egutierrez
8f37b0e81a
discover_git_repos: quitar -type d para cubrir submodulos
y worktrees (.git como archivo, no solo directorio).
full_git_push auto-init: reemplazar bucle hardcodeado
sobre apps/, analysis/, projects/*/{apps,analysis}/ por
iteracion BD-driven sobre TODOS los dir_path indexados.
Cubre cpp/apps/, projects/*/apps/ y cualquier ubicacion
futura sin tocar este codigo.
Detectaba 32 repos; ahora 33. Auto-init detecta 2 missing
(chart_demo, shaders_lab) que antes quedaban fuera.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
198 lines
7.3 KiB
Bash
198 lines
7.3 KiB
Bash
#!/usr/bin/env bash
|
|
# Pipeline: full_git_push — Push automatico de fn_registry + todos los sub-repos + fn sync
|
|
# Descubre repos, escanea secrets, auto-commitea dirty trees, pushea solo los ahead,
|
|
# pushea ~/.password-store, y ejecuta fn sync para sincronizar metadata no regenerable.
|
|
set -euo pipefail
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
INFRA_DIR="$SCRIPT_DIR/../infra"
|
|
CYBERSEC_DIR="$SCRIPT_DIR/../cybersecurity"
|
|
|
|
source "$INFRA_DIR/discover_git_repos.sh"
|
|
source "$INFRA_DIR/git_auto_commit_dirty.sh"
|
|
source "$INFRA_DIR/git_push_if_ahead.sh"
|
|
source "$INFRA_DIR/pass_get.sh"
|
|
source "$INFRA_DIR/ensure_repo_synced.sh"
|
|
source "$CYBERSEC_DIR/scan_secrets_in_dirty.sh"
|
|
|
|
full_git_push() {
|
|
local commit_message="${1:-}"
|
|
|
|
# Resolver raiz del registry
|
|
local registry_root="${FN_REGISTRY_ROOT:-/home/lucas/fn_registry}"
|
|
cd "$registry_root"
|
|
|
|
echo "=== full_git_push: inicio ===" >&2
|
|
echo "Registry root: $registry_root" >&2
|
|
|
|
# --- Paso 1: Descubrir repos ---
|
|
echo "" >&2
|
|
echo "[1/6] Descubriendo repos git..." >&2
|
|
local repos
|
|
repos=$(discover_git_repos "$registry_root")
|
|
|
|
# --- Paso 1b: Auto-inicializar apps/analyses sin .git ---
|
|
echo "" >&2
|
|
echo "[1b] Verificando apps/analyses sin git..." >&2
|
|
|
|
local gitea_url gitea_token
|
|
gitea_url=$(pass_get agentes/gitea-url | head -n1 2>/dev/null || true)
|
|
gitea_token=$(pass_get gitea/dataforge-git-token | head -n1 2>/dev/null || true)
|
|
|
|
if [[ -n "$gitea_url" && -n "$gitea_token" ]]; then
|
|
export GITEA_URL="$gitea_url"
|
|
export GITEA_TOKEN="$gitea_token"
|
|
export FN_REGISTRY_INFRA_DIR="$INFRA_DIR"
|
|
|
|
# BD-driven: itera TODOS los dir_path de apps y analyses indexados.
|
|
# Cubre apps/, cpp/apps/, projects/<p>/apps/, analysis/, projects/<p>/analysis/
|
|
# y cualquier ubicacion futura sin tocar este codigo.
|
|
if [[ -f "$registry_root/registry.db" ]] && command -v sqlite3 >/dev/null 2>&1; then
|
|
while IFS= read -r dir_path; do
|
|
[[ -z "$dir_path" ]] && continue
|
|
local d="$registry_root/$dir_path"
|
|
[[ -d "$d" ]] || continue
|
|
[[ -d "$d/.git" ]] && continue
|
|
echo " auto-init: $d" >&2
|
|
ensure_repo_synced "$d" dataforge "$(basename "$d")" master "chore: initial sync" || \
|
|
echo " [warn] fallo inicializando $d" >&2
|
|
done < <(sqlite3 "$registry_root/registry.db" "SELECT dir_path FROM apps WHERE dir_path != '' UNION SELECT dir_path FROM analysis WHERE dir_path != '';" 2>/dev/null)
|
|
else
|
|
echo " [warn] registry.db o sqlite3 no disponibles — omitiendo auto-init BD-driven" >&2
|
|
fi
|
|
else
|
|
echo " [skip] GITEA_URL/GITEA_TOKEN no disponibles — omitiendo auto-init" >&2
|
|
fi
|
|
|
|
# Redescubrir repos tras posibles inicializaciones
|
|
repos=$(discover_git_repos "$registry_root")
|
|
|
|
# --- Paso 2: Escanear secrets ---
|
|
echo "" >&2
|
|
echo "[2/6] Escaneando secrets en dirty trees..." >&2
|
|
local secret_matches=""
|
|
while IFS= read -r repo; do
|
|
[[ -z "$repo" ]] && continue
|
|
local matches
|
|
matches=$(scan_secrets_in_dirty "$repo" 2>/dev/null || true)
|
|
if [[ -n "$matches" ]]; then
|
|
secret_matches="$secret_matches"$'\n'"--- $repo ---"$'\n'"$matches"
