coderanger/gen_travis.rb

## gen_travis.rb
#!/usr/bin/env ruby

require 'yaml'

# Make sure we never commit this stuff accidentally
IO.write('.gitignore', ".docker.*\n", mode: 'a') unless IO.read('.gitignore').include?('.docker.*')

# Generate a new client key
unless File.exists?('.docker.crt')
  CA_BASE = File.expand_path('~/src/docker-ca')
  %x|openssl req -new -newkey rsa:4096 -keyout .docker.key -out .docker.csr -nodes -subj '/CN=Docker client for #{File.basename(Dir.pwd)}/OU=kitchen-docker/O=Coderanger Consulting LLC'|
  %x|openssl x509 -req -CA #{File.join(CA_BASE, 'ca.crt')} -CAkey #{File.join(CA_BASE, 'ca.key')} -CAserial #{File.join(CA_BASE, 'ca.srl')} -extfile #{File.join(CA_BASE, 'client.ext')} -in .docker.csr -out .docker.crt|
  IO.write('.docker.ca', IO.read(File.join(CA_BASE, 'ca.crt')))
end

# Encrypt the key
unless File.exists?('.docker.pem')
  password = SecureRandom.base64(30)
  IO.write('.docker.pass', password)
  %x|openssl rsa -in .docker.key -out .docker-enc.key -aes256 -passout file:.docker.pass|
  IO.write('.docker.pem', IO.read('.docker.crt')+IO.read('.docker-enc.key'))
  File.delete('.docker-enc.key')
end

# Build the full testing matrix
kitchen = YAML.load(IO.read('.kitchen.yml'))
matrix = []
(kitchen['chef_versions'] || %w{latest}).each do |chef_version|
  kitchen['platforms'].each do |platform|
    kitchen['suites'].each do |suite|
      matrix << {
        'KITCHEN_CHEF_VERSION' => chef_version,
        'KITCHEN_PLATFORM' => platform['name'].gsub(/\./, '').gsub(/[^a-zA-Z0-9]/, '-'),
        'KITCHEN_SUITE' => suite['name'].gsub(/\./, '').gsub(/[^a-zA-Z0-9]/, '-'),
      }
    end
  end
end

existing_secure = nil
if File.exists?('.travis.yml')
  travis = YAML.load(IO.read('.travis.yml'))
  if travis['env'] && travis['env']['global']
    travis['env']['global'].each do |env_var|
      if env_var.is_a?(Hash) && env_var.first.first == 'secure'
        existing_secure = env_var
        break
      end
    end
  end
end

# Write out the travis.yml
travis = {
  'language' => 'ruby',
  'rvm' => %w{1.9.3-p484},
  'env' => {
    'matrix' => matrix.map{|s| s.map{|k,v| %Q{#{k}="#{v}"}}.join(' ')},
    'global' => [
      'USE_SYSTEM_GECODE=true',
      'KITCHEN_LOCAL_YAML=.kitchen.travis.yml',
    ],
  },
  'before_install' => [
    'sudo apt-get update',
    'sudo apt-get install libgecode-dev',
  ],
  'bundler_args' => '--deployment --binstubs',
  'script' => [
    './bin/foodcritic -f any .',
    %Q{ruby -e 'IO.write(".docker.pass", ENV["KITCHEN_DOCKER_PASS"])'},
    'openssl rsa -in .docker.pem -passin file:.docker.pass -out .docker.key',
    'wget https://get.docker.io/builds/Linux/x86_64/docker-latest -O docker',
    'chmod +x docker',
    './bin/kitchen test -d always $KITCHEN_SUITE-$KITCHEN_PLATFORM'
  ],
}
travis['env']['global'] << existing_secure if existing_secure
IO.write('.travis.yml', travis.to_yaml)

# Add the password to travis.yml
%x|travis encrypt KITCHEN_DOCKER_PASS=#{IO.read('.docker.pass')} -a| unless existing_secure

# Git add some bits
%w|git add -f .docker.ca .docker.pem|
	#!/usr/bin/env ruby

	require 'yaml'

	# Make sure we never commit this stuff accidentally
	IO.write('.gitignore', ".docker.\n", mode: 'a') unless IO.read('.gitignore').include?('.docker.')

