This repository was archived by the owner on Feb 14, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathentrypoint.sh
More file actions
executable file
·70 lines (57 loc) · 2.23 KB
/
entrypoint.sh
File metadata and controls
executable file
·70 lines (57 loc) · 2.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
#!/bin/bash -l
set -ex
export PATH=/google-cloud-sdk/bin:/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin
google_auth_setup() {
CLIENT_EMAIL="$(jq -r .client_email <<<"${GOOGLE_CREDENTIALS}")"
echo "${GOOGLE_CREDENTIALS}" >/tmp/creds.json
/google-cloud-sdk/bin/gcloud auth activate-service-account "${CLIENT_EMAIL}" --key-file=/tmp/creds.json
}
git_setup() {
cat <<-EOF >"$HOME/.netrc"
machine github.com
login "$GITHUB_ACTOR"
password "$GITHUB_TOKEN"
machine api.github.com
login "$GITHUB_ACTOR"
password "$GITHUB_TOKEN"
EOF
chmod 600 "$HOME/.netrc"
export GIT_TRACE_PACKET=1
export GIT_TRACE=1
export GIT_CURL_VERBOSE=1
# rf: https://github.com/actions/checkout/issues/760 this works around a new perms
# check added for CVE-2022-24765
git config --global --add safe.directory /github/workspace
git config --global credential.'https://source.developer.google.com/'.helper '!/google-cloud-sdk/bin/gcloud auth git-helper --account='"${CLIENT_EMAIL}"' --ignore-unknown $@'
git config --global http.postBuffer 157286400
git config --global core.packedGitLimit 512m
git config --global core.packedGitWindowSize 512m
git config --global pack.deltaCacheSize 2047m
git config --global pack.packSizeLimit 2047m
git config --global pack.windowMemory 2047m
git config --global pack.window 1
git config --global http.version "HTTP/1.1"
git gc
git fsck
}
SOURCE_BRANCH="tmp-$(basename "${GITHUB_REF}")"
DESTINATION_BRANCH="$(basename "${GITHUB_REF}")"
# we really need some less fragile way to establish this mapping
case "${DESTINATION_BRANCH}" in
master)
GOOGLE_CREDENTIALS="${GOOGLE_CREDENTIALS_ODEN_PRODUCTION}"
GOOGLE_SOURCE_REPO_URL="${GOOGLE_SOURCE_REPO_URL_ODEN_PRODUCTION}"
;;
*)
GOOGLE_CREDENTIALS="${GOOGLE_CREDENTIALS_ODEN_QA}"
GOOGLE_SOURCE_REPO_URL="${GOOGLE_SOURCE_REPO_URL_ODEN_QA}"
;;
esac
google_auth_setup
git_setup
# check out the source branch at exactly the ref where we were triggered
git checkout -b "${SOURCE_BRANCH}" "${GITHUB_SHA}"
git config user.name "$(git log -n 1 --pretty=format:%an)"
git config user.email "$(git log -n 1 --pretty=format:%ae)"
git remote add destination "${GOOGLE_SOURCE_REPO_URL}"
git push destination "${SOURCE_BRANCH}:${DESTINATION_BRANCH}" -f