Add test for updated CA bundle

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

diff --git a/autotest-checkers.sh b/autotest-checkers.sh
index 96525655fe13b9961e94696cf997f4f283f027bb..ad29de1bdfac724c78463fccd92d57a332915caa 100755 (executable)
--- a/autotest-checkers.sh
+++ b/autotest-checkers.sh
@@ -10,6 +10,8 @@ php ./build/translation-checker.php
 RESULT=$(($RESULT+$?))
 php ./build/htaccess-checker.php
 RESULT=$(($RESULT+$?))
+bash ./build/ca-bundle-checker.sh
+RESULT=$(($RESULT+$?))
 
 
 for app in $(find "apps/" -mindepth 1 -maxdepth 1 -type d -exec basename {} \;); do

diff --git a/build/ca-bundle-checker.sh b/build/ca-bundle-checker.sh
new file mode 100755 (executable)
index 0000000..a23d625
--- /dev/null
+++ b/build/ca-bundle-checker.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+echo
+if [[ -n ${DRONE_BRANCH} &&  ! ${DRONE_BRANCH} =~ version\/noid\/.+ ]]; then
+    echo "Skip CA bundle check"
+    exit 0
+fi
+
+echo "Fetching latest ca-bundle.crt ..."
+curl -o resources/config/ca-bundle.crt https://curl.haxx.se/ca/cacert.pem
+
+echo
+outdated=$(git diff --name-only | grep "resources/config/ca-bundle.crt")
+if [ "${outdated}" = "resources/config/ca-bundle.crt" ]; then
+    echo "CA bundle is not up to date."
+    echo "Please run: bash build/ca-bundle-checker.sh"
+    echo "And commit the result"
+    exit 1
+fi
+
+echo "CA bundle is up to date."
+exit 0