-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathentrypoint.sh
executable file
·136 lines (107 loc) · 4.95 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
#!/bin/bash
JAVA_HOME=$(java -XshowSettings:properties -version 2>&1 | grep 'java.home' | awk '{print $3}')
#if java_home is empty, then we use a different command. Fallback case
if [ -z "$JAVA_HOME" ]; then
JAVA_HOME=$(dirname "$(dirname "$(readlink -f "$(which java)")")")
fi
export JAVA_HOME
# Read global options from file
global_options_file="/resources/global_options.txt"
# Check if the file exists
if [ ! -f "$global_options_file" ]; then
echo "Error: File '$global_options_file' not found."
exit 1
fi
# Initialize an array to store global options
declare -a global_options
#set common pwd
password="changeit"
# Check if Root CA file exists and import it
SSL_CA_CERT_PATH="/etc/ssl/certs/dbops/root_ca.crt"
if [ -f "$SSL_CA_CERT_PATH" ]; then
echo "Importing self signed certificate into default JVM trustStore..."
if [ -z "$JAVA_HOME" ]; then
echo "Error: JAVA_HOME is not set. Cannot import self signed certificate in path $SSL_CA_CERT_PATH."
exit 1
fi
keytool -importcert \
-alias mongodb-root-ca-cert \
-keystore "${JAVA_HOME}/lib/security/cacerts" \
-storepass "$password" \
-trustcacerts \
-file "$SSL_CA_CERT_PATH" \
-noprompt
#JAVA_OPTS is a variable that belongs to liquibase. This sets the env variables
export JAVA_OPTS="-Djavax.net.ssl.trustStore=$JAVA_HOME/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=$password"
fi
# Check if client certificate key file exists and import it
CLIENT_KEY_PATH="/etc/ssl/certs/dbops/client_pkcs12.txt"
CLIENT_PKCS_12_PATH="/etc/ssl/certs/dbops/client.p12"
if [ -f "$CLIENT_KEY_PATH" ]; then
base64 -d ${CLIENT_KEY_PATH} > ${CLIENT_PKCS_12_PATH}
echo "Importing client certificate into default JVM keyStore..."
if [ -z "$JAVA_HOME" ]; then
echo "Error: JAVA_HOME is not set. Cannot import client certificate key file in path $CLIENT_PKCS_12_PATH"
exit 1
fi
keytool -importkeystore \
-destkeystore "${JAVA_HOME}/lib/security/jssecacerts" \
-srckeystore "$CLIENT_PKCS_12_PATH" \
-srcstoretype PKCS12 \
-alias mongo-client \
-storepass "$password" \
-srcstorepass "$password"
#JAVA_OPTS is a variable that belongs to liquibase. This sets the env variables
export JAVA_OPTS="-Djavax.net.ssl.keyStore=$JAVA_HOME/lib/security/jssecacerts -Djavax.net.ssl.keyStorePassword=$password -Djavax.net.ssl.trustStore=$JAVA_HOME/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=$password"
fi
# Read global options into an array
while IFS= read -r option || [[ -n "$option" ]]; do
global_options+=("$option")
done < "$global_options_file"
# Check if PLUGIN_COMMAND is non-empty
if [ -z "$PLUGIN_COMMAND" ]; then
echo "Error: PLUGIN_COMMAND is empty. Please set PLUGIN_COMMAND before running the script."
exit 1
fi
# Initialize a variable to hold the constructed argument string
argument_string=""
# Iterate through the list of global options
for option in "${global_options[@]}"; do
env_var_name="PLUGIN_LIQUIBASE_$(echo "$option" | tr '-' '_' | tr '[:lower:]' '[:upper:]')"
# 3. If the resulting environment variable is set, append to the argument string
if [ -n "${!env_var_name}" ]; then
argument_string="$argument_string --$option ${!env_var_name}"
# unset the environment variable to hide it from now on
unset "$env_var_name"
fi
done
argument_string="$argument_string $PLUGIN_COMMAND"
# Add all remaining PLUGIN_LIQUIBASE_ environment variables are command line params
for var in $(env | grep '^PLUGIN_LIQUIBASE_' | awk -F= '{print $1}'); do
# Remove "PLUGIN_LIQUIBASE_" from the variable name, convert to lowercase, and replace underscores with hyphens
var_name="${var#PLUGIN_LIQUIBASE_}"
var_name_lower="$(echo "$var_name" | tr '[:upper:]' '[:lower:]' | tr '_' '-')"
# Construct the string in the desired format
argument_string="$argument_string --$var_name_lower ${!var}"
done
# Define the SA target file
SERVICE_ACCOUNT_KEY_FILE="/tmp/harness-google-application-credentials.json"
# Check if the environment variable is set and the file does not already exist
if [[ -n "$PLUGIN_JSON_KEY" && ! -f "$SERVICE_ACCOUNT_KEY_FILE" ]]; then
echo "Creating service account key file..."
# Write the content of PLUGIN_JSON_KEY to the file if it is set
echo "${PLUGIN_JSON_KEY:-}" > "$SERVICE_ACCOUNT_KEY_FILE"
# Export the GOOGLE_APPLICATION_CREDENTIALS variable to point to the file
export GOOGLE_APPLICATION_CREDENTIALS="$SERVICE_ACCOUNT_KEY_FILE"
fi
# Print the constructed argument string
command=`echo "/liquibase/liquibase $argument_string"`
echo "$command"
# Create unique file to avoid override in parallel steps
logfile=$(mktemp)
{ $command; } 2>&1 | tee -a "$logfile"
exit_code=${PIPESTATUS[0]}
encoded_command_logs=$(cat "$logfile" | base64 -w 0)
encoded_command_logs=`echo $encoded_command_logs | tr = -`
echo "encoded_command_logs=$encoded_command_logs" > "$DRONE_OUTPUT"
echo "exit_code=$exit_code" >> "$DRONE_OUTPUT"