SC2086: Double quote to prevent globbing and word splitting.
Signed-off-by: Thanh Ha <zxiiro@gmail.com>
Change-Id: Ib5fee4b949ec02e265b9d0e628a36ce63ce18784
# Create the jenkins user last so that hopefully we DO NOT have to deal with
# guard files
-$jjb_init_scripts/create-jenkins-user.sh
+"$jjb_init_scripts/create-jenkins-user.sh"
-cp $jjb_init_scripts/lf-env.sh ~jenkins/
+cp "$jjb_init_scripts/lf-env.sh" ~jenkins/
chmod 644 ~jenkins/lf-env.sh
chown jenkins:jenkins ~jenkins/lf-env.sh
*) lf-echo-stderr "${FUNCNAME[0]}(): ERROR: Unknown switch '$1'." ; return 1 ;;
esac
done
- if ! type $python > /dev/null; then
+ if ! type "$python" > /dev/null; then
lf-echo-stderr "${FUNCNAME[0]}(): ERROR: Unknown Python: $python"
return 1
fi
python2*)
local pkg_list="$*"
# For Python2, just create venv and install pip
- virtualenv -p $python $lf_venv || return 1
- $lf_venv/bin/pip install --upgrade --quiet pip || return 1
+ virtualenv -p "$python" "$lf_venv" || return 1
+ "$lf_venv/bin/pip" install --upgrade --quiet pip || return 1
if [[ -z $pkg_list ]]; then
echo "${FUNCNAME[0]}(): WARNING: No packages to install"
return 0
fi
echo "${FUNCNAME[0]}(): INFO: Installing: $pkg_list"
- $lf_venv/bin/pip install --upgrade --quiet $pkg_list || return 1
+ # $pkg_list is expected to be unquoted
+ # shellcheck disable=SC2086
+ "$lf_venv/bin/pip" install --upgrade --quiet $pkg_list || return 1
;;
python3*)
local pkg_list=""
*) pkg_list+="$arg " ;;
esac
done
- $python -m venv $install_args $lf_venv || return 1
- $lf_venv/bin/pip install --upgrade --quiet pip virtualenv || return 1
+ $python -m venv "$install_args" "$lf_venv" || return 1
+ "$lf_venv/bin/pip" install --upgrade --quiet pip virtualenv || return 1
if [[ -z $pkg_list ]]; then
echo "${FUNCNAME[0]}(): WARNING: No packages to install"
return 0
fi
echo "${FUNCNAME[0]}(): INFO: Installing: $pkg_list"
- $lf_venv/bin/pip install --upgrade --quiet --upgrade-strategy eager \
+ # $pkg_list is expected to be unquoted
+ # shellcheck disable=SC2086
+ "$lf_venv/bin/pip" install --upgrade --quiet --upgrade-strategy eager \
$pkg_list || return 1
;;
*)
local current_val="$1" operator="$2" test_value="$3"
awk -vv1="$current_val" -vv2="$test_value" 'BEGIN {
split(v1, a, /\:/);
- if (a[2] == '$test_value') {
- exit (a[2] == '$test_value') ? 0 : 1
+ if (a[2] == '"$test_value"') {
+ exit (a[2] == '"$test_value"') ? 0 : 1
}
else {
- exit (a[2] '$operator' '$test_value') ? 0 : 1
+ exit (a[2] '"$operator"' '"$test_value"') ? 0 : 1
}
}'
}
echo "INFO: Retrieving Pricing Info for: $instance_type"
url="https://pricing.vexxhost.net/v1/pricing/$instance_type/cost?seconds=$uptime"
-jason_block=$(curl -s $url)
+jason_block=$(curl -s "$url")
-cost=$(jq .cost <<< $jason_block)
-resource=$(jq .resource <<< $jason_block | tr -d '"')
+cost=$(jq .cost <<< "$jason_block")
+resource=$(jq .resource <<< "$jason_block" | tr -d '"')
