deploy.functions 2.03 KB
Newer Older
1 2
# -*- mode:sh -*-

3
function fetch_updates() {
4
    cd ${masterdir}/
5
    local beforefetch=$(git rev-parse HEAD)
6 7 8 9 10
    git fetch origin
    local afterfetch=$(git rev-parse origin/deploy)
    if [[ ${beforefetch} == ${afterfetch} ]]; then
        exit 0
    fi
11 12 13 14 15
}

function find_commitids() {
    cd ${masterdir}
    OLDHEAD=$(git rev-parse HEAD)
16
    NEWHEAD=$(git rev-parse origin/deploy)
17
}
18

19 20 21 22 23 24 25 26 27 28
function check_commit_signature() {
    cd ${masterdir}
    git config --local gpg.program "${scriptsdir}/gpgverify"
    if ! SIGNKEY=$(git verify-commit --raw ${NEWHEAD} 2>&1 | awk '/VALIDSIG/ {print $NF}'); then
        log_error "{NEWHEAD} is not signed correctly"
        exit 3
    fi
    if [[ -z ${DEPLOY_KEYS[${SIGNKEY}]} ]]; then
        log_error "{NEWHEAD} signed by ${SIGNKEY} which is not allowed to deploy code"
        exit 4
29 30 31 32 33 34
    fi
}

function check_for_db_update() {
    # Check: Do we have a DB Upgrade?
    if [[ -n ${NEEDDB} ]]; then
35
        NEWDBVER=$(GIT_DIR=${masterdir}/.git git ls-tree origin/deploy dak/dakdb/|grep -v '__init__.py'|sort -V -k 4|tail -n 1)
36 37 38 39
        NEWDBVER=${NEWDBVER##*update}
        declare -r NEWDBVER=${NEWDBVER%%.py}
    fi

40 41 42
    if [[ ${OLDDBVER} -ne ${NEWDBVER} ]] && [[ -z ${FORCETHISDAMNUPGRADEIKNOWWHATIDOIHOPE:-""} ]]; then
        # Differing versions and no FORCETHISDAMNUPGRADEIKNOWWHATIDOIHOPE variable, break
        log_error "Database update from ${OLDDBVER} to ${NEWDBVER} required, will not update dak code on ${HOSTNAME} unless told with FORCETHISDAMNUPGRADEIKNOWWHATIDOIHOPE=1 in the environment"
43 44 45 46 47
        exit 21
    fi
}

function check_ancestor() {
48
    cd ${masterdir}
49 50 51 52 53 54 55 56 57 58 59 60 61
    if ! git merge-base --is-ancestor ${OLDHEAD} ${NEWHEAD}; then
        log_error "Running code HEAD ${OLDHEAD} is not an ancestor of newly-to-deploy HEAD ${NEWHEAD}, refusing to update"
        exit 2
    fi
}

function update_masterdir() {
    cd ${masterdir}
    # We do not want local changes
    git stash save --include-untracked --all "Update for commitid ${NEWHEAD}"
    # And switch to the commit we just verified
    git checkout ${NEWHEAD}
}