diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bcb5f8d..fea02e5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,12 +21,9 @@ jobs: ansible-version: - '2.9.1' molecule-scenario: - - centos - debian_max - debian_min - ubuntu_max - - opensuse - - fedora include: - ansible-version: '2.8.16' molecule-scenario: ubuntu_min diff --git a/README.md b/README.md index 943723c..f1136a2 100644 --- a/README.md +++ b/README.md @@ -5,10 +5,10 @@ Ansible Role: Git Credential Manager [![Ansible Galaxy](https://img.shields.io/badge/ansible--galaxy-gantsign.git__credential__manager-blue.svg)](https://galaxy.ansible.com/gantsign/git_credential_manager) [![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://raw.githubusercontent.com/gantsign/ansible_role_git_credential_manager/master/LICENSE) -Role to install Microsoft's [Git Credential Manager for Mac and Linux](https://github.com/Microsoft/Git-Credential-Manager-for-Mac-and-Linux). +Role to install the [Git Credential Manager](https://github.com/GitCredentialManager/git-credential-manager). -**Important:** while Microsoft's Git Credential Manager works on macOS this -Ansible role is presently for Linux only. +**Important:** while the Git Credential Manager works on macOS and Windows this +Ansible role only works on Debian and Ubuntu. Requirements ------------ @@ -21,29 +21,13 @@ Requirements * Debian - * Jessie (8) - * Stretch (9) + * Buster (10) + * Bullseye (11) * Ubuntu - * Xenial (16.04) * Bionic (18.04) - - * RedHat Family - - * CentOS - - * 7 - - * Fedora - - * 31 - - * SUSE Family - - * openSUSE - - * 15.1 + * Focal (20.04) * Note: other versions are likely to work but have not been tested. @@ -54,22 +38,16 @@ The following variables will change the behavior of this role: ```yaml # Git Credential Manager version number -git_credential_manager_version: '2.0.4' - -# The SHA256 of the Git Credential Manager JAR -git_credential_manager_jar_sha256sum: 'fb8536aac9b00cdf6bdeb0dd152bb1306d88cd3fdb7a958ac9a144bf4017cad7' - -# The major version of the JRE -git_credential_manager_jre_major_version: '8' +git_credential_manager_version: '2.0.632' -# The full version of the JRE (from AdoptOpenJDK) -git_credential_manager_jre_version: 'jdk8u282-b08_openj9-0.24.0' +# Git Credential Manager build number +git_credential_manager_build: '34631' -# The SHA256 of the JRE -git_credential_manager_jre_sha256sum: '4fad259c32eb23ec98925c8b2cf28aaacbdb55e034db74c31a7636e75b6af08d' +# The SHA256 of the Git Credential Manager JAR +git_credential_manager_redis_sha256sum: '41d116b3e4b62099a41d7de21f815724cefa8d386af767695da8ef0ac8b4aa33' -# Base installation directory the Git Credential Manager -git_credential_manager_install_dir: '/opt/git-credential-manager/{{ git_credential_manager_version }}' +# The credential store to use +git_credential_manager_credential_store: 'secretservice' # Directory to store files downloaded for the Git Credential Manager git_credential_manager_download_dir: "{{ x_ansible_download_dir | default(ansible_env.HOME + '/.ansible/tmp/downloads') }}" diff --git a/defaults/main.yml b/defaults/main.yml index a154b31..b7353c9 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,21 +1,15 @@ --- # Git Credential Manager version number -git_credential_manager_version: '2.0.4' +git_credential_manager_version: '2.0.632' -# The SHA256 of the Git Credential Manager JAR -git_credential_manager_jar_sha256sum: 'fb8536aac9b00cdf6bdeb0dd152bb1306d88cd3fdb7a958ac9a144bf4017cad7' - -# The major version of the JRE -git_credential_manager_jre_major_version: '8' +# Git Credential Manager build number +git_credential_manager_build: '34631' -# The full version of the JRE (from AdoptOpenJDK) -git_credential_manager_jre_version: 'jdk8u282-b08_openj9-0.24.0' - -# The SHA256 of the JRE -git_credential_manager_jre_sha256sum: '4fad259c32eb23ec98925c8b2cf28aaacbdb55e034db74c31a7636e75b6af08d' +# The SHA256 of the Git Credential Manager JAR +git_credential_manager_redis_sha256sum: '41d116b3e4b62099a41d7de21f815724cefa8d386af767695da8ef0ac8b4aa33' -# Base installation directory the Git Credential Manager -git_credential_manager_install_dir: '/opt/git-credential-manager/{{ git_credential_manager_version }}' +# The credential store to use +git_credential_manager_credential_store: 'secretservice' # Directory to store files downloaded for the Git Credential Manager git_credential_manager_download_dir: "{{ x_ansible_download_dir | default(ansible_env.HOME + '/.ansible/tmp/downloads') }}" diff --git a/meta/main.yml b/meta/main.yml index 25f83ce..b37450e 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -7,23 +7,14 @@ galaxy_info: license: MIT min_ansible_version: 2.8 platforms: - - name: EL - versions: - - 7 - - name: Fedora - versions: - - 31 - name: Ubuntu versions: - xenial - bionic - name: Debian versions: - - jessie - - stretch - - name: opensuse - versions: - - 15.1 + - buster + - bullseye galaxy_tags: - git - development diff --git a/molecule/centos/INSTALL.rst b/molecule/centos/INSTALL.rst deleted file mode 100644 index d926ca2..0000000 --- a/molecule/centos/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ python3 -m pip install 'molecule[docker]' diff --git a/molecule/centos/molecule.yml b/molecule/centos/molecule.yml deleted file mode 100644 index d5f126b..0000000 --- a/molecule/centos/molecule.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -dependency: - name: galaxy - -driver: - name: docker - -lint: | - set -e - yamllint . - ansible-lint - flake8 - -platforms: - - name: ansible_role_git_credential_manager_centos - image: centos:7 - dockerfile: ../default/Dockerfile.j2 - -provisioner: - name: ansible - playbooks: - converge: ../default/converge.yml - -verifier: - name: testinfra - directory: ../default/tests/ diff --git a/molecule/debian_max/molecule.yml b/molecule/debian_max/molecule.yml index cf7497d..bff1e7c 100644 --- a/molecule/debian_max/molecule.yml +++ b/molecule/debian_max/molecule.yml @@ -13,7 +13,7 @@ lint: | platforms: - name: ansible_role_git_credential_manager_debian_max - image: debian:9 + image: debian:11 dockerfile: ../default/Dockerfile.j2 provisioner: diff --git a/molecule/debian_min/molecule.yml b/molecule/debian_min/molecule.yml index 63aa49a..ec92aa3 100644 --- a/molecule/debian_min/molecule.yml +++ b/molecule/debian_min/molecule.yml @@ -13,7 +13,7 @@ lint: | platforms: - name: ansible_role_git_credential_manager_debian_min - image: debian:8 + image: debian:10 dockerfile: ../default/Dockerfile.j2 provisioner: diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 0a1d448..2e78470 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -7,12 +7,6 @@ apt: update_cache: yes changed_when: no - when: ansible_pkg_mgr == 'apt' - - - name: install find (dnf) - dnf: - name: findutils - when: ansible_pkg_mgr == 'dnf' roles: - role: ansible_role_git_credential_manager diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 5e5f470..a678a32 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -13,7 +13,7 @@ lint: | platforms: - name: ansible_role_git_credential_manager_default - image: ubuntu:18.04 + image: ubuntu:20.04 provisioner: name: ansible diff --git a/molecule/default/tests/test_role.py b/molecule/default/tests/test_role.py index 0d68726..ceee787 100644 --- a/molecule/default/tests/test_role.py +++ b/molecule/default/tests/test_role.py @@ -1,84 +1,15 @@ -import pytest import re -@pytest.mark.parametrize('dir_name', [ - 'bin', - 'libexec', - 'jre', -]) -def test_directories(host, dir_name): - install_dir_pattern = '/opt/git-credential-manager/[0-9\\.]+$' - install_dir = host.check_output('find %s | grep --color=never -E %s', - '/opt/git-credential-manager', - install_dir_pattern) - dir = host.file(install_dir) - assert dir.exists - assert dir.is_directory - assert dir.user == 'root' - assert dir.group == 'root' - - dir = host.file(install_dir + '/' + dir_name) - assert dir.exists - assert dir.is_directory - assert dir.user == 'root' - assert dir.group == 'root' - - -@pytest.mark.parametrize('file_path', [ - 'bin/git-credential-manager', - 'jre/bin/java', -]) -def test_files(host, file_path): - install_dir_pattern = '/opt/git-credential-manager/[0-9\\.]+$' - install_dir = host.check_output('find %s | grep --color=never -E %s', - '/opt/git-credential-manager', - install_dir_pattern) - dir = host.file(install_dir) - assert dir.exists - assert dir.is_directory - assert dir.user == 'root' - assert dir.group == 'root' - - installed_file = host.file(install_dir + '/' + file_path) - assert installed_file.exists - assert installed_file.is_file - assert installed_file.user == 'root' - assert installed_file.group == 'root' - - -def test_libexec(host): - file_pattern = ('/opt/git-credential-manager/[0-9\\.]+/libexec/' - 'git-credential-manager-[0-9\\.]+\\.jar$') - file_path = host.check_output('find %s | grep --color=never -E %s', - '/opt/git-credential-manager', - file_pattern) - installed_file = host.file(file_path) - assert installed_file.exists - assert installed_file.is_file - assert installed_file.user == 'root' - assert installed_file.group == 'root' - - -def test_link(host): - installed_file = host.file('/usr/local/bin/git-credential-manager') - assert installed_file.exists - assert installed_file.is_symlink - assert installed_file.user == 'root' - assert installed_file.group in ['root', 'staff'] - - def test_version(host): - version = host.check_output('git-credential-manager version') - pattern = 'Git Credential Manager for Mac and Linux version [0-9\\.]' - assert re.match(pattern, version) + version = host.check_output('git-credential-manager-core --version') + pattern = r'[0-9\.]+(\.[0-9\.]+){2}' + assert re.search(pattern, version) def test_git_config(host): config = host.check_output('git config --system credential.helper') - pattern = ("!'?/opt/git-credential-manager/[0-9\\.]+/jre/bin/java'?" - " -Ddebug=false -Djava.net.useSystemProxies=true" - " -Xshareclasses:name=git-credential-manager -Xquickstart" - " -jar '?/opt/git-credential-manager/[0-9\\.]+/libexec/" - "git-credential-manager-[0-9\\.]+.jar'?") - assert re.match(pattern, config) + assert config == '/usr/local/share/gcm-core/git-credential-manager-core' + config = host.check_output( + 'git config --system credential.credentialStore') + assert config == 'secretservice' diff --git a/molecule/fedora/INSTALL.rst b/molecule/fedora/INSTALL.rst deleted file mode 100644 index d926ca2..0000000 --- a/molecule/fedora/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ python3 -m pip install 'molecule[docker]' diff --git a/molecule/fedora/molecule.yml b/molecule/fedora/molecule.yml deleted file mode 100644 index 30ca68c..0000000 --- a/molecule/fedora/molecule.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -dependency: - name: galaxy - -driver: - name: docker - -lint: | - set -e - yamllint . - ansible-lint - flake8 - -platforms: - - name: ansible_role_git_credential_manager_fedora - image: fedora:31 - dockerfile: ../default/Dockerfile.j2 - -provisioner: - name: ansible - playbooks: - converge: ../default/converge.yml - -verifier: - name: testinfra - directory: ../default/tests/ diff --git a/molecule/opensuse/INSTALL.rst b/molecule/opensuse/INSTALL.rst deleted file mode 100644 index d926ca2..0000000 --- a/molecule/opensuse/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ python3 -m pip install 'molecule[docker]' diff --git a/molecule/opensuse/molecule.yml b/molecule/opensuse/molecule.yml deleted file mode 100644 index 848a929..0000000 --- a/molecule/opensuse/molecule.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -dependency: - name: galaxy - -driver: - name: docker - -lint: | - set -e - yamllint . - ansible-lint - flake8 - -platforms: - - name: ansible_role_git_credential_manager_opensuse - image: opensuse/leap:15.1 - dockerfile: ../default/Dockerfile.j2 - -provisioner: - name: ansible - playbooks: - converge: ../default/converge.yml - -verifier: - name: testinfra - directory: ../default/tests/ diff --git a/molecule/ubuntu_max/molecule.yml b/molecule/ubuntu_max/molecule.yml index 9f992d7..5b5d06e 100644 --- a/molecule/ubuntu_max/molecule.yml +++ b/molecule/ubuntu_max/molecule.yml @@ -13,7 +13,7 @@ lint: | platforms: - name: ansible_role_git_credential_manager_ubuntu_max - image: ubuntu:18.04 + image: ubuntu:20.04 dockerfile: ../default/Dockerfile.j2 provisioner: diff --git a/molecule/ubuntu_min/molecule.yml b/molecule/ubuntu_min/molecule.yml index f1c05cf..74ccc29 100644 --- a/molecule/ubuntu_min/molecule.yml +++ b/molecule/ubuntu_min/molecule.yml @@ -13,7 +13,7 @@ lint: | platforms: - name: ansible_role_git_credential_manager_ubuntu_min - image: ubuntu:16.04 + image: ubuntu:18.04 dockerfile: ../default/Dockerfile.j2 provisioner: diff --git a/tasks/main.yml b/tasks/main.yml index ac0b7d6..c7e86d5 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,110 +1,44 @@ --- -- name: include OS family specific vars - with_first_found: - - '../vars/os-families/{{ ansible_os_family }}.yml' - - ../vars/os-families/default.yml - include_vars: '{{ item }}' - -- name: install dependencies - become: yes - package: - name: '{{ git_credential_manager_dependencies }}' - state: present - - name: create download directory file: state: directory mode: 'u=rwx,go=rx' dest: '{{ git_credential_manager_download_dir }}' -- name: download JRE - get_url: - url: 'https://api.adoptopenjdk.net/v3/binary/version/{{ git_credential_manager_jre_version }}/{{ git_credential_manager_os }}/{{ git_credential_manager_architecture }}/jre/openj9/normal/adoptopenjdk' # noqa 204 - dest: '{{ git_credential_manager_download_dir }}/{{ git_credential_manager_jre_filename }}' - checksum: 'sha256:{{ git_credential_manager_jre_sha256sum }}' - force: no - use_proxy: yes - validate_certs: yes - mode: 'u=rw,go=r' - - name: download the Git Credential Manager get_url: - url: '{{ git_credential_manager_jar_mirror }}/{{ git_credential_manager_jar_filename }}' - dest: '{{ git_credential_manager_download_dir }}/{{ git_credential_manager_jar_filename }}' - checksum: 'sha256:{{ git_credential_manager_jar_sha256sum }}' + url: '{{ git_credential_manager_mirror }}/{{ git_credential_manager_redis_filename }}' + dest: '{{ git_credential_manager_download_dir }}/{{ git_credential_manager_redis_filename }}' + checksum: 'sha256:{{ git_credential_manager_redis_sha256sum }}' force: no use_proxy: yes validate_certs: yes mode: 'u=rw,go=r' -- name: create the Git Credential Manager installation directories - become: yes - file: - state: directory - owner: root - group: root - mode: 'u=rwx,go=rx' - dest: '{{ item }}' - loop: - - '{{ git_credential_manager_install_dir }}' - - '{{ git_credential_manager_install_dir }}/bin' - - '{{ git_credential_manager_install_dir }}/jre' - - '{{ git_credential_manager_install_dir }}/libexec' - -- name: install JRE +- name: install dependencies become: yes - unarchive: - src: '{{ git_credential_manager_download_dir }}/{{ git_credential_manager_jre_filename }}' - remote_src: yes - dest: '{{ git_credential_manager_install_dir }}/jre' - extra_opts: - - --strip-components=1 - owner: root - group: root - # The OpenJ9 package appears to be missing read permissions in /lib & /lib/ext - mode: 'go-w,go+r' + apt: + name: + - git + - 'libicu6*' + - libsecret-1-0 + state: present - name: install Git Credential Manager become: yes - copy: - src: '{{ git_credential_manager_download_dir }}/{{ git_credential_manager_jar_filename }}' - dest: '{{ git_credential_manager_install_dir }}/libexec/{{ git_credential_manager_jar_filename }}' - remote_src: yes - owner: root - group: root - mode: 'u=rw,go=r' - -- name: create launcher - become: yes - template: - src: git-credential-manager.j2 - dest: '{{ git_credential_manager_install_dir }}/bin/git-credential-manager' - owner: root - group: root - mode: 'u=rwx,go=rx' - -- name: create symbolic link - become: yes - file: - state: link - src: '{{ git_credential_manager_install_dir }}/bin/git-credential-manager' - dest: '{{ git_credential_manager_link }}' - owner: root - group: root - mode: 'u=rwx,go=rx' + apt: + deb: '{{ git_credential_manager_download_dir }}/{{ git_credential_manager_redis_filename }}' -- name: check Git config +- name: configure Git (credential helper) become: yes git_config: scope: system - name: '{{ git_credential_manager_git_config_key }}' - register: git_config_result + name: 'credential.helper' + value: '{{ git_credential_manager_credential_helper }}' -- name: configure Git +- name: configure Git (credential store) become: yes git_config: scope: system - name: '{{ git_credential_manager_git_config_key }}' - value: '{{ git_credential_manager_git_config_value }}' - # git_config fails to set changed correctly