diff options
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/security-harness | 55 | ||||
| -rwxr-xr-x | scripts/static-analysis | 11 |
2 files changed, 58 insertions, 8 deletions
diff --git a/scripts/security-harness b/scripts/security-harness new file mode 100755 index 00000000000..d454f44dff7 --- /dev/null +++ b/scripts/security-harness @@ -0,0 +1,55 @@ +#!/usr/bin/env ruby + +require 'digest' +require 'fileutils' + +harness_path = File.expand_path('../.git/security_harness', __dir__) +hook_path = File.expand_path("../.git/hooks/pre-push", __dir__) + +if File.exist?(hook_path) + # Deal with a pre-existing hook + source_sum = Digest::SHA256.hexdigest(DATA.read) + dest_sum = Digest::SHA256.file(hook_path).hexdigest + + if source_sum != dest_sum + puts "#{hook_path} exists and is different from our hook!" + puts "Remove it and re-run this script to continue." + + exit 1 + end +else + File.open(hook_path, 'w') do |file| + IO.copy_stream(DATA, file) + end +end + +# Toggle the harness on or off +if File.exist?(harness_path) + FileUtils.rm(harness_path) + + puts "Security harness removed -- you can now push to all remotes." +else + FileUtils.touch(harness_path) + + puts "Security harness installed -- you will only be able to push to dev.gitlab.org!" +end + +__END__ +#!/bin/sh + +set -e + +url="$2" +harness=`dirname "$0"`/../security_harness + +if [ -e "$harness" ] +then + if [[ "$url" != *"dev.gitlab.org"* ]] + then + echo "Pushing to remotes other than dev.gitlab.org has been disabled!" + echo "Run scripts/security-harness to disable this check." + echo + + exit 1 + fi +fi diff --git a/scripts/static-analysis b/scripts/static-analysis index bdb88f3cb57..0e67eabfec1 100755 --- a/scripts/static-analysis +++ b/scripts/static-analysis @@ -7,7 +7,7 @@ require_relative '../lib/gitlab/popen/runner' def emit_warnings(static_analysis) static_analysis.warned_results.each do |result| puts - puts "**** #{result.cmd.join(' ')} had the following warnings:" + puts "**** #{result.cmd.join(' ')} had the following warning(s):" puts puts result.stderr puts @@ -17,7 +17,7 @@ end def emit_errors(static_analysis) static_analysis.failed_results.each do |result| puts - puts "**** #{result.cmd.join(' ')} failed with the following error:" + puts "**** #{result.cmd.join(' ')} failed with the following error(s):" puts puts result.stdout puts result.stderr @@ -26,15 +26,10 @@ def emit_errors(static_analysis) end tasks = [ - %w[bundle exec rake config_lint], - %w[bundle exec rake flay], - %w[bundle exec rake haml_lint], - %w[bundle exec rake scss_lint], + %w[bin/rake lint:all], %w[bundle exec license_finder], %w[yarn run eslint], %w[bundle exec rubocop --parallel], - %w[bundle exec rake gettext:lint], - %w[bundle exec rake lint:static_verification], %w[scripts/lint-conflicts.sh], %w[scripts/lint-rugged] ] |