Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: add ShellCheck to CI #458

Merged
merged 1 commit into from
Aug 31, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,16 @@ jobs:
# so we will just update it manually whenever it makes sense (e.g., a feature that we want is added).
version: v1.53.3
args: --fix=false --timeout=5m
shellcheck:
name: ShellCheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run ShellCheck
uses: ludeeus/[email protected]
with:
version: v0.9.0
continue-on-error: true
go-mod-tidy-check:
runs-on: ubuntu-latest
steps:
Expand Down
2 changes: 2 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -204,6 +204,8 @@ download-licenses:
curl https://raw.githubusercontent.com/golangci/golangci-lint-action/master/LICENSE --output "$(LICENSEDIR)/github.com/golangci/golangci-lint-action/LICENSE"
mkdir -p "$(LICENSEDIR)/github.com/avto-dev/markdown-lint"
curl https://raw.githubusercontent.com/avto-dev/markdown-lint/master/LICENSE --output "$(LICENSEDIR)/github.com/avto-dev/markdown-lint/LICENSE"
mkdir -p "$(LICENSEDIR)"/github.com/ludeeus/action-shellcheck"
curl https://raw.githubusercontent.com/ludeeus/action-shellcheck/blob/2.0.0/LICENSE --output "$(LICENSEDIR)/github.com/ludeeus/action-shellcheck/LICENSE"

### dependencies in ci.yaml - end ###

Expand Down
2 changes: 1 addition & 1 deletion installer-builder/darwin/Resources/uninstall.sh
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ fi

echo "Finch-__VERSION__ will be REMOVED."
while true; do
read -p "Do you wish to continue [Y/n]?" answer
read -r -p "Do you wish to continue [Y/n]?" answer
[[ $answer == "y" || $answer == "Y" || $answer == "" ]] && break
[[ $answer == "n" || $answer == "N" ]] && exit 0
echo "Please answer with 'y' or 'n'"
Expand Down
2 changes: 1 addition & 1 deletion installer-builder/darwin/scripts/postinstall
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ sudo pkill '^limactl'

#change permissions in home directory
echo "Change permissions for product home directory."
cd /Applications/Finch
cd /Applications/Finch || exit
chmod -R 777 .
chmod -R 755 /Applications/Finch/dependencies/lima-socket_vmnet/opt/finch
[ -d /usr/local/bin ] || mkdir /usr/local/bin
Expand Down
38 changes: 19 additions & 19 deletions installer-builder/tools/artifact-helper.sh
Original file line number Diff line number Diff line change
Expand Up @@ -8,16 +8,16 @@ DELAY=60
#$2: executable bucket
#$3: pkg bucket
cleanUpSigningArtifactInS3Buckets() {
aws s3 rm s3://${2}-${1//_/-}/pre-signed/package.tar.gz
aws s3 rm s3://${2}-${1//_/-}/signed/finch-executables-${1//_/-}.zip
aws s3 rm s3://${3}-${1//_/-}/pre-signed/package.tar.gz
aws s3 rm s3://${3}-${1//_/-}/signed/finch-pkg-${1//_/-}.zip
aws s3 rm "s3://${2}-${1//_/-}/pre-signed/package.tar.gz"
aws s3 rm "s3://${2}-${1//_/-}/signed/finch-executables-${1//_/-}.zip"
aws s3 rm "s3://${3}-${1//_/-}/pre-signed/package.tar.gz"
aws s3 rm "s3://${3}-${1//_/-}/signed/finch-pkg-${1//_/-}.zip"
}

#$1: arch: {x86_64, aarch64}
#$2: executable bucket
uploadUnsignedExecutables() {
aws s3 cp ./installer-builder/output/executables/unsigned/package.tar.gz s3://${2}-${1//_/-}/pre-signed/package.tar.gz --no-progress
aws s3 cp ./installer-builder/output/executables/unsigned/package.tar.gz "s3://${2}-${1//_/-}/pre-signed/package.tar.gz" --no-progress
}

#$1: arch: {x86_64, aarch64}
Expand All @@ -26,25 +26,25 @@ downloadSignedExecutables() {
attempts=0
while [ $attempts -lt $MAX_RETRY ]
do
aws s3 cp s3://${2}-${1//_/-}/signed/finch-executables-${1//_/-}.zip ./installer-builder/output/executables/signed --no-progress && break
attempts=$(($attempts+1))
aws s3 cp "s3://${2}-${1//_/-}/signed/finch-executables-${1//_/-}.zip" ./installer-builder/output/executables/signed --no-progress && break
attempts=$((attempts+1))
echo "Wait $DELAY seconds and retry..."
sleep $DELAY
done

if [ $attempts -eq $MAX_RETRY ]
then
echo "Download failed after $MAT_RETRY attempts."
echo "Download failed after $MAX_RETRY attempts."
fi

tar xzvf ./installer-builder/output/executables/signed/finch-executables-${1//_/-}.zip -C ./installer-builder/output/executables/signed
aws s3 rm s3://${2}-${1//_/-}/pre-signed/package.tar.gz
tar xzvf "./installer-builder/output/executables/signed/finch-executables-${1//_/-}.zip" -C ./installer-builder/output/executables/signed
aws s3 "rm s3://${2}-${1//_/-}/pre-signed/package.tar.gz"
}

