From 34848107276e0d6b5e5f11f2afd39fbca7f8f36c Mon Sep 17 00:00:00 2001 From: Romain Grecourt Date: Mon, 26 Aug 2024 15:19:58 -0700 Subject: [PATCH 1/2] Update scripts, add shellcheck validation - Run shellcheck in GitHub actions - Fix all shellcheck errors - Rework release.sh Fix shellcheck errors --- .github/workflows/validate.yml | 27 ++- etc/scripts/RELEASE.md | 10 +- etc/scripts/build.sh | 46 +++-- etc/scripts/checkstyle.sh | 49 +++-- etc/scripts/copyright.sh | 56 +++-- ...ependency-check.sh => dependency-check.sh} | 11 +- etc/scripts/includes/error_handlers.sh | 55 ----- etc/scripts/includes/pipeline-env.sh | 139 ------------- etc/scripts/{primebuild.sh => prime-build.sh} | 70 ++++--- etc/scripts/release.sh | 142 +++---------- etc/scripts/shellcheck.sh | 53 +++++ etc/scripts/spotbugs.sh | 44 ++-- etc/scripts/update-version.awk | 78 +++++++ etc/scripts/update-version.sh | 76 +++++++ etc/scripts/updatehelidonversion.sh | 58 ------ etc/scripts/updateparent.awk | 102 ---------- .../messaging/docker/kafka/init_topics.sh | 23 ++- .../messaging/docker/kafka/start_kafka.sh | 2 +- .../docker/oracle-aq-18-xe/buildAndRun.sh | 4 +- .../createAndStartEmptyDomain.sh | 53 +++-- .../etc/unsupported-cert-tools/create-keys.sh | 24 ++- .../etc/unsupported-cert-tools/rotate-keys.sh | 15 +- .../etc/unsupported-cert-tools/utils.sh | 61 +++--- .../mutual-tls/automatic-store-generator.sh | 191 +++++++++--------- 24 files changed, 634 insertions(+), 755 deletions(-) rename etc/scripts/{owasp-dependency-check.sh => dependency-check.sh} (85%) delete mode 100644 etc/scripts/includes/error_handlers.sh delete mode 100644 etc/scripts/includes/pipeline-env.sh rename etc/scripts/{primebuild.sh => prime-build.sh} (52%) create mode 100755 etc/scripts/shellcheck.sh create mode 100755 etc/scripts/update-version.awk create mode 100755 etc/scripts/update-version.sh delete mode 100755 etc/scripts/updatehelidonversion.sh delete mode 100644 etc/scripts/updateparent.awk diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 9d9c3da76..69177f7e6 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -10,14 +10,17 @@ env: JAVA_VERSION: '21' JAVA_DISTRO: 'oracle' HELIDON_PIPELINES: 'true' - MAVEN_HTTP_ARGS: '-Dmaven.wagon.httpconnectionManager.ttlSeconds=60 -Dmaven.wagon.http.retryHandler.count=3' + MAVEN_ARGS: | + -B -fae -e + -Dmaven.wagon.httpconnectionManager.ttlSeconds=60 + -Dmaven.wagon.http.retryHandler.count=3 concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: - primebuild: + prime-build: timeout-minutes: 30 runs-on: ubuntu-20.04 steps: @@ -34,7 +37,7 @@ jobs: run: | mkdir -p ~/.m2/repository/io/helidon/ echo "empty file" > ~/.m2/repository/io/helidon/empty.txt - etc/scripts/primebuild.sh + etc/scripts/prime-build.sh - name: Upload Maven Artifacts uses: actions/upload-artifact@v4 with: @@ -42,7 +45,7 @@ jobs: path: ~/.m2/repository/io/helidon retention-days: 1 copyright: - needs: primebuild + needs: prime-build timeout-minutes: 10 runs-on: ubuntu-20.04 steps: @@ -58,7 +61,7 @@ jobs: - name: Copyright run: etc/scripts/copyright.sh checkstyle: - needs: primebuild + needs: prime-build timeout-minutes: 10 runs-on: ubuntu-20.04 steps: @@ -76,8 +79,17 @@ jobs: cache: maven - name: Checkstyle run: etc/scripts/checkstyle.sh + shellcheck: + timeout-minutes: 5 + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ inputs.ref }} + - name: ShellCheck + run: etc/scripts/shellcheck.sh spotbugs: - needs: primebuild + needs: prime-build timeout-minutes: 10 runs-on: ubuntu-20.04 steps: @@ -96,7 +108,7 @@ jobs: - name: Spotbugs run: etc/scripts/spotbugs.sh build: - needs: primebuild + needs: prime-build timeout-minutes: 20 strategy: matrix: @@ -119,4 +131,3 @@ jobs: cache: maven - name: Maven build run: etc/scripts/build.sh - diff --git a/etc/scripts/RELEASE.md b/etc/scripts/RELEASE.md index 49b095e38..7f5071ae7 100644 --- a/etc/scripts/RELEASE.md +++ b/etc/scripts/RELEASE.md @@ -2,7 +2,7 @@ # Releasing Helidon Examples These are the steps for doing a release of Helidon Examples. These steps -will use release 4.0.0 in examples. Of course you are not releasing +will use release 4.0.0 in examples. Of course, you are not releasing 4.0.0, so make sure to change that release number to your release number when copy/pasting. @@ -18,7 +18,7 @@ creates a release tag and updates the corresponding helidon-X.X branch. Here is the overall procedure: 1. Create a local release branch from the corresponding dev branch. -2. Update the version of Helidon consumed by the examples. Typically this will be +2. Update the version of Helidon consumed by the examples. Typically, this will be needed as the dev branch poms reference a snapshot version of Helidon. 3. Push release branch to upstream, release workflow runs 4. Verify tag and branch update performed by workflow by pulling the branch and tag and @@ -42,7 +42,7 @@ export VERSION="4.0.0" 2. Update Helidon version used by examples. This should be a released version of Helidon ```shell - etc/scripts/updatehelidonversion.sh ${VERSION} + etc/scripts/update-version.sh ${VERSION} ``` 3. Commit and Push local release branch to upstream to trigger release workflow. ```shell @@ -60,8 +60,8 @@ export VERSION="4.0.0" git rebase origin/helidon-4.x git log # Make sure it is what it should be mvn clean install - # Checkout and veriy tag - git checkout tags/${VERISON} + # Checkout and verify tag + git checkout tags/${VERSION} git log # Make sure it is what it should be mvn clean install ``` diff --git a/etc/scripts/build.sh b/etc/scripts/build.sh index 73f68495c..4dc0d2fca 100755 --- a/etc/scripts/build.sh +++ b/etc/scripts/build.sh @@ -1,4 +1,4 @@ -#!/bin/bash -e +#!/bin/bash # # Copyright (c) 2022, 2024 Oracle and/or its affiliates. # @@ -15,25 +15,37 @@ # limitations under the License. # -# Path to this script -[ -h "${0}" ] && readonly SCRIPT_PATH="$(readlink "${0}")" || readonly SCRIPT_PATH="${0}" +set -o pipefail || true # trace ERR through pipes +set -o errtrace || true # trace ERR through commands and functions +set -o errexit || true # exit the script if any statement returns a non-true return value -# Load pipeline environment setup and define WS_DIR -. $(dirname -- "${SCRIPT_PATH}")/includes/pipeline-env.sh "${SCRIPT_PATH}" '../..' +on_error(){ + CODE="${?}" && \ + set +x && \ + printf "[ERROR] Error(code=%s) occurred at %s:%s command: %s\n" \ + "${CODE}" "${BASH_SOURCE[0]}" "${LINENO}" "${BASH_COMMAND}" +} +trap on_error ERR -# Setup error handling using default settings (defined in includes/error_handlers.sh) -error_trap_setup +# Path to this script +if [ -h "${0}" ] ; then + SCRIPT_PATH="$(readlink "${0}")" +else + # shellcheck disable=SC155 + SCRIPT_PATH="${0}" +fi +readonly SCRIPT_PATH -readonly SCRIPT_DIR=$(dirname ${SCRIPT_PATH}) +# Path to the root of the workspace +# shellcheck disable=SC2046 +WS_DIR=$(cd $(dirname -- "${SCRIPT_PATH}") ; cd ../.. ; pwd -P) +readonly WS_DIR +# shellcheck disable=SC2086 mvn ${MAVEN_ARGS} --version -# Do priming build to populate local maven cache with Helidon SNAPSHOT artifacts -# Handled by workflow -#${SCRIPT_DIR}/primebuild.sh - -# Build this repository -echo "Build..." -mvn ${MAVEN_ARGS} -f ${WS_DIR}/pom.xml \ - clean install -e \ - -Dmaven.test.failure.ignore=true +# shellcheck disable=SC2086 +mvn ${MAVEN_ARGS} \ + -f "${WS_DIR}"/pom.xml \ + -Dmaven.test.failure.ignore=true \ + clean install diff --git a/etc/scripts/checkstyle.sh b/etc/scripts/checkstyle.sh index 0f845d6ec..96ede1599 100755 --- a/etc/scripts/checkstyle.sh +++ b/etc/scripts/checkstyle.sh @@ -1,6 +1,6 @@ -#!