From c021b77f88de80f777aba875ab6b559a60e4ff34 Mon Sep 17 00:00:00 2001 From: Ben Moskovitz Date: Wed, 12 Jun 2024 14:04:10 +1000 Subject: [PATCH 1/3] Use `/usr/bin/env bash` in all shellscript shebangs --- .buildkite/steps/build-binary.sh | 2 +- .buildkite/steps/build-debian-packages.sh | 2 +- .buildkite/steps/build-github-release.sh | 2 +- .buildkite/steps/build-rpm-packages.sh | 2 +- .buildkite/steps/check-changelog.sh | 2 +- .buildkite/steps/extract-agent-version-metadata.sh | 2 +- .buildkite/steps/github-release.sh | 2 +- .buildkite/steps/publish-debian-package.sh | 2 +- .buildkite/steps/publish-debian-packagecloud.sh | 2 +- .buildkite/steps/publish-docker-image.sh | 2 +- .buildkite/steps/publish-docker-images.sh | 2 +- .buildkite/steps/publish-rpm-package.sh | 2 +- .buildkite/steps/publish-rpm-packagecloud.sh | 2 +- .buildkite/steps/test-bk.sh | 2 +- .buildkite/steps/tests.sh | 2 +- .buildkite/steps/upload-release-steps.sh | 2 +- install.sh | 4 ++-- packaging/docker/alpine-k8s/entrypoint.sh | 2 +- packaging/docker/alpine/entrypoint.sh | 2 +- packaging/docker/ubuntu-18.04/entrypoint.sh | 2 +- packaging/docker/ubuntu-20.04/entrypoint.sh | 2 +- packaging/docker/ubuntu-22.04/entrypoint.sh | 2 +- scripts/build-binary.sh | 2 +- scripts/build-debian-package.sh | 2 +- scripts/build-github-release.sh | 2 +- scripts/build-rpm-package.sh | 2 +- scripts/check-upstart-conf.sh | 2 +- scripts/publish-debian-package.sh | 2 +- 28 files changed, 29 insertions(+), 29 deletions(-) diff --git a/.buildkite/steps/build-binary.sh b/.buildkite/steps/build-binary.sh index e9b0f9593b..3981591cb4 100755 --- a/.buildkite/steps/build-binary.sh +++ b/.buildkite/steps/build-binary.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -euo pipefail diff --git a/.buildkite/steps/build-debian-packages.sh b/.buildkite/steps/build-debian-packages.sh index b10d5eced6..ef35c7d709 100755 --- a/.buildkite/steps/build-debian-packages.sh +++ b/.buildkite/steps/build-debian-packages.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -euo pipefail echo "--- Getting agent version from build meta data" diff --git a/.buildkite/steps/build-github-release.sh b/.buildkite/steps/build-github-release.sh index e876ce50e4..83a299722f 100755 --- a/.buildkite/steps/build-github-release.sh +++ b/.buildkite/steps/build-github-release.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -e echo '--- Getting agent version from build meta data' diff --git a/.buildkite/steps/build-rpm-packages.sh b/.buildkite/steps/build-rpm-packages.sh index 44172194d7..2eddca585b 100755 --- a/.buildkite/steps/build-rpm-packages.sh +++ b/.buildkite/steps/build-rpm-packages.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -euo pipefail echo "--- Getting agent version from build meta data" diff --git a/.buildkite/steps/check-changelog.sh b/.buildkite/steps/check-changelog.sh index dbc1b33a53..8590f962e1 100755 --- a/.buildkite/steps/check-changelog.sh +++ b/.buildkite/steps/check-changelog.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -euo pipefail diff --git a/.buildkite/steps/extract-agent-version-metadata.sh b/.buildkite/steps/extract-agent-version-metadata.sh index 73428b217c..6a778acf57 100755 --- a/.buildkite/steps/extract-agent-version-metadata.sh +++ b/.buildkite/steps/extract-agent-version-metadata.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -euo pipefail agent_version=$(cat version/VERSION) diff --git a/.buildkite/steps/github-release.sh b/.buildkite/steps/github-release.sh index ca999f85c9..bd2371f2d3 100755 --- a/.buildkite/steps/github-release.sh +++ b/.buildkite/steps/github-release.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -e dry_run() { diff --git a/.buildkite/steps/publish-debian-package.sh b/.buildkite/steps/publish-debian-package.sh index c10233e395..eaffaa211c 100755 --- a/.buildkite/steps/publish-debian-package.sh +++ b/.buildkite/steps/publish-debian-package.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -euo pipefail artifacts_build=$(buildkite-agent meta-data get "agent-artifacts-build" ) diff --git a/.buildkite/steps/publish-debian-packagecloud.sh b/.buildkite/steps/publish-debian-packagecloud.sh index 1faba674dc..31095fad3c 100755 --- a/.buildkite/steps/publish-debian-packagecloud.sh +++ b/.buildkite/steps/publish-debian-packagecloud.