privacy-in-design/gitea-migration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
02ffddf0720cde40b933e7ae3f3c293335424af1
gitea-migration/phase8_post_check.sh
S d25a2075d4 refactor: use REPO_NAMES in phase8_post_check.sh 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-01 10:05:45 -05:00

92 lines
2.8 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
# shellcheck disable=SC2329
# =============================================================================
# phase8_post_check.sh — Verify Phase 8 (Cutover) succeeded
# Checks:
# 1. HTTPS works with valid cert
# 2. HTTP redirects to HTTPS
# 3. All repos accessible via HTTPS
# 4. GitHub repos are marked as offsite backup
# Exits 0 only if ALL checks pass.
# =============================================================================
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
source "${SCRIPT_DIR}/lib/common.sh"
load_env
require_vars GITEA_DOMAIN GITEA_ADMIN_TOKEN GITEA_ORG_NAME \
GITHUB_USERNAME GITHUB_TOKEN \
REPO_NAMES
log_info "=== Phase 8 Post-Check ==="
read -ra REPOS <<< "$REPO_NAMES"
PASS=0
FAIL=0
run_check() {
local description="$1"; shift
if "$@" 2>/dev/null; then
log_success "$description"
PASS=$((PASS + 1))
else
log_error "FAIL: $description"
FAIL=$((FAIL + 1))
fi
}
# Check 1: HTTPS works
run_check "HTTPS returns 200 at https://${GITEA_DOMAIN}" \
curl -sf -o /dev/null "https://${GITEA_DOMAIN}/api/v1/version"
# Check 2: HTTP redirects to HTTPS (returns 301)
# shellcheck disable=SC2329
check_redirect() {
local http_code
http_code=$(curl -sI -o /dev/null -w "%{http_code}" "http://${GITEA_DOMAIN}/")
[[ "$http_code" == "301" ]]
}
run_check "HTTP → HTTPS redirect (301)" check_redirect
# Check 3: SSL certificate is valid (not self-signed)
# shellcheck disable=SC2329
check_ssl_cert() {
# Verify openssl can connect and the cert is issued by a recognized CA
local issuer
issuer=$(echo | openssl s_client -connect "${GITEA_DOMAIN}:443" -servername "${GITEA_DOMAIN}" 2>/dev/null | openssl x509 -noout -issuer 2>/dev/null || echo "")
# Check that the issuer is not empty (meaning cert is valid)
[[ -n "$issuer" ]]
}
run_check "SSL certificate is valid" check_ssl_cert
# Check 4: All repos accessible via HTTPS
for repo in "${REPOS[@]}"; do
run_check "Repo ${repo} accessible at https://${GITEA_DOMAIN}/${GITEA_ORG_NAME}/${repo}" \
curl -sf -o /dev/null -H "Authorization: token ${GITEA_ADMIN_TOKEN}" "https://${GITEA_DOMAIN}/api/v1/repos/${GITEA_ORG_NAME}/${repo}"
done
# Check 5: GitHub repos are marked as offsite backup
for repo in "${REPOS[@]}"; do
# shellcheck disable=SC2329
check_mirror_marked() {
local desc
desc=$(github_api GET "/repos/${GITHUB_USERNAME}/$1" | jq -r '.description // ""')
[[ "$desc" == "[MIRROR]"* ]]
}
run_check "GitHub repo ${repo} marked as mirror" check_mirror_marked "$repo"
done
# Summary
printf '\n'
log_info "Results: ${PASS} passed, ${FAIL} failed"
if [[ $FAIL -gt 0 ]]; then
log_error "Phase 8 post-check FAILED"
exit 1
else
log_success "Phase 8 post-check PASSED — Gitea is live with HTTPS"
exit 0
fi
Reference in New Issue View Git Blame Copy Permalink