diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f435a5d2..dedcaf71 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,27 +1,3 @@ -.build_setup_steps: &build_setup_steps - before_script: - - mkdir -p /opt/IronFox - - - touch "${IRONFOX_SB_GAPI_KEY_FILE}" - - chmod 600 "${IRONFOX_SB_GAPI_KEY_FILE}" - - echo -n "${IRONFOX_SB_GAPI_KEY}" > "${IRONFOX_SB_GAPI_KEY_FILE}" - - - touch "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE}" - - chmod 600 "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE}" - - echo -n "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS}" > "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE}" - - - touch "${IRONFOX_ANDROID_KEYSTORE_PASS_FILE}" - - chmod 600 "${IRONFOX_ANDROID_KEYSTORE_PASS_FILE}" - - echo -n "${IRONFOX_ANDROID_KEYSTORE_PASS}" > "${IRONFOX_ANDROID_KEYSTORE_PASS_FILE}" - - - | - curl --fail --location --show-error --silent \ - --request GET \ - --header "JOB-TOKEN: ${CI_JOB_TOKEN}" \ - "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/secure_files/${IRONFOX_ANDROID_KEYSTORE_SECFILEID}/download" \ - --output "${IRONFOX_ANDROID_KEYSTORE}" - - chmod 600 "${IRONFOX_ANDROID_KEYSTORE}" - .build_cache: &build_cache - key: cache-cargo-$CI_COMMIT_REF_SLUG policy: pull-push @@ -55,10 +31,7 @@ default: variables: &build_variables PRODUCTION_BRANCH: main - IRONFOX_SB_GAPI_KEY_FILE: /opt/IronFox/ironfox-sb-gapi-key.txt - IRONFOX_ANDROID_KEYSTORE: /opt/IronFox/ironfox-android-keystore.jks - IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE: /opt/IronFox/ironfox-android-signing-key-pass.txt - IRONFOX_ANDROID_KEYSTORE_PASS_FILE: /opt/IronFox/ironfox-android-keystore-pass.txt + IRONFOX_CI: 1 IF_CI_NAME: "IronFox CI" IF_CI_USERNAME: "ironfox-ci" IF_CI_EMAIL: "ci@ironfoxoss.org" @@ -95,11 +68,11 @@ update-fdroid-repo: - git config --global url."https://${IF_CI_USERNAME}:${GITLAB_CI_PUSH_TOKEN}@gitlab.com/".insteadOf "https://gitlab.com/" script: - set -euo pipefail - - echo "Downloading dependencies..." + - echo 'Downloading dependencies...' - bash -x scripts/get_sources.sh python - bash -x scripts/get_sources.sh uv - bash -x scripts/get_sources.sh androguard - - echo "Updating F-Droid repo..." + - echo 'Updating F-Droid repo...' - bash scripts/ci-update-fdroid.sh update-site-repo: @@ -129,11 +102,11 @@ update-site-repo: - git config --global url."https://${IF_CI_USERNAME}:${GITLAB_CI_PUSH_TOKEN}@gitlab.com/".insteadOf "https://gitlab.com/" script: - set -euo pipefail - - echo "Downloading dependencies..." + - echo 'Downloading dependencies...' - bash -x scripts/get_sources.sh python - bash -x scripts/get_sources.sh uv - bash -x scripts/get_sources.sh pyyaml - - echo "Updating website repo..." + - echo 'Updating website repo...' - bash scripts/ci-update-site.sh build-docker: @@ -146,6 +119,7 @@ build-docker: before_script: - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}" script: + - set -euo pipefail - docker build --pull -t "${DOCKER_IMAGE_NAME}" . - docker push "${DOCKER_IMAGE_NAME}" - | @@ -183,10 +157,11 @@ build-aar: IRONFOX_JOB_ARTIFACT_NAME: "build-aar-$BUILD_VARIANT" IRONFOX_ARTIFACT_INCLUDES: "aar;logs" <<: *build_variables - <<: *build_setup_steps script: - set -euo pipefail - - echo "Building AAR..." + - echo 'Preparing secrets...' + - bash scripts/ci-prep.sh sb + - echo 'Building AAR...' - bash -x scripts/ci-build.sh "${BUILD_VARIANT}" <<: *compressed_artifact_output rules: @@ -217,10 +192,12 @@ build-final: IRONFOX_JOB_ARTIFACT_NAME: "build-final-$BUILD_VARIANT" IRONFOX_ARTIFACT_INCLUDES: "apk;apks;logs" <<: *build_variables - <<: *build_setup_steps script: - set -euo pipefail - - echo "Building Bundle..." + - echo 'Preparing secrets...' + - bash scripts/ci-prep.sh android-ks + - bash scripts/ci-prep.sh sb + - echo 'Building Bundle...' - bash -x scripts/ci-build.sh "${BUILD_VARIANT}" <<: *compressed_artifact_output rules: @@ -256,38 +233,19 @@ prepare-release: tags: - saas-linux-2xlarge-amd64 variables: - IRONFOX_RELEASES_S3_ACCESS_KEY_FILE: /opt/IronFox/ironfox-releases-s3-access-key.txt - IRONFOX_RELEASES_S3_BUCKET_NAME_FILE: /opt/IronFox/ironfox-releases-s3-bucket-name.txt - IRONFOX_RELEASES_S3_ENDPOINT_FILE: /opt/IronFox/ironfox-releases-s3-endpoint.txt - IRONFOX_RELEASES_S3_SECRET_KEY_FILE: /opt/IronFox/ironfox-releases-s3-secret-key.txt <<: *build_variables before_script: - sudo dnf update -y --refresh - sudo dnf install -y curl jq - - mkdir -p /opt/IronFox - - - touch "${IRONFOX_RELEASES_S3_ACCESS_KEY_FILE}" - - chmod 600 "${IRONFOX_RELEASES_S3_ACCESS_KEY_FILE}" - - echo -n "${IRONFOX_RELEASES_S3_ACCESS_KEY}" > "${IRONFOX_RELEASES_S3_ACCESS_KEY_FILE}" - - - touch "${IRONFOX_RELEASES_S3_BUCKET_NAME_FILE}" - - chmod 600 "${IRONFOX_RELEASES_S3_BUCKET_NAME_FILE}" - - echo -n "${IRONFOX_RELEASES_S3_BUCKET_NAME}" > "${IRONFOX_RELEASES_S3_BUCKET_NAME_FILE}" - - - touch "${IRONFOX_RELEASES_S3_ENDPOINT_FILE}" - - chmod 600 "${IRONFOX_RELEASES_S3_ENDPOINT_FILE}" - - echo -n "${IRONFOX_RELEASES_S3_ENDPOINT}" > "${IRONFOX_RELEASES_S3_ENDPOINT_FILE}" - - - touch "${IRONFOX_RELEASES_S3_SECRET_KEY_FILE}" - - chmod 600 "${IRONFOX_RELEASES_S3_SECRET_KEY_FILE}" - - echo -n "${IRONFOX_RELEASES_S3_SECRET_KEY}" > "${IRONFOX_RELEASES_S3_SECRET_KEY_FILE}" script: - set -euo pipefail - - echo "Downloading dependencies..." + - echo 'Preparing secrets...' + - bash scripts/ci-prep.sh s3 + - echo 'Downloading dependencies...' - bash -x scripts/get_sources.sh python - bash -x scripts/get_sources.sh uv - bash -x scripts/get_sources.sh s3cmd - - echo "Publishing packages..." + - echo 'Publishing packages...' - bash scripts/ci-publish-packages.sh artifacts: untracked: false @@ -316,6 +274,7 @@ publish-release: variables: <<: *build_variables script: + - set -euo pipefail - | release-cli \ --server-url "${CI_SERVER_URL}" \ diff --git a/scripts/ci-build-if.sh b/scripts/ci-build-if.sh index 45d851f1..8939e935 100755 --- a/scripts/ci-build-if.sh +++ b/scripts/ci-build-if.sh @@ -6,6 +6,9 @@ set -euo pipefail # Set-up our environment +if [[ -z "${IRONFOX_CI+x}" ]]; then + export IRONFOX_CI=1 +fi source $(dirname $0)/env.sh # Include utilities diff --git a/scripts/ci-build.sh b/scripts/ci-build.sh index bb48d14f..537230c2 100755 --- a/scripts/ci-build.sh +++ b/scripts/ci-build.sh @@ -2,14 +2,15 @@ set -euo pipefail -export IRONFOX_CI=1 - if [[ "${CI_COMMIT_REF_NAME}" == "${PRODUCTION_BRANCH}" ]]; then # Target release export IRONFOX_RELEASE=1 fi # Set-up our environment +if [[ -z "${IRONFOX_CI+x}" ]]; then + export IRONFOX_CI=1 +fi if [[ -z "${IRONFOX_SET_ENVS+x}" ]]; then bash -x $(dirname $0)/env.sh fi diff --git a/scripts/ci-compress.sh b/scripts/ci-compress.sh index e2ef09e5..4b1d11f5 100644 --- a/scripts/ci-compress.sh +++ b/scripts/ci-compress.sh @@ -6,6 +6,9 @@ set -euo pipefail # Set-up our environment +if [[ -z "${IRONFOX_CI+x}" ]]; then + export IRONFOX_CI=1 +fi source $(dirname $0)/env.sh # Include utilities diff --git a/scripts/ci-prep.sh b/scripts/ci-prep.sh new file mode 100755 index 00000000..68804076 --- /dev/null +++ b/scripts/ci-prep.sh @@ -0,0 +1,339 @@ +#!/bin/bash + +# This file is expected to be executed in GitLab CI +# DO NOT executed this manually! + +set -euo pipefail + +# Ensure this is never ran with xtrace... +set +x + +# Set-up our environment +if [[ -z "${IRONFOX_CI+x}" ]]; then + export IRONFOX_CI=1 +fi +if [[ -z "${IRONFOX_SET_ENVS+x}" ]]; then + bash -x "$(realpath $(dirname "$0"))/env.sh" +fi +source "$(realpath $(dirname "$0"))/env.sh" + +# Include utilities +source "${IRONFOX_UTILS}" + +# Set-up target parameters +if [[ -z "${1+x}" ]]; then + echo_red_text "Usage: $0 android-keystore|s3|sb" >&1 + exit 1 +fi + +readonly ci_prep_target=$(echo "${1}" | "${IRONFOX_AWK}" '{print tolower($0)}') + +IRONFOX_CI_PREP_ANDROID_KEYSTORE=0 +IRONFOX_CI_PREP_S3=0 +IRONFOX_CI_PREP_SB_GAPI_KEY=0 + +if [ "${ci_prep_target}" == 'android-ks' ]; then + # Set-up the Android keystore + IRONFOX_CI_PREP_ANDROID_KEYSTORE=1 +elif [ "${ci_prep_target}" == 's3' ]; then + # Set-up S3 storage + IRONFOX_CI_PREP_S3=1 +elif [ "${ci_prep_target}" == 'sb' ]; then + # Set-up the Google Safe Browsing API key + IRONFOX_CI_PREP_SB_GAPI_KEY=1 +else + echo_red_text "ERROR: Invalid target: ${ci_prep_target}\n You must enter one of the following:" + echo 'Android keystore: android-keystore' + echo 'Google Safe Browsing API key: sb' + echo 'S3 storage: s3' + exit 1 +fi +readonly IRONFOX_CI_PREP_ANDROID_KEYSTORE +readonly IRONFOX_CI_PREP_S3 +readonly IRONFOX_CI_PREP_SB_GAPI_KEY + +# Android keystore +function prep_android_keystore() { + echo_red_text 'Preparing Android keystore...' + + # First, ensure that environment variables specified externally (from CI) are properly set... + + ## Android keystore key pass + if [[ -z "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS+x}" ]]; then + echo_red_text 'ERROR: The