#$1: arch: {x86_64, aarch64}
#$2: pkg bucket
uploadUnsignedPkg() {
aws s3 cp ./installer-builder/output/installer/unsigned/package.tar.gz s3://${2}-${1//_/-}/pre-signed/package.tar.gz --no-progress
aws s3 cp ./installer-builder/output/installer/unsigned/package.tar.gz "s3://${2}-${1//_/-}/pre-signed/package.tar.gz" --no-progress
}

#$1: arch: {x86_64, aarch64}
Expand All @@ -53,27 +53,27 @@ downloadSignedPkg() {
attempts=0
while [ $attempts -lt $MAX_RETRY ]
do
aws s3 cp s3://${2}-${1//_/-}/signed/finch-pkg-${1//_/-}.zip ./installer-builder/output/installer/signed --no-progress && break
attempts=$(($attempts+1))
aws s3 cp "s3://${2}-${1//_/-}/signed/finch-pkg-${1//_/-}.zip" ./installer-builder/output/installer/signed --no-progress && break
attempts=$((attempts+1))
echo "Wait $DELAY seconds and retry..."
sleep $DELAY
done

if [ $attempts -eq $MAX_RETRY ]
then
echo "Download failed after $MAT_RETRY attempts."
echo "Download failed after $MAX_RETRY attempts."
fi

tar xzvf ./installer-builder/output/installer/signed/finch-pkg-${1//_/-}.zip -C ./installer-builder/output/installer/signed
aws s3 rm s3://${2}-${1//_/-}/pre-signed/package.tar.gz
tar xzvf "./installer-builder/output/installer/signed/finch-pkg-${1//_/-}.zip" -C ./installer-builder/output/installer/signed
aws s3 rm "s3://${2}-${1//_/-}/pre-signed/package.tar.gz"
}

#$1: arch: {x86_64, aarch64}
#$2: version
#$3: private pkg bucket
uploadNotarizedPkg() {
#rename and upload the final installer
mv ./installer-builder/output/installer/signed/Payload/Finch.pkg ./installer-builder/output/installer/signed/Payload/Finch-${2}-${1}.pkg
aws s3 rm s3://${3}/Finch-${2}-${1}.pkg
aws s3 cp ./installer-builder/output/installer/signed/Payload/Finch-${2}-${1}.pkg s3://${3}/Finch-${2}-${1}.pkg --no-progress
mv ./installer-builder/output/installer/signed/Payload/Finch.pkg "./installer-builder/output/installer/signed/Payload/Finch-${2}-${1}.pkg"
aws s3 rm "s3://${3}/Finch-${2}-${1}.pkg"
aws s3 cp "./installer-builder/output/installer/signed/Payload/Finch-${2}-${1}.pkg" "s3://${3}/Finch-${2}-${1}.pkg" --no-progress
}
14 changes: 7 additions & 7 deletions installer-builder/tools/build-macos-pkg.sh
Original file line number Diff line number Diff line change
Expand Up @@ -10,18 +10,18 @@ buildPkgInstaller() {

#copy pkg resources and replace version placeholder
cp -r ./installer-builder/darwin $INSTALLER_FULL_PATH/
sed -i '' -e 's/__VERSION__/'${VERSION}'/g' $INSTALLER_FULL_PATH/darwin/scripts/postinstall
sed -i '' -e 's/__VERSION__/'${VERSION}'/g' $INSTALLER_FULL_PATH/darwin/distribution.xml
sed -i '' -e 's/__VERSION__/'"${VERSION}"'/g' $INSTALLER_FULL_PATH/darwin/scripts/postinstall
sed -i '' -e 's/__VERSION__/'"${VERSION}"'/g' $INSTALLER_FULL_PATH/darwin/distribution.xml

#distribution file requires different value for aarch64
if [ $ARCH == "x86_64" ]
if [ "$ARCH" == "x86_64" ]
then
supportedArch="x86_64"
else
supportedArch="arm64"
fi
sed -i '' -e 's/__ARCH__/'${supportedArch}'/g' $INSTALLER_FULL_PATH/darwin/distribution.xml
sed -i '' -e 's/__VERSION__/'${VERSION}'/g' $INSTALLER_FULL_PATH/darwin/Resources/*.html
sed -i '' -e 's/__VERSION__/'"${VERSION}"'/g' $INSTALLER_FULL_PATH/darwin/Resources/*.html

