From d2e12d6aa71280b188461f3b794ba0e933abe574 Mon Sep 17 00:00:00 2001
From: Morris Jobke <hey@morrisjobke.de>
Date: Mon, 25 Feb 2019 13:49:03 +0100
Subject: [PATCH 1/2] Add test for updated CA bundle

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
---
 autotest-checkers.sh       |  2 ++
 build/ca-bundle-checker.sh | 22 ++++++++++++++++++++++
 2 files changed, 24 insertions(+)
 create mode 100755 build/ca-bundle-checker.sh

diff --git a/autotest-checkers.sh b/autotest-checkers.sh
index dcf864ee8508e..e35e27214aafd 100755
--- a/autotest-checkers.sh
+++ b/autotest-checkers.sh
@@ -10,6 +10,8 @@ php ./build/translation-checker.php
 RESULT=$(($RESULT+$?))
 php ./build/htaccess-checker.php
 RESULT=$(($RESULT+$?))
+bash ./build/ca-bundle-checker.sh
+RESULT=$(($RESULT+$?))
 
 
 for app in $(find "apps/" -mindepth 1 -maxdepth 1 -type d -exec basename {} \;); do
diff --git a/build/ca-bundle-checker.sh b/build/ca-bundle-checker.sh
new file mode 100755
index 0000000000000..a23d6257d5843
--- /dev/null
+++ b/build/ca-bundle-checker.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+echo
+if [[ -n ${DRONE_BRANCH} &&  ! ${DRONE_BRANCH} =~ version\/noid\/.+ ]]; then
+    echo "Skip CA bundle check"
+    exit 0
+fi
+
+echo "Fetching latest ca-bundle.crt ..."
+curl -o resources/config/ca-bundle.crt https://curl.haxx.se/ca/cacert.pem
+
+echo
+outdated=$(git diff --name-only | grep "resources/config/ca-bundle.crt")
+if [ "${outdated}" = "resources/config/ca-bundle.crt" ]; then
+    echo "CA bundle is not up to date."
+    echo "Please run: bash build/ca-bundle-checker.sh"
+    echo "And commit the result"
+    exit 1
+fi
+
+echo "CA bundle is up to date."
+exit 0

From 46061d9d6be1de0c09352c618a7aab5824c74e02 Mon Sep 17 00:00:00 2001
From: Daniel Kesselberg <mail@danielkesselberg.de>
Date: Tue, 5 Mar 2019 15:20:47 +0100
Subject: [PATCH 2/2] DRONE_BRANCH is the target branch. DRONE_COMMIT_REFSPEC
 should work.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
---
 build/ca-bundle-checker.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/ca-bundle-checker.sh b/build/ca-bundle-checker.sh
index a23d6257d5843..8c8528c23433e 100755
--- a/build/ca-bundle-checker.sh
+++ b/build/ca-bundle-checker.sh
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
 echo
-if [[ -n ${DRONE_BRANCH} &&  ! ${DRONE_BRANCH} =~ version\/noid\/.+ ]]; then
+if [[ -n ${DRONE_COMMIT_REFSPEC} &&  ! ${DRONE_COMMIT_REFSPEC} =~ version\/noid\/.+ ]]; then
     echo "Skip CA bundle check"
     exit 0
 fi