graphql-engine/scripts/haskell-transitive-dependency-import-audit.sh

#!/usr/bin/env bash
set -euo pipefail
shopt -s globstar

## This tries to audit our transitive dependencies for occurrences of
## problematic imports or function names.  very basic for now, can be 
## extended. For now depends on ripgrep.
if [ -z "$1" ]; then
    echo "pass search string as first argument"
    exit 1
fi

REPO_TOPLEVEL=$(git rev-parse --show-toplevel)
FREEZE_FILE="$REPO_TOPLEVEL/cabal.project.freeze"

if [ ! -f "$FREEZE_FILE" ]; then
    echo "Freeze file not found"
    exit 1
fi

# Temp dir in RAM so we don't thrash SSD
TEMP_DIR=$(mktemp -d /dev/shm/hasura_dep_audit.XXXXXX)
function cleanup {
    rmdir "$TEMP_DIR" || echo "$TEMP_DIR was not empty and could not be removed so it probably contains matching libraries you'll want to check out by hand"
}
trap cleanup EXIT

# Read the freeze file and extract package names and versions
rg '^.* any\.([^ ]*) ==([^,]*),?' -r '$1-$2' "$FREEZE_FILE" | while read -r pkg_identifier; do
    # Download the package
    cabal get -d "$TEMP_DIR" "$pkg_identifier" >/dev/null || echo "   continuing anyway..."

    if rg -q "$1" -ths "${TEMP_DIR:?}/$pkg_identifier"; then
        echo
        echo "Occurrence in $pkg_identifier"
    else
        echo -n .
        # Clean up if nothing to see
        rm -rf "${TEMP_DIR:?}/$pkg_identifier"
    fi
done
scripts: add script for searching source of all haskell transitive de… …pendencies Created in the process of hunting down a bug PR-URL: https://github.com/hasura/graphql-engine-mono/pull/10613 GitOrigin-RevId: 7b44e7234c6b7be9ed7926a14c1cf9aa5f3c48e1 2024-01-19 00:04:27 +03:00			`#!/usr/bin/env bash`
			`set -euo pipefail`
			`shopt -s globstar`

			`## This tries to audit our transitive dependencies for occurrences of`
			`## problematic imports or function names. very basic for now, can be`
			`## extended. For now depends on ripgrep.`
			`if [ -z "$1" ]; then`
			`echo "pass search string as first argument"`
			`exit 1`
			`fi`

			`REPO_TOPLEVEL=$(git rev-parse --show-toplevel)`
			`FREEZE_FILE="$REPO_TOPLEVEL/cabal.project.freeze"`

			`if [ ! -f "$FREEZE_FILE" ]; then`
			`echo "Freeze file not found"`
			`exit 1`
			`fi`

			`# Temp dir in RAM so we don't thrash SSD`
			`TEMP_DIR=$(mktemp -d /dev/shm/hasura_dep_audit.XXXXXX)`
			`function cleanup {`
			`rmdir "$TEMP_DIR" \|\| echo "$TEMP_DIR was not empty and could not be removed so it probably contains matching libraries you'll want to check out by hand"`
			`}`
			`trap cleanup EXIT`

			`# Read the freeze file and extract package names and versions`
			`rg '^.* any\.([^ ]) ==([^,]),?' -r '$1-$2' "$FREEZE_FILE" \| while read -r pkg_identifier; do`
			`# Download the package`
			`cabal get -d "$TEMP_DIR" "$pkg_identifier" >/dev/null \|\| echo " continuing anyway..."`

			`if rg -q "$1" -ths "${TEMP_DIR:?}/$pkg_identifier"; then`
			`echo`
			`echo "Occurrence in $pkg_identifier"`
			`else`
			`echo -n .`
			`# Clean up if nothing to see`
			`rm -rf "${TEMP_DIR:?}/$pkg_identifier"`
			`fi`
			`done`