diff --git a/.buildkite/hooks/pre-command b/.buildkite/hooks/pre-command index b4db049dbe..0a873082e0 100644 --- a/.buildkite/hooks/pre-command +++ b/.buildkite/hooks/pre-command @@ -3,7 +3,8 @@ source .buildkite/scripts/tooling.sh set -euo pipefail -export GO_VERSION=$(cat .go-version) +GO_VERSION=$(cat .go-version) +export GO_VERSION GCP_SERVICE_ACCOUNT_SECRET_PATH=secret/ci/elastic-elastic-package/gcp-service-account AWS_SERVICE_ACCOUNT_SECRET_PATH=kv/ci-shared/platform-ingest/aws_account_auth @@ -17,12 +18,15 @@ PRIVATE_CI_GCS_CREDENTIALS_PATH=kv/ci-shared/platform-ingest/private_ci_artifact # https://buildkite.com/docs/pipelines/managing-log-output#redacted-environment-variables if [[ "$BUILDKITE_PIPELINE_SLUG" == "elastic-package" && ("$BUILDKITE_STEP_KEY" =~ ^integration-parallel || "$BUILDKITE_STEP_KEY" =~ ^integration-false_positives) ]]; then - export PRIVATE_CI_GCS_CREDENTIALS_SECRET=$(retry 5 vault kv get -field plaintext ${PRIVATE_CI_GCS_CREDENTIALS_PATH}) + PRIVATE_CI_GCS_CREDENTIALS_SECRET=$(retry 5 vault kv get -field plaintext ${PRIVATE_CI_GCS_CREDENTIALS_PATH}) + export PRIVATE_CI_GCS_CREDENTIALS_SECRET fi if [[ "$BUILDKITE_PIPELINE_SLUG" == "elastic-package" && "$BUILDKITE_STEP_KEY" == "integration-parallel-gcp" ]]; then - export ELASTIC_PACKAGE_GCP_PROJECT_SECRET=$(retry 5 vault read -field projectId ${GCP_SERVICE_ACCOUNT_SECRET_PATH}) - export ELASTIC_PACKAGE_GCP_CREDENTIALS_SECRET=$(retry 5 vault read -field credentials ${GCP_SERVICE_ACCOUNT_SECRET_PATH}) + ELASTIC_PACKAGE_GCP_PROJECT_SECRET=$(retry 5 vault read -field projectId ${GCP_SERVICE_ACCOUNT_SECRET_PATH}) + export ELASTIC_PACKAGE_GCP_PROJECT_SECRET + ELASTIC_PACKAGE_GCP_CREDENTIALS_SECRET=$(retry 5 vault read -field credentials ${GCP_SERVICE_ACCOUNT_SECRET_PATH}) + export ELASTIC_PACKAGE_GCP_CREDENTIALS_SECRET # Environment variables required by the service deployer export GOOGLE_CREDENTIALS=${ELASTIC_PACKAGE_GCP_CREDENTIALS_SECRET} @@ -30,8 +34,10 @@ if [[ "$BUILDKITE_PIPELINE_SLUG" == "elastic-package" && "$BUILDKITE_STEP_KEY" = fi if [[ "$BUILDKITE_PIPELINE_SLUG" == "elastic-package" && ("$BUILDKITE_STEP_KEY" == "integration-parallel-aws" || "$BUILDKITE_STEP_KEY" == "integration-parallel-aws_logs") ]]; then - export ELASTIC_PACKAGE_AWS_SECRET_KEY=$(retry 5 vault kv get -field secret_key ${AWS_SERVICE_ACCOUNT_SECRET_PATH}) - export ELASTIC_PACKAGE_AWS_ACCESS_KEY=$(retry 5 vault kv get -field access_key ${AWS_SERVICE_ACCOUNT_SECRET_PATH}) + ELASTIC_PACKAGE_AWS_SECRET_KEY=$(retry 5 vault kv get -field secret_key ${AWS_SERVICE_ACCOUNT_SECRET_PATH}) + export ELASTIC_PACKAGE_AWS_SECRET_KEY + ELASTIC_PACKAGE_AWS_ACCESS_KEY=$(retry 5 vault kv get -field access_key ${AWS_SERVICE_ACCOUNT_SECRET_PATH}) + export ELASTIC_PACKAGE_AWS_ACCESS_KEY # Environment variables required by the service deployer export AWS_SECRET_ACCESS_KEY=${ELASTIC_PACKAGE_AWS_SECRET_KEY} @@ -39,23 +45,32 @@ if [[ "$BUILDKITE_PIPELINE_SLUG" == "elastic-package" && ("$BUILDKITE_STEP_KEY" fi if [[ "$BUILDKITE_PIPELINE_SLUG" == "elastic-package" && "$BUILDKITE_STEP_KEY" == "release" ]]; then - export GITHUB_TOKEN=$(retry 5 vault kv get -field token ${GITHUB_TOKEN_VAULT_PATH}) + GITHUB_TOKEN=$(retry 5 vault kv get -field token ${GITHUB_TOKEN_VAULT_PATH}) + export GITHUB_TOKEN fi if [[ "$BUILDKITE_PIPELINE_SLUG" == "elastic-package-package-storage-publish" && "$BUILDKITE_STEP_KEY" == "sign-publish" ]]; then - export JENKINS_USERNAME_SECRET=$(retry 5 vault kv get -field username ${JENKINS_API_TOKEN_PATH}) - export JENKINS_HOST_SECRET=$(retry 5 vault kv get -field internal_ci_host ${JENKINS_API_TOKEN_PATH}) - export JENKINS_TOKEN=$(retry 5 vault kv get -field internal_ci ${JENKINS_API_TOKEN_PATH}) + JENKINS_USERNAME_SECRET=$(retry 5 vault kv get -field username ${JENKINS_API_TOKEN_PATH}) + export JENKINS_USERNAME_SECRET + JENKINS_HOST_SECRET=$(retry 5 vault kv get -field internal_ci_host ${JENKINS_API_TOKEN_PATH}) + export JENKINS_HOST_SECRET + JENKINS_TOKEN=$(retry 5 vault kv get -field internal_ci ${JENKINS_API_TOKEN_PATH}) + export JENKINS_TOKEN # signing job - export SIGNING_PACKAGES_GCS_CREDENTIALS_SECRET=$(retry 5 vault kv get -field value ${SIGNING_PACKAGES_GCS_CREDENTIALS_PATH}) + SIGNING_PACKAGES_GCS_CREDENTIALS_SECRET=$(retry 5 vault kv get -field value ${SIGNING_PACKAGES_GCS_CREDENTIALS_PATH}) + export SIGNING_PACKAGES_GCS_CREDENTIALS_SECRET # publishing job - export PACKAGE_UPLOADER_GCS_CREDENTIALS_SECRET=$(retry 5 vault kv get -field value ${PACKAGE_UPLOADER_GCS_CREDENTIALS_PATH}) + PACKAGE_UPLOADER_GCS_CREDENTIALS_SECRET=$(retry 5 vault kv get -field value ${PACKAGE_UPLOADER_GCS_CREDENTIALS_PATH}) + export PACKAGE_UPLOADER_GCS_CREDENTIALS_SECRET fi if [[ "$BUILDKITE_PIPELINE_SLUG" == "elastic-package-test-with-integrations" && "$BUILDKITE_STEP_KEY" == "pr-integrations" ]]; then - export GITHUB_USERNAME_SECRET=$(retry 5 vault kv get -field username ${GITHUB_TOKEN_VAULT_PATH}) - export GITHUB_EMAIL_SECRET=$(retry 5 vault kv get -field email ${GITHUB_TOKEN_VAULT_PATH}) - export GITHUB_TOKEN=$(retry 5 vault kv get -field token ${GITHUB_TOKEN_VAULT_PATH}) + GITHUB_USERNAME_SECRET=$(retry 5 vault kv get -field username ${GITHUB_TOKEN_VAULT_PATH}) + export GITHUB_USERNAME_SECRET + GITHUB_EMAIL_SECRET=$(retry 5 vault kv get -field email ${GITHUB_TOKEN_VAULT_PATH}) + export GITHUB_EMAIL_SECRET + GITHUB_TOKEN=$(retry 5 vault kv get -field token ${GITHUB_TOKEN_VAULT_PATH}) + export GITHUB_TOKEN fi diff --git a/.buildkite/scripts/install_deps.sh b/.buildkite/scripts/install_deps.sh index d9e32a808e..a5b3116194 100755 --- a/.buildkite/scripts/install_deps.sh +++ b/.buildkite/scripts/install_deps.sh @@ -1,61 +1,65 @@ #!