This repository has been archived by the owner on Nov 4, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 13
/
build-locally.sh
executable file
·168 lines (147 loc) · 6.24 KB
/
build-locally.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
#! /usr/bin/env bash
#
# Copyright contributors to the Galasa project
#
# SPDX-License-Identifier: EPL-2.0
#
#-----------------------------------------------------------------------------------------
#
# Objectives: Build this repository code locally.
#
# Environment variable over-rides:
# LOGS_DIR - Optional. Where logs are placed. Defaults to creating a temporary directory.
# SOURCE_MAVEN - Optional. Where a maven repository is from which the build will draw artifacts.
# DEBUG - Optional. Defaults to 0 (off)
# GPG_PASSPHRASE - Used to sign and verify artifacts during the build
#
#-----------------------------------------------------------------------------------------
# Where is this script executing from ?
BASEDIR=$(dirname "$0");pushd $BASEDIR 2>&1 >> /dev/null ;BASEDIR=$(pwd);popd 2>&1 >> /dev/null
# echo "Running from directory ${BASEDIR}"
export ORIGINAL_DIR=$(pwd)
# cd "${BASEDIR}"
cd "${BASEDIR}/.."
WORKSPACE_DIR=$(pwd)
#-----------------------------------------------------------------------------------------
#
# Set Colors
#
#-----------------------------------------------------------------------------------------
bold=$(tput bold)
underline=$(tput sgr 0 1)
reset=$(tput sgr0)
red=$(tput setaf 1)
green=$(tput setaf 76)
white=$(tput setaf 7)
tan=$(tput setaf 202)
blue=$(tput setaf 25)
#-----------------------------------------------------------------------------------------
#
# Headers and Logging
#
#-----------------------------------------------------------------------------------------
underline() { printf "${underline}${bold}%s${reset}\n" "$@" ;}
h1() { printf "\n${underline}${bold}${blue}%s${reset}\n" "$@" ;}
h2() { printf "\n${underline}${bold}${white}%s${reset}\n" "$@" ;}
debug() { printf "${white}%s${reset}\n" "$@" ;}
info() { printf "${white}➜ %s${reset}\n" "$@" ;}
success() { printf "${green}✔ %s${reset}\n" "$@" ;}
error() { printf "${red}✖ %s${reset}\n" "$@" ;}
warn() { printf "${tan}➜ %s${reset}\n" "$@" ;}
bold() { printf "${bold}%s${reset}\n" "$@" ;}
note() { printf "\n${underline}${bold}${blue}Note:${reset} ${blue}%s${reset}\n" "$@" ;}
#-----------------------------------------------------------------------------------------
# Functions
#-----------------------------------------------------------------------------------------
function check_exit_code () {
# This function takes 2 parameters in the form:
# $1 an integer value of the returned exit code
# $2 an error message to display if $1 is not equal to 0
if [[ "$1" != "0" ]]; then
error "$2"
exit 1
fi
}
function check_secrets {
h2 "updating secrets baseline"
cd ${BASEDIR}
detect-secrets scan --update .secrets.baseline
rc=$?
check_exit_code $rc "Failed to run detect-secrets. Please check it is installed properly"
success "updated secrets file"
h2 "running audit for secrets"
detect-secrets audit .secrets.baseline
rc=$?
check_exit_code $rc "Failed to audit detect-secrets."
#Check all secrets have been audited
secrets=$(grep -c hashed_secret .secrets.baseline)
audits=$(grep -c is_secret .secrets.baseline)
if [[ "$secrets" != "$audits" ]]; then
error "Not all secrets found have been audited"
exit 1
fi
success "secrets audit complete"
h2 "Removing the timestamp from the secrets baseline file so it doesn't always cause a git change."
mkdir -p temp
rc=$?
check_exit_code $rc "Failed to create a temporary folder"
cat .secrets.baseline | grep -v "generated_at" > temp/.secrets.baseline.temp
rc=$?
check_exit_code $rc "Failed to create a temporary file with no timestamp inside"
mv temp/.secrets.baseline.temp .secrets.baseline
rc=$?
check_exit_code $rc "Failed to overwrite the secrets baseline with one containing no timestamp inside."
success "secrets baseline timestamp content has been removed ok"
}
#-----------------------------------------------------------------------------------------
# Main logic.
#-----------------------------------------------------------------------------------------
project="maven"
source_dir="galasa-maven-plugin"
h1 "Building ${project}"
info "Using source code at ${source_dir}"
# Debug or not debug ? Override using the DEBUG flag.
if [[ -z ${DEBUG} ]]; then
export DEBUG=0
# export DEBUG=1
info "DEBUG defaulting to ${DEBUG}."
info "Over-ride this variable if you wish. Valid values are 0 and 1."
else
info "DEBUG set to ${DEBUG} by caller."
fi
# Over-rode SOURCE_MAVEN if you want to build from a different maven repo...
if [[ -z ${SOURCE_MAVEN} ]]; then
export SOURCE_MAVEN=https://development.galasa.dev/main/maven-repo/gradle/
info "SOURCE_MAVEN repo defaulting to ${SOURCE_MAVEN}."
info "Set this environment variable if you want to over-ride this value."
else
info "SOURCE_MAVEN set to ${SOURCE_MAVEN} by caller."
fi
# Create a temporary dir.
# Note: This bash 'spell' works in OSX and Linux.
if [[ -z ${LOGS_DIR} ]]; then
export LOGS_DIR=$(mktemp -d 2>/dev/null || mktemp -d -t "galasa-logs")
info "Logs are stored in the ${LOGS_DIR} folder."
info "Over-ride this setting using the LOGS_DIR environment variable."
else
mkdir -p ${LOGS_DIR} 2>&1 > /dev/null # Don't show output. We don't care if it already existed.
info "Logs are stored in the ${LOGS_DIR} folder."
info "Over-ridden by caller using the LOGS_DIR variable."
fi
LOG_FILE=${LOGS_DIR}/${project}.txt
info "Log will be placed at ${LOG_FILE}"
cd ${BASEDIR}/${source_dir}
if [[ -z $GPG_PASSPHRASE ]]; then
info "No GPG_PASSPHRASE environment variable set. So challenging using the terminal instead."
MVN_FLAGS=""
else
info "Environment variable GPG_PASSPHRASE being used to sign and verify"
MVN_FLAGS=" -Dgpg.passphrase=${GPG_PASSPHRASE}"
fi
mvn clean install ${MVN_FLAGS} 2>&1 > ${LOG_FILE}
rc=$? ; if [[ "${rc}" != "0" ]]; then cat ${LOG_FILE} ; error "Failed to build ${project}" ; exit 1 ; fi
check_secrets
cat ${LOG_FILE} | grep --ignore-case "warning"
cat ${LOG_FILE} | grep --ignore-case "error"
cat ${LOG_FILE} | grep --ignore-case "fail"
success "Project ${project} built - OK - log is at ${LOG_FILE}"