IRONFOX_ANDROID_KEYSTORE_KEY_PASS environment variable is missing! Aborting...' + exit 1 + fi + readonly IRONFOX_ANDROID_KEYSTORE_KEY_PASS + + ## Android keystore pass + if [[ -z "${IRONFOX_ANDROID_KEYSTORE_PASS+x}" ]]; then + echo_red_text 'ERROR: The IRONFOX_ANDROID_KEYSTORE_PASS environment variable is missing! Aborting...' + exit 1 + fi + readonly IRONFOX_ANDROID_KEYSTORE_PASS + + ## Android keystore URL + if [[ -z "${IRONFOX_ANDROID_KEYSTORE_URL+x}" ]]; then + echo_red_text 'ERROR: The IRONFOX_ANDROID_KEYSTORE_URL environment variable is missing! Aborting...' + exit 1 + fi + readonly IRONFOX_ANDROID_KEYSTORE_URL + + ## GitLab CI job token + ### (We need this to download the Android Keystore) + if [[ -z "${CI_JOB_TOKEN+x}" ]]; then + echo_red_text 'ERROR: The CI_JOB_TOKEN environment variable is missing! Aborting...' + exit 1 + fi + readonly CI_JOB_TOKEN + + # Now, ensure that our keystore file variables (defined at `env_common.sh`, set at `env_ci.sh`) are properly set... + + if [[ -z "${IRONFOX_ANDROID_KEYSTORE}" ]]; then + echo_red_text 'ERROR: The IRONFOX_ANDROID_KEYSTORE environment variable is missing! Aborting...' + exit 1 + fi + + if [ "${IRONFOX_ANDROID_KEYSTORE}" == 'null' ]; then + echo_red_text 'ERROR: The IRONFOX_ANDROID_KEYSTORE environment variable has not been specified! Aborting...' + exit 1 + fi + + if [[ -z "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE}" ]]; then + echo_red_text 'ERROR: The IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE environment variable is missing! Aborting...' + exit 1 + fi + + if [ "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE}" == 'null' ]; then + echo_red_text 'ERROR: The IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE environment variable has not been specified! Aborting...' + exit 1 + fi + + if [[ -z "${IRONFOX_ANDROID_KEYSTORE_PASS_FILE}" ]]; then + echo_red_text 'ERROR: The IRONFOX_ANDROID_KEYSTORE_PASS_FILE environment variable is missing! Aborting...' + exit 1 + fi + + if [ "${IRONFOX_ANDROID_KEYSTORE_PASS_FILE}" == 'null' ]; then + echo_red_text 'ERROR: The IRONFOX_ANDROID_KEYSTORE_PASS_FILE environment variable has not been specified! Aborting...' + exit 1 + fi + + # Create our directories + mkdir -p $(dirname "${IRONFOX_ANDROID_KEYSTORE}") + mkdir -p $(dirname "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE}") + mkdir -p $(dirname "${IRONFOX_ANDROID_KEYSTORE_PASS_FILE}") + + # Download the Android keystore + curl ${IRONFOX_CURL_FLAGS} --fail --location --silent \ + --request GET \ + --header "JOB-TOKEN: ${CI_JOB_TOKEN}" \ + "${IRONFOX_ANDROID_KEYSTORE_URL}" \ + --output "${IRONFOX_ANDROID_KEYSTORE}" + + chmod 600 "${IRONFOX_ANDROID_KEYSTORE}" + + # Create the keystore key pass file + touch "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE}" + chmod 600 "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE}" + echo -n "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS}" > "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE}" + + # Create