#copy signed finch build to pkg resource
mkdir -p $INSTALLER_FULL_PATH/darwinpkg
Expand All @@ -36,16 +36,16 @@ buildPkgInstaller() {

#copy uninstall script and replace version placeholder
cp ./installer-builder/darwin/Resources/uninstall.sh $INSTALLER_FULL_PATH/darwinpkg/Applications/Finch
sed -i '' -e 's/__VERSION__/'${VERSION}'/g' $INSTALLER_FULL_PATH/darwinpkg/Applications/Finch/uninstall.sh
sed -i '' -e 's/__VERSION__/'"${VERSION}"'/g' $INSTALLER_FULL_PATH/darwinpkg/Applications/Finch/uninstall.sh

#construct pkg directory
mkdir -p $INSTALLER_FULL_PATH/package
mkdir -p $INSTALLER_FULL_PATH/signed
mkdir -p $INSTALLER_FULL_PATH/unsigned/package/artifact

#build pkg
pkgbuild --identifier org.Finch.${VERSION} \
--version $VERSION \
pkgbuild --identifier org.Finch."${VERSION}" \
--version "$VERSION" \
--scripts $INSTALLER_FULL_PATH/darwin/scripts \
--root $INSTALLER_FULL_PATH/darwinpkg \
$INSTALLER_FULL_PATH/package/Finch.pkg > /dev/null 2>&1
Expand Down
20 changes: 10 additions & 10 deletions installer-builder/tools/extract-executables.sh
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ packageUnsignedExecutables() {
extractExecutables ./installer-builder/output/origin/_output

#prepare unsigned executable into .tar
cd ./installer-builder/output/executables/unsigned/package
cd ./installer-builder/output/executables/unsigned/package || exit
tar -cvzf artifact.gz -C artifact .
tar -cvzf ../package.tar.gz manifest.yaml artifact.gz
}
Expand All @@ -36,15 +36,15 @@ updateQEMUEntitlement() {

#$1: the file object
extractExecutables() {
for file in `ls -a $1`
for file in $(ls -a "$1")
austinvazquez marked this conversation as resolved.
Show resolved Hide resolved
do
if [ -d $1/$file ];
if [ -d "$1/$file" ];
then
if [[ $file != '.' && $file != '..' ]];
then
extractExecutables $1/$file
extractExecutables "$1/$file"
fi
elif [[ -x $1/$file || ($file == *.dylib && !(-L $1/$file)) ]];
elif [[ -x $1/$file || ($file == *.dylib && ! (-L $1/$file)) ]];
then
#extract executables from all file directory to one folder
#to have the ability to merge back, rename the executables with the file path
Expand All @@ -53,20 +53,20 @@ extractExecutables() {
#1) ./a will be removed
#2) '/' will be replaced by '__'
#3) final executable name is 'b__c'
relativepath=$(echo $1/$file | sed 's|./installer-builder/output/origin/_output/||')
relativepath=$(echo "$1/$file" | sed 's|./installer-builder/output/origin/_output/||')
newname=${relativepath//\//__}

#copy executable to destination folder
cp -a $1/$file ./installer-builder/output/executables/unsigned/package/artifact/EXECUTABLES_TO_SIGN/$newname
codesign --remove-signature ./installer-builder/output/executables/unsigned/package/artifact/EXECUTABLES_TO_SIGN/$newname
cp -a "$1/$file" ./installer-builder/output/executables/unsigned/package/artifact/EXECUTABLES_TO_SIGN/"$newname"
codesign --remove-signature ./installer-builder/output/executables/unsigned/package/artifact/EXECUTABLES_TO_SIGN/"$newname"

#qemu needs specific entitlement, handle it separately
if [[ $file == "qemu-system-x86_64" || $file == "qemu-system-aarch64" ]];
then
updateQEMUEntitlement $newname
updateQEMUEntitlement "$newname"
elif [[ $file != "qemu-img" ]];
then
updateEntitlement $newname
updateEntitlement "$newname"
fi
fi
done
Expand Down
4 changes: 2 additions & 2 deletions installer-builder/tools/merge-back-signed-executables.sh
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#!/bin/bash

mergeBackSignedExecutables() {
for file in `ls -a ./installer-builder/output/executables/signed/Payload/EXECUTABLES_TO_SIGN`
for file in $(ls -a ./installer-builder/output/executables/signed/Payload/EXECUTABLES_TO_SIGN)
do
if [[ $file != '.' && $file != '..' ]]
then
Expand All @@ -13,7 +13,7 @@ mergeBackSignedExecutables() {
#3) final executable path is './a/b/c'
originalPath=${file//__/\/}
fullPath=./installer-builder/output/origin/_output/$originalPath
cp -f ./installer-builder/output/executables/signed/Payload/EXECUTABLES_TO_SIGN/$file $fullPath
cp -f ./installer-builder/output/executables/signed/Payload/EXECUTABLES_TO_SIGN/"$file" "$fullPath"
fi
done
}
Expand Down
4 changes: 2 additions & 2 deletions installer-builder/tools/notarize.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,6 @@

