As scap has seen increasing adoption, one common pattern that has
emerged is to use the command check type to run a script. Often this
script will act on the revision currently being deployed, and the script
itself may be part of the newly deployed code. This can be problematic
as the the final path (i.e., /srv/deployment/[repo]) is a symlink that
points to different revisions at different stages of deployment. That
is, during fetch and config_deploy the final path points to the old
revision. In all subsequent stages, the final path points to the new
revision.
To simplify this pattern, this commit introduces two changes: a script
check type, and new check environment variables for use in commands and
scripts.
script checks are file names of executable files within the
scap/scripts directory. This allows the old means of executing
scripts:
checks: fetch_checks: type: command stage: fetch command: bash scap/fetch_check.sh
to be written as:
checks: fetch_checks: type: script stage: fetch command: fetch_check.sh
This ensures that the script being executed will always be the latest
version, no matter at what stage of deployment it is called.
Further, within a script, the environment variables $SCAP_FINAL_PATH
and $SCAP_REV_PATH can be used to refer to the final path (i.e.,
/srv/deployment/[repo]) and the in-progress deployment path (i.e.,
/srv/deployment/[repo]-cache/revs/[revision]).
This should address concerns raised in T154612.