mirror of
https://github.com/digital-asset/daml.git
synced 2024-09-20 17:28:46 +03:00
8e905b34c0
Currently the return code of the function is the return code of the `eval "$restore_trap"` line, whereas semantically we want the return code of the `gsutil` call. This is not an issue in most cases as the `set -e` should kick in, but if the function appears as the condition in an `if` statement the `-e` flag is suspended. The main use-case right now is that the daily license check is _not_ uploading artifacts. CHANGELOG_BEGIN CHANGELOG_END
107 lines
4.3 KiB
YAML
107 lines
4.3 KiB
YAML
# Copyright (c) 2020 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
parameters:
|
|
var_name: ''
|
|
|
|
steps:
|
|
- bash: |
|
|
set -euo pipefail
|
|
TMP=$(mktemp)
|
|
cat > $TMP <<'END'
|
|
get_gh_auth_header() {
|
|
# Credentials are persisted in a different way on GCP and Azure nodes.
|
|
if header=$(git config 'http.https://github.com/digital-asset/daml.extraheader'); then
|
|
# On Azure nodes, the auth header is stored directly in the git
|
|
# config.
|
|
echo $header
|
|
else
|
|
# On GCP nodes, the credentials are stored as part of the remote
|
|
# url instead of as a separate header. The format is
|
|
# https://username:password@github.com/:user/:repo.git
|
|
echo "Authorization: basic $(git config remote.origin.url | grep -o '://.*:.*@' | cut -c4- | rev | cut -c2- | rev | tr -d '\n' | base64 -w0)"
|
|
fi
|
|
}
|
|
tell_slack() {
|
|
local message channel
|
|
message="$1"
|
|
channel=${2:-$(Slack.team-daml)}
|
|
jq -n --arg message "$message" '{"text": $message}' \
|
|
| curl -XPOST -i -H 'Content-Type: application/json' -d @- $channel
|
|
}
|
|
gcs() {
|
|
local args cleanup cmd cred key restore_trap ret
|
|
ret=1
|
|
|
|
cred="$1"
|
|
cmd="$2"
|
|
args=(${@:3})
|
|
|
|
key=$(mktemp)
|
|
# There may already be a trap; this will save it
|
|
restore_trap=$(trap -p EXIT)
|
|
cleanup="rm -rf $key ~/.config/gcloud"
|
|
trap "$cleanup" EXIT
|
|
echo "$cred" > $key
|
|
gcloud auth activate-service-account --key-file=$key
|
|
|
|
BOTO_CONFIG=/dev/null gsutil $cmd "${args[@]}"
|
|
ret=$?
|
|
eval "$cleanup"
|
|
trap - EXIT
|
|
eval "$restore_trap"
|
|
return $ret
|
|
}
|
|
gpg_verify() {
|
|
local key gpg_dir signature_file res
|
|
signature_file=$1
|
|
key=$(mktemp)
|
|
cat > $key <<PUB_KEY
|
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
