Merge pull request #2 from envato/update_checksum

Update checksum
envato-archive · Nov 30, 2018 · 177b09a · 177b09a
2 parents c2a1c67 + 81cc810
commit 177b09a
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 26 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+**.swp
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -9,3 +9,9 @@ services:
     command: ["--id", "envato/lambda-deploy"]
     volumes:
       - ".:/plugin:ro"
+  shell_check:
+    image: koalaman/shellcheck
+    command: ["--color=always", "hooks/command"]
+    working_dir: /plugin
+    volumes:
+      - ".:/plugin:ro"
diff --git a/hooks/command b/hooks/command
@@ -2,12 +2,13 @@
 
 set -euo pipefail
 
-deploy_command=("aws" "lambda" "update-function-code")
+deploy_command=("aws" "lambda" "update-function-code" "--publish")
 aws_s3_copy_command=("aws" "s3" "cp" "--acl" "private")
 
 BUILDKITE_PLUGIN_LAMBDA_DEPLOY_FUNCTION_NAME=${BUILDKITE_PLUGIN_LAMBDA_DEPLOY_FUNCTION_NAME:-''}
 BUILDKITE_PLUGIN_LAMBDA_DEPLOY_ZIP_FILE=${BUILDKITE_PLUGIN_LAMBDA_DEPLOY_ZIP_FILE:-''}
 BUILDKITE_PLUGIN_LAMBDA_DEPLOY_PATH=${BUILDKITE_PLUGIN_LAMBDA_DEPLOY_PATH:-''}
+BUILDKITE_PLUGIN_LAMBDA_DEPLOY_REGION=${BUILDKITE_PLUGIN_LAMBDA_DEPLOY_REGION:-us-east-1}
 COPY_TO_S3=false
 
 if [[ "${BUILDKITE_PLUGIN_LAMBDA_DEPLOY_DEBUG:-false}" =~ (true|on|1) ]] ; then
@@ -53,18 +54,18 @@ else
 fi
 
 aws_s3_copy() {
-  ${aws_s3_copy_command[@]}
+  "${aws_s3_copy_command[@]}"
 }
 
 aws_lambda_code_update() {
-  ${deploy_command[@]} | jq '.CodeSha256'
+  "${deploy_command[@]}" | jq '.CodeSha256' | tr -d '"'
 }
 
 # zip up paths if provided 
 make_zip() {
-  if [[ -e $ZIP_PATH ]] ; then
-    pushd $ZIP_PATH
-    zip -r ${DEPLOY_ZIP_FILE} .
+  if [[ -e "$ZIP_PATH" ]] ; then
+    pushd "$ZIP_PATH"
+    zip -r "${DEPLOY_ZIP_FILE}" .
     popd
   else
     echo "🚨: Path for zip file not found" >&2
@@ -73,7 +74,7 @@ make_zip() {
 }
 
 code_sha256() {
-  shasum -a 256 $DEPLOY_ZIP_FILE | base64
+  openssl dgst -sha256 -binary "${DEPLOY_ZIP_FILE}" | base64 | tr -d '"'
 }
 
 # If deploy zip file exists, don't zip.
@@ -85,7 +86,7 @@ LOCAL_CHECKSUM=$(code_sha256)
 
 RETURNED_CHECKSUM=$(aws_lambda_code_update)
 
-if [[ $RETURNED_CHECKSUM == $LOCAL_CHECKSUM ]] ; then
+if [[ "$RETURNED_CHECKSUM" == "${LOCAL_CHECKSUM}" ]] ; then
   echo "Successfully uploaded new function code with SHA ${RETURNED_CHECKSUM}"
 else
   echo "🚨:Checksum of local zip file ($LOCAL_CHECKSUM) does not match the returned checksum from AWS (${RETURNED_CHECKSUM})"

diff --git a/tests/command.bats b/tests/command.bats
@@ -5,7 +5,7 @@ load '/usr/local/lib/bats/load.bash'
 # Uncomment to enable stub debug output:
 #export AWS_STUB_DEBUG=/dev/tty
 #export ZIP_STUB_DEBUG=/dev/tty
-#export SHASUM_STUB_DEBUG=/dev/tty
+#export OPENSSL_STUB_DEBUG=/dev/tty
 #export BASE64_STUB_DEBUG=/dev/tty
 #export JQ_STUB_DEBUG=/dev/tty
 
@@ -34,13 +34,13 @@ teardown() {
 @test "Command runs without errors" {
   stub zip \
     "-r /plugin/fake/path/myfunc-2323.zip * : echo 'ok %d %s%s\n'"
-  stub shasum \
-    "-a 256 /plugin/fake/path/myfunc-2323.zip : echo 'TWpJeU1qSXlNakl5TWpJSwo='"
+  stub openssl \
+    "dgst -sha256 -binary /plugin/fake/path/myfunc-2323.zip : echo 'binarydata'"
   stub base64 \
     ": echo 'TWpJeU1qSXlNakl5TWpJSwo='"
   stub aws \
     "s3 cp --acl private --region ap-southeast-2 /plugin/fake/path/myfunc-2323.zip s3://myfuncbucket/deploy_code/production/myfunc-2323.zip : echo 'upload: test.txt to s3://myfuncbucket/deploy_code/production/myfunc-2323.zip'" \
-    "lambda update-function-code --function-name myfunc --region ap-southeast-2 --s3-bucket myfuncbucket --s3-key deploy_code/production/myfunc-2323.zip : cat tests/lambda_output.json"
+    "lambda update-function-code --publish --function-name myfunc --region ap-southeast-2 --s3-bucket myfuncbucket --s3-key deploy_code/production/myfunc-2323.zip : cat tests/lambda_output.json"
   stub jq \
     "'.CodeSha256' : echo 'TWpJeU1qSXlNakl5TWpJSwo='"
 
