diff --git a/dist/codecov.sh b/dist/codecov.sh index 0b77171..eb345be 100755 --- a/dist/codecov.sh +++ b/dist/codecov.sh @@ -37,7 +37,7 @@ g="\033[0;32m" # info/debug r="\033[0;31m" # errors x="\033[0m" retry="--retry 5 --retry-delay 2" -CC_WRAPPER_VERSION="0.2.7" +CC_WRAPPER_VERSION="0.2.8" CC_VERSION="${CC_VERSION:-latest}" CC_FAIL_ON_ERROR="${CC_FAIL_ON_ERROR:-false}" CC_RUN_CMD="${CC_RUN_CMD:-upload-coverage}" @@ -69,7 +69,11 @@ then exit_if_error "Could not install via pypi." exit fi - CC_COMMAND="${CC_CLI_TYPE}" + if [[ "$CC_CLI_TYPE" == "codecov-cli" ]]; then + CC_COMMAND="codecovcli" + elif [[ "$CC_CLI_TYPE" == "sentry-prevent-cli" ]]; then + CC_COMMAND="sentry-prevent-cli" + fi else if [ -n "$CC_OS" ]; then @@ -110,8 +114,33 @@ then chmod +x "$CC_COMMAND" fi else - echo "$(curl -s https://keybase.io/codecovsecurity/pgp_keys.asc)" | \ - gpg --no-default-keyring --import + # Import GPG key with retry logic and error handling + say "$g==>$x Importing GPG verification key..." + gpg_key_imported=false + for attempt in 1 2 3; do + say "$g ->$x Attempt $attempt to import GPG key" + if gpg_key=$(curl -f -s --retry 3 --retry-delay 2 https://keybase.io/codecovsecurity/pgp_keys.asc 2>&1); then + if [ -n "$gpg_key" ]; then + if echo "$gpg_key" | gpg --no-default-keyring --import 2>&1; then + gpg_key_imported=true + say "$g==>$x GPG key imported successfully" + break + else + say "$y==>$x GPG import failed on attempt $attempt" + fi + else + say "$y==>$x Empty GPG key received on attempt $attempt" + fi + else + say "$y==>$x Failed to download GPG key on attempt $attempt" + fi + if [ $attempt -lt 3 ]; then + sleep 2 + fi + done + if [ "$gpg_key_imported" = false ]; then + exit_if_error "Failed to import GPG key after 3 attempts. Please check network connectivity or try setting CC_SKIP_VALIDATION=true" + fi # One-time step say "$g==>$x Verifying GPG signature integrity" sha_url="https://cli.codecov.io" diff --git a/package.py b/package.py index 7dfd0e3..3ad03db 100644 --- a/package.py +++ b/package.py @@ -63,4 +63,4 @@ def _get_script_from_line(line): if __name__=="__main__": package_scripts('scripts', 'run.sh', 'dist/codecov.sh') - package_scripts('scripts', 'run.sh', 'dist/prevent.sh') + # package_scripts('scripts', 'run.sh', 'dist/prevent.sh') diff --git a/scripts/download.sh b/scripts/download.sh index eb35da5..dd8edcf 100755 --- a/scripts/download.sh +++ b/scripts/download.sh @@ -19,8 +19,6 @@ then CODECOV_COMMAND="codecovcli" elif [[ "$CODECOV_CLI_TYPE" == "sentry-prevent-cli" ]]; then CODECOV_COMMAND="sentry-prevent-cli" - else - CODECOV_COMMAND="${CODECOV_CLI_TYPE}" fi else if [ -n "$CODECOV_OS" ]; diff --git a/scripts/set_defaults.sh b/scripts/set_defaults.sh index cdadb21..f3a7e2e 100755 --- a/scripts/set_defaults.sh +++ b/scripts/set_defaults.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -CODECOV_WRAPPER_VERSION="0.2.7" +CODECOV_WRAPPER_VERSION="0.2.8" CODECOV_VERSION="${CODECOV_VERSION:-latest}" CODECOV_FAIL_ON_ERROR="${CODECOV_FAIL_ON_ERROR:-false}" CODECOV_RUN_CMD="${CODECOV_RUN_CMD:-upload-coverage}" diff --git a/scripts/validate.sh b/scripts/validate.sh index 891e3d2..220defb 100755 --- a/scripts/validate.sh +++ b/scripts/validate.sh @@ -8,8 +8,35 @@ then chmod +x "$CODECOV_COMMAND" fi else - echo "$(curl -s https://keybase.io/codecovsecurity/pgp_keys.asc)" | \ - gpg --no-default-keyring --import + # Import GPG key with retry logic and error handling + say "$g==>$x Importing GPG verification key..." + gpg_key_imported=false + for attempt in 1 2 3; do + say "$g ->$x Attempt $attempt to import GPG key" + if gpg_key=$(curl -f -s --retry 3 --retry-delay 2 https://keybase.io/codecovsecurity/pgp_keys.asc 2>&1); then + if [ -n "$gpg_key" ]; then + if echo "$gpg_key" | gpg --no-default-keyring --import 2>&1; then + gpg_key_imported=true + say "$g==>$x GPG key imported successfully" + break + else + say "$y==>$x GPG import failed on attempt $attempt" + fi + else + say "$y==>$x Empty GPG key received on attempt $attempt" + fi + else + say "$y==>$x Failed to download GPG key on attempt $attempt" + fi + if [ $attempt -lt 3 ]; then + sleep 2 + fi + done + + if [ "$gpg_key_imported" = false ]; then + exit_if_error "Failed to import GPG key after 3 attempts. Please check network connectivity or try setting CODECOV_SKIP_VALIDATION=true" + fi + # One-time step say "$g==>$x Verifying GPG signature integrity" sha_url="https://cli.codecov.io"