/bin/bash +source .buildkite/scripts/tooling.sh + set -euo pipefail -source .buildkite/scripts/tooling.sh +create_bin_folder() { + mkdir -p "${WORKSPACE}/bin" +} add_bin_path(){ - mkdir -p ${WORKSPACE}/bin + create_bin_folder export PATH="${WORKSPACE}/bin:${PATH}" } with_kubernetes() { - mkdir -p ${WORKSPACE}/bin - retry 5 curl -sSLo ${WORKSPACE}/bin/kind "https://github.com/kubernetes-sigs/kind/releases/download/${KIND_VERSION}/kind-linux-amd64" - chmod +x ${WORKSPACE}/bin/kind + create_bin_folder + retry 5 curl -sSLo "${WORKSPACE}/bin/kind" "https://github.com/kubernetes-sigs/kind/releases/download/${KIND_VERSION}/kind-linux-amd64" + chmod +x "${WORKSPACE}/bin/kind" kind version which kind - mkdir -p ${WORKSPACE}/bin - retry 5 curl -sSLo ${WORKSPACE}/bin/kubectl "https://storage.googleapis.com/kubernetes-release/release/${K8S_VERSION}/bin/linux/amd64/kubectl" - chmod +x ${WORKSPACE}/bin/kubectl + retry 5 curl -sSLo "${WORKSPACE}/bin/kubectl" "https://storage.googleapis.com/kubernetes-release/release/${K8S_VERSION}/bin/linux/amd64/kubectl" + chmod +x "${WORKSPACE}/bin/kubectl" kubectl version --client which kubectl } with_go() { - mkdir -p ${WORKSPACE}/bin - retry 5 curl -sL -o ${WORKSPACE}/bin/gvm "https://github.com/andrewkroh/gvm/releases/download/${SETUP_GVM_VERSION}/gvm-linux-amd64" - chmod +x ${WORKSPACE}/bin/gvm - eval "$(gvm $(cat .go-version))" + create_bin_folder + retry 5 curl -sL -o "${WORKSPACE}/bin/gvm" "https://github.com/andrewkroh/gvm/releases/download/${SETUP_GVM_VERSION}/gvm-linux-amd64" + chmod +x "${WORKSPACE}/bin/gvm" + eval "$(gvm "$(cat .go-version)")" go version which go - export PATH="${PATH}:$(go env GOPATH)/bin" + PATH="${PATH}:$(go env GOPATH)/bin" + export PATH } with_github_cli() { - mkdir -p ${WORKSPACE}/bin - mkdir -p ${WORKSPACE}/tmp + create_bin_folder + mkdir -p "${WORKSPACE}/tmp" local gh_filename="gh_${GH_CLI_VERSION}_linux_amd64" local gh_tar_file="${gh_filename}.tar.gz" local gh_tar_full_path="${WORKSPACE}/tmp/${gh_tar_file}" - retry 5 curl -sL -o ${gh_tar_full_path} "https://github.com/cli/cli/releases/download/v${GH_CLI_VERSION}/${gh_tar_file}" + retry 5 curl -sL -o "${gh_tar_full_path}" "https://github.com/cli/cli/releases/download/v${GH_CLI_VERSION}/${gh_tar_file}" # just extract the binary file from the tar.gz - tar -C ${WORKSPACE}/bin -xpf ${gh_tar_full_path} ${gh_filename}/bin/gh --strip-components=2 + tar -C "${WORKSPACE}/bin" -xpf "${gh_tar_full_path}" "${gh_filename}/bin/gh" --strip-components=2 - chmod +x ${WORKSPACE}/bin/gh - rm -rf ${WORKSPACE}/tmp + chmod +x "${WORKSPACE}/bin/gh" + rm -rf "${WORKSPACE}/tmp" gh version } with_jq() { - mkdir -p ${WORKSPACE}/bin - retry 5 curl -sL -o ${WORKSPACE}/bin/jq "https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64" + create_bin_folder + retry 5 curl -sL -o "${WORKSPACE}/bin/jq" "https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64" - chmod +x ${WORKSPACE}/bin/jq + chmod +x "${WORKSPACE}/bin/jq" jq --version } diff --git a/.buildkite/scripts/integration_tests.sh b/.buildkite/scripts/integration_tests.sh index 335d96b806..95ac402d57 100755 --- a/.buildkite/scripts/integration_tests.sh +++ b/.buildkite/scripts/integration_tests.sh @@ -1,4 +1,8 @@ #!