diff --git a/.buildkite/steps/build-github-release.sh b/.buildkite/steps/build-github-release.sh index 83a299722f..f29a7e1541 100755 --- a/.buildkite/steps/build-github-release.sh +++ b/.buildkite/steps/build-github-release.sh @@ -3,9 +3,14 @@ set -e echo '--- Getting agent version from build meta data' -export FULL_AGENT_VERSION=$(buildkite-agent meta-data get "agent-version-full") -export AGENT_VERSION=$(buildkite-agent meta-data get "agent-version") -export BUILD_VERSION=$(buildkite-agent meta-data get "agent-version-build") +FULL_AGENT_VERSION=$(buildkite-agent meta-data get "agent-version-full") +export FULL_AGENT_VERSION + +AGENT_VERSION=$(buildkite-agent meta-data get "agent-version") +export AGENT_VERSION + +BUILD_VERSION=$(buildkite-agent meta-data get "agent-version-build") +export BUILD_VERSION echo "Full agent version: $FULL_AGENT_VERSION" echo "Agent version: $AGENT_VERSION" @@ -20,7 +25,7 @@ buildkite-agent artifact download "pkg/*" . function build() { echo "--- Building release for: $1" - ./scripts/build-github-release.sh $1 $AGENT_VERSION + ./scripts/build-github-release.sh "$1" "$AGENT_VERSION" } # Export the function so we can use it in xargs @@ -30,4 +35,4 @@ export -f build rm -rf releases # Loop over all the binaries and build them -ls pkg/* | xargs -I {} bash -c "build {}" +find pkg/* -print0 | xargs -I {} bash -c "build {}" diff --git a/.buildkite/steps/build-rpm-packages.sh b/.buildkite/steps/build-rpm-packages.sh index 2eddca585b..613e73fc57 100755 --- a/.buildkite/steps/build-rpm-packages.sh +++ b/.buildkite/steps/build-rpm-packages.sh @@ -3,9 +3,14 @@ set -euo pipefail echo "--- Getting agent version from build meta data" -export FULL_AGENT_VERSION=$(buildkite-agent meta-data get "agent-version-full") -export AGENT_VERSION=$(buildkite-agent meta-data get "agent-version") -export BUILD_VERSION=$(buildkite-agent meta-data get "agent-version-build") +FULL_AGENT_VERSION=$(buildkite-agent meta-data get "agent-version-full") +export FULL_AGENT_VERSION + +AGENT_VERSION=$(buildkite-agent meta-data get "agent-version") +export AGENT_VERSION + +BUILD_VERSION=$(buildkite-agent meta-data get "agent-version-build") +export BUILD_VERSION echo "Full agent version: $FULL_AGENT_VERSION" echo "Agent version: $AGENT_VERSION" diff --git a/.buildkite/steps/github-release.sh b/.buildkite/steps/github-release.sh index bd2371f2d3..1a23b88c08 100755 --- a/.buildkite/steps/github-release.sh +++ b/.buildkite/steps/github-release.sh @@ -10,7 +10,8 @@ dry_run() { } echo '--- Getting credentials from SSM' -export GITHUB_RELEASE_ACCESS_TOKEN=$(aws ssm get-parameter --name /pipelines/agent/GITHUB_RELEASE_ACCESS_TOKEN --with-decryption --output text --query Parameter.Value --region us-east-1) +GITHUB_RELEASE_ACCESS_TOKEN=$(aws ssm get-parameter --name /pipelines/agent/GITHUB_RELEASE_ACCESS_TOKEN --with-decryption --output text --query Parameter.Value --region us-east-1) +export GITHUB_RELEASE_ACCESS_TOKEN if [[ "$GITHUB_RELEASE_ACCESS_TOKEN" == "" ]]; then echo "Error: Missing \$GITHUB_RELEASE_ACCESS_TOKEN" @@ -19,10 +20,17 @@ fi echo '--- Getting agent version from build meta data' -export FULL_AGENT_VERSION=$(buildkite-agent meta-data get "agent-version-full") -export