From 2d8d9a5012852a156ba84ff6cbf10abb6d9d091e Mon Sep 17 00:00:00 2001 From: David Mihalcik Date: Thu, 12 Feb 2026 20:02:59 -0500 Subject: [PATCH 1/4] chore: add .shfmt configuration and format shell scripts Add shfmt configuration for consistent shell script formatting: bash dialect, 2-space indent, space redirects, switch case indent. Apply formatting to all existing shell scripts. Co-Authored-By: Claude Opus 4.6 Signed-off-by: David Mihalcik --- .shfmt | 20 ++ xtest/sdk/go/cli.sh | 248 ++++++++++----------- xtest/sdk/go/otdfctl.sh | 4 +- xtest/sdk/java/cli.sh | 156 ++++++------- xtest/sdk/js/cli.sh | 272 +++++++++++------------ xtest/sdk/scripts/checkout-all.sh | 8 +- xtest/sdk/scripts/checkout-sdk-branch.sh | 68 +++--- xtest/sdk/scripts/cleanup-all.sh | 20 +- xtest/sdk/scripts/post-checkout-java.sh | 120 +++++----- 9 files changed, 468 insertions(+), 448 deletions(-) create mode 100644 .shfmt diff --git a/.shfmt b/.shfmt new file mode 100644 index 00000000..93644280 --- /dev/null +++ b/.shfmt @@ -0,0 +1,20 @@ +# Language variant +language_dialect: bash + +# Indentation (2 spaces) +indent: 2 + +# Binary operators at start of line +binary_next_line: false + +# Switch case indentation +switch_case_indent: true + +# Redirect operators with space +space_redirects: true + +# Keep column alignment +keep_padding: true + +# Function brace on same line +function_next_line: false diff --git a/xtest/sdk/go/cli.sh b/xtest/sdk/go/cli.sh index 9790a74c..0308d3e2 100755 --- a/xtest/sdk/go/cli.sh +++ b/xtest/sdk/go/cli.sh @@ -22,151 +22,151 @@ SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) cmd=("$SCRIPT_DIR"/otdfctl) if [ ! -f "$SCRIPT_DIR"/otdfctl ]; then - cmd=(go run "github.com/opentdf/otdfctl@latest") + cmd=(go run "github.com/opentdf/otdfctl@latest") fi if [ "$1" == "supports" ]; then - case "$2" in - autoconfigure | ns_grants) - exit 0 - ;; - obligations) - # Obligations support from SDK version 0.10.0 - set -o pipefail - "${cmd[@]}" --version --json | jq -re .sdk_version | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 > 10) || ($1 == 0 && $2 == 10 && $3 >= 0)) exit 0; else exit 1; }' - exit $? - ;; - assertions | assertion_verification) - "${cmd[@]}" help decrypt | grep with-assertion-verification-keys - exit $? - ;; - kasallowlist) - "${cmd[@]}" help decrypt | grep kas-allowlist - exit $? - ;; - key_management) - # Advanced key management from SDK version 0.5.1 - "${cmd[@]}" --version --json | jq -re .sdk_version | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 > 5) || ($1 == 0 && $2 == 5 && $3 >= 1)) exit 0; else exit 1; }' - exit $? - ;; - ecwrap) - if "${cmd[@]}" help encrypt | grep wrapping-key; then - # while the otdfctl app may support ecwrap, but sdk versions 0.3.28 and earlier uses the old salt - set -o pipefail - "${cmd[@]}" --version --json | jq -re .sdk_version | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 > 3) || ($1 == 0 && $2 == 3 && $3 >= 29)) exit 0; else exit 1; }' - exit $? - else - echo "ecwrap not supported" - exit 1 - fi - ;; - hexless) - set -o pipefail - # Schema version 4.3.0 introduced hexless - "${cmd[@]}" --version --json | jq -re .schema_version | awk -F. '{ if ($1 > 4 || ($1 == 4 && $2 >= 2)) exit 0; else exit 1; }' - exit $? - ;; - hexaflexible) - "${cmd[@]}" help encrypt | grep target-mode - exit $? - ;; - connectrpc) - set -o pipefail - # SDK version 0.4.5 introduces connectrpc client side - "${cmd[@]}" --version --json | jq -re .sdk_version | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 > 4) || ($1 == 0 && $2 == 4 && $3 >= 5)) exit 0; else exit 1; }' - exit $? - ;; - better-messages-2024) - # In November 2024, we added more. detailed error messages - # These appeared in go sdk 0.3.28 - set -o pipefail - "${cmd[@]}" --version --json | jq -re .sdk_version | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 > 3) || ($1 == 0 && $2 == 3 && $3 >= 18)) exit 0; else exit 1; }' - exit $? - ;; - *) - echo "Unknown feature: $2" - exit 2 - ;; - esac + case "$2" in + autoconfigure | ns_grants) + exit 0 + ;; + obligations) + # Obligations support from SDK version 0.10.0 + set -o pipefail + "${cmd[@]}" --version --json | jq -re .sdk_version | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 > 10) || ($1 == 0 && $2 == 10 && $3 >= 0)) exit 0; else exit 1; }' + exit $? + ;; + assertions | assertion_verification) + "${cmd[@]}" help decrypt | grep with-assertion-verification-keys + exit $? + ;; + kasallowlist) + "${cmd[@]}" help decrypt | grep kas-allowlist + exit $? + ;; + key_management) + # Advanced key management from SDK version 0.5.1 + "${cmd[@]}" --version --json | jq -re .sdk_version | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 > 5) || ($1 == 0 && $2 == 5 && $3 >= 1)) exit 0; else exit 1; }' + exit $? + ;; + ecwrap) + if "${cmd[@]}" help encrypt | grep wrapping-key; then + # while the otdfctl app may support ecwrap, but sdk versions 0.3.28 and earlier uses the old salt + set -o pipefail + "${cmd[@]}" --version --json | jq -re .sdk_version | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 > 3) || ($1 == 0 && $2 == 3 && $3 >= 29)) exit 0; else exit 1; }' + exit $? + else + echo "ecwrap not supported" + exit 1 + fi + ;; + hexless) + set -o pipefail + # Schema version 4.3.0 introduced hexless + "${cmd[@]}" --version --json | jq -re .schema_version | awk -F. '{ if ($1 > 4 || ($1 == 4 && $2 >= 2)) exit 0; else exit 1; }' + exit $? + ;; + hexaflexible) + "${cmd[@]}" help encrypt | grep target-mode + exit $? + ;; + connectrpc) + set -o pipefail + # SDK version 0.4.5 introduces connectrpc client side + "${cmd[@]}" --version --json | jq -re .sdk_version | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 > 4) || ($1 == 0 && $2 == 4 && $3 >= 5)) exit 0; else exit 1; }' + exit $? + ;; + better-messages-2024) + # In November 2024, we added more. detailed error messages + # These appeared in go sdk 0.3.28 + set -o pipefail + "${cmd[@]}" --version --json | jq -re .sdk_version | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 > 3) || ($1 == 0 && $2 == 3 && $3 >= 18)) exit 0; else exit 1; }' + exit $? + ;; + *) + echo "Unknown feature: $2" + exit 2 + ;; + esac fi XTEST_DIR="$SCRIPT_DIR" while [ ! -f "$XTEST_DIR/test.env" ] && [ "$(basename "$XTEST_DIR")" != "xtest" ]; do - XTEST_DIR=$(dirname "$XTEST_DIR") + XTEST_DIR=$(dirname "$XTEST_DIR") done if [ -f "$XTEST_DIR/test.env" ]; then - # shellcheck disable=SC1091 - source "$XTEST_DIR/test.env" + # shellcheck disable=SC1091 + source "$XTEST_DIR/test.env" else - echo "test.env not found, stopping at xtest directory." - exit 1 + echo "test.env not found, stopping at xtest directory." + exit 1 fi args=( - -o "$3" - --host "$PLATFORMURL" - --tls-no-verify - --log-level debug - --with-client-creds '{"clientId":"'"$CLIENTID"'","clientSecret":"'"$CLIENTSECRET"'"}' + -o "$3" + --host "$PLATFORMURL" + --tls-no-verify + --log-level debug + --with-client-creds '{"clientId":"'"$CLIENTID"'","clientSecret":"'"$CLIENTSECRET"'"}' ) if [ "$4" != "ztdf" ]; then - echo "Unsupported container format: $4" - exit 2 + echo "Unsupported container format: $4" + exit 2 fi if [ "$1" == "encrypt" ]; then - if [ -n "$XT_WITH_MIME_TYPE" ]; then - args+=(--mime-type "$XT_WITH_MIME_TYPE") - fi + if [ -n "$XT_WITH_MIME_TYPE" ]; then + args+=(--mime-type "$XT_WITH_MIME_TYPE") + fi - if [ -n "$XT_WITH_ATTRIBUTES" ]; then - args+=(--attr "$XT_WITH_ATTRIBUTES") - fi + if [ -n "$XT_WITH_ATTRIBUTES" ]; then + args+=(--attr "$XT_WITH_ATTRIBUTES") + fi - if [ -n "$XT_WITH_ASSERTIONS" ]; then - args+=(--with-assertions "$XT_WITH_ASSERTIONS") - fi - if [ "$XT_WITH_ECWRAP" == 'true' ]; then - args+=(--wrapping-key-algorithm "ec:secp256r1") - fi - if [ "$XT_WITH_ECDSA_BINDING" == "true" ]; then - args+=(--ecdsa-binding) - fi - if [ "$XT_WITH_PLAINTEXT_POLICY" == "true" ]; then - args+=(--policy-mode plaintext) - fi - if [ -n "$XT_WITH_TARGET_MODE" ]; then - args+=(--target-mode "$XT_WITH_TARGET_MODE") - fi - echo "${cmd[@]}" encrypt "${args[@]}" "$2" - if ! "${cmd[@]}" encrypt "${args[@]}" "$2"; then - exit 1 - fi - if [ -f "${3}.tdf" ]; then - # go helpfully adds a tdf extension to all files - mv "${3}.tdf" "${3}" - fi + if [ -n "$XT_WITH_ASSERTIONS" ]; then + args+=(--with-assertions "$XT_WITH_ASSERTIONS") + fi + if [ "$XT_WITH_ECWRAP" == 'true' ]; then + args+=(--wrapping-key-algorithm "ec:secp256r1") + fi + if [ "$XT_WITH_ECDSA_BINDING" == "true" ]; then + args+=(--ecdsa-binding) + fi + if [ "$XT_WITH_PLAINTEXT_POLICY" == "true" ]; then + args+=(--policy-mode plaintext) + fi + if [ -n "$XT_WITH_TARGET_MODE" ]; then + args+=(--target-mode "$XT_WITH_TARGET_MODE") + fi + echo "${cmd[@]}" encrypt "${args[@]}" "$2" + if ! "${cmd[@]}" encrypt "${args[@]}" "$2"; then + exit 1 + fi + if [ -f "${3}.tdf" ]; then + # go helpfully adds a tdf extension to all files + mv "${3}.tdf" "${3}" + fi elif [ "$1" == "decrypt" ]; then - if [ -n "$XT_WITH_ASSERTION_VERIFICATION_KEYS" ]; then - args+=(--with-assertion-verification-keys "$XT_WITH_ASSERTION_VERIFICATION_KEYS") - fi - if [ "$XT_WITH_ECWRAP" == 'true' ]; then - args+=(--session-key-algorithm "ec:secp256r1") - fi - if [ "$XT_WITH_VERIFY_ASSERTIONS" == 'false' ]; then - args+=(--no-verify-assertions) - fi - if [ -n "$XT_WITH_KAS_ALLOW_LIST" ]; then - args+=(--kas-allowlist "$XT_WITH_KAS_ALLOW_LIST") - fi - # bypassing the allowlist may expose potential security risks - if [ "$XT_WITH_IGNORE_KAS_ALLOWLIST" == "true" ]; then - args+=(--kas-allowlist '*') - fi - echo "${cmd[@]}" decrypt "${args[@]}" "$2" - "${cmd[@]}" decrypt "${args[@]}" "$2" + if [ -n "$XT_WITH_ASSERTION_VERIFICATION_KEYS" ]; then + args+=(--with-assertion-verification-keys "$XT_WITH_ASSERTION_VERIFICATION_KEYS") + fi + if [ "$XT_WITH_ECWRAP" == 'true' ]; then + args+=(--session-key-algorithm "ec:secp256r1") + fi + if [ "$XT_WITH_VERIFY_ASSERTIONS" == 'false' ]; then + args+=(--no-verify-assertions) + fi + if [ -n "$XT_WITH_KAS_ALLOW_LIST" ]; then + args+=(--kas-allowlist "$XT_WITH_KAS_ALLOW_LIST") + fi + # bypassing the allowlist may expose potential security risks + if [ "$XT_WITH_IGNORE_KAS_ALLOWLIST" == "true" ]; then + args+=(--kas-allowlist '*') + fi + echo "${cmd[@]}" decrypt "${args[@]}" "$2" + "${cmd[@]}" decrypt "${args[@]}" "$2" else - echo "Incorrect argument provided" - exit 1 + echo "Incorrect argument provided" + exit 1 fi diff --git a/xtest/sdk/go/otdfctl.sh b/xtest/sdk/go/otdfctl.sh index 1fbfbea7..8a130e76 100755 --- a/xtest/sdk/go/otdfctl.sh +++ b/xtest/sdk/go/otdfctl.sh @@ -9,7 +9,7 @@ SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) XTEST_DIR="$SCRIPT_DIR" while [ ! -f "$XTEST_DIR/test.env" ] && [ "$(basename "$XTEST_DIR")" != "xtest" ]; do - XTEST_DIR=$(dirname "$XTEST_DIR") + XTEST_DIR=$(dirname "$XTEST_DIR") done # shellcheck source=../../test.env @@ -17,7 +17,7 @@ source "$XTEST_DIR/test.env" cmd=("$SCRIPT_DIR"/otdfctl) if [ ! -f "$SCRIPT_DIR"/otdfctl ]; then - cmd=(go run github.com/opentdf/otdfctl@latest) + cmd=(go run github.com/opentdf/otdfctl@latest) fi cmd+=(--json) diff --git a/xtest/sdk/java/cli.sh b/xtest/sdk/java/cli.sh index 0153932a..b874f152 100755 --- a/xtest/sdk/java/cli.sh +++ b/xtest/sdk/java/cli.sh @@ -23,130 +23,130 @@ SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) XTEST_DIR="$SCRIPT_DIR" while [ ! -f "$XTEST_DIR/test.env" ] && [ "$(basename "$XTEST_DIR")" != "xtest" ]; do - XTEST_DIR=$(dirname "$XTEST_DIR") + XTEST_DIR=$(dirname "$XTEST_DIR") done if [ -f "$XTEST_DIR/test.env" ]; then - # shellcheck disable=SC1091 - source "$XTEST_DIR/test.env" + # shellcheck disable=SC1091 + source "$XTEST_DIR/test.env" else - echo "test.env not found, stopping at xtest directory." - exit 1 + echo "test.env not found, stopping at xtest directory." + exit 1 fi if [ "$1" == "supports" ]; then - case "$2" in - autoconfigure | ns_grants) - exit 0 - ;; - assertions) - java -jar "$SCRIPT_DIR"/cmdline.jar help encrypt | grep with-assertions - exit $? - ;; - assertion_verification) - java -jar "$SCRIPT_DIR"/cmdline.jar help decrypt | grep with-assertion-verification-keys - exit $? - ;; - kasallowlist) - java -jar "$SCRIPT_DIR"/cmdline.jar help decrypt | grep kas-allowlist - exit $? - ;; - ecwrap) - if java -jar "$SCRIPT_DIR"/cmdline.jar help encrypt | grep encap-key; then - # versions 0.7.6 and earlier used an older value for EC HKDF salt; check for 0.7.7 or later - java -jar "$SCRIPT_DIR"/cmdline.jar --version | jq -re .version | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 > 7) || ($1 == 0 && $2 == 7 && $3 >= 7)) exit 0; else exit 1; }' - exit $? - else - echo "ecwrap not supported" - exit 1 - fi - ;; - - hexless) - set -o pipefail - java -jar "$SCRIPT_DIR"/cmdline.jar --version | jq -re .tdfSpecVersion | awk -F. '{ if ($1 > 4 || ($1 == 4 && $2 > 2) || ($1 == 4 && $2 == 3 && $3 >= 0)) exit 0; else exit 1; }' - exit $? - ;; - - hexaflexible) - java -jar "$SCRIPT_DIR"/cmdline.jar help encrypt | grep with-target-mode - exit $? - ;; - - *) - echo "Unknown feature: $2" - exit 2 - ;; - esac + case "$2" in + autoconfigure | ns_grants) + exit 0 + ;; + assertions) + java -jar "$SCRIPT_DIR"/cmdline.jar help encrypt | grep with-assertions + exit $? + ;; + assertion_verification) + java -jar "$SCRIPT_DIR"/cmdline.jar help decrypt | grep with-assertion-verification-keys + exit $? + ;; + kasallowlist) + java -jar "$SCRIPT_DIR"/cmdline.jar help decrypt | grep kas-allowlist + exit $? + ;; + ecwrap) + if java -jar "$SCRIPT_DIR"/cmdline.jar help encrypt | grep encap-key; then + # versions 0.7.6 and earlier used an older value for EC HKDF salt; check for 0.7.7 or later + java -jar "$SCRIPT_DIR"/cmdline.jar --version | jq -re .version | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 > 7) || ($1 == 0 && $2 == 7 && $3 >= 7)) exit 0; else exit 1; }' + exit $? + else + echo "ecwrap not supported" + exit 1 + fi + ;; + + hexless) + set -o pipefail + java -jar "$SCRIPT_DIR"/cmdline.jar --version | jq -re .tdfSpecVersion | awk -F. '{ if ($1 > 4 || ($1 == 4 && $2 > 2) || ($1 == 4 && $2 == 3 && $3 >= 0)) exit 0; else exit 1; }' + exit $? + ;; + + hexaflexible) + java -jar "$SCRIPT_DIR"/cmdline.jar help encrypt | grep with-target-mode + exit $? + ;; + + *) + echo "Unknown feature: $2" + exit 2 + ;; + esac fi args=( - "--client-id=$CLIENTID" - "--client-secret=$CLIENTSECRET" - "--plaintext" + "--client-id=$CLIENTID" + "--client-secret=$CLIENTSECRET" + "--plaintext" ) # when we added support for KAS allowlist, we changed the platform endpoint format to require scheme if java -jar "$SCRIPT_DIR"/cmdline.jar help decrypt | grep kas-allowlist; then - args+=("--platform-endpoint=$PLATFORMURL") + args+=("--platform-endpoint=$PLATFORMURL") else - args+=("--platform-endpoint=$PLATFORMENDPOINT") + args+=("--platform-endpoint=$PLATFORMENDPOINT") fi args+=("$1") if [ "$1" == "encrypt" ]; then - args+=("--kas-url=$KASURL") + args+=("--kas-url=$KASURL") - if [ "$XT_WITH_ECDSA_BINDING" == "true" ]; then - args+=(--ecdsa-binding) - fi + if [ "$XT_WITH_ECDSA_BINDING" == "true" ]; then + args+=(--ecdsa-binding) + fi - if [ "$XT_WITH_ECWRAP" == 'true' ]; then - args+=(--encap-key-type="ec:secp256r1") - fi + if [ "$XT_WITH_ECWRAP" == 'true' ]; then + args+=(--encap-key-type="ec:secp256r1") + fi - if [ "$XT_WITH_PLAINTEXT_POLICY" == "true" ]; then - args+=(--policy-type="plaintext") - fi + if [ "$XT_WITH_PLAINTEXT_POLICY" == "true" ]; then + args+=(--policy-type="plaintext") + fi else - if [ "$XT_WITH_ECWRAP" == 'true' ]; then - args+=(--rewrap-key-type="ec:secp256r1") - fi + if [ "$XT_WITH_ECWRAP" == 'true' ]; then + args+=(--rewrap-key-type="ec:secp256r1") + fi fi if [ "$1" == "decrypt" ]; then - if [ -n "$XT_WITH_KAS_ALLOW_LIST" ]; then - args+=(--kas-allowlist="$XT_WITH_KAS_ALLOW_LIST") - fi + if [ -n "$XT_WITH_KAS_ALLOW_LIST" ]; then + args+=(--kas-allowlist="$XT_WITH_KAS_ALLOW_LIST") + fi - if [ "$XT_WITH_IGNORE_KAS_ALLOWLIST" == "true" ]; then - args+=(--ignore-kas-allowlist=true) - fi + if [ "$XT_WITH_IGNORE_KAS_ALLOWLIST" == "true" ]; then + args+=(--ignore-kas-allowlist=true) + fi fi if [ -n "$XT_WITH_MIME_TYPE" ]; then - args+=(--mime-type "$XT_WITH_MIME_TYPE") + args+=(--mime-type "$XT_WITH_MIME_TYPE") fi if [ -n "$XT_WITH_ATTRIBUTES" ]; then - args+=(--attr "$XT_WITH_ATTRIBUTES") + args+=(--attr "$XT_WITH_ATTRIBUTES") fi if [ -n "$XT_WITH_ASSERTIONS" ]; then - args+=(--with-assertions "$XT_WITH_ASSERTIONS") + args+=(--with-assertions "$XT_WITH_ASSERTIONS") fi if [ -n "$XT_WITH_ASSERTION_VERIFICATION_KEYS" ]; then - args+=(--with-assertion-verification-keys "$XT_WITH_ASSERTION_VERIFICATION_KEYS") + args+=(--with-assertion-verification-keys "$XT_WITH_ASSERTION_VERIFICATION_KEYS") fi if [ "$XT_WITH_VERIFY_ASSERTIONS" == 'false' ]; then - args+=(--with-assertion-verification-disabled) + args+=(--with-assertion-verification-disabled) fi if [ -n "$XT_WITH_TARGET_MODE" ]; then - args+=(--with-target-mode "$XT_WITH_TARGET_MODE") + args+=(--with-target-mode "$XT_WITH_TARGET_MODE") fi echo java -jar "$SCRIPT_DIR"/cmdline.jar "${args[@]}" --file="$2" ">" "$3" diff --git a/xtest/sdk/js/cli.sh b/xtest/sdk/js/cli.sh index ffe6f915..b73ddd8a 100755 --- a/xtest/sdk/js/cli.sh +++ b/xtest/sdk/js/cli.sh @@ -23,70 +23,70 @@ SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) CTL=@opentdf/ctl if grep opentdf/cli "$SCRIPT_DIR/package.json"; then - CTL=@opentdf/cli + CTL=@opentdf/cli fi if [ "$1" == "supports" ]; then - if ! cd "$SCRIPT_DIR"; then - echo "failed: [cd $SCRIPT_DIR]" - exit 1 - fi - case "$2" in - assertions) - npx $CTL help | grep assertions - exit $? - ;; - assertion_verification) - npx $CTL help | grep assertionVerificationKeys - exit $? - ;; - autoconfigure | ns_grants) - npx $CTL help | grep autoconfigure - exit $? - ;; - kasallowlist) - npx $CTL help | grep 'from "/key-access-servers" endpoint' - exit $? - ;; - ecwrap) - if npx $CTL help | grep encapKeyType; then - # Claims to support ecwrap, but maybe with old salt? Look up version - npx $CTL --version | jq -re '.["@opentdf/sdk"]' | awk -F. '{ if ($1 > 2) exit 0; else exit 1; }' - exit $? - else - echo "ecwrap not supported" - exit 1 - fi - ;; - hexless) - set -o pipefail - npx $CTL --version | jq -re .tdfSpecVersion | awk -F. '{ if ($1 > 4 || ($1 == 4 && $2 > 2) || ($1 == 4 && $2 == 3 && $3 >= 0)) exit 0; else exit 1; }' - exit $? - ;; - hexaflexible) - npx $CTL help | grep tdfSpecVersion - exit $? - ;; - obligations) - # Obligations support from SDK version >= 0.6.0 - set -o pipefail - npx $CTL --version | jq -re '.["@opentdf/sdk"]' | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 >= 6)) exit 0; else exit 1; }' - exit $? - ;; - *) - echo "Unknown feature: $2" - exit 2 - ;; - esac + if ! cd "$SCRIPT_DIR"; then + echo "failed: [cd $SCRIPT_DIR]" + exit 1 + fi + case "$2" in + assertions) + npx $CTL help | grep assertions + exit $? + ;; + assertion_verification) + npx $CTL help | grep assertionVerificationKeys + exit $? + ;; + autoconfigure | ns_grants) + npx $CTL help | grep autoconfigure + exit $? + ;; + kasallowlist) + npx $CTL help | grep 'from "/key-access-servers" endpoint' + exit $? + ;; + ecwrap) + if npx $CTL help | grep encapKeyType; then + # Claims to support ecwrap, but maybe with old salt? Look up version + npx $CTL --version | jq -re '.["@opentdf/sdk"]' | awk -F. '{ if ($1 > 2) exit 0; else exit 1; }' + exit $? + else + echo "ecwrap not supported" + exit 1 + fi + ;; + hexless) + set -o pipefail + npx $CTL --version | jq -re .tdfSpecVersion | awk -F. '{ if ($1 > 4 || ($1 == 4 && $2 > 2) || ($1 == 4 && $2 == 3 && $3 >= 0)) exit 0; else exit 1; }' + exit $? + ;; + hexaflexible) + npx $CTL help | grep tdfSpecVersion + exit $? + ;; + obligations) + # Obligations support from SDK version >= 0.6.0 + set -o pipefail + npx $CTL --version | jq -re '.