Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
gitlab-com
migration
Commits
41c58a4c
Commit
41c58a4c
authored
Aug 03, 2018
by
Andrew Newdigate
Browse files
Harden the scripts against symlinks
parent
3b2e3e0b
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
32 additions
and
4 deletions
+32
-4
.gitlab-ci.yml
.gitlab-ci.yml
+1
-0
bin/sanity-check-scripts
bin/sanity-check-scripts
+18
-0
bin/scripts/02_failover/030_t-1d/010_gitlab_twitter_announcement.sh
...s/02_failover/030_t-1d/010_gitlab_twitter_announcement.sh
+3
-1
bin/scripts/02_failover/030_t-1d/020_gitlabstatus_twitter_announcement.sh
...ailover/030_t-1d/020_gitlabstatus_twitter_announcement.sh
+2
-1
bin/scripts/02_failover/050_t-1h/020_slack_announcement.sh
bin/scripts/02_failover/050_t-1h/020_slack_announcement.sh
+2
-1
bin/workflow-script-commons.sh
bin/workflow-script-commons.sh
+6
-1
No files found.
.gitlab-ci.yml
View file @
41c58a4c
...
...
@@ -18,3 +18,4 @@ references:
-
apk add --no-cache bash
script
:
-
bash -x ./bin/check-script-references
-
./bin/sanity-check-scripts
bin/sanity-check-scripts
0 → 100755
View file @
41c58a4c
#!/usr/bin/env bash
set
-euo
pipefail
IFS
=
$'
\n\t
'
ROOT_DIR
=
"
$(
cd
"
$(
dirname
"
${
BASH_SOURCE
[0]
}
"
)
"
&&
pwd
)
"
function
find_scripts
()
{
find
"
${
ROOT_DIR
}
/scripts"
-type
f
-name
"*.sh"
}
find_scripts |
while
IFS
=
''
read
-r
file
;
do
# Ensures all the ../.. references are correct....
if
[[
-x
${
file
}
]]
;
then
echo
"
${
file
}
"
SANITY_CHECK_ONLY
=
1
"
${
file
}
"
fi
done
bin/scripts/02_failover/030_t-1d/010_gitlab_twitter_announcement.sh
View file @
41c58a4c
...
...
@@ -4,11 +4,13 @@ set -euo pipefail
IFS
=
$'
\n\t
'
SCRIPT_DIR
=
"
$(
cd
"
$(
dirname
"
${
BASH_SOURCE
[0]
}
"
)
"
&&
pwd
)
"
UNSYMLINKED_SCRIPT_DIR
=
"
$(
greadlink
-f
"
${
SCRIPT_DIR
}
"
||
readlink
"
${
SCRIPT_DIR
}
"
||
echo
"
${
SCRIPT_DIR
}
"
)
"
# shellcheck disable=SC1091,SC1090
source
"
${
SCRIPT_DIR
}
/../../../workflow-script-commons.sh"
source
"
${
UNSYMLINKED_
SCRIPT_DIR
}
/../../../workflow-script-commons.sh"
# --------------------------------------------------------------
PRODUCTION_ONLY
cat
<<
EOD
...
...
bin/scripts/02_failover/030_t-1d/020_gitlabstatus_twitter_announcement.sh
View file @
41c58a4c
...
...
@@ -4,8 +4,9 @@ set -euo pipefail
IFS
=
$'
\n\t
'
SCRIPT_DIR
=
"
$(
cd
"
$(
dirname
"
${
BASH_SOURCE
[0]
}
"
)
"
&&
pwd
)
"
UNSYMLINKED_SCRIPT_DIR
=
"
$(
greadlink
-f
"
${
SCRIPT_DIR
}
"
||
readlink
"
${
SCRIPT_DIR
}
"
||
echo
"
${
SCRIPT_DIR
}
"
)
"
# shellcheck disable=SC1091,SC1090
source
"
${
SCRIPT_DIR
}
/../../../workflow-script-commons.sh"
source
"
${
UNSYMLINKED_
SCRIPT_DIR
}
/../../../workflow-script-commons.sh"
# --------------------------------------------------------------
...
...
bin/scripts/02_failover/050_t-1h/020_slack_announcement.sh
View file @
41c58a4c
...
...
@@ -4,8 +4,9 @@ set -euo pipefail
IFS
=
$'
\n\t
'
SCRIPT_DIR
=
"
$(
cd
"
$(
dirname
"
${
BASH_SOURCE
[0]
}
"
)
"
&&
pwd
)
"
UNSYMLINKED_SCRIPT_DIR
=
"
$(
greadlink
-f
"
${
SCRIPT_DIR
}
"
||
readlink
"
${
SCRIPT_DIR
}
"
||
echo
"
${
SCRIPT_DIR
}
"
)
"
# shellcheck disable=SC1091,SC1090
source
"
${
SCRIPT_DIR
}
/../../../workflow-script-commons.sh"
source
"
${
UNSYMLINKED_
SCRIPT_DIR
}
/../../../workflow-script-commons.sh"
# --------------------------------------------------------------
...
...
bin/workflow-script-commons.sh
View file @
41c58a4c
#!/usr/bin/env bash
# Used for sanity checking the scripts
if
[[
-n
${
SANITY_CHECK_ONLY
:
=
}
]]
;
then
exit
0
fi
# Everything is logged!
if
[[
-z
${
LOGGING_CONFIGURED
:
=
}
]]
;
then
export
LOGGING_CONFIGURED
=
1
...
...
@@ -87,7 +92,7 @@ function header() {
========================================================
Script:
$full_path
User:
${
SUDO_USER
:
=
$USER
}
Rev:
$(
git rev-parse
--short
HEAD
)
Rev:
$(
git
-C
"
$(
dirname
"
${
BASH_SOURCE
[0]
}
"
)
/.."
rev-parse
--short
HEAD
)
========================================================
EOD
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment