d58d66e7b2
Bumps the github-actions group with 1 update in the / directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).
Updates `ruby/setup-ruby` from 1.188.0 to 1.196.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](
|
||
---|---|---|
.github | ||
bin | ||
lib | ||
script | ||
spec | ||
vendor/cache | ||
.gitignore | ||
.rubocop.yml | ||
.ruby-version | ||
Gemfile | ||
Gemfile.lock | ||
LICENSE | ||
README.md | ||
entitlements-gitrepo-auditor-plugin.gemspec |
README.md
entitlements-gitrepo-auditor-plugin
entitlements-gitrepo-auditor-plugin
is an entitlements-app plugin allowing further auditing capabilities in entitlements by writing each deploy log to a separate GitHub repo.
Usage
Your entitlements-app
config config/entitlements.yaml
runs through ERB interpretation automatically. You can extend your entitlements configuration to load plugins like so:
<%-
unless ENV['CI_MODE']
begin
require_relative "/data/entitlements/lib/entitlements-and-plugins"
rescue Exception
begin
require_relative "lib/entitlements-and-plugins"
rescue Exception
# We might not have the plugins installed and still want this file to be
# loaded. Don't raise anything but silently fail.
end
end
end
-%>
You can then define lib/entitlements-and-plugins
like so:
#!/usr/bin/env ruby
# frozen_string_literal: true
ENV["BUNDLE_GEMFILE"] = File.expand_path("../../Gemfile", File.dirname(__FILE__))
require "bundler/setup"
require "entitlements"
# require entitlements plugins here
require "entitlements/auditor/gitrepo"
require "entitlements/util/gitrepo"
Any plugins defined in lib/entitlements-and-plugins
will be loaded and used at entitlements-app
runtime.
Features
Git Repo Auditing
You can add automatic auditing to a separate GitRepo by enabling the following entitlements.yaml
config:
<%-
# NOTE: GITREPO_SSH_KEY must be base64 encoded.
sshkey = ENV.fetch("GITREPO_SSH_KEY")
shipper = ENV.fetch("GIT_SHIPPER", "<unknown person>")
what = ["entitlements", ENV.fetch("GIT_BRANCH", "<unknown branch>")].join("/")
sha = ENV.fetch("GIT_SHA1", "<unknown sha>")
url = "https://github.com/github/entitlements-config/commit/#{sha}"
commit_message = "#{shipper} deployed #{what} (#{url})"
-%>
auditors:
- auditor_class: GitRepo
checkout_directory: <%= ENV["GITREPO_CHECKOUT_DIRECTORY"] %>
commit_message: <%= commit_message %>
git_name: GitRepoUser
git_email: gitrepousers@users.noreply
person_dn_format: uid=%KEY%,ou=People,dc=github,dc=net
repo: github/entitlements-config-auditlog
sshkey: '<%= sshkey %>'
<%- end -%>
At the end of each entitlements-app
run, the entitlements-gitrepo-auditor-plugin
will write a commit to the repo defined above with the details of the deployment.
Release 🚀
To release a new version of this Gem, do the following:
- Update the version number in the
lib/version.rb
file - Run
bundle install
to update theGemfile.lock
file with the new version - Commit your changes, push them to GitHub, and open a PR
Once your PR is approved and the changes are merged, a new release will be created automatically by the release.yml
workflow. The latest version of the Gem will be published to the GitHub Package Registry and RubyGems.