shellcheck: fix lint of scripts in /helper

This commit is contained in:
Otto Sabart 2022-08-16 21:00:00 +02:00 committed by Erik Arvstedt
parent f184bb34e6
commit 91a03ce7d2
No known key found for this signature in database
GPG Key ID: 33312B944DD97846
3 changed files with 23 additions and 23 deletions

View File

@ -12,10 +12,10 @@ if [[ ! -v version ]]; then
fi fi
TMPDIR=$(mktemp -d) TMPDIR=$(mktemp -d)
trap "rm -rf $TMPDIR" EXIT trap 'rm -rf $TMPDIR' EXIT
export GNUPGHOME=$TMPDIR/gpg-home export GNUPGHOME=$TMPDIR/gpg-home
mkdir -p -m 700 "$GNUPGHOME" mkdir -m 700 "$GNUPGHOME"
# Import key # Import key
gpg --import "$scriptDir/key-jonasnick.bin" &> /dev/null gpg --import "$scriptDir/key-jonasnick.bin" &> /dev/null
@ -25,10 +25,10 @@ gpg --import "$scriptDir/key-jonasnick.bin" &> /dev/null
gpg --list-keys "36C7 1A37 C9D9 88BD E825 08D9 B1A7 0E4F 8DCD 0366" > /dev/null gpg --list-keys "36C7 1A37 C9D9 88BD E825 08D9 B1A7 0E4F 8DCD 0366" > /dev/null
# Fetch nar-hash of release # Fetch nar-hash of release
cd $TMPDIR cd "$TMPDIR"
baseUrl=https://github.com/$repo/releases/download/v$version baseUrl=https://github.com/$repo/releases/download/v$version
curl -fsS -L -O $baseUrl/nar-hash.txt curl -fsS -L -O "$baseUrl/nar-hash.txt"
curl -fsS -L -O $baseUrl/nar-hash.txt.asc curl -fsS -L -O "$baseUrl/nar-hash.txt.asc"
# Verify signature for nar-hash # Verify signature for nar-hash
gpg --verify nar-hash.txt.asc &> /dev/null || { gpg --verify nar-hash.txt.asc &> /dev/null || {

