From 572c03667550f97f5f7c5f1468f69f89a90d3ac7 Mon Sep 17 00:00:00 2001 From: Firelight Flagboy Date: Wed, 13 Dec 2023 14:53:25 +0100 Subject: [PATCH] Harden notary script - Set and use `SCRIPTDIR` to be agnostic of the current working directory (i.e.: being able to execute it outside of `parsec-cloud` repo) - Rework `Debug tool version` block to oneline tools' version instead of relying on debug output (`set -x`). This allow to run the script with `-x` without it being disable by the `set +x`. - Allow to provide additional args to `Github-CLI` via the optional var `GH_ADDITIONAL_ARGS` (useful to set `--repo=/`) Co-authored-by: Marcos Medrano <786907+mmmarcos@users.noreply.github.com> --- .github/scripts/notary/lib.sh | 6 +++--- .github/scripts/notary/script.sh | 22 +++++++++++----------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/scripts/notary/lib.sh b/.github/scripts/notary/lib.sh index b84c70aeba3..c1d8edda125 100644 --- a/.github/scripts/notary/lib.sh +++ b/.github/scripts/notary/lib.sh @@ -1,6 +1,6 @@ -#!bash - -QUERY_FOLDER=.github/scripts/notary/graphql +#!/usr/bin/env bash +SCRIPTDIR=${SCRIPTDIR:="$(dirname $(realpath -s "$0"))"} +QUERY_FOLDER=$SCRIPTDIR/graphql # List project fields like `status`, `tag`, `labels` and other function list_project_fields() { diff --git a/.github/scripts/notary/script.sh b/.github/scripts/notary/script.sh index 4ca2edba8fc..60aa843a53e 100644 --- a/.github/scripts/notary/script.sh +++ b/.github/scripts/notary/script.sh @@ -1,5 +1,6 @@ -#!bash -source .github/scripts/notary/lib.sh +#!/usr/bin/env bash +SCRIPTDIR=${SCRIPTDIR:="$(dirname $(realpath -s "$0"))"} +source "$SCRIPTDIR"/lib.sh if [ $# -ne 2 ]; then echo "usage: $0 " 1>&2 @@ -8,14 +9,13 @@ fi PROJECT_ORGA=${1} PROJECT_NUMBER=${2} +GH="gh ${GH_ADDITIONAL_ARGS:=""}" set -o pipefail -echo "Debug tool version" -set -x -gh --version -jq --version -base64 --version -set +x +echo "Debug tools version:" +echo "- gh version: $(gh --version | head -n 1)" +echo "- jq version: $(jq --version)" +echo "- base64 version: $(base64 --version | head -n 1)" TMP_DIR=$(mktemp --tmpdir --directory "notary.XXXX") echo "temporary folder is $TMP_DIR" @@ -25,14 +25,14 @@ echo "Looking for issues that are assigned to the wrong project." touch $TMP_DIR/issues_wrong_project.json # Search for Issue that aren't linked to the board already -gh issue list \ +$GH issue list \ --json id,title,number \ --search "-project:\"$PROJECT_ORGA/$PROJECT_NUMBER\"" \ --jq '.[] += {"type": "issue"} | .[]' \ | tee -a $TMP_DIR/issues_wrong_project.json # Search for PRs that aren't linked to the board and linked to an issue -gh pr list \ +$GH pr list \ --json id,title,number \ --search "-project:\"$PROJECT_ORGA/$PROJECT_NUMBER\" -linked:issue" \ --jq '.[] += {"type": "pr"} | .[]' \ @@ -58,8 +58,8 @@ for raw_row in $(<$TMP_DIR/issues_wrong_project.json.b64); do echo -n "Adding $TYPE \"$TITLE\" to project $PROJECT_TITLE > " add_item_to_project $PROJECT_ID $ID - echo RC=$? + echo if [ $RC -ne 0 ]; then echo "Failed to add $TYPE \"$TITLE\" to project $PROJECT_TITLE" >&2 exit $RC