Issue #24: Resolving sh violations

ai-cfia · Mar 1, 2024 · 64cfdb7 · 64cfdb7
1 parent ffbe66a
commit 64cfdb7
Show file tree

Hide file tree

Showing 4 changed files with 72 additions and 60 deletions.
diff --git a/gcp-setup-script/gcp-project-setup.sh b/gcp-setup-script/gcp-project-setup.sh
@@ -7,36 +7,45 @@ prompt_until_input() {
     local user_input
 
     while true; do
-        echo -n "$prompt_message"
-        read user_input
-        if [[ -n "$user_input" ]]; then
+        echo -n "${prompt_message}"
+        read -r user_input
+        if [[ -n "${user_input}" ]]; then
             break
         fi
     done
-    eval "$return_var='$user_input'"
+    eval "${return_var}='${user_input}'"
 }
 
+PROJECT_ID=""
+BILLING_ACCOUNT_ID=""
+
 # Prompt the user for required variables
 prompt_until_input "Enter desired PROJECT_ID (e.g. cfia-ai-lab): " PROJECT_ID
 prompt_until_input "Enter your BILLING_ACCOUNT_ID (You can find this on the GCP Console under Billing): " BILLING_ACCOUNT_ID
 
 # Create a new project
-gcloud projects create $PROJECT_ID
+gcloud projects create "${PROJECT_ID}"
 
 # Set the project as the active project
-gcloud config set project $PROJECT_ID
+gcloud config set project "${PROJECT_ID}"
 
 # Link the billing account to the project
-gcloud beta billing projects link $PROJECT_ID --billing-account=$BILLING_ACCOUNT_ID
+gcloud beta billing projects link "${PROJECT_ID}" --billing-account="${BILLING_ACCOUNT_ID}"
 
 # Retrieve and display a list of Google Cloud regions
 echo "Available Google Cloud regions"
-gcloud compute regions list --format=value(name)
+gcloud compute regions list --format="value(name)"
 echo
 
+REGION=""
+REPO_NAME=""
+DESCRIPTION=""
+SA_NAME=""
+SA_DISPLAY_NAME=""
+FILE_NAME=""
+
 # Prompt user for necessary variables
 prompt_until_input "Enter a Google Cloud region from the above list: " REGION
-prompt_until_input "Enter a name for your Google Cloud project: " PROJECT_NAME
 prompt_until_input "Enter the Docker repository name: " REPO_NAME
 prompt_until_input "Enter a description for the Docker repository [Optional]: " DESCRIPTION
 prompt_until_input "Enter a name for your service account: " SA_NAME
@@ -46,16 +55,16 @@ prompt_until_input "Choose a name for the JSON key file (without .json): " FILE_
 # Execute commands
 
 # Create an artifact repository
-gcloud artifacts repositories create $REPO_NAME \
+gcloud artifacts repositories create "${REPO_NAME}" \
    --repository-format=docker \
-   --location=$REGION \
-   --description="$DESCRIPTION"
+   --location="${REGION}" \
+   --description="${DESCRIPTION}"
 
 # Create a service account (SA)
-gcloud iam service-accounts create $SA_NAME --display-name "$SA_DISPLAY_NAME"
+gcloud iam service-accounts create "${SA_NAME}" --display-name "${SA_DISPLAY_NAME}"
 
 # Create the key for the service account (SA)
-gcloud iam service-accounts keys create "$FILE_NAME.json" --iam-account=$SA_NAME@$PROJECT_ID.iam.gserviceaccount.com
+gcloud iam service-accounts keys create "${FILE_NAME}.json" --iam-account="${SA_NAME}"@"${PROJECT_ID}".iam.gserviceaccount.com
 
 # Automatically apply the roles to the service account
 ROLES=(
@@ -65,9 +74,9 @@ ROLES=(
 )
 
 for ROLE in "${ROLES[@]}"; do
-    gcloud projects add-iam-policy-binding $PROJECT_ID \
-       --member=serviceAccount:$SA_NAME@$PROJECT_ID.iam.gserviceaccount.com \
-       --role=$ROLE
+    gcloud projects add-iam-policy-binding "${PROJECT_ID}" \
+       --member=serviceAccount:"${SA_NAME}"@"${PROJECT_ID}".iam.gserviceaccount.com \
+       --role="${ROLE}"
 done
 
 echo "All commands executed successfully!"
diff --git a/github-management-script/branch-protection-ruleset.sh b/github-management-script/branch-protection-ruleset.sh
@@ -2,16 +2,18 @@
 