AGENT_VERSION=$(buildkite-agent meta-data get "agent-version") -export BUILD_VERSION=$(buildkite-agent meta-data get "agent-version-build") -export IS_PRERELEASE=$(buildkite-agent meta-data get "agent-is-prerelease") +FULL_AGENT_VERSION=$(buildkite-agent meta-data get "agent-version-full") +export FULL_AGENT_VERSION + +AGENT_VERSION=$(buildkite-agent meta-data get "agent-version") +export AGENT_VERSION + +BUILD_VERSION=$(buildkite-agent meta-data get "agent-version-build") +export BUILD_VERSION + +IS_PRERELEASE=$(buildkite-agent meta-data get "agent-is-prerelease") +export IS_PRERELEASE echo "Full agent version: $FULL_AGENT_VERSION" echo "Agent version: $AGENT_VERSION" diff --git a/.buildkite/steps/publish-debian-package.sh b/.buildkite/steps/publish-debian-package.sh index eaffaa211c..ba15269133 100755 --- a/.buildkite/steps/publish-debian-package.sh +++ b/.buildkite/steps/publish-debian-package.sh @@ -24,7 +24,8 @@ if ! findmnt --source tmpfs --target /root/.gnupg; then fi echo "fetching signing key..." -export GPG_SIGNING_KEY=$(aws ssm get-parameter --name /pipelines/agent/GPG_SIGNING_KEY --with-decryption --output text --query Parameter.Value --region us-east-1) +GPG_SIGNING_KEY=$(aws ssm get-parameter --name /pipelines/agent/GPG_SIGNING_KEY --with-decryption --output text --query Parameter.Value --region us-east-1) +export GPG_SIGNING_KEY echo "fetching secret key..." aws ssm get-parameter --name /pipelines/agent/GPG_SECRET_KEY_ASCII --with-decryption --output text --query Parameter.Value --region us-east-1 > ${secret_key_path} diff --git a/.buildkite/steps/publish-debian-packagecloud.sh b/.buildkite/steps/publish-debian-packagecloud.sh index 31095fad3c..63de17d6a6 100755 --- a/.buildkite/steps/publish-debian-packagecloud.sh +++ b/.buildkite/steps/publish-debian-packagecloud.sh @@ -32,7 +32,8 @@ echo "--- Installing dependencies" gem install package_cloud echo "--- Requesting OIDC token" -export PACKAGECLOUD_TOKEN="$(buildkite-agent oidc request-token --audience "https://packagecloud.io/${REPOSITORY}" --lifetime 300)" +PACKAGECLOUD_TOKEN="$(buildkite-agent oidc request-token --audience "https://packagecloud.io/${REPOSITORY}" --lifetime 300)" +export PACKAGECLOUD_TOKEN echo "--- Pushing to Packagecloud" dry_run package_cloud push "${REPOSITORY}/${DISTRO_VERSION}" deb/*.deb diff --git a/.buildkite/steps/publish-docker-image.sh b/.buildkite/steps/publish-docker-image.sh index aa7831f009..21d89a4951 100755 --- a/.buildkite/steps/publish-docker-image.sh +++ b/.buildkite/steps/publish-docker-image.sh @@ -28,7 +28,7 @@ parse_version() { IFS='.' read -r -a parts <<< "${v%-*}" for idx in $(seq 1 ${#parts[*]}) ; do - sed -e 's/ /./g' <<< "${parts[@]:0:$idx}" + sed -e 's/ /./g' <<< "${parts[@]:0:$idx// /.}" done [[ "${v%-*}" == "$v" ]] || echo "$v" diff --git a/.buildkite/steps/publish-rpm-package.sh b/.buildkite/steps/publish-rpm-package.sh index eb33245bf1..24c78f3ee0 100755 --- a/.buildkite/steps/publish-rpm-package.sh +++ b/.buildkite/steps/publish-rpm-package.sh @@ -82,7 +82,7 @@ for ARCH in "x86_64" "i386" "aarch64"; do "${ARCH_PATH}/repodata" # Copy the new RPMs in. - find "rpm/" -type f -name "*${ARCH}*" | xargs cp -t "${ARCH_PATH}" + find "rpm/" -type f -name "*${ARCH}*" -print0 | xargs cp -t "${ARCH_PATH}" echo "--- Updating yum repository for ${CODENAME}/${ARCH}" if updaterepo "${ARCH_PATH}"; then @@ -99,7 +99,7 @@ for ARCH in "x86_64" "i386" "aarch64"; do "${ARCH_PATH}" # Copy the new RPMs in again. - find "rpm/" -type f -name "*${ARCH}*" | xargs cp -t "${ARCH_PATH}" + find "rpm/" -type f -name "*${ARCH}*" -print0 | xargs cp -t "${ARCH_PATH}" echo "--- Recreating yum repository for ${CODENAME}/${ARCH}" createrepo "${ARCH_PATH}" diff --git a/.buildkite/steps/publish-rpm-packagecloud.sh b/.buildkite/steps/publish-rpm-packagecloud.sh index b10499d45d..f61c777fc3 100755 --- a/.buildkite/steps/publish-rpm-packagecloud.sh +++ b/.buildkite/steps/publish-rpm-packagecloud.sh @@ -32,7 +32,8 @@ echo "--- Installing dependencies" gem install package_cloud echo "--- Requesting OIDC token" -export PACKAGECLOUD_TOKEN="$(buildkite-agent oidc request-token --audience "https://packagecloud.io/${REPOSITORY}" --lifetime 300)" +PACKAGECLOUD_TOKEN="$(buildkite-agent oidc request-token --audience "https://packagecloud.io/${REPOSITORY}" --lifetime 300)" +export PACKAGECLOUD_TOKEN echo "--- Pushing to Packagecloud" dry_run package_cloud push "${REPOSITORY}/${DISTRO_VERSION}" rpm/*.rpm diff --git a/.buildkite/steps/release-homebrew.sh b/.buildkite/steps/release-homebrew.sh index 56e9b36958..42c0e774d9 100755 --- a/.buildkite/steps/release-homebrew.sh +++ b/.buildkite/steps/release-homebrew.sh @@ -19,10 +19,18 @@ function to_json { echo '--- Getting agent version from build meta data' -export FULL_AGENT_VERSION=$(buildkite-agent meta-data get "agent-version-full") -export AGENT_VERSION=$(buildkite-agent meta-data get "agent-version") -export BUILD_VERSION=$(buildkite-agent meta-data get "agent-version-build") -export IS_PRERELEASE=$(buildkite-agent meta-data get "agent-is-prerelease") +FULL_AGENT_VERSION=$(buildkite-agent meta-data get "agent-version-full") +export FULL_AGENT_VERSION + +AGENT_VERSION=$(buildkite-agent meta-data get "agent-version") +export AGENT_VERSION + +BUILD_VERSION=$(buildkite-agent meta-data get "agent-version-build") +export BUILD_VERSION + +IS_PRERELEASE=$(buildkite-agent meta-data get "agent-is-prerelease") +export IS_PRERELEASE + echo "Full agent version: $FULL_AGENT_VERSION" echo "Agent version: $AGENT_VERSION" diff --git a/install.sh b/install.sh index 264db95abb..1d786e0ee4 100755 --- a/install.sh +++ b/install.sh @@ -102,14 +102,14 @@ function buildkite-download { echo -e "\033[31mFailed to download file: $1\033[0m\n" cat $BUILDKITE_DOWNLOAD_TMP_FILE - exit $BUILDKITE_DOWNLOAD_EXIT_STATUS + exit "$BUILDKITE_DOWNLOAD_EXIT_STATUS" fi } echo -e "Installing Version: \033[35mv$VERSION\033[0m" # Default the destination folder -: ${DESTINATION:="$HOME/.buildkite-agent"} +: "${DESTINATION:="$HOME/.buildkite-agent"}" # If they have a $HOME/.buildkite folder, rename it to `buildkite-agent` and # symlink back to the old one. Since we changed the name of the folder, we diff --git a/packaging/linux/root/usr/share/buildkite-agent/lsb/buildkite-agent.sh b/packaging/linux/root/usr/share/buildkite-agent/lsb/buildkite-agent.sh index 8bb72c22ec..7d9f848431 100755 --- a/packaging/linux/root/usr/share/buildkite-agent/lsb/buildkite-agent.sh +++ b/packaging/linux/root/usr/share/buildkite-agent/lsb/buildkite-agent.sh @@ -1,5 +1,6 @@ -#!