Turn on bash strict mode everywhere, and fix for bash 4/linux

(( count_match++ )) exits with a failure the first time through the loop, tripping -e Use the set-if-not-set operator to set default values Make sure $1 is set to a sane value before loading it
snebel29 · Jun 29, 2017 · 6cf7c8c · 6cf7c8c
1 parent a9a525d
commit 6cf7c8c
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 28 deletions.
diff --git a/install-binary.sh b/install-binary.sh
@@ -1,5 +1,7 @@
 #!/usr/bin/env bash
 
+set -ueo pipefail
+
 SOPS_VERSION="2.0.9"
 SOPS_DEB_URL="https://go.mozilla.org/sops/dist/sops_${SOPS_VERSION}_amd64.deb"
 SOPS_DEB_SHA="fdc3559d6f16a54ec1d54d4a0aa1d7a3d273207ec78a37f9869dd2a1b32f5292"

diff --git a/secrets.sh b/secrets.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-set -eu
+set -ueo pipefail
 
 usage() {
 cat << EOF
@@ -168,7 +168,7 @@ encrypt_helper() {
     if [ "$(echo "$yml" | grep -F "$sops_config_path")" ];
          then
             matched_dir=$sops_config_path
-            (( count_match++ ))
+            (( ++count_match ))
     fi
   done < <(find . -type f -name ".sops.yaml" -exec dirname {} \; | sed -e 's/\.\///g')
   SOPS_CONF_PATH="$matched_dir/${SOPS_CONF_FILE}"

diff --git a/wrapper.sh b/wrapper.sh
@@ -1,21 +1,17 @@
 #!/usr/bin/env bash
 
+set -ueo pipefail
+
 # colors
 RED='\033[0;31m'
 #GREEN='\033[0;32m'
 BLUE='\033[0;34m'
 YELLOW='\033[1;33m'
 NOC='\033[0m'
 
-# set you own options
-if [ ! "${DECRYPT_CHARTS}" ];
-then
-    DECRYPT_CHARTS=false
-fi
-if [ ! "${KMS_USE}" ];
-then
-    KMS_USE=true
-fi
+# set your own options
+: ${DECRYPT_CHARTS:=false}
+: ${KMS_USE:=true}
 
 MATCH_ARGS="[-.*]"
 MATCH_FILES_ARGS=".*secrets.y*"
@@ -25,6 +21,8 @@ COUNT_FILES_FAILED=0
 COUNT_CHART=0
 COUNT_FILES=0
 
+CURRENT_COMMAND="${1:-}"
+
 case "$0" in
     helm-wrapper)
         WRAPPER_PATH="$(command -v helm-wrapper)"
@@ -48,9 +46,9 @@ decrypt_chart() {
           fi
           echo -e "${YELLOW}>>>>>>${NOC} ${BLUE}Dependencies build and package${NOC}"
           "$HELM_CMD" dep build "$chart" && "$HELM_CMD" package "$chart"
-          (( COUNT_CHART++ ))
+          (( ++COUNT_CHART ))
       else
-          (( COUNT_CHART_FAILED++ ))
+          (( ++COUNT_CHART_FAILED ))
           return
       fi
   fi
@@ -69,26 +67,26 @@ decrypt_helm_vars() {
       then
           echo -e "${YELLOW}>>>>>>${NOC} ${BLUE}Decrypt${NOC}"
           "$HELM_CMD" secrets dec "$file"
-          (( COUNT_FILES++ ))
+          (( ++COUNT_FILES ))
       else
-          (( COUNT_FILES_FAILED++ ))
+          (( ++COUNT_FILES_FAILED ))
           return
     fi
   fi
 }
 
 function cleanup {
-if [ "$1" == "install" ] || [ "$1" == "upgrade" ] || [ "$1" == "rollback" ];
-then
-    echo -e "${YELLOW}>>>>>>${NOC} ${BLUE}Cleanup${NOC}"
-    for file in "${@}"
+  case "${CURRENT_COMMAND}" in
+    install|upgrade|rollback)
+      echo -e "${YELLOW}>>>>>>${NOC} ${BLUE}Cleanup${NOC}"
+      for file in "${@}";
       do
         if [[ "$file" =~ $MATCH_FILES_ARGS ]];
         then
           "$HELM_CMD" secrets clean "${file}${DEC_SUFFIX}"
         fi
       done
-fi
+  esac
 }
 
 function helm_cmd {
@@ -106,14 +104,15 @@ function helm_cmd {
     fi
 }
 
-if [ "$1" == "install" ] || [ "$1" == "upgrade" ] || [ "$1" == "rollback" ];
-  then
-    for file in "$@"
-      do
-         decrypt_helm_vars "$file"
-         decrypt_chart "$file"
-    done
-fi
+case "${CURRENT_COMMAND}" in
+    install|upgrade|rollback)
+        for file in "$@"
+          do
+             decrypt_helm_vars "$file"
+             decrypt_chart "$file"
+        done
+        ;;
+esac
 
 if [ "$COUNT_CHART" -eq 0 ] && [ "$COUNT_FILES" -eq 0 ] && [ "$COUNT_CHART_FAILED" -gt 0 ] && [ "$COUNT_FILES_FAILED" -gt 0 ];
 then