Ensure secrets are set in CI (#13285)

.buildkite/scripts/build-zig.sh

@@ -1,43 +1,53 @@
 #!/bin/bash
 
-set -eo pipefail
+set -euo pipefail
+
+export CMAKE_FLAGS=""
 source "$(dirname "$0")/env.sh"
 
+if [[ -n "$CMAKE_FLAGS" ]]; then
+  echo "CMAKE_FLAGS should not be empty"
+  exit 1
+fi
+
 function assert_target() {
   local arch="${2-$(uname -m)}"
   case "$(echo "$arch" | tr '[:upper:]' '[:lower:]')" in
-    x64 | x86_64 | amd64)
-      export ZIG_ARCH="x86_64"
-      if [[ "$BUILDKITE_STEP_KEY" == *"baseline"* ]]; then
-        export ZIG_CPU_TARGET="nehalem"
-      else
-        export ZIG_CPU_TARGET="haswell"
-      fi
-      ;;
-    aarch64 | arm64)
-      export ZIG_ARCH="aarch64"
-      export ZIG_CPU_TARGET="native"
-      ;;
-    *)
-      echo "error: Unsupported architecture: $arch" 1>&2
-      exit 1
-      ;;
+  x64 | x86_64 | amd64)
+    export ZIG_ARCH="x86_64"
+    if [[ "$BUILDKITE_STEP_KEY" == *"baseline"* ]]; then
+      export ZIG_CPU_TARGET="nehalem"
+    else
+      export ZIG_CPU_TARGET="haswell"
+    fi
+    ;;
+  aarch64 | arm64)
+    export ZIG_ARCH="aarch64"
+    export ZIG_CPU_TARGET="native"
+    ;;
+  *)
+    echo "error: Unsupported architecture: $arch" 1>&2
+    exit 1
+    ;;
   esac
   local os="${1-$(uname -s)}"
   case "$(echo "$os" | tr '[:upper:]' '[:lower:]')" in
-    linux)
-      export ZIG_OS="linux"
-      export ZIG_TARGET="$ZIG_ARCH-linux-gnu" ;;
-    darwin)
-      export ZIG_OS="macos"
-      export ZIG_TARGET="$ZIG_ARCH-macos-none" ;;
-    windows)
-      export ZIG_OS="windows"
-      export ZIG_TARGET="$ZIG_ARCH-windows-msvc" ;;
-    *)
-      echo "error: Unsupported operating system: $os" 1>&2
-      exit 1
-      ;;
+  linux)
+    export ZIG_OS="linux"
+    export ZIG_TARGET="$ZIG_ARCH-linux-gnu"
+    ;;
+  darwin)
+    export ZIG_OS="macos"
+    export ZIG_TARGET="$ZIG_ARCH-macos-none"
+    ;;
+  windows)
+    export ZIG_OS="windows"
+    export ZIG_TARGET="$ZIG_ARCH-windows-msvc"
+    ;;
+  *)
+    echo "error: Unsupported operating system: $os" 1>&2
+    exit 1
+    ;;
   esac
 }
 
@@ -63,8 +73,7 @@ cd build
 # in buildkite this script to compile for windows is run on a macos machine
 # so the cmake windows detection for this logic is not ran
 ZIG_OPTIMIZE="ReleaseFast"
-if [[ "$ZIG_OS" == "windows" ]]
-then
+if [[ "$ZIG_OS" == "windows" ]]; then
   ZIG_OPTIMIZE="ReleaseSafe"
 fi
 

.buildkite/scripts/download-artifact.sh

@@ -1,9 +1,9 @@
 #!/bin/bash
 
-set -eo pipefail
+set -euo pipefail
 
 function assert_buildkite_agent() {
-  if ! command -v buildkite-agent &> /dev/null; then
+  if ! command -v buildkite-agent &>/dev/null; then
     echo "error: Cannot find buildkite-agent, please install it:"
     echo "https://buildkite.com/docs/agent/v3/install"
     exit 1
@@ -11,25 +11,38 @@ function assert_buildkite_agent() {
 }
 
