mirror of
https://github.com/hasura/graphql-engine.git
synced 2024-12-15 01:12:56 +03:00
1c801e7223
…pendencies Created in the process of hunting down a bug PR-URL: https://github.com/hasura/graphql-engine-mono/pull/10613 GitOrigin-RevId: 7b44e7234c6b7be9ed7926a14c1cf9aa5f3c48e1
43 lines
1.3 KiB
Bash
Executable File
43 lines
1.3 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
shopt -s globstar
|
|
|
|
## This tries to audit our transitive dependencies for occurrences of
|
|
## problematic imports or function names. very basic for now, can be
|
|
## extended. For now depends on ripgrep.
|
|
if [ -z "$1" ]; then
|
|
echo "pass search string as first argument"
|
|
exit 1
|
|
fi
|
|
|
|
REPO_TOPLEVEL=$(git rev-parse --show-toplevel)
|
|
FREEZE_FILE="$REPO_TOPLEVEL/cabal.project.freeze"
|
|
|
|
if [ ! -f "$FREEZE_FILE" ]; then
|
|
echo "Freeze file not found"
|
|
exit 1
|
|
fi
|
|
|
|
# Temp dir in RAM so we don't thrash SSD
|
|
TEMP_DIR=$(mktemp -d /dev/shm/hasura_dep_audit.XXXXXX)
|
|
function cleanup {
|
|
rmdir "$TEMP_DIR" || echo "$TEMP_DIR was not empty and could not be removed so it probably contains matching libraries you'll want to check out by hand"
|
|
}
|
|
trap cleanup EXIT
|
|
|
|
# Read the freeze file and extract package names and versions
|
|
rg '^.* any\.([^ ]*) ==([^,]*),?' -r '$1-$2' "$FREEZE_FILE" | while read -r pkg_identifier; do
|
|
# Download the package
|
|
cabal get -d "$TEMP_DIR" "$pkg_identifier" >/dev/null || echo " continuing anyway..."
|
|
|
|
if rg -q "$1" -ths "${TEMP_DIR:?}/$pkg_identifier"; then
|
|
echo
|
|
echo "Occurrence in $pkg_identifier"
|
|
else
|
|
echo -n .
|
|
# Clean up if nothing to see
|
|
rm -rf "${TEMP_DIR:?}/$pkg_identifier"
|
|
fi
|
|
done
|
|
|