|
65 | 65 |
|
66 | 66 |
|
67 | 67 | # to check though: |
68 | | -diff -q <(tail -n 240 "$0" | head -n 238 | shasum -a 384 -t -) <(tail -n 1 "$0") || exit 70 ; |
| 68 | +diff -q <(tail -n 269 "$0" | head -n 267 | shasum -a 384 -t -) <(tail -n 1 "$0") || exit 70 ; |
69 | 69 |
|
70 | 70 | ulimit -t 90 |
71 | 71 | PATH="/bin:/sbin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:${PATH}" |
72 | 72 | LANG=${LANG:-"en_US"} |
73 | 73 | LC_ALL="${LANG:0:5}.utf-8" |
74 | | -export BINDIR="${BINDIR:-./bin}" |
| 74 | +BINDIR="${BINDIR:-./bin}" |
| 75 | +DS_TAG="0.8.6" # circa 2025 |
75 | 76 | umask 127 |
76 | 77 |
|
77 | 78 | LOCK_FILE="${TMPDIR:-/tmp}/org.pak.tests.scripts.code-climate.lock" |
78 | 79 | EXIT_CODE=0 |
79 | 80 |
|
80 | 81 | test -x "$(command -v grep)" || exit 126 ; |
| 82 | +test -x "$(command -v sed)" || exit 126 ; |
81 | 83 | test -x "$(command -v curl)" || exit 126 ; |
82 | 84 | test -x "$(command -v mkdir)" || exit 126 ; |
83 | 85 | hash -p ./.github/tool_shlock_helper.sh shlock || exit 255 ; |
84 | 86 | test -x "$(command -v shlock)" || exit 126 ; |
85 | 87 | test -x "$(command -v gpgv)" || exit 126 ; |
86 | 88 | test -x "$(command -v shasum)" || exit 126 ; |
| 89 | +test -x "$(command -v tar)" || exit 126 ; |
87 | 90 |
|
88 | 91 | # Detect the operating system |
89 | 92 | case "$( command uname -s )" in |
@@ -216,43 +219,69 @@ if [[ -z ${DEEPSOURCE_DSN} ]] && [[ ( ${EXIT_CODE} -eq 0 ) ]] ; then |
216 | 219 | elif [[ ( ${EXIT_CODE} -eq 0 ) ]] ; then |
217 | 220 | printf "%s\n" "Detected Config for DeepSource" ; |
218 | 221 |
|
219 | | - # USED FOR INTEGRETY |
220 | | - printf "adc12b89f5a41201f7556d4181cf33fa0a5a9964 ds-cli.sh\n" >ds-cli.sh.sha1 |
221 | | - printf "61e8a49d3d5c49a3614be2bcaaf96e232466fd87c225ecc782e96f4d65dd5bdf ds-cli.sh\n" >ds-cli.sh.sha256 |
222 | | - printf "b7232d1e8d73aeb4cefdf3707dd43f0e141b2585fedfd602cb97ec15047de60284f0ed4703b6e98717aebc3aee90e11c26417afbaba1168a5d0a98e22d74f66d ds-cli.sh\n" >ds-cli.sh.sha512 |
| 222 | + # Make an API call to GitHub to get the latest release with the Accept header |
| 223 | + response=$(curl -s -H "Accept: application/json" "https://api.github.com/repos/DeepSourceCorp/cli/releases/latest") |
223 | 224 |
|
224 | | - curl -fLso ./ds-cli.sh "https://deepsource.io/cli" || EXIT_CODE=125 ; |
| 225 | + # Check if the response is valid |
| 226 | + if [[ "$response" == *"Not Found"* ]]; then |
| 227 | + printf "::debug::%s\n" "Repository not found or no releases available." |
| 228 | + EXIT_CODE=125 |
| 229 | + fi ; |
225 | 230 |
|
226 | 231 | if [[ ( ${EXIT_CODE} -eq 0 ) ]] ; then |
227 | | - printf "::debug::%s\n" "Downloaded ds-cli.sh for DeepSource" ; |
| 232 | + printf "::debug::%s\n" "Checking latest version for DeepSource" ; |
| 233 | + # Try to extract the tag name using jq |
| 234 | + if [[ ( -x "$(command -v jq)" ) ]]; then |
| 235 | + tag_name=$(printf "%s\n" "$response" | jq -r '.tag_name') |
| 236 | + else |
| 237 | + # Fallback to grep and sed if jq is not available |
| 238 | + tag_name=$(printf "%s\n" "$response" | grep -o '"tag_name": "[^"]*' | sed 's/"tag_name": "//') |
| 239 | + fi ; |
228 | 240 | fi ; |
229 | 241 |
|
230 | | - for i in 1 256 512 ; do |
231 | | - # test sha1/sha512 signatures if found and sha256 even if not found |
232 | | - if [[ ( -r ds-cli.sh.sha${i} ) ]] || [[ ( ${i} -eq 256 ) ]] ; then |
233 | | - if [[ ${i} -eq 1 ]]; then |
234 | | - printf "%s\n" "WARNING: SHA-1 is deprecated and should be avoided when possible. Consider using SHA-256 or SHA-512 for stronger integrity checks. (CWE-327: Use of a Broken or Risky Cryptographic Algorithm)" |
