Emmanuel Sys esys

## gcrgc.sh
#!/bin/bash

# Copyright © 2017 Google Inc.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software

## gist:ef0d6aa8b8dd2b10f758106a186365df
kubectl get deploy some-deployment -ojsonpath='{.spec.template.spec.containers[0].env}' | jq -r '.[] | "export " + join("=")'

# export VAR1=v1
# export VAR2=v2
# export VAR3=v3

## test.sh
$ sops -d -i my-secrets.yaml
$ git add my-secrets.yaml && git commit -m "commit with unencrypted secret"

💥 File env/bel1/c1/helm_vars/my-secrets.yaml has non encrypted secrets!

🤔 Do you still want to commit? (y|Y to commit) n
aborted

## pre-commit.sh
#!/bin/bash

# directories containing potential secrets
DIRS="env/bel1/c1/helm_vars env/bel1/c2/helm_vars env/dev/helm_vars"

bold=$(tput bold)
normal=$(tput sgr0)

# allow to read user input, assigns stdin to keyboard
exec < /dev/tty

## Dockerfile
FROM python:3.7-alpine as builder

# install dependencies required to build python packages
RUN apk update && apk add --no-cache make gcc && pip install --upgrade pip


# setup venv and download or build dependencies
ENV VENV="/venv"
ENV PATH="${VENV}/bin:${PATH}"

## hello.py
from flask import Flask

app = Flask(__name__)

@app.route('/')
def hello_world():
    return 'Hello, World!'

## .gitlab-ci.yaml
stages:
  - build
  - test
  - deploy

variables:
  # disable Docker TLS validation
  DOCKER_TLS_CERTDIR: ""
  # here the dind hostname is resolved as the Kubernetes dind service by the kube dns
  DOCKER_HOST: "tcp://dind:2375"

## dind.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  labels:
    app: docker-dind
  name: dind
spec:
  accessModes:
    - ReadWriteOnce
  resources:

## gitlab-build-docker-push-builder.yaml
stages:
  - build
  - test
  - deploy

variables:
  # disable Docker TLS validation
  DOCKER_TLS_CERTDIR: ""
  DOCKER_HOST: "tcp://localhost:2375"

## gitlab-build-docker-remote-cache.yaml
stages:
  - build
  - test
  - deploy

variables:
  # disable Docker TLS validation
  DOCKER_TLS_CERTDIR: ""
  DOCKER_HOST: "tcp://localhost:2375"
	#!/bin/bash

	# Copyright © 2017 Google Inc.
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	kubectl get deploy some-deployment -ojsonpath='{.spec.template.spec.containers[0].env}' \| jq -r '.[] \| "export " + join("=")'

	# export VAR1=v1
	# export VAR2=v2
	# export VAR3=v3
	$ sops -d -i my-secrets.yaml
	$ git add my-secrets.yaml && git commit -m "commit with unencrypted secret"

	💥 File env/bel1/c1/helm_vars/my-secrets.yaml has non encrypted secrets!

	🤔 Do you still want to commit? (y\|Y to commit) n
	aborted
	#!/bin/bash

	# directories containing potential secrets
	DIRS="env/bel1/c1/helm_vars env/bel1/c2/helm_vars env/dev/helm_vars"

	bold=$(tput bold)
	normal=$(tput sgr0)

	# allow to read user input, assigns stdin to keyboard
	exec < /dev/tty
	FROM python:3.7-alpine as builder

	# install dependencies required to build python packages
	RUN apk update && apk add --no-cache make gcc && pip install --upgrade pip


	# setup venv and download or build dependencies
	ENV VENV="/venv"
	ENV PATH="${VENV}/bin:${PATH}"
	from flask import Flask

	app = Flask(__name__)

	@app.route('/')
	def hello_world():
	return 'Hello, World!'
	stages:
	- build
	- test
	- deploy

	variables:
	# disable Docker TLS validation
	DOCKER_TLS_CERTDIR: ""
	# here the dind hostname is resolved as the Kubernetes dind service by the kube dns
	DOCKER_HOST: "tcp://dind:2375"
	apiVersion: v1
	kind: PersistentVolumeClaim
	metadata:
	labels:
	app: docker-dind
	name: dind
	spec:
	accessModes:
	- ReadWriteOnce
	resources: