-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ci(GITHUB): integrate cicd-tools (cc)
- Loading branch information
1 parent
2a40efb
commit 77b028e
Showing
111 changed files
with
1,926 additions
and
1,790 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,109 @@ | ||
#!/bin/bash | ||
|
||
# Manifest file reader. | ||
# Requires the jq binary: https://stedolan.github.io/jq/download/ | ||
|
||
# CICD-Tools script. | ||
|
||
set -eo pipefail | ||
|
||
# shellcheck source=./.cicd-tools/boxes/bootstrap/libraries/logging.sh | ||
source "$(dirname -- "${BASH_SOURCE[0]}")/../boxes/bootstrap/libraries/logging.sh" | ||
|
||
manifest() { | ||
local MANIFEST_FILE | ||
_manifest_args "$@" | ||
} | ||
|
||
_manifest_args() { | ||
while getopts "m:" OPTION; do | ||
case "$OPTION" in | ||
m) | ||
MANIFEST_FILE="${OPTARG}" | ||
;; | ||
\?) | ||
_manifest_usage | ||
;; | ||
:) | ||
_manifest_usage | ||
;; | ||
*) | ||
_manifest_usage | ||
;; | ||
esac | ||
done | ||
shift $((OPTIND - 1)) | ||
if [[ -z "${MANIFEST_FILE}" ]]; then | ||
_manifest_usage | ||
fi | ||
_manifest_commands "$@" | ||
} | ||
|
||
_manifest_commands() { | ||
case "$1" in | ||
security) | ||
[[ -n "${2}" ]] && _manifest_usage | ||
log "DEBUG" "MANIFEST > Reading security status from manifest." | ||
_manifest_security | ||
;; | ||
toolbox_url) | ||
[[ -z "${2}" ]] && _manifest_usage | ||
log "DEBUG" "MANIFEST > Reading toolbox url for '${2}' from manifest." | ||
_manifest_toolbox_url "${2}" | ||
;; | ||
toolbox_sha) | ||
[[ -z "${2}" ]] && _manifest_usage | ||
log "DEBUG" "MANIFEST > Reading toolbox checksum for '${2}' from manifest." | ||
_manifest_toolbox_sha "${2}" | ||
;; | ||
*) | ||
_manifest_usage | ||
;; | ||
esac | ||
} | ||
|
||
_manifest_usage() { | ||
log "ERROR" "manifest.sh -- interact with the CICD-Tools manifest file." | ||
log "ERROR" "USAGE: manifest.sh -p [PATH TO MANIFEST] [COMMAND]" | ||
log "ERROR" " COMMANDS:" | ||
log "ERROR" " toolbox_url [VERSION] - Retrieves the URL of the given toolbox version." | ||
log "ERROR" " toolbox_sha [FILENAME] - Retrieves the checksum of the given file." | ||
log "ERROR" " security - Indicates if hash validation is enabled or disabled." | ||
exit 127 | ||
} | ||
|
||
_manifest_security() { | ||
jq -rM ".disable_security" "${MANIFEST_FILE}" | ||
} | ||
|
||
_manifest_toolbox_prefix() { | ||
local REMOTE_SHA | ||
local REMOTE_SOURCE | ||
local REMOTE_PATH | ||
REMOTE_SHA="$(jq -erM '.version' "${MANIFEST_FILE}")" | ||
REMOTE_SOURCE="$(jq -erM '.source' "${MANIFEST_FILE}")" | ||
REMOTE_PATH="$(jq -erM '.toolbox_path' "${MANIFEST_FILE}")" | ||