# Archive the cost date
-mkdir -p $WORKSPACE/archives/cost
+mkdir -p "$WORKSPACE/archives/cost"
echo "INFO: Archiving Costs"
# This format is readable by spreadsheet and is easily sortable
date=$(TZ=GMT date +'%Y-%m-%d %H:%M:%S')
-cat << EOF > $WORKSPACE/archives/cost.csv
+cat << EOF > "$WORKSPACE/archives/cost.csv"
$JOB_NAME,$BUILD_NUMBER,$date,$resource,$uptime,$cost,$stack_cost
EOF
auth_token=$(echo -n "$USER":"$PASS" | openssl base64)
# Write .npmrc
- echo '//'$NPM_REGISTRY':_auth'$auth_token >> $HOME/.npmrc
+ echo "//$NPM_REGISTRY:_auth$auth_token" >> "$HOME/.npmrc"
}
lf-activate-venv lftools[openstack] python-openstackclient
echo "INFO: Retrieving stack cost for: $OS_STACK_NAME"
-if ! lftools openstack --os-cloud $OS_CLOUD stack cost $OS_STACK_NAME > stack-cost; then
+if ! lftools openstack --os-cloud "$OS_CLOUD" stack cost "$OS_STACK_NAME" > stack-cost; then
echo "WARNING: Unable to get stack costs, continuing anyway"
echo "total: 0" > stack-cost
else
# Copy variables.prop to variables.jenkins-trigger so that the end of build
# trigger can pick up the file as input for triggering downstream jobs.
# Dont tigger downstream job when UPDATE_CLOUD_IMAGE is set to 'false'
- cp $WORKSPACE/variables.prop $WORKSPACE/variables.jenkins-trigger
+ cp "$WORKSPACE/variables.prop" "$WORKSPACE/variables.jenkins-trigger"
fi
# Retrive the list of cloud providers
{
case $os in
fedora|centos|redhat|ubuntu|debian)
- if ! sudo cp $sudo_log /tmp; then
+ if ! sudo cp "$sudo_log" /tmp; then
echo "Unable to archive 'sudo' logs ($sudo_log)"
return
fi
;;
suse)
# Do I need 'sudo' to run 'journalctl'?
- journalctl | grep sudo > $sudo_log
+ journalctl | grep sudo > "$sudo_log"
;;
*) echo "Unexpected 'operatingsystem': $os"
exit 1
;;
esac
- sudo_log=$(basename $sudo_log)
- sudo chown jenkins:jenkins /tmp/$sudo_log
- chmod 0644 /tmp/$sudo_log
- mkdir -p $WORKSPACE/archives/sudo
- mv /tmp/$sudo_log $WORKSPACE/archives/sudo/$sudo_log
+ sudo_log=$(basename "$sudo_log")
+ sudo chown jenkins:jenkins "/tmp/$sudo_log"
+ chmod 0644 "/tmp/$sudo_log"
+ mkdir -p "$WORKSPACE/archives/sudo"
+ mv "/tmp/$sudo_log" "$WORKSPACE/archives/sudo/$sudo_log"
} # End copy_log()
jar_location="/tmp/wss-unified-agent-${WSS_UNIFIED_AGENT_VERSION}.jar"
wss_unified_agent_url="https://s3.amazonaws.com/unified-agent/wss-unified-agent-${WSS_UNIFIED_AGENT_VERSION}.jar"
wget -nv "${wss_unified_agent_url}" -O "${jar_location}"
+
echo "---> Running WhiteSource Unified Agent CLI ..."
+
+# WSS_UNIFIED_AGENT_OPTIONS & JAVA_OPTS are expected to be unquoted
+# shellcheck disable=SC2086
java ${JAVA_OPTS:-} -jar "${jar_location}" -c wss-unified-agent.config \
-product "${WSS_PRODUCT_NAME}" -project "${WSS_PROJECT_NAME}" \
-projectVersion "${GERRIT_BRANCH}" ${WSS_UNIFIED_AGENT_OPTIONS:-}
+
rm "${jar_location}"
Code Review / releng / global-jjb.git / commitdiff