@@ -51,7 +51,7 @@ teardown() {
 
   unstub zip
   unstub aws
-  unstub shasum
+  unstub openssl 
   unstub base64
   unstub jq
 }
@@ -60,12 +60,12 @@ teardown() {
   unset BUILDKITE_PLUGIN_LAMBDA_DEPLOY_S3_BUCKET
   unset BUILDKITE_PLUGIN_LAMBDA_DEPLOY_S3_KEY
 
-  stub shasum \
-    "-a 256 /plugin/fake/path/myfunc-2323.zip : echo 'TWpJeU1qSXlNakl5TWpJSwo='"
+  stub openssl \
+    "dgst -sha256 -binary /plugin/fake/path/myfunc-2323.zip : echo 'binarydata'"
   stub base64 \
     ": echo 'TWpJeU1qSXlNakl5TWpJSwo='"  
   stub aws \
-    "lambda update-function-code --function-name myfunc --region ap-southeast-2 --zip-file fileb:///plugin/fake/path/myfunc-2323.zip : cat tests/lambda_output.json"
+    "lambda update-function-code --publish --function-name myfunc --region ap-southeast-2 --zip-file fileb:///plugin/fake/path/myfunc-2323.zip : cat tests/lambda_output.json"
   stub jq \
     "'.CodeSha256' : echo 'TWpJeU1qSXlNakl5TWpJSwo='"
 
@@ -75,7 +75,7 @@ teardown() {
   assert_output --partial "Successfully uploaded new function code with SHA TWpJeU1qSXlNakl5TWpJSwo="
 
   unstub aws
-  unstub shasum
+  unstub openssl
   unstub base64
   unstub jq
 }
@@ -85,12 +85,12 @@ teardown() {
   unset BUILDKITE_PLUGIN_LAMBDA_DEPLOY_S3_KEY
   unset BUILDKITE_PLUGIN_LAMBDA_DEPLOY_PATH
 
-  stub shasum \
-    "-a 256 /plugin/myfunc-2323.zip : echo 'TWpJeU1qSXlNakl5TWpJSwo='"
+  stub openssl \
+    "dgst -sha256 -binary /plugin/myfunc-2323.zip : echo 'binarydata'"
   stub base64 \
     ": echo 'TWpJeU1qSXlNakl5TWpJSwo='"  
   stub aws \
-    "lambda update-function-code --function-name myfunc --region ap-southeast-2 --zip-file fileb:///plugin/myfunc-2323.zip : cat tests/lambda_output.json"
+    "lambda update-function-code --publish --function-name myfunc --region ap-southeast-2 --zip-file fileb:///plugin/myfunc-2323.zip : cat tests/lambda_output.json"
   stub jq \
     "'.CodeSha256' : echo 'TWpJeU1qSXlNakl5TWpJSwo='"
 
@@ -101,21 +101,21 @@ teardown() {
   assert_output --partial "Successfully uploaded new function code with SHA TWpJeU1qSXlNakl5TWpJSwo="
 
   unstub aws
-  unstub shasum
+  unstub openssl
   unstub base64
   unstub jq
 }
 
 @test "Command runs with error when checksum returned from AWS is not the same" {
   stub zip \
     "-r /plugin/fake/path/myfunc-2323.zip * : echo 'ok %d %s%s\n'"
-  stub shasum \
-    "-a 256 /plugin/fake/path/myfunc-2323.zip : echo 'TWpJeU1qSXlNakl5TWpJSwo='"
+  stub openssl \
+    "dgst -sha256 -binary /plugin/fake/path/myfunc-2323.zip : echo 'binarydata'"
   stub base64 \
     ": echo 'TWpJeU1qSXlNakl5TWpJSwo='"
   stub aws \
     "s3 cp --acl private --region ap-southeast-2 /plugin/fake/path/myfunc-2323.zip s3://myfuncbucket/deploy_code/production/myfunc-2323.zip : echo 'upload: test.txt to s3://myfuncbucket/deploy_code/production/myfunc-2323.zip'" \
-    "lambda update-function-code --function-name myfunc --region ap-southeast-2 --s3-bucket myfuncbucket --s3-key deploy_code/production/myfunc-2323.zip : cat tests/lambda_output.json"
+    "lambda update-function-code --publish --function-name myfunc --region ap-southeast-2 --s3-bucket myfuncbucket --s3-key deploy_code/production/myfunc-2323.zip : cat tests/lambda_output.json"
   stub jq \
     "'.CodeSha256' : echo 'NOTAGOODSHA'"
 
@@ -126,7 +126,7 @@ teardown() {
 
   unstub zip
   unstub aws
-  unstub shasum
+  unstub openssl 
   unstub base64
   unstub jq
 }
@@ -155,4 +155,4 @@ teardown() {
   run "$PWD/hooks/command"
   assert_failure
   assert_output --partial "🚨: You must supply a function name"
-}
+}