forked from konflux-ci/build-trusted-artifacts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathuse.sh
executable file
·106 lines (84 loc) · 2.37 KB
/
use.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
#!/bin/bash
# Restores a trusted artifact, content of the destination will be removed.
set -o errexit
set -o nounset
set -o pipefail
tar_opts=-xpf
if [[ -v DEBUG ]]; then
tar_opts=-xvpf
set -o xtrace
fi
supported_digest_algorithms=(sha256 sha384 sha512)
# contains name=path artifact pairs
artifact_pairs=()
while [[ $# -gt 0 ]]; do
case $1 in
--store)
store="$2"
shift
shift
;;
-*)
echo "Unknown option $1"
exit 1
;;
*)
artifact_pairs+=("$1")
shift
;;
esac
done
for artifact_pair in "${artifact_pairs[@]}"; do
uri="${artifact_pair/=*}"
destination="$(realpath "${artifact_pair/*=}")"
if [ -z "${uri}" ]; then
echo WARN: artifact URI not provided, "(given: ${artifact_pair})"
continue
fi
if [ -z "${destination}" ]; then
echo WARN: destination not provided, "(given: ${artifact_pair})"
continue
fi
if [ "${destination}" == "/" ]; then
echo Not a valid destination: "${destination}", resolves to /
exit 1
fi
if [ -f "${destination}/.skip-trusted-artifacts" ]; then
echo WARN: found skip file in "${destination}"
continue
fi
type="${uri/:*}"
if [ "${type}" != "file" ]; then
echo Unsupported archive type: "${type}"
exit 1
fi
name="${uri#*:}"
name="${name/:*}"
archive="${store}/${name}".tar.gz
if [ ! -f "${archive}" ]; then
echo "Archive not produced: ${uri}"
exit 1
fi
digest_algorithm=${uri/-*}
digest_algorithm=${digest_algorithm/*:}
supported=0
case "${supported_digest_algorithms[@]}" in *"${digest_algorithm}"*) supported=1 ;; esac
if [ $supported -eq 0 ]; then
echo "Unsupported digest algorthm: ${digest_algorithm}"
exit 1
fi
digest="${uri/*-}"
echo "${digest} ${archive}" | "${digest_algorithm}sum" --check --quiet --strict
if [ -d "${destination}" ]; then
(
shopt -s dotglob
log "deleting everything in %s" "${destination}"
rm -rf "${destination:?}"/*
)
fi
mkdir -p "${destination}"
log "destination: %s" "$(ls -lda "${destination}")"
log "expanding archive %s to %s" "${archive}" "${destination}"
tar "${tar_opts}" "${archive}" -C "${destination}"
echo Restored artifact to "${destination} (${digest_algorithm}:${digest})"
done