This repository has been archived by the owner on Sep 16, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathsecurityUpdate.sh
executable file
·117 lines (97 loc) · 3.38 KB
/
securityUpdate.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
#!/bin/bash
# Script expects emails to be passed along as paramters to notify about the state of the Security-Update
# bash ./securityUpdate.sh [email protected] [email protected]
set +e
updateTime=$(date +%Y%m%d-%H-%M-%S)
emails=$@
securityUserEmail="[email protected]"
securityUserName="Security User"
# this blacklist needs to contain the names of modules blacklisted,
# they are the the modules foldernames
blacklist=()
composerModuleNames=()
# Sends an Email to notify about the security-update-status
function sendEmailForUpdateStatus {
mail -s "$1" ${emails[@]}
}
# Sends an email notifying that no Security-Update has been found.
function noUpdateFoundFunction {
echo "Security-Update ran at $updateTime, no Updates found."|sendEmailForUpdateStatus "No Security-Update for Gopa-Intec"
}
# Sends an error notifying recipients that changes were not comittable.
function commitErrorHandling {
exitStatus=$?
if [[ $exitStatus -eq 1 ]] ; then
noUpdateFoundFunction
else
# this is a special case of handleErrors().
echo "Security-Update failed at $updateTime, git encountered problem."|sendEmailForUpdateStatus "Failed Security-Update for Gopa-Intec"
exit $exitStatus
fi
}
# Function for general error-handling.
# Terminates the script with the error-encountered
function handleErrors {
exitStatus=$?
echo "Security-Update failed at $updateTime"|sendEmailForUpdateStatus "Failed Security-Update Gopa-Intec"
exit $exitStatus
}
# Function notifying recipients that the Security-Update went well.
function securityUpdateDone {
echo "Security-Update successfully executed at $updateTime \n $composerModuleNames "|sendEmailForUpdateStatus "Successful Security-Update"
}
# Function deciding if a module is barred from upgrading.
function isNotInBlacklist() {
element=$1
blacklist=$2
for blackListedElement in $blacklist; do
if [ $element == $blackListedElement ]; then
return 1; # 1 is false in bash
fi
done
return 0;# 0 is true in bash
}
trap handleErrors ERR
echo "Deploy new Artifact"
rm -fr dist||true
mkdir dist
# we expect the artifact we use for deployment to be present on the system already
tar xf archive.tar -C dist
rm archive.tar
pushd dist/web
echo "Importing Prod-DB"
../vendor/drush/drush/drush sql-drop -y
# the DB-Dump needs to be put in place beforehand
cat /tmp/securityDB.sql |../vendor/drush/drush/drush sql-cli
rm /tmp/securityDB.sql
#disabling trap because drush will throw a status-code 1 if it finds an update and wants to warn.
trap - ERR
echo "preparing to get update-message"
updateMessage=$(../vendor/drush/drush/drush pm:security -n )
echo "prepare composer-packagenames"
for module in $(../vendor/bin/drush pm:security --format=list --field=Name 2>/dev/null); do
composerModuleNames+=($module)
done
cd ..
trap handleErrors ERR
echo "Prepping Git"
git checkout -b security
git config user.email $securityUserEmail
git config user.name $securityUserName
echo "Updating packages"
if [[ -n ${composerModuleNames[@]} ]]; then
composer update ${composerModuleNames[@]} --with-dependencies
cd web/
../vendor/bin/drush updb -y
../vendor/bin/drush entup -y
trap commitErrorHandling ERR
cd ..
git add .
git commit -a -m "Security-Update ran successfully at $updateTime"
# doing a force-push allows us to not having to worry about state.
git push -u origin security -f
securityUpdateDone
else
noUpdateFoundFunction
fi
popd