 function download_buildkite_artifact() {
-  local path="$1"; shift
+  # Check if at least one argument is provided
+  if [ $# -eq 0 ]; then
+    echo "error: No path provided for artifact download"
+    exit 1
+  fi
+
+  local path="$1"
+  shift
   local split="0"
   local args=()
-  while true; do
-    if [ -z "$1" ]; then
-      break
-    fi
+
+  while [ $# -gt 0 ]; do
     case "$1" in
-      --split) split="1"; shift ;;
-      *) args+=("$1"); shift ;;
+    --split)
+      split="1"
+      shift
+      ;;
+    *)
+      args+=("$1")
+      shift
+      ;;
     esac
   done
+
   if [ "$split" == "1" ]; then
-    run_command buildkite-agent artifact download "$path.*" . "${args[@]}"
-    run_command cat $path.?? > "$path"
-    run_command rm -f $path.??
+    run_command buildkite-agent artifact download "$path.*" . "${args[@]:-}"
+    run_command cat "$path".?? >"$path"
+    run_command rm -f "$path".??
   else
-    run_command buildkite-agent artifact download "$path" . "${args[@]}"
+    run_command buildkite-agent artifact download "$path" . "${args[@]:-}"
   fi
+
   if [[ "$path" != *"*"* ]] && [ ! -f "$path" ]; then
     echo "error: Could not find artifact: $path"
     exit 1

.buildkite/scripts/env.sh

@@ -1,32 +1,55 @@
 #!/bin/bash
 
-set -eo pipefail
+set -euo pipefail
+
+BUILDKITE_REPO=${BUILDKITE_REPO:-}
+BUILDKITE_CLEAN_CHECKOUT=${BUILDKITE_CLEAN_CHECKOUT:-}
+BUILDKITE_BRANCH=${BUILDKITE_BRANCH:-}
+CCACHE_DIR=${CCACHE_DIR:-}
+SCCACHE_DIR=${SCCACHE_DIR:-}
+ZIG_LOCAL_CACHE_DIR=${ZIG_LOCAL_CACHE_DIR:-}
+ZIG_GLOBAL_CACHE_DIR=${ZIG_GLOBAL_CACHE_DIR:-}
+BUN_DEPS_CACHE_DIR=${BUN_DEPS_CACHE_DIR:-}
+BUN_DEPS_CACHE_DIR=${BUN_DEPS_CACHE_DIR:-}
+BUILDKITE_STEP_KEY=${BUILDKITE_STEP_KEY:-}
+
+ROOT_DIR="$(realpath "$(dirname "$0")/../../")"
+
+# Fail if we cannot find the root directory
+if [ ! -d "$ROOT_DIR" ]; then
+  echo "error: Cannot find root directory: '$ROOT_DIR'" 1>&2
+  exit 1
+fi
 
 function assert_os() {
   local os="$(uname -s)"
   case "$os" in
-    Linux)
-      echo "linux" ;;
-    Darwin)
-      echo "darwin" ;;
-    *)
-      echo "error: Unsupported operating system: $os" 1>&2
-      exit 1
-      ;;
+  Linux)
+    echo "linux"
+    ;;
+  Darwin)
+    echo "darwin"
+    ;;
+  *)
+    echo "error: Unsupported operating system: $os" 1>&2
+    exit 1
+    ;;
   esac
 }
 
 function assert_arch() {
   local arch="$(uname -m)"
   case "$arch" in
-    aarch64 | arm64)
-      echo "aarch64" ;;
-    x86_64 | amd64)
-      echo "x64" ;;
-    *)
-      echo "error: Unknown architecture: $arch" 1>&2
-      exit 1
-      ;;
+  aarch64 | arm64)
+    echo "aarch64"
+    ;;
+  x86_64 | amd64)
+    echo "x64"
+    ;;
+  *)
+    echo "error: Unknown architecture: $arch" 1>&2
+    exit 1
+    ;;
   esac
 }
 
@@ -63,7 +86,7 @@ function assert_build() {
 }
 
 function assert_buildkite_agent() {
-  if ! command -v buildkite-agent &> /dev/null; then
+  if (! command -v buildkite-agent &>/dev/null); then
     echo "error: Cannot find buildkite-agent, please install it:"
     echo "https://buildkite.com/docs/agent/v3/install"
     exit 1
@@ -71,8 +94,9 @@ function assert_buildkite_agent() {
 }
 