/bin/bash + +source .buildkite/scripts/install_deps.sh +source .buildkite/scripts/tooling.sh + set -euo pipefail WORKSPACE="$(pwd)" @@ -15,7 +19,7 @@ cleanup() { fi echo "Deleting temporal files..." - cd ${WORKSPACE} + cd "${WORKSPACE}" rm -rf "${TMP_FOLDER_TEMPLATE_BASE}.*" echo "Done." @@ -31,9 +35,6 @@ usage() { echo -e "\t-h: Show this message" } -source .buildkite/scripts/install_deps.sh -source .buildkite/scripts/tooling.sh - PARALLEL_TARGET="test-check-packages-parallel" FALSE_POSITIVES_TARGET="test-check-packages-false-positives" KIND_TARGET="test-check-packages-with-kind" @@ -78,10 +79,12 @@ if [[ "${TARGET}" == "" ]]; then fi google_cloud_auth_safe_logs() { - local gsUtilLocation=$(mktemp -d -p ${WORKSPACE} -t ${TMP_FOLDER_TEMPLATE}) + local gsUtilLocation="" + gsUtilLocation=$(mktemp -d -p "${WORKSPACE}" -t "${TMP_FOLDER_TEMPLATE}") + local secretFileLocation=${gsUtilLocation}/${GOOGLE_CREDENTIALS_FILENAME} - echo "${PRIVATE_CI_GCS_CREDENTIALS_SECRET}" > ${secretFileLocation} + echo "${PRIVATE_CI_GCS_CREDENTIALS_SECRET}" > "${secretFileLocation}" google_cloud_auth "${secretFileLocation}" } @@ -119,7 +122,7 @@ if [[ "${TARGET}" == "${PARALLEL_TARGET}" ]] || [[ "${TARGET}" == "${FALSE_POSIT # allow to fail this command, to be able to upload safe logs set +e - make PACKAGE_UNDER_TEST=${PACKAGE} ${TARGET} + make PACKAGE_UNDER_TEST="${PACKAGE}" "${TARGET}" testReturnCode=$? set -e @@ -150,4 +153,4 @@ if [[ "${TARGET}" == "${PARALLEL_TARGET}" ]] || [[ "${TARGET}" == "${FALSE_POSIT exit 0 fi -make install ${TARGET} check-git-clean +make install "${TARGET}" check-git-clean diff --git a/.buildkite/scripts/release.sh b/.buildkite/scripts/release.sh index e015bac306..af033dec13 100755 --- a/.buildkite/scripts/release.sh +++ b/.buildkite/scripts/release.sh @@ -3,7 +3,7 @@ set -euo pipefail cleanup() { - rm -rf ${WORKSPACE} + rm -rf "${WORKSPACE}" } trap cleanup exit diff --git a/.buildkite/scripts/signAndPublishPackage.sh b/.buildkite/scripts/signAndPublishPackage.sh index 1dce8f96c6..325aef18d7 100755 --- a/.buildkite/scripts/signAndPublishPackage.sh +++ b/.buildkite/scripts/signAndPublishPackage.sh @@ -1,12 +1,12 @@ #!/bin/bash +source .buildkite/scripts/install_deps.sh +source .buildkite/scripts/tooling.sh + set -euo pipefail WORKSPACE="$(pwd)" TMP_FOLDER_TEMPLATE_BASE="tmp.elastic-package" -source .buildkite/scripts/install_deps.sh -source .buildkite/scripts/tooling.sh - cleanup() { local error_code=$? @@ -18,7 +18,7 @@ cleanup() { fi echo "Deleting temporal files..." - cd ${WORKSPACE} + cd "${WORKSPACE}" rm -rf ${TMP_FOLDER_TEMPLATE_BASE}.