Skip to content

Commit f88dd76

Browse files
author
Simon Thulbourn
committed
shellcheck updates
1 parent 77a132a commit f88dd76

File tree

1 file changed

+23
-22
lines changed

1 file changed

+23
-22
lines changed

.github/workflows/layer_govcloud.yml

Lines changed: 23 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -109,8 +109,8 @@ jobs:
109109
name: ${{ matrix.layer }}_${{ matrix.arch }}.json
110110
- name: Verify Layer Signature
111111
run: |
112-
SHA=$(jq -r '.Content.CodeSha256' ${{ matrix.layer }}_${{ matrix.arch }}.json)
113-
test $(openssl dgst -sha256 -binary ${{ matrix.layer }}_${{ matrix.arch }}.zip | openssl enc -base64) == $SHA && echo "SHA OK: ${SHA}" || exit 1
112+
SHA=$(jq -r '.Content.CodeSha256' '${{ matrix.layer }}_${{ matrix.arch }}.json')
113+
test "$(openssl dgst -sha256 -binary ${{ matrix.layer }}_${{ matrix.arch }}.zip | openssl enc -base64)" == "$SHA" && echo "SHA OK: ${SHA}" || exit 1
114114
- name: Configure AWS Credentials
115115
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
116116
with:
@@ -123,28 +123,29 @@ jobs:
123123
LAYER_VERSION=$(aws --region us-gov-east-1 lambda publish-layer-version \
124124
--layer-name ${{ matrix.layer }}-${{ matrix.arch }} \
125125
--zip-file fileb://./${{ matrix.layer }}_${{ matrix.arch }}.zip \
126-
--compatible-runtimes $(jq -r ".CompatibleRuntimes[0]" ${{ matrix.layer }}_${{ matrix.arch }}.json) \
127-
--compatible-architectures $(jq -r ".CompatibleArchitectures[0]" ${{ matrix.layer }}_${{ matrix.arch }}.json) \
126+
--compatible-runtimes "$(jq -r '.CompatibleRuntimes[0]' '${{ matrix.layer }}_${{ matrix.arch }}.json')" \
127+
--compatible-architectures "$(jq -r '.CompatibleArchitectures[0]' '${{ matrix.layer }}_${{ matrix.arch }}.json')" \
128128
--license-info "MIT-0" \
129-
--description "$(jq -r '.Description' ${{ matrix.layer }}_${{ matrix.arch }}.json)" \
129+
--description "$(jq -r '.Description' '${{ matrix.layer }}_${{ matrix.arch }}.json')" \
130130
--query 'Version' \
131131
--output text)
132+
132133
echo "LAYER_VERSION=$LAYER_VERSION" >> "$GITHUB_OUTPUT"
133134
134135
aws --region us-gov-east-1 lambda add-layer-version-permission \
135-
--layer-name ${{ matrix.layer }}-${{ matrix.arch }} \
136+
--layer-name '${{ matrix.layer }}-${{ matrix.arch }}' \
136137
--statement-id 'PublicLayer' \
137138
--action lambda:GetLayerVersion \
138139
--principal '*' \
139-
--version-number $LAYER_VERSION
140+
--version-number "$LAYER_VERSION"
140141
- name: Verify Layer
141142
env:
142143
LAYER_VERSION: ${{ steps.create-layer.outputs.LAYER_VERSION }}
143144
run: |
144-
REMOTE_SHA=$(aws --region us-gov-east-1 lambda get-layer-version-by-arn --arn arn:aws-us-gov:lambda:us-gov-east-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ env.LAYER_VERSION }} --query 'Content.CodeSha256' --output text)
145-
SHA=$(jq -r '.Content.CodeSha256' ${{ matrix.layer }}_${{ matrix.arch }}.json)
146-
test $REMOTE_SHA == $SHA && echo "SHA OK: ${SHA}" || exit 1
147-
aws --region us-gov-east-1 lambda get-layer-version-by-arn --arn arn:aws-us-gov:lambda:us-gov-east-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ env.LAYER_VERSION }} --output text
145+
REMOTE_SHA=$(aws --region us-gov-east-1 lambda get-layer-version-by-arn --arn 'arn:aws-us-gov:lambda:us-gov-east-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ env.LAYER_VERSION }}' --query 'Content.CodeSha256' --output text)
146+
SHA=$(jq -r '.Content.CodeSha256' '${{ matrix.layer }}_${{ matrix.arch }}.json')
147+
test "$REMOTE_SHA" == "$SHA "&& echo "SHA OK: ${SHA}" || exit 1
148+
