Commit 459d418d authored by Andrew Newdigate's avatar Andrew Newdigate

Merge branch 'sanity-check' into 'master'

Harden the scripts against symlinks

See merge request gitlab-com/migration!174
parents 3b2e3e0b 41c58a4c
Pipeline #88485 passed with stage
in 13 seconds
......@@ -18,3 +18,4 @@ references:
- apk add --no-cache bash
script:
- bash -x ./bin/check-script-references
- ./bin/sanity-check-scripts
#!/usr/bin/env bash
set -euo pipefail
IFS=$'\n\t'
ROOT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
function find_scripts() {
find "${ROOT_DIR}/scripts" -type f -name "*.sh"
}
find_scripts | while IFS='' read -r file; do
# Ensures all the ../.. references are correct....
if [[ -x ${file} ]]; then
echo "${file}"
SANITY_CHECK_ONLY=1 "${file}"
fi
done
......@@ -4,11 +4,13 @@ set -euo pipefail
IFS=$'\n\t'
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
UNSYMLINKED_SCRIPT_DIR="$(greadlink -f "${SCRIPT_DIR}" || readlink "${SCRIPT_DIR}" || echo "${SCRIPT_DIR}")"
# shellcheck disable=SC1091,SC1090
source "${SCRIPT_DIR}/../../../workflow-script-commons.sh"
source "${UNSYMLINKED_SCRIPT_DIR}/../../../workflow-script-commons.sh"
# --------------------------------------------------------------
PRODUCTION_ONLY
cat <<EOD
......
......@@ -4,8 +4,9 @@ set -euo pipefail
IFS=$'\n\t'
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
UNSYMLINKED_SCRIPT_DIR="$(greadlink -f "${SCRIPT_DIR}" || readlink "${SCRIPT_DIR}" || echo "${SCRIPT_DIR}")"
# shellcheck disable=SC1091,SC1090
source "${SCRIPT_DIR}/../../../workflow-script-commons.sh"
source "${UNSYMLINKED_SCRIPT_DIR}/../../../workflow-script-commons.sh"
# --------------------------------------------------------------
......
......@@ -4,8 +4,9 @@ set -euo pipefail
IFS=$'\n\t'
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
UNSYMLINKED_SCRIPT_DIR="$(greadlink -f "${SCRIPT_DIR}" || readlink "${SCRIPT_DIR}" || echo "${SCRIPT_DIR}")"
# shellcheck disable=SC1091,SC1090
source "${SCRIPT_DIR}/../../../workflow-script-commons.sh"
source "${UNSYMLINKED_SCRIPT_DIR}/../../../workflow-script-commons.sh"
# --------------------------------------------------------------
......
#!/usr/bin/env bash
# Used for sanity checking the scripts
if [[ -n ${SANITY_CHECK_ONLY:=} ]]; then
exit 0
fi
# Everything is logged!
if [[ -z ${LOGGING_CONFIGURED:=} ]]; then
export LOGGING_CONFIGURED=1
......@@ -87,7 +92,7 @@ function header() {
========================================================
Script: $full_path
User: ${SUDO_USER:=$USER}
Rev: $(git rev-parse --short HEAD)
Rev: $(git -C "$(dirname "${BASH_SOURCE[0]}" )/.." rev-parse --short HEAD)
========================================================
EOD
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment