daml/ci/bash-lib.yml

166 lines
6.0 KiB
YAML
Raw Normal View History

# Copyright (c) 2021 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
# SPDX-License-Identifier: Apache-2.0
parameters:
var_name: ""
steps:
- bash: |
set -euo pipefail
TMP=$(mktemp)
cat > "$TMP" <<'END'
PROJ_DIR="$PWD"
escape_slack() {
local r
r="$1"
r="${r//&/&amp;}"
r="${r//>/&gt;}"
r="${r//</&lt;}"
echo "$r"
}
get_gh_auth_header() {
# Credentials are persisted in a different way on GCP and Azure nodes.
if header=$(git config 'http.https://github.com/digital-asset/daml.extraheader'); then
# On Azure nodes, the auth header is stored directly in the git
# config.
echo $header
else
# On GCP nodes, the credentials are stored as part of the remote
# url instead of as a separate header. The format is
# https://username:password@github.com/:user/:repo.git
echo "Authorization: basic $(git config remote.origin.url | grep -o '://.*:.*@' | cut -c4- | rev | cut -c2- | rev | tr -d '\n' | base64 -w0)"
fi
}
open_pr() {
local branch title
branch="$1"
title="$2"
git branch -D $branch || true
git checkout -b $branch
git -c user.name="Azure Pipelines DAML Build" \
-c user.email="support@digitalasset.com" \
commit \
-m "$(printf "$title\n\nCHANGELOG_BEGIN\nCHANGELOG_END\n")"
git push origin $branch:$branch
jq -n --arg title "$title" \
--arg branch "$branch" \
'{"title": $title, "head": $branch, "base": "main"}' \
| curl -H "Content-Type: application/json" \
-H "$(get_gh_auth_header)" \
--fail \
--silent \
--include \
--location \
-d @- \
https://api.github.com/repos/digital-asset/daml/pulls
}
user_slack_handle() {
local email sha
sha=$1
email=$(git log -n 1 --format=%ae $sha)
if cat ci/slack_user_ids | grep $email >/dev/null 2>&1; then
echo $(cat ci/slack_user_ids | grep $email | awk '{print $2}')
else
echo ""
fi
}
tell_slack() {
local message channel
message="$1"
channel=${2:-$(Slack.team-daml)}
jq -n --arg message "$message" '{"text": $message}' \
| curl -XPOST -i -H 'Content-Type: application/json' -d @- $channel
}
gcs() {
local args cleanup cmd cred key restore_trap ret
ret=1
cred="$1"
cmd="$2"
args=(${@:3})
key=$(mktemp)
# There may already be a trap; this will save it
restore_trap=$(trap -p EXIT)
config_dir=$(mktemp -d)
cleanup="rm -rf $key $config_dir"
trap "$cleanup; $restore_trap" EXIT
echo "$cred" > $key
export CLOUDSDK_CONFIG="$config_dir"
gcloud auth activate-service-account --key-file=$key
BOTO_CONFIG=/dev/null gsutil $cmd "${args[@]}"
ret=$?
