forked from EasyDynamics/oscal-editor-deployment
-
Notifications
You must be signed in to change notification settings - Fork 0
/
packages_pull.sh
executable file
·151 lines (123 loc) · 4.18 KB
/
packages_pull.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
#!/bin/bash
cmd_name="$0"
usage() (
echo "Usage: $cmd_name PAT"
echo ""
echo " Downloads the pre-built packages from GitHub Packages"
echo " for the OSCAL Web App and REST service."
echo " The PAT may be provided as an argument or through the"
echo " OSCAL_EDITOR_GITHUB_PACKAGES_PAT environment variable. The PAT must have"
echo " the read:packages permission."
echo ""
echo " Example 1:"
echo " $cmd_name ghp_exampletoken1231"
echo ""
echo " Example 2:"
echo " export OSCAL_EDITOR_GITHUB_PACKAGES_PAT=ghp_exampletoken1231"
echo " $cmd_name"
echo ""
)
assert-required-commands() (
commands=(jq xmlstarlet curl unzip)
missing=0
for cmd in "${commands[@]}"; do
if ! command -v "$cmd" &> /dev/null; then
echo "!!! Required command $cmd is missing."
# This assumes that the package name and the command name are the same;
# this is true for all current commands and Ubuntu/Debian but may not
# hold true for Fedora/RHEL/SUSE.
echo " Install the $cmd package and try again."
((missing++))
fi
done
exit "$missing"
)
authenticated-v3-api-request() (
local url="$1"
local token="$2"
curl \
-sL \
-H "Accept: application/vnd.github.v3+json" \
-H "Authorization: token $token" \
"$url"
)
authenticated-pkg-api-request() (
local url="$1"
local token="$2"
curl \
-sL \
-H "Authorization: token $token" \
"$url"
)
get-viewer-zip() (
local zip_url="https://github.com/EasyDynamics/oscal-react-library/releases/latest/download/oscal-viewer.zip"
local output="./oscal-viewer.zip"
if ! curl -sL -o "$output" "$zip_url"; then
echo "!!! Unable to download OSCAL React Viewer ZIP file"
exit 1
fi
)
get-rest-service-jar() (
local token="$1"
local request_url="https://api.github.com/orgs/EasyDynamics/packages/maven/com.easydynamics.oscal-rest-service-app/versions"
local package_version
package_version="$(authenticated-v3-api-request "$request_url" "$token" | jq --raw-output '.[0].name' 2> /dev/null)"
if [ "$?" -ne 0 ] || [ -z "$package_version" ] ; then
echo "!!! Unable to get OSCAL Rest Service package version"
echo " Check the provided PAT has sufficient permissions and try again"
exit 1
fi
local metadata_url="https://maven.pkg.github.com/EasyDynamics/oscal-rest-service/com/easydynamics/oscal-rest-service-app/$package_version/maven-metadata.xml"
local metadata
metadata="$(authenticated-pkg-api-request "$metadata_url" "$token")"
if [ "$?" -ne 0 ]; then
echo "!!! Unable to get the OSCAL Rest Service package metadata"
echo " Check the provided PAT has sufficient permissions and try again"
exit 1
fi
local timestamp
timestamp="$(echo "$metadata" | xmlstarlet sel -t -v "//metadata/versioning/snapshotVersions/snapshotVersion[last()]/value" "-")"
if [ "$?" -ne 0 ]; then
echo "!!! Unable to parse the timestamp from the OSCAL Rest Service package metadata."
exit 1
fi
local service_jar_url="https://maven.pkg.github.com/EasyDynamics/oscal-rest-service/com.easydynamics/oscal-rest-service-app/$package_version/oscal-rest-service-app-$timestamp.jar"
if ! curl -H "Authorization: token $token" -sL -o "./oscal-rest.jar" "$service_jar_url"; then
echo "!!! Unable to download the OSCAL Rest Service .jar file"
exit 1
fi
)
cleanup() (
rm -rf ./oscal-viewer ./oscal-viewer.zip
)
main() (
local token="${1:-$OSCAL_EDITOR_GITHUB_PACKAGES_PAT}"
# Ensure that the token is present and that it matches the expected format of
# a GitHub PAT.
if [ -z "$token" ]; then
usage
exit 1
fi
# Formats based on:
# https://github.blog/changelog/2021-03-31-authentication-token-format-updates-are-generally-available/
if [[ ! "$token" =~ ^gh[pousr]_ ]]; then
echo "!!! The provided GitHub PAT is invalid"
exit 1
fi
echo "==> Checking required commands are installed"
if ! assert-required-commands; then
exit 1
fi
echo "==> Downloading OSCAL Viewer"
if ! get-viewer-zip; then
exit 1
fi
unzip -qo ./oscal-viewer.zip -d ./oscal-viewer
echo "==> Fetching OSCAL REST Service JAR file"
if ! get-rest-service-jar "$token"; then
exit 1
fi
echo "==> Done!"
)
main "$@"
exit $?