8b75f71a6a
Consolidate 26+ scattered scripts into maintainable hierarchy: New Structure: - ci/ CI/CD validation (checks.sh, test.sh, verify-paths.sh) - dev/ Development workflow (smoke-test.sh, manage-artifacts.sh) - release/ Release preparation (cleanup.sh, prepare.sh, sanitize.sh, verify.sh, verify-checksums.sh) - testing/ Test infrastructure (unchanged) - benchmarks/ Performance tools (track-performance.sh) - maintenance/ System cleanup (unchanged) - lib/ Shared functions (unchanged) Key Changes: - Unified 6 cleanup-*.sh scripts into release/cleanup.sh with targets - Merged smoke-test-native.sh into dev/smoke-test.sh --native flag - Renamed scripts to follow lowercase-hyphen convention - Moved root-level scripts to appropriate categories - Updated all Makefile references - Updated scripts/README.md with new structure Script count: 26 → 17 (35% reduction) Breaking Changes: - Old paths no longer exist, update any direct script calls - Use make targets (e.g., make ci-checks) for stability
71 lines
2.3 KiB
Bash
Executable file
71 lines
2.3 KiB
Bash
Executable file
#!/bin/bash
|
|
set -euo pipefail
|
|
|
|
FAILED=0
|
|
echo "=== Release Verification ==="
|
|
|
|
# Check 1: No real credentials in configs (allow empty strings)
|
|
echo "Checking for credentials in configs..."
|
|
if grep -r "password:.*[^*\"' ]" configs/ --include="*.yaml" --include="*.yml" 2>/dev/null | grep -v "example\|schema\|changeme\|your_\|\[REDACTED\]\|password: \"\"\|password: ''"; then
|
|
echo "✗ FAIL: Potential passwords found in configs"
|
|
FAILED=1
|
|
fi
|
|
|
|
# Check 2: Config file permissions
|
|
echo "Checking config permissions..."
|
|
find configs/ -name "*.yaml" ! -name "*example*" ! -name "*schema*" -print0 2>/dev/null | while IFS= read -r -d '' f; do
|
|
PERM=$(stat -c %a "$f" 2>/dev/null || stat -f %A "$f")
|
|
if [ "$PERM" != "600" ]; then
|
|
echo "✗ FAIL: $f has permissions $PERM (expected 600)"
|
|
FAILED=1
|
|
fi
|
|
done
|
|
|
|
# Check 3: No uncommitted changes in configs
|
|
echo "Checking for uncommitted config changes..."
|
|
if git diff --name-only 2>/dev/null | grep -q "configs/"; then
|
|
echo "WARNING: Uncommitted changes in configs/"
|
|
fi
|
|
|
|
# Check 4: Docker containers stopped
|
|
echo "Checking Docker containers..."
|
|
if docker ps --filter "name=fetchml" --format "{{.Names}}" 2>/dev/null | grep -q .; then
|
|
echo "WARNING: Running FetchML Docker containers detected"
|
|
fi
|
|
|
|
# Check 5: Podman containers stopped
|
|
echo "Checking Podman containers..."
|
|
if podman ps --filter "name=fetchml" --format "{{.Names}}" 2>/dev/null | grep -q .; then
|
|
echo "WARNING: Running FetchML Podman containers detected"
|
|
fi
|
|
|
|
# Check 6: No .env files committed
|
|
echo "Checking for .env files in git..."
|
|
if git ls-files 2>/dev/null | grep -E "^\.env" | grep -v "example"; then
|
|
echo "✗ FAIL: .env files found in git"
|
|
FAILED=1
|
|
fi
|
|
|
|
# Check 7: Binary is not committed
|
|
echo "Checking for committed binaries..."
|
|
if git ls-files 2>/dev/null | grep -E "^(api-server|worker|bin/)"; then
|
|
echo "✗ FAIL: Binaries found in git"
|
|
FAILED=1
|
|
fi
|
|
|
|
# Check 8: Security audit passes
|
|
echo "Running security audit..."
|
|
if [ -f ./api-server ]; then
|
|
./api-server --security-audit 2>&1 | grep -q "All security checks passed" || {
|
|
echo "✗ FAIL: Security audit did not pass"
|
|
FAILED=1
|
|
}
|
|
fi
|
|
|
|
if [ $FAILED -eq 0 ]; then
|
|
echo "✓ All release checks passed"
|
|
exit 0
|
|
else
|
|
echo "✗ Release checks failed"
|
|
exit 1
|
|
fi
|