chore: fix shellcheck findings across migration scripts
This commit is contained in:
S
@@ -164,14 +164,14 @@ add_docker_runner() {
|
||||
export RUNNER_NAME RUNNER_LABELS RUNNER_DATA_PATH
|
||||
export GITEA_RUNNER_REGISTRATION_TOKEN="${GITEA_RUNNER_REGISTRATION_TOKEN:-}"
|
||||
render_template "${SCRIPT_DIR}/templates/docker-compose-runner.yml.tpl" "$tmpfile" \
|
||||
'${ACT_RUNNER_VERSION} ${RUNNER_NAME} ${GITEA_INTERNAL_URL} ${GITEA_RUNNER_REGISTRATION_TOKEN} ${RUNNER_LABELS} ${RUNNER_DATA_PATH}'
|
||||
"\${ACT_RUNNER_VERSION} \${RUNNER_NAME} \${GITEA_INTERNAL_URL} \${GITEA_RUNNER_REGISTRATION_TOKEN} \${RUNNER_LABELS} \${RUNNER_DATA_PATH}"
|
||||
runner_scp "$tmpfile" "${RUNNER_DATA_PATH}/docker-compose.yml"
|
||||
rm -f "$tmpfile"
|
||||
|
||||
# Render runner config
|
||||
tmpfile=$(mktemp)
|
||||
render_template "${SCRIPT_DIR}/templates/runner-config.yaml.tpl" "$tmpfile" \
|
||||
'${RUNNER_NAME} ${RUNNER_LABELS}'
|
||||
"\${RUNNER_NAME} \${RUNNER_LABELS}"
|
||||
runner_scp "$tmpfile" "${RUNNER_DATA_PATH}/config.yaml"
|
||||
rm -f "$tmpfile"
|
||||
|
||||
@@ -249,14 +249,14 @@ add_native_runner() {
|
||||
tmpfile=$(mktemp)
|
||||
export RUNNER_NAME RUNNER_LABELS RUNNER_DATA_PATH
|
||||
render_template "${SCRIPT_DIR}/templates/runner-config.yaml.tpl" "$tmpfile" \
|
||||
'${RUNNER_NAME} ${RUNNER_LABELS}'
|
||||
"\${RUNNER_NAME} \${RUNNER_LABELS}"
|
||||
cp "$tmpfile" "${RUNNER_DATA_PATH}/config.yaml"
|
||||
rm -f "$tmpfile"
|
||||
|
||||
# Render launchd plist
|
||||
tmpfile=$(mktemp)
|
||||
render_template "${SCRIPT_DIR}/templates/com.gitea.runner.plist.tpl" "$tmpfile" \
|
||||
'${RUNNER_NAME} ${RUNNER_DATA_PATH}'
|
||||
"\${RUNNER_NAME} \${RUNNER_DATA_PATH}"
|
||||
mkdir -p "$HOME/Library/LaunchAgents"
|
||||
cp "$tmpfile" "$plist_path"
|
||||
rm -f "$tmpfile"
|
||||
|
||||
@@ -46,7 +46,7 @@ else
|
||||
# Set variables for template
|
||||
export DATA_PATH GITEA_PORT="${UNRAID_GITEA_PORT}" GITEA_SSH_PORT="${UNRAID_GITEA_SSH_PORT}"
|
||||
render_template "${SCRIPT_DIR}/templates/docker-compose-gitea.yml.tpl" "$TMPFILE" \
|
||||
'${GITEA_VERSION} ${DATA_PATH} ${GITEA_PORT} ${GITEA_SSH_PORT}'
|
||||
"\${GITEA_VERSION} \${DATA_PATH} \${GITEA_PORT} \${GITEA_SSH_PORT}"
|
||||
scp_to UNRAID "$TMPFILE" "${DATA_PATH}/docker-compose.yml"
|
||||
rm -f "$TMPFILE"
|
||||
log_success "docker-compose.yml deployed"
|
||||
@@ -64,7 +64,7 @@ else
|
||||
GITEA_SECRET_KEY=$(openssl rand -hex 32)
|
||||
export GITEA_SECRET_KEY
|
||||
render_template "${SCRIPT_DIR}/templates/app.ini.tpl" "$TMPFILE" \
|
||||
'${GITEA_DOMAIN} ${GITEA_DB_TYPE} ${GITEA_SECRET_KEY}'
|
||||
"\${GITEA_DOMAIN} \${GITEA_DB_TYPE} \${GITEA_SECRET_KEY}"
|
||||
scp_to UNRAID "$TMPFILE" "${DATA_PATH}/config/app.ini"
|
||||
rm -f "$TMPFILE"
|
||||
log_success "app.ini deployed"
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
# shellcheck disable=SC2329
|
||||
|
||||
