Commit 8c4b8233 authored by Hugh Davenport's avatar Hugh Davenport

Add security target for Makefile

It will push a draft patch, and add the security team to the reviewers
list.

Change-Id: Icdc4672abaae327db2066c74ff7b484623de5a4f
Signed-off-by: 's avatarHugh Davenport <hugh@catalyst.net.nz>
parent 63395f24
......@@ -19,10 +19,30 @@ minaccept:
jenkinsaccept: minaccept
@find ./ ! -path './.git/*' -type f | xargs clamscan > /dev/null && echo All good!
push: minaccept
sshargs := $(shell git config --get remote.gerrit.url | sed -re 's~^ssh://([^@]*)@([^:]*):([0-9]*)/mahara~-p \3 -l \1 \2~')
mergebase := $(shell git merge-base HEAD master)
sha1chain := $(shell git log $(mergebase)..HEAD --pretty=format:%H | xargs)
changeidchain := $(shell git log $(mergebase)..HEAD --pretty=format:%b | grep '^Change-Id:' | cut -d' ' -f2)
securitycheck:
@if ssh $(sshargs) gerrit query --format TEXT -- $(shell echo $(sha1chain) $(changeidchain) | sed -e 's/ / OR /g') | grep 'status: DRAFT' >/dev/null; then \
echo "This change has drafts in the chain. Please use make security instead"; \
false; \
fi
push: securitycheck minaccept
@echo "Pushing the change upstream..."
@if test -z "$(TAG)"; then \
git push gerrit HEAD:refs/publish/master; \
else \
git push gerrit HEAD:refs/publish/master/$(TAG); \
fi
security: minaccept
@echo "Pushing the SECURITY change upstream..."
@if test -z "$(TAG)"; then \
git push gerrit HEAD:refs/drafts/master; \
else \
git push gerrit HEAD:refs/drafts/master/$(TAG); \
fi
ssh $(sshargs) gerrit set-reviewers --add \"Mahara Security Managers\" -- $(sha1chain)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment