- shell: !include-raw-escape:
- ../shell/jjb-install.sh
- ../shell/jjb-merge-job.sh
+ - ../shell/jjb-cleanup.sh
- job-template:
name: '{project-name}-jjb-merge'
- ../shell/jjb-install.sh
- ../shell/jjb-verify-job.sh
- ../shell/jjb-check-unicode.sh
+ - ../shell/jjb-cleanup.sh
- lf-infra-gpg-verify-git-signature
- job-template:
--- /dev/null
+#!/bin/bash
+# SPDX-License-Identifier: EPL-1.0
+##############################################################################
+# Copyright (c) 2017 The Linux Foundation and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+##############################################################################
+echo "---> jjb-cleanup.sh"
+# Cleans up the temporary directory created for the virtualenv but only if it
+# exists under /tmp. This is to ensure we never attempt to blow away '/'
+# through mis-set bash variables.
+
+# Ensure we fail the job if any steps fail.
+# DO NOT set -u as virtualenv's activate script has unbound variables
+set -e -o pipefail
+
+# shellcheck source="$WORKSPACE/.jjb.properties" disable=SC1091
+source "$WORKSPACE/.jjb.properties"
+if [[ -n "$JJB_VENV" && "$JJB_VENV" =~ /tmp/.* ]]; then
+ rm -r "$JJB_VENV" && "$JJB_VENV removed"
+fi
+rm "$WORKSPACE/.jjb.properties"
# DO NOT set -u as virtualenv's activate script has unbound variables
set -e -o pipefail
-virtualenv "/tmp/v/jjb"
-# shellcheck source=/tmp/v/jjb/bin/activate disable=SC1091
-source "/tmp/v/jjb/bin/activate"
+# Create a virtualenv in a temporary directoy and write it down to used
+# or cleaned up later; cleanup is done in the script jjb-cleanup.sh.
+JJB_VENV="$(mktemp -d)"
+export JJB_VENV
+virtualenv "$JJB_VENV"
+echo "JJB_VENV=$JJB_VENV" > "$WORKSPACE/.jjb.properties"
+# shellcheck source=$VENV_DIR/bin/activate disable=SC1091
+source "$JJB_VENV/bin/activate"
pip install --quiet --upgrade "pip==9.0.3" setuptools
pip install --quiet --upgrade "jenkins-job-builder==$JJB_VERSION"