From 1347ec77283376b6e8c2bbe7ae6d29decb8390ca Mon Sep 17 00:00:00 2001 From: Ilguiz Latypov Date: Fri, 13 Jul 2018 14:48:45 -0400 Subject: [PATCH 1/6] Preserve multi-word parameters #298. Use TEMP and JAVA_HOME. --- hub-detect/src/main/resources/hub-detect-sh | 87 ++++++++++----------- 1 file changed, 43 insertions(+), 44 deletions(-) diff --git a/hub-detect/src/main/resources/hub-detect-sh b/hub-detect/src/main/resources/hub-detect-sh index 0d3dcb2e7..ce8efcf3b 100644 --- a/hub-detect/src/main/resources/hub-detect-sh +++ b/hub-detect/src/main/resources/hub-detect-sh @@ -1,5 +1,20 @@ #!/bin/bash +tempdir="${TEMP:-/tmp}" +javahome=${JAVA_HOME} +if [[ "${OSTYPE}" == "cygwin" ]] ; then + tempdirnative=$(cygpath -wa "${tempdir}") + if (( ${#javahome} )) ; then + javahomeposix=$(cygpath -ua "${javahome}") + fi +else + tempdirnative=${tempdir} + javahomeposix="${javahome}" +fi +if (( ${#javahome} )) ; then + export PATH="${javahomeposix}/bin:${PATH}" +fi + # DETECT_LATEST_RELEASE_VERSION should be set in your # environment if you wish to use a version different # from LATEST. @@ -13,10 +28,10 @@ DETECT_RELEASE_VERSION=${DETECT_LATEST_RELEASE_VERSION} # a new commit is added to the master branch. DETECT_USE_SNAPSHOT=${DETECT_USE_SNAPSHOT:-0} -# To override the default location of /tmp, specify -# your own DETECT_JAR_PATH in your environment and -# *that* location will be used. -DETECT_JAR_PATH=${DETECT_JAR_PATH:-/tmp} +# DETECT_JAR_PATH overrides the location to store the +# downloaded Hub Detect JAR. It defaults to +# ${TEMP:-/tmp}. +DETECT_JAR_PATH=${DETECT_JAR_PATH:-${tempdirnative}} # If you want to pass any java options to the # invocation, specify DETECT_JAVA_OPTS in your @@ -27,27 +42,21 @@ DETECT_JAVA_OPTS=${DETECT_JAVA_OPTS:-} # If you want to pass any additional options to # curl, specify DETECT_CURL_OPTS in your environment. # For example, to specify a proxy, you would set -# DETECT_CURL_OPTS=--proxy http://myproxy:3128 +# DETECT_CURL_OPTS="--proxy http://myproxy:3128" DETECT_CURL_OPTS=${DETECT_CURL_OPTS:-} -SCRIPT_ARGS="$@" -LOGGABLE_SCRIPT_ARGS="" - -for i in $*; do - if [[ $i == --blackduck.hub.password=* ]]; then - LOGGABLE_SCRIPT_ARGS="$LOGGABLE_SCRIPT_ARGS --blackduck.hub.password=" - elif [[ $i == --blackduck.hub.proxy.password=* ]]; then - LOGGABLE_SCRIPT_ARGS="$LOGGABLE_SCRIPT_ARGS --blackduck.hub.proxy.password=" - elif [[ $i == --blackduck.hub.api.token=* ]]; then - LOGGABLE_SCRIPT_ARGS="$LOGGABLE_SCRIPT_ARGS --blackduck.hub.api.token=" - else - LOGGABLE_SCRIPT_ARGS="$LOGGABLE_SCRIPT_ARGS $i" +script_args=("$@") +loggable_script_args=() +for arg in "${script_args[@]}" ; do + if [[ "${arg}" =~ ^(.*\.(password|token)[^=]*)=.* ]] ; then + arg="${BASH_REMATCH[1]}=" fi + loggable_script_args+=("${arg}") done run() { get_detect - run_detect + run_detect || return $? } get_detect() { @@ -57,63 +66,53 @@ get_detect() { CURRENT_VERSION=$( <$VERSION_FILE_DESTINATION ) fi - curl $DETECT_CURL_OPTS -o $VERSION_FILE_DESTINATION https://blackducksoftware.github.io/hub-detect/latest-commit-id.txt - LATEST_VERSION=$( <$VERSION_FILE_DESTINATION ) + curl -sSL $DETECT_CURL_OPTS -o "${VERSION_FILE_DESTINATION}" https://blackducksoftware.github.io/hub-detect/latest-commit-id.txt + LATEST_VERSION=$(<"${VERSION_FILE_DESTINATION}") if [ $DETECT_USE_SNAPSHOT -eq 1 ]; then if [ -z "${DETECT_RELEASE_VERSION}" ]; then - echo "will look for snapshot: hub-detect-latest-SNAPSHOT.jar" DETECT_SOURCE="https://test-repo.blackducksoftware.com/artifactory/bds-integrations-snapshot/com/blackducksoftware/integration/hub-detect/latest-SNAPSHOT/hub-detect-latest-SNAPSHOT.jar" DETECT_DESTINATION="${DETECT_JAR_PATH}/hub-detect-latest-SNAPSHOT.jar" + echo "will look for snapshot: ${DETECT_SOURCE}" >&2 else DETECT_SOURCE="https://test-repo.blackducksoftware.com/artifactory/bds-integrations-snapshot/com/blackducksoftware/integration/hub-detect/${DETECT_RELEASE_VERSION}/hub-detect-${DETECT_RELEASE_VERSION}.jar" DETECT_DESTINATION="${DETECT_JAR_PATH}/hub-detect-${DETECT_RELEASE_VERSION}.jar" + echo "will look for release: ${DETECT_SOURCE}" >&2 fi else if [ -z "${DETECT_RELEASE_VERSION}" ]; then - DETECT_RELEASE_VERSION=$(curl $DETECT_CURL_OPTS 'https://test-repo.blackducksoftware.com/artifactory/api/search/latestVersion?g=com.blackducksoftware.integration&a=hub-detect&repos=bds-integrations-release') + DETECT_RELEASE_VERSION=$(curl -sSL $DETECT_CURL_OPTS 'https://test-repo.blackducksoftware.com/artifactory/api/search/latestVersion?g=com.blackducksoftware.integration&a=hub-detect&repos=bds-integrations-release') DETECT_SOURCE="https://test-repo.blackducksoftware.com/artifactory/bds-integrations-release/com/blackducksoftware/integration/hub-detect/${DETECT_RELEASE_VERSION}/hub-detect-${DETECT_RELEASE_VERSION}.jar" DETECT_DESTINATION="${DETECT_JAR_PATH}/hub-detect-${DETECT_RELEASE_VERSION}.jar" else DETECT_SOURCE="https://test-repo.blackducksoftware.com/artifactory/bds-integrations-release/com/blackducksoftware/integration/hub-detect/${DETECT_RELEASE_VERSION}/hub-detect-${DETECT_RELEASE_VERSION}.jar" DETECT_DESTINATION="${DETECT_JAR_PATH}/hub-detect-${DETECT_RELEASE_VERSION}.jar" fi - echo "will look for : ${DETECT_SOURCE}" + echo "will look for release: ${DETECT_SOURCE}" >&2 fi USE_REMOTE=1 if [ "$CURRENT_VERSION" != "$LATEST_VERSION" ] && [ $DETECT_USE_SNAPSHOT -eq 1 ]; then - echo "You don't have the latest snapshot, so the new snapshot will be downloaded." + echo "You don't have the latest snapshot, so the new snapshot will be downloaded." >&2 elif [ ! -f $DETECT_DESTINATION ]; then - echo "You don't have the current file, so it will be downloaded." + echo "You don't have the current file, so it will be downloaded." >&2 else - echo "You have already downloaded the latest file, so the local file will be used." + echo "You have already downloaded the latest file, so the local file will be used." >&2 USE_REMOTE=0 fi if [ $USE_REMOTE -eq 1 ]; then - echo "getting ${DETECT_SOURCE} from remote" - curl $DETECT_CURL_OPTS -L -o $DETECT_DESTINATION "${DETECT_SOURCE}" - echo "saved ${DETECT_SOURCE} to ${DETECT_DESTINATION}" + echo "getting ${DETECT_SOURCE} from remote" >&2 + curl -sSL $DETECT_CURL_OPTS -o "${DETECT_DESTINATION}" "${DETECT_SOURCE}" + echo "saved ${DETECT_SOURCE} to ${DETECT_DESTINATION}" >&2 fi } run_detect() { - JAVACMD="java ${DETECT_JAVA_OPTS} -jar ${DETECT_DESTINATION}" - echo "running detect: ${JAVACMD} ${LOGGABLE_SCRIPT_ARGS}" - - # first, silently delete (-f ignores missing - # files) any existing shell script, then create - # the one we will run - rm -f $DETECT_JAR_PATH/hub-detect-java.sh - echo "#!