aws --region us-gov-east-1 lambda get-layer-version-by-arn --arn 'arn:aws-us-gov:lambda:us-gov-east-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ env.LAYER_VERSION }}' --output text
148149
149150
copy_west:
150151
name: Copy (West)
@@ -177,8 +178,8 @@ jobs:
177178
name: ${{ matrix.layer }}_${{ matrix.arch }}.json
178179
- name: Verify Layer Signature
179180
run: |
180-
SHA=$(jq -r '.Content.CodeSha256' ${{ matrix.layer }}_${{ matrix.arch }}.json)
181-
test $(openssl dgst -sha256 -binary ${{ matrix.layer }}_${{ matrix.arch }}.zip | openssl enc -base64) == $SHA && echo "SHA OK: ${SHA}" || exit 1
181+
SHA=$(jq -r '.Content.CodeSha256' '${{ matrix.layer }}_${{ matrix.arch }}.json')
182+
test "$(openssl dgst -sha256 -binary ${{ matrix.layer }}_${{ matrix.arch }}.zip | openssl enc -base64)" == "$SHA" && echo "SHA OK: ${SHA}" || exit 1
182183
- name: Configure AWS Credentials
183184
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
184185
with:
@@ -191,26 +192,26 @@ jobs:
191192
LAYER_VERSION=$(aws --region us-gov-west-1 lambda publish-layer-version \
192193
--layer-name ${{ matrix.layer }}-${{ matrix.arch }} \
193194
--zip-file fileb://./${{ matrix.layer }}_${{ matrix.arch }}.zip \
194-
--compatible-runtimes $(jq -r ".CompatibleRuntimes[0]" ${{ matrix.layer }}_${{ matrix.arch }}.json) \
195-
--compatible-architectures $(jq -r ".CompatibleArchitectures[0]" ${{ matrix.layer }}_${{ matrix.arch }}.json) \
195+
--compatible-runtimes "$(jq -r '.CompatibleRuntimes[0]' '${{ matrix.layer }}_${{ matrix.arch }}.json')" \
196+
--compatible-architectures "$(jq -r '.CompatibleArchitectures[0]' '${{ matrix.layer }}_${{ matrix.arch }}.json')" \
196197
--license-info "MIT-0" \
197-
--description "$(jq -r '.Description' ${{ matrix.layer }}_${{ matrix.arch }}.json)" \
198+
--description "$(jq -r '.Description' '${{ matrix.layer }}_${{ matrix.arch }}.json')" \
198199
--query 'Version' \
199200
--output text)
200201
201202
echo "LAYER_VERSION=$LAYER_VERSION" >> "$GITHUB_OUTPUT"
202203
203204
aws --region us-gov-west-1 lambda add-layer-version-permission \
204-
--layer-name ${{ matrix.layer }}-${{ matrix.arch }} \
205+
--layer-name '${{ matrix.layer }}-${{ matrix.arch }}' \
205206
--statement-id 'PublicLayer' \
206207
--action lambda:GetLayerVersion \
207208
--principal '*' \
208-
--version-number $LAYER_VERSION
209+
--version-number "$LAYER_VERSION"
209210
- name: Verify Layer
210211
env:
211212
LAYER_VERSION: ${{ steps.create-layer.outputs.LAYER_VERSION }}
212213
run: |
213-
REMOTE_SHA=$(aws --region us-gov-west-1 lambda get-layer-version-by-arn --arn arn:aws-us-gov:lambda:us-gov-west-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ env.LAYER_VERSION }} --query 'Content.CodeSha256' --output text)
214-
SHA=$(jq -r '.Content.CodeSha256' ${{ matrix.layer }}_${{ matrix.arch }}.json)
215-
test $REMOTE_SHA == $SHA && echo "SHA OK: ${SHA}" || exit 1
216-
aws --region us-gov-west-1 lambda get-layer-version-by-arn --arn arn:aws-us-gov:lambda:us-gov-west-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ env.LAYER_VERSION }} --output text
214+
REMOTE_SHA=$(aws --region us-gov-west-1 lambda get-layer-version-by-arn --arn 'arn:aws-us-gov:lambda:us-gov-west-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ env.LAYER_VERSION }}' --query 'Content.CodeSha256' --output text)
215+
SHA=$(jq -r '.Content.CodeSha256' '${{ matrix.layer }}_${{ matrix.arch }}.json')
216+
test "$REMOTE_SHA" == "$SHA "&& echo "SHA OK: ${SHA}" || exit 1
217+
aws --region us-gov-west-1 lambda get-layer-version-by-arn --arn 'arn:aws-us-gov:lambda:us-gov-west-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ env.LAYER_VERSION }}' --output text

0 commit comments

Comments
 (0)