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -euo pipefail artifacts_build="$(buildkite-agent meta-data get "agent-artifacts-build")" diff --git a/.buildkite/steps/publish-docker-image.sh b/.buildkite/steps/publish-docker-image.sh index 6f0fd3defd..aa7831f009 100755 --- a/.buildkite/steps/publish-docker-image.sh +++ b/.buildkite/steps/publish-docker-image.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -euo pipefail ## This script can be run locally like this: diff --git a/.buildkite/steps/publish-docker-images.sh b/.buildkite/steps/publish-docker-images.sh index 48d458c93f..34248b2a65 100755 --- a/.buildkite/steps/publish-docker-images.sh +++ b/.buildkite/steps/publish-docker-images.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -euo pipefail dry_run() { diff --git a/.buildkite/steps/publish-rpm-package.sh b/.buildkite/steps/publish-rpm-package.sh index f01745b466..eb33245bf1 100755 --- a/.buildkite/steps/publish-rpm-package.sh +++ b/.buildkite/steps/publish-rpm-package.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -euo pipefail artifacts_build="$(buildkite-agent meta-data get "agent-artifacts-build")" diff --git a/.buildkite/steps/publish-rpm-packagecloud.sh b/.buildkite/steps/publish-rpm-packagecloud.sh index 0ea30dd448..b10499d45d 100755 --- a/.buildkite/steps/publish-rpm-packagecloud.sh +++ b/.buildkite/steps/publish-rpm-packagecloud.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -euo pipefail artifacts_build="$(buildkite-agent meta-data get "agent-artifacts-build")" diff --git a/.buildkite/steps/test-bk.sh b/.buildkite/steps/test-bk.sh index 5bea517e4c..79b32c0caf 100755 --- a/.buildkite/steps/test-bk.sh +++ b/.buildkite/steps/test-bk.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -euo pipefail diff --git a/.buildkite/steps/tests.sh b/.buildkite/steps/tests.sh index 5fd51b012b..fbd1c39870 100755 --- a/.buildkite/steps/tests.sh +++ b/.buildkite/steps/tests.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -euo pipefail go version diff --git a/.buildkite/steps/upload-release-steps.sh b/.buildkite/steps/upload-release-steps.sh index 629bfab030..d7d070b39d 100755 --- a/.buildkite/steps/upload-release-steps.sh +++ b/.buildkite/steps/upload-release-steps.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -euo pipefail # Generates and uploads pipeline steps for the edge, beta and stable release diff --git a/install.sh b/install.sh index ed37691960..264db95abb 100755 --- a/install.sh +++ b/install.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # This is the installer for the Buildkite Agent. # @@ -43,7 +43,7 @@ else # On Apple Silicon Macs, the architecture reported by `uname` depends on # the architecture of the shell, which is in turn influenced by the # *terminal*, as *child processes prefer their parents' architecture*. - # + # # This means that for Terminal.app with the default shell it will be # arm64, but x86_64 for people using (pre-3.4.0 builds of) iTerm2 or # x86_64 shells. diff --git a/packaging/docker/alpine-k8s/entrypoint.sh b/packaging/docker/alpine-k8s/entrypoint.sh index afbd70f28c..523031376d 100755 --- a/packaging/docker/alpine-k8s/entrypoint.sh +++ b/packaging/docker/alpine-k8s/entrypoint.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -euo pipefail DIR=/docker-entrypoint.d diff --git a/packaging/docker/alpine/entrypoint.sh b/packaging/docker/alpine/entrypoint.sh index afbd70f28c..523031376d 100755 --- a/packaging/docker/alpine/entrypoint.sh +++ b/packaging/docker/alpine/entrypoint.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -euo pipefail DIR=/docker-entrypoint.d diff --git a/packaging/docker/ubuntu-18.04/entrypoint.sh b/packaging/docker/ubuntu-18.04/entrypoint.sh index afbd70f28c..523031376d 100755 --- a/packaging/docker/ubuntu-18.04/entrypoint.sh +++ b/packaging/docker/ubuntu-18.04/entrypoint.