evilham/cdist
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

[__git] Keep repository up to date in subsequent runs.

Browse source 
This also ensure that tags and branch changes are supported.

Closes #819.
This commit is contained in:
evilham 2020-06-18 00:22:54 +02:00
parent 05c639e3b7
commit 8f91e4aedc
3 changed files with 78 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
cdist/conf/type/__git/explorer/branch Executable file
View file

@ -0,0 +1,22 @@
#!/bin/sh -e
destination="/$__object_id"
os="$(cat "$__global/explorer/os")"
state_should="$(cat "$__object/parameter/state")"
owner="$(cat "$__object/parameter/owner")"
# If the user did not provide an owner, cdist defaults to root.
git_user="${owner:-root}"
# Only do something if we are not removing the repo and it is not the first run
if [ "$state_should" = "present" ] && [ -d "$destination/.git" ]; then
# Whenever possible run git as non-root, see history of CVEs.
branch="$(su -m "$git_user" -c "git -C '$destination' rev-parse --abbrev-ref HEAD")"
if [ "$branch" != "HEAD" ]; then
echo $branch
else
# We are using tags
su -m "$git_user" -c "git -C '$destination' describe --always --tags --abbrev=0"
fi
fi

27
cdist/conf/type/__git/explorer/needs-update Executable file
View file

@ -0,0 +1,27 @@
#!/bin/sh -e
destination="/$__object_id"
os="$(cat "$__global/explorer/os")"
state_should="$(cat "$__object/parameter/state")"
branch_should="$(cat "$__object/parameter/branch")"
owner="$(cat "$__object/parameter/owner")"
# If the user did not provide an owner, cdist defaults to root.
git_user="${owner:-root}"
# Only do something if we are not removing the repo and it is not the first run
if [ "$state_should" = "present" ] && [ -d "$destination/.git" ]; then
# First fetch the remote
# Whenever possible run git as non-root, see history of CVEs.
su -m "$git_user" -c "git -C '$destination' fetch -q"
head="$(su -m "$git_user" -c "git -C '$destination' rev-parse HEAD")"
# Try first to get the latest commit in the remote current branch,
# if it fails try to get the commit for the expected tag name
upstream="$(su -m "$git_user" -c "git -C '$destination' rev-parse @{u}" 2>/dev/null ||
su -m "$git_user" -c "git -C '$destination' rev-parse '${branch_should}^{}'")"
if [ "${head}" != "$upstream" ]; then
echo "YES"
exit
fi
fi

31
cdist/conf/type/__git/gencode-remote
View file

@ -19,13 +19,15 @@
#
#
branch_is=$(cat "$__object/explorer/branch")
state_is=$(cat "$__object/explorer/state")
owner_is=$(cat "$__object/explorer/owner")
group_is=$(cat "$__object/explorer/group")
needs_update=$(cat "$__object/explorer/needs-update")
state_should=$(cat "$__object/parameter/state")
branch=$(cat "$__object/parameter/branch")
branch_should=$(cat "$__object/parameter/branch")
source=$(cat "$__object/parameter/source")
@ -47,10 +49,35 @@ fi
&& [ -z "$needs_chown" ] \
&& [ -n "$mode" ] && exit 0
# Whenever possible run git as non-root, see history of CVEs.
if [ -n "$owner" ]; then
git_user="$owner"
else
git_user="root"
fi
case $state_should in
present)
if [ "$state_should" != "$state_is" ]; then
echo git clone --quiet "$recursive" "$shallow" --branch "$branch" "$source" "$destination"
if [ "$git_user" != "root" ]; then
# If we execute git as non-root, it is not obvious that we'll be able
# to create the output directory, so we have to ensure that.
cat << EOF
if [ ! -d '$destination' ]; then
mkdir '$destination'
fi
chown '${owner}:${group}' '$destination'
EOF
fi
# Actually clone the repository
su -m "$git_user" -c "git clone --quiet '$recursive' '$shallow' --branch '$branch' '$source' '$destination'"
elif [ "$branch_should" != "$branch_is" ]; then
# User has changed tag / branch, let's update that
echo su -m "$git_user" -c "git checkout '$branch_should'"
elif [ "$needs_update" = "YES" ]; then
# The remote has newer information than our repository.
# Fetch was done in the explorer, here we can just pull
echo su -m "$git_user" -c "git -C '$destination' pull"
fi
if [ -n "$needs_chown" ]; then
echo chown -R "${owner}:${group}" "$destination"