["@opentdf/sdk"]' | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 >= 6)) exit 0; else exit 1; }' + exit $? + ;; + *) + echo "Unknown feature: $2" + exit 2 + ;; + esac fi XTEST_DIR=$SCRIPT_DIR while [ "$XTEST_DIR" != "/" ]; do - if [ -d "$XTEST_DIR/xtest" ]; then - XTEST_DIR="$XTEST_DIR/xtest" - break - fi - XTEST_DIR=$(dirname "$XTEST_DIR") + if [ -d "$XTEST_DIR/xtest" ]; then + XTEST_DIR="$XTEST_DIR/xtest" + break + fi + XTEST_DIR=$(dirname "$XTEST_DIR") done # shellcheck disable=SC1091 @@ -96,105 +96,105 @@ src_file=$(realpath "$2") dst_file=$(realpath "$(dirname "$3")")/$(basename "$3") args=( - --output "$dst_file" - --kasEndpoint "$KASURL" - --oidcEndpoint "$KCFULLURL" - --auth opentdf:secret + --output "$dst_file" + --kasEndpoint "$KASURL" + --oidcEndpoint "$KCFULLURL" + --auth opentdf:secret ) args+=(--containerType tdf3) if [ -n "$XT_WITH_ATTRIBUTES" ]; then - attributes="$XT_WITH_ATTRIBUTES" - if [ -f "$attributes" ]; then - attributes=$(realpath "$attributes") - echo "Attributes are a file: $attributes" - args+=(--attributes "$attributes") - else - # Attributes are a comma separated list - echo "Attributes are: $attributes" - args+=(--attributes "$attributes") - fi + attributes="$XT_WITH_ATTRIBUTES" + if [ -f "$attributes" ]; then + attributes=$(realpath "$attributes") + echo "Attributes are a file: $attributes" + args+=(--attributes "$attributes") + else + # Attributes are a comma separated list + echo "Attributes are: $attributes" + args+=(--attributes "$attributes") + fi fi if [ -n "$XT_WITH_ASSERTIONS" ]; then - assertions="$XT_WITH_ASSERTIONS" - if [ -f "$assertions" ]; then - assertions=$(realpath "$assertions") - echo "Assertions are a file: $assertions" - args+=(--assertions "$assertions") - elif [ "$(echo "$assertions" | jq -e . >/dev/null 2>&1 && echo valid || echo invalid)" == "valid" ]; then - # Assertions are plain json - echo "Assertions are plain json: $assertions" - args+=(--assertions "$assertions") - else - echo "Invalid or missing assertion file: $assertions" - exit 1 - fi + assertions="$XT_WITH_ASSERTIONS" + if [ -f "$assertions" ]; then + assertions=$(realpath "$assertions") + echo "Assertions are a file: $assertions" + args+=(--assertions "$assertions") + elif [ "$(echo "$assertions" | jq -e . >/dev/null 2>&1 && echo valid || echo invalid)" == "valid" ]; then + # Assertions are plain json + echo "Assertions are plain json: $assertions" + args+=(--assertions "$assertions") + else + echo "Invalid or missing assertion file: $assertions" + exit 1 + fi fi if [ -n "$XT_WITH_ASSERTION_VERIFICATION_KEYS" ]; then - verification_keys="$XT_WITH_ASSERTION_VERIFICATION_KEYS" - if [ -f "$verification_keys" ]; then - verification_keys=$(realpath "$verification_keys") - echo "Verification keys are a file: $verification_keys" - args+=(--assertionVerificationKeys "$verification_keys") - else - echo "Invalid or missing verification keys file: $verification_keys" - exit 1 - fi + verification_keys="$XT_WITH_ASSERTION_VERIFICATION_KEYS" + if [ -f "$verification_keys" ]; then + verification_keys=$(realpath "$verification_keys") + echo "Verification keys are a file: $verification_keys" + args+=(--assertionVerificationKeys "$verification_keys") + else + echo "Invalid or missing verification keys file: $verification_keys" + exit 1 + fi fi if ! cd "$SCRIPT_DIR"; then - echo "failed: [cd $SCRIPT_DIR]" - exit 1 + echo "failed: [cd $SCRIPT_DIR]" + exit 1 fi if [ "$1" == "encrypt" ]; then - if npx $CTL help | grep autoconfigure; then - args+=(--policyEndpoint "$PLATFORMURL" --autoconfigure true) - fi - if [ -n "$XT_WITH_ECDSA_BINDING" ]; then - if [ "$XT_WITH_ECDSA_BINDING" == "true" ]; then - args+=(--policyBinding ecdsa) - fi - fi - if [ "$XT_WITH_ECWRAP" == 'true' ]; then - args+=(--encapKeyType "ec:secp256r1") - fi + if npx $CTL help | grep autoconfigure; then + args+=(--policyEndpoint "$PLATFORMURL" --autoconfigure true) + fi + if [ -n "$XT_WITH_ECDSA_BINDING" ]; then + if [ "$XT_WITH_ECDSA_BINDING" == "true" ]; then + args+=(--policyBinding ecdsa) + fi + fi + if [ "$XT_WITH_ECWRAP" == 'true' ]; then + args+=(--encapKeyType "ec:secp256r1") + fi - if [ "$XT_WITH_PLAINTEXT_POLICY" == "true" ]; then - args+=(--policyType plaintext) - fi - if [ -n "$XT_WITH_TARGET_MODE" ]; then - args+=(--tdfSpecVersion "$XT_WITH_TARGET_MODE") - fi + if [ "$XT_WITH_PLAINTEXT_POLICY" == "true" ]; then + args+=(--policyType plaintext) + fi + if [ -n "$XT_WITH_TARGET_MODE" ]; then + args+=(--tdfSpecVersion "$XT_WITH_TARGET_MODE") + fi - echo npx $CTL encrypt "$src_file" "${args[@]}" - npx $CTL encrypt "$src_file" "${args[@]}" + echo npx $CTL encrypt "$src_file" "${args[@]}" + npx $CTL encrypt "$src_file" "${args[@]}" elif [ "$1" == "decrypt" ]; then - if [ "$XT_WITH_VERIFY_ASSERTIONS" == 'false' ]; then - args+=(--noVerifyAssertions) - fi - if [ "$XT_WITH_ECWRAP" == 'true' ]; then - args+=(--rewrapKeyType "ec:secp256r1") - fi - if [ -n "$XT_WITH_KAS_ALLOW_LIST" ]; then - args+=(--allowList "$XT_WITH_KAS_ALLOW_LIST") - fi - if [ "$XT_WITH_IGNORE_KAS_ALLOWLIST" == "true" ]; then - args+=(--ignoreAllowList) - fi - # only ignore allowlist if the kas allowlist fetching from kas registry has not been implemented - if npx $CTL help | grep 'from "/key-access-servers" endpoint'; then - args+=(--policyEndpoint "$PLATFORMURL") - else - args+=(--ignoreAllowList) - fi + if [ "$XT_WITH_VERIFY_ASSERTIONS" == 'false' ]; then + args+=(--noVerifyAssertions) + fi + if [ "$XT_WITH_ECWRAP" == 'true' ]; then + args+=(--rewrapKeyType "ec:secp256r1") + fi + if [ -n "$XT_WITH_KAS_ALLOW_LIST" ]; then + args+=(--allowList "$XT_WITH_KAS_ALLOW_LIST") + fi + if [ "$XT_WITH_IGNORE_KAS_ALLOWLIST" == "true" ]; then + args+=(--ignoreAllowList) + fi + # only ignore allowlist if the kas allowlist fetching from kas registry has not been implemented + if npx $CTL help | grep 'from "/key-access-servers" endpoint'; then + args+=(--policyEndpoint "$PLATFORMURL") + else + args+=(--ignoreAllowList) + fi - echo npx $CTL decrypt "$src_file" "${args[@]}" - npx $CTL decrypt "$src_file" "${args[@]}" + echo npx $CTL decrypt "$src_file" "${args[@]}" + npx $CTL decrypt "$src_file" "${args[@]}" else - echo "Incorrect argument provided" - exit 1 + echo "Incorrect argument provided" + exit 1 fi diff --git a/xtest/sdk/scripts/checkout-all.sh b/xtest/sdk/scripts/checkout-all.sh index e8c69ffb..ca08fae8 100755 --- a/xtest/sdk/scripts/checkout-all.sh +++ b/xtest/sdk/scripts/checkout-all.sh @@ -5,8 +5,8 @@ SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) for sdk in go java js; do - if ! "$SCRIPT_DIR/checkout-sdk-branch.sh" "$sdk" main; then - echo "Failed to checkout $sdk main branch" - exit 1 - fi + if ! "$SCRIPT_DIR/checkout-sdk-branch.sh" "$sdk" main; then + echo "Failed to checkout $sdk main branch" + exit 1 + fi done diff --git a/xtest/sdk/scripts/checkout-sdk-branch.sh b/xtest/sdk/scripts/checkout-sdk-branch.sh index a941125d..40cfa91d 100755 --- a/xtest/sdk/scripts/checkout-sdk-branch.sh +++ b/xtest/sdk/scripts/checkout-sdk-branch.sh @@ -17,55 +17,55 @@ LOCAL_NAME=${BRANCH//\//--} # Strip well known prefixes for monorepo output if [[ $LOCAL_NAME == sdk--* ]]; then - LOCAL_NAME=${LOCAL_NAME#sdk--} + LOCAL_NAME=${LOCAL_NAME#sdk--} fi case "$LANGUAGE" in - js) - BARE_REPO_PATH="$XTEST_DIR/sdk/js/src/web-sdk.git" - WORKTREE_PATH="$XTEST_DIR/sdk/js/src/$LOCAL_NAME" - REPO_URL="https://github.com/opentdf/web-sdk" - ;; - java) - BARE_REPO_PATH="$XTEST_DIR/sdk/java/src/java-sdk.git" - WORKTREE_PATH="$XTEST_DIR/sdk/java/src/$LOCAL_NAME" - REPO_URL="https://github.com/opentdf/java-sdk" - ;; - go) - BARE_REPO_PATH="$XTEST_DIR/sdk/go/src/otdfctl.git" - WORKTREE_PATH="$XTEST_DIR/sdk/go/src/$LOCAL_NAME" - REPO_URL="https://github.com/opentdf/otdfctl" - ;; - *) - echo "Error: Unsupported language '$LANGUAGE'. Supported values are 'js', 'java', or 'go'." >&2 - exit 1 - ;; +js) + BARE_REPO_PATH="$XTEST_DIR/sdk/js/src/web-sdk.git" + WORKTREE_PATH="$XTEST_DIR/sdk/js/src/$LOCAL_NAME" + REPO_URL="https://github.com/opentdf/web-sdk" + ;; +java) + BARE_REPO_PATH="$XTEST_DIR/sdk/java/src/java-sdk.git" + WORKTREE_PATH="$XTEST_DIR/sdk/java/src/$LOCAL_NAME" + REPO_URL="https://github.com/opentdf/java-sdk" + ;; +go) + BARE_REPO_PATH="$XTEST_DIR/sdk/go/src/otdfctl.git" + WORKTREE_PATH="$XTEST_DIR/sdk/go/src/$LOCAL_NAME" + REPO_URL="https://github.com/opentdf/otdfctl" + ;; +*) + echo "Error: Unsupported language '$LANGUAGE'. Supported values are 'js', 'java', or 'go'." >&2 + exit 1 + ;; esac # Function to execute a command and handle errors run_command() { - "$@" - local status=$? - if [[ $status -ne 0 ]]; then - echo "Error: Command '$*' failed." >&2 - exit $status - fi + "$@" + local status=$? + if [[ $status -ne 0 ]]; then + echo "Error: Command '$*' failed." >&2 + exit $status + fi } # Clone the repository as bare if it doesn't exist if [[ ! -d $BARE_REPO_PATH ]]; then - echo "Cloning $REPO_URL as a bare repository into $BARE_REPO_PATH..." - run_command git clone --bare "$REPO_URL" "$BARE_REPO_PATH" + echo "Cloning $REPO_URL as a bare repository into $BARE_REPO_PATH..." + run_command git clone --bare "$REPO_URL" "$BARE_REPO_PATH" else - echo "Bare repository already exists at $BARE_REPO_PATH. Fetching updates..." - run_command git --git-dir="$BARE_REPO_PATH" fetch --all + echo "Bare repository already exists at $BARE_REPO_PATH. Fetching updates..." + run_command git --git-dir="$BARE_REPO_PATH" fetch --all fi # Check if the worktree for the specified branch exists if [[ -d $WORKTREE_PATH ]]; then - echo "Worktree for branch '$BRANCH' already exists at $WORKTREE_PATH. Updating..." - run_command git --git-dir="$BARE_REPO_PATH" --work-tree="$WORKTREE_PATH" pull origin "$BRANCH" + echo "Worktree for branch '$BRANCH' already exists at $WORKTREE_PATH. Updating..." + run_command git --git-dir="$BARE_REPO_PATH" --work-tree="$WORKTREE_PATH" pull origin "$BRANCH" else - echo "Setting up worktree for branch '$BRANCH' at $WORKTREE_PATH..." - run_command git --git-dir="$BARE_REPO_PATH" worktree add "$WORKTREE_PATH" "$BRANCH" + echo "Setting up worktree for branch '$BRANCH' at $WORKTREE_PATH..." + run_command git --git-dir="$BARE_REPO_PATH" worktree add "$WORKTREE_PATH" "$BRANCH" fi diff --git a/xtest/sdk/scripts/cleanup-all.sh b/xtest/sdk/scripts/cleanup-all.sh index 4027bcb9..8aa5095e 100755 --- a/xtest/sdk/scripts/cleanup-all.sh +++ b/xtest/sdk/scripts/cleanup-all.sh @@ -4,14 +4,14 @@ SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) for sdk in go java js; do - rm -rf "$SCRIPT_DIR/../$sdk/dist" - for branch in "$SCRIPT_DIR/../${sdk}/src/"*; do - # Check if the path ends with .git - if [[ $branch == *.git ]]; then - continue - fi - if [ -d "$branch" ]; then - rm -rf "$branch" - fi - done + rm -rf "$SCRIPT_DIR/../$sdk/dist" + for branch in "$SCRIPT_DIR/../${sdk}/src/"*; do + # Check if the path ends with .git + if [[ $branch == *.git ]]; then + continue + fi + if [ -d "$branch" ]; then + rm -rf "$branch" + fi + done done diff --git a/xtest/sdk/scripts/post-checkout-java.sh b/xtest/sdk/scripts/post-checkout-java.sh index 0336602e..c5ffe7e8 100755 --- a/xtest/sdk/scripts/post-checkout-java.sh +++ b/xtest/sdk/scripts/post-checkout-java.sh @@ -10,84 +10,84 @@ BASE_DIR="$SCRIPT_DIR/../java/src" # Detect the operating system to use the correct sed syntax if [[ "$(uname)" == "Darwin" ]]; then - SED_CMD="sed -i ''" + SED_CMD="sed -i ''" else - SED_CMD="sed -i" + SED_CMD="sed -i" fi # Map Java SDK version to compatible platform protocol branch # Must match the mappings in resolve-version.py get_platform_branch() { - local version="$1" - case "$version" in - 0.7.8|0.7.7) echo "protocol/go/v0.2.29" ;; - 0.7.6) echo "protocol/go/v0.2.25" ;; - 0.7.5|0.7.4) echo "protocol/go/v0.2.18" ;; - 0.7.3|0.7.2) echo "protocol/go/v0.2.17" ;; - 0.6.1|0.6.0) echo "protocol/go/v0.2.14" ;; - 0.5.0) echo "protocol/go/v0.2.13" ;; - 0.4.0|0.3.0|0.2.0) echo "protocol/go/v0.2.10" ;; - 0.1.0) echo "protocol/go/v0.2.3" ;; - *) echo "main" ;; # Default to main for unknown/newer versions - esac - return 0 + local version="$1" + case "$version" in + 0.7.8 | 0.7.7) echo "protocol/go/v0.2.29" ;; + 0.7.6) echo "protocol/go/v0.2.25" ;; + 0.7.5 | 0.7.4) echo "protocol/go/v0.2.18" ;; + 0.7.3 | 0.7.2) echo "protocol/go/v0.2.17" ;; + 0.6.1 | 0.6.0) echo "protocol/go/v0.2.14" ;; + 0.5.0) echo "protocol/go/v0.2.13" ;; + 0.4.0 | 0.3.0 | 0.2.0) echo "protocol/go/v0.2.10" ;; + 0.1.0) echo "protocol/go/v0.2.3" ;; + *) echo "main" ;; # Default to main for unknown/newer versions + esac + return 0 } # Loop through all subdirectories in the base directory find "$BASE_DIR" -mindepth 1 -maxdepth 1 -type d -not -name "*.git" | while read -r SRC_DIR; do - POM_FILE="$SRC_DIR/sdk/pom.xml" + POM_FILE="$SRC_DIR/sdk/pom.xml" - # Skip if path or file does not exist - if [[ ! -f $POM_FILE ]]; then - echo "No pom.xml file found in $SRC_DIR, skipping." - continue - fi + # Skip if path or file does not exist + if [[ ! -f $POM_FILE ]]; then + echo "No pom.xml file found in $SRC_DIR, skipping." + continue + fi - # Extract version from directory name (e.g., "v0.7.5" -> "0.7.5", "main" -> "main") - DIR_NAME=$(basename "$SRC_DIR") - VERSION="${DIR_NAME#v}" # Remove leading 'v' if present - PLATFORM_BRANCH=$(get_platform_branch "$VERSION") + # Extract version from directory name (e.g., "v0.7.5" -> "0.7.5", "main" -> "main") + DIR_NAME=$(basename "$SRC_DIR") + VERSION="${DIR_NAME#v}" # Remove leading 'v' if present + PLATFORM_BRANCH=$(get_platform_branch "$VERSION") - # Check if the correct platform.branch is already set - if grep -q "$PLATFORM_BRANCH" "$POM_FILE"; then - echo "platform.branch already set to $PLATFORM_BRANCH in $POM_FILE, skipping." - continue - fi + # Check if the correct platform.branch is already set + if grep -q "$PLATFORM_BRANCH" "$POM_FILE"; then + echo "platform.branch already set to $PLATFORM_BRANCH in $POM_FILE, skipping." + continue + fi - # If we don't have a specific mapping for this version (defaults to "main"), - # check if the pom.xml already has a valid protocol/go branch set - don't overwrite it - if [[ "$PLATFORM_BRANCH" == "main" ]]; then - if grep -q "protocol/go/" "$POM_FILE"; then - EXISTING_BRANCH=$(grep -o "[^<]*" "$POM_FILE" | sed 's/<[^>]*>//g') - echo "platform.branch already set to $EXISTING_BRANCH in $POM_FILE (no mapping for version $VERSION), skipping." - continue - fi - fi + # If we don't have a specific mapping for this version (defaults to "main"), + # check if the pom.xml already has a valid protocol/go branch set - don't overwrite it + if [[ "$PLATFORM_BRANCH" == "main" ]]; then + if grep -q "protocol/go/" "$POM_FILE"; then + EXISTING_BRANCH=$(grep -o "[^<]*" "$POM_FILE" | sed 's/<[^>]*>//g') + echo "platform.branch already set to $EXISTING_BRANCH in $POM_FILE (no mapping for version $VERSION), skipping." + continue + fi + fi - echo "Updating $POM_FILE (version=$VERSION, platform.branch=$PLATFORM_BRANCH)..." + echo "Updating $POM_FILE (version=$VERSION, platform.branch=$PLATFORM_BRANCH)..." - # Check if platform.branch property exists (possibly with wrong value) - if grep -q "" "$POM_FILE"; then - # Replace existing platform.branch value with the correct one - $SED_CMD "s|[^<]*|$PLATFORM_BRANCH|g" "$POM_FILE" - echo "Updated existing platform.branch to $PLATFORM_BRANCH in $POM_FILE" - else - # Add the platform.branch property to the section - $SED_CMD "//a \\ + # Check if platform.branch property exists (possibly with wrong value) + if grep -q "" "$POM_FILE"; then + # Replace existing platform.branch value with the correct one + $SED_CMD "s|[^<]*|$PLATFORM_BRANCH|g" "$POM_FILE" + echo "Updated existing platform.branch to $PLATFORM_BRANCH in $POM_FILE" + else + # Add the platform.branch property to the section + $SED_CMD "//a \\ $PLATFORM_BRANCH" "$POM_FILE" - # Only replace branch=main if the property now exists (sed above may have failed silently if no section) - if grep -q "" "$POM_FILE"; then - # Replace hardcoded branch=main with branch=${platform.branch} in the maven-antrun-plugin configuration - # shellcheck disable=SC2016 # Literal $; it is for a variable expansion in the maven file - $SED_CMD 's/branch=main/branch=${platform.branch}/g' "$POM_FILE" - echo "Added platform.branch=$PLATFORM_BRANCH and updated branch references in $POM_FILE" - else - # No section exists, directly replace branch=main with the actual branch value - $SED_CMD "s|branch=main|branch=$PLATFORM_BRANCH|g" "$POM_FILE" - echo "No section, directly replaced branch=main with branch=$PLATFORM_BRANCH in $POM_FILE" - fi - fi + # Only replace branch=main if the property now exists (sed above may have failed silently if no section) + if grep -q "" "$POM_FILE"; then + # Replace hardcoded branch=main with branch=${platform.branch} in the maven-antrun-plugin configuration + # shellcheck disable=SC2016 # Literal $; it is for a variable expansion in the maven file + $SED_CMD 's/branch=main/branch=${platform.branch}/g' "$POM_FILE" + echo "Added platform.branch=$PLATFORM_BRANCH and updated branch references in $POM_FILE" + else + # No section exists, directly replace branch=main with the actual branch value + $SED_CMD "s|branch=main|branch=$PLATFORM_BRANCH|g" "$POM_FILE" + echo "No section, directly replaced branch=main with branch=$PLATFORM_BRANCH in $POM_FILE" + fi + fi done echo "Update complete." From c38451370df18a7afb54e674690741b5bf3a6dba Mon Sep 17 00:00:00 2001 From: David Mihalcik Date: Thu, 12 Feb 2026 21:28:29 -0500 Subject: [PATCH 2/4] chore(ci): enforce shell script formatting with shfmt Add shfmt check step to the check workflow to ensure all shell scripts are formatted according to the .shfmt configuration at repository root. Co-Authored-By: Claude Sonnet 4.5 --- .github/workflows/check.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 67d57978..150a2bab 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -19,6 +19,8 @@ jobs: run: >- docker run --rm -v "$PWD:/mnt" --workdir "/mnt" "koalaman/shellcheck:v0.8.0" --color=always \ $(find . -type f -exec grep -m1 -l -E '^#!.*sh.*' {} \; | grep -v '/.git/') + - name: Check shell script formatting with shfmt + run: docker run --rm -v "$PWD:/mnt" --workdir "/mnt" mvdan/shfmt:v3 -d . - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: '3.14' From b04829b15b31a222f7e601ffd10bc8f3bc8ad905 Mon Sep 17 00:00:00 2001 From: David Mihalcik Date: Thu, 12 Feb 2026 21:34:43 -0500 Subject: [PATCH 3/4] chore: migrate shfmt config to .editorconfig and reformat Replace .shfmt with .editorconfig format for shell script formatting. Reformat all shell scripts with 2-space indentation and proper spacing around redirects according to the .editorconfig [*.sh] section. Co-Authored-By: Claude Sonnet 4.5 --- .editorconfig | 28 +++ .shfmt | 20 -- xtest/sdk/go/cli.sh | 250 ++++++++++----------- xtest/sdk/go/otdfctl.sh | 6 +- xtest/sdk/java/cli.sh | 160 ++++++------- xtest/sdk/js/cli.sh | 274 +++++++++++------------ xtest/sdk/scripts/checkout-all.sh | 10 +- xtest/sdk/scripts/checkout-sdk-branch.sh | 72 +++--- xtest/sdk/scripts/cleanup-all.sh | 22 +- xtest/sdk/scripts/post-checkout-java.sh | 122 +++++----- 10 files changed, 486 insertions(+), 478 deletions(-) create mode 100644 .editorconfig delete mode 100644 .shfmt diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 00000000..66818d8e --- /dev/null +++ b/.editorconfig @@ -0,0 +1,28 @@ +# EditorConfig is awesome: https://EditorConfig.org + +# top-most EditorConfig file +root = true + +# Shell scripts +[*.sh] +# Language variant +shell_variant = bash + +# Indentation (2 spaces) +indent_style = space +indent_size = 2 + +# Binary operators at start of line +binary_next_line = false + +# Switch case indentation +switch_case_indent = true + +# Redirect operators with space +space_redirects = true + +# Keep column alignment +keep_padding = true + +# Function brace on same line +function_next_line = false diff --git a/.shfmt b/.shfmt deleted file mode 100644 index 93644280..00000000 --- a/.shfmt +++ /dev/null @@ -1,20 +0,0 @@ -# Language variant -language_dialect: bash - -# Indentation (2 spaces) -indent: 2 - -# Binary operators at start of line -binary_next_line: false - -# Switch case indentation -switch_case_indent: true - -# Redirect operators with space -space_redirects: true - -# Keep column alignment -keep_padding: true - -# Function brace on same line -function_next_line: false diff --git a/xtest/sdk/go/cli.sh b/xtest/sdk/go/cli.sh index 0308d3e2..5afff0d1 100755 --- a/xtest/sdk/go/cli.sh +++ b/xtest/sdk/go/cli.sh @@ -18,155 +18,155 @@ # XT_WITH_ATTRIBUTES [string] - Attributes to be used for encryption # XT_WITH_MIME_TYPE [string] - MIME type for the encrypted file # -SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) +SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd) cmd=("$SCRIPT_DIR"/otdfctl) if [ ! -f "$SCRIPT_DIR"/otdfctl ]; then - cmd=(go run "github.com/opentdf/otdfctl@latest") + cmd=(go run "github.com/opentdf/otdfctl@latest") fi if [ "$1" == "supports" ]; then - case "$2" in - autoconfigure | ns_grants) - exit 0 - ;; - obligations) - # Obligations support from SDK version 0.10.0 - set -o pipefail - "${cmd[@]}" --version --json | jq -re .sdk_version | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 > 10) || ($1 == 0 && $2 == 10 && $3 >= 0)) exit 0; else exit 1; }' - exit $? - ;; - assertions | assertion_verification) - "${cmd[@]}" help decrypt | grep with-assertion-verification-keys - exit $? - ;; - kasallowlist) - "${cmd[@]}" help decrypt | grep kas-allowlist - exit $? - ;; - key_management) - # Advanced key management from SDK version 0.5.1 - "${cmd[@]}" --version --json | jq -re .sdk_version | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 > 5) || ($1 == 0 && $2 == 5 && $3 >= 1)) exit 0; else exit 1; }' - exit $? - ;; - ecwrap) - if "${cmd[@]}" help encrypt | grep wrapping-key; then - # while the otdfctl app may support ecwrap, but sdk versions 0.3.28 