kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity
Files
7d4fa631aea8cdece60531887c1a7c625cfc1b14
baron-sso/scripts/test_deploy_workflow_env_prefixes.sh

70 lines
2.2 KiB
Bash
Raw Blame History

#!/usr/bin/env sh
set -eu
fail_if_contains() {
file="$1"
pattern="$2"
if grep -Fq "$pattern" "$file"; then
echo "forbidden pattern in $file: $pattern" >&2
exit 1
fi
}
assert_contains() {
file="$1"
pattern="$2"
if ! grep -Fq "$pattern" "$file"; then
echo "missing pattern in $file: $pattern" >&2
exit 1
fi
}
staging_workflows="
.gitea/workflows/staging_code_pull.yml
.gitea/workflows/staging_release.yml
.gitea/workflows/staging_image_deploy.yml
"
production_workflows="
.gitea/workflows/production_release.yml
.gitea/workflows/production_image_deploy.yml
"
for workflow in $staging_workflows; do
assert_contains "$workflow" "vars.STG_"
assert_contains "$workflow" "secrets.STG_"
fail_if_contains "$workflow" "vars.STAGE_"
fail_if_contains "$workflow" "secrets.STAGE_"
for name in \
USERFRONT_URL ADMINFRONT_URL DEVFRONT_URL ORGFRONT_URL VITE_OIDC_AUTHORITY \
BACKEND_URL BACKEND_LOG_LEVEL CLIENT_LOG_DEBUG PROFILE_CACHE_TTL CORS_ALLOWED_ORIGINS \
WORKS_ADMIN_API_BASE_URL WORKS_ADMIN_OAUTH_TOKEN_URL NAVER_CLOUD_ACCESS_KEY \
NAVER_CLOUD_SERVICE_ID NAVER_SENDER_PHONE_NUMBER AWS_REGION AWS_ACCESS_KEY_ID \
AWS_SES_SENDER CLICKHOUSE_HOST CLICKHOUSE_USER DB_PORT DB_USER DB_NAME REDIS_ADDR
do
fail_if_contains "$workflow" "vars.$name"
done
for name in AWS_SECRET_ACCESS_KEY NAVER_CLOUD_SECRET_KEY CLICKHOUSE_PASSWORD STAGE_SSH_PRIVATE_KEY; do
fail_if_contains "$workflow" "secrets.$name"
done
done
for workflow in $production_workflows; do
assert_contains "$workflow" "vars.PROD_"
assert_contains "$workflow" "secrets.PROD_"
for name in \
ADMINFRONT_URL DEVFRONT_URL ORGFRONT_URL VITE_OIDC_AUTHORITY BACKEND_LOG_LEVEL \
CLIENT_LOG_DEBUG PROFILE_CACHE_TTL CORS_ALLOWED_ORIGINS WORKS_ADMIN_API_BASE_URL \
WORKS_ADMIN_OAUTH_TOKEN_URL NAVER_CLOUD_ACCESS_KEY NAVER_CLOUD_SERVICE_ID \
NAVER_SENDER_PHONE_NUMBER AWS_REGION AWS_ACCESS_KEY_ID AWS_SES_SENDER \
CLICKHOUSE_HOST CLICKHOUSE_USER ADMINFRONT_PORT DEVFRONT_PORT ORGFRONT_PORT
do
fail_if_contains "$workflow" "vars.$name"
done
for name in AWS_SECRET_ACCESS_KEY NAVER_CLOUD_SECRET_KEY CLICKHOUSE_PASSWORD; do
fail_if_contains "$workflow" "secrets.$name"
done
done
echo "deploy workflow env prefix checks passed"
View Git Blame Copy Permalink