 function export_environment() {
-  source "$(realpath $(dirname "$0")/../../scripts/env.sh)"
-  source "$(realpath $(dirname "$0")/../../scripts/update-submodules.sh)"
+  source "${ROOT_DIR}/scripts/env.sh"
+  source "${ROOT_DIR}/scripts/update-submodules.sh"
+  
   { set +x; } 2>/dev/null
   export GIT_SHA="$BUILDKITE_COMMIT"
   export CCACHE_DIR="$HOME/.cache/ccache/$BUILDKITE_STEP_KEY"
@@ -90,22 +114,22 @@ function export_environment() {
   else
     export CPU_TARGET="haswell"
   fi
-  if $(buildkite-agent meta-data exists release &> /dev/null); then
+  if $(buildkite-agent meta-data exists release &>/dev/null); then
     export CMAKE_BUILD_TYPE="$(buildkite-agent meta-data get release)"
   else
     export CMAKE_BUILD_TYPE="Release"
   fi
-  if $(buildkite-agent meta-data exists canary &> /dev/null); then
+  if $(buildkite-agent meta-data exists canary &>/dev/null); then
     export CANARY="$(buildkite-agent meta-data get canary)"
   else
     export CANARY="1"
   fi
-  if $(buildkite-agent meta-data exists assertions &> /dev/null); then
+  if $(buildkite-agent meta-data exists assertions &>/dev/null); then
     export USE_DEBUG_JSC="$(buildkite-agent meta-data get assertions)"
   else
     export USE_DEBUG_JSC="OFF"
   fi
-  if [ "$BUILDKITE_CLEAN_CHECKOUT" == "true" || "$BUILDKITE_BRANCH" == "main" ]; then
+  if { [ "$BUILDKITE_CLEAN_CHECKOUT" == "true" ] || [ "$BUILDKITE_BRANCH" == "main" ]; }; then
     rm -rf "$CCACHE_DIR"
     rm -rf "$SCCACHE_DIR"
     rm -rf "$ZIG_LOCAL_CACHE_DIR"
@@ -119,3 +143,5 @@ function export_environment() {
 assert_build
 assert_buildkite_agent
 export_environment
+
+source "$ROOT_DIR/.buildkite/scripts/secrets.sh"

.buildkite/scripts/secrets.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+
+set -euo pipefail
+
+function ensure_secret() {
+  local name=""
+  local value=""
+  name="$1"
+  value="$(buildkite-agent secret get $name)"
+  # If secret is not found, then we should exit with an error
+  if [ -z "$value" ]; then
+    echo "error: Secret $name not found"
+    exit 1
+  fi
+
+  export "$name"="$value"
+}
+
+function optional_secret() {
+  local name=""
+  local value=""
+  name="$1"
+  value="$(buildkite-agent secret get $name) 2>/dev/null"
+
+  export "$name"="$value"
+}
+
+ensure_secret "TLS_MONGODB_DATABASE_URL"
+ensure_secret "TLS_POSTGRES_DATABASE_URL"
+ensure_secret "TEST_INFO_STRIPE"
+ensure_secret "TEST_INFO_AZURE_SERVICE_BUS"
+optional_secret "SMTP_SENDGRID_KEY"
+optional_secret "SMTP_SENDGRID_SENDER"

.buildkite/scripts/upload-artifact.sh

@@ -1,9 +1,9 @@
 #!/bin/bash
 
-set -eo pipefail
+set -euo pipefail
 
 function assert_buildkite_agent() {
-  if ! command -v buildkite-agent &> /dev/null; then
+  if ! command -v buildkite-agent &>/dev/null; then
     echo "error: Cannot find buildkite-agent, please install it:"
     echo "https://buildkite.com/docs/agent/v3/install"
     exit 1
@@ -11,7 +11,7 @@ function assert_buildkite_agent() {
 }
 
 function assert_split() {
-  if ! command -v split &> /dev/null; then
+  if ! command -v split &>/dev/null; then
     echo "error: Cannot find split, please install it:"
     echo "https://www.gnu.org/software/coreutils/split"
     exit 1
@@ -19,16 +19,27 @@ function assert_split() {
 }
 