and earlier uses the old salt - set -o pipefail - "${cmd[@]}" --version --json | jq -re .sdk_version | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 > 3) || ($1 == 0 && $2 == 3 && $3 >= 29)) exit 0; else exit 1; }' - exit $? - else - echo "ecwrap not supported" - exit 1 - fi - ;; - hexless) - set -o pipefail - # Schema version 4.3.0 introduced hexless - "${cmd[@]}" --version --json | jq -re .schema_version | awk -F. '{ if ($1 > 4 || ($1 == 4 && $2 >= 2)) exit 0; else exit 1; }' - exit $? - ;; - hexaflexible) - "${cmd[@]}" help encrypt | grep target-mode - exit $? - ;; - connectrpc) - set -o pipefail - # SDK version 0.4.5 introduces connectrpc client side - "${cmd[@]}" --version --json | jq -re .sdk_version | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 > 4) || ($1 == 0 && $2 == 4 && $3 >= 5)) exit 0; else exit 1; }' - exit $? - ;; - better-messages-2024) - # In November 2024, we added more. detailed error messages - # These appeared in go sdk 0.3.28 - set -o pipefail - "${cmd[@]}" --version --json | jq -re .sdk_version | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 > 3) || ($1 == 0 && $2 == 3 && $3 >= 18)) exit 0; else exit 1; }' - exit $? - ;; - *) - echo "Unknown feature: $2" - exit 2 - ;; - esac + case "$2" in + autoconfigure | ns_grants) + exit 0 + ;; + obligations) + # Obligations support from SDK version 0.10.0 + set -o pipefail + "${cmd[@]}" --version --json | jq -re .sdk_version | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 > 10) || ($1 == 0 && $2 == 10 && $3 >= 0)) exit 0; else exit 1; }' + exit $? + ;; + assertions | assertion_verification) + "${cmd[@]}" help decrypt | grep with-assertion-verification-keys + exit $? + ;; + kasallowlist) + "${cmd[@]}" help decrypt | grep kas-allowlist + exit $? + ;; + key_management) + # Advanced key management from SDK version 0.5.1 + "${cmd[@]}" --version --json | jq -re .sdk_version | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 > 5) || ($1 == 0 && $2 == 5 && $3 >= 1)) exit 0; else exit 1; }' + exit $? + ;; + ecwrap) + if "${cmd[@]}" help encrypt | grep wrapping-key; then + # while the otdfctl app may support ecwrap, but sdk versions 0.3.28 and earlier uses the old salt + set -o pipefail + "${cmd[@]}" --version --json | jq -re .sdk_version | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 > 3) || ($1 == 0 && $2 == 3 && $3 >= 29)) exit 0; else exit 1; }' + exit $? + else + echo "ecwrap not supported" + exit 1 + fi + ;; + hexless) + set -o pipefail + # Schema version 4.3.0 introduced hexless + "${cmd[@]}" --version --json | jq -re .schema_version | awk -F. '{ if ($1 > 4 || ($1 == 4 && $2 >= 2)) exit 0; else exit 1; }' + exit $? + ;; + hexaflexible) + "${cmd[@]}" help encrypt | grep target-mode + exit $? + ;; + connectrpc) + set -o pipefail + # SDK version 0.4.5 introduces connectrpc client side + "${cmd[@]}" --version --json | jq -re .sdk_version | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 > 4) || ($1 == 0 && $2 == 4 && $3 >= 5)) exit 0; else exit 1; }' + exit $? + ;; + better-messages-2024) + # In November 2024, we added more. detailed error messages + # These appeared in go sdk 0.3.28 + set -o pipefail + "${cmd[@]}" --version --json | jq -re .sdk_version | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 > 3) || ($1 == 0 && $2 == 3 && $3 >= 18)) exit 0; else exit 1; }' + exit $? + ;; + *) + echo "Unknown feature: $2" + exit 2 + ;; + esac fi XTEST_DIR="$SCRIPT_DIR" while [ ! -f "$XTEST_DIR/test.env" ] && [ "$(basename "$XTEST_DIR")" != "xtest" ]; do - XTEST_DIR=$(dirname "$XTEST_DIR") + XTEST_DIR=$(dirname "$XTEST_DIR") done if [ -f "$XTEST_DIR/test.env" ]; then - # shellcheck disable=SC1091 - source "$XTEST_DIR/test.env" + # shellcheck disable=SC1091 + source "$XTEST_DIR/test.env" else - echo "test.env not found, stopping at xtest directory." - exit 1 + echo "test.env not found, stopping at xtest directory." + exit 1 fi args=( - -o "$3" - --host "$PLATFORMURL" - --tls-no-verify - --log-level debug - --with-client-creds '{"clientId":"'"$CLIENTID"'","clientSecret":"'"$CLIENTSECRET"'"}' + -o "$3" + --host "$PLATFORMURL" + --tls-no-verify + --log-level debug + --with-client-creds '{"clientId":"'"$CLIENTID"'","clientSecret":"'"$CLIENTSECRET"'"}' ) if [ "$4" != "ztdf" ]; then - echo "Unsupported container format: $4" - exit 2 + echo "Unsupported container format: $4" + exit 2 fi if [ "$1" == "encrypt" ]; then - if [ -n "$XT_WITH_MIME_TYPE" ]; then - args+=(--mime-type "$XT_WITH_MIME_TYPE") - fi + if [ -n "$XT_WITH_MIME_TYPE" ]; then + args+=(--mime-type "$XT_WITH_MIME_TYPE") + fi - if [ -n "$XT_WITH_ATTRIBUTES" ]; then - args+=(--attr "$XT_WITH_ATTRIBUTES") - fi + if [ -n "$XT_WITH_ATTRIBUTES" ]; then + args+=(--attr "$XT_WITH_ATTRIBUTES") + fi - if [ -n "$XT_WITH_ASSERTIONS" ]; then - args+=(--with-assertions "$XT_WITH_ASSERTIONS") - fi - if [ "$XT_WITH_ECWRAP" == 'true' ]; then - args+=(--wrapping-key-algorithm "ec:secp256r1") - fi - if [ "$XT_WITH_ECDSA_BINDING" == "true" ]; then - args+=(--ecdsa-binding) - fi - if [ "$XT_WITH_PLAINTEXT_POLICY" == "true" ]; then - args+=(--policy-mode plaintext) - fi - if [ -n "$XT_WITH_TARGET_MODE" ]; then - args+=(--target-mode "$XT_WITH_TARGET_MODE") - fi - echo "${cmd[@]}" encrypt "${args[@]}" "$2" - if ! "${cmd[@]}" encrypt "${args[@]}" "$2"; then - exit 1 - fi - if [ -f "${3}.tdf" ]; then - # go helpfully adds a tdf extension to all files - mv "${3}.tdf" "${3}" - fi + if [ -n "$XT_WITH_ASSERTIONS" ]; then + args+=(--with-assertions "$XT_WITH_ASSERTIONS") + fi + if [ "$XT_WITH_ECWRAP" == 'true' ]; then + args+=(--wrapping-key-algorithm "ec:secp256r1") + fi + if [ "$XT_WITH_ECDSA_BINDING" == "true" ]; then + args+=(--ecdsa-binding) + fi + if [ "$XT_WITH_PLAINTEXT_POLICY" == "true" ]; then + args+=(--policy-mode plaintext) + fi + if [ -n "$XT_WITH_TARGET_MODE" ]; then + args+=(--target-mode "$XT_WITH_TARGET_MODE") + fi + echo "${cmd[@]}" encrypt "${args[@]}" "$2" + if ! "${cmd[@]}" encrypt "${args[@]}" "$2"; then + exit 1 + fi + if [ -f "${3}.tdf" ]; then + # go helpfully adds a tdf extension to all files + mv "${3}.tdf" "${3}" + fi elif [ "$1" == "decrypt" ]; then - if [ -n "$XT_WITH_ASSERTION_VERIFICATION_KEYS" ]; then - args+=(--with-assertion-verification-keys "$XT_WITH_ASSERTION_VERIFICATION_KEYS") - fi - if [ "$XT_WITH_ECWRAP" == 'true' ]; then - args+=(--session-key-algorithm "ec:secp256r1") - fi - if [ "$XT_WITH_VERIFY_ASSERTIONS" == 'false' ]; then - args+=(--no-verify-assertions) - fi - if [ -n "$XT_WITH_KAS_ALLOW_LIST" ]; then - args+=(--kas-allowlist "$XT_WITH_KAS_ALLOW_LIST") - fi - # bypassing the allowlist may expose potential security risks - if [ "$XT_WITH_IGNORE_KAS_ALLOWLIST" == "true" ]; then - args+=(--kas-allowlist '*') - fi - echo "${cmd[@]}" decrypt "${args[@]}" "$2" - "${cmd[@]}" decrypt "${args[@]}" "$2" + if [ -n "$XT_WITH_ASSERTION_VERIFICATION_KEYS" ]; then + args+=(--with-assertion-verification-keys "$XT_WITH_ASSERTION_VERIFICATION_KEYS") + fi + if [ "$XT_WITH_ECWRAP" == 'true' ]; then + args+=(--session-key-algorithm "ec:secp256r1") + fi + if [ "$XT_WITH_VERIFY_ASSERTIONS" == 'false' ]; then + args+=(--no-verify-assertions) + fi + if [ -n "$XT_WITH_KAS_ALLOW_LIST" ]; then + args+=(--kas-allowlist "$XT_WITH_KAS_ALLOW_LIST") + fi + # bypassing the allowlist may expose potential security risks + if [ "$XT_WITH_IGNORE_KAS_ALLOWLIST" == "true" ]; then + args+=(--kas-allowlist '*') + fi + echo "${cmd[@]}" decrypt "${args[@]}" "$2" + "${cmd[@]}" decrypt "${args[@]}" "$2" else - echo "Incorrect argument provided" - exit 1 + echo "Incorrect argument provided" + exit 1 fi diff --git a/xtest/sdk/go/otdfctl.sh b/xtest/sdk/go/otdfctl.sh index 8a130e76..c32ac1ad 100755 --- a/xtest/sdk/go/otdfctl.sh +++ b/xtest/sdk/go/otdfctl.sh @@ -5,11 +5,11 @@ # # Usage: ./otdfctl.sh [otdfctl options] # -SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) +SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd) XTEST_DIR="$SCRIPT_DIR" while [ ! -f "$XTEST_DIR/test.env" ] && [ "$(basename "$XTEST_DIR")" != "xtest" ]; do - XTEST_DIR=$(dirname "$XTEST_DIR") + XTEST_DIR=$(dirname "$XTEST_DIR") done # shellcheck source=../../test.env @@ -17,7 +17,7 @@ source "$XTEST_DIR/test.env" cmd=("$SCRIPT_DIR"/otdfctl) if [ ! -f "$SCRIPT_DIR"/otdfctl ]; then - cmd=(go run github.com/opentdf/otdfctl@latest) + cmd=(go run github.com/opentdf/otdfctl@latest) fi cmd+=(--json) diff --git a/xtest/sdk/java/cli.sh b/xtest/sdk/java/cli.sh index b874f152..1266d7b4 100755 --- a/xtest/sdk/java/cli.sh +++ b/xtest/sdk/java/cli.sh @@ -19,135 +19,135 @@ # XT_WITH_MIME_TYPE [string] - MIME type for the encrypted file # XT_WITH_TARGET_MODE [string] - Target spec mode for the encrypted file # -SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) +SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd) XTEST_DIR="$SCRIPT_DIR" while [ ! -f "$XTEST_DIR/test.env" ] && [ "$(basename "$XTEST_DIR")" != "xtest" ]; do - XTEST_DIR=$(dirname "$XTEST_DIR") + XTEST_DIR=$(dirname "$XTEST_DIR") done if [ -f "$XTEST_DIR/test.env" ]; then - # shellcheck disable=SC1091 - source "$XTEST_DIR/test.env" + # shellcheck disable=SC1091 + source "$XTEST_DIR/test.env" else - echo "test.env not found, stopping at xtest directory." - exit 1 + echo "test.env not found, stopping at xtest directory." + exit 1 fi if [ "$1" == "supports" ]; then - case "$2" in - autoconfigure | ns_grants) - exit 0 - ;; - assertions) - java -jar "$SCRIPT_DIR"/cmdline.jar help encrypt | grep with-assertions - exit $? - ;; - assertion_verification) - java -jar "$SCRIPT_DIR"/cmdline.jar help decrypt | grep with-assertion-verification-keys - exit $? - ;; - kasallowlist) - java -jar "$SCRIPT_DIR"/cmdline.jar help decrypt | grep kas-allowlist - exit $? - ;; - ecwrap) - if java -jar "$SCRIPT_DIR"/cmdline.jar help encrypt | grep encap-key; then - # versions 0.7.6 and earlier used an older value for EC HKDF salt; check for 0.7.7 or later - java -jar "$SCRIPT_DIR"/cmdline.jar --version | jq -re .version | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 > 7) || ($1 == 0 && $2 == 7 && $3 >= 7)) exit 0; else exit 1; }' - exit $? - else - echo "ecwrap not supported" - exit 1 - fi - ;; - - hexless) - set -o pipefail - java -jar "$SCRIPT_DIR"/cmdline.jar --version | jq -re .tdfSpecVersion | awk -F. '{ if ($1 > 4 || ($1 == 4 && $2 > 2) || ($1 == 4 && $2 == 3 && $3 >= 0)) exit 0; else exit 1; }' - exit $? - ;; - - hexaflexible) - java -jar "$SCRIPT_DIR"/cmdline.jar help encrypt | grep with-target-mode - exit $? - ;; - - *) - echo "Unknown feature: $2" - exit 2 - ;; - esac + case "$2" in + autoconfigure | ns_grants) + exit 0 + ;; + assertions) + java -jar "$SCRIPT_DIR"/cmdline.jar help encrypt | grep with-assertions + exit $? + ;; + assertion_verification) + java -jar "$SCRIPT_DIR"/cmdline.jar help decrypt | grep with-assertion-verification-keys + exit $? + ;; + kasallowlist) + java -jar "$SCRIPT_DIR"/cmdline.jar help decrypt | grep kas-allowlist + exit $? + ;; + ecwrap) + if java -jar "$SCRIPT_DIR"/cmdline.jar help encrypt | grep encap-key; then + # versions 0.7.6 and earlier used an older value for EC HKDF salt; check for 0.7.7 or later + java -jar "$SCRIPT_DIR"/cmdline.jar --version | jq -re .version | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 > 7) || ($1 == 0 && $2 == 7 && $3 >= 7)) exit 0; else exit 1; }' + exit $? + else + echo "ecwrap not supported" + exit 1 + fi + ;; + + hexless) + set -o pipefail + java -jar "$SCRIPT_DIR"/cmdline.jar --version | jq -re .tdfSpecVersion | awk -F. '{ if ($1 > 4 || ($1 == 4 && $2 > 2) || ($1 == 4 && $2 == 3 && $3 >= 0)) exit 0; else exit 1; }' + exit $? + ;; + + hexaflexible) + java -jar "$SCRIPT_DIR"/cmdline.jar help encrypt | grep with-target-mode + exit $? + ;; + + *) + echo "Unknown feature: $2" + exit 2 + ;; + esac fi args=( - "--client-id=$CLIENTID" - "--client-secret=$CLIENTSECRET" - "--plaintext" + "--client-id=$CLIENTID" + "--client-secret=$CLIENTSECRET" + "--plaintext" ) # when we added support for KAS allowlist, we changed the platform endpoint format to require scheme if java -jar "$SCRIPT_DIR"/cmdline.jar help decrypt | grep kas-allowlist; then - args+=("--platform-endpoint=$PLATFORMURL") + args+=("--platform-endpoint=$PLATFORMURL") else - args+=("--platform-endpoint=$PLATFORMENDPOINT") + args+=("--platform-endpoint=$PLATFORMENDPOINT") fi args+=("$1") if [ "$1" == "encrypt" ]; then - args+=("--kas-url=$KASURL") + args+=("--kas-url=$KASURL") - if [ "$XT_WITH_ECDSA_BINDING" == "true" ]; then - args+=(--ecdsa-binding) - fi + if [ "$XT_WITH_ECDSA_BINDING" == "true" ]; then + args+=(--ecdsa-binding) + fi - if [ "$XT_WITH_ECWRAP" == 'true' ]; then - args+=(--encap-key-type="ec:secp256r1") - fi + if [ "$XT_WITH_ECWRAP" == 'true' ]; then + args+=(--encap-key-type="ec:secp256r1") + fi - if [ "$XT_WITH_PLAINTEXT_POLICY" == "true" ]; then - args+=(--policy-type="plaintext") - fi + if [ "$XT_WITH_PLAINTEXT_POLICY" == "true" ]; then + args+=(--policy-type="plaintext") + fi else - if [ "$XT_WITH_ECWRAP" == 'true' ]; then - args+=(--rewrap-key-type="ec:secp256r1") - fi + if [ "$XT_WITH_ECWRAP" == 'true' ]; then + args+=(--rewrap-key-type="ec:secp256r1") + fi fi if [ "$1" == "decrypt" ]; then - if [ -n "$XT_WITH_KAS_ALLOW_LIST" ]; then - args+=(--kas-allowlist="$XT_WITH_KAS_ALLOW_LIST") - fi + if [ -n "$XT_WITH_KAS_ALLOW_LIST" ]; then + args+=(--kas-allowlist="$XT_WITH_KAS_ALLOW_LIST") + fi - if [ "$XT_WITH_IGNORE_KAS_ALLOWLIST" == "true" ]; then - args+=(--ignore-kas-allowlist=true) - fi + if [ "$XT_WITH_IGNORE_KAS_ALLOWLIST" == "true" ]; then + args+=(--ignore-kas-allowlist=true) + fi fi if [ -n "$XT_WITH_MIME_TYPE" ]; then - args+=(--mime-type "$XT_WITH_MIME_TYPE") + args+=(--mime-type "$XT_WITH_MIME_TYPE") fi if [ -n "$XT_WITH_ATTRIBUTES" ]; then - args+=(--attr "$XT_WITH_ATTRIBUTES") + args+=(--attr "$XT_WITH_ATTRIBUTES") fi if [ -n "$XT_WITH_ASSERTIONS" ]; then - args+=(--with-assertions "$XT_WITH_ASSERTIONS") + args+=(--with-assertions "$XT_WITH_ASSERTIONS") fi if [ -n "$XT_WITH_ASSERTION_VERIFICATION_KEYS" ]; then - args+=(--with-assertion-verification-keys "$XT_WITH_ASSERTION_VERIFICATION_KEYS") + args+=(--with-assertion-verification-keys "$XT_WITH_ASSERTION_VERIFICATION_KEYS") fi if [ "$XT_WITH_VERIFY_ASSERTIONS" == 'false' ]; then - args+=(--with-assertion-verification-disabled) + args+=(--with-assertion-verification-disabled) fi if [ -n "$XT_WITH_TARGET_MODE" ]; then - args+=(--with-target-mode "$XT_WITH_TARGET_MODE") + args+=(--with-target-mode "$XT_WITH_TARGET_MODE") fi echo java -jar "$SCRIPT_DIR"/cmdline.jar "${args[@]}" --file="$2" ">" "$3" -java -jar "$SCRIPT_DIR"/cmdline.jar "${args[@]}" --file="$2" >"$3" +java -jar "$SCRIPT_DIR"/cmdline.jar "${args[@]}" --file="$2" > "$3" diff --git a/xtest/sdk/js/cli.sh b/xtest/sdk/js/cli.sh index b73ddd8a..9536c08c 100755 --- a/xtest/sdk/js/cli.sh +++ b/xtest/sdk/js/cli.sh @@ -19,74 +19,74 @@ # XT_WITH_MIME_TYPE [string] - MIME type for the encrypted file # XT_WITH_TARGET_MODE [string] - Target spec mode for the encrypted file # -SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) +SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd) CTL=@opentdf/ctl if grep opentdf/cli "$SCRIPT_DIR/package.json"; then - CTL=@opentdf/cli + CTL=@opentdf/cli fi if [ "$1" == "supports" ]; then - if ! cd "$SCRIPT_DIR"; then - echo "failed: [cd $SCRIPT_DIR]" - exit 1 - fi - case "$2" in - assertions) - npx $CTL help | grep assertions - exit $? - ;; - assertion_verification) - npx $CTL help | grep assertionVerificationKeys - exit $? - ;; - autoconfigure | ns_grants) - npx $CTL help | grep autoconfigure - exit $? - ;; - kasallowlist) - npx $CTL help | grep 'from "/key-access-servers" endpoint' - exit $? - ;; - ecwrap) - if npx $CTL help | grep encapKeyType; then - # Claims to support ecwrap, but maybe with old salt? Look up version - npx $CTL --version | jq -re '.["@opentdf/sdk"]' | awk -F. '{ if ($1 > 2) exit 0; else exit 1; }' - exit $? - else - echo "ecwrap not supported" - exit 1 - fi - ;; - hexless) - set -o pipefail - npx $CTL --version | jq -re .tdfSpecVersion | awk -F. '{ if ($1 > 4 || ($1 == 4 && $2 > 2) || ($1 == 4 && $2 == 3 && $3 >= 0)) exit 0; else exit 1; }' - exit $? - ;; - hexaflexible) - npx $CTL help | grep tdfSpecVersion - exit $? - ;; - obligations) - # Obligations support from SDK version >= 0.6.0 - set -o pipefail - npx $CTL --version | jq -re '.["@opentdf/sdk"]' | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 >= 6)) exit 0; else exit 1; }' - exit $? - ;; - *) - echo "Unknown feature: $2" - exit 2 - ;; - esac + if ! cd "$SCRIPT_DIR"; then + echo "failed: [cd $SCRIPT_DIR]" + exit 1 + fi + case "$2" in + assertions) + npx $CTL help | grep assertions + exit $? + ;; + assertion_verification) + npx $CTL help | grep assertionVerificationKeys + exit $? + ;; + autoconfigure | ns_grants) + npx $CTL help | grep autoconfigure + exit $? + ;; + kasallowlist) + npx $CTL help | grep 'from "/key-access-servers" endpoint' + exit $? + ;; + ecwrap) + if npx $CTL help | grep encapKeyType; then + # Claims to support ecwrap, but maybe with old salt? Look up version + npx $CTL --version | jq -re '.["@opentdf/sdk"]' | awk -F. '{ if ($1 > 2) exit 0; else exit 1; }' + exit $? + else + echo "ecwrap not supported" + exit 1 + fi + ;; + hexless) + set -o pipefail + npx $CTL --version | jq -re .tdfSpecVersion | awk -F. '{ if ($1 > 4 || ($1 == 4 && $2 > 2) || ($1 == 4 && $2 == 3 && $3 >= 0)) exit 0; else exit 1; }' + exit $? + ;; + hexaflexible) + npx $CTL help | grep tdfSpecVersion + exit $? + ;; + obligations) + # Obligations support from SDK version >= 0.6.0 + set -o pipefail + npx $CTL --version | jq -re '.["@opentdf/sdk"]' | awk -F. '{ if ($1 > 0 || ($1 == 0 && $2 >= 6)) exit 0; else exit 1; }' + exit $? + ;; + *) + echo "Unknown feature: $2" + exit 2 + ;; + esac fi XTEST_DIR=$SCRIPT_DIR while [ "$XTEST_DIR" != "/" ]; do - if [ -d "$XTEST_DIR/xtest" ]; then - XTEST_DIR="$XTEST_DIR/xtest" - break - fi - XTEST_DIR=$(dirname "$XTEST_DIR") + if [ -d "$XTEST_DIR/xtest" ]; then + XTEST_DIR="$XTEST_DIR/xtest" + break + fi + XTEST_DIR=$(dirname "$XTEST_DIR") done # shellcheck disable=SC1091 @@ -96,105 +96,105 @@ src_file=$(realpath "$2") dst_file=$(realpath "$(dirname "$3")")/$(basename "$3") args=( - --output "$dst_file" - --kasEndpoint "$KASURL" - --oidcEndpoint "$KCFULLURL" - --auth opentdf:secret + --output "$dst_file" + --kasEndpoint "$KASURL" + --oidcEndpoint "$KCFULLURL" + --auth opentdf:secret ) args+=(--containerType tdf3) if [ -n "$XT_WITH_ATTRIBUTES" ]; then - attributes="$XT_WITH_ATTRIBUTES" - if [ -f "$attributes" ]; then - attributes=$(realpath "$attributes") - echo "Attributes are a file: $attributes" - args+=(--attributes "$attributes") - else - # Attributes are a comma separated list - echo "Attributes are: $attributes" - args+=(--attributes "$attributes") - fi + attributes="$XT_WITH_ATTRIBUTES" + if [ -f "$attributes" ]; then + attributes=$(realpath "$attributes") + echo "Attributes are a file: $attributes" + args+=(--attributes "$attributes") + else + # Attributes are a comma separated list + echo "Attributes are: $attributes" + args+=(--attributes "$attributes") + fi fi if [ -n "$XT_WITH_ASSERTIONS" ]; then - assertions="$XT_WITH_ASSERTIONS" - if [ -f "$assertions" ]; then - assertions=$(realpath "$assertions") - echo "Assertions are a file: $assertions" - args+=(--assertions "$assertions") - elif [ "$(echo "$assertions" | jq -e . >/dev/null 2>&1 && echo valid || echo invalid)" == "valid" ]; then - # Assertions are plain json - echo "Assertions are plain json: $assertions" - args+=(--assertions "$assertions") - else - echo "Invalid or missing assertion file: $assertions" - exit 1 - fi + assertions="$XT_WITH_ASSERTIONS" + if [ -f "$assertions" ]; then + assertions=$(realpath "$assertions") + echo "Assertions are a file: $assertions" + args+=(--assertions "$assertions") + elif [ "$(echo "$assertions" | jq -e . > /dev/null 2>&1 && echo valid || echo invalid)" == "valid" ]; then + # Assertions are plain json + echo "Assertions are plain json: $assertions" + args+=(--assertions "$assertions") + else + echo "Invalid or missing assertion file: $assertions" + exit 1 + fi fi if [ -n "$XT_WITH_ASSERTION_VERIFICATION_KEYS" ]; then - verification_keys="$XT_WITH_ASSERTION_VERIFICATION_KEYS" - if [ -f "$verification_keys" ]; then - verification_keys=$(realpath "$verification_keys") - echo "Verification keys are a file: $verification_keys" - args+=(--assertionVerificationKeys "$verification_keys") - else - echo "Invalid or missing verification keys file: $verification_keys" - exit 1 - fi + verification_keys="$XT_WITH_ASSERTION_VERIFICATION_KEYS" + if [ -f "$verification_keys" ]; then + verification_keys=$(realpath "$verification_keys") + echo "Verification keys are a file: $verification_keys" + args+=(--assertionVerificationKeys "$verification_keys") + else + echo "Invalid or missing verification keys file: $verification_keys" + exit 1 + fi fi if ! cd "$SCRIPT_DIR"; then - echo "failed: [cd $SCRIPT_DIR]" - exit 1 + echo "failed: [cd $SCRIPT_DIR]" + exit 1 fi if [ "$1" == "encrypt" ]; then - if npx $CTL help | grep autoconfigure; then - args+=(--policyEndpoint "$PLATFORMURL" --autoconfigure true) - fi - if [ -n "$XT_WITH_ECDSA_BINDING" ]; then - if [ "$XT_WITH_ECDSA_BINDING" == "true" ]; then - args+=(--policyBinding ecdsa) - fi - fi - if [ "$XT_WITH_ECWRAP" == 'true' ]; then - args+=(--encapKeyType "ec:secp256r1") - fi + if npx $CTL help | grep autoconfigure; then + args+=(--policyEndpoint "$PLATFORMURL" --autoconfigure true) + fi + if [ -n "$XT_WITH_ECDSA_BINDING" ]; then + if [ "$XT_WITH_ECDSA_BINDING" == "true" ]; then + args+=(--policyBinding ecdsa) + fi + fi + if [ "$XT_WITH_ECWRAP" == 'true' ]; then + args+=(--encapKeyType "ec:secp256r1") + fi - if [ "$XT_WITH_PLAINTEXT_POLICY" == "true" ]; then - args+=(--policyType plaintext) - fi - if [ -n "$XT_WITH_TARGET_MODE" ]; then - args+=(--tdfSpecVersion "$XT_WITH_TARGET_MODE") - fi + if [ "$XT_WITH_PLAINTEXT_POLICY" == "true" ]; then + args+=(--policyType plaintext) + fi + if [ -n "$XT_WITH_TARGET_MODE" ]; then + args+=(--tdfSpecVersion "$XT_WITH_TARGET_MODE") + fi - echo npx $CTL encrypt "$src_file" "${args[@]}" - npx $CTL encrypt "$src_file" "${args[@]}" + echo npx $CTL encrypt "$src_file" "${args[@]}" + npx $CTL encrypt "$src_file" "${args[@]}" elif [ "$1" == "decrypt" ]; then - if [ "$XT_WITH_VERIFY_ASSERTIONS" == 'false' ]; then - args+=(--noVerifyAssertions) - fi - if [ "$XT_WITH_ECWRAP" == 'true' ]; then - args+=(--rewrapKeyType "ec:secp256r1") - fi - if [ -n "$XT_WITH_KAS_ALLOW_LIST" ]; then - args+=(--allowList "$XT_WITH_KAS_ALLOW_LIST") - fi - if [ "$XT_WITH_IGNORE_KAS_ALLOWLIST" == "true" ]; then - args+=(--ignoreAllowList) - fi - # only ignore allowlist if the kas allowlist fetching from kas registry has not been implemented - if npx $CTL help | grep 'from "/key-access-servers" endpoint'; then - args+=(--policyEndpoint "$PLATFORMURL") - else - args+=(--ignoreAllowList) - fi + if [ "$XT_WITH_VERIFY_ASSERTIONS" == 'false' ]; then + args+=(--noVerifyAssertions) + fi + if [ "$XT_WITH_ECWRAP" == 'true' ]; then + args+=(--rewrapKeyType "ec:secp256r1") + fi + if [ -n "$XT_WITH_KAS_ALLOW_LIST" ]; then + args+=(--allowList "$XT_WITH_KAS_ALLOW_LIST") + fi + if [ "$XT_WITH_IGNORE_KAS_ALLOWLIST" == "true" ]; then + args+=(--ignoreAllowList) + fi + # only ignore allowlist if the kas allowlist fetching from kas registry has not been implemented + if npx $CTL help | grep 'from "/key-access-servers" endpoint'; then + args+=(--policyEndpoint "$PLATFORMURL") + else + args+=(--ignoreAllowList) + fi - echo npx $CTL decrypt "$src_file" "${args[@]}" - npx $CTL decrypt "$src_file" "${args[@]}" + echo npx $CTL decrypt "$src_file" "${args[@]}" + npx $CTL decrypt "$src_file" "${args[@]}" else - echo "Incorrect argument provided" - exit 1 + echo "Incorrect argument provided" + exit 1 fi diff --git a/xtest/sdk/scripts/checkout-all.sh b/xtest/sdk/scripts/checkout-all.sh index ca08fae8..3c416b81 100755 --- a/xtest/sdk/scripts/checkout-all.sh +++ b/xtest/sdk/scripts/checkout-all.sh @@ -2,11 +2,11 @@ # Checks out the latest `main` branch of each of the sdks under test # and builds them. -SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) +SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd) for sdk in go java js; do - if ! "$SCRIPT_DIR/checkout-sdk-branch.sh" "$sdk" main; then - echo "Failed to checkout $sdk main branch" - exit 1 - fi + if ! "$SCRIPT_DIR/checkout-sdk-branch.sh" "$sdk" main; then + echo "Failed to checkout $sdk main branch" + exit 1 + fi done diff --git a/xtest/sdk/scripts/checkout-sdk-branch.sh b/xtest/sdk/scripts/checkout-sdk-branch.sh index 40cfa91d..50a59296 100755 --- a/xtest/sdk/scripts/checkout-sdk-branch.sh +++ b/xtest/sdk/scripts/checkout-sdk-branch.sh @@ -5,8 +5,8 @@ # Example: ./checkout-sdk-branch.sh js main # Resolve script directory -SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) -XTEST_DIR=$(cd -- "$SCRIPT_DIR/../../" &>/dev/null && pwd) +SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd) +XTEST_DIR=$(cd -- "$SCRIPT_DIR/../../" &> /dev/null && pwd) # Parse arguments LANGUAGE=${1:-js} @@ -17,55 +17,55 @@ LOCAL_NAME=${BRANCH//\//--} # Strip well known prefixes for monorepo output if [[ $LOCAL_NAME == sdk--* ]]; then - LOCAL_NAME=${LOCAL_NAME#sdk--} + LOCAL_NAME=${LOCAL_NAME#sdk--} fi case "$LANGUAGE" in -js) - BARE_REPO_PATH="$XTEST_DIR/sdk/js/src/web-sdk.git" - WORKTREE_PATH="$XTEST_DIR/sdk/js/src/$LOCAL_NAME" - REPO_URL="https://github.com/opentdf/web-sdk" - ;; -java) - BARE_REPO_PATH="$XTEST_DIR/sdk/java/src/java-sdk.git" - WORKTREE_PATH="$XTEST_DIR/sdk/java/src/$LOCAL_NAME" - REPO_URL="https://github.com/opentdf/java-sdk" - ;; -go) - BARE_REPO_PATH="$XTEST_DIR/sdk/go/src/otdfctl.git" - WORKTREE_PATH="$XTEST_DIR/sdk/go/src/$LOCAL_NAME" - REPO_URL="https://github.com/opentdf/otdfctl" - ;; -*) - echo "Error: Unsupported language '$LANGUAGE'. Supported values are 'js', 'java', or 'go'." >&2 - exit 1 - ;; + js) + BARE_REPO_PATH="$XTEST_DIR/sdk/js/src/web-sdk.git" + WORKTREE_PATH="$XTEST_DIR/sdk/js/src/$LOCAL_NAME" + REPO_URL="https://github.com/opentdf/web-sdk" + ;; + java) + BARE_REPO_PATH="$XTEST_DIR/sdk/java/src/java-sdk.git" + WORKTREE_PATH="$XTEST_DIR/sdk/java/src/$LOCAL_NAME" + REPO_URL="https://github.com/opentdf/java-sdk" + ;; + go) + BARE_REPO_PATH="$XTEST_DIR/sdk/go/src/otdfctl.git" + WORKTREE_PATH="$XTEST_DIR/sdk/go/src/$LOCAL_NAME" + REPO_URL="https://github.com/opentdf/otdfctl" + ;; + *) + echo "Error: Unsupported language '$LANGUAGE'. Supported values are 'js', 'java', or 'go'." >&2 + exit 1 + ;; esac # Function to execute a command and handle errors run_command() { - "$@" - local status=$? - if [[ $status -ne 0 ]]; then - echo "Error: Command '$*' failed." >&2 - exit $status - fi + "$@" + local status=$? + if [[ $status -ne 0 ]]; then + echo "Error: Command '$*' failed." >&2 + exit $status + fi } # Clone the repository as bare if it doesn't exist if [[ ! -d $BARE_REPO_PATH ]]; then - echo "Cloning $REPO_URL as a bare repository into $BARE_REPO_PATH..." - run_command git clone --bare "$REPO_URL" "$BARE_REPO_PATH" + echo "Cloning $REPO_URL as a bare repository into $BARE_REPO_PATH..." + run_command git clone --bare "$REPO_URL" "$BARE_REPO_PATH" else - echo "Bare repository already exists at $BARE_REPO_PATH. Fetching updates..." - run_command git --git-dir="$BARE_REPO_PATH" fetch --all + echo "Bare repository already exists at $BARE_REPO_PATH. Fetching updates..." + run_command git --git-dir="$BARE_REPO_PATH" fetch --all fi # Check if the worktree for the specified branch exists if [[ -d $WORKTREE_PATH ]]; then - echo "Worktree for branch '$BRANCH' already exists at $WORKTREE_PATH. Updating..." - run_command git --git-dir="$BARE_REPO_PATH" --work-tree="$WORKTREE_PATH" pull origin "$BRANCH" + echo "Worktree for branch '$BRANCH' already exists at $WORKTREE_PATH. Updating..." + run_command git --git-dir="$BARE_REPO_PATH" --work-tree="$WORKTREE_PATH" pull origin "$BRANCH" else - echo "Setting up worktree for branch '$BRANCH' at $WORKTREE_PATH..." - run_command git --git-dir="$BARE_REPO_PATH" worktree add "$WORKTREE_PATH" "$BRANCH" + echo "Setting up worktree for branch '$BRANCH' at $WORKTREE_PATH..." + run_command git --git-dir="$BARE_REPO_PATH" worktree add "$WORKTREE_PATH" "$BRANCH" fi diff --git a/xtest/sdk/scripts/cleanup-all.sh b/xtest/sdk/scripts/cleanup-all.sh index 8aa5095e..d125be04 100755 --- a/xtest/sdk/scripts/cleanup-all.sh +++ b/xtest/sdk/scripts/cleanup-all.sh @@ -1,17 +1,17 @@ #!/bin/bash # Removes the checked out branches of each of the sdks under test -SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) +SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd) for sdk in go java js; do - rm -rf "$SCRIPT_DIR/../$sdk/dist" - for branch in "$SCRIPT_DIR/../${sdk}/src/"*; do - # Check if the path ends with .git - if [[ $branch == *.git ]]; then - continue - fi - if [ -d "$branch" ]; then - rm -rf "$branch" - fi - done + rm -rf "$SCRIPT_DIR/../$sdk/dist" + for branch in "$SCRIPT_DIR/../${sdk}/src/"*; do + # Check if the path ends with .git + if [[ $branch == *.git ]]; then + continue + fi + if [ -d "$branch" ]; then + rm -rf "$branch" + fi + done done diff --git a/xtest/sdk/scripts/post-checkout-java.sh b/xtest/sdk/scripts/post-checkout-java.sh index c5ffe7e8..0c45de21 100755 --- a/xtest/sdk/scripts/post-checkout-java.sh +++ b/xtest/sdk/scripts/post-checkout-java.sh @@ -5,89 +5,89 @@ # on older branches that do not have it defined. # Base directory for the script -SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) +SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd) BASE_DIR="$SCRIPT_DIR/../java/src" # Detect the operating system to use the correct sed syntax if [[ "$(uname)" == "Darwin" ]]; then - SED_CMD="sed -i ''" + SED_CMD="sed -i ''" else - SED_CMD="sed -i" + SED_CMD="sed -i" fi # Map Java SDK version to compatible platform protocol branch # Must match the mappings in resolve-version.py get_platform_branch() { - local version="$1" - case "$version" in - 0.7.8 | 0.7.7) echo "protocol/go/v0.2.29" ;; - 0.7.6) echo "protocol/go/v0.2.25" ;; - 0.7.5 | 0.7.4) echo "protocol/go/v0.2.18" ;; - 0.7.3 | 0.7.2) echo "protocol/go/v0.2.17" ;; - 0.6.1 | 0.6.0) echo "protocol/go/v0.2.14" ;; - 0.5.0) echo "protocol/go/v0.2.13" ;; - 0.4.0 | 0.3.0 | 0.2.0) echo "protocol/go/v0.2.10" ;; - 0.1.0) echo "protocol/go/v0.2.3" ;; - *) echo "main" ;; # Default to main for unknown/newer versions - esac - return 0 + local version="$1" + case "$version" in + 0.7.8 | 0.7.7) echo "protocol/go/v0.2.29" ;; + 0.7.6) echo "protocol/go/v0.2.25" ;; + 0.7.5 | 0.7.4) echo "protocol/go/v0.2.18" ;; + 0.7.3 | 0.7.2) echo "protocol/go/v0.2.17" ;; + 0.6.1 | 0.6.0) echo "protocol/go/v0.2.14" ;; + 0.5.0) echo "protocol/go/v0.2.13" ;; + 0.4.0 | 0.3.0 | 0.2.0) echo "protocol/go/v0.2.10" ;; + 0.1.0) echo "protocol/go/v0.2.3" ;; + *) echo "main" ;; # Default to main for unknown/newer versions + esac + return 0 } # Loop through all subdirectories in the base directory find "$BASE_DIR" -mindepth 1 -maxdepth 1 -type d -not -name "*.git" | while read -r SRC_DIR; do - POM_FILE="$SRC_DIR/sdk/pom.xml" + POM_FILE="$SRC_DIR/sdk/pom.xml" - # Skip if path