/bin/bash -e +#!/bin/bash # -# Copyright (c) 2018, 2023 Oracle and/or its affiliates. +# Copyright (c) 2018, 2024 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,26 +15,49 @@ # limitations under the License. # +set -o pipefail || true # trace ERR through pipes +set -o errtrace || true # trace ERR through commands and functions +set -o errexit || true # exit the script if any statement returns a non-true return value + +on_error(){ + CODE="${?}" && \ + set +x && \ + printf "[ERROR] Error(code=%s) occurred at %s:%s command: %s\n" \ + "${CODE}" "${BASH_SOURCE[0]}" "${LINENO}" "${BASH_COMMAND}" +} +trap on_error ERR + # Path to this script -[ -h "${0}" ] && readonly SCRIPT_PATH="$(readlink "${0}")" || readonly SCRIPT_PATH="${0}" +if [ -h "${0}" ] ; then + SCRIPT_PATH="$(readlink "${0}")" +else + # shellcheck disable=SC155 + SCRIPT_PATH="${0}" +fi +readonly SCRIPT_PATH -# Load pipeline environment setup and define WS_DIR -. $(dirname -- "${SCRIPT_PATH}")/includes/pipeline-env.sh "${SCRIPT_PATH}" '../..' +# Path to the root of the workspace +# shellcheck disable=SC2046 +WS_DIR=$(cd $(dirname -- "${SCRIPT_PATH}") ; cd ../.. ; pwd -P) +readonly WS_DIR -# Setup error handling using default settings (defined in includes/error_handlers.sh) -error_trap_setup +LOG_FILE=$(mktemp -t XXXcheckstyle-log) +readonly LOG_FILE -readonly LOG_FILE=$(mktemp -t XXXcheckstyle-log) +RESULT_FILE=$(mktemp -t XXXcheckstyle-result) +readonly RESULT_FILE -readonly RESULT_FILE=$(mktemp -t XXXcheckstyle-result) +die(){ echo "${1}" ; exit 1 ;} -die() { echo "${1}" ; exit 1 ;} +# Remove cache +rm -f "${WS_DIR}"/target/checkstyle-* +# shellcheck disable=SC2086 mvn ${MAVEN_ARGS} checkstyle:checkstyle-aggregate \ - -f ${WS_DIR}/pom.xml \ + -f "${WS_DIR}"/pom.xml \ -Dcheckstyle.output.format="plain" \ -Dcheckstyle.output.file="${RESULT_FILE}" \ - > ${LOG_FILE} 2>&1 || (cat ${LOG_FILE} ; exit 1) + > ${LOG_FILE} 2>&1 || (cat ${LOG_FILE} ; exit 1) -grep "^\[ERROR\]" ${RESULT_FILE} \ +grep "^\[ERROR\]" "${RESULT_FILE}" \ && die "CHECKSTYLE ERROR" || echo "CHECKSTYLE OK" diff --git a/etc/scripts/copyright.sh b/etc/scripts/copyright.sh index 73bd0027b..5ac5e0120 100755 --- a/etc/scripts/copyright.sh +++ b/etc/scripts/copyright.sh @@ -1,6 +1,6 @@ -#!/bin/bash -e +#!/bin/bash # -# Copyright (c) 2018, 2023 Oracle and/or its affiliates. +# Copyright (c) 2018, 2024 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,29 +15,47 @@ # limitations under the License. # -# Path to this script -[ -h "${0}" ] && readonly SCRIPT_PATH="$(readlink "${0}")" || readonly SCRIPT_PATH="${0}" +set -o pipefail || true # trace ERR through pipes +set -o errtrace || true # trace ERR through commands and functions +set -o errexit || true # exit the script if any statement returns a non-true return value + +on_error(){ + CODE="${?}" && \ + set +x && \ + printf "[ERROR] Error(code=%s) occurred at %s:%s command: %s\n" \ + "${CODE}" "${BASH_SOURCE[0]}" "${LINENO}" "${BASH_COMMAND}" +} +trap on_error ERR -# Load pipeline environment setup and define WS_DIR -. $(dirname -- "${SCRIPT_PATH}")/includes/pipeline-env.sh "${SCRIPT_PATH}" '../..' +# Path to this script +if [ -h "${0}" ] ; then + SCRIPT_PATH="$(readlink "${0}")" +else + SCRIPT_PATH="${0}" +fi +readonly SCRIPT_PATH -# Setup error handling using default settings (defined in includes/error_handlers.sh) -error_trap_setup +# Path to the root of the workspace +# shellcheck disable=SC2046 +WS_DIR=$(cd $(dirname -- "${SCRIPT_PATH}") ; cd ../.. ; pwd -P) +readonly WS_DIR -readonly LOG_FILE=$(mktemp -t XXXcopyright-log) +LOG_FILE=$(mktemp -t XXXcopyright-log) +readonly LOG_FILE -readonly RESULT_FILE=$(mktemp -t XXXcopyright-result) +RESULT_FILE=$(mktemp -t XXXcopyright-result) +readonly RESULT_FILE die() { echo "${1}" ; exit 1 ;} +# shellcheck disable=SC2086 mvn ${MAVEN_ARGS} \ - -f ${WS_DIR}/pom.xml \ - -Dhelidon.enforcer.output.file="${RESULT_FILE}" \ - -Dhelidon.enforcer.rules=copyright \ - -Dhelidon.enforcer.failOnError=false \ - -Pcopyright \ - -N \ - validate > ${LOG_FILE} 2>&1 || (cat ${LOG_FILE} ; exit 1) - -grep "^\[ERROR\]" ${RESULT_FILE} \ + -N -f ${WS_DIR}/pom.xml \ + -Dhelidon.enforcer.output.file="${RESULT_FILE}" \ + -Dhelidon.enforcer.rules=copyright \ + -Dhelidon.enforcer.failOnError=false \ + -Pcopyright \ + validate > ${LOG_FILE} 2>&1 || (cat ${LOG_FILE} ; exit 1) + +grep "^\[ERROR\]" "${RESULT_FILE}" \ && die "COPYRIGHT ERROR" || echo "COPYRIGHT OK" diff --git a/etc/scripts/owasp-dependency-check.sh b/etc/scripts/dependency-check.sh similarity index 85% rename from etc/scripts/owasp-dependency-check.sh rename to etc/scripts/dependency-check.sh index 3301e64d1..9af467bfe 100755 --- a/etc/scripts/owasp-dependency-check.sh +++ b/etc/scripts/dependency-check.sh @@ -48,11 +48,12 @@ die() { cat "${RESULT_FILE}" ; echo "Dependency report in ${WS_DIR}/target" ; ec # Setting NVD_API_KEY is not required but improves behavior of NVD API throttling # shellcheck disable=SC2086 -mvn ${MAVEN_ARGS} -Dorg.slf4j.simpleLogger.defaultLogLevel=WARN org.owasp:dependency-check-maven:aggregate \ - -f "${WS_DIR}"/pom.xml \ - -Dtop.parent.basedir="${WS_DIR}" \ - -Dnvd-api-key="${NVD_API_KEY}" \ - > "${RESULT_FILE}" || die "Error running the Maven command" +mvn ${MAVEN_ARGS} \ + -f "${WS_DIR}"/pom.xml \ + -Dorg.slf4j.simpleLogger.defaultLogLevel=WARN org.owasp:dependency-check-maven:aggregate \ + -Dtop.parent.basedir="${WS_DIR}" \ + -Dnvd-api-key="${NVD_API_KEY}" \ + > "${RESULT_FILE}" || die "Error running the Maven command" grep -i "One or more dependencies were identified with known vulnerabilities" "${RESULT_FILE}" \ && die "CVE SCAN ERROR" || echo "CVE SCAN OK" diff --git a/etc/scripts/includes/error_handlers.sh b/etc/scripts/includes/error_handlers.sh deleted file mode 100644 index 4e6f7bd72..000000000 --- a/etc/scripts/includes/error_handlers.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/bash -# -# Copyright (c) 2018, 2023 Oracle and/or its affiliates. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -############################################################################### -# Error handling functions # -############################################################################### - -# Multiple definition protection. -# The same code is included in both local and pipeline environment setup. -if [ -z "${__ERROR_HANDLER_INCLUDED__}" ]; then - readonly __ERROR_HANDLER_INCLUDED__='true' - - # Default error handler. - # Shell variables: CODE - # BASH_SOURCE - # LINENO - # BASH_COMMAND - on_error() { - CODE="${?}" && \ - set +x && \ - printf "[ERROR] Error(code=%s) occurred at %s:%s command: %s\n" \ - "${CODE}" "${BASH_SOURCE}" "${LINENO}" "${BASH_COMMAND}" - } - - # Error handling setup - # Arguments: $1 - error handler name (optional, default name is 'on_error') - error_trap_setup() { - # trace ERR through pipes - set -o pipefail || true - # trace ERR through commands and functions - set -o errtrace || true - # exit the script if any statement returns a non-true return value - set -o errexit || true - # Set error handler - trap "${1:-on_error}" ERR - } - -else - echo "WARNING: ${WS_DIR}/etc/scripts/includes/error_handlers.sh included multiple times." - echo "WARNING: Make sure that only one from local and pipeline environment setups is loaded." -fi diff --git a/etc/scripts/includes/pipeline-env.sh b/etc/scripts/includes/pipeline-env.sh deleted file mode 100644 index 713da4fd0..000000000 --- a/etc/scripts/includes/pipeline-env.sh +++ /dev/null @@ -1,139 +0,0 @@ -# -# Copyright (c) 2018, 2023 Oracle and/or its affiliates. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -############################################################################### -# Pipeline environment setup # -############################################################################### -# Shell variables: WS_DIR -# Arguments: $1 - Script path -# $2 - cd to Helidon root directory from script path -# -# Atleast WS_DIR or both arguments must be passed. - -# WS_DIR variable verification. -if [ -z "${WS_DIR}" ]; then - - if [ -z "${1}" ]; then - echo "ERROR: Missing required script path, exiting" - exit 1 - fi - - if [ -z "${2}" ]; then - echo "ERROR: Missing required cd to Helidon root directory from script path, exiting" - exit 1 - fi - - readonly WS_DIR=$(cd $(dirname -- "${1}") ; cd ${2} ; pwd -P) - -fi - -# Multiple definition protection. -if [ -z "${__PIPELINE_ENV_INCLUDED__}" ]; then - readonly __PIPELINE_ENV_INCLUDED__='true' - - . ${WS_DIR}/etc/scripts/includes/error_handlers.sh - - if [ -z "${GRAALVM_HOME}" ]; then - export GRAALVM_HOME="/tools/graal-19-23" - fi - - require_env() { - if [ -z "$(eval echo \$${1})" ] ; then - echo "ERROR: ${1} not set in the environment" - return 1 - fi - } - - # Set Graal VM into JAVA_HOME and PATH - # Modified shell variables: JAVA_HOME - JDK home directory - # PATH - executables search path - graalvm() { - JAVA_HOME=${GRAALVM_HOME} - PATH="${PATH}:${JAVA_HOME}/bin" - } - - if [ -n "${HELIDON_PIPELINES}" ] ; then - export PIPELINE="true" - MAVEN_ARGS="${MAVEN_ARGS} -B ${MAVEN_HTTP_ARGS}" - export MAVEN_ARGS - # temporary fix for copyright plugin (currently fails on big renaming action for Nima) - git config diff.renameLimit 32768 - fi - - if [ -n "${JENKINS_HOME}" ] ; then - export PIPELINE="true" - export JAVA_HOME="/tools/jdk19" - MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn" - MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.showDateTime=true" - MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.dateTimeFormat=HH:mm:ss,SSS" - # Needed for archetype engine plugin - MAVEN_OPTS="${MAVEN_OPTS} --add-opens=java.base/java.util=ALL-UNNAMED" - # Needed for generating site - MAVEN_OPTS="${MAVEN_OPTS} --add-opens=java.desktop/com.sun.imageio.plugins.png=ALL-UNNAMED" - export MAVEN_OPTS - export PATH="/tools/apache-maven-3.8.6/bin:${JAVA_HOME}/bin:/tools/node-v12/bin:${PATH}" - if [ -n "${GITHUB_SSH_KEY}" ] ; then - export GIT_SSH_COMMAND="ssh -i ${GITHUB_SSH_KEY}" - fi - MAVEN_ARGS="${MAVEN_ARGS} -B" - if [ -n "${MAVEN_SETTINGS_FILE}" ] ; then - MAVEN_ARGS="${MAVEN_ARGS} -s ${MAVEN_SETTINGS_FILE}" - fi - if [ -n "${NPM_CONFIG_REGISTRY}" ] ; then - MAVEN_ARGS="${MAVEN_ARGS} -Dnpm.download.root=${NPM_CONFIG_REGISTRY}/npm/-/" - fi - export MAVEN_ARGS - - if [ -n "${https_proxy}" ] && [[ ! "${https_proxy}" =~ ^http:// ]] ; then - export https_proxy="http://${https_proxy}" - fi - if [ -n "${http_proxy}" ] && [[ ! "${http_proxy}" =~ ^http:// ]] ; then - export http_proxy="http://${http_proxy}" - fi - if [ ! -e "${HOME}/.npmrc" ] ; then - if [ -n "${NPM_CONFIG_REGISTRY}" ] ; then - echo "registry = ${NPM_CONFIG_REGISTRY}" >> ${HOME}/.npmrc - fi - if [ -n "${https_proxy}" ] ; then - echo "https-proxy = ${https_proxy}" >> ${HOME}/.npmrc - fi - if [ -n "${http_proxy}" ] ; then - echo "proxy = ${http_proxy}" >> ${HOME}/.npmrc - fi - if [ -n "${NO_PROXY}" ] ; then - echo "noproxy = ${NO_PROXY}" >> ${HOME}/.npmrc - fi - fi - - if [ -n "${GPG_PUBLIC_KEY}" ] ; then - gpg --import --no-tty --batch ${GPG_PUBLIC_KEY} - fi - if [ -n "${GPG_PRIVATE_KEY}" ] ; then - gpg --allow-secret-key-import --import --no-tty --batch ${GPG_PRIVATE_KEY} - fi - if [ -n "${GPG_PASSPHRASE}" ] ; then - echo "allow-preset-passphrase" >> ~/.gnupg/gpg-agent.conf - gpg-connect-agent reloadagent /bye - GPG_KEYGRIP=$(gpg --with-keygrip -K | grep "Keygrip" | head -1 | awk '{print $3}') - /usr/lib/gnupg/gpg-preset-passphrase --preset "${GPG_KEYGRIP}" <<< "${GPG_PASSPHRASE}" - fi - # temporary fix for copyright plugin (currently fails on big renaming action for Nima) - git config diff.renameLimit 32768 - fi - -else - echo "WARNING: ${WS_DIR}/etc/scripts/includes/pipeline-env.sh included multiple times." -fi diff --git a/etc/scripts/primebuild.sh b/etc/scripts/prime-build.sh similarity index 52% rename from etc/scripts/primebuild.sh rename to etc/scripts/prime-build.sh index 7f09aa2ed..0ef92ee5b 100755 --- a/etc/scripts/primebuild.sh +++ b/etc/scripts/prime-build.sh @@ -1,4 +1,4 @@ -#!/bin/bash -e +#!/bin/bash # # Copyright (c) 2018, 2024 Oracle and/or its affiliates. # @@ -15,21 +15,42 @@ # limitations under the License. # +set -o pipefail || true # trace ERR through pipes +set -o errtrace || true # trace ERR through commands and functions +set -o errexit || true # exit the script if any statement returns a non-true return value + +on_error(){ + CODE="${?}" && \ + set +x && \ + printf "[ERROR] Error(code=%s) occurred at %s:%s command: %s\n" \ + "${CODE}" "${BASH_SOURCE[0]}" "${LINENO}" "${BASH_COMMAND}" +} +trap on_error ERR + # Path to this script -[ -h "${0}" ] && readonly SCRIPT_PATH="$(readlink "${0}")" || readonly SCRIPT_PATH="${0}" +if [ -h "${0}" ] ; then + SCRIPT_PATH="$(readlink "${0}")" +else + # shellcheck disable=SC155 + SCRIPT_PATH="${0}" +fi +readonly SCRIPT_PATH -# Load pipeline environment setup and define WS_DIR -. $(dirname -- "${SCRIPT_PATH}")/includes/pipeline-env.sh "${SCRIPT_PATH}" '../..' +# Path to the root of the workspace +# shellcheck disable=SC2046 +WS_DIR=$(cd $(dirname -- "${SCRIPT_PATH}") ; cd ../.. ; pwd -P) +readonly WS_DIR -# Setup error handling using default settings (defined in includes/error_handlers.sh) -error_trap_setup +readonly HELIDON_REPO=https://github.com/helidon-io/helidon -readonly HELIDON_REPO_NAME=helidon -readonly HELIDON_REPO=https://github.com/helidon-io/${HELIDON_REPO_NAME} +version() { + awk 'BEGIN {FS="[<>]"} ; // {print $3; exit 0}' "${1}" +} -# Helidon branch and version we need to do prime build for readonly HELIDON_BRANCH="main" -readonly HELIDON_VERSION=`cat ${WS_DIR}/pom.xml | grep "" | cut -d">" -f 2 | cut -d"<" -f 1` + +HELIDON_VERSION=$(version "${WS_DIR}/pom.xml") +readonly HELIDON_VERSION echo "HELIDON_VERSION=${HELIDON_VERSION}" @@ -41,27 +62,26 @@ if [[ ! ${HELIDON_VERSION} == *-SNAPSHOT ]]; then exit 0 fi -# Do a priming build of Helidon to populate local maven cache -# with SNAPSHOT versions -cd ${TMPDIR} - -if [ -d "${HELIDON_REPO_NAME}" ]; then - echo "Removing existing ${HELIDON_REPO_NAME} repository in $(pwd)" - rm -rf "${HELIDON_REPO_NAME}" -fi - -mvn ${MAVEN_ARGS} --version +cd "$(mktmp -d)" -git clone ${HELIDON_REPO} --branch ${HELIDON_BRANCH} --single-branch --depth 1 -cd ${HELIDON_REPO_NAME} +git clone ${HELIDON_REPO} --branch ${HELIDON_BRANCH} --single-branch --depth 1 +cd helidon -HELIDON_VERSION_IN_REPO=`cat bom/pom.xml | grep "" | cut -d">" -f 2 | cut -d"<" -f 1` +HELIDON_VERSION_IN_REPO=$(version bom/pom.xml) +readonly HELIDON_VERSION_IN_REPO -if [ ${HELIDON_VERSION} != ${HELIDON_VERSION_IN_REPO} ]; then +if [ "${HELIDON_VERSION}" != "${HELIDON_VERSION_IN_REPO}" ]; then echo "ERROR: Examples Helidon version ${HELIDON_VERSION} does not match version in Helidon repo ${HELIDON_VERSION_IN_REPO}" exit 1 fi +# shellcheck disable=SC2086 +mvn ${MAVEN_ARGS} --version + echo "Building Helidon version ${HELIDON_VERSION} from Helidon repo branch ${HELIDON_BRANCH}" -mvn clean install -DskipTests -Dmaven.test.skip=true -B +# shellcheck disable=SC2086 +mvn ${MAVEN_ARGS} \ + -DskipTests \ + -Dmaven.test.skip=true \ + clean install diff --git a/etc/scripts/release.sh b/etc/scripts/release.sh index 5adaf1a73..30703ff33 100755 --- a/etc/scripts/release.sh +++ b/etc/scripts/release.sh @@ -15,127 +15,44 @@ # limitations under the License. # -# Path to this script -[ -h "${0}" ] && readonly SCRIPT_PATH="$(readlink "${0}")" || readonly SCRIPT_PATH="${0}" - -# Load pipeline environment setup and define WS_DIR -. "$(dirname -- "${SCRIPT_PATH}")/includes/pipeline-env.sh" "${SCRIPT_PATH}" '../..' - -# Setup error handling using default settings (defined in includes/error_handlers.sh) -error_trap_setup - -usage(){ - cat <" | cut -d">" -f 2 | cut -d"<" -f 1) - -# Resolve FULL_VERSION of this project -if [ -z "${VERSION+x}" ]; then - - # get maven version - MVN_VERSION=$(mvn ${MAVEN_ARGS} \ - -q \ - -f ${WS_DIR}/pom.xml \ - -Dexec.executable="echo" \ - -Dexec.args="\${project.version}" \ - --non-recursive \ - org.codehaus.mojo:exec-maven-plugin:1.3.1:exec) - - # strip qualifier - readonly VERSION="${MVN_VERSION%-*}" - readonly FULL_VERSION="${VERSION}" +# Path to this script +if [ -h "${0}" ] ; then + SCRIPT_PATH="$(readlink "${0}")" else - readonly FULL_VERSION="${VERSION}" + # shellcheck disable=SC155 + SCRIPT_PATH="${0}" fi +readonly SCRIPT_PATH -export FULL_VERSION -printf "%s: FULL_VERSION=%s\n" "$(basename ${0})" "${FULL_VERSION}" -printf "%s: HELIDON_VERSION=%s\n\n" "$(basename ${0})" "${HELIDON_VERSION}" +# Path to the root of the workspace +# shellcheck disable=SC2046 +WS_DIR=$(cd $(dirname -- "${SCRIPT_PATH}") ; cd ../.. ; pwd -P) +readonly WS_DIR -update_version(){ - # Update version - echo "Updating version to ${FULL_VERSION}" - mvn -e ${MAVEN_ARGS} -f ${WS_DIR}/pom.xml versions:set \ - -DgenerateBackupPoms=false \ - -DnewVersion="${FULL_VERSION}" \ - -DupdateMatchingVersions=false \ - -DprocessAllModules=true +version() { + awk 'BEGIN {FS="[<>]"} ; // {print $3; exit 0}' "${1}" } -# A release build of the examples consists of: -# -# 1. Merge helidon-N.x branch that we will push to at the end -# 2 Create tag -# 3. Update "helidon-N.x" branch with latest -# -# A release build does not modify the source in any way. It assumes the -# Helidon version has already been changed to the final version before -# being triggered and it does not update the SNAPSHOT version of the -# example project itself. -# -# A release build also does not do a test build of the examples. It -# assume a validate workflow has been run first. -# +# For releases this should be a released version of Helidon +HELIDON_VERSION=$(version "${WS_DIR}/pom.xml") +readonly HELIDON_VERSION + +echo "HELIDON_VERSION=${HELIDON_VERSION}" + release_build(){ echo "Starting release build for ${HELIDON_VERSION}" - mvn --version - java --version # Branch we will push this release to local LATEST_BRANCH="helidon-4.x" @@ -164,5 +81,4 @@ release_build(){ echo "======================" } -# Invoke command -${COMMAND} +release_build diff --git a/etc/scripts/shellcheck.sh b/etc/scripts/shellcheck.sh new file mode 100755 index 000000000..74f4dfe46 --- /dev/null +++ b/etc/scripts/shellcheck.sh @@ -0,0 +1,53 @@ +#!/bin/bash -e +# +# Copyright (c) 2024 Oracle and/or its affiliates. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +BASE_URL="https://github.com/koalaman/shellcheck/releases/download" +readonly BASE_URL + +VERSION=0.9.0 +readonly VERSION + +CACHE_DIR="${HOME}/.shellcheck" +readonly CACHE_DIR + +# Caching the shellcheck +mkdir -p "${CACHE_DIR}" +if [ ! -e "${CACHE_DIR}/${VERSION}/shellcheck" ] ; then + ARCH=$(uname -m | tr "[:upper:]" "[:lower:]") + PLATFORM=$(uname -s | tr "[:upper:]" "[:lower:]") + curl -Lso "${CACHE_DIR}/sc.tar.xz" "${BASE_URL}/v${VERSION}/shellcheck-v${VERSION}.${PLATFORM}.${ARCH}.tar.xz" + tar -xf "${CACHE_DIR}/sc.tar.xz" -C "${CACHE_DIR}" + mkdir "${CACHE_DIR}/${VERSION}" + mv "${CACHE_DIR}/shellcheck-v${VERSION}/shellcheck" "${CACHE_DIR}/${VERSION}/shellcheck" + rm -rf "${CACHE_DIR}/shellcheck-v${VERSION}" "${CACHE_DIR}/sc.tar.xz" +fi +export PATH="${CACHE_DIR}/${VERSION}:${PATH}" + +echo "ShellCheck version" +shellcheck --version + +status_code=0 +# shellcheck disable=SC2044 +for file in $(find . -name "*.sh") ; do + # only check tracked files + if git ls-files --error-unmatch "${file}" > /dev/null 2>&1 ; then + printf "\n-- Checking file: %s --\n" "${file}" + shellcheck "${file}" || status_code=${?} + fi +done + +exit ${status_code} diff --git a/etc/scripts/spotbugs.sh b/etc/scripts/spotbugs.sh index 6e109464e..200fb2140 100755 --- a/etc/scripts/spotbugs.sh +++ b/etc/scripts/spotbugs.sh @@ -1,6 +1,6 @@ -#!/bin/bash -e +#!/bin/bash # -# Copyright (c) 2023 Oracle and/or its affiliates. +# Copyright (c) 2023, 2024 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,18 +15,36 @@ # limitations under the License. # -# Path to this script -[ -h "${0}" ] && readonly SCRIPT_PATH="$(readlink "${0}")" || readonly SCRIPT_PATH="${0}" +set -o pipefail || true # trace ERR through pipes +set -o errtrace || true # trace ERR through commands and functions +set -o errexit || true # exit the script if any statement returns a non-true return value -# Load pipeline environment setup and define WS_DIR -. $(dirname -- "${SCRIPT_PATH}")/includes/pipeline-env.sh "${SCRIPT_PATH}" '../..' +on_error(){ + CODE="${?}" && \ + set +x && \ + printf "[ERROR] Error(code=%s) occurred at %s:%s command: %s\n" \ + "${CODE}" "${BASH_SOURCE[0]}" "${LINENO}" "${BASH_COMMAND}" +} +trap on_error ERR -# Setup error handling using default settings (defined in includes/error_handlers.sh) -error_trap_setup +# Path to this script +if [ -h "${0}" ] ; then + SCRIPT_PATH="$(readlink "${0}")" +else + # shellcheck disable=SC155 + SCRIPT_PATH="${0}" +fi +readonly SCRIPT_PATH -mvn ${MAVEN_ARGS} -f ${WS_DIR}/pom.xml \ - install -e \ - -DskipTests \ - -Dmaven.test.skip=true \ - -Pspotbugs +# Path to the root of the workspace +# shellcheck disable=SC2046 +WS_DIR=$(cd $(dirname -- "${SCRIPT_PATH}") ; cd ../.. ; pwd -P) +readonly WS_DIR +# shellcheck disable=SC2086 +mvn ${MAVEN_ARGS} \ + -f ${WS_DIR}/pom.xml \ + -DskipTests \ + -Dmaven.test.skip=true \ + -Pspotbugs \ + install diff --git a/etc/scripts/update-version.awk b/etc/scripts/update-version.awk new file mode 100755 index 000000000..40e78a540 --- /dev/null +++ b/etc/scripts/update-version.awk @@ -0,0 +1,78 @@ +#!/usr/bin/env awk -f +# +# Copyright (c) 2023, 2024 Oracle and/or its affiliates. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +BEGIN { + if (version == "") { + print "Must provide version '-v version=n.n.n" + exit 1 + } + VERSIONS["io.helidon:helidon-dependencies"] = version + VERSIONS["io.helidon.applications:helidon-se"] = version + VERSIONS["io.helidon.applications:helidon-mp"] = version + GROUPID ="" + ARTIFACTID ="" + IN_PARENT ="false" + RELATIVE_PATH ="false" + FILE_CHANGED="false" + FS="[<>]" +} + +// { + IN_PARENT ="true" +} + +// && IN_PARENT == "true" { + GROUPID =$3 +} + +// && IN_PARENT == "true" { + ARTIFACTID =$3 +} + +// && IN_PARENT == "true" { + v = VERSIONS[GROUPID ":" ARTIFACTID] + if (length(v) != 0) { + printf("%s%s\n", $1, v) + FILE_CHANGED="true" + next + } +} + +// { + IN_PARENT ="false" + GROUPID ="" + ARTIFACTID ="" + if (RELATIVE_PATH == "false") { + printf("%s\n", $1$1) + } +} + +{ + print $0 +} + +END { + if (FILE_CHANGED == "true") { + exit 0 + } else { + exit 1 + } +} diff --git a/etc/scripts/update-version.sh b/etc/scripts/update-version.sh new file mode 100755 index 000000000..01d06d86c --- /dev/null +++ b/etc/scripts/update-version.sh @@ -0,0 +1,76 @@ +#!