Add SSL verification flag to curl

gijsboer · gijsboer · commit 652e3e40c58e · 2017-08-02T23:06:00.000+02:00
diff --git a/assets/check b/assets/check
@@ -25,11 +25,12 @@ cat > "$payload" <&0
 
 log "Configuring git credentials"
 load_pubkey "$payload"
-configure_git_ssl_verification "$payload"
+
 configure_credentials "$payload"
 
 log "Parsing payload"
 uri=$(jq -r '.source.uri // ""' < "$payload")
+skip_ssl_verification=$(jq -r '.source.skip_ssl_verification // false' < ${payload})
 git_config_payload=$(jq -r '.source.git_config // []' < "$payload")
 
 only_for_branch=$(jq -r '.source.only_for_branch // "."' < "$payload")
@@ -39,6 +40,7 @@ only_when_asked=$(jq -r '.source.only_when_asked // "false"' < "$payload")
 rebuild_when_target_changed=$(jq -r '.source.rebuild_when_target_changed // "false"' < "$payload")
 rebuild_phrase=$(jq -r '.source.rebuild_phrase // "test this please"' < "$payload")
 
+configure_git_ssl_verification "$skip_ssl_verification"
 configure_git_global "${git_config_payload}"
 
 if [ -z "$uri" ]; then
@@ -87,12 +89,19 @@ if [ -n "$pull_requests" ]; then
     prq_hash=$(echo "$pull_request" | awk '{print $1}')
 
     # verify target branch of prq
-    prq=$(bitbucket_pullrequest "$repo_host" "$repo_project" "$repo_name" "$prq_number")
+    prq=$(bitbucket_pullrequest "$repo_host" "$repo_project" "$repo_name" "$prq_number" "" "$skip_ssl_verification")
+
+    if [ "$prq" = "ERROR" ]; then
+      continue
+    fi
+
+    log "Pull request #${prq_number}"
+
     prq_to_branch=$(echo "$prq" | jq -r '.toRef.displayId')
     if [[ "$prq_to_branch" =~ $only_for_branch ]]; then
 
       if [ "$only_when_mergeable" == "true" -o "$only_without_conflicts" == "true" ]; then
-        prq_merge=$(bitbucket_pullrequest_merge "$repo_host" "$repo_project" "$repo_name" "$prq_number")
+        prq_merge=$(bitbucket_pullrequest_merge "$repo_host" "$repo_project" "$repo_name" "$prq_number" "" "$skip_ssl_verification")
 
         # verify if prq has merge conflicts
         conflicted=$(echo "$prq_merge" | jq -r '.conflicted')
@@ -106,7 +115,7 @@ if [ -n "$pull_requests" ]; then
       # edit timestamp to version to force new build when rebuild_phrase is included in comments
       prq_verify_date=$(echo "$prq" | jq -r '.createdDate')
       skip_build=false
-      comments=$(bitbucket_pullrequest_overview_comments "$repo_host" "$repo_project" "$repo_name" "$prq_number" | jq -c '.[]')
+      comments=$(bitbucket_pullrequest_overview_comments "$repo_host" "$repo_project" "$repo_name" "$prq_number" "" "$skip_ssl_verification" | jq -c '.[]')
       if [ -n "$comments" ]; then
         while read -r comment; do
           text=$(echo "$comment" | jq -r '.text')
diff --git a/assets/helpers/bitbucket.sh b/assets/helpers/bitbucket.sh
@@ -13,15 +13,17 @@ bitbucket_request() {
   # $3: query
   # $4: data
   # $5: url base path
-  # $6: netrc file (default: $HOME/.netrc)
-  # $7: HTTP method (default: POST for data, GET without data)
-  # $8: recursive data for bitbucket paging
+  # $6: Skip SSL verification
+  # $7: netrc file (default: $HOME/.netrc)
+  # $8: HTTP method (default: POST for data, GET without data)
+  # $9: recursive data for bitbucket paging
 
   local data="$4"
   local path=${5:-rest/api/1.0}
-  local netrc_file=${6:-$HOME/.netrc}
-  local method="$7"
-  local recursive=${8:-limit=${VALUES_LIMIT}}
+  local skip_ssl_verification=${6:-"false"}
+  local netrc_file=${7:-$HOME/.netrc}
+  local method="$8"
+  local recursive=${9:-limit=${VALUES_LIMIT}}
 
   local request_url="${1}/${path}/${2}?${recursive}&${3}"
   local request_result=$(tmp_file_unique bitbucket-request)
@@ -47,6 +49,10 @@ bitbucket_request() {
     extra_options+=" -X $method"
   fi
 