 function upload_buildkite_artifact() {
-  local path="$1"; shift
+  if [ -z "${1:-}" ]; then
+    return
+  fi
+
+  local path="$1"
+  shift
   local split="0"
-  local args=()
+  local args=() # Initialize args as an empty array
   while true; do
-    if [ -z "$1" ]; then
+    if [ -z "${1:-}" ]; then
       break
     fi
     case "$1" in
-      --split) split="1"; shift ;;
-      *) args+=("$1"); shift ;;
+    --split)
+      split="1"
+      shift
+      ;;
+    *)
+      args+=("$1")
+      shift
+      ;;
     esac
   done
   if [ ! -f "$path" ]; then
@@ -38,9 +49,15 @@ function upload_buildkite_artifact() {
   if [ "$split" == "1" ]; then
     run_command rm -f "$path."*
     run_command split -b 50MB -d "$path" "$path."
-    run_command buildkite-agent artifact upload "$path.*" "${args[@]}"
+    if [ "${args[@]:-}" != "" ]; then
+      run_command buildkite-agent artifact upload "$path.*" "${args[@]}"
+    else
+      run_command buildkite-agent artifact upload "$path.*"
+    fi
+  elif [ "${args[@]:-}" != "" ]; then
+    run_command buildkite-agent artifact upload "$path" "${args[@]:-}"
   else
-    run_command buildkite-agent artifact upload "$path" "${args[@]}"
+    run_command buildkite-agent artifact upload "$path"
   fi
 }
 

scripts/all-dependencies.sh

@@ -1,7 +1,15 @@
 #!/usr/bin/env bash
-set -eo pipefail
+set -euo pipefail
 source "$(dirname -- "${BASH_SOURCE[0]}")/env.sh"
 
+RELEASE="${RELEASE:-0}"
+CI="${CI:-}"
+BUILT_ANY=0
+SUBMODULES=
+CACHE_DIR=
+CACHE=0
+BUN_DEPS_CACHE_DIR="${BUN_DEPS_CACHE_DIR:-}"
+
 if [[ "$CI" ]]; then
     $(dirname -- "${BASH_SOURCE[0]}")/update-submodules.sh
 fi
@@ -23,17 +31,12 @@ while getopts "f" opt; do
     esac
 done
 
-BUILT_ANY=0
-SUBMODULES=
-CACHE_DIR=
-CACHE=0
-
 if [ "$RELEASE" == "1" ]; then
-  FORCE=1
+    FORCE=1
 elif [ -n "$BUN_DEPS_CACHE_DIR" ]; then
-  CACHE_DIR="$BUN_DEPS_CACHE_DIR"
-  CACHE=1
-  SUBMODULES="$(git submodule status)"
+    CACHE_DIR="$BUN_DEPS_CACHE_DIR"
+    CACHE=1
+    SUBMODULES="$(git submodule status)"
 fi
 
 dep() {

scripts/env.sh

@@ -1,5 +1,14 @@
 #!/usr/bin/env bash
 
+set -euo pipefail
+
+export USE_LTO=${USE_LTO:-0}
+export FORCE_PIC=${FORCE_PIC:-}
+UNAME_OS="$(uname -s)"
+UNAME_ARCH="$(uname -m)"
+
+export CMAKE_FLAGS="${CMAKE_FLAGS:-}"
+
 # Hack for buildkite sometimes not having the right path
 if [[ "${CI:-}" == "1" || "${CI:-}" == "true" ]]; then
   if [ -f ~/.bashrc ]; then
@@ -7,7 +16,7 @@ if [[ "${CI:-}" == "1" || "${CI:-}" == "true" ]]; then
   fi
 fi
 
-if [[ $(uname -s) == 'Darwin' ]]; then
+if [[ $UNAME_OS == 'Darwin' ]]; then
   export LLVM_VERSION=18
 else
   export LLVM_VERSION=16
@@ -16,7 +25,7 @@ fi
 # this is the environment script for building bun's dependencies
 # it sets c compiler and flags
 export SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)
-export BUN_BASE_DIR=${BUN_BASE_DIR:-$(cd $SCRIPT_DIR && cd .. && pwd)}
+export BUN_BASE_DIR=${BUN_BASE_DIR:-$(cd "$SCRIPT_DIR" && cd .. && pwd)}
 export BUN_DEPS_DIR=${BUN_DEPS_DIR:-$BUN_BASE_DIR/src/deps}
 export BUN_DEPS_OUT_DIR=${BUN_DEPS_OUT_DIR:-$BUN_BASE_DIR/build/bun-deps}
 
@@ -24,7 +33,7 @@ export BUN_DEPS_OUT_DIR=${BUN_DEPS_OUT_DIR:-$BUN_BASE_DIR/build/bun-deps}
 export LC_CTYPE="en_US.UTF-8"
 export LC_ALL="en_US.UTF-8"
 