* echo "Done." @@ -30,7 +30,7 @@ trap cleanup EXIT is_already_published() { local packageZip=$1 - if curl -s --head https://package-storage.elastic.co/artifacts/packages/${packageZip} | grep -q "HTTP/2 200" ; then + if curl -s --head "https://package-storage.elastic.co/artifacts/packages/${packageZip}" | grep -q "HTTP/2 200" ; then echo "- Already published ${packageZip}" return 0 fi @@ -66,39 +66,42 @@ PACKAGE_STORAGE_INTERNAL_BUCKET_QUEUE_PUBLISHING_PATH="gs://elastic-bekitzur-pac google_cloud_auth_signing() { - local gsUtilLocation=$(mktemp -d -p ${WORKSPACE} -t ${TMP_FOLDER_TEMPLATE}) + local gsUtilLocation + gsUtilLocation=$(mktemp -d -p "${WORKSPACE}" -t "${TMP_FOLDER_TEMPLATE}") local secretFileLocation=${gsUtilLocation}/${GOOGLE_CREDENTIALS_FILENAME} - echo "${SIGNING_PACKAGES_GCS_CREDENTIALS_SECRET}" > ${secretFileLocation} + echo "${SIGNING_PACKAGES_GCS_CREDENTIALS_SECRET}" > "${secretFileLocation}" google_cloud_auth "${secretFileLocation}" } google_cloud_auth_publishing() { - local gsUtilLocation=$(mktemp -d -p ${WORKSPACE} -t ${TMP_FOLDER_TEMPLATE}) + local gsUtilLocation + gsUtilLocation=$(mktemp -d -p "${WORKSPACE}" -t "${TMP_FOLDER_TEMPLATE}") local secretFileLocation=${gsUtilLocation}/${GOOGLE_CREDENTIALS_FILENAME} - echo "${PACKAGE_UPLOADER_GCS_CREDENTIALS_SECRET}" > ${secretFileLocation} + echo "${PACKAGE_UPLOADER_GCS_CREDENTIALS_SECRET}" > "${secretFileLocation}" google_cloud_auth "${secretFileLocation}" } sign_package() { local package=${1} - local packageZip=$(basename ${package}) + local packageZip + packageZip=$(basename "${package}") google_cloud_auth_signing # upload zip package (trailing forward slashes are required) echo "Upload package .zip file for signing ${package} to ${INFRA_SIGNING_BUCKET_ARTIFACTS_PATH}" - gsutil cp ${package} "${INFRA_SIGNING_BUCKET_ARTIFACTS_PATH}/" + gsutil cp "${package}" "${INFRA_SIGNING_BUCKET_ARTIFACTS_PATH}/" echo "Trigger Jenkins job for signing package ${packageZip}" pushd ${JENKINS_TRIGGER_PATH} > /dev/null go run main.go \ --jenkins-job sign \ - --folder ${INFRA_SIGNING_BUCKET_ARTIFACTS_PATH} + --folder "${INFRA_SIGNING_BUCKET_ARTIFACTS_PATH}" popd > /dev/null @@ -117,19 +120,20 @@ sign_package() { publish_package() { local package=$1 - local packageZip=$(basename ${package}) + local packageZip + packageZip=$(basename "${package}") # create file with credentials google_cloud_auth_publishing # upload files (trailing forward slashes are required) echo "Upload package .zip file ${package} to ${PACKAGE_STORAGE_INTERNAL_BUCKET_QUEUE_PUBLISHING_PATH}" - gsutil cp ${package} "${PACKAGE_STORAGE_INTERNAL_BUCKET_QUEUE_PUBLISHING_PATH}/" + gsutil cp "${package}" "${PACKAGE_STORAGE_INTERNAL_BUCKET_QUEUE_PUBLISHING_PATH}/" echo "Upload package .sig file ${package}.sig to ${PACKAGE_STORAGE_INTERNAL_BUCKET_QUEUE_PUBLISHING_PATH}" - gsutil cp ${package}.sig "${PACKAGE_STORAGE_INTERNAL_BUCKET_QUEUE_PUBLISHING_PATH}/" + gsutil cp "${package}.sig" "${PACKAGE_STORAGE_INTERNAL_BUCKET_QUEUE_PUBLISHING_PATH}/" echo "Trigger Jenkins job for publishing package ${packageZip}" - pushd ${JENKINS_TRIGGER_PATH} > /dev/null + pushd "${JENKINS_TRIGGER_PATH}" > /dev/null go run main.go \ --jenkins-job publish \ diff --git a/.buildkite/scripts/test-with-integrations.sh b/.buildkite/scripts/test-with-integrations.sh index c4475a5687..e1eadb53b7 100755 --- a/.buildkite/scripts/test-with-integrations.sh +++ b/.buildkite/scripts/test-with-integrations.sh @@ -1,4 +1,5 @@ #!