privacy-in-design/gitea-migration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9379b95a4191d35b10591796f1158847716f25e3
gitea-migration/phase8_post_check.sh
S 9379b95a41 feat: add Phase 8 — Cutover (HTTPS + Archive GitHub) 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 15:29:14 -06:00

88 lines
2.7 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
# =============================================================================
# phase8_post_check.sh — Verify Phase 8 (Cutover) succeeded
# Checks:
# 1. HTTPS works with valid cert
# 2. HTTP redirects to HTTPS
# 3. All repos accessible via HTTPS
# 4. GitHub repos are archived
# Exits 0 only if ALL checks pass.
# =============================================================================
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
source "${SCRIPT_DIR}/lib/common.sh"
load_env
require_vars GITEA_DOMAIN GITEA_ADMIN_TOKEN GITEA_ORG_NAME \
GITHUB_USERNAME GITHUB_TOKEN \
REPO_1_NAME REPO_2_NAME REPO_3_NAME
log_info "=== Phase 8 Post-Check ==="
REPOS=("$REPO_1_NAME" "$REPO_2_NAME" "$REPO_3_NAME")
PASS=0
FAIL=0
run_check() {
local description="$1"; shift
if "$@" 2>/dev/null; then
log_success "$description"
PASS=$((PASS + 1))
else
log_error "FAIL: $description"
FAIL=$((FAIL + 1))
fi
}
# Check 1: HTTPS works
run_check "HTTPS returns 200 at https://${GITEA_DOMAIN}" \
curl -sf -o /dev/null "https://${GITEA_DOMAIN}/api/v1/version"
# Check 2: HTTP redirects to HTTPS (returns 301)
check_redirect() {
local http_code
http_code=$(curl -sI -o /dev/null -w "%{http_code}" "http://${GITEA_DOMAIN}/")
[[ "$http_code" == "301" ]]
}
run_check "HTTP → HTTPS redirect (301)" check_redirect
# Check 3: SSL certificate is valid (not self-signed)
check_ssl_cert() {
# Verify openssl can connect and the cert is issued by a recognized CA
local issuer
issuer=$(echo | openssl s_client -connect "${GITEA_DOMAIN}:443" -servername "${GITEA_DOMAIN}" 2>/dev/null | openssl x509 -noout -issuer 2>/dev/null || echo "")
# Check that the issuer is not empty (meaning cert is valid)
[[ -n "$issuer" ]]
}
run_check "SSL certificate is valid" check_ssl_cert
# Check 4: All repos accessible via HTTPS
for repo in "${REPOS[@]}"; do
run_check "Repo ${repo} accessible at https://${GITEA_DOMAIN}/${GITEA_ORG_NAME}/${repo}" \
curl -sf -o /dev/null -H "Authorization: token ${GITEA_ADMIN_TOKEN}" "https://${GITEA_DOMAIN}/api/v1/repos/${GITEA_ORG_NAME}/${repo}"
done
# Check 5: GitHub repos are archived
for repo in "${REPOS[@]}"; do
check_archived() {
local is_archived
is_archived=$(github_api GET "/repos/${GITHUB_USERNAME}/$1" | jq -r '.archived')
[[ "$is_archived" == "true" ]]
}
run_check "GitHub repo ${repo} is archived" check_archived "$repo"
done
# Summary
printf '\n'
log_info "Results: ${PASS} passed, ${FAIL} failed"
if [[ $FAIL -gt 0 ]]; then
log_error "Phase 8 post-check FAILED"
exit 1
else
log_success "Phase 8 post-check PASSED — Gitea is live with HTTPS"
exit 0
fi
Reference in New Issue View Git Blame Copy Permalink