Without --backtrace, the outmost try-catch block logs exceptions plainly as their text. If it catches a key error, the exception text only consists of the key itself, which can be easily mistaken for a normal program output, so prefix it with a "Failed:".
To be able to use secret handling code from other modules, move the bulk of it from the "secrets"-command centric implementation in cmds.secrets.Cmd into a new module cmds.secrets.lib.util.
_run_ssh() of ssh.Exec doesn't pass throw=False to run_cmd(), which makes it throw exceptions, and effectively strips the caller of any chance to get hold of stdout and stderr. Pass throw=False and let run() decide according the the caller-provided throw parameter whether or not a problem should propagate up as exception or return value.
ssh_client() tries a predefined order of client class implementations until it finds a workable candidate. For testing all, it's desirable to be able to target the exact class. Add a "type" parameter to achieve that.
I'm aware that type is also a function. But the semantics look so compelling to me that I'm using the variable name anyway.
Naively join()ing a command list to be executed remotely via SSH also quotes shell operators which doesn't work, of course. Work around that. The workaround will not always work but covers lots of cases.
Instantiating a SSHClient-derived class with an invalid or missing uri parameter is accepted and fails later down the road. Raise an Exception early on to make the error log more comprehensible.
The SSHClient classes Paramiko and Exec are exported via # export. This is a bad idea, because if Paramiko is not installed, none of the other's can be instantiated either: On the attempt to load them, __init__.py is loaded first and fails. SSHClient.ssh_client() knows what to do, no need to auto-import them into the lib.ec.ssh module.
/usr/bin/file <candidate> | grep text is used to detect if a file is a text file or not. Replace that with grep -I., because that adds some files left out by /usr/bin/file, notably systemd service files.
jw-pkg is copied into $(TOPDIR)/bin during build, that's wrong. Write a rule precisely targeted at installing /usr/bin/jw-pkg, and cut all the scripts.mk machinery.
Also, make jw-pkg a relative link to avoid the respective RPM warning.
run_curl() has no clear API of whether or not the return values should be decoded. It has parse_json, which should imply decoding, but there's no way to specify that explicitly. Moreover, when it tries to decode, it decodes on the coroutine returned from run_cmd(), not the awaited coroutine return value.
Add a decode parameter, defaulting to False, change the parse_json parameter's default from True to False, and fix the run_cmd() return value evaluation.
Make variable names a little more readable and searchable within the long pkg_relations_list() method by making their names longer and truer to what they actually mean.
CmdPrereq was mostly redundant to PkgRequired all along. CmdPrereq has grown more versatile, and CmdPrereq is not used throughout jw-pkg anylonger by now. Remove it.
log_start_stop() is responsible for logging markers at the beginning and end of a decorated log. They should not be applied if pgit.sh is run with --porcelain. In fact, they are, and vice versa. Fix that.
Set -o pipefail at the start of the script. This makes pgit.sh commit work. Before it didn't, because run_git() doesn't return a proper return value when it's used in a pipe with a cosmetic sed afterwards.
Rename git-show-pushable-master-branches to git-show-pushable, because, the target's recipe doesn't show pushable master branches, but all commits in the working directories current branch not present in origin/master.
Don't use persistent SSH-connections any more for "pkg-" targets,
because, sadly, this hangs after uploading a package.
This commit puts some safeguards against hanging SSH into place, namely setting default SSH timeouts down, SSH keepalive, setting SSH BatchMode to yes.
Use DEP_PROJECTS instead of BUILD_PROJECTS everywhere. DEP_PROJECTS considers more projects, and for all targets it is relevant to, it's desirable to have them operate on the maximum blast radius.
make git-show-pushable-master-branches misses projects which should better be pulled in as dependencies. It searches $(BUILLD_PROJECTS) for repositories with pushable commits, that variable leaves some out, and DEP_PROJECTS has them. It make use of the renovated pkg-requires command.
This move should be extended to other uses of BUILD_PROJECTS as well, after giving it some test runs. And the legacy and redundant command prereq should be removed.