/bin/bash +source .buildkite/scripts/install_deps.sh set -euo pipefail @@ -9,13 +10,12 @@ TMP_FOLDER_TEMPLATE="${TMP_FOLDER_TEMPLATE_BASE}.XXXXXXXXX" cleanup() { echo "Deleting temporal files..." - cd ${WORKSPACE} + cd "${WORKSPACE}" rm -rf "${TMP_FOLDER_TEMPLATE_BASE}.*" echo "Done." } trap cleanup EXIT -source .buildkite/scripts/install_deps.sh add_bin_path @@ -67,23 +67,24 @@ git_push_with_auth() { clone_repository() { local target="$1" - retry 5 git clone https://github.com/elastic/integrations ${target} + retry 5 git clone https://github.com/elastic/integrations "${target}" } create_integrations_pull_request() { # requires GITHUB_TOKEN - local temp_path=$(mktemp -d -p ${WORKSPACE} -t ${TMP_FOLDER_TEMPLATE}) + local temp_path + temp_path=$(mktemp -d -p "${WORKSPACE}" -t "${TMP_FOLDER_TEMPLATE}") echo "Creating Pull Request" message="Update ${GITHUB_PR_BASE_REPO} reference to $(get_source_commit_link).\nAutomated by [Buildkite build](${BUILDKITE_BUILD_URL})\n\nRelates: $(get_source_pr_link)" - echo -e $message > ${temp_path}/body-pr.txt + echo -e "$message" > "${temp_path}/body-pr.txt" retry 3 \ gh pr create \ --title "${INTEGRATIONS_PR_TITLE}" \ - --body-file ${temp_path}/body-pr.txt \ + --body-file "${temp_path}/body-pr.txt" \ --draft \ - --base ${INTEGRATIONS_SOURCE_BRANCH} \ - --head ${INTEGRATIONS_PR_BRANCH} \ - --assignee ${GITHUB_PR_HEAD_USER} + --base "${INTEGRATIONS_SOURCE_BRANCH}" \ + --head "${INTEGRATIONS_PR_BRANCH}" \ + --assignee "${GITHUB_PR_HEAD_USER}" } update_dependency() { @@ -118,11 +119,12 @@ exists_branch() { local repository="$2" local branch="$3" - git ls-remote --exit-code --heads https://github.com/${owner}/${repository}.git ${branch} + git ls-remote --exit-code --heads "https://github.com/${owner}/${repository}.git" "${branch}" } create_or_update_pull_request() { - local temp_path=$(mktemp -d -p ${WORKSPACE} -t ${TMP_FOLDER_TEMPLATE}) + local temp_path + temp_path=$(mktemp -d -p "${WORKSPACE}" -t "${TMP_FOLDER_TEMPLATE}") local repo_path="${temp_path}/elastic-integrations" local checkout_options="" local integrations_pr_number="" @@ -135,7 +137,7 @@ create_or_update_pull_request() { set_git_config echo "Checking branch ${INTEGRATIONS_PR_BRANCH} in remote ${INTEGRATIONS_GITHUB_OWNER}/${INTEGRATIONS_GITHUB_REPO_NAME}" - if ! exists_branch ${INTEGRATIONS_GITHUB_OWNER} ${INTEGRATIONS_GITHUB_REPO_NAME} ${INTEGRATIONS_PR_BRANCH} ; then + if ! exists_branch "${INTEGRATIONS_GITHUB_OWNER}" "${INTEGRATIONS_GITHUB_REPO_NAME}" "${INTEGRATIONS_PR_BRANCH}" ; then checkout_options=" -b " echo "Creating a new branch..." else @@ -147,13 +149,13 @@ create_or_update_pull_request() { echo "Exists