the keystore pass file + touch "${IRONFOX_ANDROID_KEYSTORE_PASS_FILE}" + chmod 600 "${IRONFOX_ANDROID_KEYSTORE_PASS_FILE}" + echo -n "${IRONFOX_ANDROID_KEYSTORE_PASS}" > "${IRONFOX_ANDROID_KEYSTORE_PASS_FILE}" + + # Ensure nothing went wrong... + if ! [[ -s "${IRONFOX_ANDROID_KEYSTORE}" ]]; then + echo_red_text "ERROR: Android keystore file ${IRONFOX_ANDROID_KEYSTORE} is empty!" + exit 1 + fi + + if ! [[ -s "${IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE}" ]]; then + echo_red_text "ERROR: Android keystore key pass file ${IRONFOX_ANDROID_KEYSTORE_KEY_PASS_FILE} is empty!" + exit 1 + fi + + if ! [[ -s "${IRONFOX_ANDROID_KEYSTORE_PASS_FILE}" ]]; then + echo_red_text "ERROR: Android keystore pass file ${IRONFOX_ANDROID_KEYSTORE_PASS_FILE} is empty!" + exit 1 + fi + + echo_green_text 'SUCCESS: Prepared Android keystore' +} + +# S3 storage +function prep_s3_storage() { + echo_red_text 'Preparing S3 storage...' + + # First, ensure that environment variables specified externally (from CI) are properly set... + + ## S3 access key + if [[ -z "${IRONFOX_RELEASES_S3_ACCESS_KEY+x}" ]]; then + echo_red_text 'ERROR: The IRONFOX_RELEASES_S3_ACCESS_KEY environment variable is missing! Aborting...' + exit 1 + fi + readonly IRONFOX_RELEASES_S3_ACCESS_KEY + + ## S3 bucket name + if [[ -z "${IRONFOX_RELEASES_S3_BUCKET_NAME+x}" ]]; then + echo_red_text 'ERROR: The IRONFOX_RELEASES_S3_BUCKET_NAME environment variable is missing! Aborting...' + exit 1 + fi + readonly IRONFOX_RELEASES_S3_BUCKET_NAME + + ## S3 endpoint + if [[ -z "${IRONFOX_RELEASES_S3_ENDPOINT+x}" ]]; then + echo_red_text 'ERROR: The IRONFOX_RELEASES_S3_ENDPOINT environment variable is missing! Aborting...' + exit 1 + fi + readonly IRONFOX_RELEASES_S3_ENDPOINT + + ## S3 secret key + if [[ -z "${IRONFOX_RELEASES_S3_SECRET_KEY+x}" ]]; then + echo_red_text 'ERROR: The IRONFOX_RELEASES_S3_SECRET_KEY environment variable is missing! Aborting...' + exit 1 + fi + readonly IRONFOX_RELEASES_S3_SECRET_KEY + + # Now, ensure that our Safe Browsing API key file variable (defined at `env_common.sh`, set at `env_ci.sh`) is properly set... + + if [[ -z "${IRONFOX_RELEASES_S3_ACCESS_KEY_FILE}" ]]; then + echo_red_text 'ERROR: The IRONFOX_RELEASES_S3_ACCESS_KEY_FILE environment variable is missing! Aborting...' + exit 1 + fi + + if [ "${IRONFOX_RELEASES_S3_ACCESS_KEY_FILE}" == 'null' ]; then + echo_red_text 'ERROR: The IRONFOX_RELEASES_S3_ACCESS_KEY_FILE environment variable has not been specified! Aborting...' + exit 1 + fi + + if [[ -z "${IRONFOX_RELEASES_S3_BUCKET_NAME_FILE}" ]]; then + echo_red_text 'ERROR: The IRONFOX_RELEASES_S3_BUCKET_NAME_FILE environment variable is missing! Aborting...' + exit 1 + fi + + if [ "${IRONFOX_RELEASES_S3_BUCKET_NAME_FILE}" == 'null' ]; then + echo_red_text 'ERROR: The IRONFOX_RELEASES_S3_BUCKET_NAME_FILE environment variable has not been specified! Aborting...' + exit 