d2b8701f1b
Bumps the dev-ruby-dependencies group with 4 updates in the / directory: [rubocop](https://github.com/rubocop/rubocop), [rubocop-performance](https://github.com/rubocop/rubocop-performance), [vcr](https://github.com/vcr/vcr) and [webmock](https://github.com/bblimke/webmock). Updates `rubocop` from 1.65.0 to 1.68.0 - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop/rubocop/compare/v1.65.0...v1.68.0) Updates `rubocop-performance` from 1.21.1 to 1.22.1 - [Release notes](https://github.com/rubocop/rubocop-performance/releases) - [Changelog](https://github.com/rubocop/rubocop-performance/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop/rubocop-performance/compare/v1.21.1...v1.22.1) Updates `vcr` from 6.2.0 to 6.3.1 - [Release notes](https://github.com/vcr/vcr/releases) - [Changelog](https://github.com/vcr/vcr/blob/master/CHANGELOG.md) - [Commits](https://github.com/vcr/vcr/compare/v6.2.0...v6.3.1) Updates `webmock` from 3.23.1 to 3.24.0 - [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md) - [Commits](https://github.com/bblimke/webmock/compare/v3.23.1...v3.24.0) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-ruby-dependencies - dependency-name: rubocop-performance dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-ruby-dependencies - dependency-name: vcr dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-ruby-dependencies - dependency-name: webmock dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-ruby-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> |
||
---|---|---|
.github | ||
bin | ||
lib | ||
script | ||
spec | ||
vendor/cache | ||
.gitignore | ||
.rubocop.yml | ||
.ruby-version | ||
Gemfile | ||
Gemfile.lock | ||
LICENSE | ||
README.md | ||
entitlements-gitrepo-auditor-plugin.gemspec |
README.md
entitlements-gitrepo-auditor-plugin
entitlements-gitrepo-auditor-plugin
is an entitlements-app plugin allowing further auditing capabilities in entitlements by writing each deploy log to a separate GitHub repo.
Usage
Your entitlements-app
config config/entitlements.yaml
runs through ERB interpretation automatically. You can extend your entitlements configuration to load plugins like so:
<%-
unless ENV['CI_MODE']
begin
require_relative "/data/entitlements/lib/entitlements-and-plugins"
rescue Exception
begin
require_relative "lib/entitlements-and-plugins"
rescue Exception
# We might not have the plugins installed and still want this file to be
# loaded. Don't raise anything but silently fail.
end
end
end
-%>
You can then define lib/entitlements-and-plugins
like so:
#!/usr/bin/env ruby
# frozen_string_literal: true
ENV["BUNDLE_GEMFILE"] = File.expand_path("../../Gemfile", File.dirname(__FILE__))
require "bundler/setup"
require "entitlements"
# require entitlements plugins here
require "entitlements/auditor/gitrepo"
require "entitlements/util/gitrepo"
Any plugins defined in lib/entitlements-and-plugins
will be loaded and used at entitlements-app
runtime.
Features
Git Repo Auditing
You can add automatic auditing to a separate GitRepo by enabling the following entitlements.yaml
config:
<%-
# NOTE: GITREPO_SSH_KEY must be base64 encoded.
sshkey = ENV.fetch("GITREPO_SSH_KEY")
shipper = ENV.fetch("GIT_SHIPPER", "<unknown person>")
what = ["entitlements", ENV.fetch("GIT_BRANCH", "<unknown branch>")].join("/")
sha = ENV.fetch("GIT_SHA1", "<unknown sha>")
url = "https://github.com/github/entitlements-config/commit/#{sha}"
commit_message = "#{shipper} deployed #{what} (#{url})"
-%>
auditors:
- auditor_class: GitRepo
checkout_directory: <%= ENV["GITREPO_CHECKOUT_DIRECTORY"] %>
commit_message: <%= commit_message %>
git_name: GitRepoUser
git_email: gitrepousers@users.noreply
person_dn_format: uid=%KEY%,ou=People,dc=github,dc=net
repo: github/entitlements-config-auditlog
sshkey: '<%= sshkey %>'
<%- end -%>
At the end of each entitlements-app
run, the entitlements-gitrepo-auditor-plugin
will write a commit to the repo defined above with the details of the deployment.
Release 🚀
To release a new version of this Gem, do the following:
- Update the version number in the
lib/version.rb
file - Run
bundle install
to update theGemfile.lock
file with the new version - Commit your changes, push them to GitHub, and open a PR
Once your PR is approved and the changes are merged, a new release will be created automatically by the release.yml
workflow. The latest version of the Gem will be published to the GitHub Package Registry and RubyGems.