# =============================================================================
|
||||
# phase1_post_check.sh — Verify Phase 1 (Gitea on Unraid) succeeded
|
||||
@@ -40,6 +41,7 @@ run_check "Admin user authenticates (basic auth)" \
|
||||
curl -sf -o /dev/null -u "${GITEA_ADMIN_USER}:${GITEA_ADMIN_PASSWORD}" "${GITEA_INTERNAL_URL}/api/v1/user"
|
||||
|
||||
# Check 3: API token works and returns correct username
|
||||
# shellcheck disable=SC2329
|
||||
check_token() {
|
||||
local response
|
||||
response=$(curl -sf -H "Authorization: token ${GITEA_ADMIN_TOKEN}" "${GITEA_INTERNAL_URL}/api/v1/user")
|
||||
@@ -54,6 +56,7 @@ run_check "Organization '${GITEA_ORG_NAME}' exists" \
|
||||
curl -sf -o /dev/null -H "Authorization: token ${GITEA_ADMIN_TOKEN}" "${GITEA_INTERNAL_URL}/api/v1/orgs/${GITEA_ORG_NAME}"
|
||||
|
||||
# Check 5: Gitea Actions enabled (verify via settings API)
|
||||
# shellcheck disable=SC2329
|
||||
check_actions() {
|
||||
# The /api/v1/settings/api endpoint returns instance settings.
|
||||
# If Actions are enabled, the Gitea instance will accept runner registrations.
|
||||
|
||||
@@ -44,7 +44,7 @@ else
|
||||
TMPFILE=$(mktemp)
|
||||
export DATA_PATH GITEA_PORT="${FEDORA_GITEA_PORT}" GITEA_SSH_PORT="${FEDORA_GITEA_SSH_PORT}"
|
||||
render_template "${SCRIPT_DIR}/templates/docker-compose-gitea.yml.tpl" "$TMPFILE" \
|
||||
'${GITEA_VERSION} ${DATA_PATH} ${GITEA_PORT} ${GITEA_SSH_PORT}'
|
||||
"\${GITEA_VERSION} \${DATA_PATH} \${GITEA_PORT} \${GITEA_SSH_PORT}"
|
||||
scp_to FEDORA "$TMPFILE" "${DATA_PATH}/docker-compose.yml"
|
||||
rm -f "$TMPFILE"
|
||||
log_success "docker-compose.yml deployed"
|
||||
@@ -69,7 +69,7 @@ else
|
||||
GITEA_DOMAIN="${FEDORA_IP}:${FEDORA_GITEA_PORT}"
|
||||
export GITEA_DOMAIN
|
||||
render_template "${SCRIPT_DIR}/templates/app.ini.tpl" "$TMPFILE" \
|
||||
'${GITEA_DOMAIN} ${GITEA_DB_TYPE} ${GITEA_SECRET_KEY}'
|
||||
"\${GITEA_DOMAIN} \${GITEA_DB_TYPE} \${GITEA_SECRET_KEY}"
|
||||
scp_to FEDORA "$TMPFILE" "${DATA_PATH}/config/app.ini"
|
||||
rm -f "$TMPFILE"
|
||||
log_success "app.ini deployed"
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
# shellcheck disable=SC2329
|
||||
|
||||
# =============================================================================
|
||||
# phase2_post_check.sh — Verify Phase 2 (Gitea on Fedora) succeeded
|
||||
@@ -41,6 +42,7 @@ run_check "Admin user authenticates (basic auth)" \
|
||||
curl -sf -o /dev/null -u "${GITEA_ADMIN_USER}:${GITEA_ADMIN_PASSWORD}" "${GITEA_BACKUP_INTERNAL_URL}/api/v1/user"
|
||||
|
||||
# Check 3: API token works and returns correct username
|
||||
# shellcheck disable=SC2329
|
||||
check_token() {
|
||||
local response
|
||||
response=$(curl -sf -H "Authorization: token ${GITEA_BACKUP_ADMIN_TOKEN}" "${GITEA_BACKUP_INTERNAL_URL}/api/v1/user")
|
||||
@@ -53,6 +55,7 @@ run_check "Backup API token valid (returns correct username)" check_token
