blob: 6416bfe634ebea65d7f180da9226fde2dfef770e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
#!/bin/bash
# usage: laminarc run checkout_ci remote="ssh://src.liz.coffee:2222/cgit" rev="<sha>" \
# refname="refs/..."
RUN=`date +%s`
RETURN="$PWD"
WORKING_DIR="$PWD/$RUN"
export LOG_PREFIX="[checkout_ci.$RUN]"
log "hewwo~ starting checkout job for $remote @ $refname - $rev"
mkdir -p "$WORKING_DIR" && cd "$WORKING_DIR"
CODE="$WORKING_DIR/src"
checkout="$rev" path="$CODE" fetch_code
CI_WORKFLOW="$CODE/.ci/ci.json"
if [[ ! -e "$CI_WORKFLOW" ]]; then
log "couldn't find any ci configuration (。•́︿•̀。) that's okay~"
exit 0
fi
PIPELINE_GENERATOR_PATH=$(jq -r '.pipeline' "$CI_WORKFLOW")
if [[ "$PIPELINE_GENERATOR_PATH" == *".."* ]]; then
log "found sneaky '..' in path (⋟﹏⋞) that's not allowed!"
exit 1
fi
log "building the pipeline~ (◕ᴗ◕✿) let's make something amazing!"
PIPELINE="$WORKING_DIR/pipeline.json"
docker run --rm --network none --cap-drop ALL --security-opt no-new-privileges \
-e refname="$refname" -e rev="$rev" -e remote="$remote" \
-v "$CODE/$PIPELINE_GENERATOR_PATH:/pipeline_generator" \
oci.liz.coffee/img/liz-ci:release /pipeline_generator \
> "$PIPELINE"
pipeline="$PIPELINE" run_pipeline
log "cleaning up after myself like a good kitty (˘ω˘)"
cd "$RETURN" && rm -rf "$WORKING_DIR"
log "all done with checkout! hope it worked~ (⑅˘꒳˘)"
|
