github.com/argoproj/argo-cd@v1.8.7/hack/git-verify-wrapper.sh

github.com/argoproj/argo-cd@v1.8.7/hack/git-verify-wrapper.sh (about)

     1  #!/bin/sh
     2  # Wrapper script to perform GPG signature validation on git commit SHAs and
     3  # annotated tags.
     4  #
     5  # We capture stderr to stdout, so we can have the output in the logs. Also,
     6  # we ignore error codes that are emitted if signature verification failed.
     7  #
     8  if test "$1" = ""; then
     9  	echo "Wrong usage of git-verify-wrapper.sh" >&2
    10  	exit 1
    11  fi
    12  
    13  REVISION="$1"
    14  TYPE=
    15  
    16  # Figure out we have an annotated tag or a commit SHA
    17  if git describe --exact-match "${REVISION}" >/dev/null 2>&1; then
    18  	IFS=''
    19  	TYPE=tag
    20  	OUTPUT=$(git verify-tag "$REVISION" 2>&1)
    21  	RET=$?
    22  else
    23  	IFS=''
    24  	TYPE=commit
    25  	OUTPUT=$(git verify-commit "$REVISION" 2>&1)
    26  	RET=$?
    27  fi
    28  
    29  case "$RET" in
    30  0)
    31  	echo "$OUTPUT"
    32  	;;
    33  1)
    34  	# git verify-tag emits error messages if no signature is found on tag,
    35  	# which we don't want in the output.
    36  	if test "$TYPE" = "tag" -a "${OUTPUT%%:*}" = "error"; then
    37  		OUTPUT=""
    38  	fi
    39  	echo "$OUTPUT"
    40  	RET=0
    41  	;;
    42  *)
    43  	echo "$OUTPUT" >&2
    44  	;;
    45  esac
    46  exit $RET