Merge pull request 'Add build pre-flight checks for age keys and docker' (#12) from feature/build-sanity-checks into master
Some checks are pending
CI / checks (push) Waiting to run
Some checks are pending
CI / checks (push) Waiting to run
Reviewed-on: #12
This commit is contained in:
commit
721598ea80
1 changed files with 54 additions and 0 deletions
|
|
@ -4,6 +4,60 @@ set -euo pipefail
|
||||||
cd "$(dirname "$0")/.."
|
cd "$(dirname "$0")/.."
|
||||||
source deploy/env.sh
|
source deploy/env.sh
|
||||||
|
|
||||||
|
AGE_KEY_FILE="${SOPS_AGE_KEY_FILE:-$HOME/.config/age/keys.txt}"
|
||||||
|
AGE_RECIPIENT="age1hkehkc2rryjl975c2mg5cghmjr54n4wjshncl292h2eg5l394fhs4uydrh"
|
||||||
|
|
||||||
|
require_cmd() {
|
||||||
|
local cmd="$1"
|
||||||
|
if ! command -v "$cmd" >/dev/null 2>&1; then
|
||||||
|
echo "Missing required tool: $cmd. Please install it before building." >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
check_docker() {
|
||||||
|
if [[ -n "${SKIP_DOCKER_CHECK:-}" ]]; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
require_cmd docker
|
||||||
|
if ! docker info >/dev/null 2>&1; then
|
||||||
|
echo "Docker is installed but the daemon is not reachable. Start Docker Desktop/Engine and try again." >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
check_age_setup() {
|
||||||
|
if [[ -n "${SKIP_AGE_CHECK:-}" ]]; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
require_cmd sops
|
||||||
|
if [[ ! -f "$AGE_KEY_FILE" ]]; then
|
||||||
|
echo "Age key file not found at $AGE_KEY_FILE. Copy creds/age-key.txt or set SOPS_AGE_KEY_FILE." >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if command -v age-keygen >/dev/null 2>&1; then
|
||||||
|
if ! age-keygen -y "$AGE_KEY_FILE" 2>/dev/null | grep -q "$AGE_RECIPIENT"; then
|
||||||
|
echo "Age key file at $AGE_KEY_FILE does not contain the expected public key ($AGE_RECIPIENT)." >&2
|
||||||
|
echo "Ensure your ~/.config/age/keys.txt includes the repo key (see creds/age-key.txt)." >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
# Fallback: best-effort text check for the public key comment
|
||||||
|
if ! grep -q "$AGE_RECIPIENT" "$AGE_KEY_FILE"; then
|
||||||
|
echo "Age key file at $AGE_KEY_FILE is missing the expected public key comment ($AGE_RECIPIENT)." >&2
|
||||||
|
echo "Install age-keygen to verify keys or copy creds/age-key.txt." >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "Running pre-flight checks..."
|
||||||
|
for tool in git npm; do
|
||||||
|
require_cmd "$tool"
|
||||||
|
done
|
||||||
|
check_docker
|
||||||
|
check_age_setup
|
||||||
|
|
||||||
GIT_SHA=$(git rev-parse --short HEAD 2>/dev/null || date +%s)
|
GIT_SHA=$(git rev-parse --short HEAD 2>/dev/null || date +%s)
|
||||||
BASE_TAG=${BUILD_TAG:-$GIT_SHA}
|
BASE_TAG=${BUILD_TAG:-$GIT_SHA}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue