run.sh (4070B)
1 #!/bin/bash 2 set -o pipefail 3 4 # Jaypore CI run script 5 # --------------------- 6 # This script is executed by Jaypore CI. 7 # 8 # Available environment variables: 9 # JCI_COMMIT - The git commit being tested 10 # JCI_REPO_ROOT - Absolute path to the repository root 11 # JCI_OUTPUT_DIR - Directory for CI artifacts (cwd at start) 12 # 13 # This example demonstrates managing secrets with Mozilla SOPS. 14 # Secrets are stored encrypted in the repo and decrypted at CI time. 15 16 echo "=== Jaypore CI: Secrets + Telegram ===" 17 echo "Commit : $JCI_COMMIT" 18 echo "Repo : $JCI_REPO_ROOT" 19 echo "Output : $JCI_OUTPUT_DIR" 20 echo 21 22 cd "$JCI_REPO_ROOT" || exit 1 23 24 REPO_NAME=$(basename "$JCI_REPO_ROOT") 25 SHORT_COMMIT=$(echo "$JCI_COMMIT" | head -c 7) 26 TIMESTAMP=$(date '+%Y-%m-%d %H:%M:%S') 27 28 # ── Load secrets ───────────────────────────────────────────── 29 # Strategy: 30 # 1. If `sops` is installed and secrets.enc.json exists, decrypt it. 31 # 2. Otherwise fall back to plain environment variables. 32 33 load_secrets_from_sops() { 34 local secrets_file="secrets.enc.json" 35 if [ ! -f "$secrets_file" ]; then 36 echo "WARNING: $secrets_file not found, skipping SOPS decryption" 37 return 1 38 fi 39 echo "--- Decrypting secrets with SOPS ---" 40 local decrypted 41 decrypted=$(sops -d "$secrets_file" 2>&1) 42 if [ $? -ne 0 ]; then 43 echo "ERROR: sops decryption failed:" 44 echo "$decrypted" 45 return 1 46 fi 47 # Extract values from the decrypted JSON 48 TELEGRAM_BOT_TOKEN=$(echo "$decrypted" | python3 -c "import sys,json; print(json.load(sys.stdin)['TELEGRAM_BOT_TOKEN'])") 49 TELEGRAM_CHAT_ID=$(echo "$decrypted" | python3 -c "import sys,json; print(json.load(sys.stdin)['TELEGRAM_CHAT_ID'])") 50 export TELEGRAM_BOT_TOKEN TELEGRAM_CHAT_ID 51 echo "Secrets loaded from $secrets_file" 52 return 0 53 } 54 55 if command -v sops &> /dev/null; then 56 load_secrets_from_sops || echo "Falling back to environment variables" 57 else 58 echo "--- SOPS not installed ---" 59 echo "Install it to use encrypted secrets:" 60 echo " # Debian/Ubuntu" 61 echo " curl -LO https://github.com/getsops/sops/releases/download/v3.9.4/sops_3.9.4_amd64.deb" 62 echo " sudo dpkg -i sops_3.9.4_amd64.deb" 63 echo "" 64 echo " # macOS" 65 echo " brew install sops" 66 echo "" 67 echo "Falling back to environment variables" 68 fi 69 70 # ── Run Django tests ───────────────────────────────────────── 71 echo 72 echo "--- Running Django tests ---" 73 TEST_OUTPUT=$(python3 manage.py test core 2>&1) 74 TEST_EXIT=$? 75 76 echo "$TEST_OUTPUT" 77 echo "$TEST_OUTPUT" > "$JCI_OUTPUT_DIR/test_output.txt" 78 echo "$TEST_EXIT" > "$JCI_OUTPUT_DIR/exit_code.txt" 79 80 if [ "$TEST_EXIT" -eq 0 ]; then 81 STATUS="✅ PASSED" 82 else 83 STATUS="❌ FAILED" 84 fi 85 86 # ── Send Telegram notification ─────────────────────────────── 87 MESSAGE=$(cat <<EOF 88 *CI Build — Secrets Example* 89 90 Repo: \`${REPO_NAME}\` 91 Commit: \`${SHORT_COMMIT}\` 92 Status: ${STATUS} 93 Time: ${TIMESTAMP} 94 EOF 95 ) 96 97 if [ -n "$TELEGRAM_BOT_TOKEN" ] && [ -n "$TELEGRAM_CHAT_ID" ]; then 98 echo 99 echo "--- Sending Telegram notification ---" 100 RESPONSE=$(curl -s -X POST \ 101 "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \ 102 -d chat_id="$TELEGRAM_CHAT_ID" \ 103 -d text="$MESSAGE" \ 104 -d parse_mode="Markdown") 105 echo "$RESPONSE" > "$JCI_OUTPUT_DIR/telegram_response.json" 106 echo "Notification sent." 107 else 108 echo 109 echo "WARNING: TELEGRAM_BOT_TOKEN or TELEGRAM_CHAT_ID not set, skipping notification" 110 fi 111 112 # ── Summary ────────────────────────────────────────────────── 113 echo 114 echo "=== Summary ===" 115 echo "Test result : $STATUS" 116 echo "Test output : test_output.txt" 117 echo "Exit code : exit_code.txt" 118 echo "All artifacts in $JCI_OUTPUT_DIR" 119 120 exit "$TEST_EXIT"