+  if [ "$skip_ssl_verification" = "true" ]; then
+    extra_options+=" -k"
+  fi
+
   curl_cmd="curl -s --netrc-file \"$netrc_file\" $extra_options \"$request_url\" > \"$request_result\""
   if ! eval $curl_cmd; then
     log "Bitbucket request $request_url failed"
@@ -60,12 +66,15 @@ bitbucket_request() {
 
   if [ "$(jq -r '.isLastPage' < "$request_result")" == "false" ]; then
     local nextPage=$(jq -r '.nextPageStart' < "$request_result")
-    local nextResult=$(bitbucket_request "$1" "$2" "$3" "$4" "$5" "$6" "$7" "start=${nextPage}&limit=${VALUES_LIMIT}")
+    local nextResult=$(bitbucket_request "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "start=${nextPage}&limit=${VALUES_LIMIT}")
     jq -c '.values' < "$request_result" | jq -c ". + $nextResult"
   elif [ "$(jq -c '.values' < "$request_result")" != "null" ]; then
     jq -c '.values' < "$request_result"
   elif [ "$(jq -c '.errors' < "$request_result")" == "null" ]; then
     jq '.' < "$request_result"
+  elif [ "${request_result/NoSuchPullRequestException}" = "${request_result}" ]; then
+    printf "ERROR"
+    return
   else
     log "Bitbucket request ($request_url) failed: $(cat $request_result)"
     exit 1
@@ -81,8 +90,9 @@ bitbucket_pullrequest() {
   # $3: repository id
   # $4: pullrequest id
   # $5: netrc file (default: $HOME/.netrc)
+  # $6: skip ssl verification
   log "Retrieving pull request #$4 for $2/$3"
-  bitbucket_request "$1" "projects/$2/repos/$3/pull-requests/$4" "" "" "" "$5"
+  bitbucket_request "$1" "projects/$2/repos/$3/pull-requests/$4" "" "" "" "$6" "$5"
 }
 
 bitbucket_pullrequest_merge() {
@@ -91,8 +101,9 @@ bitbucket_pullrequest_merge() {
   # $3: repository id
   # $4: pullrequest id
   # $5: netrc file (default: $HOME/.netrc)
+  # $6: skip ssl verification
   log "Retrieving pull request merge status #$4 for $2/$3"
-  bitbucket_request "$1" "projects/$2/repos/$3/pull-requests/$4/merge" "" "" "" "$5"
+  bitbucket_request "$1" "projects/$2/repos/$3/pull-requests/$4/merge" "" "" "" "$6" "$5"
 }
 
 bitbucket_pullrequest_overview_comments() {
@@ -101,8 +112,10 @@ bitbucket_pullrequest_overview_comments() {
   # $3: repository id
   # $4: pullrequest id
   # $5: netrc file (default: $HOME/.netrc)
+  # $6: skip ssl verification
+
   log "Retrieving pull request comments #$4 for $2/$3"
-  set -o pipefail; bitbucket_request "$1" "projects/$2/repos/$3/pull-requests/$4/activities" "" "" "" "$5" | \
+  set -o pipefail; bitbucket_request "$1" "projects/$2/repos/$3/pull-requests/$4/activities" "" "" "" "$6" "$5" | \
     jq 'map(select(.action == "COMMENTED" and .commentAction == "ADDED" and .commentAnchor == null)) |
         sort_by(.createdDate) | reverse |
         map({ id: .comment.id, version: .comment.version, text: .comment.text, createdDate: .comment.createdDate })'
@@ -162,9 +175,10 @@ bitbucket_pullrequest_commit_status() {
   # $1: host
   # $2: commit
   # $3: data
-  # $4: netrc file (default: $HOME/.netrc)
+  # $5: netrc file (default: $HOME/.netrc)
+  # $6: skip ssl verification
   log "Setting pull request status $2"
-  bitbucket_request "$1" "commits/$2" "" "$3" "rest/build-status/1.0" "$5"
+  bitbucket_request "$1" "commits/$2" "" "$3" "rest/build-status/1.0" "$6" "$5"
 }
 
