derive-gitlab.sh
4.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
#!/usr/bin/env bash
# derive-gitlab.sh — 从 git origin 远程派生 GitLab 凭据并回填 .env.local
#
# 用法: bash derive-gitlab.sh [.env.local 路径,默认 .env.local]
#
# 派生字段:
# GITLAB_API_URL = <scheme>://<host>/api/v3
# GITLAB_PROJECT_ID = 通过 GitLab API(GET /projects?search=...)解析得到的项目数字 ID
# 要求 GITLAB_TOKEN 已填且有效;token 缺失 / 验证失败 / 未匹配时留 TBD
#
# 仅当字段值为 TBD(A5 自动补) 或空时回填;用户手填值不动。
# 仅支持 http(s) origin URL;其他协议(ssh / git@)跳过。
# GITLAB_TOKEN 不派生,留给用户手填。
#
# 退出码:
# 0 = 派生完成或主动跳过(origin 不存在 / 协议不支持)
# 2 = .env.local 路径错
set -uo pipefail
ENV_FILE=${1:-.env.local}
[ -f "$ENV_FILE" ] || { echo "derive-gitlab.sh: env file not found: $ENV_FILE" >&2; exit 2; }
URL=$(git remote get-url origin 2>/dev/null || true)
if [ -z "$URL" ]; then
echo "derive-gitlab.sh: 未配置 origin 远程,GITLAB_* 留给用户手填" >&2
exit 0
fi
case "$URL" in
https://*) SCHEME=https ;;
http://*) SCHEME=http ;;
*)
echo "derive-gitlab.sh: origin 不是 http(s) URL ($URL),跳过派生" >&2
exit 0
;;
esac
REST=${URL#${SCHEME}://}
HOST=${REST%%/*}
PATH_RAW=${REST#*/}
PATH_RAW=${PATH_RAW%.git}
REPO_NAME=$(basename "$PATH_RAW")
API_URL="${SCHEME}://${HOST}/api/v3"
update_field() {
local key=$1 newval=$2
local line
line=$(grep -E "^${key}=" "$ENV_FILE" | head -1)
if [ -z "$line" ]; then
echo " ${key} = (.env.local 中无此行,跳过)" >&2
return
fi
local current=${line#${key}=}
# 剥外层单/双引号再比较,模板里 TBD(A5 自动补) 因含空格/括号必须加引号才能被 source
local stripped=$current
case "$stripped" in
\'*\') stripped=${stripped#\'}; stripped=${stripped%\'} ;;
\"*\") stripped=${stripped#\"}; stripped=${stripped%\"} ;;
esac
if [ -z "$stripped" ] || [ "$stripped" = "TBD(A5 自动补)" ]; then
sed -i.bak -E "s|^${key}=.*$|${key}=${newval}|" "$ENV_FILE" && rm -f "${ENV_FILE}.bak"
echo " ${key} = ${newval} [已派生填入]"
elif [ "$stripped" = "$newval" ]; then
echo " ${key} = ${newval} [已是派生值,无需更新]"
else
echo " ${key} = ${stripped} [保留用户手填,未覆盖派生值 ${newval}]"
fi
}
report_token() {
local key=GITLAB_TOKEN
local line
line=$(grep -E "^${key}=" "$ENV_FILE" | head -1)
if [ -z "$line" ]; then
echo " ${key} = (.env.local 中无此行,跳过)" >&2
return
fi
local current=${line#${key}=}
local stripped=$current
case "$stripped" in
\'*\') stripped=${stripped#\'}; stripped=${stripped%\'} ;;
\"*\") stripped=${stripped#\"}; stripped=${stripped%\"} ;;
esac
case "$stripped" in
""|"【人工填写:"*|"TBD"*)
echo " ${key} = ${stripped} [待人工填写:GitLab Profile → Account → Private token]"
;;
*)
local masked
if [ ${#stripped} -le 8 ]; then
masked=$(printf '%*s' ${#stripped} '' | tr ' ' '*')
else
masked="${stripped:0:4}$(printf '%*s' $((${#stripped}-8)) '' | tr ' ' '*')${stripped: -4}"
fi
echo " ${key} = ${masked} [已填入,长度 ${#stripped}]"
;;
esac
}
echo "derive-gitlab.sh: 从 origin ($URL) 派生 GitLab 凭据:"
update_field GITLAB_API_URL "$API_URL"
# GITLAB_PROJECT_ID:通过 GitLab API 解析数字 ID(要求 token 已填且有效)
TOKEN_LINE=$(grep -E '^GITLAB_TOKEN=' "$ENV_FILE" | head -1)
TOKEN_VAL=${TOKEN_LINE#GITLAB_TOKEN=}
case "$TOKEN_VAL" in
\'*\') TOKEN_VAL=${TOKEN_VAL#\'}; TOKEN_VAL=${TOKEN_VAL%\'} ;;
\"*\") TOKEN_VAL=${TOKEN_VAL#\"}; TOKEN_VAL=${TOKEN_VAL%\"} ;;
esac
case "$TOKEN_VAL" in
""|"【人工填写:"*|"TBD"*)
echo " GITLAB_PROJECT_ID = TBD [token 未填,跳过 API 解析;填完 token 后重跑此脚本]"
;;
*)
USER_HTTP=$(curl -sS -o /dev/null -w '%{http_code}' --header "PRIVATE-TOKEN: $TOKEN_VAL" "$API_URL/user" 2>/dev/null || echo "000")
if [ "$USER_HTTP" != "200" ]; then
echo " GITLAB_PROJECT_ID = TBD [token 验证失败 HTTP $USER_HTTP,留 TBD 待人工确认]"
else
SEARCH_RESP=$(curl -sS --header "PRIVATE-TOKEN: $TOKEN_VAL" \
"$API_URL/projects?search=$REPO_NAME&simple=true&per_page=50" 2>/dev/null || echo "[]")
NUMERIC_ID=$(echo "$SEARCH_RESP" | jq -r --arg p "$PATH_RAW" \
'.[] | select(.path_with_namespace == $p) | .id' 2>/dev/null | head -1)
if [ -n "$NUMERIC_ID" ]; then
update_field GITLAB_PROJECT_ID "$NUMERIC_ID"
else
echo " GITLAB_PROJECT_ID = TBD [API 未匹配 path_with_namespace=$PATH_RAW,请到 GitLab 项目设置页查数字 ID 后填入]"
fi
fi
;;
esac
report_token