|
| 1 | +#!/bin/bash |
| 2 | + |
| 3 | +set -Eeuo pipefail # see https://vaneyckt.io/posts/safer_bash_scripts_with_set_euxo_pipefail/ |
| 4 | + |
| 5 | +SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" |
| 6 | +PROJECTS_FILE="$SCRIPTDIR/projects.json" |
| 7 | + |
| 8 | +PROJECT_BASE_DIR="$SCRIPTDIR/projects" |
| 9 | + |
| 10 | +repo_dir() { |
| 11 | + echo "$PROJECT_BASE_DIR/$1/repo" |
| 12 | +} |
| 13 | + |
| 14 | +venv_dir() { |
| 15 | + echo "$PROJECT_BASE_DIR/$1/venv" |
| 16 | +} |
| 17 | + |
| 18 | +trace_dir() { |
| 19 | + echo "$PROJECT_BASE_DIR/$1/traces" |
| 20 | +} |
| 21 | + |
| 22 | +db_path() { |
| 23 | + echo "$PROJECT_BASE_DIR/$1/$1-db" |
| 24 | +} |
| 25 | + |
| 26 | +help() { |
| 27 | + echo -n """\ |
| 28 | +$0 help This message |
| 29 | +$0 projects List projects |
| 30 | +$0 repo <projects> Fetch repo for projects |
| 31 | +$0 setup <projects> Perform setup steps for projects (install dependencies) |
| 32 | +$0 trace <projects> Trace projects |
| 33 | +$0 db <projects> Build databases for projects |
| 34 | +$0 all <projects> Perform all the above steps for projects |
| 35 | +""" |
| 36 | +} |
| 37 | + |
| 38 | +projects() { |
| 39 | + jq -r 'keys[]' "$PROJECTS_FILE" |
| 40 | +} |
| 41 | + |
| 42 | +check_project_exists() { |
| 43 | + if ! jq -e ".\"$1\"" "$PROJECTS_FILE" &>/dev/null; then |
| 44 | + echo "ERROR: '$1' not a known project, see '$0 projects'" |
| 45 | + exit 1 |
| 46 | + fi |
| 47 | +} |
| 48 | + |
| 49 | +repo() { |
| 50 | + for project in $@; do |
| 51 | + check_project_exists $project |
| 52 | + |
| 53 | + echo "Cloning repo for $project" |
| 54 | + |
| 55 | + REPO_DIR=$(repo_dir $project) |
| 56 | + |
| 57 | + if [[ -d "$REPO_DIR" ]]; then |
| 58 | + echo "Repo already cloned in $REPO_DIR" |
| 59 | + continue; |
| 60 | + fi |
| 61 | + |
| 62 | + REPO_URL=$(jq -e -r ".\"$project\".repo" "$PROJECTS_FILE") |
| 63 | + SHA=$(jq -e -r ".\"$project\".sha" "$PROJECTS_FILE") |
| 64 | + |
| 65 | + mkdir -p "$REPO_DIR" |
| 66 | + cd "$REPO_DIR" |
| 67 | + git init |
| 68 | + git remote add origin $REPO_URL |
| 69 | + git fetch --depth 1 origin $SHA |
| 70 | + git -c advice.detachedHead=False checkout FETCH_HEAD |
| 71 | + done |
| 72 | +} |
| 73 | + |
| 74 | +setup() { |
| 75 | + for project in $@; do |
| 76 | + check_project_exists $project |
| 77 | + |
| 78 | + echo "Setting up $project" |
| 79 | + |
| 80 | + python3 -m venv $(venv_dir $project) |
| 81 | + source $(venv_dir $project)/bin/activate |
| 82 | + |
| 83 | + pip install -e "$SCRIPTDIR" |
| 84 | + |
| 85 | + IFS=$'\n' |
| 86 | + setup_commands=($(jq -r ".\"$project\".setup[]" $PROJECTS_FILE)) |
| 87 | + unset IFS |
| 88 | + for setup_command in "${setup_commands[@]}"; do |
| 89 | + echo "Running '$setup_command'" |
| 90 | + $setup_command |
| 91 | + done |
| 92 | + |
| 93 | + # deactivate venv again |
| 94 | + deactivate |
| 95 | + done |
| 96 | +} |
| 97 | + |
| 98 | +trace() { |
| 99 | + for project in $@; do |
| 100 | + check_project_exists $project |
| 101 | + |
| 102 | + echo "Tracing '$project" |
| 103 | + |
| 104 | + source $(venv_dir $project)/bin/activate |
| 105 | + |
| 106 | + REPO_DIR=$(repo_dir $project) |
| 107 | + cd "$REPO_DIR" |
| 108 | + |
| 109 | + mkdir -p $(trace_dir $project) |
| 110 | + |
| 111 | + MODULE_COMMAND=$(jq -r ".\"$project\".module_command" $PROJECTS_FILE) |
| 112 | + |
| 113 | + cg-trace --xml $(trace_dir $project)/trace.xml --module $MODULE_COMMAND |
| 114 | + done |
| 115 | +} |
| 116 | + |
| 117 | +db() { |
| 118 | + for project in $@; do |
| 119 | + check_project_exists $project |
| 120 | + |
| 121 | + echo "Creating CodeQL database for '$project" |
| 122 | + |
| 123 | + DB=$(db_path $project) |
| 124 | + SRC=$(repo_dir $project) |
| 125 | + PYTHON_EXTRACTOR=$(codeql resolve extractor --language=python) |
| 126 | + |
| 127 | + # Source venv so we can extract dependencies |
| 128 | + source $(venv_dir $project)/bin/activate |
| 129 | + |
| 130 | + rm -rf "$DB" |
| 131 | + |
| 132 | + codeql database init --source-root="$SRC" --language=python "$DB" |
| 133 | + codeql database trace-command --working-dir="$SRC" "$DB" "$PYTHON_EXTRACTOR/tools/autobuild.sh" |
| 134 | + codeql database index-files --language xml --include-extension .xml --working-dir="$(trace_dir $project)" "$DB" |
| 135 | + codeql database finalize "$DB" |
| 136 | + |
| 137 | + echo "Created database in '$DB'" |
| 138 | + |
| 139 | + # deactivate venv again |
| 140 | + deactivate |
| 141 | + done |
| 142 | +} |
| 143 | + |
| 144 | +all() { |
| 145 | + for project in $@; do |
| 146 | + check_project_exists $project |
| 147 | + |
| 148 | + repo $project |
| 149 | + setup $project |
| 150 | + trace $project |
| 151 | + db $project |
| 152 | + done |
| 153 | +} |
| 154 | + |
| 155 | + |
| 156 | +COMMAND=${1:-"help"} |
| 157 | +shift |
| 158 | + |
| 159 | +$COMMAND $@ |
0 commit comments