worker/jobs/checkout_ci.run


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

#!/bin/bash
# usage: laminarc run ci remote="ssh://src.liz.coffee:2222/cgit" rev="<sha>" \
#                        refname="refs/..."

set -e

RUN=`date +%s`
WORKING_DIR=`$PWD/$RUN`

mkdir -p "$WORKING_DIR" && cd "$WORKING_DIR"

checkout="$rev" path="tmpsrc" fetch_code.sh

if [[ ! -e "$WORKING_DIR/tmpsrc/.ci/ci.json" ]]; then
    echo "No Continuous Integration configured for $remote."
    exit 0
fi

PIPELINE_GENERATOR_PATH=$(jq -r '.pipeline' "$WORKING_DIR/tmpsrc/.ci/ci.json")
if [[ "$PIPELINE_GENERATOR_PATH" == *".."* ]]; then
    echo "Error: Path contains '..'"
    exit 1
fi

docker run --rm \
  --network none \
  --cap-drop ALL \
  --security-opt no-new-privileges \
  -v "$WORKING_DIR/tmpsrc/$PIPELINE_GENERATOR:/pipeline" \
  -e refname="$refname" \
  -e rev="$rev" \
  -e remote="$remote" \
  oci.liz.coffee/img/liz-ci:release \
  /pipeline \
  > "$WORKING_DIR/pipeline.json"

rm -rf tmpsrc

pipeline="$WORKING_DIR/pipeline.json" run_pipeline