echo "${REMOTE_SOURCE}/${REMOTE_SHA}/${REMOTE_PATH}" | ||
} | ||
|
||
_manifest_toolbox_is_present() { | ||
jq --arg version "${1}.tar.gz" -erM '.manifest[$version]' "${MANIFEST_FILE}" | ||
} | ||
|
||
_manifest_toolbox_url() { | ||
if ! _manifest_toolbox_is_present "${1}" > /dev/null; then | ||
log "ERROR" "MANIFEST > Toolbox version '${1}' is not in the manifest." | ||
exit 127 | ||
fi | ||
echo "$(_manifest_toolbox_prefix)/${1}.tar.gz" | ||
} | ||
|
||
_manifest_toolbox_sha() { | ||
if ! _manifest_toolbox_is_present "${1}" > /dev/null; then | ||
log "ERROR" "MANIFEST > Toolbox version '${1}' is not in the manifest." | ||
exit 127 | ||
fi | ||
jq --arg version "${1}.tar.gz" -erM '.manifest[$version]' "${MANIFEST_FILE}" | ||
} | ||
|
||
manifest "$@" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,163 @@ | ||
#!/bin/bash | ||
|
||
# Remote toolbox downloader. | ||
# Requires gpg binary: https://gnupg.org/ | ||
|
||
# CICD-Tools script. | ||
|
||
set -eo pipefail | ||
|
||
TOOLBOX_PATH="$(pwd)/.cicd-tools" | ||
TOOLBOX_REMOTES_FOLDER="boxes" | ||
TOOLBOX_MANIFEST_FILE="${TOOLBOX_PATH}/manifest.json" | ||
|
||
# shellcheck source=./.cicd-tools/boxes/bootstrap/libraries/logging.sh | ||
source "$(dirname -- "${BASH_SOURCE[0]}")/../boxes/bootstrap/libraries/logging.sh" | ||
|
||
# shellcheck source=./.cicd-tools/boxes/bootstrap/libraries/environment.sh | ||
source "$(dirname -- "${BASH_SOURCE[0]}")/../boxes/bootstrap/libraries/environment.sh" \ | ||
-o "DOWNLOAD_RETRIES DOWNLOAD_MAX_TIME" \ | ||
-d "3 30" | ||
|
||
main() { | ||
OPTIND=1 | ||
|
||
local MANIFEST_ASC | ||
local MANIFEST_DISABLE_SECURITY="false" | ||
local TARGET_TOOLBOX_VERSION | ||
local TARGET_TOOLBOX_URL | ||
local TEMP_DIRECTORY | ||
|
||
TEMP_DIRECTORY="$(mktemp -d)" | ||
|
||
_toolbox_args "$@" | ||
_toolbox_manifest_download | ||
_toolbox_manifest_load | ||
_toolbox_box_download | ||
_toolbox_box_checksum | ||
_toolbox_box_install | ||
} | ||
|
||
_toolbox_args() { | ||
while getopts "b:m:r:t:" OPTION; do | ||
case "$OPTION" in | ||
b) | ||
TARGET_TOOLBOX_VERSION="${OPTARG}" | ||
TARGET_TOOLBOX_FILENAME="${TARGET_TOOLBOX_VERSION}.tar.gz" | ||
;; | ||
m) | ||
MANIFEST_ASC="${OPTARG}" | ||
;; | ||
r) | ||
DOWNLOAD_RETRIES="${OPTARG}" | ||
;; | ||
t) | ||
DOWNLOAD_MAX_TIME="${OPTARG}" | ||
;; | ||
\?) | ||
_toolbox_usage | ||
;; | ||
:) | ||
_toolbox_usage | ||
;; | ||
*) | ||
_toolbox_usage | ||
;; | ||
esac | ||
done | ||
shift $((OPTIND - 1)) | ||
|
||
if [[ -z "${TARGET_TOOLBOX_VERSION}" ]] || | ||
[[ -z "${MANIFEST_ASC}" ]]; then | ||
_toolbox_usage | ||
fi | ||
} | ||
|
||
_toolbox_box_checksum() { | ||