|
||||
# Check 4: Gitea Actions enabled (verify via settings API)
|
||||
# No org check here — the Fedora instance doesn't create an org.
|
||||
# Mirror repos are stored under the admin user's namespace.
|
||||
# shellcheck disable=SC2329
|
||||
check_actions() {
|
||||
curl -sf -H "Authorization: token ${GITEA_BACKUP_ADMIN_TOKEN}" "${GITEA_BACKUP_INTERNAL_URL}/api/v1/settings/api" -o /dev/null
|
||||
}
|
||||
|
||||
@@ -61,7 +61,7 @@ done < "$RUNNERS_CONF"
|
||||
# ---------------------------------------------------------------------------
|
||||
# Check: runner count matches runners.conf
|
||||
# ---------------------------------------------------------------------------
|
||||
EXPECTED_COUNT=$(grep -v '^\s*#' "$RUNNERS_CONF" | grep -v '^\s*$' | wc -l | xargs)
|
||||
EXPECTED_COUNT=$(grep -Evc '^[[:space:]]*($|#)' "$RUNNERS_CONF")
|
||||
ACTUAL_COUNT=$(printf '%s' "$API_RUNNERS" | jq 'length' 2>/dev/null || echo 0)
|
||||
|
||||
if [[ "$ACTUAL_COUNT" -ge "$EXPECTED_COUNT" ]]; then
|
||||
|
||||
@@ -30,7 +30,7 @@ if [[ ! -f "$RUNNERS_CONF" ]]; then
|
||||
fi
|
||||
|
||||
# Count non-comment, non-blank lines to verify there are runners to deploy
|
||||
RUNNER_COUNT=$(grep -v '^\s*#' "$RUNNERS_CONF" | grep -v '^\s*$' | wc -l | xargs)
|
||||
RUNNER_COUNT=$(grep -Evc '^[[:space:]]*($|#)' "$RUNNERS_CONF")
|
||||
if [[ "$RUNNER_COUNT" -eq 0 ]]; then
|
||||
log_error "No runners defined in runners.conf"
|
||||
exit 1
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
# shellcheck disable=SC2329
|
||||
|
||||
# =============================================================================
|
||||
# phase4_post_check.sh — Verify Phase 4 (Repo Migration) succeeded
|
||||
@@ -44,12 +45,14 @@ for repo in "${REPOS[@]}"; do
|
||||
log_info "--- Checking repo: ${repo} ---"
|
||||
|
||||
# Check 1: Repo exists on primary
|
||||
# shellcheck disable=SC2329
|
||||
check_repo_exists() {
|
||||
gitea_api GET "/repos/${GITEA_ORG_NAME}/$1" >/dev/null
|
||||
}
|
||||
run_check "Primary: ${GITEA_ORG_NAME}/${repo} exists" check_repo_exists "$repo"
|
||||
|
||||
# Check 2: Repo has commits (migration imported content)
|
||||
# shellcheck disable=SC2329
|
||||
check_commits() {
|
||||
local commits
|
||||
commits=$(gitea_api GET "/repos/${GITEA_ORG_NAME}/$1/commits?limit=1")
|
||||
@@ -60,6 +63,7 @@ for repo in "${REPOS[@]}"; do
|
||||
run_check "Primary: ${repo} has commits" check_commits "$repo"
|
||||
|
||||
# Check 3: Default branch matches GitHub source
|
||||
# shellcheck disable=SC2329
|
||||
check_default_branch() {
|
||||
local gitea_branch github_branch