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -euo pipefail DIR=/docker-entrypoint.d diff --git a/packaging/docker/ubuntu-20.04/entrypoint.sh b/packaging/docker/ubuntu-20.04/entrypoint.sh index cb736e209f..653c445b1a 100755 --- a/packaging/docker/ubuntu-20.04/entrypoint.sh +++ b/packaging/docker/ubuntu-20.04/entrypoint.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -euo pipefail DIR=/docker-entrypoint.d diff --git a/packaging/docker/ubuntu-22.04/entrypoint.sh b/packaging/docker/ubuntu-22.04/entrypoint.sh index cb736e209f..653c445b1a 100755 --- a/packaging/docker/ubuntu-22.04/entrypoint.sh +++ b/packaging/docker/ubuntu-22.04/entrypoint.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -euo pipefail DIR=/docker-entrypoint.d diff --git a/scripts/build-binary.sh b/scripts/build-binary.sh index 2927be9aec..52b0c39932 100755 --- a/scripts/build-binary.sh +++ b/scripts/build-binary.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -e if [[ ${#} -lt 3 ]] diff --git a/scripts/build-debian-package.sh b/scripts/build-debian-package.sh index 109c2b8893..7e4e757e5b 100755 --- a/scripts/build-debian-package.sh +++ b/scripts/build-debian-package.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -euo pipefail if [[ ${#} -lt 3 ]]; then diff --git a/scripts/build-github-release.sh b/scripts/build-github-release.sh index 497cb05966..110fb7512d 100755 --- a/scripts/build-github-release.sh +++ b/scripts/build-github-release.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -e if [[ ${#} -lt 2 ]] diff --git a/scripts/build-rpm-package.sh b/scripts/build-rpm-package.sh index b90cb8872a..f3cba651a3 100755 --- a/scripts/build-rpm-package.sh +++ b/scripts/build-rpm-package.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -euo pipefail if [[ ${#} -lt 3 ]]; then diff --git a/scripts/check-upstart-conf.sh b/scripts/check-upstart-conf.sh index d980a324d6..6810f621ec 100755 --- a/scripts/check-upstart-conf.sh +++ b/scripts/check-upstart-conf.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -o errexit set -o nounset diff --git a/scripts/publish-debian-package.sh b/scripts/publish-debian-package.sh index f2d8322e07..b96e16c2bc 100755 --- a/scripts/publish-debian-package.sh +++ b/scripts/publish-debian-package.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -o errexit From 3e1245f1669dd328a3cdceecfbfdb40da3fd8b88 Mon Sep 17 00:00:00 2001 From: Ben Moskovitz Date: Wed, 12 Jun 2024 14:23:20 +1000 Subject: [PATCH 2/3] Add shellcheck CI step --- .buildkite/pipeline.yml | 161 +++++++++++++++++---------------- .buildkite/steps/shellcheck.sh | 5 + 2 files changed, 90 insertions(+), 76 deletions(-) create mode 100755 .buildkite/steps/shellcheck.sh diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index d09e7ff718..539a12ef4e 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -4,87 +4,96 @@ agents: queue: agent-runners-linux-amd64 steps: - - name: ":go::robot_face: Check Code Committed" - key: check-code-committed - command: .buildkite/steps/check-code-committed.sh - plugins: - - docker-compose#v4.14.0: - config: .buildkite/docker-compose.yml - cli-version: 2 - run: agent + - group: "๐Ÿงช Tests and Checks โœ…" + steps: + - name: ":go::robot_face: Check Code Committed" + key: check-code-committed + command: .buildkite/steps/check-code-committed.sh + plugins: + - docker-compose#v4.14.0: + config: .buildkite/docker-compose.yml + cli-version: 2 + run: agent - - name: ":linux: Linux AMD64 Tests" - key: test-linux-amd64 - command: ".buildkite/steps/tests.sh" - artifact_paths: junit-*.xml - plugins: - - docker-compose#v4.14.0: - config: .buildkite/docker-compose.yml - cli-version: 2 - run: agent - - test-collector#v1.2.0: - files: "junit-*.xml" - format: "junit" - - artifacts#v1.9.0: - upload: "cover.{html,out}" + - name: "๐Ÿข๐Ÿ”Ž Shellcheck" + key: shellcheck + command: .buildkite/steps/shellcheck.sh + plugins: + - docker#v5.8.0: + image: koalaman/shellcheck-alpine - - name: ":linux: Linux ARM64 Tests" - key: test-linux-arm64 - command: ".buildkite/steps/tests.sh" - artifact_paths: junit-*.xml - agents: - queue: agent-runners-linux-arm64 - plugins: - - docker-compose#v4.14.0: - config: .buildkite/docker-compose.yml - cli-version: 2 - run: agent - - test-collector#v1.2.0: - files: "junit-*.xml" - format: "junit" - - artifacts#v1.9.0: - upload: "cover.