Skip to content

Commit

Permalink
ci(GITHUB): integrate cicd-tools
Browse files Browse the repository at this point in the history
  • Loading branch information
niall-byrne committed Nov 16, 2023
1 parent c8ff356 commit a04030d
Show file tree
Hide file tree
Showing 36 changed files with 2,055 additions and 36 deletions.
109 changes: 109 additions & 0 deletions .cicd-tools/bin/manifest.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,109 @@
#!/bin/bash

# Manifest file reader.
# Requires the jq binary: https://stedolan.github.io/jq/download/

# CICD-Tools script.

set -eo pipefail

# shellcheck source=./.cicd-tools/boxes/bootstrap/libraries/logging.sh
source "$(dirname -- "${BASH_SOURCE[0]}")/../boxes/bootstrap/libraries/logging.sh"

manifest() {
local MANIFEST_FILE
_manifest_args "$@"
}

_manifest_args() {
while getopts "m:" OPTION; do
case "$OPTION" in
m)
MANIFEST_FILE="${OPTARG}"
;;
\?)
_manifest_usage
;;
:)
_manifest_usage
;;
*)
_manifest_usage
;;
esac
done
shift $((OPTIND - 1))
if [[ -z "${MANIFEST_FILE}" ]]; then
_manifest_usage
fi
_manifest_commands "$@"
}

_manifest_commands() {
case "$1" in
security)
[[ -n "${2}" ]] && _manifest_usage
log "DEBUG" "MANIFEST > Reading security status from manifest."
_manifest_security
;;
toolbox_url)
[[ -z "${2}" ]] && _manifest_usage
log "DEBUG" "MANIFEST > Reading toolbox url for '${2}' from manifest."
_manifest_toolbox_url "${2}"
;;
toolbox_sha)
[[ -z "${2}" ]] && _manifest_usage
log "DEBUG" "MANIFEST > Reading toolbox checksum for '${2}' from manifest."
_manifest_toolbox_sha "${2}"
;;
*)
_manifest_usage
;;
esac
}

_manifest_usage() {
log "ERROR" "manifest.sh -- interact with the CICD-Tools manifest file."
log "ERROR" "USAGE: manifest.sh -p [PATH TO MANIFEST] [COMMAND]"
log "ERROR" " COMMANDS:"
log "ERROR" " toolbox_url [VERSION] - Retrieves the URL of the given toolbox version."
log "ERROR" " toolbox_sha [FILENAME] - Retrieves the checksum of the given file."
log "ERROR" " security - Indicates if hash validation is enabled or disabled."
exit 127
}

_manifest_security() {
jq -rM ".disable_security" "${MANIFEST_FILE}"
}

_manifest_toolbox_prefix() {
local REMOTE_SHA
local REMOTE_SOURCE
local REMOTE_PATH
REMOTE_SHA="$(jq -erM '.version' "${MANIFEST_FILE}")"
REMOTE_SOURCE="$(jq -erM '.source' "${MANIFEST_FILE}")"
REMOTE_PATH="$(jq -erM '.toolbox_path' "${MANIFEST_FILE}")"
echo "${REMOTE_SOURCE}/${REMOTE_SHA}/${REMOTE_PATH}"
}

_manifest_toolbox_is_present() {
jq --arg version "${1}.tar.gz" -erM '.manifest[$version]' "${MANIFEST_FILE}"
}

_manifest_toolbox_url() {
if ! _manifest_toolbox_is_present "${1}" > /dev/null; then
log "ERROR" "MANIFEST > Toolbox version '${1}' is not in the manifest."
exit 127
fi
echo "$(_manifest_toolbox_prefix)/${1}.tar.gz"
}

_manifest_toolbox_sha() {
if ! _manifest_toolbox_is_present "${1}" > /dev/null; then
log "ERROR" "MANIFEST > Toolbox version '${1}' is not in the manifest."
exit 127
fi
jq --arg version "${1}.tar.gz" -erM '.manifest[$version]' "${MANIFEST_FILE}"
}

manifest "$@"
163 changes: 163 additions & 0 deletions .cicd-tools/bin/toolbox.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,163 @@
#!/bin/bash

# Remote toolbox downloader.
# Requires gpg binary: https://gnupg.org/

# CICD-Tools script.

set -eo pipefail

TOOLBOX_PATH="$(pwd)/.cicd-tools"
TOOLBOX_REMOTES_FOLDER="boxes"
TOOLBOX_MANIFEST_FILE="${TOOLBOX_PATH}/manifest.json"

