|
|
|
#!/usr/bin/env bash
|
|
|
|
|
|
|
|
readonly REPO={{ repo | quote }};
|
|
|
|
readonly DEST={{ dest | quote }};
|
|
|
|
readonly DEST_USER={{ owner | quote }};
|
|
|
|
readonly DEST_GROUP={{ group | quote }};
|
|
|
|
readonly PREFIX={{ tag_prefix | quote }};
|
|
|
|
readonly GPG_FINGERPRINT={{ gpg_fingerprint | quote }};
|
|
|
|
|
|
|
|
set -euo pipefail;
|
|
|
|
|
|
|
|
cd "$DEST";
|
|
|
|
|
|
|
|
if [ ! -d .git ]; then
|
|
|
|
git clone "$REPO" "$DEST";
|
|
|
|
fi
|
|
|
|
|
|
|
|
[ -z "$GPG_FINGERPRINT" ] ||
|
|
|
|
gpg --quiet --keyserver eu.pool.sks-keyservers.net --recv "$GPG_FINGERPRINT";
|
|
|
|
|
|
|
|
git fetch --tags > /dev/null;
|
|
|
|
TAG=$(git tag --list | grep "^$PREFIX" | sort -r | head -n 1);
|
|
|
|
if [ -z "$GPG_FINGERPRINT" ] || git verify-tag --raw "$TAG" 2>&1 | grep " VALIDSIG $GPG_FINGERPRINT " > /dev/null; then
|
|
|
|
git reset --hard;
|
|
|
|
git checkout -q "$TAG";
|
|
|
|
chown -R "$DEST_USER:$DEST_GROUP" .;
|
|
|
|
if ! sh -c {{ reload_command | default('') | quote }}; then
|
|
|
|
echo "Failed during reload" >&2;
|
|
|
|
exit 2;
|
|
|
|
fi
|
|
|
|
else
|
|
|
|
echo "Invalid or missing signature for $TAG" >&2;
|
|
|
|
exit 1;
|
|
|
|
fi
|