tech/sendico
2
0
Fork 0
Code Issues 22 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

version bump
Some checks failed
ci/woodpecker/push/fx_oracle Pipeline is pending
Details
ci/woodpecker/push/ledger Pipeline is pending
Details
ci/woodpecker/push/nats Pipeline is pending
Details
ci/woodpecker/push/notification Pipeline is pending
Details
ci/woodpecker/push/payments_orchestrator Pipeline is pending
Details
ci/woodpecker/push/billing_fees Pipeline was successful
Details
ci/woodpecker/push/bff Pipeline failed
Details
ci/woodpecker/push/chain_gateway Pipeline was successful
Details
ci/woodpecker/push/db Pipeline was successful
Details
ci/woodpecker/push/fx_ingestor Pipeline failed
Details
ci/woodpecker/push/bump_version unknown status
Details
ci/woodpecker/push/frontend Pipeline failed
Details

Browse Source
This commit is contained in:
Stephan D
2025-11-19 12:34:44 +01:00
parent 796e7b63b9
commit 26a849e582
23 changed files with 254 additions and 1401 deletions
Download Patch File Download Diff File Expand all files Collapse all files

239
ci/scripts/common/bump_version.sh
View File

@@ -1,8 +1,167 @@
#!/bin/sh
set -eu
log() {
printf '[bump-version] %s\n' "$*"
}
error() {
printf '[bump-version] %s\n' "$*" >&2
}
die() {
error "${1:-fatal error}"
exit "${2:-1}"
}
var_value() {
# shellcheck disable=SC2039
eval "printf '%s' \"\${$1:-}\""
}
normalize_host() {
value="$1"
if [ -z "${value}" ]; then
printf '%s' ""
return
fi
printf '%s' "${value}" | sed -E '
s#^[[:alpha:]][[:alnum:]+.-]*://##;
s#^[^@]*@##;
s#[:/].*$##;
'
}
extract_proto() {
url="$1"
if printf '%s' "${url}" | grep -Eq '^[[:alpha:]][[:alnum:]+.-]*://'; then
printf '%s' "${url}" | sed -E 's#^([[:alpha:]][[:alnum:]+.-]*://).*#\1#' | tr -d ':/'
return
fi
if printf '%s' "${url}" | grep -Eq '^[^@]+@[^:]+:'; then
printf 'ssh'
return
fi
printf 'https'
}
discover_env_credentials() {
DEFAULT_GIT_USER="${GIT_AUTH_DEFAULT_USER:-woodpecker}"
while IFS=: read -r user_var pass_var; do
[ -n "${pass_var}" ] || continue
pass="$(var_value "${pass_var}")"
[ -n "${pass}" ] || continue
if [ "${user_var}" = "-" ] || [ -z "${user_var}" ]; then
user=""
else
user="$(var_value "${user_var}")"
fi
if [ -z "${user}" ]; then
user="${DEFAULT_GIT_USER}"
fi
GIT_AUTH_USER="${user}"
GIT_AUTH_PASS="${pass}"
GIT_AUTH_SOURCE="env:${user_var:--}/${pass_var}"
return 0
done <<'EOF'
CI_GIT_USERNAME:CI_GIT_PASSWORD
CI_GIT_USERNAME:CI_GIT_TOKEN
CI_GIT_USERNAME:CI_GIT_PASS
CI_GIT_USER:CI_GIT_PASSWORD
CI_GIT_USER:CI_GIT_TOKEN
CI_NETRC_USERNAME:CI_NETRC_PASSWORD
CI_NETRC_LOGIN:CI_NETRC_PASSWORD
WOODPECKER_GIT_USERNAME:WOODPECKER_GIT_PASSWORD
WOODPECKER_GIT_USERNAME:WOODPECKER_GIT_TOKEN
WOODPECKER_NETRC_USERNAME:WOODPECKER_NETRC_PASSWORD
WOODPECKER_NETRC_LOGIN:WOODPECKER_NETRC_PASSWORD
DRONE_GIT_USERNAME:DRONE_GIT_PASSWORD
DRONE_GIT_USERNAME:DRONE_GIT_TOKEN
DRONE_NETRC_USERNAME:DRONE_NETRC_PASSWORD
DRONE_NETRC_LOGIN:DRONE_NETRC_PASSWORD
GIT_USERNAME:GIT_PASSWORD
GIT_USER:GIT_PASS
GIT_AUTH_USERNAME:GIT_AUTH_PASSWORD
-:GIT_PASSWORD
-:GIT_PASS
EOF
for token_var in CI_GIT_TOKEN WOODPECKER_GIT_TOKEN DRONE_GIT_TOKEN GIT_TOKEN GITEA_TOKEN; do
token="$(var_value "${token_var}")"
if [ -n "${token}" ]; then
user="$(var_value CI_GIT_USERNAME)"
[ -n "${user}" ] || user="$(var_value WOODPECKER_GIT_USERNAME)"
[ -n "${user}" ] || user="$(var_value DRONE_GIT_USERNAME)"
