diff --git a/assets/check b/assets/check index fe6980c..0cd71d8 100755 --- a/assets/check +++ b/assets/check @@ -4,26 +4,27 @@ set -e -# parse incoming config data -payload=`cat` -bucket=$(echo "$payload" | jq -r '.source.bucket') -prefix="$(echo "$payload" | jq -r '.source.path // ""')" - -# export for `aws` cli -AWS_ACCESS_KEY_ID=$(echo "$payload" | jq -r '.source.access_key_id // empty') -AWS_SECRET_ACCESS_KEY=$(echo "$payload" | jq -r '.source.secret_access_key // empty') -AWS_DEFAULT_REGION=$(echo "$payload" | jq -r '.source.region // empty') +payload=$(cat) +bucket=$(printf '%s\n' "$payload" | jq -r '.source.bucket // ""') +path=$(printf '%s\n' "$payload" | jq -r '.source.path // ""') +AWS_ACCESS_KEY_ID=$(printf '%s\n' "$payload" | jq -r '.source.access_key_id // ""') +AWS_SECRET_ACCESS_KEY=$(printf '%s\n' "$payload" | jq -r '.source.secret_access_key // ""') +AWS_DEFAULT_REGION=$(printf '%s\n' "$payload" | jq -r '.source.region // ""') # Due to precedence rules, must be unset to support AWS IAM Roles. if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ]; then - export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID - export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY + export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY fi # Export AWS_DEFAULT_REGION if set [ -n "$AWS_DEFAULT_REGION" ] && export AWS_DEFAULT_REGION # Consider the most recent LastModified timestamp as the most recent version. -timestamps=$(aws s3api list-objects --bucket $bucket --prefix "$prefix" --query 'Contents[].{LastModified: LastModified}') -recent="$(echo $timestamps | jq -r 'max_by(.LastModified)')" -echo "[$recent]" +timestamps=$(aws s3api list-objects --bucket "$bucket" --prefix "$path" --query 'Contents[].{LastModified: LastModified}') +if [ "$timestamps" != "null" ]; then + recent="$(printf '%s\n' "$timestamps" | jq -r 'max_by(.LastModified)')" +else + recent='' +fi + +printf '%s\n' "[$recent]" diff --git a/assets/emit.sh b/assets/emit.sh index 16f7e6c..5347052 100755 --- a/assets/emit.sh +++ b/assets/emit.sh @@ -3,6 +3,6 @@ set -e # give back a(n empty) version, so that the check passes when using `in`/`out` -echo "{ - \"version\": {} -}" +echo '{ + "version": {} +}' diff --git a/assets/in b/assets/in index f20410c..d2b0e79 100755 --- a/assets/in +++ b/assets/in @@ -14,28 +14,25 @@ if [ -z "$dest" ]; then fi ####################################### -# parse incoming config data -payload=`cat` -bucket=$(echo "$payload" | jq -r '.source.bucket') -path=$(echo "$payload" | jq -r '.source.path // ""') -options=$(echo "$payload" | jq -r '.source.options // [] | join(" ")') - -# export for `aws` cli -AWS_ACCESS_KEY_ID=$(echo "$payload" | jq -r '.source.access_key_id // empty') -AWS_SECRET_ACCESS_KEY=$(echo "$payload" | jq -r '.source.secret_access_key // empty') -AWS_DEFAULT_REGION=$(echo "$payload" | jq -r '.source.region // empty') +payload=$(cat) +bucket=$(printf '%s\n' "$payload" | jq -r '.source.bucket // ""') +path=$(printf '%s\n' "$payload" | jq -r '.source.path // ""') +options=$(printf '%s\n' "$payload" | jq -r '.source.options // [] | join(" ")') +AWS_ACCESS_KEY_ID=$(printf '%s\n' "$payload" | jq -r '.source.access_key_id // ""') +AWS_SECRET_ACCESS_KEY=$(printf '%s\n' "$payload" | jq -r '.source.secret_access_key // ""') +AWS_DEFAULT_REGION=$(printf '%s\n' "$payload" | jq -r '.source.region // ""') # Due to precedence rules, must be unset to support AWS IAM Roles. if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ]; then - export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID - export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY + export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY fi # Export AWS_DEFAULT_REGION if set [ -n "$AWS_DEFAULT_REGION" ] && export AWS_DEFAULT_REGION echo "Downloading from S3..." -eval aws s3 sync "s3://$bucket/$path" $dest $options +eval "set -- $options" # transform options list into argument vector elements +aws s3 sync "s3://$bucket/$path" "$dest" "$@" echo "...done." -. "$(dirname $0)/emit.sh" >&3 +. "$(dirname "$0")/emit.sh" >&3 diff --git a/assets/out b/assets/out index 14ac646..e1f207f 100755 --- a/assets/out +++ b/assets/out @@ -16,22 +16,19 @@ fi # disable trace since we're interacting with sensitive values set +x -# parse incoming config data -payload=`cat` -bucket=$(echo "$payload" | jq -r '.source.bucket') -path=$(echo "$payload" | jq -r '.source.path // ""') -options=$(echo "$payload" | jq -r '.source.options // [] | join(" ")') -change_dir_to=$(echo "$payload" | jq -r '.source.change_dir_to // "." ') - -# export for `aws` cli -AWS_ACCESS_KEY_ID=$(echo "$payload" | jq -r '.source.access_key_id // empty') -AWS_SECRET_ACCESS_KEY=$(echo "$payload" | jq -r '.source.secret_access_key // empty') -AWS_DEFAULT_REGION=$(echo "$payload" | jq -r '.source.region // empty') + +payload=$(cat) +bucket=$(printf '%s\n' "$payload" | jq -r '.source.bucket // ""') +path=$(printf '%s\n' "$payload" | jq -r '.source.path // ""') +change_dir_to=$(printf '%s\n' "$payload" | jq -r '.source.change_dir_to // ""') +options=$(printf '%s\n' "$payload" | jq -r '.source.options // [] | join(" ")') +AWS_ACCESS_KEY_ID=$(printf '%s\n' "$payload" | jq -r '.source.access_key_id // ""') +AWS_SECRET_ACCESS_KEY=$(printf '%s\n' "$payload" | jq -r '.source.secret_access_key // ""') +AWS_DEFAULT_REGION=$(printf '%s\n' "$payload" | jq -r '.source.region // ""') # Due to precedence rules, must be unset to support AWS IAM Roles. if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ]; then - export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID - export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY + export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY fi # re-enable trace since we're done interacting with sensitive values @@ -40,10 +37,11 @@ set -x # Export AWS_DEFAULT_REGION if set [ -n "$AWS_DEFAULT_REGION" ] && export AWS_DEFAULT_REGION -cd ${source}/${change_dir_to} +cd "${source}/${change_dir_to}" echo "Uploading to S3..." -eval aws s3 sync . "s3://$bucket/$path" $options +eval "set -- $options" +aws s3 sync . "s3://$bucket/$path" "$@" echo "...done." -. "$(dirname $0)/emit.sh" >&3 +. "$(dirname "$0")/emit.sh" >&3