|
|
mQENBFzdsasBCADO+ZcfZQATP6ceTh4WfXiL2Z2tetvUZGfTaEs/UfBoJPmQ53bN
|
|
90MxudKhgB2mi8DuifYnHfLCvkxSgzfhj2IogV1S+Fa2x99Y819GausJoYfK9gwc
|
|
8YWKEkM81F15jA5UWJTsssKNxUddr/sxJIHIFfqGRQ0e6YeAcc5bOAogBE8UrmxE
|
|
uGfOt9/MvLpDewjDE+2lQOFi9RZuy7S8RMJLTiq2JWbO5yI50oFKeMQy/AJPmV7y
|
|
qAyYUIeZZxvrYeBWi5JDsZ2HOSJPqV7ttD2MvkyXcJCW/Xf8FcleAoWJU09RwVww
|
|
BhZSDz+9mipwZBHENILMuVyEygG5A+vc/YptABEBAAG0N0RpZ2l0YWwgQXNzZXQg
|
|
SG9sZGluZ3MsIExMQyA8c2VjdXJpdHlAZGlnaXRhbGFzc2V0LmNvbT6JAVQEEwEI
|
|
AD4WIQRJEajf6Xas36BxMNvoNywMHHNMUQUCXN2xqwIbAwUJA8JnAAULCQgHAgYV
|
|
CgkICwIEFgIDAQIeAQIXgAAKCRDoNywMHHNMUeVdCACAEwJ9f0DAKkhwQcg1RG4O
|
|
RiyWZ7h0nC4XSdmDUe5RhcrU8xUhiyYqKFVCRtYC0BILC/7bQCJcQUkvUH+hY5rK
|
|
MZM+jeBDLZToEQaZgytkyvRPzaKKx6LrvbGLoOyBgFGi9X9a5thXrAZaKN8Cgp2d
|
|
0OFDXMi+ep+x0hbmlxtPYhHXcdr2u/BwT1nsEVZn1uTefwcfom8aKw3uOmLQdE+2
|
|
5eM4GvLC7sJvrlbNLt0FCbty3hvdfINrIOEPj5yjguY4kKewzfZTG7ygccJQ4eyh
|
|
8HnPFcuBJCCGwOsFsccViX5wevijfGie9tyVeLGZdV2k6aElWDuRVRWKQtrfL0Xk
|
|
uQENBFzdsasBCAC5fr5pqxFm+AWPc7wiBSt7uKNdxiRJYydeoPqgmYZTvc8Um8pI
|
|
6JHtUrNxnx4WWKtj6iSPn5pSUrJbue4NAUsBF5O9LZ0fcQKb5diZLGHKtOZttCaj
|
|
Iryp1Rm961skmPmi3yYaHXq4GC/05Ra/bo3C+ZByv/W0JzntOxA3Pvc3c8Pw5sBm
|
|
63xu7iRrnJBtyFGD+MuAZxbN8dwYX0OcmwuSFGxf/wa+aB8b7Ut9RP76sbDvFaXx
|
|
Ef314k8AwxUvlv+ozdNWmEBxp1wR/Fra9i8EbC0V6EkCcModRhjbaNSPIbgkC0ka
|
|
2cgYp1UDgf9FrKvkuir70dg75qSrPRwvFghrABEBAAGJATwEGAEIACYWIQRJEajf
|
|
6Xas36BxMNvoNywMHHNMUQUCXN2xqwIbDAUJA8JnAAAKCRDoNywMHHNMUZYBCACW
|
|
wXLl3untEom4VwzTfvc4xwLThjnNDhewW8LfudYh3ZUbxnqH9jlmZjTALllr+66f
|
|
+TB1B8EGO5nTV5TxzE2s2rF9+S3Qj2hl1+PyVFjy1p93mUaWOz33sGlpXLOi5/p4
|
|
9ekSKOzyVYWvMm3FoDagqMCPvSMJ0AN8CJwrCeWyMcGcY+ohzajXKXpJ1vBdzaUU
|
|
LTZi2uRiN7cTZVAAOr1jO6Rcx4+EfmkjDW6ww/O/sWTDmsS1+Ge6zp9qZCspYX8d
|
|
7vBpuEUwEYpxVvxDR/TBztlfbQx4Pw+n1gpbXBO0BwJC9L67MS6yMUmuhSrw8UTI
|
|
JKX1t3MFLLpYQbaNwBgA
|
|
=5Xfu
|
|
-----END PGP PUBLIC KEY BLOCK-----
|
|
PUB_KEY
|
|
gpg_dir=$(mktemp -d)
|
|
GNUPGHOME=$gpg_dir gpg --no-tty --quiet --import $key
|
|
GNUPGHOME=$gpg_dir gpg --no-tty --quiet --command-fd 0 --edit-key 4911A8DFE976ACDFA07130DBE8372C0C1C734C51 << CMD
|
|
trust
|
|
4
|
|
quit
|
|
CMD
|
|
GNUPGHOME=$gpg_dir gpg --verify $signature_file
|
|
res=$?
|
|
rm -rf $gpg_dir $key
|
|
return $res
|
|
}
|
|
END
|
|
echo "##vso[task.setvariable variable=${{parameters.var_name}}]$TMP"
|
|
displayName: install Bash lib
|