 bitbucket_pullrequest_add_comment_status() {
@@ -174,8 +188,9 @@ bitbucket_pullrequest_add_comment_status() {
   # $4: pullrequest id
   # $5: comment
   # $6: netrc file (default: $HOME/.netrc)
+  # $7: skip ssl verification
   log "Adding pull request comment for status on #$4 for $2/$3"
-  bitbucket_request "$1" "projects/$2/repos/$3/pull-requests/$4/comments" "" "{\"text\": \"$5\" }" "" "$6"
+  bitbucket_request "$1" "projects/$2/repos/$3/pull-requests/$4/comments" "" "{\"text\": \"$5\" }" "" "$7" "$6"
 }
 
 bitbucket_pullrequest_update_comment_status() {
@@ -187,6 +202,7 @@ bitbucket_pullrequest_update_comment_status() {
   # $6: comment id
   # $7: comment version
   # $8: netrc file (default: $HOME/.netrc)
+  # $9: skip ssl verification
   log "Updating pull request comment (id: $6) for status on #$4 for $2/$3"
-  bitbucket_request "$1" "projects/$2/repos/$3/pull-requests/$4/comments/$6" "" "{\"text\": \"$5\", \"version\": \"$7\" }" "" "$8" "PUT"
+  bitbucket_request "$1" "projects/$2/repos/$3/pull-requests/$4/comments/$6" "" "{\"text\": \"$5\", \"version\": \"$7\" }" "" "$9" "$8" "PUT"
 }
diff --git a/assets/helpers/git.sh b/assets/helpers/git.sh
@@ -27,8 +27,7 @@ configure_git_global() {
 }
 
 configure_git_ssl_verification() {
-  skip_ssl_verification=$(jq -r '.source.skip_ssl_verification // false' < $1)
-  if [ "$skip_ssl_verification" = "true" ]; then
+  if [ "$1" = "true" ]; then
     export GIT_SSL_NO_VERIFY=true
   fi
 }
@@ -43,7 +42,7 @@ add_pullrequest_metadata_basic() {
   uri_parser "$2"
   local repo_host="${uri_schema}://${uri_address}"
 
-  local title=$(set -o pipefail; bitbucket_pullrequest "$repo_host" "$repo_project" "$repo_name" "$1" | jq -r '.title')
+  local title=$(set -o pipefail; bitbucket_pullrequest "$repo_host" "$repo_project" "$repo_name" "$1" "" "$3" | jq -r '.title')
   local commit=$(git rev-parse HEAD)
   local author=$(git log -1 --format=format:%an)
 
@@ -92,7 +91,7 @@ pullrequest_metadata() {
   local target_commit=$(git rev-list --parents -1 $(git rev-parse HEAD) | awk '{print $2}')
 
   jq -n "[]" | \
-    add_pullrequest_metadata_basic "$1" "$2" | \
+    add_pullrequest_metadata_basic "$1" "$2" "$3" | \
     add_pullrequest_metadata_commit "source" "$source_commit" | \
     add_pullrequest_metadata_commit "target" "$target_commit"
 }
diff --git a/assets/in b/assets/in
@@ -31,9 +31,9 @@ payload=$(tmpfile request)
 cat > "$payload" <&0
 
 load_pubkey "$payload"
-configure_git_ssl_verification "$payload"
 configure_credentials "$payload"
 
+skip_ssl_verification=$(jq -r '.source.skip_ssl_verification // false' < ${payload})
 uri=$(jq -r '.source.uri // ""' < "$payload")
 git_config_payload=$(jq -r '.source.git_config // []' < "$payload")
 commit_verification_key_ids=$(jq -r '(.source.commit_verification_key_ids // [])[]' < "$payload")
@@ -46,6 +46,7 @@ disable_git_lfs=$(jq -r '(.params.disable_git_lfs // false)' < "$payload")
 
 prq_id=$(jq -r '.version.id // ""' < "$payload")
 
