diff options
Diffstat (limited to 'scripts')
-rwxr-xr-x | scripts/codequality | 19 | ||||
-rwxr-xr-x | scripts/security-harness | 57 | ||||
-rwxr-xr-x | scripts/static-analysis | 11 |
3 files changed, 79 insertions, 8 deletions
diff --git a/scripts/codequality b/scripts/codequality new file mode 100755 index 00000000000..2f3ccef7d2d --- /dev/null +++ b/scripts/codequality @@ -0,0 +1,19 @@ +#!/bin/sh + +set -eo pipefail + +code_path=$(pwd) + +# docker run --tty will merge stderr and stdout, we don't need this on CI or +# it will break codequality json file +[ "$CI" != "" ] || docker_tty="--tty" + +# The codebase and instructions for the following image can be found at https://gitlab.com/gitlab-org/codeclimate-rubocop/wikis/home +docker pull dev.gitlab.org:5005/gitlab/gitlab-build-images:gitlab-codeclimate-rubocop-0-52-1 > /dev/null +docker tag dev.gitlab.org:5005/gitlab/gitlab-build-images:gitlab-codeclimate-rubocop-0-52-1 codeclimate/codeclimate-rubocop:gitlab-codeclimate-rubocop-0-52-1 > /dev/null + +exec docker run --rm $docker_tty --env CODECLIMATE_CODE="$code_path" \ + --volume "$code_path":/code \ + --volume /var/run/docker.sock:/var/run/docker.sock \ + --volume /tmp/cc:/tmp/cc \ + "codeclimate/codeclimate:${CODECLIMATE_VERSION:-0.71.1}" "$@" diff --git a/scripts/security-harness b/scripts/security-harness new file mode 100755 index 00000000000..c60b3410095 --- /dev/null +++ b/scripts/security-harness @@ -0,0 +1,57 @@ +#!/usr/bin/env ruby + +require 'digest' +require 'fileutils' + +harness_path = File.expand_path('../.git/security_harness', __dir__) +hook_path = File.expand_path("../.git/hooks/pre-push", __dir__) + +if File.exist?(hook_path) + # Deal with a pre-existing hook + source_sum = Digest::SHA256.hexdigest(DATA.read) + dest_sum = Digest::SHA256.file(hook_path).hexdigest + + if source_sum != dest_sum + puts "#{hook_path} exists and is different from our hook!" + puts "Remove it and re-run this script to continue." + + exit 1 + end +else + File.open(hook_path, 'w') do |file| + IO.copy_stream(DATA, file) + end + + File.chmod(0755, hook_path) +end + +# Toggle the harness on or off +if File.exist?(harness_path) + FileUtils.rm(harness_path) + + puts "Security harness removed -- you can now push to all remotes." +else + FileUtils.touch(harness_path) + + puts "Security harness installed -- you will only be able to push to dev.gitlab.org!" +end + +__END__ +#!/bin/sh + +set -e + +url="$2" +harness=`dirname "$0"`/../security_harness + +if [ -e "$harness" ] +then + if [[ "$url" != *"dev.gitlab.org"* ]] + then + echo "Pushing to remotes other than dev.gitlab.org has been disabled!" + echo "Run scripts/security-harness to disable this check." + echo + + exit 1 + fi +fi diff --git a/scripts/static-analysis b/scripts/static-analysis index bdb88f3cb57..0e67eabfec1 100755 --- a/scripts/static-analysis +++ b/scripts/static-analysis @@ -7,7 +7,7 @@ require_relative '../lib/gitlab/popen/runner' def emit_warnings(static_analysis) static_analysis.warned_results.each do |result| puts - puts "**** #{result.cmd.join(' ')} had the following warnings:" + puts "**** #{result.cmd.join(' ')} had the following warning(s):" puts puts result.stderr puts @@ -17,7 +17,7 @@ end def emit_errors(static_analysis) static_analysis.failed_results.each do |result| puts - puts "**** #{result.cmd.join(' ')} failed with the following error:" + puts "**** #{result.cmd.join(' ')} failed with the following error(s):" puts puts result.stdout puts result.stderr @@ -26,15 +26,10 @@ def emit_errors(static_analysis) end tasks = [ - %w[bundle exec rake config_lint], - %w[bundle exec rake flay], - %w[bundle exec rake haml_lint], - %w[bundle exec rake scss_lint], + %w[bin/rake lint:all], %w[bundle exec license_finder], %w[yarn run eslint], %w[bundle exec rubocop --parallel], - %w[bundle exec rake gettext:lint], - %w[bundle exec rake lint:static_verification], %w[scripts/lint-conflicts.sh], %w[scripts/lint-rugged] ] |