/bin/sh -# +#!/usr/bin/env bash +# shellcheck disable=1090 + ### BEGIN INIT INFO # Provides: buildkite-agent # Required-Start: $network $local_fs $remote_fs @@ -20,17 +21,16 @@ pid_file="/var/run/${name}.pid" lock_dir="/var/lock/subsys" lock_file="${lock_dir}/${name}" log="/var/log/${name}.log" -stderr_log="/var/log/${name}.err" -[ -r /etc/default/${name} ] && . /etc/default/${name} -[ -r /etc/sysconfig/${name} ] && . /etc/sysconfig/${name} +[ -r "/etc/default/${name}" ] && . "/etc/default/${name}" +[ -r "/etc/sysconfig/${name}" ] && . "/etc/sysconfig/${name}" get_pid() { cat "$pid_file" } is_running() { - [ -f "$pid_file" ] && ps `get_pid` > /dev/null 2>&1 + [ -f "$pid_file" ] && ps "$(get_pid)" > /dev/null 2>&1 } case "$1" in @@ -53,9 +53,8 @@ case "$1" in stop) if is_running; then echo -n "Stopping $name.." - kill `get_pid` - for i in {1..10} - do + kill "$(get_pid)" + for _ in {1..10}; do if ! is_running; then break fi diff --git a/packaging/linux/scripts/after-install-and-upgrade.sh b/packaging/linux/scripts/after-install-and-upgrade.sh index 009b74e817..2d45b3835e 100755 --- a/packaging/linux/scripts/after-install-and-upgrade.sh +++ b/packaging/linux/scripts/after-install-and-upgrade.sh @@ -1,3 +1,5 @@ +#!/usr/bin/env bash + # $1 will be the version being upgraded from if this is an upgrade if [ "$1" = "" ] ; then OPERATION="install" diff --git a/packaging/linux/scripts/after-remove.sh b/packaging/linux/scripts/after-remove.sh index e7f7de70a1..6241956b9e 100755 --- a/packaging/linux/scripts/after-remove.sh +++ b/packaging/linux/scripts/after-remove.sh @@ -1,3 +1,5 @@ +#!/usr/bin/env bash + # Remove the system service we installed if command -v systemctl > /dev/null; then rm -f /lib/systemd/system/buildkite-agent.service diff --git a/packaging/linux/scripts/before-install.sh b/packaging/linux/scripts/before-install.sh index 27ba77ddaf..007807b58d 100755 --- a/packaging/linux/scripts/before-install.sh +++ b/packaging/linux/scripts/before-install.sh @@ -1 +1,3 @@ +#!/usr/bin/env bash + true diff --git a/packaging/linux/scripts/before-remove.sh b/packaging/linux/scripts/before-remove.sh index a8bf0ba7be..eca7b1bfdf 100755 --- a/packaging/linux/scripts/before-remove.sh +++ b/packaging/linux/scripts/before-remove.sh @@ -1,3 +1,5 @@ +#!/usr/bin/env bash + # Check if upstart exists command -v initctl > /dev/null BK_UPSTART_EXISTS=$? diff --git a/packaging/linux/scripts/before-upgrade.sh b/packaging/linux/scripts/before-upgrade.sh index 27ba77ddaf..007807b58d 100755 --- a/packaging/linux/scripts/before-upgrade.sh +++ b/packaging/linux/scripts/before-upgrade.sh @@ -1 +1,3 @@ +#!/usr/bin/env bash + true diff --git a/scripts/build-binary.sh b/scripts/build-binary.sh index 52b0c39932..954742e476 100755 --- a/scripts/build-binary.sh +++ b/scripts/build-binary.sh @@ -44,7 +44,7 @@ fi export CGO_ENABLED=0 # Generated files -"$(dirname $0)"/generate-acknowledgements.sh +"$(dirname "$0")"/generate-acknowledgements.sh mkdir -p $BUILD_PATH go build -v -ldflags "-X github.com/buildkite/agent/v3/version.buildNumber=${BUILD_NUMBER}" -o "${BUILD_PATH}/${BINARY_FILENAME}" . diff --git a/scripts/build-github-release.sh