PR in integrations repository: ${integrations_pr_number}" fi - git checkout ${checkout_options} ${INTEGRATIONS_PR_BRANCH} + git checkout ${checkout_options} "${INTEGRATIONS_PR_BRANCH}" echo "--- Updating dependency :pushpin:" update_dependency echo "--- Pushing branch ${INTEGRATIONS_PR_BRANCH} to integrations repository..." - git_push_with_auth ${INTEGRATIONS_GITHUB_OWNER} ${INTEGRATIONS_GITHUB_REPO_NAME} ${INTEGRATIONS_PR_BRANCH} + git_push_with_auth "${INTEGRATIONS_GITHUB_OWNER}" "${INTEGRATIONS_GITHUB_REPO_NAME}" "${INTEGRATIONS_PR_BRANCH}" if [ -z "${integrations_pr_number}" ]; then echo "--- Creating pull request :github:" @@ -169,7 +171,7 @@ create_or_update_pull_request() { rm -rf "${temp_path}" echo "--- adding comment into ${GITHUB_PR_BASE_REPO} pull request :memo:" - add_pr_comment "${BUILDKITE_PULL_REQUEST}" "$(get_integrations_pr_link ${integrations_pr_number})" + add_pr_comment "${BUILDKITE_PULL_REQUEST}" "$(get_integrations_pr_link "${integrations_pr_number}")" } @@ -178,9 +180,9 @@ add_pr_comment() { local integrations_pr_link="$2" retry 3 \ - gh pr comment ${source_pr_number} \ + gh pr comment "${source_pr_number}" \ --body "Created or updated PR in integrations repository to test this version. Check ${integrations_pr_link}" \ - --repo ${GITHUB_PR_BASE_OWNER}/${GITHUB_PR_BASE_REPO} + --repo "${GITHUB_PR_BASE_OWNER}/${GITHUB_PR_BASE_REPO}" } diff --git a/.buildkite/scripts/tooling.sh b/.buildkite/scripts/tooling.sh index 27cefbace3..1eb38337cd 100755 --- a/.buildkite/scripts/tooling.sh +++ b/.buildkite/scripts/tooling.sh @@ -13,8 +13,8 @@ repo_name() { # Example of URL: git@github.com:acme-inc/my-project.git local repoUrl=$1 - orgAndRepo=$(echo $repoUrl | cut -d':' -f 2) - echo "$(basename ${orgAndRepo} .git)" + orgAndRepo=$(echo "$repoUrl" | cut -d':' -f 2) + basename "${orgAndRepo}" .git } buildkite_pr_branch_build_id() { @@ -28,7 +28,7 @@ buildkite_pr_branch_build_id() { google_cloud_auth() { local keyFile=$1 - gcloud auth activate-service-account --key-file ${keyFile} 2> /dev/null + gcloud auth activate-service-account --key-file "${keyFile}" 2> /dev/null export GOOGLE_APPLICATION_CREDENTIALS=${keyFile} } @@ -54,15 +54,16 @@ retry() { } google_cloud_logout_active_account() { - local active_account=$(gcloud auth list --filter=status:ACTIVE --format="value(account)" 2>/dev/null) + local active_account + active_account=$(gcloud auth list --filter=status:ACTIVE --format="value(account)" 2>/dev/null || true) if [[ -n "$active_account" && -n "${GOOGLE_APPLICATION_CREDENTIALS+x}" ]]; then echo "Logging out from GCP for active account" - gcloud auth revoke $active_account > /dev/null 2>&1 + gcloud auth revoke "$active_account" > /dev/null 2>&1 else echo "No active GCP accounts found." fi if [ -n "${GOOGLE_APPLICATION_CREDENTIALS+x}" ]; then - rm -rf ${GOOGLE_APPLICATION_CREDENTIALS} + rm -rf "${GOOGLE_APPLICATION_CREDENTIALS}" unset GOOGLE_APPLICATION_CREDENTIALS fi }