|
||||
gitea_branch=$(gitea_api GET "/repos/${GITEA_ORG_NAME}/$1" | jq -r '.default_branch')
|
||||
@@ -69,12 +73,14 @@ for repo in "${REPOS[@]}"; do
|
||||
run_check "Primary: ${repo} default branch matches GitHub" check_default_branch "$repo"
|
||||
|
||||
# Check 4: Mirror exists on Fedora
|
||||
# shellcheck disable=SC2329
|
||||
check_mirror_exists() {
|
||||
gitea_backup_api GET "/repos/${GITEA_ADMIN_USER}/$1" >/dev/null
|
||||
}
|
||||
run_check "Fedora: ${GITEA_ADMIN_USER}/${repo} exists" check_mirror_exists "$repo"
|
||||
|
||||
# Check 5: Mirror has mirror=true
|
||||
# shellcheck disable=SC2329
|
||||
check_mirror_flag() {
|
||||
local is_mirror
|
||||
is_mirror=$(gitea_backup_api GET "/repos/${GITEA_ADMIN_USER}/$1" | jq -r '.mirror')
|
||||
|
||||
@@ -60,7 +60,7 @@ for repo in "${REPOS[@]}"; do
|
||||
|
||||
# Construct clone URL with embedded token for auth
|
||||
# Format: http://token:TOKEN@host:port/org/repo.git
|
||||
CLONE_URL=$(echo "${GITEA_INTERNAL_URL}" | sed "s|://|://${GITEA_ADMIN_USER}:${GITEA_ADMIN_TOKEN}@|")
|
||||
CLONE_URL="${GITEA_INTERNAL_URL%%://*}://${GITEA_ADMIN_USER}:${GITEA_ADMIN_TOKEN}@${GITEA_INTERNAL_URL#*://}"
|
||||
log_info "Cloning ${repo}..."
|
||||
git clone -q "${CLONE_URL}/${GITEA_ORG_NAME}/${repo}.git" "$CLONE_DIR"
|
||||
|
||||
|
||||
@@ -45,7 +45,7 @@ for repo in "${REPOS[@]}"; do
|
||||
CLONE_DIR="${TEMP_BASE}/${repo}"
|
||||
rm -rf "$CLONE_DIR"
|
||||
|
||||
CLONE_URL=$(echo "${GITEA_INTERNAL_URL}" | sed "s|://|://${GITEA_ADMIN_USER}:${GITEA_ADMIN_TOKEN}@|")
|
||||
CLONE_URL="${GITEA_INTERNAL_URL%%://*}://${GITEA_ADMIN_USER}:${GITEA_ADMIN_TOKEN}@${GITEA_INTERNAL_URL#*://}"
|
||||
git clone -q "${CLONE_URL}/${GITEA_ORG_NAME}/${repo}.git" "$CLONE_DIR"
|
||||
|
||||
if [[ -d "${CLONE_DIR}/.gitea/workflows" ]]; then
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
# shellcheck disable=SC2329
|
||||
|
||||
# =============================================================================
|
||||
# phase6_post_check.sh — Verify Phase 6 (GitHub Push Mirrors) succeeded
|
||||
@@ -38,6 +39,7 @@ for repo in "${REPOS[@]}"; do
|
||||
log_info "--- Checking repo: ${repo} ---"
|
||||
|
||||
# Check 1: Push mirror exists
|
||||
# shellcheck disable=SC2329
|
||||
check_mirror_exists() {
|
||||
local mirrors
|
||||
mirrors=$(gitea_api GET "/repos/${GITEA_ORG_NAME}/$1/push_mirrors")
|
||||
@@ -49,6 +51,7 @@ for repo in "${REPOS[@]}"; do
|
||||
|
||||
# Check 2: Latest commit SHA matches between Gitea and GitHub
|
||||
# Trigger a sync first, then compare HEAD commits
|
||||
# shellcheck disable=SC2329
|