{html,out}" + - name: ":linux: Linux AMD64 Tests" + key: test-linux-amd64 + command: ".buildkite/steps/tests.sh" + artifact_paths: junit-*.xml + plugins: + - docker-compose#v4.14.0: + config: .buildkite/docker-compose.yml + cli-version: 2 + run: agent + - test-collector#v1.2.0: + files: "junit-*.xml" + format: "junit" + - artifacts#v1.9.0: + upload: "cover.{html,out}" - - name: ":satellite: Detect Data Races" - key: test-race-linux-arm64 - command: ".buildkite/steps/tests.sh -race" - artifact_paths: junit-*.xml - agents: - queue: agent-runners-linux-arm64 - plugins: - - docker-compose#v4.14.0: - config: .buildkite/docker-compose.yml - cli-version: 2 - run: agent - - test-collector#v1.2.0: - files: "junit-*.xml" - format: "junit" - - artifacts#v1.9.0: - upload: "cover.{html,out}" + - name: ":linux: Linux ARM64 Tests" + key: test-linux-arm64 + command: ".buildkite/steps/tests.sh" + artifact_paths: junit-*.xml + agents: + queue: agent-runners-linux-arm64 + plugins: + - docker-compose#v4.14.0: + config: .buildkite/docker-compose.yml + cli-version: 2 + run: agent + - test-collector#v1.2.0: + files: "junit-*.xml" + format: "junit" + - artifacts#v1.9.0: + upload: "cover.{html,out}" - - name: ":windows: Windows AMD64 Tests" - key: test-windows - command: "bash .buildkite\\steps\\tests.sh" - artifact_paths: junit-*.xml - agents: - queue: agent-runners-windows-amd64 - plugins: - - test-collector#v1.2.0: - files: "junit-*.xml" - format: "junit" - - artifacts#v1.9.0: - upload: "cover.{html,out}" + - name: ":satellite: Detect Data Races" + key: test-race-linux-arm64 + command: ".buildkite/steps/tests.sh -race" + artifact_paths: junit-*.xml + agents: + queue: agent-runners-linux-arm64 + plugins: + - docker-compose#v4.14.0: + config: .buildkite/docker-compose.yml + cli-version: 2 + run: agent + - test-collector#v1.2.0: + files: "junit-*.xml" + format: "junit" + - artifacts#v1.9.0: + upload: "cover.{html,out}" - - label: ":writing_hand: Annotate with Test Failures" - depends_on: - - test-linux-amd64 - - test-race-linux-arm64 - - test-linux-arm64 - - test-windows - allow_dependency_failure: true - plugins: - - junit-annotate#v1.6.0: - artifacts: junit-*.xml + - name: ":windows: Windows AMD64 Tests" + key: test-windows + command: "bash .buildkite\\steps\\tests.sh" + artifact_paths: junit-*.xml + agents: + queue: agent-runners-windows-amd64 + plugins: + - test-collector#v1.2.0: + files: "junit-*.xml" + format: "junit" + - artifacts#v1.9.0: + upload: "cover.{html,out}" + + - label: ":writing_hand: Annotate with Test Failures" + depends_on: + - test-linux-amd64 + - test-race-linux-arm64 + - test-linux-arm64 + - test-windows + allow_dependency_failure: true + plugins: + - junit-annotate#v1.6.0: + artifacts: junit-*.xml - group: ":hammer_and_wrench: Binary builds" steps: diff --git a/.buildkite/steps/shellcheck.sh b/.buildkite/steps/shellcheck.sh new file mode 100755 index 0000000000..39e657f8f5 --- /dev/null +++ b/.buildkite/steps/shellcheck.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env sh + +set -euo + +find . -type f -name "*.sh" -print0 | xargs shellcheck -S info From cc4f5eaf0bbfe022bbbd05baf455127e5ecf2cce Mon Sep 17 00:00:00 2001 From: Ben Moskovitz Date: Wed, 12 Jun 2024 14:23:44 +1000 Subject: [PATCH 3/3] Fix shellcheck errors in shell scripts in this repo --- .buildkite/steps/build-github-release.sh | 15 ++++++++++----- .buildkite/steps/build-rpm-packages.sh | 11 ++++++++--- .buildkite/steps/github-release.sh | 18 +++++++++++++----- .buildkite/steps/publish-debian-package.sh | 3 ++- .../steps/publish-debian-packagecloud.sh | 3 ++- .buildkite/steps/publish-docker-image.sh | 2 +- .buildkite/steps/publish-rpm-package.sh | 4 ++-- .buildkite/steps/publish-rpm-packagecloud.sh | 3 ++- .buildkite/steps/release-homebrew.sh | 16 ++++++++++++---- install.sh | 4 ++-- .../buildkite-agent/lsb/buildkite-agent.sh | 17 ++++++++--------- .../linux/scripts/after-install-and-upgrade.sh | 2 ++ packaging/linux/scripts/after-remove.sh | 2 ++ packaging/linux/scripts/before-install.sh | 2 ++ packaging/linux/scripts/before-remove.sh | 2 ++ packaging/linux/scripts/before-upgrade.sh | 2 ++ scripts/build-binary.sh | 2 +- scripts/build-github-release.sh | 2 +- scripts/check-upstart-conf.sh | 13 +++++++------ scripts/generate-acknowledgements.sh | 14 +++++++++----- scripts/publish-debian-package.sh | 2 +- 21 files changed, 91 insertions(+), 48 deletions(-) diff --git a/.buildkite/steps/build-github-release.sh b/.buildkite/steps/build-github-release.sh index 83a299722f..f29a7e1541 100755 --- a/.buildkite/steps/build-github-release.sh +++ b/.buildkite/steps/build-github-release.sh @@ -3,9 +3,14 @@ set -e echo '--- Getting agent version from build meta data' -export FULL_AGENT_VERSION=$(buildkite-agent meta-data get "agent-version-full") -export AGENT_VERSION=$(buildkite-agent meta-data get "agent-version") -export BUILD_VERSION=$(buildkite-agent meta-data get "agent-version-build") +FULL_AGENT_VERSION=$(buildkite-agent meta-data get "agent-version-full") +export FULL_AGENT_VERSION + +AGENT_VERSION=$(buildkite-agent meta-data get "agent-version") +export AGENT_VERSION + +BUILD_VERSION=$(buildkite-agent meta-data get "agent-version-build") +export BUILD_VERSION echo "Full agent version: $FULL_AGENT_VERSION" echo "Agent version: $AGENT_VERSION" @@ -20,7 +25,7 @@ buildkite-agent artifact download "pkg/*" . function build() { echo "--- Building release for: $1" - ./scripts/build-github-release.sh $1 $AGENT_VERSION + ./scripts/build-github-release.sh "$1" "$AGENT_VERSION" } # Export the function so we can use it in xargs @@ -30,4 +35,4 @@ export -f build rm -rf releases # Loop over all the binaries and build them -ls pkg/* | xargs -I {} bash -c "build {}" +find pkg/* -print0 | xargs -I {} bash -c "build {}" diff --git a/.buildkite/steps/build-rpm-packages.sh b/.buildkite/steps/build-rpm-packages.sh index 2eddca585b..613e73fc57 100755 --- a/.buildkite/steps/build-rpm-packages.sh +++ b/.buildkite/steps/build-rpm-packages.sh @@ -3,9 +3,14 @@ set -euo pipefail echo "--- Getting agent version from build meta data" -export FULL_AGENT_VERSION=$(buildkite-agent meta-data get "agent-version-full") -export AGENT_VERSION=$(buildkite-agent meta-data get "agent-version") -export BUILD_VERSION=$(buildkite-agent meta-data get "agent-version-build") +FULL_AGENT_VERSION=$(buildkite-agent meta-data get "agent-version-full") +export FULL_AGENT_VERSION + +AGENT_VERSION=$(buildkite-agent meta-data get "agent-version") +export AGENT_VERSION + +BUILD_VERSION=$(buildkite-agent meta-data get "agent-version-build") +export BUILD_VERSION echo "Full agent version: $FULL_AGENT_VERSION" echo "Agent version: $AGENT_VERSION" diff --git a/.buildkite/steps/github-release.sh b/.buildkite/steps/github-release.sh index bd2371f2d3..1a23b88c08 100755 --- a/.buildkite/steps/github-release.sh +++ b/.buildkite/steps/github-release.sh @@ -10,7 +10,8 @@ dry_run() { } echo '--- Getting credentials from SSM' -export GITHUB_RELEASE_ACCESS_TOKEN=$(aws ssm get-parameter --name /pipelines/agent/GITHUB_RELEASE_ACCESS_TOKEN --with-decryption --output text --query Parameter.Value --region us-east-1) +GITHUB_RELEASE_ACCESS_TOKEN=$(aws ssm get-parameter --name /pipelines/agent/GITHUB_RELEASE_ACCESS_TOKEN --with-decryption --output text --query Parameter.Value --region us-east-1) +export GITHUB_RELEASE_ACCESS_TOKEN if [[ "$GITHUB_RELEASE_ACCESS_TOKEN" == "" ]]; then echo "Error: Missing \$GITHUB_RELEASE_ACCESS_TOKEN" @@ -19,10 +20,17 @@ fi echo '--- Getting agent version from build meta data' -export FULL_AGENT_VERSION=$(buildkite-agent meta-data get "agent-version-full") -export AGENT_VERSION=$(buildkite-agent meta-data get "agent-version") -export BUILD_VERSION=$(buildkite-agent meta-data get "agent-version-build") -export IS_PRERELEASE=$(buildkite-agent meta-data get "agent-is-prerelease") +FULL_AGENT_VERSION=$(buildkite-agent meta-data get "agent-version-full") +export FULL_AGENT_VERSION + +AGENT_VERSION=$(buildkite-agent meta-data get "agent-version") +export AGENT_VERSION + +BUILD_VERSION=$(buildkite-agent meta-data get "agent-version-build") +export BUILD_VERSION + +IS_PRERELEASE=$(buildkite-agent meta-data