pushd "${TEMP_DIRECTORY}" >> /dev/null | ||
if [[ "${MANIFEST_DISABLE_SECURITY}" == "false" ]]; then | ||
if ! echo "${TARGET_TOOLBOX_SHA} ${TARGET_TOOLBOX_FILENAME}" | sha256sum -c; then | ||
log "ERROR" "CHECKSUM > Hash of remote file does not match!" | ||
log "ERROR" "CHECKSUM > Cannot proceed." | ||
exit 127 | ||
else | ||
log "INFO" "CHECKSUM > Hash verification has passed." | ||
fi | ||
else | ||
log "WARNING" "CHECKSUM > The manifest has DISABLED all checksum validation." | ||
fi | ||
cp "${TARGET_TOOLBOX_FILENAME}" "${TOOLBOX_PATH}/${TOOLBOX_REMOTES_FOLDER}" | ||
popd >> /dev/null | ||
} | ||
|
||
_toolbox_box_download() { | ||
if [[ -f "${TOOLBOX_PATH}/${TOOLBOX_REMOTES_FOLDER}/${TARGET_TOOLBOX_FILENAME}" ]]; then | ||
mv "${TOOLBOX_PATH}/${TOOLBOX_REMOTES_FOLDER}/${TARGET_TOOLBOX_FILENAME}" "${TEMP_DIRECTORY}" | ||
log "INFO" "BOX > Toolbox Version ${TARGET_TOOLBOX_VERSION} has already been downloaded." | ||
else | ||
_toolbox_box_fetch | ||
fi | ||
} | ||
|
||
_toolbox_box_fetch() { | ||
log "DEBUG" "BOX > Target Toolbox Version: ${TARGET_TOOLBOX_VERSION}" | ||
log "DEBUG" "BOX > Target Toolbox SHA: ${TARGET_TOOLBOX_SHA}" | ||
log "DEBUG" "BOX > Target Toolbox URL: ${TARGET_TOOLBOX_URL}" | ||
|
||
mkdir -p "${TOOLBOX_PATH}/${TOOLBOX_REMOTES_FOLDER}" | ||
|
||
pushd "${TEMP_DIRECTORY}" >> /dev/null | ||
_toolbox_fetch "${TARGET_TOOLBOX_URL}" > "${TARGET_TOOLBOX_FILENAME}" | ||
popd >> /dev/null | ||
|
||
log "INFO" "BOX > Remote toolbox retrieved." | ||
} | ||
|
||
_toolbox_box_install() { | ||
pushd "${TOOLBOX_PATH}/${TOOLBOX_REMOTES_FOLDER}" >> /dev/null | ||
tar xvzf "${TARGET_TOOLBOX_FILENAME}" | ||
log "DEBUG" "BOX > Toolbox Version ${TARGET_TOOLBOX_VERSION} has been installed to ${TOOLBOX_PATH}/${TOOLBOX_REMOTES_FOLDER}." | ||
ln -sf "${TARGET_TOOLBOX_VERSION}" active | ||
log "INFO" "BOX > Toolbox Version ${TARGET_TOOLBOX_VERSION} has been activated." | ||
popd >> /dev/null | ||
} | ||
|
||
_toolbox_fetch() { | ||
# 1: url | ||
log "DEBUG" "FETCH > URL: ${1}" | ||
log "DEBUG" "FETCH > Retries: ${DOWNLOAD_RETRIES}" | ||
log "DEBUG" "FETCH > Max Time: ${DOWNLOAD_MAX_TIME}" | ||
|
||
set -x | ||
curl --fail \ | ||
--location \ | ||
--silent \ | ||
--show-error \ | ||
--retry "${DOWNLOAD_RETRIES}" \ | ||
--retry-max-time "${DOWNLOAD_MAX_TIME}" \ | ||
"${1}" | ||
{ set +x; } 2> /dev/null | ||
|
||
log "DEBUG" "FETCH > Fetch complete." | ||
} | ||
|
||
_toolbox_manifest_download() { | ||
gpg --yes --output "${TOOLBOX_MANIFEST_FILE}" --verify <(_toolbox_fetch "${MANIFEST_ASC}") | ||
log "INFO" "MANIFEST > Remote manifest retrieved." | ||
} | ||