||||
check_commit_sync() {
|
||||
# Trigger sync
|
||||
gitea_api POST "/repos/${GITEA_ORG_NAME}/$1/push_mirrors-sync" "" >/dev/null 2>&1 || true
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
# shellcheck disable=SC2329
|
||||
|
||||
# =============================================================================
|
||||
# phase7_post_check.sh — Verify Phase 7 (Branch Protection) succeeded
|
||||
@@ -37,12 +38,14 @@ for repo in "${REPOS[@]}"; do
|
||||
log_info "--- Checking repo: ${repo} ---"
|
||||
|
||||
# Check 1: Protection rule exists
|
||||
# shellcheck disable=SC2329
|
||||
check_protection_exists() {
|
||||
gitea_api GET "/repos/${GITEA_ORG_NAME}/$1/branch_protections/${PROTECTED_BRANCH}" >/dev/null
|
||||
}
|
||||
run_check "Branch protection exists for '${PROTECTED_BRANCH}' on ${repo}" check_protection_exists "$repo"
|
||||
|
||||
# Check 2: Push is blocked (enable_push should be false)
|
||||
# shellcheck disable=SC2329
|
||||
check_push_blocked() {
|
||||
local protection
|
||||
protection=$(gitea_api GET "/repos/${GITEA_ORG_NAME}/${repo}/branch_protections/${PROTECTED_BRANCH}")
|
||||
|
||||
@@ -148,7 +148,7 @@ render_nginx_http_only() {
|
||||
export SSL_CERT_FULLPATH="/dev/null"
|
||||
export SSL_KEY_FULLPATH="/dev/null"
|
||||
render_template "${SCRIPT_DIR}/templates/nginx-gitea.conf.tpl" "$rendered" \
|
||||
'${GITEA_DOMAIN} ${UNRAID_IP} ${UNRAID_GITEA_PORT} ${SSL_CERT_FULLPATH} ${SSL_KEY_FULLPATH}'
|
||||
"\${GITEA_DOMAIN} \${UNRAID_IP} \${UNRAID_GITEA_PORT} \${SSL_CERT_FULLPATH} \${SSL_KEY_FULLPATH}"
|
||||
|
||||
# Strip the HTTPS server block (everything between markers inclusive)
|
||||
sed '/# SSL_HTTPS_BLOCK_START/,/# SSL_HTTPS_BLOCK_END/d' "$rendered" > "$tmpfile"
|
||||
@@ -166,10 +166,11 @@ render_nginx_https() {
|
||||
export SSL_CERT_FULLPATH="$cert_path"
|
||||
export SSL_KEY_FULLPATH="$key_path"
|
||||
render_template "${SCRIPT_DIR}/templates/nginx-gitea.conf.tpl" "$rendered" \
|
||||
'${GITEA_DOMAIN} ${UNRAID_IP} ${UNRAID_GITEA_PORT} ${SSL_CERT_FULLPATH} ${SSL_KEY_FULLPATH}'
|
||||
"\${GITEA_DOMAIN} \${UNRAID_IP} \${UNRAID_GITEA_PORT} \${SSL_CERT_FULLPATH} \${SSL_KEY_FULLPATH}"
|
||||
|
||||
# Replace the redirect block content with a 301 redirect to HTTPS
|
||||
# The block between markers gets replaced with just the redirect
|
||||
# shellcheck disable=SC2016
|
||||
sed '/# SSL_REDIRECT_BLOCK_START/,/# SSL_REDIRECT_BLOCK_END/{
|
||||
/# SSL_REDIRECT_BLOCK_START/!{/# SSL_REDIRECT_BLOCK_END/!d;}
|
||||
/# SSL_REDIRECT_BLOCK_START/a\
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
