burrow/Scripts/ci/check-release-config.sh
Conrad Kramer 002bd382e9
Some checks failed
Cache: Publish Nix / Publish Nix Cache (push) Waiting to run
Build Rust / Cargo Test (push) Successful in 4m14s
Build Site / Next.js Build (push) Failing after 6s
Infra: OpenTofu / OpenTofu (grafana) (push) Successful in 5s
Lint Governance / BEP Metadata (push) Successful in 0s
Build: Android / Android Rust Core Stub (push) Failing after 23s
Wire Forge-native release infrastructure
2026-06-07 05:51:12 -07:00

68 lines
1.8 KiB
Bash
Executable file

#!/usr/bin/env bash
set -euo pipefail
require_env() {
local name="$1"
if [[ -z "${!name:-}" ]]; then
echo "missing required environment variable: ${name}" >&2
return 1
fi
}
require_file_or_env() {
local file_name="$1"
local env_name="$2"
if [[ -n "${!file_name:-}" && -f "${!file_name:-}" ]]; then
return 0
fi
if [[ -n "${!env_name:-}" ]]; then
return 0
fi
echo "missing required ${file_name} file or ${env_name} environment value" >&2
return 1
}
case "${1:-all}" in
gcs)
require_env BURROW_GOOGLE_PROJECT_ID
require_env BURROW_GOOGLE_PROJECT_NUMBER
require_env BURROW_GOOGLE_WIF_POOL_ID
require_env BURROW_GOOGLE_WIF_PROVIDER_ID
require_env BURROW_GOOGLE_WIF_SERVICE_ACCOUNT
require_env BURROW_AUTHENTIK_WIF_ISSUER
require_env BURROW_AUTHENTIK_WIF_AUDIENCE
require_env BURROW_AUTHENTIK_WIF_CLIENT_ID
if [[ -z "${BURROW_AUTHENTIK_WIF_TOKEN:-}" && -z "${BURROW_AUTHENTIK_WIF_CLIENT_SECRET:-}" ]]; then
if [[ -z "${BURROW_AUTHENTIK_WIF_TOKEN_FILE:-}" || ! -f "${BURROW_AUTHENTIK_WIF_TOKEN_FILE:-}" ]]; then
echo "missing Authentik WIF token, token file, or client secret" >&2
exit 1
fi
fi
;;
app-store)
require_env ASC_API_KEY_ID
require_env ASC_API_ISSUER_ID
require_file_or_env ASC_API_KEY_PATH ASC_API_KEY_BASE64
;;
apple-signing)
require_file_or_env APPLE_SIGNING_CERTIFICATE_PATH APPLE_SIGNING_CERTIFICATE_BASE64
require_env APPLE_SIGNING_CERTIFICATE_PASSWORD
;;
sparkle)
"$0" gcs
;;
microsoft-store)
require_env MICROSOFT_TENANT_ID
require_env MICROSOFT_CLIENT_ID
require_env MICROSOFT_CLIENT_SECRET
;;
all)
"$0" gcs
"$0" app-store
"$0" apple-signing
;;
*)
echo "unknown release config group: $1" >&2
exit 64
;;
esac