-
Notifications
You must be signed in to change notification settings - Fork 24
/
Copy pathbuild.rs
123 lines (111 loc) · 3.75 KB
/
build.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
use anyhow::{bail, Context, Result};
use std::env;
use std::path::PathBuf;
use std::process::Command;
fn check_git_secrets() -> Result<()> {
match Command::new("git").args(["secrets", "--list"]).output() {
Ok(output) => match output.status.code() {
Some(0) => {
let output = String::from_utf8(output.stdout)?;
for line in output.lines() {
if line.ends_with("llt-secrets/secrets")
|| line.ends_with("llt-secrets\\secrets")
{
return Ok(());
}
}
bail!("llt-secrets not found in git-secrets providers list!")
}
Some(1) => {
let stderr = String::from_utf8(output.stderr)?;
if let Some(true) = stderr
.lines()
.next()
.map(|line| line.starts_with("git: 'secrets' is not a git command."))
{
bail!("git-secrets not installed!")
}
bail!("llt-secrets not found in git-secrets providers list!")
}
_ => {
bail!(
"git-secrets failed with status code: {}\nstdout:\n{}\nstderr:\n{}\n",
output.status,
String::from_utf8(output.stdout).unwrap_or_default(),
String::from_utf8(output.stderr).unwrap_or_default(),
)
}
},
Err(error) => {
bail!("git failed with unexpected error: {error}")
}
}
}
fn get_git_path() -> Result<PathBuf> {
match Command::new("git")
.args(["rev-parse", "--git-dir"])
.output()
{
Ok(output) => Ok(String::from_utf8(output.stdout)?.trim().into()),
Err(_) => {
bail!("Failed to get git directory. git rev-parse --git-dir failed.")
}
}
}
fn check_git_hooks() -> Result<()> {
let hooks_path = get_git_path()
.context("Checking git hooks failed")?
.join("hooks");
let hooks = vec![
hooks_path.join("commit-msg"),
hooks_path.join("pre-commit"),
hooks_path.join("prepare-commit-msg"),
];
for hook in hooks {
if !hook.exists() {
bail!("Hook {:?} not installed", hook)
}
}
Ok(())
}
fn verify_llt_secrets() {
if !env::var("GITLAB_CI")
.or(env::var("GITHUB_ACTIONS"))
.is_ok_and(|value| value == "true")
{
if env::var("BYPASS_LLT_SECRETS").is_ok() {
println!("cargo:warning=BYPASS_LLT_SECRETS IS SET, COMMIT CAREFULLY!!");
return;
}
println!("cargo:rerun-if-changed=./crates");
println!("cargo:rerun-if-changed=./src");
#[allow(clippy::panic)]
match check_git_secrets().and_then(|_| check_git_hooks()) {
Ok(_) => {}
Err(err) => {
panic!(
"Secrets scanning seems to be missing or misconfigured. Either run checkout scripts \
or run with BYPASS_LLT_SECRETS environment variable set\nError: {:#}",
err
);
}
}
}
}
fn main() -> Result<()> {
uniffi::generate_scaffolding("./src/libtelio.udl")?;
verify_llt_secrets();
let target_os = env::var("CARGO_CFG_TARGET_OS")?;
if target_os == "android" {
let pkg_name = env!("CARGO_PKG_NAME");
let soname = format!("lib{}.so", pkg_name);
println!("cargo:rustc-cdylib-link-arg=-Wl,-soname,{}", soname);
}
#[cfg(windows)]
if target_os == "windows" {
winres::WindowsResource::new()
.set("LegalCopyright", "Nord Security")
.compile()?;
}
Ok(())
}