# shellcheck source=./.cicd-tools/boxes/bootstrap/libraries/logging.sh
source "$(dirname -- "${BASH_SOURCE[0]}")/../boxes/bootstrap/libraries/logging.sh"

# shellcheck source=./.cicd-tools/boxes/bootstrap/libraries/environment.sh
source "$(dirname -- "${BASH_SOURCE[0]}")/../boxes/bootstrap/libraries/environment.sh" \
-o "DOWNLOAD_RETRIES DOWNLOAD_MAX_TIME" \
-d "3 30"

main() {
OPTIND=1

local MANIFEST_ASC
local MANIFEST_DISABLE_SECURITY="false"
local TARGET_TOOLBOX_VERSION
local TARGET_TOOLBOX_URL
local TEMP_DIRECTORY

TEMP_DIRECTORY="$(mktemp -d)"

_toolbox_args "$@"
_toolbox_manifest_download
_toolbox_manifest_load
_toolbox_box_download
_toolbox_box_checksum
_toolbox_box_install
}

_toolbox_args() {
while getopts "b:m:r:t:" OPTION; do
case "$OPTION" in
b)
TARGET_TOOLBOX_VERSION="${OPTARG}"
TARGET_TOOLBOX_FILENAME="${TARGET_TOOLBOX_VERSION}.tar.gz"
;;
m)
MANIFEST_ASC="${OPTARG}"
;;
r)
DOWNLOAD_RETRIES="${OPTARG}"
;;
t)
DOWNLOAD_MAX_TIME="${OPTARG}"
;;
\?)
_toolbox_usage
;;
:)
_toolbox_usage
;;
*)
_toolbox_usage
;;
esac
done
shift $((OPTIND - 1))

if [[ -z "${TARGET_TOOLBOX_VERSION}" ]] ||
[[ -z "${MANIFEST_ASC}" ]]; then
_toolbox_usage
fi
}

_toolbox_box_checksum() {
pushd "${TEMP_DIRECTORY}" >> /dev/null
if [[ "${MANIFEST_DISABLE_SECURITY}" == "false" ]]; then
if ! echo "${TARGET_TOOLBOX_SHA} ${TARGET_TOOLBOX_FILENAME}" | sha256sum -c; then
log "ERROR" "CHECKSUM > Hash of remote file does not match!"
log "ERROR" "CHECKSUM > Cannot proceed."
exit 127
else
log "INFO" "CHECKSUM > Hash verification has passed."
fi
else
log "WARNING" "CHECKSUM > The manifest has DISABLED all checksum validation."
fi
cp "${TARGET_TOOLBOX_FILENAME}" "${TOOLBOX_PATH}/${TOOLBOX_REMOTES_FOLDER}"
popd >> /dev/null
}

_toolbox_box_download() {
if [[ -f "${TOOLBOX_PATH}/${TOOLBOX_REMOTES_FOLDER}/${TARGET_TOOLBOX_FILENAME}" ]]; then
mv "${TOOLBOX_PATH}/${TOOLBOX_REMOTES_FOLDER}/${TARGET_TOOLBOX_FILENAME}" "${TEMP_DIRECTORY}"
log "INFO" "BOX > Toolbox Version ${TARGET_TOOLBOX_VERSION} has already been downloaded."
else
_toolbox_box_fetch
fi
}

_toolbox_box_fetch() {
log "DEBUG" "BOX > Target Toolbox Version: ${TARGET_TOOLBOX_VERSION}"
log "DEBUG" "BOX > Target Toolbox SHA: ${TARGET_TOOLBOX_SHA}"
log "DEBUG" "BOX > Target Toolbox URL: ${TARGET_TOOLBOX_URL}"

mkdir -p "${TOOLBOX_PATH}/${TOOLBOX_REMOTES_FOLDER}"

pushd "${TEMP_DIRECTORY}" >> /dev/null
_toolbox_fetch "${TARGET_TOOLBOX_URL}" > "${TARGET_TOOLBOX_FILENAME}"
popd >> /dev/null

log "INFO" "BOX > Remote toolbox retrieved."
}

_toolbox_box_install() {
pushd "${TOOLBOX_PATH}/${TOOLBOX_REMOTES_FOLDER}" >> /dev/null
tar xvzf "${TARGET_TOOLBOX_FILENAME}"
log "DEBUG" "BOX > Toolbox Version ${TARGET_TOOLBOX_VERSION} has been installed to ${TOOLBOX_PATH}/${TOOLBOX_REMOTES_FOLDER}."
ln -sf "${TARGET_TOOLBOX_VERSION}" active
log "INFO" "BOX > Toolbox Version ${TARGET_TOOLBOX_VERSION} has been activated."
popd >> /dev/null
}