or file does not exist - if [[ ! -f $POM_FILE ]]; then - echo "No pom.xml file found in $SRC_DIR, skipping." - continue - fi + # Skip if path or file does not exist + if [[ ! -f $POM_FILE ]]; then + echo "No pom.xml file found in $SRC_DIR, skipping." + continue + fi - # Extract version from directory name (e.g., "v0.7.5" -> "0.7.5", "main" -> "main") - DIR_NAME=$(basename "$SRC_DIR") - VERSION="${DIR_NAME#v}" # Remove leading 'v' if present - PLATFORM_BRANCH=$(get_platform_branch "$VERSION") + # Extract version from directory name (e.g., "v0.7.5" -> "0.7.5", "main" -> "main") + DIR_NAME=$(basename "$SRC_DIR") + VERSION="${DIR_NAME#v}" # Remove leading 'v' if present + PLATFORM_BRANCH=$(get_platform_branch "$VERSION") - # Check if the correct platform.branch is already set - if grep -q "$PLATFORM_BRANCH" "$POM_FILE"; then - echo "platform.branch already set to $PLATFORM_BRANCH in $POM_FILE, skipping." - continue - fi + # Check if the correct platform.branch is already set + if grep -q "$PLATFORM_BRANCH" "$POM_FILE"; then + echo "platform.branch already set to $PLATFORM_BRANCH in $POM_FILE, skipping." + continue + fi - # If we don't have a specific mapping for this version (defaults to "main"), - # check if the pom.xml already has a valid protocol/go branch set - don't overwrite it - if [[ "$PLATFORM_BRANCH" == "main" ]]; then - if grep -q "protocol/go/" "$POM_FILE"; then - EXISTING_BRANCH=$(grep -o "[^<]*" "$POM_FILE" | sed 's/<[^>]*>//g') - echo "platform.branch already set to $EXISTING_BRANCH in $POM_FILE (no mapping for version $VERSION), skipping." - continue - fi - fi + # If we don't have a specific mapping for this version (defaults to "main"), + # check if the pom.xml already has a valid protocol/go branch set - don't overwrite it + if [[ "$PLATFORM_BRANCH" == "main" ]]; then + if grep -q "protocol/go/" "$POM_FILE"; then + EXISTING_BRANCH=$(grep -o "[^<]*" "$POM_FILE" | sed 's/<[^>]*>//g') + echo "platform.branch already set to $EXISTING_BRANCH in $POM_FILE (no mapping for version $VERSION), skipping." + continue + fi + fi - echo "Updating $POM_FILE (version=$VERSION, platform.branch=$PLATFORM_BRANCH)..." + echo "Updating $POM_FILE (version=$VERSION, platform.branch=$PLATFORM_BRANCH)..." - # Check if platform.branch property exists (possibly with wrong value) - if grep -q "" "$POM_FILE"; then - # Replace existing platform.branch value with the correct one - $SED_CMD "s|[^<]*|$PLATFORM_BRANCH|g" "$POM_FILE" - echo "Updated existing platform.branch to $PLATFORM_BRANCH in $POM_FILE" - else - # Add the platform.branch property to the section - $SED_CMD "//a \\ + # Check if platform.branch property exists (possibly with wrong value) + if grep -q "" "$POM_FILE"; then + # Replace existing platform.branch value with the correct one + $SED_CMD "s|[^<]*|$PLATFORM_BRANCH|g" "$POM_FILE" + echo "Updated existing platform.branch to $PLATFORM_BRANCH in $POM_FILE" + else + # Add the platform.branch property to the section + $SED_CMD "//a \\ $PLATFORM_BRANCH" "$POM_FILE" - # Only replace branch=main if the property now exists (sed above may have failed silently if no section) - if grep -q "" "$POM_FILE"; then - # Replace hardcoded branch=main with branch=${platform.branch} in the maven-antrun-plugin configuration - # shellcheck disable=SC2016 # Literal $; it is for a variable expansion in the maven file - $SED_CMD 's/branch=main/branch=${platform.branch}/g' "$POM_FILE" - echo "Added platform.branch=$PLATFORM_BRANCH and updated branch references in $POM_FILE" - else - # No section exists, directly replace branch=main with the actual branch value - $SED_CMD "s|branch=main|branch=$PLATFORM_BRANCH|g" "$POM_FILE" - echo "No section, directly replaced branch=main with branch=$PLATFORM_BRANCH in $POM_FILE" - fi - fi + # Only replace branch=main if the property now exists (sed above may have failed silently if no section) + if grep -q "" "$POM_FILE"; then + # Replace hardcoded branch=main with branch=${platform.branch} in the maven-antrun-plugin configuration + # shellcheck disable=SC2016 # Literal $; it is for a variable expansion in the maven file + $SED_CMD 's/branch=main/branch=${platform.branch}/g' "$POM_FILE" + echo "Added platform.branch=$PLATFORM_BRANCH and updated branch references in $POM_FILE" + else + # No section exists, directly replace branch=main with the actual branch value + $SED_CMD "s|branch=main|branch=$PLATFORM_BRANCH|g" "$POM_FILE" + echo "No section, directly replaced branch=main with branch=$PLATFORM_BRANCH in $POM_FILE" + fi + fi done echo "Update complete." From 1a0aa465960124da9efec786ada4fe3260ed723b Mon Sep 17 00:00:00 2001 From: David Mihalcik Date: Thu, 12 Feb 2026 21:36:53 -0500 Subject: [PATCH 4/4] chore: remove space_redirects option from shfmt config Remove space_redirects from .editorconfig and reformat shell scripts to use compact redirect syntax (e.g., &>/dev/null instead of &> /dev/null). Co-Authored-By: Claude Sonnet 4.5 --- .editorconfig | 3 --- xtest/sdk/go/cli.sh | 2 +- xtest/sdk/go/otdfctl.sh | 2 +- xtest/sdk/java/cli.sh | 4 ++-- xtest/sdk/js/cli.sh | 4 ++-- xtest/sdk/scripts/checkout-all.sh | 2 +- xtest/sdk/scripts/checkout-sdk-branch.sh | 4 ++-- xtest/sdk/scripts/cleanup-all.sh | 2 +- xtest/sdk/scripts/post-checkout-java.sh | 2 +- 9 files changed, 11 insertions(+), 14 deletions(-) diff --git a/.editorconfig b/.editorconfig index 66818d8e..edb53ee5 100644 --- a/.editorconfig +++ b/.editorconfig @@ -18,9 +18,6 @@ binary_next_line = false # Switch case indentation switch_case_indent = true -# Redirect operators with space -space_redirects = true - # Keep column alignment keep_padding = true diff --git a/xtest/sdk/go/cli.sh b/xtest/sdk/go/cli.sh index 5afff0d1..aefa8749 100755 --- a/xtest/sdk/go/cli.sh +++ b/xtest/sdk/go/cli.sh @@ -18,7 +18,7 @@ # XT_WITH_ATTRIBUTES [string] - Attributes to be used for encryption # XT_WITH_MIME_TYPE [string] - MIME type for the encrypted file # -SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd) +SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) cmd=("$SCRIPT_DIR"/otdfctl) if [ ! -f "$SCRIPT_DIR"/otdfctl ]; then diff --git a/xtest/sdk/go/otdfctl.sh b/xtest/sdk/go/otdfctl.sh index c32ac1ad..82c6dd50 100755 --- a/xtest/sdk/go/otdfctl.sh +++ b/xtest/sdk/go/otdfctl.sh @@ -5,7 +5,7 @@ # # Usage: ./otdfctl.sh [otdfctl options] # -SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd) +SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) XTEST_DIR="$SCRIPT_DIR" while [ ! -f "$XTEST_DIR/test.env" ] && [ "$(basename "$XTEST_DIR")" != "xtest" ]; do diff --git a/xtest/sdk/java/cli.sh b/xtest/sdk/java/cli.sh index 1266d7b4..44974444 100755 --- a/xtest/sdk/java/cli.sh +++ b/xtest/sdk/java/cli.sh @@ -19,7 +19,7 @@ # XT_WITH_MIME_TYPE [string] - MIME type for the encrypted file # XT_WITH_TARGET_MODE [string] - Target spec mode for the encrypted file # -SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd) +SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) XTEST_DIR="$SCRIPT_DIR" while [ ! -f "$XTEST_DIR/test.env" ] && [ "$(basename "$XTEST_DIR")" != "xtest" ]; do @@ -150,4 +150,4 @@ if [ -n "$XT_WITH_TARGET_MODE" ]; then fi echo java -jar "$SCRIPT_DIR"/cmdline.jar "${args[@]}" --file="$2" ">" "$3" -java -jar "$SCRIPT_DIR"/cmdline.jar "${args[@]}" --file="$2" > "$3" +java -jar "$SCRIPT_DIR"/cmdline.jar "${args[@]}" --file="$2" >"$3" diff --git a/xtest/sdk/js/cli.sh b/xtest/sdk/js/cli.sh index 9536c08c..175e0e15 100755 --- a/xtest/sdk/js/cli.sh +++ b/xtest/sdk/js/cli.sh @@ -19,7 +19,7 @@ # XT_WITH_MIME_TYPE [string] - MIME type for the encrypted file # XT_WITH_TARGET_MODE [string] - Target spec mode for the encrypted file # -SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd) +SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) CTL=@opentdf/ctl if grep opentdf/cli "$SCRIPT_DIR/package.json"; then @@ -123,7 +123,7 @@ if [ -n "$XT_WITH_ASSERTIONS" ]; then assertions=$(realpath "$assertions") echo "Assertions are a file: $assertions" args+=(--assertions "$assertions") - elif [ "$(echo "$assertions" | jq -e . > /dev/null 2>&1 && echo valid || echo invalid)" == "valid" ]; then + elif [ "$(echo "$assertions" | jq -e . >/dev/null 2>&1 && echo valid || echo invalid)" == "valid" ]; then # Assertions are plain json echo "Assertions are plain json: $assertions" args+=(--assertions "$assertions") diff --git a/xtest/sdk/scripts/checkout-all.sh b/xtest/sdk/scripts/checkout-all.sh index 3c416b81..c9cbbea9 100755 --- a/xtest/sdk/scripts/checkout-all.sh +++ b/xtest/sdk/scripts/checkout-all.sh @@ -2,7 +2,7 @@ # Checks out the latest `main` branch of each of the sdks under test # and builds them. -SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd) +SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) for sdk in go java js; do if ! "$SCRIPT_DIR/checkout-sdk-branch.sh" "$sdk" main; then diff --git a/xtest/sdk/scripts/checkout-sdk-branch.sh b/xtest/sdk/scripts/checkout-sdk-branch.sh index 50a59296..55823145 100755 --- a/xtest/sdk/scripts/checkout-sdk-branch.sh +++ b/xtest/sdk/scripts/checkout-sdk-branch.sh @@ -5,8 +5,8 @@ # Example: ./checkout-sdk-branch.sh js main # Resolve script directory -SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd) -XTEST_DIR=$(cd -- "$SCRIPT_DIR/../../" &> /dev/null && pwd) +SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) +XTEST_DIR=$(cd -- "$SCRIPT_DIR/../../" &>/dev/null && pwd) # Parse arguments LANGUAGE=${1:-js} diff --git a/xtest/sdk/scripts/cleanup-all.sh b/xtest/sdk/scripts/cleanup-all.sh index d125be04..4614676e 100755 --- a/xtest/sdk/scripts/cleanup-all.sh +++ b/xtest/sdk/scripts/cleanup-all.sh @@ -1,7 +1,7 @@ #!/bin/bash # Removes the checked out branches of each of the sdks under test -SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd) +SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) for sdk in go java js; do rm -rf "$SCRIPT_DIR/../$sdk/dist" diff --git a/xtest/sdk/scripts/post-checkout-java.sh b/xtest/sdk/scripts/post-checkout-java.sh index 0c45de21..18a18d3b 100755 --- a/xtest/sdk/scripts/post-checkout-java.sh +++ b/xtest/sdk/scripts/post-checkout-java.sh @@ -5,7 +5,7 @@ # on older branches that do not have it defined. # Base directory for the script -SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd) +SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) BASE_DIR="$SCRIPT_DIR/../java/src" # Detect the operating system to use the correct sed syntax