[ -n "${user}" ] || user="${DEFAULT_GIT_USER}"
GIT_AUTH_USER="${user}"
GIT_AUTH_PASS="${token}"
GIT_AUTH_SOURCE="env:${token_var}"
return 0
fi
done
return 1
}
discover_vault_credentials() {
VAULT_MOUNT="${GIT_CREDENTIALS_VAULT_MOUNT:-kv}"
VAULT_PATH="${GIT_CREDENTIALS_VAULT_PATH:-${CI_GIT_VAULT_PATH:-}}"
[ -n "${VAULT_PATH}" ] || return 1
VLT_BIN="${GIT_VAULT_HELPER:-./ci/vlt}"
if [ ! -x "${VLT_BIN}" ]; then
return 1
fi
user_field="${GIT_CREDENTIALS_VAULT_USER_FIELD:-username}"
pass_field="${GIT_CREDENTIALS_VAULT_PASSWORD_FIELD:-password}"
if ! GIT_AUTH_USER="$("${VLT_BIN}" kv_get "${VAULT_MOUNT}" "${VAULT_PATH}" "${user_field}" 2>/dev/null)"; then
return 1
fi
if ! GIT_AUTH_PASS="$("${VLT_BIN}" kv_get "${VAULT_MOUNT}" "${VAULT_PATH}" "${pass_field}" 2>/dev/null)"; then
return 1
fi
GIT_AUTH_SOURCE="vault:${VAULT_MOUNT}/${VAULT_PATH}"
return 0
}
write_netrc() {
host="$1"
user="$2"
pass="$3"
file="${HOME:-/root}/.netrc"
{
printf 'machine %s\n' "${host}"
printf 'login %s\n' "${user}"
printf 'password %s\n' "${pass}"
} > "${file}"
chmod 600 "${file}"
}
setup_https_credentials() {
host="$1"
netrc="${HOME:-/root}/.netrc"
if [ -s "${netrc}" ] && awk -v host="${host}" '
$1 == "machine" && $2 == host { found=1; exit }
END { exit found ? 0 : 1 }
' "${netrc}"; then
log "reusing credentials already present in ${netrc}"
return 0
fi
if discover_env_credentials; then
masked="$(printf '%s' "${GIT_AUTH_USER}" | cut -c1-2)***"
log "using ${GIT_AUTH_SOURCE} for ${host} (user ${masked})"
write_netrc "${host}" "${GIT_AUTH_USER}" "${GIT_AUTH_PASS}"
return 0
fi
if discover_vault_credentials; then
masked="$(printf '%s' "${GIT_AUTH_USER}" | cut -c1-2)***"
log "using ${GIT_AUTH_SOURCE} for ${host} (user ${masked})"
write_netrc "${host}" "${GIT_AUTH_USER}" "${GIT_AUTH_PASS}"
return 0
fi
return 1
}
START_DIR="$(pwd)"
echo "[bump-version] invoked from ${START_DIR}"
log "invoked from ${START_DIR}"
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
REPO_ROOT=""
@@ -12,17 +171,16 @@ fi
if [ -z "${REPO_ROOT}" ]; then
REPO_ROOT="$(cd "${SCRIPT_DIR}/../../.." && pwd)"
fi
echo "[bump-version] repo root resolved to ${REPO_ROOT}"
log "repo root resolved to ${REPO_ROOT}"
cd "${REPO_ROOT}"
VERSION_FILE="./version"
if [ ! -f "${VERSION_FILE}" ]; then
if git cat-file -e "HEAD:version" 2>/dev/null; then
echo "[bump-version] version file missing in workspace, restoring from HEAD" >&2
error "version file missing in workspace, restoring from HEAD"
git show "HEAD:version" > "${VERSION_FILE}"
else
echo "[bump-version] version file not found: ${VERSION_FILE}" >&2
exit 1
die "version file not found: ${VERSION_FILE}"
fi
fi
@@ -47,11 +205,11 @@ NEXT_VERSION="$(printf '%s' "${CURRENT_VERSION}" | awk -F. -v OFS=. '
}')"
printf '%s\n' "${NEXT_VERSION}" > "${VERSION_FILE}"
echo "[bump-version] ${CURRENT_VERSION} -> ${NEXT_VERSION}"
log "${CURRENT_VERSION} -> ${NEXT_VERSION}"
git add "${VERSION_FILE}"
if git diff --cached --quiet; then
echo "[bump-version] no changes staged, skipping commit"
log "no changes staged, skipping commit"
exit 0
fi
@@ -71,47 +229,36 @@ REMOTE_URL="${CI_REPO_REMOTE:-${WOODPECKER_GIT_REMOTE:-${DRONE_REMOTE_URL:-}}}"
if [ -z "${REMOTE_URL}" ]; then
REMOTE_URL="$(git config --get remote.origin.url 2>/dev/null || true)"
fi
[ -n "${REMOTE_URL}" ] || die "unable to determine git remote url"
# Normalize machine to a bare hostname so .netrc matches HTTPS requests.
normalize_machine() {
value="$1"
if [ -z "${value}" ]; then
printf '%s' ""
return
fi
printf '%s' "${value}" | sed -E '
s#^[[:alpha:]][[:alnum:]+.-]*://##;
s#^[^@]*@##;
s#/.*$##;
s#:[0-9]+$##;
'
}
REMOTE_PROTO="$(extract_proto "${REMOTE_URL}")"
REMOTE_HOST="$(normalize_host "${REMOTE_URL}")"
[ -n "${REMOTE_HOST}" ] || die "unable to determine remote host from ${REMOTE_URL}"
NETRC_MACHINE="${CI_NETRC_MACHINE:-${WOODPECKER_NETRC_MACHINE:-${DRONE_NETRC_MACHINE:-}}}"
NETRC_USERNAME="${CI_NETRC_USERNAME:-${WOODPECKER_NETRC_USERNAME:-${DRONE_NETRC_USERNAME:-${CI_NETRC_LOGIN:-${WOODPECKER_NETRC_LOGIN:-${DRONE_NETRC_LOGIN:-}}}}}}"
NETRC_PASSWORD="${CI_NETRC_PASSWORD:-${WOODPECKER_NETRC_PASSWORD:-${DRONE_NETRC_PASSWORD:-}}}"
NETRC_MACHINE="$(normalize_machine "${NETRC_MACHINE}")"
if [ -z "${NETRC_MACHINE}" ] && [ -n "${REMOTE_URL}" ]; then
NETRC_MACHINE="$(normalize_machine "${REMOTE_URL}")"
fi
log "using remote ${REMOTE_URL}"
git remote set-url origin "${REMOTE_URL}"
if [ -n "${NETRC_MACHINE}" ] && [ -n "${NETRC_USERNAME}" ] && [ -n "${NETRC_PASSWORD}" ]; then
MASKED_USER="$(printf '%s' "${NETRC_USERNAME}" | cut -c1-2)***"
echo "[bump-version] configuring credentials for ${NETRC_MACHINE} (user ${MASKED_USER})"
NETRC_FILE="${HOME:-/root}/.netrc"
{
printf 'machine %s\n' "${NETRC_MACHINE}"
printf 'login %s\n' "${NETRC_USERNAME}"
printf 'password %s\n' "${NETRC_PASSWORD}"
} > "${NETRC_FILE}"
chmod 600 "${NETRC_FILE}"
else
echo "[bump-version] no netrc credentials available"
fi
if [ -n "${REMOTE_URL}" ]; then
echo "[bump-version] using remote ${REMOTE_URL}"
git remote set-url origin "${REMOTE_URL}"
fi
case "${REMOTE_PROTO}" in
ssh)
if [ -n "${GIT_SSH_KEY_B64:-}" ]; then
SSH_KEY_FILE="${HOME:-/root}/.ssh/id_ci"
mkdir -p "$(dirname "${SSH_KEY_FILE}")"
printf '%s' "${GIT_SSH_KEY_B64}" | base64 -d > "${SSH_KEY_FILE}"
chmod 600 "${SSH_KEY_FILE}"
export GIT_SSH_COMMAND="ssh -i ${SSH_KEY_FILE} -o StrictHostKeyChecking=no"
log "configured SSH key for git push"
else
log "no SSH key provided, relying on existing agent configuration"
fi
;;
http|https)
if ! setup_https_credentials "${REMOTE_HOST}"; then
die "no git credentials detected (set CI_GIT_USERNAME/CI_GIT_PASSWORD, WOODPECKER_GIT_USERNAME/WOODPECKER_GIT_PASSWORD, or configure GIT_CREDENTIALS_VAULT_PATH)"
fi
;;
*)
log "unknown git protocol ${REMOTE_PROTO}, attempting push without extra credentials"
;;
esac
git push origin "HEAD:${BRANCH}"