From 6eb8d22be6f530cd389f0f0e0827349fd8d80101 Mon Sep 17 00:00:00 2001 From: Robin Schneider Date: Wed, 25 Dec 2019 22:54:30 +0100 Subject: [PATCH 1/3] package_web_vault.sh uses bash features -> needs to be called with bash This is also what the Shebang says already! I assume this worked before because sh was symlinked to bash. You should not rely on this! --- package_all.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) mode change 100644 => 100755 package_all.sh diff --git a/package_all.sh b/package_all.sh old mode 100644 new mode 100755 index 3bd1da7..4b4582a --- a/package_all.sh +++ b/package_all.sh @@ -3,19 +3,19 @@ export UPLOAD_VAULT="n" export WEB_REF="v2.5.0" -sh package_web_vault.sh +bash package_web_vault.sh export WEB_REF="v2.6.0" -sh package_web_vault.sh +bash package_web_vault.sh export WEB_REF="v2.6.1" -sh package_web_vault.sh +bash package_web_vault.sh export WEB_REF="v2.7.0" -sh package_web_vault.sh +bash package_web_vault.sh export WEB_REF="v2.7.1" -sh package_web_vault.sh +bash package_web_vault.sh export WEB_REF="v2.8.0" -sh package_web_vault.sh \ No newline at end of file +bash package_web_vault.sh From 784a55854f8bd40f1056622e4c368b2cfb6b0eff Mon Sep 17 00:00:00 2001 From: Robin Schneider Date: Wed, 25 Dec 2019 23:59:26 +0100 Subject: [PATCH 2/3] Fix up script with suggestions from ShellCheck and minor fixes * `set -o pipefail -o errexit` exit early on error. This is very useful to not overlook errors that might not fully break the build but tamper with the end result. * Fix `mkdir OUTPUT_FOLDER` fail * Rework git checkout stuff to only run needed commands. --- package_web_vault.sh | 48 +++++++++++++++++++++++--------------------- 1 file changed, 25 insertions(+), 23 deletions(-) mode change 100644 => 100755 package_web_vault.sh diff --git a/package_web_vault.sh b/package_web_vault.sh old mode 100644 new mode 100755 index 6284574..97bbf7d --- a/package_web_vault.sh +++ b/package_web_vault.sh @@ -1,63 +1,65 @@ #!/bin/bash +set -o pipefail -o errexit # Error handling handle_error() { - read -n1 -r -p "FAILED: line $1, exit code $2. Press any key to exit..." key + read -n1 -r -p "FAILED: line $1, exit code $2. Press any key to exit..." _ exit 1 } trap 'handle_error $LINENO $?' ERR # Ask for ref if not provided -if [[ -z $WEB_REF ]]; then - read -p "Input a git ref (commit hash, branch name, tag name, 'master'): " input - WEB_REF=$input +if [[ -z "$WEB_REF" ]]; then + read -rp "Input a git ref (commit hash, branch name, tag name, 'master'): " input + WEB_REF="$input" fi # Ask if the result will be uploaded to github releases if [[ -z $UPLOAD_VAULT ]]; then - read -p "Upload the result to GitHub Releases? (y/n): " input - UPLOAD_VAULT=$input + read -rp "Upload the result to GitHub Releases? (y/n): " input + UPLOAD_VAULT="$input" fi # If a patch was not provided, try to choose one if [[ -z $PATCH_NAME ]]; then # If a patch with the same name as the ref exists, use it - if [ -f patches/$WEB_REF.patch ]; then + if [ -f "patches/$WEB_REF.patch" ]; then echo "Patch file found, using that" - PATCH_NAME=$WEB_REF.patch + PATCH_NAME="$WEB_REF.patch" else echo "Patch file not found, using latest" # If not, use the latest one - PATCH_NAME=$(ls patches | sort -V | tail -n1) + PATCH_NAME="$(find patches -printf "%f\\n" | sort -V | tail -n1)" fi fi -echo "Building git ref: " $WEB_REF -echo "Using patch: " $PATCH_NAME +echo "Building git ref: $WEB_REF" +echo "Using patch: $PATCH_NAME" VAULT_FOLDER=web-vault OUTPUT_FOLDER=builds -OUTPUT_NAME=$OUTPUT_FOLDER/bw_web_$WEB_REF.tar.gz -OUTPUT_MSG=$OUTPUT_NAME.text +OUTPUT_NAME="$OUTPUT_FOLDER/bw_web_$WEB_REF.tar.gz" +OUTPUT_MSG="$OUTPUT_NAME.text" + +mkdir -p "$OUTPUT_FOLDER" # If this is the first time, clone the project -if [ ! -d $VAULT_FOLDER ]; then - git clone https://github.com/bitwarden/web.git $VAULT_FOLDER - mkdir OUTPUT_FOLDER +if [ ! -d "$VAULT_FOLDER" ]; then + git clone --recursive https://github.com/bitwarden/web.git "$VAULT_FOLDER" fi cd $VAULT_FOLDER # Clean -git checkout . -git submodule foreach --recursive git checkout . +git checkout -f # Update branch git fetch --tags git pull origin master # Checkput the branch we want -git checkout $WEB_REF +git checkout "$WEB_REF" +git submodule update --recursive --init # Update submodule npm run sub:update @@ -67,7 +69,7 @@ npm run sub:update ## How to apply patches # git apply changes.patch -git apply ../patches/$PATCH_NAME +git apply "../patches/$PATCH_NAME" # Build npm install @@ -78,13 +80,13 @@ npm run dist # Prepare the final archives cd build -tar -czvf ../../$OUTPUT_NAME * --owner=0 --group=0 +tar -czvf "../../$OUTPUT_NAME" ./* --owner=0 --group=0 cd ../.. if [[ $UPLOAD_VAULT =~ ^[Yy]$ ]] then - sed "s//$WEB_REF/g" release_template.md > $OUTPUT_MSG + sed "s//$WEB_REF/g" release_template.md > "$OUTPUT_MSG" # Install from here: https://hub.github.com/ - hub release create -o -a $OUTPUT_NAME -F $OUTPUT_MSG $WEB_REF + hub release create -o -a "$OUTPUT_NAME" -F "$OUTPUT_MSG $WEB_REF" fi From 5a7d0a95bc3d4acb88489ad0fc60f67c76353b15 Mon Sep 17 00:00:00 2001 From: Robin Schneider Date: Thu, 26 Dec 2019 00:02:33 +0100 Subject: [PATCH 3/3] =?UTF-8?q?We=20are=20not=20upstream=20so=20we=20don?= =?UTF-8?q?=E2=80=99t=20run:=20`git=20submodule=20update=20--remote`?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Running `git submodule update --recursive --init` should be totally fine for us and it gives us more auditability because then the submodule commit hash is pinned by the main git repo tag. --- package_web_vault.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/package_web_vault.sh b/package_web_vault.sh index 97bbf7d..1711886 100755 --- a/package_web_vault.sh +++ b/package_web_vault.sh @@ -61,9 +61,6 @@ git pull origin master git checkout "$WEB_REF" git submodule update --recursive --init -# Update submodule -npm run sub:update - ## How to create patches # git --no-pager diff --no-color --minimal > changes.patch ## How to apply patches