forked from baron/baron-sso
56 lines
2.0 KiB
Bash
56 lines
2.0 KiB
Bash
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
repo_root="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
|
|
|
root_config="$(
|
|
docker compose --env-file "$repo_root/.env" -f "$repo_root/compose.ory.yaml" config
|
|
)"
|
|
docker_config="$(
|
|
docker compose --env-file "$repo_root/.env" -f "$repo_root/docker/compose.ory.yaml" config
|
|
)"
|
|
|
|
for service in kratos hydra keto oathkeeper; do
|
|
version_key="$(tr '[:lower:]' '[:upper:]' <<<"$service")_VERSION"
|
|
expected_version="$(grep -E "^${version_key}=" "$repo_root/.env" | cut -d= -f2-)"
|
|
if [[ -z "$expected_version" ]]; then
|
|
echo "ERROR: $version_key must be set in .env" >&2
|
|
exit 1
|
|
fi
|
|
if ! grep -q "image: oryd/${service}:${expected_version}" <<<"$root_config"; then
|
|
echo "ERROR: compose.ory.yaml must render oryd/${service}:${expected_version}" >&2
|
|
exit 1
|
|
fi
|
|
done
|
|
|
|
if grep -q "oryd/hydra:v25.4.0" <<<"$root_config"; then
|
|
echo "ERROR: compose.ory.yaml must not hard-code init-rp to hydra v25.4.0." >&2
|
|
exit 1
|
|
fi
|
|
|
|
root_init_rp="$(
|
|
awk 'in_block && /^ [A-Za-z0-9_-]+:/ { exit } /^ init-rp:/ { in_block=1 } in_block { print }' "$repo_root/compose.ory.yaml"
|
|
)"
|
|
docker_init_rp="$(
|
|
awk 'in_block && /^ [A-Za-z0-9_-]+:/ { exit } /^ init-rp:/ { in_block=1 } in_block { print }' "$repo_root/docker/compose.ory.yaml"
|
|
)"
|
|
if grep -q "image: oryd/hydra" <<<"$root_init_rp$docker_init_rp"; then
|
|
echo "ERROR: init-rp must not use the Hydra service image because distroless tags do not provide /bin/sh." >&2
|
|
exit 1
|
|
fi
|
|
|
|
if ! grep -q "migrate sql up" "$repo_root/compose.ory.yaml"; then
|
|
echo "ERROR: compose.ory.yaml Kratos migration must use migrate sql up." >&2
|
|
exit 1
|
|
fi
|
|
|
|
if ! grep -q "keto-migrate:" <<<"$docker_config"; then
|
|
echo "ERROR: docker/compose.ory.yaml must include keto-migrate for clean Ory installs." >&2
|
|
exit 1
|
|
fi
|
|
|
|
if grep -q "releases/download/v25.4.0" "$repo_root/docker/staging_pull_compose.template.yaml"; then
|
|
echo "ERROR: staging pull compose must not download a hard-coded Hydra v25.4.0 CLI." >&2
|
|
exit 1
|
|
fi
|