235 | | - fi |
236 | | - shasum -a $i -c --ignore-missing ds-cli.sh.sha${i} || EXIT_CODE=126 |
237 | | - rm -vf ds-cli.sh.sha${i} 2>/dev/null ; |
238 | | - fi |
239 | | - done |
| 242 | + # Check if tag_name is empty |
| 243 | + if [[ ( -z "$tag_name" ) ]]; then |
| 244 | + printf "::debug::%s\n" "No tag name found in the response." |
| 245 | + EXIT_CODE=125 |
| 246 | + else |
| 247 | + printf "::debug::%s\n" "Found version ${tag_name} for DeepSource" ; |
| 248 | + DS_TAG="${tag_name#v}" |
| 249 | + fi ; |
| 250 | + |
| 251 | + if [[ ( ${EXIT_CODE} -eq 0 ) ]] ; then |
| 252 | + printf "::debug::%s\n" "Creating ${BINDIR} directory for DeepSource" ; |
| 253 | + mkdir -m 755 "${BINDIR}" || EXIT_CODE=66 ; |
| 254 | + fi ; |
| 255 | + |
| 256 | + curl -fLso "deepsource_${DS_TAG}_${CI_OS}_${ARCH}.tar.gz" "https://github.com/DeepSourceCorp/cli/releases/download/v${DS_TAG}/deepsource_${DS_TAG}_${CI_OS}_${ARCH}.tar.gz" || EXIT_CODE=125 ; |
240 | 257 |
|
241 | 258 | if [[ ( ${EXIT_CODE} -eq 0 ) ]] ; then |
242 | | - printf "::debug::%s\n" "Validated ds-cli.sh for DeepSource" ; |
243 | | - chmod -v 751 ./ds-cli.sh || EXIT_CODE=77 |
| 259 | + printf "::debug::%s\n" "Downloaded deepsource_${DS_TAG}_${CI_OS}_${ARCH}.tar.gz for DeepSource" ; |
244 | 260 | fi ; |
245 | 261 |
|
| 262 | + curl -fLso "checksums.txt" "https://github.com/DeepSourceCorp/cli/releases/download/v${DS_TAG}/checksums.txt" || EXIT_CODE=125 ; |
| 263 | + |
246 | 264 | if [[ ( ${EXIT_CODE} -eq 0 ) ]] ; then |
247 | | - printf "::debug::%s\n" "Creating ${BINDIR} directory for DeepSource" ; |
248 | | - mkdir -v -m 755 "${BINDIR}" || EXIT_CODE=66 |
| 265 | + printf "::debug::%s\n" "Downloaded checksums.txt for DeepSource" ; |
| 266 | + fi ; |
| 267 | + |
| 268 | + if [[ ( -r checksums.txt ) ]] ; then |
| 269 | + shasum -a 256 -c --ignore-missing checksums.txt || EXIT_CODE=126 |
| 270 | + rm -f checksums.txt 2>/dev/null ; |
| 271 | + fi ; |
| 272 | + |
| 273 | + if [[ ( ${EXIT_CODE} -eq 0 ) ]] ; then |
| 274 | + printf "::debug::%s\n" "Validated deepsource_${DS_TAG}_${CI_OS}_${ARCH}.tar.gz for DeepSource" ; |
| 275 | + tar --no-same-owner -xzf "deepsource_${DS_TAG}_${CI_OS}_${ARCH}.tar.gz" -C "${BINDIR}" || EXIT_CODE=77 ; |
| 276 | + rm -f "deepsource_${DS_TAG}_${CI_OS}_${ARCH}.tar.gz" 2>/dev/null || EXIT_CODE=77 ; |
| 277 | + rm -fRd "${BINDIR}"/completions/ 2>/dev/null || : ; |
249 | 278 | fi ; |
250 | 279 |
|
251 | 280 | if [[ ( ${EXIT_CODE} -eq 0 ) ]] ; then |
252 | 281 | # ref: https://docs.deepsource.com/docs/analyzers-test-coverage#setup-test-coverage |
253 | | - printf "::group::%s\n" "Running ./ds-cli.sh" ; |
254 | | - time { cat ./ds-cli.sh | sh ;} ; wait ; |
255 | | - printf "::endgroup::\n" ; |
| 282 | + #printf "::group::%s\n" "Running ./ds-cli.sh" ; |
| 283 | + #{ cat ./ds-cli.sh | sh - | grep -o "(:?version).{1}\s[0-9].[0-9].[0-9]" ;} ; wait ; |
| 284 | + #printf "::endgroup::\n" ; |
256 | 285 | if [[ ( ${EXIT_CODE} -eq 0 ) ]] ; then |
257 | 286 | printf "::debug::%s\n" "Checking for DeepSource CLI" ; |
258 | 287 | if [[ ( -d "${BINDIR}" ) ]] ; then |
@@ -304,4 +333,4 @@ cleanup 2>/dev/null || rm -f "${LOCK_FILE}" 2>/dev/null > /dev/null || : ; wait |
304 | 333 | exit ${EXIT_CODE:-255} ; |
305 | 334 |
|
306 | 335 | # This file's code hash: |
307 | | -b444b5d3e9093ee01e78a8fe991e60d0f6d48218fbb13cf8d3e6d06705a4289a7def2fcfe44758328c76572633cfd4ad - |
| 336 | +779f220ba3f753ed3e929121e0742fe6362d779be1dfff7dda258e04b4fb95412e740b5f4ad5319b8ca61c79151cd735 - |
0 commit comments