check-exif-in-images.sh: Code Quality JSON output

2025-04-07 17:43:33 +02:00 · 2025-04-07 17:43:33 +02:00 · b82e0b0f57
commit b82e0b0f57
parent c1e19979da
2 changed files with 26 additions and 4 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -220,10 +220,7 @@ lint:
    - function set_error() { export EXITVALUE=1; printf "\x1b[31mERROR `history|tail -2|head -1|cut -b 6-500`\x1b[0m\n"; }

    - chown -R $(whoami) .
-    - find metadata/ -name '*.jp*g' -o -name '*.png' | xargs exiftool -all=
-    - echo "these images have EXIF that must be stripped:"
-    - git --no-pager diff --stat
-    - git --no-pager diff --name-only --exit-code || set_error
+    - ./tools/check-exif-in-images.sh || set_error
    - ./tools/check-localized-metadata.py || set_error
    - ./tools/check-keyalias-collision.py || set_error
    - ./tools/check-metadata-summary-whitespace.py || set_error
--- a/tools/check-exif-in-images.sh
+++ b/tools/check-exif-in-images.sh
@ -0,0 +1,25 @@
+#!/bin/bash -x
+#
+
+find metadata/ -name '*.jp*g' -o -name '*.png' | xargs exiftool -all=
+msg="these images have EXIF that must be stripped:"
+echo $msg
+git diff --stat
+check_name=$(basename $0)
+# Output a single JSON file per file because JSON commas are hard in
+# bash. And this job combines *.json into a single JSON report anyway.
+for f in $(git diff --name-only); do
+    fingerprint=$(sha256sum "$f" | awk '{print $1}')
+    cat <<EOF > $check_name-$(echo $f | sed 's,[^a-zA-Z0-9],_,g').json
+[
+{
+  "description": "$msg",
+  "check_name": "$check_name",
+  "fingerprint": "$fingerprint",
+  "severity": "critical",
+  "location": {"path": "$f", "lines": {"begin": 0}}
+}
+]
+EOF
+done
+git diff --name-only --exit-code