1 + fi + + if [[ -z "${IRONFOX_RELEASES_S3_ENDPOINT_FILE}" ]]; then + echo_red_text 'ERROR: The IRONFOX_RELEASES_S3_ENDPOINT_FILE environment variable is missing! Aborting...' + exit 1 + fi + + if [ "${IRONFOX_RELEASES_S3_ENDPOINT_FILE}" == 'null' ]; then + echo_red_text 'ERROR: The IRONFOX_RELEASES_S3_ENDPOINT_FILE environment variable has not been specified! Aborting...' + exit 1 + fi + + if [[ -z "${IRONFOX_RELEASES_S3_SECRET_KEY_FILE}" ]]; then + echo_red_text 'ERROR: The IRONFOX_RELEASES_S3_SECRET_KEY_FILE environment variable is missing! Aborting...' + exit 1 + fi + + if [ "${IRONFOX_RELEASES_S3_SECRET_KEY_FILE}" == 'null' ]; then + echo_red_text 'ERROR: The IRONFOX_RELEASES_S3_SECRET_KEY_FILE environment variable has not been specified! Aborting...' + exit 1 + fi + + # Create our directories + mkdir -p $(dirname "${IRONFOX_RELEASES_S3_ACCESS_KEY_FILE}") + mkdir -p $(dirname "${IRONFOX_RELEASES_S3_BUCKET_NAME_FILE}") + mkdir -p $(dirname "${IRONFOX_RELEASES_S3_ENDPOINT_FILE}") + mkdir -p $(dirname "${IRONFOX_RELEASES_S3_SECRET_KEY_FILE}") + + # Create the S3 access key file + touch "${IRONFOX_RELEASES_S3_ACCESS_KEY_FILE}" + chmod 600 "${IRONFOX_RELEASES_S3_ACCESS_KEY_FILE}" + echo -n "${IRONFOX_RELEASES_S3_ACCESS_KEY}" > "${IRONFOX_RELEASES_S3_ACCESS_KEY_FILE}" + + # Create the S3 bucket name file + touch "${IRONFOX_RELEASES_S3_BUCKET_NAME_FILE}" + chmod 600 "${IRONFOX_RELEASES_S3_BUCKET_NAME_FILE}" + echo -n "${IRONFOX_RELEASES_S3_BUCKET_NAME}" > "${IRONFOX_RELEASES_S3_BUCKET_NAME_FILE}" + + # Create the S3 endpoint file + touch "${IRONFOX_RELEASES_S3_ENDPOINT_FILE}" + chmod 600 "${IRONFOX_RELEASES_S3_ENDPOINT_FILE}" + echo -n "${IRONFOX_RELEASES_S3_ENDPOINT}" > "${IRONFOX_RELEASES_S3_ENDPOINT_FILE}" + + # Create the S3 secret key file + touch "${IRONFOX_RELEASES_S3_SECRET_KEY_FILE}" + chmod 600 "${IRONFOX_RELEASES_S3_SECRET_KEY_FILE}" + echo -n "${IRONFOX_RELEASES_S3_SECRET_KEY}" > "${IRONFOX_RELEASES_S3_SECRET_KEY_FILE}" + + # Ensure nothing went wrong... + if ! [[ -s "${IRONFOX_RELEASES_S3_ACCESS_KEY_FILE}" ]]; then + echo_red_text "ERROR: S3 access key file ${IRONFOX_RELEASES_S3_ACCESS_KEY_FILE} is empty!" + exit 1 + fi + + if ! [[ -s "${IRONFOX_RELEASES_S3_BUCKET_NAME_FILE}" ]]; then + echo_red_text "ERROR: S3 bucket name file ${IRONFOX_RELEASES_S3_BUCKET_NAME_FILE} is empty!" + exit 1 + fi + + if ! [[ -s "${IRONFOX_RELEASES_S3_ENDPOINT_FILE}" ]]; then + echo_red_text "ERROR: S3 endpoint file ${IRONFOX_RELEASES_S3_ENDPOINT_FILE} is empty!" + exit 1 + fi + + if ! [[ -s "${IRONFOX_RELEASES_S3_SECRET_KEY_FILE}" ]]; then + echo_red_text "ERROR: S3 secret key file ${IRONFOX_RELEASES_S3_SECRET_KEY_FILE} is empty!" + exit 1 + fi + + echo_green_text 'SUCCESS: Prepared S3 storage' +} + +# Google Safe Browsing API key +function prep_sb_gapi_key() { + echo_red_text 'Preparing Google Safe Browsing API key...' + + # First, ensure that environment variables specified externally (from