b/scripts/build-github-release.sh index 110fb7512d..683fa3d9f7 100755 --- a/scripts/build-github-release.sh +++ b/scripts/build-github-release.sh @@ -48,7 +48,7 @@ if [[ "${BINARY_PATH}" == *"windows"* ]]; then info "Zipping up the files" cd "${TMP_RELEASE_DIRECTORY}" - zip -X -r "../${RELEASE_FILE_NAME}" * + zip -X -r "../${RELEASE_FILE_NAME}" -- * else RELEASE_FILE_NAME="${RELEASE_NAME}.tar.gz" diff --git a/scripts/check-upstart-conf.sh b/scripts/check-upstart-conf.sh index 6810f621ec..e7909609d4 100755 --- a/scripts/check-upstart-conf.sh +++ b/scripts/check-upstart-conf.sh @@ -11,20 +11,21 @@ fi config=${1} && shift dbus_pid_file=$(/bin/mktemp) -exec 4<> ${dbus_pid_file} +exec 4<> "${dbus_pid_file}" dbus_add_file=$(/bin/mktemp) -exec 6<> ${dbus_add_file} +exec 6<> "${dbus_add_file}" /bin/dbus-daemon --fork --print-pid 4 --print-address 6 --session function clean { - kill $(cat ${dbus_pid_file}) - rm -f ${dbus_pid_file} ${dbus_add_file} + kill "$(cat "${dbus_pid_file}")" + rm -f" ${dbus_pid_file}" "${dbus_add_file}" exit 1 } trap "{ clean; }" EXIT -export DBUS_SESSION_BUS_ADDRESS=$(cat ${dbus_add_file}) +DBUS_SESSION_BUS_ADDRESS="$(cat "${dbus_add_file}")" +export DBUS_SESSION_BUS_ADDRESS -/bin/init-checkconf ${config} +/bin/init-checkconf "${config}" diff --git a/scripts/generate-acknowledgements.sh b/scripts/generate-acknowledgements.sh index 6565d61174..53ab63256f 100755 --- a/scripts/generate-acknowledgements.sh +++ b/scripts/generate-acknowledgements.sh @@ -8,7 +8,7 @@ echo 'Generating OSS attributions' echo "GOOS=${GOOS:-not set}" echo "GOARCH=${GOARCH:-not set}" -cd $(git rev-parse --show-toplevel) +cd "$(git rev-parse --show-toplevel)" if [[ ! -f "./go.mod" ]]; then echo "Couldn't find go.mod - are you in the agent repository?" @@ -28,9 +28,13 @@ fi # Create temporary directory and file # TEMPFILE is not in TEMPDIR, because this causes infinite recursion later on. -export TEMPDIR="$(mktemp -d /tmp/generate-acknowledgements.XXXXXX)" -export TEMPFILE="$(mktemp /tmp/acknowledgements.XXXXXX)" -trap "rm -fr ${TEMPDIR} ${TEMPFILE}" EXIT +TEMPDIR="$(mktemp -d /tmp/generate-acknowledgements.XXXXXX)" +export TEMPDIR + +TEMPFILE="$(mktemp /tmp/acknowledgements.XXXXXX)" +export TEMPFILE + +trap 'rm -fr ${TEMPDIR} ${TEMPFILE}' EXIT "${GO_LICENSES}" save . --save_path="${TEMPDIR}" --force @@ -43,7 +47,7 @@ Licenses for the libraries used are reproduced below. EOF addfile() { - printf "\n\n---\n\n## %s\n\n\`\`\`\n" "${2:-${1#${TEMPDIR}/}}" >> "${TEMPFILE}" + printf "\n\n---\n\n## %s\n\n\`\`\`\n" "${2:-${1#"${TEMPDIR}"/}}" >> "${TEMPFILE}" cat "$1" >> "${TEMPFILE}" printf "\n\`\`\`\n" >> "${TEMPFILE}" } diff --git a/scripts/publish-debian-package.sh b/scripts/publish-debian-package.sh index b96e16c2bc..70a9ce7046 100755 --- a/scripts/publish-debian-package.sh +++ b/scripts/publish-debian-package.sh @@ -48,7 +48,7 @@ deb_s3_args=( # Older versions were ok with prefix and bucket in the same parameter, but we now need to split them echo "Parsing DEB_S3_BUCKET=$DEB_S3_BUCKET" -DEB_S3_BUCKET_ARRAY=(${DEB_S3_BUCKET//\// }) +DEB_S3_BUCKET_ARRAY=("${DEB_S3_BUCKET//\// }") if [[ ${#DEB_S3_BUCKET_ARRAY[@]} -gt 2 ]] ; then echo "Expected $DEB_S3_BUCKET to have at most 1 path component"