitlements-app
 
 # Install dependency packages for bootstrapping and running...
 RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
@@ -15,11 +15,11 @@ RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
 RUN gem install bundler
 
 # Bootstrap files and caching for speed
-COPY "vendor/cache/" "/data/entitlements/vendor/cache/"
-COPY "script/" "/data/entitlements/script/"
-COPY [".rubocop.yml", ".ruby-version", "entitlements.gemspec", "Gemfile", "Gemfile.lock", "VERSION", "/data/entitlements/"]
+COPY "vendor/cache/" "/data/entitlements-app/vendor/cache/"
+COPY "script/" "/data/entitlements-app/script/"
+COPY [".rubocop.yml", ".ruby-version", "entitlements-app.gemspec", "Gemfile", "Gemfile.lock", "VERSION", "/data/entitlements-app/"]
 
 # Source Files
-COPY "bin/" "/data/entitlements/bin/"
-COPY "lib/" "/data/entitlements/lib/"
-COPY "spec/" "/data/entitlements/spec/"
+COPY "bin/" "/data/entitlements-app/bin/"
+COPY "lib/" "/data/entitlements-app/lib/"
+COPY "spec/" "/data/entitlements-app/spec/"

spec/acceptance/docker-compose.yml

@@ -5,17 +5,17 @@ networks:
     internal: true
 
 services:
-  entitlements:
+  entitlements-app:
     build:
       context: "${DIR}"
-      dockerfile: "spec/acceptance/Dockerfile.entitlements"
+      dockerfile: "spec/acceptance/Dockerfile.entitlements-app"
     networks:
       ldap-network:
         aliases:
           - entitlements.fake
     volumes:
       - "${DIR}/spec/acceptance:/acceptance:ro"
-      - "${DIR}/vendor/container-gems:/data/entitlements/vendor/gems:rw"
+      - "${DIR}/vendor/container-gems:/data/entitlements-app/vendor/gems:rw"
   git-server:
     entrypoint: /acceptance/git-server/run-server.sh
     image: jkarlos/git-server-docker

spec/acceptance/support/run-app.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-export DIR="/data/entitlements"
+export DIR="/data/entitlements-app"
 export SERVER="ldap-server.fake"
 
 begin_fold() {
@@ -99,7 +99,7 @@ if [ "$SUCCESS" -eq 0 ]; then
 fi
 
 export PATH="/usr/share/rbenv/shims:$PATH"
-cd "/data/entitlements"
+cd "/data/entitlements-app"
 FAILED_TEST=0
 for test in spec/acceptance/tests/*_spec.rb; do
   test_name=$(basename "$test" | sed -s 's/_spec\.rb$//')

spec/unit/spec_helper.rb

@@ -2,7 +2,6 @@
 
 require "base64"
 require "contracts"
-require "contracts/rspec"
 require "json"
 require "rspec"
 require "rspec/support"
@@ -118,9 +117,21 @@ module MyLetDeclarations
   let(:logger) { Entitlements.dummy_logger }
 end
 
+module Contracts
+  module RSpec
+    module Mocks
+      def instance_double(klass, *args)
+        super.tap do |double|
+          allow(double).to receive(:is_a?).with(klass).and_return(true)
+        end
+      end
+    end
+  end
+end
+
 RSpec.configure do |config|
-  config.include Contracts::RSpec::Mocks
   config.include MyLetDeclarations
+  config.include Contracts::RSpec::Mocks
 
   config.before :each do
     allow(Time).to receive(:now).and_return(Time.utc(2018, 4, 1, 12, 0, 0))