+configure_git_ssl_verification "$skip_ssl_verification"
 configure_git_global "${git_config_payload}"
 
 if [ -z "$uri" ]; then
@@ -138,5 +139,5 @@ git config --add pullrequest.merge $ref
 
 jq -n "{
   version: $(jq '.version' < "$payload"),
-  metadata: $(pullrequest_metadata "$prq_id" "$uri")
+  metadata: $(pullrequest_metadata "$prq_id" "$uri" "$skip_ssl_verification")
 }" >&3
diff --git a/assets/out b/assets/out
@@ -31,9 +31,9 @@ payload=$(tmpfile request)
 cat > "$payload" <&0
 
 load_pubkey "$payload"
-configure_git_ssl_verification "$payload"
 configure_credentials "$payload"
 
+skip_ssl_verification=$(jq -r '.source.skip_ssl_verification // false' < ${payload})
 uri=$(jq -r '.source.uri // ""' < "$payload")
 git_config_payload=$(jq -r '.source.git_config // []' < "$payload")
 rebuild_when_target_changed=$(jq -r '.source.rebuild_when_target_changed // "false"' < "$payload")
@@ -42,6 +42,7 @@ rebuild_phrase=$(jq -r '.source.rebuild_phrase // "test this please"' < "$payloa
 path=$(jq -r '.params.path // ""' < "$payload")
 status=$(jq -r '.params.status // ""' < "$payload")
 
+configure_git_ssl_verification "$skip_ssl_verification"
 configure_git_global "${git_config_payload}"
 
 if [ -z "$uri" ]; then
@@ -137,14 +138,14 @@ data=$(jq -cn "{
 }")
 
 # set commit build status for source commit
-bitbucket_pullrequest_commit_status "$repo_host" "$source_commit" "$data"
+bitbucket_pullrequest_commit_status "$repo_host" "$source_commit" "$data" "" "" "$skip_ssl_verification"
 
 # use the current commit timestamp as date
 prq_verify_date=$(git log -1 --format=format:%at)
 
 # add comment to pull request to track if build was started/finished
 comment_message=$(bitbucket_pullrequest_progress_comment "$status" "$prq_hash" "$source_commit" "$target_commit")
-comments=$(bitbucket_pullrequest_overview_comments "$repo_host" "$repo_project" "$repo_name" "$prq_number" | jq -c '.[]')
+comments=$(bitbucket_pullrequest_overview_comments "$repo_host" "$repo_project" "$repo_name" "$prq_number" "" "$skip_ssl_verification" | jq -c '.[]')
 commented=""
 skip_verify=false
 if [ -n "$comments" ]; then
@@ -156,7 +157,7 @@ if [ -n "$comments" ]; then
     # check for progress messages => if pull request number matches then edit comment (instead of creating a new one)
     if [ -z "$commented" ]; then
       if bitbucket_pullrequest_progress_commit_match "$text" "$prq_hash" "Started"; then
-        bitbucket_pullrequest_update_comment_status "$repo_host" "$repo_project" "$repo_name" "$prq_number" "$comment_message" "$id" "$version" >/dev/null
+        bitbucket_pullrequest_update_comment_status "$repo_host" "$repo_project" "$repo_name" "$prq_number" "$comment_message" "$id" "$version" "" "$skip_ssl_verification" >/dev/null
         commented=true
       fi
     fi
@@ -176,7 +177,7 @@ if [ -n "$comments" ]; then
 fi
 
 if [ -z "$commented" ]; then
-  bitbucket_pullrequest_add_comment_status "$repo_host" "$repo_project" "$repo_name" "$prq_number" "$comment_message" >/dev/null
+  bitbucket_pullrequest_add_comment_status "$repo_host" "$repo_project" "$repo_name" "$prq_number" "$comment_message" "" "$skip_ssl_verification" >/dev/null
 fi
 
 jq -n "{
@@ -185,5 +186,5 @@ jq -n "{
     hash: \"$prq_hash\",
     date: \"$(date_from_epoch_seconds "$prq_verify_date")\"
   },
-  metadata: $(pullrequest_metadata "$prq_number" "$uri")
+  metadata: $(pullrequest_metadata "$prq_number" "$uri" "$skip_ssl_verification")
 }" >&3