eval "$cleanup"
trap - EXIT
eval "$restore_trap"
return $ret
}
gpg_verify() {
local key gpg_dir signature_file res
signature_file=$1
key=$(mktemp)
cat > $key <<PUB_KEY
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBFzdsasBCADO+ZcfZQATP6ceTh4WfXiL2Z2tetvUZGfTaEs/UfBoJPmQ53bN
90MxudKhgB2mi8DuifYnHfLCvkxSgzfhj2IogV1S+Fa2x99Y819GausJoYfK9gwc
8YWKEkM81F15jA5UWJTsssKNxUddr/sxJIHIFfqGRQ0e6YeAcc5bOAogBE8UrmxE
uGfOt9/MvLpDewjDE+2lQOFi9RZuy7S8RMJLTiq2JWbO5yI50oFKeMQy/AJPmV7y
qAyYUIeZZxvrYeBWi5JDsZ2HOSJPqV7ttD2MvkyXcJCW/Xf8FcleAoWJU09RwVww
BhZSDz+9mipwZBHENILMuVyEygG5A+vc/YptABEBAAG0N0RpZ2l0YWwgQXNzZXQg
SG9sZGluZ3MsIExMQyA8c2VjdXJpdHlAZGlnaXRhbGFzc2V0LmNvbT6JAVQEEwEI
AD4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQRJEajf6Xas36BxMNvoNywM
HHNMUQUCYHxZ3AUJB2EPMAAKCRDoNywMHHNMUfJpB/9Gj7Kce6qtrXj4f54eLOf1
RpKYUnBcBWjmrnj8eS9AYLy7C1nkpP4H8OAlDJWxslnY6MjMOYmPNgGzf4/MONxa
PuFbRdfyblkUfujXikI2GFXwyUDEp9J0WOTC9LmZkRxf92bFxTy9rD+Lx9EeBPdi
nfyID2TOKH0fY0pawqjjvnLyVb/WfNUogkhLRpDXFWrykCWDaWQmFgDkLU2nYkb+
YyEfWq4cgF3Sbsa43AToRUpU16rldPwClmtDPS8Ba/SxvcU3l+9ksdcTsIko8BEy
Bw0K5xkRenEDDwpZvTA2bHLs3iBWW6WC52wyUOLzar+ha/YRgNjb8YBlkYbLbwaN
uQENBFzdsasBCAC5fr5pqxFm+AWPc7wiBSt7uKNdxiRJYydeoPqgmYZTvc8Um8pI
6JHtUrNxnx4WWKtj6iSPn5pSUrJbue4NAUsBF5O9LZ0fcQKb5diZLGHKtOZttCaj
Iryp1Rm961skmPmi3yYaHXq4GC/05Ra/bo3C+ZByv/W0JzntOxA3Pvc3c8Pw5sBm
63xu7iRrnJBtyFGD+MuAZxbN8dwYX0OcmwuSFGxf/wa+aB8b7Ut9RP76sbDvFaXx
Ef314k8AwxUvlv+ozdNWmEBxp1wR/Fra9i8EbC0V6EkCcModRhjbaNSPIbgkC0ka
2cgYp1UDgf9FrKvkuir70dg75qSrPRwvFghrABEBAAGJATwEGAEIACYCGwwWIQRJ
Eajf6Xas36BxMNvoNywMHHNMUQUCYHxZ3AUJB2EPMQAKCRDoNywMHHNMUYXRB/0b
Ln55mfnhJUFwaL49Le5I74EoL4vCAya6aDDVx/C7PJlVfr+cXZi9gNJn9RTAjCz3
4yQeg3AFhqvTK/bEH7RvAfqeUf8TqPjI/qDacSFDhZjdsg3GMDolXp0oubp9mN+Y
JFowLzulJ7DXFVyICozuWeixcjtKzlePX0GW80kcPzXCNwukcMrwCf45+OzF6YMb
yA2FyBmjjgAlHKM/oUapVoD2hmO3ptC5CAkfslxrsIUAfoStez9MrGoX1JOCu4qm
aODLV3Mlty4HhdtO2o+Akh6ay5fnrXQ5r2kGa1ICrfoFFKs7oWpSDbsTsgQKexFC
rLmmBKjG6RQfWJyVSUc8
=pVlb
-----END PGP PUBLIC KEY BLOCK-----
PUB_KEY
gpg_dir=$(mktemp -d)
GNUPGHOME=$gpg_dir gpg --no-tty --quiet --import $key
GNUPGHOME=$gpg_dir gpg --no-tty --quiet --command-fd 0 --edit-key 4911A8DFE976ACDFA07130DBE8372C0C1C734C51 << CMD
trust
4
quit
CMD
GNUPGHOME=$gpg_dir gpg --verify $signature_file
res=$?
rm -rf $gpg_dir $key
return $res
}
setvar() {
echo "Setting '$1' to '$2'"
echo "##vso[task.setvariable variable=$1;isOutput=true]$2"
}
next_in_rotation() {
awk '/^[^#]/ {print $0}' "$PROJ_DIR/release/rotation" | head -n 1
}
next_in_rotation_slack() {
next_in_rotation | awk '{print $1}'
}
next_in_rotation_github() {
next_in_rotation | awk '{print $2}'
}
END
echo "##vso[task.setvariable variable=${{parameters.var_name}}]$TMP"
displayName: install Bash lib
condition: always()