/bin/sh" >> $DETECT_JAR_PATH/hub-detect-java.sh - echo "" >> $DETECT_JAR_PATH/hub-detect-java.sh - echo $JAVACMD $SCRIPT_ARGS >> $DETECT_JAR_PATH/hub-detect-java.sh - source $DETECT_JAR_PATH/hub-detect-java.sh - RESULT=$? - echo "Result code of ${RESULT}, exiting" - rm -f $DETECT_JAR_PATH/hub-detect-java.sh - exit $RESULT + javacmd=(java ${DETECT_JAVA_OPTS} -jar "${DETECT_DESTINATION}") + type -a java || return -1 + echo "running detect: ${javacmd[*]@Q} ${loggable_script_args[*]@Q}" >&2 + "${javacmd[@]}" "${script_args[@]}" || return $? } run From d324792b7a1a129ab35331b10c48cbeac23556df Mon Sep 17 00:00:00 2001 From: "Ilguiz [eel ghEEz] Latypov" Date: Wed, 8 Aug 2018 11:28:06 -0400 Subject: [PATCH 2/6] Attempt to work around "You are not authorized" The error comes from Travis with regard to submitting Sonar analysis. --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 549d5aa40..1ed052a36 100644 --- a/.travis.yml +++ b/.travis.yml @@ -20,7 +20,7 @@ notifications: - bdsoss@blackducksoftware.com script: -- "./gradlew clean build jacocoTestReport coveralls sonarqube" +- "./gradlew clean build jacocoTestReport coveralls sonarqube -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$SONAR_TOKEN" after_success: - bash <(curl -s https://copilot.blackducksoftware.com/ci/travis/scripts/upload) From 5d19059876226d5497a11eb60ed75e066778fcea Mon Sep 17 00:00:00 2001 From: "Ilguiz [eel ghEEz] Latypov" Date: Wed, 8 Aug 2018 11:33:34 -0400 Subject: [PATCH 3/6] Attempt to work around "You are not authorized" The existing SonarQube server may be correct. The SONAR_HOST_URL variable had no value. --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 1ed052a36..b4a4c684b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -20,7 +20,7 @@ notifications: - bdsoss@blackducksoftware.com script: -- "./gradlew clean build jacocoTestReport coveralls sonarqube -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$SONAR_TOKEN" +- "./gradlew clean build jacocoTestReport coveralls sonarqube -Dsonar.login=$SONAR_TOKEN" after_success: - bash <(curl -s https://copilot.blackducksoftware.com/ci/travis/scripts/upload) From deda36fb0f5809d8391225465ee6b776f8cdc420 Mon Sep 17 00:00:00 2001 From: "Ilguiz [eel ghEEz] Latypov" Date: Wed, 8 Aug 2018 11:54:26 -0400 Subject: [PATCH 4/6] Attempt to work around "You are not authorized" The error said, > You're only authorized to execute a local (preview) SonarQube analysis without pushing the results to the SonarQube server. Please contact your SonarQube administrator. I just reverted my attempts to work this around now that I logged in and authorized sonarcloud.io. --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index b4a4c684b..549d5aa40 100644 --- a/.travis.yml +++ b/.travis.yml @@ -20,7 +20,7 @@ notifications: - bdsoss@blackducksoftware.com script: -- "./gradlew clean build jacocoTestReport coveralls sonarqube -Dsonar.login=$SONAR_TOKEN" +- "./gradlew clean build jacocoTestReport coveralls sonarqube" after_success: - bash <(curl -s https://copilot.blackducksoftware.com/ci/travis/scripts/upload) From 4b92c8ab2a12841a3fa2611b4bd6eeba0c15efbf Mon Sep 17 00:00:00 2001 From: "Ilguiz [eel ghEEz] Latypov" Date: Wed, 8 Aug 2018 12:07:46 -0400 Subject: [PATCH 5/6] Attempt to work around "You're only authorized .." Follow Travis documentation implying that pull requests from forks are not to be inspected with SonarCloud. https://docs.travis-ci.com/user/sonarcloud/ Attempt to classify the secure token as belonging to a certain organization so that a pull request from my fork does not get a SonarCloud inspection. --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index 549d5aa40..558c31c6d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,6 +8,7 @@ install: true addons: sonarcloud: + organization: "blackducksoftware" token: secure: "tGi86abq+UgIfB/StpMh75QIzL7hysmgOB8A5TOWjdYwV87MMu25hUuSPlMcJFWUbl96tJ/nAd6BAw/vm5zgb4ldaQOy/Dr17rltrUfbH5xONJLXLuF4REOeyUhHScmEpthdocwtGZI36WRYtOj+F5jpPU2Qg/RDgypPVKsFyFhmc6KhS6i/ZswH3McLg3zReIqouykz9rLFy+UXL2wd/Qj5nJC0nc2GfGHLBBSkH8awHi1wwlCwKDxF+w8mAXcEbXbt7gY1CrbBTTovD4g7y7ZOFXqcLrBWlZ/of8S3fNBkys5tFTp9/219WubcKy7+n7d9zQDITiK1Z4X+jGfjQw7L0CESNoKeESzi44fkyOR5DQAhPoQi/aFiQff4TwQxuqz22a0oCjOC7EEyYkPCrzcJWuPUDEs420B2Ddg9Sr4WwiAOWx6j0rpqxt72Phbf7kYd/Da3RRDFptwsWy3B1M811Z/IJErxBt5wDqc3gRimebYD21EGYUgn3KAZhsLVrS21xzPu6d0FoOF/Z7se5BPJExcK1rglRBDA2tD399LlrFW++KJ5ZJU6+kgbHxy6Z7ZQze4JxDz+2zeVT7wvuHWyssqy70P6w94q5lTJ65jm3Ywg4iZzNj2VWzHeCKElamXcwbu8nlLcVpFDaXA/GGWfjiIDJZsRCDYzgwc2rIs=" From 9a2da345fcb1716e945f592f99edd29545aaf439 Mon Sep 17 00:00:00 2001 From: "Ilguiz [eel ghEEz] Latypov" Date: Wed, 8 Aug 2018 12:18:50 -0400 Subject: [PATCH 6/6] Attempt to work around "You're only authorized.." Get rid of SonarCloud as I fail to prevent its integration failure in my pull request from a fork. https://stackoverflow.com/questions/45612758/how-do-i-get-sonarcloud-to-run-on-pull-requests-from-forks-with-travis-maven https://travis-ci.org/blackducksoftware/hub-detect/builds/413657598 Maintainers, please re-add "sonarqube" to the script command line after my requests pulls through. --- .travis.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 558c31c6d..4dd12fe1d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,7 +8,6 @@ install: true addons: sonarcloud: - organization: "blackducksoftware" token: secure: "tGi86abq+UgIfB/StpMh75QIzL7hysmgOB8A5TOWjdYwV87MMu25hUuSPlMcJFWUbl96tJ/nAd6BAw/vm5zgb4ldaQOy/Dr17rltrUfbH5xONJLXLuF4REOeyUhHScmEpthdocwtGZI36WRYtOj+F5jpPU2Qg/RDgypPVKsFyFhmc6KhS6i/ZswH3McLg3zReIqouykz9rLFy+UXL2wd/Qj5nJC0nc2GfGHLBBSkH8awHi1wwlCwKDxF+w8mAXcEbXbt7gY1CrbBTTovD4g7y7ZOFXqcLrBWlZ/of8S3fNBkys5tFTp9/219WubcKy7+n7d9zQDITiK1Z4X+jGfjQw7L0CESNoKeESzi44fkyOR5DQAhPoQi/aFiQff4TwQxuqz22a0oCjOC7EEyYkPCrzcJWuPUDEs420B2Ddg9Sr4WwiAOWx6j0rpqxt72Phbf7kYd/Da3RRDFptwsWy3B1M811Z/IJErxBt5wDqc3gRimebYD21EGYUgn3KAZhsLVrS21xzPu6d0FoOF/Z7se5BPJExcK1rglRBDA2tD399LlrFW++KJ5ZJU6+kgbHxy6Z7ZQze4JxDz+2zeVT7wvuHWyssqy70P6w94q5lTJ65jm3Ywg4iZzNj2VWzHeCKElamXcwbu8nlLcVpFDaXA/GGWfjiIDJZsRCDYzgwc2rIs=" @@ -21,7 +20,7 @@ notifications: - bdsoss@blackducksoftware.com script: -- "./gradlew clean build jacocoTestReport coveralls sonarqube" +- "./gradlew clean build jacocoTestReport coveralls" after_success: - bash <(curl -s https://copilot.blackducksoftware.com/ci/travis/scripts/upload)