jfraeysd/fetch_ml
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
fetch_ml/scripts/release/verify-release.sh
Jeremie Fraeys c9b6532dfb
fix: remove accidentally committed api-server binary
2026-02-18 16:31:40 -05:00

71 lines
2.3 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
set -euo pipefail
FAILED=0
echo "=== Release Verification ==="
# Check 1: No real credentials in configs (allow empty strings)
echo "Checking for credentials in configs..."
if grep -r "password:.*[^*\"' ]" configs/ --include="*.yaml" --include="*.yml" 2>/dev/null | grep -v "example\|schema\|changeme\|your_\|\[REDACTED\]\|password: \"\"\|password: ''"; then
echo "✗ FAIL: Potential passwords found in configs"
FAILED=1
fi
# Check 2: Config file permissions
echo "Checking config permissions..."
find configs/ -name "*.yaml" ! -name "*example*" ! -name "*schema*" -print0 2>/dev/null | while IFS= read -r -d '' f; do
PERM=$(stat -c %a "$f" 2>/dev/null || stat -f %A "$f")
if [ "$PERM" != "600" ]; then
echo "✗ FAIL: $f has permissions $PERM (expected 600)"
FAILED=1
fi
done
# Check 3: No uncommitted changes in configs
echo "Checking for uncommitted config changes..."
if git diff --name-only 2>/dev/null | grep -q "configs/"; then
echo "WARNING: Uncommitted changes in configs/"
fi
# Check 4: Docker containers stopped
echo "Checking Docker containers..."
if docker ps --filter "name=fetchml" --format "{{.Names}}" 2>/dev/null | grep -q .; then
echo "WARNING: Running FetchML Docker containers detected"
fi
# Check 5: Podman containers stopped
echo "Checking Podman containers..."
if podman ps --filter "name=fetchml" --format "{{.Names}}" 2>/dev/null | grep -q .; then
echo "WARNING: Running FetchML Podman containers detected"
fi
# Check 6: No .env files committed
echo "Checking for .env files in git..."
if git ls-files 2>/dev/null | grep -E "^\.env" | grep -v "example"; then
echo "✗ FAIL: .env files found in git"
FAILED=1
fi
# Check 7: Binary is not committed
echo "Checking for committed binaries..."
if git ls-files 2>/dev/null | grep -E "^(api-server|worker|bin/)"; then
echo "✗ FAIL: Binaries found in git"
FAILED=1
fi
# Check 8: Security audit passes
echo "Running security audit..."
if [ -f ./api-server ]; then
./api-server --security-audit 2>&1 | grep -q "All security checks passed" || {
echo "✗ FAIL: Security audit did not pass"
FAILED=1
}
fi
if [ $FAILED -eq 0 ]; then
echo "✓ All release checks passed"
exit 0
else
echo "✗ Release checks failed"
exit 1
fi
Reference in a new issue View git blame Copy permalink