 # prompt for GitHub token
 echo "Please enter your GitHub token:"
-read GITHUB_TOKEN
+read -r GITHUB_TOKEN
 
 ORG_NAME="ai-cfia"
 
 API_URL="https://api.github.com/orgs/${ORG_NAME}/repos?type=public"
 
 # get list of all public repos
-REPOS=$(curl -s -H "Accept: application/vnd.github.v3+json" \
+RESPONSE=$(curl -s -H "Accept: application/vnd.github.v3+json" \
     -H "Authorization: Bearer ${GITHUB_TOKEN}" \
-    "${API_URL}" | jq -r '.[].full_name')
+    "${API_URL}")
+
+REPOS=$(echo "${RESPONSE}" | jq -r '.[].full_name')
 
 set_branch_protection() {
     REPO_NAME=$1
@@ -48,8 +50,8 @@ for REPO in ${REPOS}; do
         "${WORKFLOWS_URL}")
 
     # if the http response code is 200, the directory exists
-    if [ "${RESPONSE}" -eq 200 ]; then
+    if [[ "${RESPONSE}" -eq 200 ]]; then
         echo "Setting branch protection rules for ${REPO}"
-        set_branch_protection ${REPO}
+        set_branch_protection "${REPO}"
     fi
 done
diff --git a/github-management-script/codeowners-file-creation.sh b/github-management-script/codeowners-file-creation.sh
@@ -5,27 +5,28 @@ generate_codeowners() {
   echo "# This CODEOWNERS file is auto-generated. See the script for modification details." > .github/CODEOWNERS
 
   # Default rules for AI-CFIA ownership for repositories which name ends with "backend", "frontend" or "db"
-  if [[ $repo_name == *"backend" ]]; then
+  if [[ ${repo_name} == *"backend" ]]; then
     echo "* @ai-cfia/backend" >> .github/CODEOWNERS
-  elif [[ $repo_name == *"frontend" ]]; then
+  elif [[ ${repo_name} == *"frontend" ]]; then
     echo "* @ai-cfia/frontend" >> .github/CODEOWNERS
-  elif [[ $repo_name == *"db" ]]; then
+  elif [[ ${repo_name} == *"db" ]]; then
     echo "* @ai-cfia/data" >> .github/CODEOWNERS
   fi
 
-  # Specific rules for DevOps ownership
-  echo "/.github/ @ai-cfia/devops" >> .github/CODEOWNERS
-  echo "Dockerfile @ai-cfia/devops" >> .github/CODEOWNERS
-  echo "docker-compose.yml @ai-cfia/devops" >> .github/CODEOWNERS
-  echo "docker-compose.*.yml @ai-cfia/devops" >> .github/CODEOWNERS
+  {
+    echo "/.github/ @ai-cfia/devops"
+    echo "Dockerfile @ai-cfia/devops"
+    echo "docker-compose.yml @ai-cfia/devops"
+    echo "docker-compose.*.yml @ai-cfia/devops"
+  } >> .github/CODEOWNERS
 }
 
 create_codeowners() {
   org_name=$1
   repo_name=$2
-  codeowners_content=$(generate_codeowners $repo_name)
+  codeowners_content=$(generate_codeowners "${repo_name}")
 
-  encoded_content=$(echo "$codeowners_content" | base64 -w 0)
+  encoded_content=$(echo "${codeowners_content}" | base64 -w 0)
 
   API_URL="https://api.github.com/repos/${org_name}/${repo_name}/contents/.github/CODEOWNERS"
 
@@ -37,18 +38,18 @@ create_codeowners() {
 }
 
 echo "Please enter your GitHub token:"
-read GITHUB_TOKEN
+read -r GITHUB_TOKEN
 
 ORG_NAME="ai-cfia"
-
 API_URL="https://api.github.com/orgs/${ORG_NAME}/repos?type=public"
-REPOS=$(curl -s -H "Accept: application/vnd.github.v3+json" \
+RESPONSE=$(curl -s -H "Accept: application/vnd.github.v3+json" \
     -H "Authorization: Bearer ${GITHUB_TOKEN}" \
-    "${API_URL}" | jq -r '.[].full_name')
+    "${API_URL}")
+REPOS=$(echo "${RESPONSE}" | jq -r '.[].full_name')
 
 for REPO in ${REPOS}; do
     echo "Processing repository: ${REPO}"
 