CI) are properly set... + + if [[ -z "${IRONFOX_SB_GAPI_KEY+x}" ]]; then + echo_red_text 'ERROR: The IRONFOX_SB_GAPI_KEY environment variable is missing! Aborting...' + exit 1 + fi + readonly IRONFOX_SB_GAPI_KEY + + # Now, ensure that our Safe Browsing API key file variable (defined at `env_common.sh`, set at `env_ci.sh`) is properly set... + + if [[ -z "${IRONFOX_SB_GAPI_KEY_FILE}" ]]; then + echo_red_text 'ERROR: The IRONFOX_SB_GAPI_KEY_FILE environment variable is missing! Aborting...' + exit 1 + fi + + if [ "${IRONFOX_SB_GAPI_KEY_FILE}" == 'null' ]; then + echo_red_text 'ERROR: The IRONFOX_SB_GAPI_KEY_FILE environment variable has not been specified! Aborting...' + exit 1 + fi + + # Create our directory + mkdir -p $(dirname "${IRONFOX_SB_GAPI_KEY_FILE}") + + # Create the Safe Browsing API key file + touch "${IRONFOX_SB_GAPI_KEY_FILE}" + chmod 600 "${IRONFOX_SB_GAPI_KEY_FILE}" + echo -n "${IRONFOX_SB_GAPI_KEY}" > "${IRONFOX_SB_GAPI_KEY_FILE}" + + # Ensure nothing went wrong... + if ! [[ -s "${IRONFOX_SB_GAPI_KEY_FILE}" ]]; then + echo_red_text "ERROR: Google Safe Browsing API key file ${IRONFOX_SB_GAPI_KEY_FILE} is empty!" + exit 1 + fi + + echo_green_text 'SUCCESS: Prepared Google Safe Browsing API key' +} + +# Prepare our secrets... +if [ "${IRONFOX_CI_PREP_ANDROID_KEYSTORE}" == 1 ]; then + prep_android_keystore +elif [ "${IRONFOX_CI_PREP_S3}" == 1 ]; then + prep_s3 +elif [ "${IRONFOX_CI_PREP_SB_GAPI_KEY}" == 1 ]; then + prep_sb_gapi_key +fi diff --git a/scripts/ci-publish-packages.sh b/scripts/ci-publish-packages.sh index 6df565f2..753896a7 100755 --- a/scripts/ci-publish-packages.sh +++ b/scripts/ci-publish-packages.sh @@ -5,7 +5,13 @@ set -euo pipefail +# Ensure this is never ran with xtrace... +set +x + # Set-up our environment +if [[ -z "${IRONFOX_CI+x}" ]]; then + export IRONFOX_CI=1 +fi if [[ -z "${IRONFOX_SET_ENVS+x}" ]]; then bash -x "$(realpath $(dirname "$0"))/env.sh" fi diff --git a/scripts/ci-update-fdroid.sh b/scripts/ci-update-fdroid.sh index 6702ed33..4b642cd9 100644 --- a/scripts/ci-update-fdroid.sh +++ b/scripts/ci-update-fdroid.sh @@ -7,6 +7,9 @@ set -euo pipefail # Set-up our environment +if [[ -z "${IRONFOX_CI+x}" ]]; then + export IRONFOX_CI=1 +fi if [[ -z "${IRONFOX_SET_ENVS+x}" ]]; then bash -x "$(realpath $(dirname "$0"))/env.sh" fi diff --git a/scripts/ci-update-site.sh b/scripts/ci-update-site.sh index a3bf1556..d411aad1 100644 --- a/scripts/ci-update-site.sh +++ b/scripts/ci-update-site.sh @@ -6,6 +6,9 @@ set -euo pipefail # Set-up our environment +if [[ -z "${IRONFOX_CI+x}" ]]; then + export IRONFOX_CI=1 +fi if [[ -z "${IRONFOX_SET_ENVS+x}" ]]; then bash -x "$(realpath $(dirname "$0"))/env.sh" fi diff --git a/scripts/sign.sh b/scripts/sign.sh index 7079f361..dcebd743 100755 --- a/scripts/sign.sh +++ b/scripts/sign.sh @@ -2,6 +2,9 @@ set -euo pipefail +# Ensure this is never ran with xtrace... +set +x + # Set-up our environment source $(dirname $0)/env.sh