_toolbox_fetch() {
# 1: url
log "DEBUG" "FETCH > URL: ${1}"
log "DEBUG" "FETCH > Retries: ${DOWNLOAD_RETRIES}"
log "DEBUG" "FETCH > Max Time: ${DOWNLOAD_MAX_TIME}"

set -x
curl --fail \
--location \
--silent \
--show-error \
--retry "${DOWNLOAD_RETRIES}" \
--retry-max-time "${DOWNLOAD_MAX_TIME}" \
"${1}"
{ set +x; } 2> /dev/null

log "DEBUG" "FETCH > Fetch complete."
}

_toolbox_manifest_download() {
gpg --yes --output "${TOOLBOX_MANIFEST_FILE}" --verify <(_toolbox_fetch "${MANIFEST_ASC}")
log "INFO" "MANIFEST > Remote manifest retrieved."
}

_toolbox_manifest_load() {
TARGET_TOOLBOX_SHA="$(./.cicd-tools/bin/manifest.sh -m "${TOOLBOX_MANIFEST_FILE}" toolbox_sha "${TARGET_TOOLBOX_VERSION}")"
MANIFEST_DISABLE_SECURITY="$(./.cicd-tools/bin/manifest.sh -m "${TOOLBOX_MANIFEST_FILE}" security)"
TARGET_TOOLBOX_URL="$(./.cicd-tools/bin/manifest.sh -m "${TOOLBOX_MANIFEST_FILE}" toolbox_url "${TARGET_TOOLBOX_VERSION}")"
log "INFO" "MANIFEST > Remote manifest loaded."
}

_toolbox_usage() {
log "ERROR" "toolbox.sh -- download a remote toolbox from the CICD-Tools manifest."
log "ERROR" "USAGE: toolbox.sh -b [TOOLBOX VERSION] -m [REMOTE MANIFEST URL]"
log "ERROR" " Optional: -r [OPTIONAL RETRY COUNT] -m [OPTIONAL MAX RETRY TIME]"
exit 127
}

main "$@"
61 changes: 61 additions & 0 deletions .cicd-tools/bin/verify.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
#!/bin/bash

# Remote gpg key verification.
# Requires gpg binary: https://gnupg.org/

# CICD-Tools script.

set -eo pipefail

# shellcheck source=./.cicd-tools/boxes/bootstrap/libraries/logging.sh
source "$(dirname -- "${BASH_SOURCE[0]}")/../boxes/bootstrap/libraries/logging.sh"

main() {
local CICD_TOOLS_GPG_KEY

_verify_args "$@"
_verify_check_key
_verify_trust_key
}

_verify_args() {
while getopts "k:" OPTION; do
case "$OPTION" in
k)
CICD_TOOLS_GPG_KEY="${OPTARG}"
;;
\?)
_toolbox_usage
;;
:)
_toolbox_usage
;;
*)
_toolbox_usage
;;
esac
done
shift $((OPTIND - 1))

if [[ -z "${CICD_TOOLS_GPG_KEY}" ]]; then
_verify_usage
fi
}

_verify_check_key() {
gpg \
--verify "$(dirname -- "${BASH_SOURCE[0]}")/../pgp/verification.sign" \
"$(dirname -- "${BASH_SOURCE[0]}")/../pgp/verification.txt"
}

_verify_trust_key() {
echo "${CICD_TOOLS_GPG_KEY}:6:" | gpg --import-ownertrust
}

_verify_usage() {
log "ERROR" "verify.sh -- verify the CICD-Tools gpg key."
log "ERROR" "USAGE: verify.sh -k [GPG KEY ID]"
exit 127
}

main "$@"
15 changes: 15 additions & 0 deletions .cicd-tools/boxes/bootstrap/commitizen/pre_bump.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
#!/bin/bash

# Commitizen 'pre_bump_hook' script to make TOML quotes compatible with tomll.

# Commitizen pre_bump_hook script only.

set -eo pipefail

main() {
# sed compatible with Linux and BSD
sed -i.bak "s,\"${CZ_PRE_NEW_VERSION}\",'${CZ_PRE_NEW_VERSION}',g" pyproject.toml
rm pyproject.toml.bak
}

main
Loading

0 comments on commit a04030d

Please sign in to comment.