-
Notifications
You must be signed in to change notification settings - Fork 864
/
Copy pathverify-executable.sh
executable file
·89 lines (79 loc) · 2.47 KB
/
verify-executable.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
#!/usr/bin/env bash
# Copyright 2021 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# verifies that all expected files are executable, excluding special cases
set -o errexit
set -o nounset
set -o pipefail
REPO_ROOT=$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd -P)
readonly REPO_ROOT
# files that SHOULD be executable
readonly exec_regexes=(
.*\.sh # *.sh
.*\.py # *.py
)
# files that should NOT be executable (exceptions to the regexes above)
readonly noexec_regexes=(
.*/lib.*\.sh # lib_foo.sh should be sourced by other scripts, not executed
)
# convert arrays to extended regexes
exec_regex="^($(IFS='|'; echo "${exec_regexes[*]}"))$"
noexec_regex="^($(IFS='|'; echo "${noexec_regexes[*]}"))$"
readonly exec_regex noexec_regex
# get the list of files, names are relative to REPO_ROOT
mapfile -t files < <(
find "${REPO_ROOT}" -type f \
-print \
| sort \
| grep -E "${exec_regex}" \
| sed -e "s|${REPO_ROOT}/||"
)
readonly files
# for each file, verify whether it's executable, and whether that's expected
failures=()
for file in "${files[@]}"; do
# Ignore anything that git would. We don't do this via find -exec above
# because it's slow and there are too many files; now that we've pruned
# the file list with grep
if git check-ignore -q "${file}"; then
continue
fi
echo "# checking ${file}"
actual=false
if [ -x "${REPO_ROOT}/${file}" ]; then
actual=true
fi
expected=true
should="SHOULD"
if echo "${file}" | grep -qE "${noexec_regex}"; then
expected=false
should="should NOT"
fi
# since bash doesn't have logical xor...
if [ "${expected}" != "${actual}" ]; then
failures+=("${file} ${should} be executable")
fi
done
# determine pass/fail
result="passed"
code=0
if [ ${#failures[@]} != 0 ]; then
result="failed"
code=1
fi
# report (parseable as yaml)
echo "result: ${result}"
echo "failures:"
printf "%s\n" "${failures[@]/#/- }"
exit "${code}"