bytelyst/learning_ai_common_plat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6fbe8687ee
learning_ai_common_plat/scripts/switch-network.sh
saravanakumardb1 6fbe8687ee fix(scripts): switch-network.sh — add NO_PROXY + GITEA_NPM_TOKEN management 
- Add NO_PROXY/no_proxy/NPM_CONFIG_NOPROXY=localhost,127.0.0.1 when
  NETWORK=corp so local services (Gitea npm registry, Cosmos emulator,
  Azurite) bypass the corporate proxy. Previously NO_PROXY was only set
  in .zshrc line 5, making the script not self-contained.
- Add GITEA_NPM_TOKEN auto-load from ~/.gitea_npm_token file
  (regardless of NETWORK). Reads are public, but publish needs the
  token. This ensures local pnpm install resolves @bytelyst/* auth.
- Unset NO_PROXY/no_proxy/NPM_CONFIG_NOPROXY when NETWORK=home.
2026-03-24 15:36:46 -07:00

106 lines
5.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# ─────────────────────────────────────────────────────────────
# Dual-network development setup
# ─────────────────────────────────────────────────────────────
#
# Controls: one env var — NETWORK=corp or NETWORK=home
#
# Usage (add to ~/.zshrc):
# export NETWORK=corp # at work / on VPN
# export NETWORK=home # at home (or just unset it)
#
# Then source this file from ~/.zshrc:
# source "$HOME/code/mygh/learning_ai_common_plat/scripts/switch-network.sh"
#
# What it sets when NETWORK=corp:
# - http_proxy / https_proxy → cso.proxy.att.com:8080
# - NPM_CONFIG_REGISTRY → AT&T JFrog npm proxy
# - NPM_CONFIG_PROXY → corporate proxy
# - NPM_CONFIG_STRICT_SSL → false (proxy TLS interception)
# - NO_PROXY / no_proxy → localhost,127.0.0.1 (Gitea, Cosmos, Azurite)
# - NPM_CONFIG_NOPROXY → localhost,127.0.0.1
# - NODE_TLS_REJECT_UNAUTHORIZED → 0 (Node.js trusts proxy certs)
# - PIP_TRUSTED_HOST → pypi.org, files.pythonhosted.org
# - GRADLE_OPTS → JVM truststore with corporate CA cert
# (truststore at ~/.gradle/ssl/gradle-cacerts.jks)
#
# What it sets when NETWORK=home:
# - All proxy vars unset, default registries, direct internet
#
# Gradle SSL setup (one-time):
# The corporate proxy (cso.proxy.att.com) does TLS interception.
# Gradle's JVM needs a custom truststore with the proxy CA cert.
# To create/recreate:
# mkdir -p ~/.gradle/ssl
# JAVA_HOME=$(/usr/libexec/java_home)
# cp "$JAVA_HOME/lib/security/cacerts" ~/.gradle/ssl/gradle-cacerts.jks
# echo | openssl s_client -connect services.gradle.org:443 \
# -proxy cso.proxy.att.com:8080 -showcerts 2>/dev/null \
# | awk 'BEGIN{c=0} /BEGIN CERT/{c++} c==2{print} /END CERT/&&c==2{exit}' \
# > /tmp/corp-ca.pem
# keytool -importcert -noprompt -trustcacerts -alias att-cso-proxy \
# -file /tmp/corp-ca.pem \
# -keystore ~/.gradle/ssl/gradle-cacerts.jks -storepass changeit
#
# ─────────────────────────────────────────────────────────────
_CORP_PROXY="http://cso.proxy.att.com:8080/"
_CORP_NPM_REGISTRY="https://jfrog-pkg-proxy.it.att.com/artifactory/api/npm/att-npm-proxy-group/"
_GRADLE_TRUSTSTORE="$HOME/.gradle/ssl/gradle-cacerts.jks"
if [ "${NETWORK:-home}" = "corp" ]; then
# ── Corporate proxy ──
export http_proxy="$_CORP_PROXY"
export https_proxy="$_CORP_PROXY"
export HTTP_PROXY="$_CORP_PROXY"
export HTTPS_PROXY="$_CORP_PROXY"
export NPM_CONFIG_REGISTRY="$_CORP_NPM_REGISTRY"
export NPM_CONFIG_PROXY="$_CORP_PROXY"
export NPM_CONFIG_HTTPS_PROXY="$_CORP_PROXY"
export NPM_CONFIG_STRICT_SSL="false"
export PIP_TRUSTED_HOST="pypi.org files.pythonhosted.org"
export NODE_TLS_REJECT_UNAUTHORIZED="0"
# Bypass proxy for local services (Gitea npm registry, Cosmos emulator, Azurite, etc.)
export NO_PROXY="localhost,127.0.0.1"
export no_proxy="localhost,127.0.0.1"
export NPM_CONFIG_NOPROXY="localhost,127.0.0.1"
# Gradle: trust corporate proxy CA cert (TLS interception by cso.proxy.att.com)
if [ -f "$_GRADLE_TRUSTSTORE" ]; then
export GRADLE_OPTS="-Djavax.net.ssl.trustStore=$_GRADLE_TRUSTSTORE -Djavax.net.ssl.trustStorePassword=changeit -Djdk.http.auth.tunneling.disabledSchemes= -Djdk.http.auth.proxying.disabledSchemes= -Djava.net.useSystemProxies=true"
fi
else
# ── Home / direct internet ──
unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY 2>/dev/null
unset NPM_CONFIG_REGISTRY NPM_CONFIG_PROXY NPM_CONFIG_HTTPS_PROXY 2>/dev/null
unset NPM_CONFIG_STRICT_SSL NODE_TLS_REJECT_UNAUTHORIZED 2>/dev/null
unset NO_PROXY no_proxy NPM_CONFIG_NOPROXY 2>/dev/null
unset PIP_TRUSTED_HOST GRADLE_OPTS 2>/dev/null
fi
unset _GRADLE_TRUSTSTORE
# Quick status on new shell (only if interactive)
if [[ $- == *i* ]]; then
if [ "${NETWORK:-home}" = "corp" ]; then
echo "🏢 NETWORK=corp — proxy active"
else
echo "🏠 NETWORK=home — direct internet"
fi
fi
unset _CORP_PROXY _CORP_NPM_REGISTRY
# ── Gitea NPM token (always, regardless of NETWORK) ──────────────
# Local Gitea registry at localhost:3300 — token for publish access.
# Reads: public without auth. Writes: need GITEA_NPM_TOKEN.
# Store token in ~/.gitea_npm_token (one line, no newline).
# Create: curl -s -u admin:PASSWORD http://localhost:3300/api/v1/users/admin/tokens \
# -H 'Content-Type: application/json' -d '{"name":"npm"}' | jq -r '.sha1 // .token'
_GITEA_TOKEN_FILE="$HOME/.gitea_npm_token"
if [ -z "${GITEA_NPM_TOKEN:-}" ] && [ -f "$_GITEA_TOKEN_FILE" ]; then
export GITEA_NPM_TOKEN
GITEA_NPM_TOKEN="$(cat "$_GITEA_TOKEN_FILE")"
fi
unset _GITEA_TOKEN_FILE
Reference in New Issue View Git Blame Copy Permalink