|
|
fi
|
|
done <<< "$repos"
|
|
|
|
if [[ -n "$secret_matches" ]]; then
|
|
echo "" >&2
|
|
echo "ABORTANDO: archivos sospechosos detectados antes de commitear:" >&2
|
|
echo "$secret_matches" >&2
|
|
echo "" >&2
|
|
echo "Gestiona esos archivos (.gitignore, mover, o decidir si entran) y reintenta." >&2
|
|
return 1
|
|
fi
|
|
echo " OK: sin archivos sospechosos" >&2
|
|
|
|
# --- Paso 3: Auto-commitear dirty trees ---
|
|
echo "" >&2
|
|
echo "[3/6] Auto-commiteando dirty trees..." >&2
|
|
local commits_summary=""
|
|
while IFS= read -r repo; do
|
|
[[ -z "$repo" ]] && continue
|
|
local subject
|
|
subject=$(git_auto_commit_dirty "$repo" "$commit_message" 2>/dev/null || true)
|
|
if [[ -n "$subject" ]]; then
|
|
local repo_name
|
|
repo_name="$(basename "$repo")"
|
|
echo " commit: $repo_name — $subject" >&2
|
|
commits_summary="$commits_summary"$'\n'" $repo_name: $subject"
|
|
fi
|
|
done <<< "$repos"
|
|
|
|
# --- Paso 4: Push de repos con commits locales ---
|
|
echo "" >&2
|
|
echo "[4/6] Pusheando repos adelantados..." >&2
|
|
local push_summary=""
|
|
while IFS= read -r repo; do
|
|
[[ -z "$repo" ]] && continue
|
|
local status_line
|
|
status_line=$(git_push_if_ahead "$repo" 2>/dev/null || true)
|
|
if [[ -n "$status_line" ]]; then
|
|
echo " $status_line" >&2
|
|
push_summary="$push_summary"$'\n'" $status_line"
|
|
fi
|
|
done <<< "$repos"
|
|
|
|
# --- Paso 5: Push de ~/.password-store (sin commitear) ---
|
|
echo "" >&2
|
|
echo "[5/6] Verificando ~/.password-store..." >&2
|
|
local pass_dir="${PASSWORD_STORE_DIR:-$HOME/.password-store}"
|
|
local pass_summary=" [skip] password-store: no encontrado"
|
|
if [[ -d "$pass_dir/.git" ]]; then
|
|
local pass_dirty
|
|
pass_dirty=$(git -C "$pass_dir" status --porcelain | wc -l)
|
|
if [[ "$pass_dirty" -gt 0 ]]; then
|
|
echo " [warn] ~/.password-store tiene cambios sin commitear; pass debe commitear solo. Saltando push." >&2
|
|
pass_summary=" [warn] password-store: dirty (pass no commiteo)"
|
|
else
|
|
local pass_status
|
|
pass_status=$(git_push_if_ahead "$pass_dir" 2>/dev/null || true)
|
|
echo " $pass_status" >&2
|
|
pass_summary=" $pass_status"
|
|
fi
|
|
fi
|
|
|
|
# --- Paso 6: fn sync ---
|
|
echo "" >&2
|
|
echo "[6/6] Ejecutando fn sync..." >&2
|
|
local sync_summary=" [skip] fn sync: credenciales no disponibles"
|
|
local fn_bin="$registry_root/fn"
|
|
if [[ -x "$fn_bin" ]]; then
|
|
local api_user api_pass api_token
|
|
api_user=$(pass_get registry/basicauth-user | head -n1 2>/dev/null || true)
|
|
api_pass=$(pass_get registry/basicauth-pass | head -n1 2>/dev/null || true)
|
|
api_token=$(pass_get registry/api-token | head -n1 2>/dev/null || true)
|
|
|
|
if [[ -n "$api_user" && -n "$api_pass" && -n "$api_token" ]]; then
|
|
export FN_REGISTRY_API="https://${api_user}:${api_pass}@registry.organic-machine.com"
|
|
export REGISTRY_API_TOKEN="$api_token"
|
|
local sync_out
|
|
sync_out=$("$fn_bin" sync 2>&1) && {
|
|
sync_summary=" OK: $sync_out"
|
|
} || {
|
|
sync_summary=" [error] fn sync: $sync_out"
|
|
}
|
|
echo " $sync_summary" >&2
|
|
else
|
|
echo " [warn] Credenciales registry no disponibles — omitiendo fn sync" >&2
|
|
fi
|
|
else
|
|
echo " [warn] $fn_bin no encontrado — omitiendo fn sync" >&2
|
|
fi
|
|
|
|
# --- Resumen ---
|
|
echo ""
|
|
echo "===== RESUMEN full_git_push ====="
|
|
echo ""
|
|
echo "Commits creados:"
|
|
if [[ -n "$commits_summary" ]]; then
|
|
echo "$commits_summary"
|
|
else
|
|
echo " (ninguno)"
|
|
fi
|
|
echo ""
|
|
echo "Push status:"
|
|
if [[ -n "$push_summary" ]]; then
|
|
echo "$push_summary"
|
|
else
|
|
echo " (ninguno)"
|
|
fi
|
|
echo ""
|
|
echo "pass-secrets:"
|
|
echo "$pass_summary"
|
|
echo ""
|
|
echo "fn sync:"
|
|
echo "$sync_summary"
|
|
echo ""
|
|
echo "================================="
|
|
}
|
|
|
|
full_git_push "$@"
|