|
||
_toolbox_manifest_load() { | ||
TARGET_TOOLBOX_SHA="$(./.cicd-tools/bin/manifest.sh -m "${TOOLBOX_MANIFEST_FILE}" toolbox_sha "${TARGET_TOOLBOX_VERSION}")" | ||
MANIFEST_DISABLE_SECURITY="$(./.cicd-tools/bin/manifest.sh -m "${TOOLBOX_MANIFEST_FILE}" security)" | ||
TARGET_TOOLBOX_URL="$(./.cicd-tools/bin/manifest.sh -m "${TOOLBOX_MANIFEST_FILE}" toolbox_url "${TARGET_TOOLBOX_VERSION}")" | ||
log "INFO" "MANIFEST > Remote manifest loaded." | ||
} | ||
|
||
_toolbox_usage() { | ||
log "ERROR" "toolbox.sh -- download a remote toolbox from the CICD-Tools manifest." | ||
log "ERROR" "USAGE: toolbox.sh -b [TOOLBOX VERSION] -m [REMOTE MANIFEST URL]" | ||
log "ERROR" " Optional: -r [OPTIONAL RETRY COUNT] -m [OPTIONAL MAX RETRY TIME]" | ||
exit 127 | ||
} | ||
|
||
main "$@" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
#!/bin/bash | ||
|
||
# Remote gpg key verification. | ||
# Requires gpg binary: https://gnupg.org/ | ||
|
||
# CICD-Tools script. | ||
|
||
set -eo pipefail | ||
|
||
# shellcheck source=./.cicd-tools/boxes/bootstrap/libraries/logging.sh | ||
source "$(dirname -- "${BASH_SOURCE[0]}")/../boxes/bootstrap/libraries/logging.sh" | ||
|
||
main() { | ||
local CICD_TOOLS_GPG_KEY | ||
|
||
_verify_args "$@" | ||
_verify_check_key | ||
_verify_trust_key | ||
} | ||
|
||
_verify_args() { | ||
while getopts "k:" OPTION; do | ||
case "$OPTION" in | ||
k) | ||
CICD_TOOLS_GPG_KEY="${OPTARG}" | ||
;; | ||
\?) | ||
_toolbox_usage | ||
;; | ||
:) | ||
_toolbox_usage | ||
;; | ||
*) | ||
_toolbox_usage | ||
;; | ||
esac | ||
done | ||
shift $((OPTIND - 1)) | ||
|
||
if [[ -z "${CICD_TOOLS_GPG_KEY}" ]]; then | ||
_verify_usage | ||
fi | ||
} | ||
|
||
_verify_check_key() { | ||
gpg \ | ||
--verify "$(dirname -- "${BASH_SOURCE[0]}")/../pgp/verification.sign" \ | ||
"$(dirname -- "${BASH_SOURCE[0]}")/../pgp/verification.txt" | ||
} | ||
|
||
_verify_trust_key() { | ||
echo "${CICD_TOOLS_GPG_KEY}:6:" | gpg --import-ownertrust | ||
} | ||
|
||
_verify_usage() { | ||
log "ERROR" "verify.sh -- verify the CICD-Tools gpg key." | ||
log "ERROR" "USAGE: verify.sh -k [GPG KEY ID]" | ||
exit 127 | ||
} | ||
|
||
main "$@" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
#!/bin/bash | ||
|
||
# Commitizen 'pre_bump_hook' script to make TOML quotes compatible with tomll. | ||
|
||
# Commitizen pre_bump_hook script only. | ||
|
||
set -eo pipefail | ||
|
||
main() { | ||
# sed compatible with Linux and BSD | ||
sed -i.bak "s,\"${CZ_PRE_NEW_VERSION}\",'${CZ_PRE_NEW_VERSION}',g" pyproject.toml | ||
rm pyproject.toml.bak | ||
} | ||
|
||
main |
Oops, something went wrong.