From fa8f3f9465e87d499f7d6428323f496a884b7818 Mon Sep 17 00:00:00 2001
From: Elizabeth Alexander Hunt <me@liz.coffee>
Date: Sat, 10 May 2025 16:57:03 -0700
Subject: initial commit

---
 worker/jobs/checkout_ci.run | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 worker/jobs/checkout_ci.run

(limited to 'worker/jobs')

diff --git a/worker/jobs/checkout_ci.run b/worker/jobs/checkout_ci.run
new file mode 100644
index 0000000..d47697d
--- /dev/null
+++ b/worker/jobs/checkout_ci.run
@@ -0,0 +1,39 @@
+#!/bin/bash
+# usage: laminarc run ci remote="ssh://src.liz.coffee:2222/cgit" rev="<sha>" \
+#                        refname="refs/..."
+
+set -e
+
+RUN=`date +%s`
+WORKING_DIR=`$PWD/$RUN`
+
+mkdir -p "$WORKING_DIR" && cd "$WORKING_DIR"
+
+checkout="$rev" path="tmpsrc" fetch_code.sh
+
+if [[ ! -e "$WORKING_DIR/tmpsrc/.ci/ci.json" ]]; then
+    echo "No Continuous Integration configured for $remote."
+    exit 0
+fi
+
+PIPELINE_GENERATOR_PATH=$(jq -r '.pipeline' "$WORKING_DIR/tmpsrc/.ci/ci.json")
+if [[ "$PIPELINE_GENERATOR_PATH" == *".."* ]]; then
+    echo "Error: Path contains '..'"
+    exit 1
+fi
+
+docker run --rm \
+  --network none \
+  --cap-drop ALL \
+  --security-opt no-new-privileges \
+  -v "$WORKING_DIR/tmpsrc/$PIPELINE_GENERATOR:/pipeline" \
+  -e refname="$refname" \
+  -e rev="$rev" \
+  -e remote="$remote" \
+  oci.liz.coffee/img/liz-ci:release \
+  /pipeline \
+  > "$WORKING_DIR/pipeline.json"
+
+rm -rf tmpsrc
+
+pipeline="$WORKING_DIR/pipeline.json" run_pipeline
-- 
cgit v1.2.3-70-g09d2