phirna-pub/zima-apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
zima-apps/scripts/validate-appstore.sh
T
Joachim Friberg 9ea8ca421b Add caddy-autogen app, tests, and agent policy updates
2026-03-18 16:19:01 +01:00

96 lines
2.3 KiB
Bash
Executable File
Raw Permalink Blame History

#!/usr/bin/env bash
set -euo pipefail
repo_root="$(cd "$(dirname "$0")/.." && pwd)"
cd "$repo_root"
status=0
warnings=0
enforce_risk_docs=0
usage() {
echo "Usage: $0 [--enforce-risk-docs]"
}
if [[ "${1:-}" == "--enforce-risk-docs" ]]; then
enforce_risk_docs=1
shift
fi
if [[ $# -ne 0 ]]; then
usage
exit 2
fi
if [[ ! -d Apps ]]; then
echo "ERROR: Apps/ saknas"
exit 1
fi
while IFS= read -r compose_file; do
app_dir="$(dirname "$compose_file")"
app_id="$(basename "$app_dir")"
readme_file="$app_dir/README.md"
if [[ "$app_id" == "_template" ]]; then
continue
fi
if [[ ! -f "$readme_file" ]]; then
echo "ERROR: $app_dir saknar README.md"
status=1
fi
name_line="$(rg -n '^name:\s*[a-z0-9-]+\s*$' "$compose_file" || true)"
if [[ -z "$name_line" ]]; then
echo "ERROR: $compose_file saknar giltigt top-level 'name' (gemener + '-')"
status=1
fi
if rg -n 'image:\s*[^[:space:]]+:latest\s*$' "$compose_file" >/dev/null; then
echo "ERROR: $compose_file använder förbjuden image-tag ':latest'"
status=1
fi
if ! rg -n '^x-casaos:\s*$' "$compose_file" >/dev/null; then
echo "ERROR: $compose_file saknar top-level 'x-casaos'"
status=1
fi
risk_items=()
if rg -n '^\s*privileged:\s*true\s*$' "$compose_file" >/dev/null; then
risk_items+=("privileged:true")
fi
if rg -n '^\s*network_mode:\s*host\s*$' "$compose_file" >/dev/null; then
risk_items+=("network_mode:host")
fi
if rg -n '/var/run/docker.sock' "$compose_file" >/dev/null; then
risk_items+=("docker.sock-mount")
fi
if [[ ${#risk_items[@]} -gt 0 ]]; then
warnings=$((warnings + 1))
echo "WARN: $compose_file använder högrisk-inställningar: ${risk_items[*]}"
if [[ $enforce_risk_docs -eq 1 ]]; then
if [[ ! -f "$readme_file" ]] || ! rg -n '^##\s+(Säkerhetsavvikelser|Security Exceptions)\s*$' "$readme_file" >/dev/null; then
echo "ERROR: $app_dir har högrisk-inställningar men README.md saknar sektion '## Säkerhetsavvikelser' (eller '## Security Exceptions')"
status=1
fi
fi
fi
done < <(find Apps -type f -name 'docker-compose.yaml' | sort)
if [[ $status -ne 0 ]]; then
echo "Validation FAILED"
exit $status
fi
if [[ $warnings -gt 0 ]]; then
echo "Validation OK with $warnings warning(s)"
exit 0
fi
echo "Validation OK"
Reference in New Issue View Git Blame Copy Permalink