/bin/bash +# +# Copyright (c) 2022, 2024 Oracle and/or its affiliates. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +set -o pipefail || true # trace ERR through pipes +set -o errtrace || true # trace ERR through commands and functions +set -o errexit || true # exit the script if any statement returns a non-true return value + +on_error(){ + CODE="${?}" && \ + set +x && \ + printf "[ERROR] Error(code=%s) occurred at %s:%s command: %s\n" \ + "${CODE}" "${BASH_SOURCE[0]}" "${LINENO}" "${BASH_COMMAND}" +} +trap on_error ERR + +# Path to this script +if [ -h "${0}" ] ; then + SCRIPT_PATH="$(readlink "${0}")" +else + # shellcheck disable=SC155 + SCRIPT_PATH="${0}" +fi +readonly SCRIPT_PATH + +# Path to the root of the workspace +# shellcheck disable=SC2046 +WS_DIR=$(cd $(dirname -- "${SCRIPT_PATH}") ; cd ../.. ; pwd -P) +readonly WS_DIR + +readonly VERSION=${1} + +if [ -z "${VERSION}" ]; then + echo "usage: $(basename "${0}") " + exit 1 +fi + +# arg1: pattern +# arg2: include pattern +search() { + set +o pipefail + grep "${1}" -Er . --include "${2}" | cut -d ':' -f 1 | xargs git ls-files | sort | uniq +} + +PATH=${PATH}:"${WS_DIR}"/etc/scripts +cd "${WS_DIR}" + +# Update parent versions +while read -r pom; do + if update-version.awk -v version="${VERSION}" "${pom}" > "${pom}.tmp"; then + echo "Updating ${pom}" + mv "${pom}.tmp" "${pom}" + else + rm -f "${pom}.tmp" + fi +done < <(find . -name pom.xml -exec git ls-files {} \; | sort | uniq) + +# Update helidon.version properties +while read -r pom ; do + echo "Updating helidon.version in ${pom}" + sed -e "s#[a-zA-Z0-9.-]*#${VERSION}#" "${pom}" > "${pom}.tmp" + mv "${pom}.tmp" "${pom}" +done < <(search "" pom.xml) diff --git a/etc/scripts/updatehelidonversion.sh b/etc/scripts/updatehelidonversion.sh deleted file mode 100755 index f06d53d8a..000000000 --- a/etc/scripts/updatehelidonversion.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/bash -# -# Copyright (c) 2022, 2023 Oracle and/or its affiliates. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# Updates pom files to use the specified version of Helidon -# usage: updatehelidonversion.sh - -# Path to this script -[ -h "${0}" ] && readonly SCRIPT_PATH="$(readlink "${0}")" || readonly SCRIPT_PATH="${0}" - -readonly NEW_VERSION=$1 -readonly SCRIPT_DIR=$(dirname ${SCRIPT_PATH}) - -if [ -z "${NEW_VERSION}" ]; then - echo "usage: $0 " - exit 1 -fi - -readonly POM_FILES=$(find . -name pom.xml -print) - -for f in ${POM_FILES}; do - pom_dir=$(dirname $f) - awk -v gavs=\ -io.helidon:helidon-dependencies:${NEW_VERSION},\ -io.helidon.applications:helidon-se:${NEW_VERSION},\ -io.helidon.applications:helidon-mp:${NEW_VERSION} \ - -f ${SCRIPT_DIR}/updateparent.awk > ${pom_dir}/pom.xml.tmp $f - if [ $? -eq 0 ]; then - echo "Updated $f with Helidon version ${NEW_VERSION}" - mv ${pom_dir}/pom.xml.tmp $f - else - rm -f ${pom_dir}/pom.xml.tmp - fi -done - -# Update helidon.version property in poms -for f in ${POM_FILES}; do - # first make sure pom has property - if grep -q "" "$f" ; then - cat $f | sed -e "s#[a-zA-Z0-9.-]*#${NEW_VERSION}#" > ${TMPDIR}/pom.xml - mv "${TMPDIR}/pom.xml" $f - echo "Updated helidon.version in $f with Helidon version ${NEW_VERSION}" - fi -done - diff --git a/etc/scripts/updateparent.awk b/etc/scripts/updateparent.awk deleted file mode 100644 index a21043949..000000000 --- a/etc/scripts/updateparent.awk +++ /dev/null @@ -1,102 +0,0 @@ -#!awk -f -# -# Copyright (c) 2023, 2024 Oracle and/or its affiliates. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# Scan the pom file looking for a that is a Helidon artifact -# and update the version number to the version specified in the "version" variable -# -# You must pass the version: "-v version=n.n.n" -# -# exit code -# 0 new version was applied to file -# 1 new version was not applied to file (this is not necessarily an error) -# -BEGIN { - if (gavs == "") { - print "Must provide one or more GAVs using '-v gavs=g1:a1:v1,g2:a2:v2" - exit 1 - } - - # Split list into array of GAVs - split(gavs, gavArray, ",") - - for (i in gavArray) { - gav = gavArray[i] - - # Split a GAV into it's part - split(gav, gavParts, ":") - - # Map GA to V - ga = gavParts[1] ":" gavParts[2] - gaMap[ga] = gavParts[3] - } - - fileChanged="false" - inParent="false" - parentGroupId="" - parentArtifactId="" - parentRelativePath="false" - FS="[<>]" -} - -// { - inParent="true" -} - -// && inParent == "true" { - parentGroupId=$3 -} - -// && inParent == "true" { - parentArtifactId=$3 -} - -// && inParent == "true" { - ga = parentGroupId ":" parentArtifactId - v = gaMap[ga] - - if (length(v) != 0) { - printf("%s%s\n", $1, v) - fileChanged="true" - next - } -} - -// { - inParent="false" - parentGroupId="" - parentArtifactId="" - if (parentRelativePath == "false") { - printf("%s\n", $1$1) - } -} - - -{ - print $0 -} - -END { - if ( fileChanged == "true" ) { - exit 0 - } else { - exit 1 - } -} diff --git a/examples/messaging/docker/kafka/init_topics.sh b/examples/messaging/docker/kafka/init_topics.sh index 000ec3b53..8fcadd6fd 100644 --- a/examples/messaging/docker/kafka/init_topics.sh +++ b/examples/messaging/docker/kafka/init_topics.sh @@ -20,45 +20,48 @@ # topic messaging-test-topic-1 and topic messaging-test-topic-2 # -ZOOKEEPER_URL=localhost:2181 -KAFKA_TOPICS="/opt/kafka/bin/kafka-topics.sh --if-not-exists --zookeeper $ZOOKEEPER_URL" +readonly ZOOKEEPER_URL="localhost:2181" + +kafka_topics() { + /opt/kafka/bin/kafka-topics.sh --if-not-exists --zookeeper "${ZOOKEEPER_URL}" "${@}" +} while sleep 2; do - brokers=$(echo dump | nc localhost 2181 | grep brokers | wc -l) + brokers=$(echo dump | nc localhost 2181 | grep -c brokers) echo "Checking if Kafka is up: ${brokers}" - if [[ "$brokers" -gt "0" ]]; then + if [[ "${brokers}" -gt "0" ]]; then echo "KAFKA IS UP !!!" echo "Creating test topics" - bash $KAFKA_TOPICS \ + kafka_topics \ --create \ --replication-factor 1 \ --partitions 10 \ --topic messaging-test-topic-1 - bash $KAFKA_TOPICS \ + kafka_topics \ --create \ --replication-factor 1 \ --partitions 10 \ --topic messaging-test-topic-2 - bash $KAFKA_TOPICS \ + kafka_topics \ --create \ --replication-factor 1 \ --partitions 10 \ --config compression.type=snappy \ --topic messaging-test-topic-snappy-compressed - bash $KAFKA_TOPICS \ + kafka_topics \ --create \ --replication-factor 1 \ --partitions 10 \ --config compression.type=lz4 \ --topic messaging-test-topic-lz4-compressed - bash $KAFKA_TOPICS \ + kafka_topics \ --create \ --replication-factor 1 \ --partitions 10 \ --config compression.type=zstd \ --topic messaging-test-topic-zstd-compressed - bash $KAFKA_TOPICS \ + kafka_topics \ --create \ --replication-factor 1 \ --partitions 10 \ diff --git a/examples/messaging/docker/kafka/start_kafka.sh b/examples/messaging/docker/kafka/start_kafka.sh index 875987b55..0bf0323ac 100644 --- a/examples/messaging/docker/kafka/start_kafka.sh +++ b/examples/messaging/docker/kafka/start_kafka.sh @@ -46,4 +46,4 @@ if [ $state -ne 0 ]; then fi # Keep Kafka up till Ctrl+C -read ; +read -r ; diff --git a/examples/messaging/docker/oracle-aq-18-xe/buildAndRun.sh b/examples/messaging/docker/oracle-aq-18-xe/buildAndRun.sh index 0d9d3334c..6c0095563 100755 --- a/examples/messaging/docker/oracle-aq-18-xe/buildAndRun.sh +++ b/examples/messaging/docker/oracle-aq-18-xe/buildAndRun.sh @@ -39,7 +39,7 @@ if [[ "$(docker images -q ${BASE_IMAGE_NAME} 2>/dev/null)" == "" ]]; then rm -f ${TEMP_DIR}/ora-images.zip # download official oracle docker images - curl -LJ -o ${TEMP_DIR}/ora-images.zip ${IMAGES_ZIP_URL} + curl -LJ -o ${TEMP_DIR}/ora-images.zip "${IMAGES_ZIP_URL}" # unzip only image for Oracle database 18.4.0 unzip -qq ${TEMP_DIR}/ora-images.zip "${IMAGES_ZIP_DIR}/*" -d ${IMAGES_DIR} mv ${IMAGES_DIR}/${IMAGES_ZIP_DIR}/${ORA_DB_VERSION} ${IMAGES_DIR}/ @@ -53,7 +53,7 @@ if [[ "$(docker images -q ${BASE_IMAGE_NAME} 2>/dev/null)" == "" ]]; then # can take long(15 minutes or so) cd ${IMAGES_DIR} || exit bash ./buildContainerImage.sh -v ${ORA_DB_VERSION} -x || exit - cd ${CURR_DIR} || exit + cd "${CURR_DIR}" || exit else printf "OK\n" fi diff --git a/examples/messaging/weblogic-jms-mp/weblogic/container-scripts/createAndStartEmptyDomain.sh b/examples/messaging/weblogic-jms-mp/weblogic/container-scripts/createAndStartEmptyDomain.sh index 6a3665be1..0cec7697a 100644 --- a/examples/messaging/weblogic-jms-mp/weblogic/container-scripts/createAndStartEmptyDomain.sh +++ b/examples/messaging/weblogic-jms-mp/weblogic/container-scripts/createAndStartEmptyDomain.sh @@ -18,70 +18,63 @@ # If AdminServer.log does not exists, container is starting for 1st time # So it should start NM and also associate with AdminServer # Otherwise, only start NM (container restarted) + ########### SIGTERM handler ############ function _term() { echo "Stopping container." echo "SIGTERM received, shutting down the server!" - ${DOMAIN_HOME}/bin/stopWebLogic.sh -} - -########### SIGKILL handler ############ -function _kill() { - echo "SIGKILL received, shutting down the server!" - kill -9 $childPID + "${DOMAIN_HOME}"/bin/stopWebLogic.sh } # Set SIGTERM handler trap _term SIGTERM -# Set SIGKILL handler -trap _kill SIGKILL +# Define DOMAIN_HOME +export DOMAIN_HOME="/u01/oracle/user_projects/domains/${DOMAIN_NAME:-base_domain}" +echo "Domain Home is: " "${DOMAIN_HOME}" -#Define DOMAIN_HOME -export DOMAIN_HOME=/u01/oracle/user_projects/domains/$DOMAIN_NAME -echo "Domain Home is: " $DOMAIN_HOME +mkdir -p "${ORACLE_HOME}"/properties -mkdir -p $ORACLE_HOME/properties # Create Domain only if 1st execution -if [ ! -e ${DOMAIN_HOME}/servers/${ADMIN_NAME}/logs/${ADMIN_NAME}.log ]; then +if [ ! -e "${DOMAIN_HOME}/servers/${ADMIN_NAME}/logs/${ADMIN_NAME}.log" ]; then echo "Create Domain" PROPERTIES_FILE=/u01/oracle/properties/domain.properties - if [ ! -e "$PROPERTIES_FILE" ]; then + if [ ! -e "${PROPERTIES_FILE}" ]; then echo "A properties file with the username and password needs to be supplied." exit fi # Get Username - USER=`awk '{print $1}' $PROPERTIES_FILE | grep username | cut -d "=" -f2` - if [ -z "$USER" ]; then + USER=$(awk '{print $1}' $PROPERTIES_FILE | grep username | cut -d "=" -f2) + if [ -z "${USER}" ]; then echo "The domain username is blank. The Admin username must be set in the properties file." exit fi # Get Password - PASS=`awk '{print $1}' $PROPERTIES_FILE | grep password | cut -d "=" -f2` - if [ -z "$PASS" ]; then + PASS=$(awk '{print $1}' $PROPERTIES_FILE | grep password | cut -d "=" -f2) + if [ -z "${PASS}" ]; then echo "The domain password is blank. The Admin password must be set in the properties file." exit fi # Create an empty domain - wlst.sh -skipWLSModuleScanning -loadProperties $PROPERTIES_FILE /u01/oracle/create-wls-domain.py - mkdir -p ${DOMAIN_HOME}/servers/${ADMIN_NAME}/security/ - chmod -R g+w ${DOMAIN_HOME} - echo "username=${USER}" >> $DOMAIN_HOME/servers/${ADMIN_NAME}/security/boot.properties - echo "password=${PASS}" >> $DOMAIN_HOME/servers/${ADMIN_NAME}/security/boot.properties - ${DOMAIN_HOME}/bin/setDomainEnv.sh + wlst.sh -skipWLSModuleScanning -loadProperties "${PROPERTIES_FILE}" /u01/oracle/create-wls-domain.py + mkdir -p "${DOMAIN_HOME}/servers/${ADMIN_NAME}/security" + chmod -R g+w "${DOMAIN_HOME}" + echo "username=${USER}" >> "${DOMAIN_HOME}/servers/${ADMIN_NAME}/security/boot.properties" + echo "password=${PASS}" >> "${DOMAIN_HOME}/servers/${ADMIN_NAME}/security/boot.properties" + "${DOMAIN_HOME}"/bin/setDomainEnv.sh # Setup JMS examples -# wlst.sh -skipWLSModuleScanning -loadProperties $PROPERTIES_FILE /u01/oracle/setupTestJMSQueue.py + #wlst.sh -skipWLSModuleScanning -loadProperties $PROPERTIES_FILE /u01/oracle/setupTestJMSQueue.py fi # Start Admin Server and tail the logs -${DOMAIN_HOME}/startWebLogic.sh -if [ -e ${DOMAIN_HOME}/servers/${ADMIN_NAME}/logs/${ADMIN_NAME}.log ]; then +"${DOMAIN_HOME}"/startWebLogic.sh +if [ -e "${DOMAIN_HOME}/servers/${ADMIN_NAME}/logs/${ADMIN_NAME}.log" ]; then echo "${DOMAIN_HOME}/servers/${ADMIN_NAME}/logs/${ADMIN_NAME}.log" fi -touch ${DOMAIN_HOME}/servers/${ADMIN_NAME}/logs/${ADMIN_NAME}.log -tail -f ${DOMAIN_HOME}/servers/${ADMIN_NAME}/logs/${ADMIN_NAME}.log +touch "${DOMAIN_HOME}/servers/${ADMIN_NAME}/logs/${ADMIN_NAME}.log" +tail -f "${DOMAIN_HOME}/servers/${ADMIN_NAME}/logs/${ADMIN_NAME}.log" childPID=$! wait $childPID diff --git a/examples/microprofile/oci-tls-certificates/etc/unsupported-cert-tools/create-keys.sh b/examples/microprofile/oci-tls-certificates/etc/unsupported-cert-tools/create-keys.sh index f2d44567f..73a051b81 100644 --- a/examples/microprofile/oci-tls-certificates/etc/unsupported-cert-tools/create-keys.sh +++ b/examples/microprofile/oci-tls-certificates/etc/unsupported-cert-tools/create-keys.sh @@ -18,7 +18,9 @@ set -e +# shellcheck disable=SC1091 source ./config.sh +# shellcheck disable=SC1091 source ./utils.sh # Cleanup @@ -28,27 +30,27 @@ mkdir -p server client CDIR=$(pwd) # Rotate server cert and key -cd ${CDIR}/server +cd "${CDIR}"/server genCertAndCSR server -NEW_SERVER_CERT_OCID=$(uploadNewCert server $DISPLAY_NAME_PREFIX) +NEW_SERVER_CERT_OCID=$(uploadNewCert server "${DISPLAY_NAME_PREFIX}") prepareKeyToUpload server -NEW_SERVER_KEY_OCID=$(createKeyInVault server $DISPLAY_NAME_PREFIX) +NEW_SERVER_KEY_OCID=$(createKeyInVault server "${DISPLAY_NAME_PREFIX}") # Rotate client cert and key -cd ${CDIR}/client +cd "${CDIR}"/client genCertAndCSR client -NEW_CLIENT_CERT_OCID=$(uploadNewCert client $DISPLAY_NAME_PREFIX) +NEW_CLIENT_CERT_OCID=$(uploadNewCert client "${DISPLAY_NAME_PREFIX}") prepareKeyToUpload client -NEW_CLIENT_KEY_OCID=$(createKeyInVault client $DISPLAY_NAME_PREFIX) +NEW_CLIENT_KEY_OCID=$(createKeyInVault client "${DISPLAY_NAME_PREFIX}") echo "======= ALL done! =======" echo "Newly created OCI resources:" -echo "Server certificate OCID: $NEW_SERVER_CERT_OCID" -echo "Server private key OCID: $NEW_SERVER_KEY_OCID" -echo "Client certificate OCID: $NEW_CLIENT_CERT_OCID" -echo "Client private key OCID: $NEW_CLIENT_KEY_OCID" +echo "Server certificate OCID: ${NEW_SERVER_CERT_OCID}" +echo "Server private key OCID: ${NEW_SERVER_KEY_OCID}" +echo "Client certificate OCID: ${NEW_CLIENT_CERT_OCID}" +echo "Client private key OCID: ${NEW_CLIENT_KEY_OCID}" echo "Saving to gen-config.sh" -tee ${CDIR}/generated-config.sh << EOF +tee "${CDIR}"/generated-config.sh << EOF #!