#$1: the account name
#$2: the credential
cd ./installer-builder/output/installer/signed/Payload
cd ./installer-builder/output/installer/signed/Payload || exit
ditto -c -k --sequesterRsrc --keepParent Finch.pkg Finch.zip
xcrun notarytool submit Finch.zip --apple-id ${1} --password ${2} --team-id 94KV3E626L --wait
xcrun notarytool submit Finch.zip --apple-id "${1}" --password "${2}" --team-id 94KV3E626L --wait
2 changes: 1 addition & 1 deletion installer-builder/tools/pack-unsigned-pkg.sh
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
createUnsignedPkgTarball() {
#prepare unsigned .pkg into .tar
cp -a ./installer-builder/templates/manifest_pkg.yaml ./installer-builder/output/installer/unsigned/package/manifest.yaml
cd ./installer-builder/output/installer/unsigned/package
cd ./installer-builder/output/installer/unsigned/package || exit
tar -cvzf artifact.gz -C artifact .
tar -cvzf ../package.tar.gz manifest.yaml artifact.gz
}
Expand Down
22 changes: 11 additions & 11 deletions installer-builder/tools/release-installer.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ NOTARIZATION_CREDENTIAL=${7}
releaseInstaller() {
echo "Finch-$FINCH_VERSION-$ARCH.pkg Installer Generation Started..."
echo "[1/12] Clean Old Signing Artifact in S3 Buckets"
cleanUpSigningArtifactInS3Buckets $ARCH $EXECUTABLE_BUCKET $PKG_BUCKET
cleanUpSigningArtifactInS3Buckets "$ARCH" "$EXECUTABLE_BUCKET" "$PKG_BUCKET"
rm -rf "./installer-builder/output"
mkdir -pv "./installer-builder/output"

Expand All @@ -22,34 +22,34 @@ releaseInstaller() {
cp -RP ./_output "./installer-builder/output/origin"

echo "[3/12] Extract Executables from Finch Build"
bash ./installer-builder/tools/extract-executables.sh $ARCH
bash ./installer-builder/tools/extract-executables.sh "$ARCH"

echo "[4/12] Upload Unsigned Executables to S3 Buckets"
uploadUnsignedExecutables $ARCH $EXECUTABLE_BUCKET
uploadUnsignedExecutables "$ARCH" "$EXECUTABLE_BUCKET"

echo "[5/12] Download Signed Executables from S3 Buckets"
downloadSignedExecutables $ARCH $EXECUTABLE_BUCKET
downloadSignedExecutables "$ARCH" "$EXECUTABLE_BUCKET"

echo "[6/12] Merge Back Signed Executables to Finch Build"
bash ./installer-builder/tools/merge-back-signed-executables.sh $ARCH
bash ./installer-builder/tools/merge-back-signed-executables.sh "$ARCH"

echo "[7/12] Build .pkg"
bash ./installer-builder/tools/build-macos-pkg.sh $ARCH $FINCH_VERSION
bash ./installer-builder/tools/build-macos-pkg.sh "$ARCH" "$FINCH_VERSION"

echo "[8/12] Pack Unsigned .pkg"
bash ./installer-builder/tools/pack-unsigned-pkg.sh $ARCH
bash ./installer-builder/tools/pack-unsigned-pkg.sh "$ARCH"

echo "[9/12] Upload Unsigned .pkg to S3 Buckets"
uploadUnsignedPkg $ARCH $PKG_BUCKET
uploadUnsignedPkg "$ARCH" "$PKG_BUCKET"

echo "[10/12] Download Signed .pkg from S3 Buckets"
downloadSignedPkg $ARCH $PKG_BUCKET
downloadSignedPkg "$ARCH" "$PKG_BUCKET"

echo "[11/12] App Store Notarization"
bash ./installer-builder/tools/notarize.sh $NOTARIZATION_ACCOUNT $NOTARIZATION_CREDENTIAL
bash ./installer-builder/tools/notarize.sh "$NOTARIZATION_ACCOUNT" "$NOTARIZATION_CREDENTIAL"

echo "[12/12] Upload installer to S3 buckets"
uploadNotarizedPkg $ARCH $FINCH_VERSION $INSTALLER_PRIVATE_BUCKET_NAME
uploadNotarizedPkg "$ARCH" "$FINCH_VERSION" "$INSTALLER_PRIVATE_BUCKET_NAME"

echo "Finch-$FINCH_VERSION-$ARCH.pkg Installer Generation Completed!"
}
Expand Down