get "agent-is-prerelease") +export IS_PRERELEASE echo "Full agent version: $FULL_AGENT_VERSION" echo "Agent version: $AGENT_VERSION" diff --git a/.buildkite/steps/publish-debian-package.sh b/.buildkite/steps/publish-debian-package.sh index eaffaa211c..ba15269133 100755 --- a/.buildkite/steps/publish-debian-package.sh +++ b/.buildkite/steps/publish-debian-package.sh @@ -24,7 +24,8 @@ if ! findmnt --source tmpfs --target /root/.gnupg; then fi echo "fetching signing key..." -export GPG_SIGNING_KEY=$(aws ssm get-parameter --name /pipelines/agent/GPG_SIGNING_KEY --with-decryption --output text --query Parameter.Value --region us-east-1) +GPG_SIGNING_KEY=$(aws ssm get-parameter --name /pipelines/agent/GPG_SIGNING_KEY --with-decryption --output text --query Parameter.Value --region us-east-1) +export GPG_SIGNING_KEY echo "fetching secret key..." aws ssm get-parameter --name /pipelines/agent/GPG_SECRET_KEY_ASCII --with-decryption --output text --query Parameter.Value --region us-east-1 > ${secret_key_path} diff --git a/.buildkite/steps/publish-debian-packagecloud.sh b/.buildkite/steps/publish-debian-packagecloud.sh index 31095fad3c..63de17d6a6 100755 --- a/.buildkite/steps/publish-debian-packagecloud.sh +++ b/.buildkite/steps/publish-debian-packagecloud.sh @@ -32,7 +32,8 @@ echo "--- Installing dependencies" gem install package_cloud echo "--- Requesting OIDC token" -export PACKAGECLOUD_TOKEN="$(buildkite-agent oidc request-token --audience "https://packagecloud.io/${REPOSITORY}" --lifetime 300)" +PACKAGECLOUD_TOKEN="$(buildkite-agent oidc request-token --audience "https://packagecloud.io/${REPOSITORY}" --lifetime 300)" +export PACKAGECLOUD_TOKEN echo "--- Pushing to Packagecloud" dry_run package_cloud push "${REPOSITORY}/${DISTRO_VERSION}" deb/*.deb diff --git a/.buildkite/steps/publish-docker-image.sh b/.buildkite/steps/publish-docker-image.sh index aa7831f009..21d89a4951 100755 --- a/.buildkite/steps/publish-docker-image.sh +++ b/.buildkite/steps/publish-docker-image.sh @@ -28,7 +28,7 @@ parse_version() { IFS='.' read -r -a parts <<< "${v%-*}" for idx in $(seq 1 ${#parts[*]}) ; do - sed -e 's/ /./g' <<< "${parts[@]:0:$idx}" + sed -e 's/ /./g' <<< "${parts[@]:0:$idx// /.}" done [[ "${v%-*}" == "$v" ]] || echo "$v" diff --git a/.buildkite/steps/publish-rpm-package.sh b/.buildkite/steps/publish-rpm-package.sh index eb33245bf1..24c78f3ee0 100755 --- a/.buildkite/steps/publish-rpm-package.sh +++ b/.buildkite/steps/publish-rpm-package.sh @@ -82,7 +82,7 @@ for ARCH in "x86_64" "i386" "aarch64"; do "${ARCH_PATH}/repodata" # Copy the new RPMs in. - find "rpm/" -type f -name "*${ARCH}*" | xargs cp -t "${ARCH_PATH}" + find "rpm/" -type f -name "*${ARCH}*" -print0 | xargs cp -t "${ARCH_PATH}" echo "--- Updating yum repository for ${CODENAME}/${ARCH}" if updaterepo "${ARCH_PATH}"; then @@ -99,7 +99,7 @@ for ARCH in "x86_64" "i386" "aarch64"; do "${ARCH_PATH}" # Copy the new RPMs in again. - find "rpm/" -type f -name "*${ARCH}*" | xargs cp -t "${ARCH_PATH}" + find "rpm/" -type f -name "*${ARCH}*" -print0 | xargs cp -t "${ARCH_PATH}" echo "--- Recreating yum repository for ${CODENAME}/${ARCH}" createrepo "${ARCH_PATH}" diff --git a/.buildkite/steps/publish-rpm-packagecloud.sh b/.buildkite/steps/publish-rpm-packagecloud.sh index b10499d45d..f61c777fc3 100755 --- a/.buildkite/steps/publish-rpm-packagecloud.sh +++ b/.buildkite/steps/publish-rpm-packagecloud.sh @@ -32,7 +32,8 @@ echo "--- Installing dependencies" gem install package_cloud echo "--- Requesting OIDC token" -export PACKAGECLOUD_TOKEN="$(buildkite-agent oidc request-token --audience "https://packagecloud.io/${REPOSITORY}" --lifetime 300)" +PACKAGECLOUD_TOKEN="$(buildkite-agent oidc request-token --audience "https://packagecloud.io/${REPOSITORY}" --lifetime 300)" +export PACKAGECLOUD_TOKEN echo "--- Pushing to Packagecloud" dry_run package_cloud push "${REPOSITORY}/${DISTRO_VERSION}" rpm/*.rpm diff --git a/.buildkite/steps/release-homebrew.sh b/.buildkite/steps/release-homebrew.sh index 56e9b36958..42c0e774d9 100755 --- a/.buildkite/steps/release-homebrew.sh +++ b/.buildkite/steps/release-homebrew.sh @@ -19,10 +19,18 @@ function to_json { echo '--- Getting agent version from build meta data' -export FULL_AGENT_VERSION=$(buildkite-agent meta-data get "agent-version-full") -export AGENT_VERSION=$(buildkite-agent meta-data get "agent-version") -export BUILD_VERSION=$(buildkite-agent meta-data get "agent-version-build") -export IS_PRERELEASE=$(buildkite-agent meta-data get "agent-is-prerelease") +FULL_AGENT_VERSION=$(buildkite-agent meta-data get "agent-version-full") +export FULL_AGENT_VERSION + +AGENT_VERSION=$(buildkite-agent meta-data get "agent-version") +export AGENT_VERSION + +BUILD_VERSION=$(buildkite-agent meta-data get "agent-version-build") +export BUILD_VERSION + +IS_PRERELEASE=$(buildkite-agent meta-data get "agent-is-prerelease") +export IS_PRERELEASE + echo "Full agent version: $FULL_AGENT_VERSION" echo "Agent version: $AGENT_VERSION" diff --git a/install.sh b/install.sh index 264db95abb..1d786e0ee4 100755 --- a/install.sh +++ b/install.sh @@ -102,14 +102,14 @@ function buildkite-download { echo -e "\033[31mFailed to download file: $1\033[0m\n" cat $BUILDKITE_DOWNLOAD_TMP_FILE - exit $BUILDKITE_DOWNLOAD_EXIT_STATUS + exit "$BUILDKITE_DOWNLOAD_EXIT_STATUS" fi } echo -e "Installing Version: \033[35mv$VERSION\033[0m" # Default the destination folder -: ${DESTINATION:="$HOME/.buildkite-agent"} +: "${DESTINATION:="$HOME/.buildkite-agent"}" # If they have a $HOME/.buildkite folder, rename it to `buildkite-agent` and # symlink back to the old one. Since we changed the name of the folder, we diff --git a/packaging/linux/root/usr/share/buildkite-agent/lsb/buildkite-agent.sh b/packaging/linux/root/usr/share/buildkite-agent/lsb/buildkite-agent.sh index 8bb72c22ec..7d9f848431 100755 --- a/packaging/linux/root/usr/share/buildkite-agent/lsb/buildkite-agent.sh +++ b/packaging/linux/root/usr/share/buildkite-agent/lsb/buildkite-agent.sh @@ -1,5 +1,6 @@ -#!/bin/sh -# +#!/usr/bin/env bash +# shellcheck disable=1090 + ### BEGIN INIT INFO # Provides: buildkite-agent # Required-Start: $network $local_fs $remote_fs @@ -20,17 +21,16 @@ pid_file="/var/run/${name}.pid" lock_dir="/var/lock/subsys" lock_file="${lock_dir}/${name}" log="/var/log/${name}.log" -stderr_log="/var/log/${name}.err" -[ -r /etc/default/${name} ] && . /etc/default/${name} -[ -r /etc/sysconfig/${name} ] && . /etc/sysconfig/${name} +[ -r "/etc/default/${name}" ] && . "/etc/default/${name}" +[ -r "/etc/sysconfig/${name}" ] && . "/etc/sysconfig/${name}" get_pid() { cat "$pid_file" } is_running() { - [ -f "$pid_file" ] && ps `get_pid` > /dev/null 2>&1 + [ -f "$pid_file" ] && ps "$(get_pid)" > /dev/null 2>&1 } case "$1" in @@ -53,9 +53,8 @@ case "$1" in stop) if is_running; then echo -n "Stopping $name.." - kill `get_pid` - for i in {1..10} - do + kill "$(get_pid)" + for _ in {1..10}; do if ! is_running; then break fi diff --git a/packaging/linux/scripts/after-install-and-upgrade.sh b/packaging/linux/scripts/after-install-and-upgrade.sh index 009b74e817..2d45b3835e 100755 --- a/packaging/linux/scripts/after-install-and-upgrade.sh +++ b/packaging/linux/scripts/after-install-and-upgrade.sh @@ -1,3 +1,5 @@ +#!/usr/bin/env bash + # $1 will be the version being upgraded from if this is an upgrade if [ "$1" = "" ] ; then OPERATION="install" diff --git a/packaging/linux/scripts/after-remove.sh b/packaging/linux/scripts/after-remove.sh index e7f7de70a1..6241956b9e 100755 --- a/packaging/linux/scripts/after-remove.sh +++ b/packaging/linux/scripts/after-remove.sh @@ -1,3 +1,5 @@ +#!/usr/bin/env bash + # Remove the system service we installed if command -v systemctl > /dev/null; then rm -f /lib/systemd/system/buildkite-agent.service diff --git a/packaging/linux/scripts/before-install.sh b/packaging/linux/scripts/before-install.sh index 27ba77ddaf..007807b58d 100755 --- a/packaging/linux/scripts/before-install.sh +++ b/packaging/linux/scripts/before-install.sh @@ -1 +1,3 @@ +#!/usr/bin/env bash + true diff --git a/packaging/linux/scripts/before-remove.sh b/packaging/linux/scripts/before-remove.sh index a8bf0ba7be..eca7b1bfdf 100755 --- a/packaging/linux/scripts/before-remove.sh +++ b/packaging/linux/scripts/before-remove.sh @@ -1,3 +1,5 @@ +#!