| #!/bin/bash |
| |
| set -o nounset |
| |
| # Copyright 2018-2021 Fairphone B.V. |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # |
| |
| # Update internal projects with upstream partner security branches |
| # |
| # This script allows to fetch Google's Android partner security branches and |
| # push them to our internal Gerrit. Access to upstream partner branches is |
| # restricted to authorized users. Check https://partner-android.googlesource.com |
| # on how to set up access. |
| # |
| # To use the tool, run the following command in the root of the Android tree: |
| # |
| # repo --no-pager forall -vpc \ |
| # "$(pwd)/vendor/fairphone/tools/bin/fetch-and-push-partner" | \ |
| # tee fetch-and-push-partner-$(date +"%Y-%m-%d_%H-%M-%S").log |
| # |
| |
| AOSP_PARTNER_REF=${AOSP_PARTNER_REF:-security-aosp-pi-release} |
| AOSP_PARTNER_BASE_URL=${AOSP_PARTNER_BASE_URL:-https://partner-android.googlesource.com} |
| REF_IS_TAG=${REF_IS_TAG:-0} |
| PUSH_TO_REMOTE=${PUSH_TO_REMOTE:-0} |
| |
| if [ "${REF_IS_TAG}" -eq 1 ]; then |
| _REF_SPEC="refs/tags/${AOSP_PARTNER_REF}" |
| _PUSH_REF_SPEC="${AOSP_PARTNER_REF}" |
| else |
| _REF_SPEC="${AOSP_PARTNER_REF}" |
| _PUSH_REF_SPEC="${AOSP_PARTNER_REF}:refs/heads/${AOSP_PARTNER_REF}" |
| fi |
| |
| url=${AOSP_PARTNER_BASE_URL}/${REPO_PROJECT} |
| |
| # Retry `git ls-remote` a few times in case it fails. |
| try_ls_remote() { |
| local ls_remote |
| local ret_val |
| for _ in $(seq 3); do |
| ls_remote=$(git ls-remote --exit-code $@ 2>/dev/null); ret_val=$? |
| if [ "${ret_val}" -eq 0 ]; then |
| echo "${ls_remote}" |
| return 0 |
| fi |
| sleep 5s |
| done |
| return "${ret_val}" |
| } |
| |
| ls_remote="$(try_ls_remote ${url} ${_REF_SPEC})"; ret_val=$? |
| case "${ret_val}" in |
| 0) # Successfully checked on remote; continue below. |
| ;; |
| 2) |
| echo "WARNING: Skipping remote AOSP-Partner, ${_REF_SPEC} does not exist on remote, ignoring project." >&2 |
| exit 0 |
| ;; |
| 128) |
| echo "WARNING: Skipping remote AOSP-Partner, ${url} is not a valid remote, ignoring project." >&2 |
| exit 0 |
| ;; |
| *) |
| echo "ERROR: Skipping remote AOSP-Partner, could not list ${url}." >&2 |
| exit 1 |
| ;; |
| esac |
| |
| partner_revision=$(echo "${ls_remote}" | awk '{print $1}') |
| ls_remote=$(try_ls_remote origin ${_REF_SPEC}); ret_val=$? |
| # If we have the reference already and it's the same as in upstream, skip fetch/push. |
| if [ "${ret_val}" -eq 0 ]; then |
| internal_revision=$(echo "${ls_remote}" | awk '{print $1}') |
| if [ -n "${internal_revision}" ] && [ "${internal_revision}" = "${partner_revision}" ]; then |
| echo "INFO: Internal reference is already up-to-date." >&2 |
| exit 0 |
| fi |
| fi |
| echo "INFO: Fetching AOSP-Partner ref. (${_REF_SPEC})…" |
| git fetch --quiet --no-tags ${url} ${_REF_SPEC}:${_REF_SPEC} |
| if test $? -ne 0; then |
| echo "ERROR: Could not fetch ${_REF_SPEC} from remote AOSP-Partner." >&2 |
| exit 1 |
| fi |
| if [ "${PUSH_TO_REMOTE}" -eq 1 ]; then |
| echo "INFO: Pushing AOSP-Partner ref to origin…" |
| git push origin "${_PUSH_REF_SPEC}" |
| if [ "$?" -ne 0 ]; then |
| echo "ERROR: Could not push ${_REF_SPEC} to origin." >&2 |
| exit 1 |
| fi |
| else |
| echo "INFO: NOT pushing to the remote, PUSH_TO_REMOTE is not enabled." >&2 |
| fi |