# shellcheck disable=SC2329
|
||||
|
||||
# =============================================================================
|
||||
# phase8_post_check.sh — Verify Phase 8 (Cutover) succeeded
|
||||
@@ -41,6 +42,7 @@ run_check "HTTPS returns 200 at https://${GITEA_DOMAIN}" \
|
||||
curl -sf -o /dev/null "https://${GITEA_DOMAIN}/api/v1/version"
|
||||
|
||||
# Check 2: HTTP redirects to HTTPS (returns 301)
|
||||
# shellcheck disable=SC2329
|
||||
check_redirect() {
|
||||
local http_code
|
||||
http_code=$(curl -sI -o /dev/null -w "%{http_code}" "http://${GITEA_DOMAIN}/")
|
||||
@@ -49,6 +51,7 @@ check_redirect() {
|
||||
run_check "HTTP → HTTPS redirect (301)" check_redirect
|
||||
|
||||
# Check 3: SSL certificate is valid (not self-signed)
|
||||
# shellcheck disable=SC2329
|
||||
check_ssl_cert() {
|
||||
# Verify openssl can connect and the cert is issued by a recognized CA
|
||||
local issuer
|
||||
@@ -66,6 +69,7 @@ done
|
||||
|
||||
# Check 5: GitHub repos are marked as offsite backup
|
||||
for repo in "${REPOS[@]}"; do
|
||||
# shellcheck disable=SC2329
|
||||
check_mirror_marked() {
|
||||
local desc
|
||||
desc=$(github_api GET "/repos/${GITHUB_USERNAME}/$1" | jq -r '.description // ""')
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
# shellcheck disable=SC2329
|
||||
|
||||
# =============================================================================
|
||||
# phase9_post_check.sh — Verify Phase 9 (Security Scanning) succeeded
|
||||
@@ -38,6 +39,7 @@ for repo in "${REPOS[@]}"; do
|
||||
log_info "--- Checking repo: ${repo} ---"
|
||||
|
||||
# Check 1: security-scan.yml exists
|
||||
# shellcheck disable=SC2329
|
||||
check_workflow_exists() {
|
||||
gitea_api GET "/repos/${GITEA_ORG_NAME}/$1/contents/.gitea/workflows/security-scan.yml" >/dev/null
|
||||
}
|
||||
@@ -45,6 +47,7 @@ for repo in "${REPOS[@]}"; do
|
||||
|
||||
# Check 2: Branch protection includes security checks (if required)
|
||||
if [[ "$SECURITY_FAIL_ON_ERROR" == "true" ]]; then
|
||||
# shellcheck disable=SC2329
|
||||
check_status_checks() {
|
||||
local protection
|
||||
protection=$(gitea_api GET "/repos/${GITEA_ORG_NAME}/$1/branch_protections/${PROTECTED_BRANCH}")
|
||||
|
||||
@@ -58,7 +58,7 @@ for repo in "${REPOS[@]}"; do
|
||||
rm -rf "$CLONE_DIR"
|
||||
mkdir -p "$CLONE_DIR"
|
||||
|
||||
CLONE_URL=$(echo "${GITEA_INTERNAL_URL}" | sed "s|://|://${GITEA_ADMIN_USER}:${GITEA_ADMIN_TOKEN}@|")
|
||||
CLONE_URL="${GITEA_INTERNAL_URL%%://*}://${GITEA_ADMIN_USER}:${GITEA_ADMIN_TOKEN}@${GITEA_INTERNAL_URL#*://}"
|
||||
log_info "Cloning ${repo}..."