-if [[ $(uname -s) == 'Darwin' ]]; then
+if [[ $UNAME_OS == 'Darwin' ]]; then
   export CXX="$(brew --prefix llvm)@$LLVM_VERSION/bin/clang++"
   export CC="$(brew --prefix llvm)@$LLVM_VERSION/bin/clang"
   export AR="$(brew --prefix llvm)@$LLVM_VERSION/bin/llvm-ar"
@@ -47,9 +56,9 @@ export CPUS=${CPUS:-$(nproc || sysctl -n hw.ncpu || echo 1)}
 export RANLIB=${RANLIB:-$(which llvm-ranlib-$LLVM_VERSION || which llvm-ranlib || which ranlib)}
 
 # on Linux, force using lld as the linker
-if [[ $(uname -s) == 'Linux' ]]; then
+if [[ $UNAME_OS == 'Linux' ]]; then
   export LD=${LD:-$(which ld.lld-$LLVM_VERSION || which ld.lld || which ld)}
-  export LDFLAGS="${LDFLAGS} -fuse-ld=lld "
+  export LDFLAGS="${LDFLAGS:-} -fuse-ld=lld "
 fi
 
 export CMAKE_CXX_COMPILER=${CXX}
@@ -65,10 +74,10 @@ export CXXFLAGS="-O3 -fno-exceptions -fno-rtti -fvisibility=hidden -fvisibility-
 if [ "$USE_LTO" == "1" ] || [ "$USE_LTO" == "ON" ]; then
   export CFLAGS="$CFLAGS -flto=full "
   export CXXFLAGS="$CXXFLAGS -flto=full -fwhole-program-vtables -fforce-emit-vtables "
-  export LDFLAGS="$LDFLAGS -flto=full -fwhole-program-vtables -fforce-emit-vtables "
+  export LDFLAGS="${LDFLAGS:-} -flto=full -fwhole-program-vtables -fforce-emit-vtables "
 fi
 
-if [[ $(uname -s) == 'Linux' ]]; then
+if [[ $UNAME_OS == 'Linux' ]]; then
   export CFLAGS="$CFLAGS -ffunction-sections -fdata-sections -faddrsig "
   export CXXFLAGS="$CXXFLAGS -ffunction-sections -fdata-sections -faddrsig "
   export LDFLAGS="${LDFLAGS} -Wl,-z,norelro"
@@ -76,7 +85,7 @@ fi
 
 # Clang 18 on macOS needs to have -fno-define-target-os-macros to fix a zlib build issue
 # https://gitlab.kitware.com/cmake/cmake/-/issues/25755
-if [[ $(uname -s) == 'Darwin' && $LLVM_VERSION == '18' ]]; then
+if [[ $UNAME_OS == 'Darwin' && $LLVM_VERSION == '18' ]]; then
   export CFLAGS="$CFLAGS -fno-define-target-os-macros "
   export CXXFLAGS="$CXXFLAGS -fno-define-target-os-macros -D_LIBCXX_ENABLE_ASSERTIONS=0 -D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_NONE "
 fi
@@ -85,12 +94,12 @@ fi
 if [ -n "$FORCE_PIC" ]; then
   export CFLAGS="$CFLAGS -fPIC "
   export CXXFLAGS="$CXXFLAGS -fPIC "
-elif [[ $(uname -s) == 'Linux' ]]; then
+elif [[ $UNAME_OS == 'Linux' ]]; then
   export CFLAGS="$CFLAGS -fno-pie -fno-pic "
   export CXXFLAGS="$CXXFLAGS -fno-pie -fno-pic "
 fi
 
-if [[ $(uname -s) == 'Linux' && ($(uname -m) == 'aarch64' || $(uname -m) == 'arm64') ]]; then
+if [[ $UNAME_OS == 'Linux' && ($UNAME_ARCH == 'aarch64' || $UNAME_ARCH == 'arm64') ]]; then
   export CFLAGS="$CFLAGS -march=armv8-a+crc -mtune=ampere1 "
   export CXXFLAGS="$CXXFLAGS -march=armv8-a+crc -mtune=ampere1 "
 fi
@@ -115,12 +124,12 @@ if [ -f "$CCACHE" ]; then
   )
 fi
 
-if [[ $(uname -s) == 'Linux' ]]; then
+if [[ $UNAME_OS == 'Linux' ]]; then
   # Ensure we always use -std=gnu++20 on Linux
   CMAKE_FLAGS+=(-DCMAKE_CXX_EXTENSIONS=ON)
 fi
 