/bin/bash ## Content of this file gets rewritten by create-keys.sh export SERVER_CERT_OCID=$NEW_SERVER_CERT_OCID diff --git a/examples/microprofile/oci-tls-certificates/etc/unsupported-cert-tools/rotate-keys.sh b/examples/microprofile/oci-tls-certificates/etc/unsupported-cert-tools/rotate-keys.sh index cf5bf43a2..4ba2eb82c 100644 --- a/examples/microprofile/oci-tls-certificates/etc/unsupported-cert-tools/rotate-keys.sh +++ b/examples/microprofile/oci-tls-certificates/etc/unsupported-cert-tools/rotate-keys.sh @@ -18,8 +18,11 @@ set -e +# shellcheck disable=SC1091 source ./config.sh +# shellcheck disable=SC1091 source ./generated-config.sh +# shellcheck disable=SC1091 source ./utils.sh # Cleanup @@ -29,17 +32,17 @@ mkdir -p server client CDIR=$(pwd) # Rotate server cert and key -cd ${CDIR}/server +cd "${CDIR}"/server genCertAndCSR server -rotateCert server $SERVER_CERT_OCID +rotateCert server "${SERVER_CERT_OCID}" prepareKeyToUpload server -rotateKeyInVault server $SERVER_KEY_OCID +rotateKeyInVault server "${SERVER_KEY_OCID}" # Rotate client cert and key -cd ${CDIR}/client +cd "${CDIR}"/client genCertAndCSR client -rotateCert client $CLIENT_CERT_OCID +rotateCert client "${CLIENT_CERT_OCID}" prepareKeyToUpload client -rotateKeyInVault client $CLIENT_KEY_OCID +rotateKeyInVault client "${CLIENT_KEY_OCID}" echo "ALL done!" diff --git a/examples/microprofile/oci-tls-certificates/etc/unsupported-cert-tools/utils.sh b/examples/microprofile/oci-tls-certificates/etc/unsupported-cert-tools/utils.sh index 684f93045..65c97e233 100644 --- a/examples/microprofile/oci-tls-certificates/etc/unsupported-cert-tools/utils.sh +++ b/examples/microprofile/oci-tls-certificates/etc/unsupported-cert-tools/utils.sh @@ -33,23 +33,23 @@ prepareKeyToUpload() { oci kms management wrapping-key get \ --query 'data."public-key"' \ --raw-output \ - --endpoint ${VAULT_MANAGEMENT_ENDPOINT} \ - >$VAULT_PUBLIC_WRAPPING_KEY_PATH + --endpoint "${VAULT_MANAGEMENT_ENDPOINT}" \ + > ${VAULT_PUBLIC_WRAPPING_KEY_PATH} # Extract server/client private key openssl pkcs12 -in "$KEYSTORE_FILE" \ -nocerts \ -passin pass:changeit -passout pass:changeit \ - -out $PRIVATE_KEY_AS_PEM + -out ${PRIVATE_KEY_AS_PEM} ## Upload server/client private key to vault # Generate a temporary AES key - openssl rand -out $TEMPORARY_AES_KEY_PATH 32 + openssl rand -out ${TEMPORARY_AES_KEY_PATH} 32 # Wrap the temporary AES key with the public wrapping key using RSA-OAEP with SHA-256: openssl pkeyutl -encrypt -in $TEMPORARY_AES_KEY_PATH \ - -inkey $VAULT_PUBLIC_WRAPPING_KEY_PATH \ - -pubin -out $WRAPPED_TEMPORARY_AES_KEY_FILE \ + -inkey ${VAULT_PUBLIC_WRAPPING_KEY_PATH} \ + -pubin -out ${WRAPPED_TEMPORARY_AES_KEY_FILE} \ -pkeyopt rsa_padding_mode:oaep \ -pkeyopt rsa_oaep_md:sha256 @@ -63,36 +63,37 @@ prepareKeyToUpload() { -in $PRIVATE_KEY_AS_PEM -out $PRIVATE_KEY_AS_DER # Wrap RSA private key with the temporary AES key: - openssl enc -id-aes256-wrap-pad -iv A65959A6 -K "${TEMPORARY_AES_KEY_HEXDUMP}" -in $PRIVATE_KEY_AS_DER -out $WRAPPED_TARGET_KEY_FILE + openssl enc -id-aes256-wrap-pad -iv A65959A6 -K "${TEMPORARY_AES_KEY_HEXDUMP}" -in ${PRIVATE_KEY_AS_DER} -out ${WRAPPED_TARGET_KEY_FILE} # Create the wrapped key material by concatenating both wrapped keys: - cat $WRAPPED_TEMPORARY_AES_KEY_FILE $WRAPPED_TARGET_KEY_FILE >$WRAPPED_KEY_MATERIAL_FILE + cat ${WRAPPED_TEMPORARY_AES_KEY_FILE} ${WRAPPED_TARGET_KEY_FILE} >$WRAPPED_KEY_MATERIAL_FILE # linux # KEY_MATERIAL_AS_BASE64=$(base64 -w 0 readyToUpload.der) # macOS KEY_MATERIAL_AS_BASE64=$(base64 -i readyToUpload.der) - JSON_KEY_MATERIAL="{\"keyMaterial\": \"$KEY_MATERIAL_AS_BASE64\",\"wrappingAlgorithm\": \"RSA_OAEP_AES_SHA256\"}" + JSON_KEY_MATERIAL="{\"keyMaterial\": \"${KEY_MATERIAL_AS_BASE64}\",\"wrappingAlgorithm\": \"RSA_OAEP_AES_SHA256\"}" - echo $JSON_KEY_MATERIAL >key-material.json + echo "${JSON_KEY_MATERIAL}" >key-material.json } createKeyInVault() { TYPE=$1 KEY_NAME=${2} - export NEW_KEY_OCID=$(oci kms management key import \ - --compartment-id ${COMPARTMENT_OCID} \ - --display-name ${KEY_NAME}-${TYPE} \ + NEW_KEY_OCID=$(oci kms management key import \ + --compartment-id "${COMPARTMENT_OCID}" \ + --display-name "${KEY_NAME}-${TYPE}" \ --key-shape '{"algorithm": "RSA", "length": 256}' \ --protection-mode SOFTWARE \ - --endpoint ${VAULT_MANAGEMENT_ENDPOINT} \ + --endpoint "${VAULT_MANAGEMENT_ENDPOINT}" \ --wrapped-import-key file://key-material.json \ --query 'data.id' \ --raw-output) + export NEW_KEY_OCID - echo "$NEW_KEY_OCID" + echo "${NEW_KEY_OCID}" } rotateKeyInVault() { @@ -100,8 +101,8 @@ rotateKeyInVault() { KEY_OCID=${2} oci kms management key-version import \ - --key-id $KEY_OCID \ - --endpoint ${VAULT_MANAGEMENT_ENDPOINT} \ + --key-id "${KEY_OCID}" \ + --endpoint "${VAULT_MANAGEMENT_ENDPOINT}" \ --wrapped-import-key file://key-material.json } @@ -111,41 +112,41 @@ genCertAndCSR() { # Get CA cert oci certificates certificate-authority-bundle get --query 'data."certificate-pem"' \ --raw-output \ - --certificate-authority-id ${CA_OCID} \ + --certificate-authority-id "${CA_OCID}" \ >ca.pem # Generating new server key store keytool -genkeypair -keyalg RSA -keysize 2048 \ - -alias ${TYPE} \ + -alias "${TYPE}" \ -dname "CN=localhost" \ -validity 60 \ - -keystore ${TYPE}.jks \ + -keystore "${TYPE}".jks \ -storepass password -keypass password \ -deststoretype pkcs12 # Create CSR keytool -certreq -keystore "${TYPE}.jks" \ - -alias ${TYPE} \ + -alias "${TYPE}" \ -keypass password \ -storepass password \ -validity 60 \ -keyalg rsa \ - -file ${TYPE}.csr + -file "${TYPE}".csr } uploadNewCert() { TYPE=$1 CERT_NAME=$2 ## Create server/client certificate in OCI - export NEW_CERT_OCID=$(oci certs-mgmt certificate create-certificate-managed-externally-issued-by-internal-ca \ - --compartment-id ${COMPARTMENT_OCID} \ - --issuer-certificate-authority-id ${CA_OCID} \ - --name ${CERT_NAME}-${TYPE} \ - --csr-pem "$(cat ${TYPE}.csr)" \ + NEW_CERT_OCID=$(oci certs-mgmt certificate create-certificate-managed-externally-issued-by-internal-ca \ + --compartment-id "${COMPARTMENT_OCID}" \ + --issuer-certificate-authority-id "${CA_OCID}" \ + --name "${CERT_NAME}-${TYPE}" \ + --csr-pem "$(cat "${TYPE}".csr)" \ --query 'data.id' \ --raw-output) - - echo "$NEW_CERT_OCID" + export NEW_CERT_OCID + echo "${NEW_CERT_OCID}" } rotateCert() { @@ -155,5 +156,5 @@ rotateCert() { ## Renew server certificate in OCI oci certs-mgmt certificate update-certificate-managed-externally \ --certificate-id "${CERT_OCID}" \ - --csr-pem "$(cat ${TYPE}.csr)" + --csr-pem "$(cat "${TYPE}".csr)" } diff --git a/examples/webserver/mutual-tls/automatic-store-generator.sh b/examples/webserver/mutual-tls/automatic-store-generator.sh index 03d7da1ca..1f0485fd5 100644 --- a/examples/webserver/mutual-tls/automatic-store-generator.sh +++ b/examples/webserver/mutual-tls/automatic-store-generator.sh @@ -23,7 +23,7 @@ TYPE=PKCS12 SINGLE=true createCertificatesAndStores() { - mkdir out + mkdir out echo 'Generating new key stores...' keytool -genkeypair -keyalg RSA -keysize 2048 -alias root-ca -dname "CN=$NAME-CA" -validity 21650 -keystore ca.jks -storepass changeit -keypass changeit -deststoretype pkcs12 -ext KeyUsage=digitalSignature,keyEncipherment,keyCertSign -ext ExtendedKeyUsage=serverAuth,clientAuth -ext BasicConstraints=ca:true,PathLen:3 keytool -genkeypair -keyalg RSA -keysize 2048 -alias server -dname "CN=localhost" -validity 21650 -keystore server.jks -storepass changeit -keypass changeit -deststoretype pkcs12 @@ -52,111 +52,116 @@ createCertificatesAndStores() { openssl pkcs12 -export -in server-signed.cer -inkey server-private.key -out server-signed.p12 -name server -passout pass:changeit keytool -delete -alias server -keystore server.jks -storepass changeit keytool -importkeystore -srckeystore server-signed.p12 -srcstoretype PKCS12 -destkeystore server.jks -srcstorepass changeit -deststorepass changeit - - echo "Importing CA cert to the client and server stores..." - if [ "$SINGLE" = true ] ; then - keytool -v -trustcacerts -keystore client.jks -importcert -file ca.pem -alias root-ca -storepass changeit -noprompt - keytool -v -trustcacerts -keystore server.jks -importcert -file ca.pem -alias root-ca -storepass changeit -noprompt - else - keytool -v -trustcacerts -keystore client-truststore.jks -importcert -file ca.pem -alias root-ca -storepass changeit -noprompt - keytool -v -trustcacerts -keystore server-truststore.jks -importcert -file ca.pem -alias root-ca -storepass changeit -noprompt - fi - - echo "Changing aliases to 1..." - keytool -changealias -alias server -destalias 1 -keypass changeit -keystore server.jks -storepass changeit - keytool -changealias -alias client -destalias 1 -keypass changeit -keystore client.jks -storepass changeit - echo "Generating requested type of stores..." - if [ "$TYPE" = PKCS12 ] || [ "$TYPE" = P12 ] ; then - keytool -importkeystore -srckeystore client.jks -destkeystore out/client.