-    create_codeowners $(dirname $REPO) $(basename $REPO)
+    create_codeowners "$(dirname "${REPO}") $(basename "${REPO}")"
 
 done
diff --git a/github-management-script/github-label-creation-script.sh b/github-management-script/github-label-creation-script.sh
@@ -6,51 +6,51 @@ create_data(){
     local label_color=$3
 
     data_content="{"
-    data_content+="\"name\": \"$label_name\","
-    data_content+="\"description\": \"$label_description\","
-    data_content+="\"color\": \"$label_color\""
+    data_content+="\"name\": \"${label_name}\","
+    data_content+="\"description\": \"${label_description}\","
+    data_content+="\"color\": \"${label_color}\""
     data_content+="}"
 
-    echo "$data_content"
+    echo "${data_content}"
 }
 
 create_label(){
     ORG_NAME="ai-cfia"
     REPO_NAME=$1
 
-    DATA=$(create_data "$LABEL_NAME" "$LABEL_DESCRIPTION" "$LABEL_COLOR")
-    API_URL="https://api.github.com/repos/$ORG_NAME/$REPO_NAME/labels"
+    DATA=$(create_data "${LABEL_NAME}" "${LABEL_DESCRIPTION}" "${LABEL_COLOR}")
+    API_URL="https://api.github.com/repos/${ORG_NAME}/${REPO_NAME}/labels"
 
     HTTP_RESPONSE=$(curl -s -w "%{http_code}" -o response.txt -X POST \
       -H "Accept: application/vnd.github.v3+json" \
-      -H "Authorization: Bearer $GITHUB_TOKEN" \
-      "$API_URL" \
-      -d "$DATA")
+      -H "Authorization: Bearer ${GITHUB_TOKEN}" \
+      "${API_URL}" \
+      -d "${DATA}")
 
-    if [ "$HTTP_RESPONSE" -eq 201 ]; then
-        echo "Label '$LABEL_NAME' created successfully in repository $REPO_NAME."
+    if [[ "${HTTP_RESPONSE}" -eq 201 ]]; then
+        echo "Label '${LABEL_NAME}' created successfully in repository ${REPO_NAME}."
     else
-        echo "Failed to create label in repository $REPO_NAME."
+        echo "Failed to create label in repository ${REPO_NAME}."
         cat response.txt
     fi
 
     rm -f response.txt
 }
 
-read -p "Enter your GitHub token: " GITHUB_TOKEN
-read -p "What is the name of the label you want to create? " LABEL_NAME
-read -p "Give your label a description: " LABEL_DESCRIPTION
-read -p "Enter your label color (without #): " LABEL_COLOR
+read -rp "Enter your GitHub token: " GITHUB_TOKEN
+read -rp "What is the name of the label you want to create? " LABEL_NAME
+read -rp "Give your label a description: " LABEL_DESCRIPTION
+read -rp "Enter your label color (without #): " LABEL_COLOR
 
 ORG_NAME="ai-cfia"
-API_URL="https://api.github.com/orgs/$ORG_NAME/repos?type=public"
+API_URL="https://api.github.com/orgs/${ORG_NAME}/repos?type=public"
 REPOS_JSON=$(curl -s -H "Accept: application/vnd.github.v3+json" \
-    -H "Authorization: Bearer $GITHUB_TOKEN" \
-    "$API_URL")
+    -H "Authorization: Bearer ${GITHUB_TOKEN}" \
+    "${API_URL}")
 
-REPOS=$(echo "$REPOS_JSON" | jq -r '.[] | .name')
+REPOS=$(echo "${REPOS_JSON}" | jq -r '.[] | .name')
 
-for REPO in $REPOS; do
-    echo "Creating label for $REPO"
-    create_label "$REPO"
+for REPO in ${REPOS}; do
+    echo "Creating label for ${REPO}"
+    create_label "${REPO}"
 done