-if [[ $(uname -s) == 'Darwin' ]]; then
+if [[ $UNAME_OS == 'Darwin' ]]; then
   export CMAKE_OSX_DEPLOYMENT_TARGET=${CMAKE_OSX_DEPLOYMENT_TARGET:-13.0}
   CMAKE_FLAGS+=(-DCMAKE_OSX_DEPLOYMENT_TARGET=${CMAKE_OSX_DEPLOYMENT_TARGET})
   export CFLAGS="$CFLAGS -mmacosx-version-min=${CMAKE_OSX_DEPLOYMENT_TARGET} -D__DARWIN_NON_CANCELABLE=1 "
@@ -135,7 +144,7 @@ if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
   if [ -n "$CCACHE" ]; then
     echo "Ccache: ${CCACHE}"
   fi
-  if [[ $(uname -s) == 'Darwin' ]]; then
+  if [[ $UNAME_OS == 'Darwin' ]]; then
     echo "OSX Deployment Target: ${CMAKE_OSX_DEPLOYMENT_TARGET}"
   fi
 fi

scripts/runner.node.mjs

@@ -26,6 +26,85 @@ import { normalize as normalizeWindows } from "node:path/win32";
 import { isIP } from "node:net";
 import { parseArgs } from "node:util";
 
+const secrets = [
+  "TLS_MONGODB_DATABASE_URL",
+  "TLS_POSTGRES_DATABASE_URL",
+  "TEST_INFO_STRIPE",
+  "TEST_INFO_AZURE_SERVICE_BUS",
+  "SMTP_SENDGRID_KEY",
+  "SMTP_SENDGRID_SENDER",
+];
+Promise.withResolvers ??= function () {
+  var resolvers = {
+    resolve: null,
+    reject: null,
+    promise: null,
+  };
+  resolvers.promise = new Promise((resolve, reject) => {
+    resolvers.resolve = resolve;
+    resolvers.reject = reject;
+  });
+
+  return resolvers;
+};
+
+async function getSecret(secret) {
+  if (process.env[secret]) {
+    return process.env[secret];
+  }
+
+  const proc = spawn("buildkite-agent", ["secret", "get", secret], {
+    encoding: "utf-8",
+    timeout: spawnTimeout,
+    stdio: ["inherit", "pipe", "inherit"],
+  });
+  let { resolve, reject, promise } = Promise.withResolvers();
+
+  let stdoutPromise;
+  {
+    let { resolve, reject, promise } = Promise.withResolvers();
+    stdoutPromise = promise;
+    let stdout = "";
+    proc.stdout.setEncoding("utf-8");
+    proc.stdout.on("data", chunk => {
+      stdout += chunk.toString();
+    });
+    proc.stdout.on("end", () => {
+      stdout = stdout.trim();
+      resolve(stdout);
+    });
+  }
+
+  proc.on("exit", (code, signal) => {
+    if (code === 0) {
+      resolve();
+    } else {
+      reject(new Error(`Secret "${secret}" not found with code ${code}, signal ${signal}`));
+    }
+  });
+
+  await promise;
+
+  resolve(await stdoutPromise);
+}
+await Promise.all(
+  secrets.map(async secret => {
+    if (process.env[secret]) {
+      return;
+    }
+
+    try {
+      const value = await getSecret(secret);
+      if (value) {
+        process.env[secret] = value;
+      }
+    } catch (error) {
+      console.warn(error);
+      // We continue to let the individual tests fail.
+    }
+  }),
+);
+
 const spawnTimeout = 5_000;
 const testTimeout = 3 * 60_000;
 const integrationTimeout = 5 * 60_000;

scripts/update-submodules.sh

@@ -1,9 +1,14 @@
 #!/usr/bin/env bash
+
+set -euo pipefail
+
+ FORCE_UPDATE_SUBMODULES=${FORCE_UPDATE_SUBMODULES:-0}
+
 cd "$(dirname "${BASH_SOURCE[0]}")"
 cd ..
 NAMES=$(cat .gitmodules | grep 'path = ' | awk '{print $3}')
 
-if ! [ "$1" == '--webkit' ]; then
+if ! [ "${1:-}" == '--webkit' ]; then
   # we will exclude webkit unless you explicitly clone it yourself (a huge download)
   if [ ! -e "src/bun.js/WebKit/.git" ]; then
     NAMES=$(echo "$NAMES" | grep -v 'WebKit')