63 lines
1.2 KiB
Bash
63 lines
1.2 KiB
Bash
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
usage() {
|
|
cat <<'EOF'
|
|
Usage:
|
|
guard_apply_patch.sh PATCH_FILE [--cwd DIR] [--allow-deletes] [--max-files N] [--max-changed-lines N] [--allow-path-prefix PREFIX ...]
|
|
|
|
Description:
|
|
Validates a patch and applies it only if policy checks pass.
|
|
EOF
|
|
}
|
|
|
|
if [[ "${1:-}" == "-h" || "${1:-}" == "--help" || "${#}" -lt 1 ]]; then
|
|
usage
|
|
exit 0
|
|
fi
|
|
|
|
PATCH_FILE="$1"
|
|
shift
|
|
|
|
CWD="$(pwd)"
|
|
VALIDATOR_ARGS=()
|
|
|
|
while [[ $# -gt 0 ]]; do
|
|
case "$1" in
|
|
--cwd)
|
|
CWD="$2"
|
|
shift 2
|
|
;;
|
|
--allow-deletes)
|
|
VALIDATOR_ARGS+=("$1")
|
|
shift
|
|
;;
|
|
--max-files|--max-changed-lines|--allow-path-prefix)
|
|
VALIDATOR_ARGS+=("$1" "$2")
|
|
shift 2
|
|
;;
|
|
*)
|
|
VALIDATOR_ARGS+=("$1")
|
|
shift
|
|
;;
|
|
esac
|
|
done
|
|
|
|
if [[ ! -f "$PATCH_FILE" ]]; then
|
|
echo "Patch file not found: $PATCH_FILE" >&2
|
|
exit 1
|
|
fi
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
VALIDATOR="$SCRIPT_DIR/guard_validate_patch.py"
|
|
|
|
python3 "$VALIDATOR" "$PATCH_FILE" --cwd "$CWD" "${VALIDATOR_ARGS[@]}"
|
|
|
|
echo "Validation passed. Running dry-run apply..."
|
|
patch -p1 --dry-run -d "$CWD" < "$PATCH_FILE"
|
|
|
|
echo "Applying patch..."
|
|
patch -p1 -d "$CWD" < "$PATCH_FILE"
|
|
|
|
echo "Done."
|