/usr/bin/env bash + # Check if upstart exists command -v initctl > /dev/null BK_UPSTART_EXISTS=$? diff --git a/packaging/linux/scripts/before-upgrade.sh b/packaging/linux/scripts/before-upgrade.sh index 27ba77ddaf..007807b58d 100755 --- a/packaging/linux/scripts/before-upgrade.sh +++ b/packaging/linux/scripts/before-upgrade.sh @@ -1 +1,3 @@ +#!/usr/bin/env bash + true diff --git a/scripts/build-binary.sh b/scripts/build-binary.sh index 52b0c39932..954742e476 100755 --- a/scripts/build-binary.sh +++ b/scripts/build-binary.sh @@ -44,7 +44,7 @@ fi export CGO_ENABLED=0 # Generated files -"$(dirname $0)"/generate-acknowledgements.sh +"$(dirname "$0")"/generate-acknowledgements.sh mkdir -p $BUILD_PATH go build -v -ldflags "-X github.com/buildkite/agent/v3/version.buildNumber=${BUILD_NUMBER}" -o "${BUILD_PATH}/${BINARY_FILENAME}" . diff --git a/scripts/build-github-release.sh b/scripts/build-github-release.sh index 110fb7512d..683fa3d9f7 100755 --- a/scripts/build-github-release.sh +++ b/scripts/build-github-release.sh @@ -48,7 +48,7 @@ if [[ "${BINARY_PATH}" == *"windows"* ]]; then info "Zipping up the files" cd "${TMP_RELEASE_DIRECTORY}" - zip -X -r "../${RELEASE_FILE_NAME}" * + zip -X -r "../${RELEASE_FILE_NAME}" -- * else RELEASE_FILE_NAME="${RELEASE_NAME}.tar.gz" diff --git a/scripts/check-upstart-conf.sh b/scripts/check-upstart-conf.sh index 6810f621ec..e7909609d4 100755 --- a/scripts/check-upstart-conf.sh +++ b/scripts/check-upstart-conf.sh @@ -11,20 +11,21 @@ fi config=${1} && shift dbus_pid_file=$(/bin/mktemp) -exec 4<> ${dbus_pid_file} +exec 4<> "${dbus_pid_file}" dbus_add_file=$(/bin/mktemp) -exec 6<> ${dbus_add_file} +exec 6<> "${dbus_add_file}" /bin/dbus-daemon --fork --print-pid 4 --print-address 6 --session function clean { - kill $(cat ${dbus_pid_file}) - rm -f ${dbus_pid_file} ${dbus_add_file} + kill "$(cat "${dbus_pid_file}")" + rm -f" ${dbus_pid_file}" "${dbus_add_file}" exit 1 } trap "{ clean; }" EXIT -export DBUS_SESSION_BUS_ADDRESS=$(cat ${dbus_add_file}) +DBUS_SESSION_BUS_ADDRESS="$(cat "${dbus_add_file}")" +export DBUS_SESSION_BUS_ADDRESS -/bin/init-checkconf ${config} +/bin/init-checkconf "${config}" diff --git a/scripts/generate-acknowledgements.sh b/scripts/generate-acknowledgements.sh index 6565d61174..53ab63256f 100755 --- a/scripts/generate-acknowledgements.sh +++ b/scripts/generate-acknowledgements.sh @@ -8,7 +8,7 @@ echo 'Generating OSS attributions' echo "GOOS=${GOOS:-not set}" echo "GOARCH=${GOARCH:-not set}" -cd $(git rev-parse --show-toplevel) +cd "$(git rev-parse --show-toplevel)" if [[ ! -f "./go.mod" ]]; then echo "Couldn't find go.mod - are you in the agent repository?" @@ -28,9 +28,13 @@ fi # Create temporary directory and file # TEMPFILE is not in TEMPDIR, because this causes infinite recursion later on. -export TEMPDIR="$(mktemp -d /tmp/generate-acknowledgements.XXXXXX)" -export TEMPFILE="$(mktemp /tmp/acknowledgements.XXXXXX)" -trap "rm -fr ${TEMPDIR} ${TEMPFILE}" EXIT +TEMPDIR="$(mktemp -d /tmp/generate-acknowledgements.XXXXXX)" +export TEMPDIR + +TEMPFILE="$(mktemp /tmp/acknowledgements.XXXXXX)" +export TEMPFILE + +trap 'rm -fr ${TEMPDIR} ${TEMPFILE}' EXIT "${GO_LICENSES}" save . --save_path="${TEMPDIR}" --force @@ -43,7 +47,7 @@ Licenses for the libraries used are reproduced below. EOF addfile() { - printf "\n\n---\n\n## %s\n\n\`\`\`\n" "${2:-${1#${TEMPDIR}/}}" >> "${TEMPFILE}" + printf "\n\n---\n\n## %s\n\n\`\`\`\n" "${2:-${1#"${TEMPDIR}"/}}" >> "${TEMPFILE}" cat "$1" >> "${TEMPFILE}" printf "\n\`\`\`\n" >> "${TEMPFILE}" } diff --git a/scripts/publish-debian-package.sh b/scripts/publish-debian-package.sh index b96e16c2bc..70a9ce7046 100755 --- a/scripts/publish-debian-package.sh +++ b/scripts/publish-debian-package.sh @@ -48,7 +48,7 @@ deb_s3_args=( # Older versions were ok with prefix and bucket in the same parameter, but we now need to split them echo "Parsing DEB_S3_BUCKET=$DEB_S3_BUCKET" -DEB_S3_BUCKET_ARRAY=(${DEB_S3_BUCKET//\// }) +DEB_S3_BUCKET_ARRAY=("${DEB_S3_BUCKET//\// }") if [[ ${#DEB_S3_BUCKET_ARRAY[@]} -gt 2 ]] ; then echo "Expected $DEB_S3_BUCKET to have at most 1 path component"