due to quoting so we have to handle idempotence - when: (git_config_result.config_value | regex_replace("'", '')) != (git_credential_manager_git_config_value | regex_replace("'", '')) + name: 'credential.credentialStore' + value: '{{ git_credential_manager_credential_store }}' diff --git a/templates/git-credential-manager.j2 b/templates/git-credential-manager.j2 deleted file mode 100644 index dde1bbf..0000000 --- a/templates/git-credential-manager.j2 +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -exec '{{ git_credential_manager_install_dir }}/jre/bin/java' \ - -jar '{{ git_credential_manager_install_dir }}/libexec/{{ git_credential_manager_jar_filename }}' \ - "$@" diff --git a/vars/main.yml b/vars/main.yml index 3993fa1..ac8d8c4 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,27 +1,9 @@ --- -# Mirror to download the Git Credential Manager JAR from -git_credential_manager_jar_mirror: 'https://github.com/Microsoft/Git-Credential-Manager-for-Mac-and-Linux/releases/download/git-credential-manager-{{ git_credential_manager_version }}' +# Mirror to download the Git Credential Manager +git_credential_manager_mirror: 'https://github.com/GitCredentialManager/git-credential-manager/releases/download/v{{ git_credential_manager_version }}' -# File name of the Git Credential Manager JAR -git_credential_manager_jar_filename: 'git-credential-manager-{{ git_credential_manager_version }}.jar' +# File name of the Git Credential Manager redistributable +git_credential_manager_redis_filename: 'gcmcore-linux_amd64.{{ git_credential_manager_version }}.{{ git_credential_manager_build }}.deb' -# The OS for the JRE -git_credential_manager_os: '{{ (ansible_os_family == "Darwin") | ternary("mac", "linux") }}' - -# The CPU architecture for the JRE -git_credential_manager_architecture: 'x64' - -# The download base file name of the JRE -git_credential_manager_jre_base_filename: 'OpenJDK{{ git_credential_manager_jre_major_version }}-jre_{{ git_credential_manager_architecture }}_{{ git_credential_manager_os }}_openj9_{{ git_credential_manager_jre_version }}' - -# The download file name of the JRE -git_credential_manager_jre_filename: '{{ git_credential_manager_jre_base_filename }}.tar.gz' - -# The symbolic link used to run the application -git_credential_manager_link: '/usr/local/bin/git-credential-manager' - -# The key for the git config -git_credential_manager_git_config_key: 'credential.helper' - -# The value to set in the git config -git_credential_manager_git_config_value: "!'{{ git_credential_manager_install_dir }}/jre/bin/java' -Ddebug=false -Djava.net.useSystemProxies=true -Xshareclasses:name=git-credential-manager -Xquickstart -jar '{{ git_credential_manager_install_dir }}/libexec/{{ git_credential_manager_jar_filename }}'" +# The credential helper to set in the git config +git_credential_manager_credential_helper: '/usr/local/share/gcm-core/git-credential-manager-core' diff --git a/vars/os-families/Debian.yml b/vars/os-families/Debian.yml deleted file mode 100644 index 487a7a9..0000000 --- a/vars/os-families/Debian.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -# Dependencies for Git Credential Manager -git_credential_manager_dependencies: - - git - - libgnome-keyring0 diff --git a/vars/os-families/RedHat.yml b/vars/os-families/RedHat.yml deleted file mode 100644 index 1564012..0000000 --- a/vars/os-families/RedHat.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -# Dependencies for Git Credential Manager -git_credential_manager_dependencies: - - git - - libgnome-keyring diff --git a/vars/os-families/Suse.yml b/vars/os-families/Suse.yml deleted file mode 100644 index 50ab302..0000000 --- a/vars/os-families/Suse.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# Dependencies for Git Credential Manager -git_credential_manager_dependencies: - - git - - libgnome-keyring0 - - tar - - gzip diff --git a/vars/os-families/default.yml b/vars/os-families/default.yml deleted file mode 100644 index 99fec64..0000000 --- a/vars/os-families/default.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -# Dependencies for Git Credential Manager -git_credential_manager_dependencies: - - git