	# Generate a new client key
	unless File.exists?('.docker.crt')
	CA_BASE = File.expand_path('~/src/docker-ca')
	%x\|openssl req -new -newkey rsa:4096 -keyout .docker.key -out .docker.csr -nodes -subj '/CN=Docker client for #{File.basename(Dir.pwd)}/OU=kitchen-docker/O=Coderanger Consulting LLC'\|
	%x\|openssl x509 -req -CA #{File.join(CA_BASE, 'ca.crt')} -CAkey #{File.join(CA_BASE, 'ca.key')} -CAserial #{File.join(CA_BASE, 'ca.srl')} -extfile #{File.join(CA_BASE, 'client.ext')} -in .docker.csr -out .docker.crt\|
	IO.write('.docker.ca', IO.read(File.join(CA_BASE, 'ca.crt')))
	end

	# Encrypt the key
	unless File.exists?('.docker.pem')
	password = SecureRandom.base64(30)
	IO.write('.docker.pass', password)
	%x\|openssl rsa -in .docker.key -out .docker-enc.key -aes256 -passout file:.docker.pass\|
	IO.write('.docker.pem', IO.read('.docker.crt')+IO.read('.docker-enc.key'))
	File.delete('.docker-enc.key')
	end

	# Build the full testing matrix
	kitchen = YAML.load(IO.read('.kitchen.yml'))
	matrix = []
	(kitchen['chef_versions'] \|\| %w{latest}).each do \|chef_version\|
	kitchen['platforms'].each do \|platform\|
	kitchen['suites'].each do \|suite\|
	matrix << {
	'KITCHEN_CHEF_VERSION' => chef_version,
	'KITCHEN_PLATFORM' => platform['name'].gsub(/\./, '').gsub(/[^a-zA-Z0-9]/, '-'),
	'KITCHEN_SUITE' => suite['name'].gsub(/\./, '').gsub(/[^a-zA-Z0-9]/, '-'),
	}
	end
	end
	end

	existing_secure = nil
	if File.exists?('.travis.yml')
	travis = YAML.load(IO.read('.travis.yml'))
	if travis['env'] && travis['env']['global']
	travis['env']['global'].each do \|env_var\|
	if env_var.is_a?(Hash) && env_var.first.first == 'secure'
	existing_secure = env_var
	break
	end
	end
	end
	end

	# Write out the travis.yml
	travis = {
	'language' => 'ruby',
	'rvm' => %w{1.9.3-p484},
	'env' => {
	'matrix' => matrix.map{\|s\| s.map{\|k,v\| %Q{#{k}="#{v}"}}.join(' ')},
	'global' => [
	'USE_SYSTEM_GECODE=true',
	'KITCHEN_LOCAL_YAML=.kitchen.travis.yml',
	],
	},
	'before_install' => [
	'sudo apt-get update',
	'sudo apt-get install libgecode-dev',
	],
	'bundler_args' => '--deployment --binstubs',
	'script' => [
	'./bin/foodcritic -f any .',
	%Q{ruby -e 'IO.write(".docker.pass", ENV["KITCHEN_DOCKER_PASS"])'},
	'openssl rsa -in .docker.pem -passin file:.docker.pass -out .docker.key',
	'wget https://get.docker.io/builds/Linux/x86_64/docker-latest -O docker',
	'chmod +x docker',
	'./bin/kitchen test -d always $KITCHEN_SUITE-$KITCHEN_PLATFORM'
	],
	}
	travis['env']['global'] << existing_secure if existing_secure
	IO.write('.travis.yml', travis.to_yaml)

	# Add the password to travis.yml
	%x\|travis encrypt KITCHEN_DOCKER_PASS=#{IO.read('.docker.pass')} -a\| unless existing_secure

	# Git add some bits
	%w\|git add -f .docker.ca .docker.pem\|