From 6c8aa65346cc49b420d677f56066718cd169bf8a Mon Sep 17 00:00:00 2001 From: Alexander Schwartz Date: Fri, 26 Jul 2024 12:38:06 +0200 Subject: [PATCH] All CURL commands should check the HTTP response code (#31602) Closes #31598 Signed-off-by: Alexander Schwartz --- .../ansible/roles/aws_ec2/tasks/create-resources.yml | 2 +- .github/scripts/snyk-report.sh | 8 ++++---- distribution/licenses-common/download-license-files.sh | 4 ++-- operator/scripts/install-olm.sh | 2 +- quarkus/set-quarkus-version.sh | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/scripts/ansible/roles/aws_ec2/tasks/create-resources.yml b/.github/scripts/ansible/roles/aws_ec2/tasks/create-resources.yml index 453ff2fef5..62666e8438 100644 --- a/.github/scripts/ansible/roles/aws_ec2/tasks/create-resources.yml +++ b/.github/scripts/ansible/roles/aws_ec2/tasks/create-resources.yml @@ -1,5 +1,5 @@ - name: Get Ansible Control Host's public IP - shell: curl -ks --ipv4 https://ifconfig.me + shell: curl -fks --ipv4 https://ifconfig.me register: control_host_ip no_log: "{{ no_log_sensitive }}" diff --git a/.github/scripts/snyk-report.sh b/.github/scripts/snyk-report.sh index 5630d94107..4c094c6ce3 100755 --- a/.github/scripts/snyk-report.sh +++ b/.github/scripts/snyk-report.sh @@ -14,7 +14,7 @@ check_github_issue_exists() { # Extract the CVE ID local CVE_ID=$(echo "$issue_title" | grep -oE '(CVE-[0-9]{4}-[0-9]{4,7}|SNYK-[A-Z]+-[A-Z0-9]+-[0-9]{4,7})') local search_url="https://api.github.com/search/issues?q=$CVE_ID+is%3Aissue+sort%3Aupdated-desc+repo:$KEYCLOAK_REPO" - local response=$(curl -s -H "Authorization: token $GITHUB_TOKEN" -H "Accept: application/vnd.github.v3+json" "$search_url") + local response=$(curl -f -s -H "Authorization: token $GITHUB_TOKEN" -H "Accept: application/vnd.github.v3+json" "$search_url") local count=$(echo "$response" | jq '.total_count') # Check for bad credentials @@ -52,7 +52,7 @@ create_github_issue() { local api_url="https://api.github.com/repos/$KEYCLOAK_REPO/issues" local data=$(jq -n --arg title "$title" --arg body "$body" --arg branch "backport/$BRANCH_NAME" \ '{title: $title, body: $body, labels: ["status/triage", "kind/cve", "kind/bug", $branch]}') - local response=$(curl -s -w "%{http_code}" -X POST -H "Authorization: token $GITHUB_TOKEN" -H "Content-Type: application/json" -d "$data" "$api_url") + local response=$(curl -f -s -w "%{http_code}" -X POST -H "Authorization: token $GITHUB_TOKEN" -H "Content-Type: application/json" -d "$data" "$api_url") local http_code=$(echo "$response" | tail -n1) if [[ $http_code -eq 201 ]]; then @@ -67,11 +67,11 @@ create_github_issue() { update_github_issue() { local issue_id="$1" local api_url="https://api.github.com/repos/$KEYCLOAK_REPO/issues/$issue_id" - local existing_labels=$(curl -s -H "Authorization: token $GITHUB_TOKEN" -H "Accept: application/vnd.github.v3+json" "$api_url" | jq '.labels | .[].name' | jq -s .) + local existing_labels=$(curl -f -s -H "Authorization: token $GITHUB_TOKEN" -H "Accept: application/vnd.github.v3+json" "$api_url" | jq '.labels | .[].name' | jq -s .) local new_label="backport/$BRANCH_NAME" local updated_labels=$(echo "$existing_labels" | jq --arg new_label "$new_label" '. + [$new_label] | unique') local data=$(jq -n --argjson labels "$updated_labels" '{labels: $labels}') - local response=$(curl -s -w "%{http_code}" -X PATCH -H "Authorization: token $GITHUB_TOKEN" -H "Content-Type: application/json" -d "$data" "$api_url") + local response=$(curl -f -s -w "%{http_code}" -X PATCH -H "Authorization: token $GITHUB_TOKEN" -H "Content-Type: application/json" -d "$data" "$api_url") local http_code=$(echo "$response" | tail -n1) if [[ $http_code -eq 200 ]]; then diff --git a/distribution/licenses-common/download-license-files.sh b/distribution/licenses-common/download-license-files.sh index 1b3089043e..9e9efddf60 100755 --- a/distribution/licenses-common/download-license-files.sh +++ b/distribution/licenses-common/download-license-files.sh @@ -64,7 +64,7 @@ do # Windows won't like it if : is used as a separator filename="$groupid,$artifactid,$version,$name.txt" echo "$filename" - curl -LsS -o "$output_dir/$filename" "$url" + curl -LfsS -o "$output_dir/$filename" "$url" done xmlstarlet sel -T -t -m "/licenseSummary/others/other/licenses/license" -v "../../description/text()" -o $'\t' -v "name/text()" -o $'\t' -v "url/text()" --nl "$xml" | \ @@ -73,7 +73,7 @@ do # Windows won't like it if : is used as a separator filename="$description,$name.txt" echo "$filename" - curl -LsS -o "$output_dir/$filename" "$url" + curl -LfsS -o "$output_dir/$filename" "$url" done echo "==> Normalizing license line endings" >&2 diff --git a/operator/scripts/install-olm.sh b/operator/scripts/install-olm.sh index 02c3acd31f..ba945182de 100755 --- a/operator/scripts/install-olm.sh +++ b/operator/scripts/install-olm.sh @@ -2,6 +2,6 @@ set -euxo pipefail mkdir -p /tmp/olm/ -curl -L https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.26.0/install.sh -o /tmp/olm/install.sh +curl -f -L https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.26.0/install.sh -o /tmp/olm/install.sh chmod +x /tmp/olm/install.sh /tmp/olm/install.sh v0.26.0 diff --git a/quarkus/set-quarkus-version.sh b/quarkus/set-quarkus-version.sh index a30b694826..78f9f8009c 100755 --- a/quarkus/set-quarkus-version.sh +++ b/quarkus/set-quarkus-version.sh @@ -46,7 +46,7 @@ if ! $(curl --output /dev/null --silent --head --fail "$QUARKUS_BOM_URL"); then exit 1 fi -QUARKUS_BOM=$(curl -s "$QUARKUS_BOM_URL") +QUARKUS_BOM=$(curl -f -s "$QUARKUS_BOM_URL") echo "Setting Quarkus version: $QUARKUS_VERSION" $(mvn versions:set-property -f ../pom.xml -Dproperty=quarkus.version,quarkus.build.version -DnewVersion="$QUARKUS_VERSION" 1> /dev/null)