diff --git a/bin/codex-devops-auth.sh b/bin/codex-devops-auth.sh index 6478b39..40f4f0c 100755 --- a/bin/codex-devops-auth.sh +++ b/bin/codex-devops-auth.sh @@ -7,30 +7,23 @@ TOKEN_HOST="${TOKEN_HOST:-operator-access-token.svc.ad1.r2}" SSH_CONFIG_FILE="${SSH_CONFIG_FILE:-$HOME/.ssh/config.oci}" OCI_BIN="${OCI_BIN:-/opt/homebrew/bin/oci}" OCI_SESSION_REGION="${OCI_SESSION_REGION:-us-chicago-1}" +OCI_PROFILE_NAME="${OCI_PROFILE_NAME:-DEFAULT}" RESET_AGENT="${RESET_AGENT:-0}" DEDICATED_AGENT_PID="" +DEDICATED_AGENT_SOCK="" log() { print -u2 -- "$@" } -inherited_agent_likely_rejects_pkcs11() { - [[ -n "${SSH_AUTH_SOCK:-}" ]] || return 1 - [[ -z "${SSH_AGENT_PID:-}" ]] || return 1 - - case "${SSH_AUTH_SOCK}" in - /private/tmp/com.apple.launchd.*/Listeners) - return 0 - ;; - esac - - return 1 +cleanup() { + if [[ -n "${DEDICATED_AGENT_PID}" && -n "${DEDICATED_AGENT_SOCK}" ]]; then + SSH_AGENT_PID="${DEDICATED_AGENT_PID}" SSH_AUTH_SOCK="${DEDICATED_AGENT_SOCK}" ssh-agent -k >/dev/null 2>&1 || true + fi } -cleanup() { - if [[ -n "${DEDICATED_AGENT_PID}" ]]; then - SSH_AGENT_PID="${DEDICATED_AGENT_PID}" ssh-agent -k >/dev/null 2>&1 || true - fi +run_oci() { + "${OCI_BIN}" --profile "${OCI_PROFILE_NAME}" "$@" } ensure_oci_session() { @@ -40,7 +33,7 @@ ensure_oci_session() { fi set +e - "${OCI_BIN}" session validate >/dev/null 2>&1 + run_oci session validate >/dev/null 2>&1 local validate_rc=$? set -e @@ -51,7 +44,7 @@ ensure_oci_session() { log "OCI CLI session is not valid; attempting refresh." set +e - "${OCI_BIN}" session refresh >/dev/null 2>&1 + run_oci session refresh >/dev/null 2>&1 local refresh_rc=$? set -e @@ -60,26 +53,16 @@ ensure_oci_session() { return 0 fi - log "Running OCI CLI session authenticate for ${OCI_SESSION_REGION}." - "${OCI_BIN}" session authenticate --region "${OCI_SESSION_REGION}" + log "Running OCI CLI session authenticate for ${OCI_SESSION_REGION} with profile ${OCI_PROFILE_NAME}." + "${OCI_BIN}" session authenticate --region "${OCI_SESSION_REGION}" --profile-name "${OCI_PROFILE_NAME}" } ensure_ssh_agent() { - if [[ -n "${SSH_AUTH_SOCK:-}" && -S "${SSH_AUTH_SOCK}" ]]; then - set +e - ssh-add -l >/dev/null 2>&1 - local rc=$? - set -e - case ${rc} in - 0|1) - return 0 - ;; - esac - fi - - log "Starting ssh-agent for Codex." + log "Starting dedicated ssh-agent for Codex." + unset SSH_AUTH_SOCK SSH_AGENT_PID eval "$(ssh-agent -s)" >/dev/null DEDICATED_AGENT_PID="${SSH_AGENT_PID:-}" + DEDICATED_AGENT_SOCK="${SSH_AUTH_SOCK:-}" } add_pkcs11_provider() { @@ -88,32 +71,8 @@ add_pkcs11_provider() { } prepare_agent() { - local had_inherited_agent=0 - if [[ -n "${SSH_AUTH_SOCK:-}" && -S "${SSH_AUTH_SOCK}" ]]; then - had_inherited_agent=1 - fi - - if inherited_agent_likely_rejects_pkcs11; then - log "Inherited launchd SSH agent is unlikely to support PKCS#11; starting a dedicated ssh-agent for Codex." - unset SSH_AUTH_SOCK SSH_AGENT_PID - had_inherited_agent=0 - fi - ensure_ssh_agent - - if add_pkcs11_provider; then - return 0 - fi - - if [[ ${had_inherited_agent} -eq 1 ]]; then - log "Existing SSH agent rejected PKCS#11 provider; starting a dedicated ssh-agent for Codex." - unset SSH_AUTH_SOCK SSH_AGENT_PID - ensure_ssh_agent - add_pkcs11_provider - return 0 - fi - - return 1 + add_pkcs11_provider } if [[ ! -f "${SSH_CONFIG_FILE}" ]]; then diff --git a/bin/create_mrshughes b/bin/create_mrshughes index 03d22a1..25573f9 100755 --- a/bin/create_mrshughes +++ b/bin/create_mrshughes @@ -3,29 +3,119 @@ set -e set -x -# function to get PARENT_WS as a parameter -# default value is 'ssh://pnyc@andel.us.oracle.com//workspace/pnyc/solaris-reviews/secure-integrate/userland11.4' -# +usage() { + print "Usage: ${0:t} [-r repo_url] [-d dest_dir] [-h]" + print "" + print " -r repo_url Mercurial repo URL to clone." + print " Default: ssh://pnyc@dabel.us.oracle.com//workspace/pnyc/solaris-reviews/on-sru" + print " -d dest_dir Local directory to clone into." + print " Default: ~/PycharmProjects/" + print " -h Show this help text." + print "" + print "The script exits if dest_dir already exists." +} -if [[ -z $1 ]]; then - # PARENT_WS='ssh://pnyc@andel.us.oracle.com//workspace/pnyc/solaris-reviews/secure-integrate/userland11.4' - # PARENT_WS='ssh://pnyc@andel.us.oracle.com//workspace/pnyc/solaris-reviews/userland-pipeline' - # PARENT_WS='ssh://pnyc@andel.us.oracle.com//workspace/pnyc/solaris-reviews/akidr-text' - PARENT_WS='ssh://pnyc@andel.us.oracle.com//workspace/pnyc/solaris-reviews/akidr' -else - PARENT_WS=$1 +ensure_clone_identity_loaded() { + local ssh_host="$1" + local identity_file="" + local identity_pub="" + + ssh_host="${ssh_host%%:*}" + + identity_file=$(ssh -G "$ssh_host" 2>/dev/null | awk '/^identityfile / {print $2; exit}') + if [[ -z "$identity_file" ]]; then + return 0 + fi + + identity_file=${~identity_file} + identity_pub="${identity_file}.pub" + + if [[ ! -f "$identity_file" || ! -f "$identity_pub" ]]; then + return 0 + fi + + if ssh-add -T "$identity_pub" >/dev/null 2>&1; then + return 0 + fi + + print "Loading SSH identity for ${ssh_host}: ${identity_file}" + ssh-add --apple-use-keychain "$identity_file" >/dev/null 2>&1 || ssh-add "$identity_file" +} + +DEFAULT_PARENT_WS='ssh://pnyc@dabel.us.oracle.com//workspace/pnyc/solaris-reviews/on-sru' +# Example repo URLs: +# ssh://pnyc@andel.us.oracle.com//workspace/pnyc/solaris-reviews/secure-integrate/userland11.4 +# ssh://pnyc@andel.us.oracle.com//workspace/pnyc/solaris-reviews/userland-pipeline +# ssh://pnyc@andel.us.oracle.com//workspace/pnyc/solaris-reviews/akidr-text +# ssh://pnyc@andel.us.oracle.com//workspace/pnyc/solaris-reviews/akidr +PARENT_WS="$DEFAULT_PARENT_WS" +DEST_DIR='' + +while getopts ":r:d:h" opt; do + case "$opt" in + r) + PARENT_WS="$OPTARG" + ;; + d) + DEST_DIR="$OPTARG" + ;; + h) + usage + exit 0 + ;; + :) + print -u2 "Missing argument for -$OPTARG" + usage >&2 + exit 1 + ;; + \?) + print -u2 "Unknown option: -$OPTARG" + usage >&2 + exit 1 + ;; + esac +done + +shift $((OPTIND - 1)) + +if [[ $# -ne 0 ]]; then + print -u2 "Unexpected positional arguments: $*" + usage >&2 + exit 1 fi # remove trailing slash PARENT_WS="${PARENT_WS%/}" -JENKINS_CLONE_FROM="ssh://${PARENT_WS##ssh://pnyc@}" +REPO=${PARENT_WS##*/} # userland11.4 + +if [[ -z "$DEST_DIR" ]]; then + DEST_DIR=~/PycharmProjects/${REPO} +fi + +DEST_DIR=${~DEST_DIR} +DEST_DIR=${DEST_DIR:A} + +if [[ -e "$DEST_DIR" ]]; then + print -u2 "Destination already exists: $DEST_DIR" + exit 1 +fi + +HG_CLONE_ARGS=() +if [[ "$PARENT_WS" == ssh://* ]]; then + SSH_CLONE_HOST=${${PARENT_WS#ssh://}%%/*} + SSH_CLONE_HOST=${SSH_CLONE_HOST#*@} + ensure_clone_identity_loaded "$SSH_CLONE_HOST" + + # Avoid exhausting ssh-agent identities before ssh reaches the host-specific + # IdentityFile from ~/.ssh/config (for example ~/.ssh/dabel.key). + HG_CLONE_ARGS+=(--config "ui.ssh=ssh -o BatchMode=yes -o IdentitiesOnly=yes") +fi + +JENKINS_CLONE_FROM="ssh://${${PARENT_WS#ssh://}#*@}" FOLDER_PREFIX='PetrN/' POINT_OF_CONTACT='petr.nyc@oracle.com' SLACK_CHANNEL='@pnyc' -DIR=$(pwd) - -REPO=${PARENT_WS##*/} # userland11.4 # /workspace/pnyc/solaris-reviews/secure-integrate/userland11.4 SCRIPT_DIR_BASE=$(echo "$PARENT_WS" | awk '{sub(/^.*\/\//,"/"); print}') @@ -35,9 +125,10 @@ CP=/bin/cp CAT=/bin/cat pwd -hg clone "$PARENT_WS" +mkdir -p "${DEST_DIR:h}" +hg "${HG_CLONE_ARGS[@]}" clone "$PARENT_WS" "$DEST_DIR" pwd -cd "${DIR}/${REPO}" +cd "$DEST_DIR" pwd source proxy off @@ -59,11 +150,11 @@ $MV "$tmpmake" Makefile.inc # set up pwd -cd "${DIR}/${REPO}/common/etc" +cd "$DEST_DIR/common/etc" $CP passwd.template passwd # set up dev defaults -cd "${DIR}/${REPO}/common/jobs/" +cd "$DEST_DIR/common/jobs/" cp defaults.devel.tmpl defaults.devel.yml cp defaults.stage.tmpl defaults.stage.yml @@ -92,6 +183,15 @@ CATT patch -p0 defaults.devel.yml < defaults_devel_patch +if [[ -d "$DEST_DIR/solaris/on/production" ]]; then + LINT_DIR="$DEST_DIR/solaris/on/production" +elif [[ -d "$DEST_DIR/solaris/userland/sru" ]]; then + LINT_DIR="$DEST_DIR/solaris/userland/sru" +else + print -u2 "Unable to determine lint directory under $DEST_DIR/solaris" + exit 1 +fi + source proxy off -cd "${DIR}/${REPO}/solaris/userland/sru/" -make lint +cd "$LINT_DIR" +make FAKE_DEVEL_ENV=yes lint