|
||||
git clone -q "${CLONE_URL}/${GITEA_ORG_NAME}/${repo}.git" "$CLONE_DIR"
|
||||
|
||||
@@ -72,7 +72,7 @@ for repo in "${REPOS[@]}"; do
|
||||
export SEMGREP_VERSION TRIVY_VERSION GITLEAKS_VERSION PROTECTED_BRANCH
|
||||
render_template "${SCRIPT_DIR}/templates/workflows/security-scan.yml.tpl" \
|
||||
"${CLONE_DIR}/.gitea/workflows/security-scan.yml" \
|
||||
'${PROTECTED_BRANCH} ${SEMGREP_VERSION} ${TRIVY_VERSION} ${GITLEAKS_VERSION}'
|
||||
"\${PROTECTED_BRANCH} \${SEMGREP_VERSION} \${TRIVY_VERSION} \${GITLEAKS_VERSION}"
|
||||
|
||||
# -------------------------------------------------------------------------
|
||||
# Step 3: Commit and push
|
||||
|
||||
@@ -46,7 +46,7 @@ for repo in "${REPOS[@]}"; do
|
||||
CLONE_DIR="${TEMP_BASE}/${repo}"
|
||||
rm -rf "$CLONE_DIR"
|
||||
|
||||
CLONE_URL=$(echo "${GITEA_INTERNAL_URL}" | sed "s|://|://${GITEA_ADMIN_USER}:${GITEA_ADMIN_TOKEN}@|")
|
||||
CLONE_URL="${GITEA_INTERNAL_URL%%://*}://${GITEA_ADMIN_USER}:${GITEA_ADMIN_TOKEN}@${GITEA_INTERNAL_URL#*://}"
|
||||
git clone -q "${CLONE_URL}/${GITEA_ORG_NAME}/${repo}.git" "$CLONE_DIR"
|
||||
|
||||
if [[ -f "${CLONE_DIR}/.gitea/workflows/security-scan.yml" ]]; then
|
||||
|
||||
20
preflight.sh
20
preflight.sh
@@ -1,5 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
# shellcheck disable=SC2329
|
||||
|
||||
# =============================================================================
|
||||
# preflight.sh — Validate everything before running migration phases
|
||||
@@ -75,6 +76,7 @@ check_fedora_os() {
|
||||
# ---------------------------------------------------------------------------
|
||||
# Check 4: .env exists
|
||||
# ---------------------------------------------------------------------------
|
||||
# shellcheck disable=SC2329
|
||||
check_env_exists() {
|
||||
[[ -f "${SCRIPT_DIR}/.env" ]]
|
||||
}
|
||||
@@ -88,6 +90,7 @@ fi
|
||||
# ---------------------------------------------------------------------------
|
||||
# Check 5: runners.conf exists
|
||||
# ---------------------------------------------------------------------------
|
||||
# shellcheck disable=SC2329
|
||||
check_runners_conf() {
|
||||
[[ -f "${SCRIPT_DIR}/runners.conf" ]]
|
||||
}
|
||||
@@ -119,6 +122,7 @@ REQUIRED_VARS=(
|
||||
NGINX_CONTAINER_NAME NGINX_CONF_PATH SSL_MODE
|
||||
)
|
||||
|
||||
# shellcheck disable=SC2329
|
||||
check_required_vars() {
|
||||
local missing=0
|
||||
for var in "${REQUIRED_VARS[@]}"; do
|
||||
@@ -154,13 +158,14 @@ check_required_vars() {
|
||||
;;
|
||||
esac
|
||||
|
||||
return $missing
|
||||
return "$missing"
|
||||
}
|
||||
check 6 "All required .env vars are set" check_required_vars
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Check 7: SSH to Unraid
|
||||
# ---------------------------------------------------------------------------
|
||||
# shellcheck disable=SC2329
|
||||
check_ssh_unraid() {
|
||||
ssh_check UNRAID
|
||||
}
|
||||
@@ -172,6 +177,7 @@ fi
|
||||
# ---------------------------------------------------------------------------
|
||||
# Check 8: SSH to Fedora
|
||||
# ---------------------------------------------------------------------------
|
||||
# shellcheck disable=SC2329
|
||||
check_ssh_fedora() {
|
||||
ssh_check FEDORA
|
||||
}
|
||||
@@ -298,6 +304,7 @@ fi
|
||||
# ---------------------------------------------------------------------------
|
||||
# Check 17: GitHub repos exist
|
||||
# ---------------------------------------------------------------------------
|
||||
# shellcheck disable=SC2329
|
||||
check_github_repos() {
|
||||
local all_ok=0
|
||||
for var in REPO_1_NAME REPO_2_NAME REPO_3_NAME; do
|
||||
@@ -310,7 +317,7 @@ check_github_repos() {
|
||||
all_ok=1
|
||||
fi
|
||||
done
|
||||
return $all_ok
|
||||
return "$all_ok"