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass changeit -deststorepass changeit - keytool -importkeystore -srckeystore server.jks -destkeystore out/server.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass changeit -deststorepass changeit - if [ "$SINGLE" = false ] ; then - keytool -importkeystore -srckeystore server-truststore.jks -destkeystore out/server-truststore.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass changeit -deststorepass changeit - keytool -importkeystore -srckeystore client-truststore.jks -destkeystore out/client-truststore.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass changeit -deststorepass changeit - fi - else - mv client.jks out/client.jks - mv server.jks out/server.jks - if [ "$SINGLE" = false ] ; then - mv client-truststore.jks out/client-truststore.jks - mv server-truststore.jks out/server-truststore.jks - fi - fi + echo "Importing CA cert to the client and server stores..." + if [ "${SINGLE}" = true ] ; then + keytool -v -trustcacerts -keystore client.jks -importcert -file ca.pem -alias root-ca -storepass changeit -noprompt + keytool -v -trustcacerts -keystore server.jks -importcert -file ca.pem -alias root-ca -storepass changeit -noprompt + else + keytool -v -trustcacerts -keystore client-truststore.jks -importcert -file ca.pem -alias root-ca -storepass changeit -noprompt + keytool -v -trustcacerts -keystore server-truststore.jks -importcert -file ca.pem -alias root-ca -storepass changeit -noprompt + fi + + echo "Changing aliases to 1..." + keytool -changealias -alias server -destalias 1 -keypass changeit -keystore server.jks -storepass changeit + keytool -changealias -alias client -destalias 1 -keypass changeit -keystore client.jks -storepass changeit + + echo "Generating requested type of stores..." + if [ "${TYPE}" = PKCS12 ] || [ "${TYPE}" = P12 ] ; then + keytool -importkeystore -srckeystore client.jks -destkeystore out/client.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass changeit -deststorepass changeit + keytool -importkeystore -srckeystore server.jks -destkeystore out/server.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass changeit -deststorepass changeit + if [ "${SINGLE}" = false ] ; then + keytool -importkeystore -srckeystore server-truststore.jks -destkeystore out/server-truststore.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass changeit -deststorepass changeit + keytool -importkeystore -srckeystore client-truststore.jks -destkeystore out/client-truststore.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass changeit -deststorepass changeit + fi + else + mv client.jks out/client.jks + mv server.jks out/server.jks + if [ "${SINGLE}" = false ] ; then + mv client-truststore.jks out/client-truststore.jks + mv server-truststore.jks out/server-truststore.jks + fi + fi } removeAllPreviouslyCreatedStores() { - echo 'Removing all of previously created items...' + echo 'Removing all of previously created items...' - rm -fv ca.key - rm -fv ca.jks - rm -fv ca.p12 - rm -fv ca.pem - rm -fv ca.srl - rm -fv server.jks - rm -fv server.cer - rm -fv server.csr - rm -fv server.p12 - rm -fv server-private.key - rm -fv server-signed.cer - rm -fv server-signed.p12 - rm -fv server-truststore.jks - rm -fv client.cer - rm -fv client.csr - rm -fv client.p12 - rm -fv client-private.key - rm -fv client-signed.cer - rm -fv client-signed.p12 - rm -fv client.jks - rm -fv client-truststore.jks - rm -rf out + rm -fv ca.key + rm -fv ca.jks + rm -fv ca.p12 + rm -fv ca.pem + rm -fv ca.srl + rm -fv server.jks + rm -fv server.cer + rm -fv server.csr + rm -fv server.p12 + rm -fv server-private.key + rm -fv server-signed.cer + rm -fv server-signed.p12 + rm -fv server-truststore.jks + rm -fv client.cer + rm -fv client.csr + rm -fv client.p12 + rm -fv client-private.key + rm -fv client-signed.cer + rm -fv client-signed.p12 + rm -fv client.jks + rm -fv client-truststore.jks + rm -rf out - echo 'Clean up finished' + echo 'Clean up finished' } -while [ "$1" != "" ]; do - case $1 in - -n | --name ) shift - NAME=$1 - ;; - -t | --type ) shift - TYPE=$1 - ;; - -s | --single ) shift - SINGLE=$1 - ;; - -h | --help ) echo "Some cool help" - exit - ;; - * ) echo "ERROR: Invalid parameter" $1 - exit 1 - esac - shift +while [ "${1}" != "" ]; do + case ${1} in + -n | --name ) + shift + NAME=${1} + ;; + -t | --type ) + shift + TYPE=${1} + ;; + -s | --single ) + shift + SINGLE=${1} + ;; + -h | --help ) + echo "Some cool help" + exit + ;; + * ) + echo "ERROR: Invalid parameter ${1}" + exit 1 + esac + shift done -if [ -z "$NAME" ]; then - echo "ERROR: Please specify the name of Organization/Application by parameter -n | --name" - exit 1 +if [ -z "${NAME}" ]; then + echo "ERROR: Please specify the name of Organization/Application by parameter -n | --name" + exit 1 else - echo "Generating certs for Organization/Application "$NAME + echo "Generating certs for Organization/Application ${NAME}" fi case $TYPE in - JKS | P12 | PKCS12 ) - echo "Output file will be of type" $TYPE - ;; - *) - echo 'ERROR: Invalid output type' $TYPE - echo 'Only JKS | P12 | PKCS12 supported' - return 1 + JKS | P12 | PKCS12 ) + echo "Output file will be of type ${TYPE}" + ;; + *) + echo "ERROR: Invalid output type ${TYPE}" + echo 'Only JKS | P12 | PKCS12 supported' + return 1 esac -case $SINGLE in - true ) - echo "Truststore and private key will be in single file" - ;; - false ) - echo "Truststore and private key will be in separate files" - ;; - *) - echo "ERROR: Only value true/false valid in single parameter! Current " $SINGLE - exit 1 +case ${SINGLE} in + true ) + echo "Truststore and private key will be in single file" + ;; + false ) + echo "Truststore and private key will be in separate files" + ;; + *) + echo "ERROR: Only value true/false valid in single parameter! Current ${SINGLE}" + exit 1 esac removeAllPreviouslyCreatedStores From 30c8a863ba323248aa7415f2485f4ebd1d36e3e4 Mon Sep 17 00:00:00 2001 From: Romain Grecourt Date: Mon, 26 Aug 2024 16:52:48 -0700 Subject: [PATCH 2/2] s/mktmp/mktemp/g --- etc/scripts/prime-build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/scripts/prime-build.sh b/etc/scripts/prime-build.sh index 0ef92ee5b..e5f57bbf2 100755 --- a/etc/scripts/prime-build.sh +++ b/etc/scripts/prime-build.sh @@ -62,7 +62,7 @@ if [[ ! ${HELIDON_VERSION} == *-SNAPSHOT ]]; then exit 0 fi -cd "$(mktmp -d)" +cd "$(mktemp -d)" git clone ${HELIDON_REPO} --branch ${HELIDON_BRANCH} --single-branch --depth 1 cd helidon