|
| 1 | +#!/bin/sh |
| 2 | + |
| 3 | +# This script is used in the ci.yaml workflow |
| 4 | +# but can also be used locally to test the |
| 5 | +# plugin against a real GitHub repository. |
| 6 | +# Change lines 100-103 to test against a different repository. |
| 7 | + |
| 8 | +set -x |
| 9 | + |
| 10 | +STATUS=0 |
| 11 | + |
| 12 | +# Require gh CLI to be installed |
| 13 | +if ! command -v gh >/dev/null 2>&1; then |
| 14 | + echo "ERROR: gh CLI is not installed" |
| 15 | + echo "Install it from https://cli.github.com/" |
| 16 | + exit 1 |
| 17 | +fi |
| 18 | + |
| 19 | +# Require GITHUB_TOKEN to be set |
| 20 | +if [ -z "$GITHUB_TOKEN" ]; then |
| 21 | + echo "ERROR: GITHUB_TOKEN environment variable is not set" |
| 22 | + echo "You can do the following to set it:" |
| 23 | + echo " \`gh auth login\` and follow the prompts to authenticate with GitHub" |
| 24 | + echo " export GITHUB_TOKEN=\$(gh auth token)" |
| 25 | + exit 1 |
| 26 | +fi |
| 27 | + |
| 28 | +# Require plugin binary to be present in the current directory |
| 29 | +if [ ! -f "./github-repo" ]; then |
| 30 | + echo "ERROR: github-repo binary is not present in the current directory" |
| 31 | + echo "You can do the following to build it:" |
| 32 | + echo " make -B build" |
| 33 | + exit 1 |
| 34 | +fi |
| 35 | + |
| 36 | +# Detect OS and architecture |
| 37 | +OS=$(uname -s) |
| 38 | +ARCH=$(uname -m) |
| 39 | + |
| 40 | +case "$OS" in |
| 41 | + Linux) RELEASE_OS="Linux" ;; |
| 42 | + Darwin) RELEASE_OS="Darwin" ;; |
| 43 | + *) |
| 44 | + echo "ERROR: Unsupported OS: $OS" |
| 45 | + exit 1 |
| 46 | + ;; |
| 47 | +esac |
| 48 | + |
| 49 | +case "$ARCH" in |
| 50 | + x86_64) RELEASE_ARCH="x86_64" ;; |
| 51 | + aarch64) RELEASE_ARCH="arm64" ;; |
| 52 | + arm64) RELEASE_ARCH="arm64" ;; |
| 53 | + i386) RELEASE_ARCH="i386" ;; |
| 54 | + i686) RELEASE_ARCH="i386" ;; |
| 55 | + *) |
| 56 | + echo "ERROR: Unsupported architecture: $ARCH" |
| 57 | + exit 1 |
| 58 | + ;; |
| 59 | +esac |
| 60 | + |
| 61 | +# Darwin releases use "all" for architecture |
| 62 | +if [ "$RELEASE_OS" = "Darwin" ]; then |
| 63 | + RELEASE_ARCH="all" |
| 64 | +fi |
| 65 | + |
| 66 | +ASSET_PATTERN="privateer_${RELEASE_OS}_${RELEASE_ARCH}.tar.gz" |
| 67 | +PLUGIN_DIR="./tmp/plugins" |
| 68 | +CONFIG_FILE="./tmp/test_config.yml" |
| 69 | + |
| 70 | +# Ensure cleanup happens even on unexpected exits or signals |
| 71 | +trap 'rm -rf "./tmp"' EXIT |
| 72 | + |
| 73 | +# Set up plugin directory and copy the built plugin binary |
| 74 | +mkdir -p "$PLUGIN_DIR" |
| 75 | +cp github-repo "$PLUGIN_DIR/" || { echo "ERROR: Failed to copy plugin binary"; exit 1; } |
| 76 | + |
| 77 | +# Download latest pvtr release |
| 78 | +gh release download \ |
| 79 | + --repo privateerproj/privateer \ |
| 80 | + --pattern "$ASSET_PATTERN" \ |
| 81 | + --dir /tmp \ |
| 82 | + --clobber || { echo "ERROR: Failed to download pvtr release"; exit 1; } |
| 83 | + |
| 84 | +tar xzf "/tmp/$ASSET_PATTERN" -C "./tmp" || { echo "ERROR: Failed to extract plugin"; exit 1; } |
| 85 | + |
| 86 | +# Generate config for testing against the repo |
| 87 | +cat > "$CONFIG_FILE" <<EOF |
| 88 | +loglevel: trace |
| 89 | +write-directory: evaluation_results |
| 90 | +write: true |
| 91 | +output: yaml |
| 92 | +services: |
| 93 | + privateer: |
| 94 | + plugin: github-repo |
| 95 | + policy: |
| 96 | + catalogs: |
| 97 | + - osps-baseline |
| 98 | + applicability: |
| 99 | + - Maturity Level 1 |
| 100 | + vars: |
| 101 | + owner: ossf |
| 102 | + repo: pvtr-github-repo-scanner |
| 103 | + token: ${GITHUB_TOKEN} |
| 104 | +EOF |
| 105 | + |
| 106 | +# Run pvtr with the plugin |
| 107 | +./tmp/pvtr run -b "$PLUGIN_DIR" -c "$CONFIG_FILE" || STATUS=1 |
| 108 | + |
| 109 | +exit $STATUS |
0 commit comments