View File

@ -37,11 +37,11 @@ fi
cd "${BASH_SOURCE[0]%/*}" cd "${BASH_SOURCE[0]%/*}"
RESPONSE=$(curl https://api.github.com/repos/$REPO/releases/latest 2> /dev/null) RESPONSE=$(curl https://api.github.com/repos/$REPO/releases/latest 2> /dev/null)
echo "Latest release" $(echo $RESPONSE | jq -r '.tag_name' | tail -c +2) echo "Latest release" "$(echo "$RESPONSE" | jq -r '.tag_name' | tail -c +2)"
if [[ ! $DRY_RUN ]]; then if [[ ! $DRY_RUN ]]; then
while true; do while true; do
read -p "Create release $TAG_NAME? [yn] " yn read -rp "Create release ${TAG_NAME}? [yn] " yn
case $yn in case $yn in
[Yy]* ) break;; [Yy]* ) break;;
[Nn]* ) exit;; [Nn]* ) exit;;
@ -51,22 +51,22 @@ if [[ ! $DRY_RUN ]]; then
fi fi
TMPDIR=$(mktemp -d) TMPDIR=$(mktemp -d)
if [[ ! $DRY_RUN ]]; then trap "rm -rf $TMPDIR" EXIT; fi if [[ ! $DRY_RUN ]]; then trap 'rm -rf $TMPDIR' EXIT; fi
ARCHIVE_NAME=nix-bitcoin-$TAG_NAME.tar.gz ARCHIVE_NAME=nix-bitcoin-$TAG_NAME.tar.gz
ARCHIVE=$TMPDIR/$ARCHIVE_NAME ARCHIVE=$TMPDIR/$ARCHIVE_NAME
# Need to be in the repo root directory for archiving # Need to be in the repo root directory for archiving
(cd $(git rev-parse --show-toplevel); git archive --format=tar.gz -o $ARCHIVE $BRANCH) (cd "$(git rev-parse --show-toplevel)"; git archive --format=tar.gz -o "$ARCHIVE" "$BRANCH")
SHA256SUMS=$TMPDIR/SHA256SUMS.txt SHA256SUMS=$TMPDIR/SHA256SUMS.txt
# Use relative path with sha256sums because it'll output the first # Use relative path with sha256sums because it'll output the first
# argument # argument
(cd $TMPDIR; sha256sum $ARCHIVE_NAME > $SHA256SUMS) (cd "$TMPDIR"; sha256sum "$ARCHIVE_NAME" > "$SHA256SUMS")
gpg -o $SHA256SUMS.asc -a --detach-sig $SHA256SUMS gpg -o "$SHA256SUMS.asc" -a --detach-sig "$SHA256SUMS"
pushd $TMPDIR >/dev/null pushd "$TMPDIR" >/dev/null
nix hash to-sri --type sha256 $(nix-prefetch-url --unpack file://$ARCHIVE 2> /dev/null) > nar-hash.txt nix hash to-sri --type sha256 "$(nix-prefetch-url --unpack "file://$ARCHIVE" 2> /dev/null)" > nar-hash.txt
gpg -o nar-hash.txt.asc -a --detach-sig nar-hash.txt gpg -o nar-hash.txt.asc -a --detach-sig nar-hash.txt
if [[ $DRY_RUN ]]; then if [[ $DRY_RUN ]]; then
@ -76,7 +76,7 @@ fi
POST_DATA="{ \"tag_name\": \"v$TAG_NAME\", \"name\": \"nix-bitcoin-$TAG_NAME\", \"body\": \"nix-bitcoin-$TAG_NAME\", \"target_comitish\": \"$BRANCH\" }" POST_DATA="{ \"tag_name\": \"v$TAG_NAME\", \"name\": \"nix-bitcoin-$TAG_NAME\", \"body\": \"nix-bitcoin-$TAG_NAME\", \"target_comitish\": \"$BRANCH\" }"
RESPONSE=$(curl -H "Authorization: token $OAUTH_TOKEN" -d "$POST_DATA" https://api.github.com/repos/$REPO/releases 2> /dev/null) RESPONSE=$(curl -H "Authorization: token $OAUTH_TOKEN" -d "$POST_DATA" https://api.github.com/repos/$REPO/releases 2> /dev/null)
ID=$(echo $RESPONSE | jq -r '.id') ID=$(echo "$RESPONSE" | jq -r '.id')
if [[ $ID == null ]]; then if [[ $ID == null ]]; then
echo "Failed to create release with $POST_DATA" echo "Failed to create release with $POST_DATA"
exit 1 exit 1
@ -85,20 +85,20 @@ fi
post_asset() { post_asset() {
GH_ASSET="https://uploads.github.com/repos/$REPO/releases/$ID/assets?name=" GH_ASSET="https://uploads.github.com/repos/$REPO/releases/$ID/assets?name="
curl -H "Authorization: token $OAUTH_TOKEN" --data-binary "@$1" -H "Content-Type: application/octet-stream" \ curl -H "Authorization: token $OAUTH_TOKEN" --data-binary "@$1" -H "Content-Type: application/octet-stream" \
$GH_ASSET/$(basename $1) &> /dev/null "$GH_ASSET/$(basename "$1")" &> /dev/null
} }
post_asset nar-hash.txt post_asset nar-hash.txt
post_asset nar-hash.txt.asc post_asset nar-hash.txt.asc
# Post additional assets for backwards compatibility. # Post additional assets for backwards compatibility.
# This allows older nix-bitcoin installations to upgrade via `fetch-release`. # This allows older nix-bitcoin installations to upgrade via `fetch-release`.
post_asset $ARCHIVE post_asset "$ARCHIVE"
post_asset $SHA256SUMS post_asset "$SHA256SUMS"
post_asset $SHA256SUMS.asc post_asset "$SHA256SUMS.asc"
popd >/dev/null popd >/dev/null
if [[ ! $DRY_RUN ]]; then if [[ ! $DRY_RUN ]]; then
git push $GIT_REMOTE $BRANCH:release git push "$GIT_REMOTE" "${BRANCH}:release"
fi fi
echo "Successfully created" $(echo $POST_DATA | jq -r .tag_name) echo "Successfully created" "$(echo "$POST_DATA" | jq -r .tag_name)"

View File

@ -7,10 +7,10 @@ flakeOutput=$2
# A pattern in a line preceding the hash that should be updated # A pattern in a line preceding the hash that should be updated
patternPrecedingHash=$3 patternPrecedingHash=$3
sed -i "/$patternPrecedingHash/,/hash/ s|hash = .*|hash = \"\";|" $file sed -i "/$patternPrecedingHash/,/hash/ s|hash = .*|hash = \"\";|" "$file"
# Display stderr and capture it. stdbuf is required to disable output buffering. # Display stderr and capture it. stdbuf is required to disable output buffering.
stderr=$( stderr=$(
nix build --no-link -L .#$flakeOutput |& nix build --no-link -L ".#$flakeOutput" |&
stdbuf -oL grep -v '\berror:.*failed to build$' | stdbuf -oL grep -v '\berror:.*failed to build$' |
tee /dev/stderr || : tee /dev/stderr || :
) )
@ -20,5 +20,5 @@ if [[ ! $hash ]]; then
echo "Error: No hash in build output." echo "Error: No hash in build output."
exit 1 exit 1
fi fi
sed -i "/$patternPrecedingHash/,/hash/ s|hash = .*|hash = \"$hash\";|" $file sed -i "/$patternPrecedingHash/,/hash/ s|hash = .*|hash = \"$hash\";|" "$file"
echo "(Note: The above hash mismatch message is not an error. It is part of the fetching process.)" echo "(Note: The above hash mismatch message is not an error. It is part of the fetching process.)"