|
||||
}
|
||||
check 17 "All GitHub repos exist" check_github_repos
|
||||
|
||||
@@ -342,36 +349,39 @@ fi
|
||||
# Check 20: Local tool minimum versions
|
||||
# Validates that tools on the MacBook meet minimum requirements.
|
||||
# ---------------------------------------------------------------------------
|
||||
# shellcheck disable=SC2329
|
||||
check_local_versions() {
|
||||
local fail=0
|
||||
check_min_version "jq" "jq --version" "1.6" || fail=1
|
||||
check_min_version "curl" "curl --version" "7.70" || fail=1
|
||||
check_min_version "git" "git --version" "2.30" || fail=1
|
||||
return $fail
|
||||
return "$fail"
|
||||
}
|
||||
check 20 "Local tool minimum versions (jq>=1.6, curl>=7.70, git>=2.30)" check_local_versions
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Check 21: Unraid tool minimum versions
|
||||
# ---------------------------------------------------------------------------
|
||||
# shellcheck disable=SC2329
|
||||
check_unraid_versions() {
|
||||
local fail=0
|
||||
check_remote_min_version "UNRAID" "docker" "docker --version" "20.0" || fail=1
|
||||
check_remote_min_version "UNRAID" "docker-compose" "docker compose version 2>/dev/null || docker-compose --version" "2.0" || fail=1
|
||||
check_remote_min_version "UNRAID" "jq" "jq --version" "1.6" || fail=1
|
||||
return $fail
|
||||
return "$fail"
|
||||
}
|
||||
check 21 "Unraid tool minimum versions (docker>=20, compose>=2, jq>=1.6)" check_unraid_versions
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Check 22: Fedora tool minimum versions
|
||||
# ---------------------------------------------------------------------------
|
||||
# shellcheck disable=SC2329
|
||||
check_fedora_versions() {
|
||||
local fail=0
|
||||
check_remote_min_version "FEDORA" "docker" "docker --version" "20.0" || fail=1
|
||||
check_remote_min_version "FEDORA" "docker-compose" "docker compose version" "2.0" || fail=1
|
||||
check_remote_min_version "FEDORA" "jq" "jq --version" "1.6" || fail=1
|
||||
return $fail
|
||||
return "$fail"
|
||||
}
|
||||
check 22 "Fedora tool minimum versions (docker>=20, compose>=2, jq>=1.6)" check_fedora_versions
|
||||
|
||||
|
||||
@@ -16,6 +16,8 @@ set -euo pipefail
|
||||
# =============================================================================
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
||||
# shellcheck source=../lib/common.sh
|
||||
# shellcheck disable=SC1091
|
||||
source "${SCRIPT_DIR}/../lib/common.sh"
|
||||
|
||||
load_env || true # Best effort — .env may already be gone during full cleanup
|
||||
|
||||
@@ -14,6 +14,8 @@ set -euo pipefail
|
||||
# =============================================================================
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
||||
# shellcheck source=../lib/common.sh
|
||||
# shellcheck disable=SC1091
|
||||
source "${SCRIPT_DIR}/../lib/common.sh"
|
||||
|
||||
load_env
|
||||
|
||||
@@ -6,6 +6,8 @@ set -euo pipefail
|
||||
# =============================================================================
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
||||
# shellcheck source=../lib/common.sh
|
||||
# shellcheck disable=SC1091
|
||||
source "${SCRIPT_DIR}/../lib/common.sh"
|
||||
|
||||
load_env
|
||||
|
||||
@@ -6,6 +6,8 @@ set -euo pipefail
|
||||
# =============================================================================
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
||||
# shellcheck source=../lib/common.sh
|
||||
# shellcheck disable=SC1091
|
||||
source "${SCRIPT_DIR}/../lib/common.sh"
|
||||
|
||||
log_info "=== MacBook Setup ==="
|
||||
|
||||
@@ -6,6 +6,8 @@ set -euo pipefail
|
||||
# =============================================================================
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
||||
# shellcheck source=../lib/common.sh
|
||||
# shellcheck disable=SC1091
|
||||
source "${SCRIPT_DIR}/../lib/common.sh"
|
||||
|
||||
load_env
|
||||
|
||||
Reference in New Issue
Block a user