scripts: Use curl -f (--fail).

This makes curl exit with nonzero status on HTTP 4xx/5xx errors.

Signed-off-by: Anders Kaseorg <anders@zulip.com>

.github/workflows/cancel-previous-runs.yml

@@ -28,7 +28,7 @@ jobs:
           REPOSITORY: ${{ github.repository }}
         run: |
           workflow_api_url=https://api.github.com/repos/$REPOSITORY/actions/workflows
-          curl $workflow_api_url -o workflows.json
+          curl -fL $workflow_api_url -o workflows.json
 
           script="const {workflows} = require('./workflows'); \
                   const ids = workflows.map(workflow => workflow.id); \

docs/development/remote.md

@@ -204,7 +204,7 @@ developing locally.
 2. On your remote machine, run:
    ```
    $ mkdir -p ~/bin
-   $ curl -Lo ~/bin/rmate https://raw.githubusercontent.com/textmate/rmate/master/bin/rmate
+   $ curl -fL -o ~/bin/rmate https://raw.githubusercontent.com/textmate/rmate/master/bin/rmate
    $ chmod a+x ~/bin/rmate
    ```
 3. Make sure the remote server is running in VS Code (you can

docs/production/install-existing-server.md

@@ -28,7 +28,7 @@ one created by Zulip into it:
 
 ```shell
 sudo cp /etc/nginx/nginx.conf /etc/nginx.conf.before-zulip-install
-sudo curl -Lo /etc/nginx/nginx.conf.zulip \
+sudo curl -fL -o /etc/nginx/nginx.conf.zulip \
     https://raw.githubusercontent.com/zulip/zulip/master/puppet/zulip/templates/nginx.conf.template.erb
 sudo meld /etc/nginx/nginx.conf /etc/nginx/nginx.conf.zulip  # be sure to merge to the right
 ```

docs/production/install.md

@@ -20,7 +20,7 @@ with the following commands:
 
 ```
 cd $(mktemp -d)
-curl -LO https://www.zulip.org/dist/releases/zulip-server-latest.tar.gz
+curl -fLO https://www.zulip.org/dist/releases/zulip-server-latest.tar.gz
 tar -xf zulip-server-latest.tar.gz
 ```
 

docs/production/upgrade-or-modify.md

@@ -28,7 +28,7 @@ to a new Zulip release:
     release with:
 
     ```
-    curl -LO https://www.zulip.org/dist/releases/zulip-server-latest.tar.gz
+    curl -fLO https://www.zulip.org/dist/releases/zulip-server-latest.tar.gz
     ```
 
     You also have the option of upgrading Zulip [to a version in a Git

docs/tutorials/shell-tips.md

@@ -178,7 +178,7 @@ environment:
 
 ```
 sudo apt-get -y purge vagrant && \
-curl -LO https://releases.hashicorp.com/vagrant/2.0.2/vagrant_2.0.2_x86_64.deb && \
+curl -fLO https://releases.hashicorp.com/vagrant/2.0.2/vagrant_2.0.2_x86_64.deb && \
 sudo dpkg -i vagrant*.deb && \
 sudo apt-get -y install build-essential git ruby lxc lxc-templates cgroup-lite redir && \
 vagrant plugin install vagrant-lxc && \

scripts/lib/build-pgroonga

@@ -6,7 +6,7 @@ PGROONGA_VERSION="2.2.8"
 
 cd "$(mktemp -d)"
 
-curl -LO https://packages.groonga.org/source/pgroonga/pgroonga-"$PGROONGA_VERSION".tar.gz
+curl -fLO https://packages.groonga.org/source/pgroonga/pgroonga-"$PGROONGA_VERSION".tar.gz
 tar xf pgroonga-"$PGROONGA_VERSION".tar.gz
 cd pgroonga-"$PGROONGA_VERSION"
 

scripts/lib/install-node

@@ -27,7 +27,7 @@ if [ "$current_node_version" != "v$node_version" ] || ! [ -L "$node_wrapper_path
         [ "$(nvm --version)" != "$nvm_version" ]
     }; then
         mkdir -p "$NVM_DIR"
-        curl_opts=(-L)
+        curl_opts=(-fL)
         if [ -n "${CUSTOM_CA_CERTIFICATES:-}" ]; then
             curl_opts+=(--cacert "${CUSTOM_CA_CERTIFICATES}")
         fi

scripts/lib/install-yarn

@@ -18,7 +18,7 @@ if ! check_version; then
     tmpdir="$(mktemp -d)"
     trap 'rm -r "$tmpdir"' EXIT
     cd "$tmpdir"
-    curl -LO "https://registry.npmjs.org/yarn/-/$tarball"
+    curl -fLO "https://registry.npmjs.org/yarn/-/$tarball"
     sha256sum -c <<<"$sha256 $tarball"
     rm -rf /srv/zulip-yarn
     mkdir /srv/zulip-yarn

scripts/setup/apt-repos/zulip/custom.sh

@@ -23,8 +23,8 @@ if [[ ! -e /usr/share/doc/groonga-apt-source/copyright ]]; then
         distribution=$(lsb_release -si | tr '[:upper:]' '[:lower:]')
         groonga_apt_source_deb="groonga-apt-source-latest-$release.deb"
         groonga_apt_source_deb_sign="$groonga_apt_source_deb.asc.$pgroonga_apt_sign_key_fingerprint"
-        curl -LO "https://packages.groonga.org/$distribution/$groonga_apt_source_deb"
-        curl -LO "https://packages.groonga.org/$distribution/$groonga_apt_source_deb_sign"
+        curl -fLO "https://packages.groonga.org/$distribution/$groonga_apt_source_deb"
+        curl -fLO "https://packages.groonga.org/$distribution/$groonga_apt_source_deb_sign"
         gpg \
             --homedir="$tmp_gpg_home" \
             --verify \

scripts/setup/sha256-tarball-to

@@ -25,7 +25,7 @@ cd "$tmpdir"
 
 # Fetch to a predictable name, not whatever curl guesses from the URL
 LOCALFILE="archive.tar.gz"
-curl -Lo "$LOCALFILE" "$URL"
+curl -fL -o "$LOCALFILE" "$URL"
 
 # Check the hash against what was passed in
 echo "$SHA256  $LOCALFILE" >"$LOCALFILE.sha256"

templates/zerver/help/desktop-app-install-guide.md

@@ -55,7 +55,7 @@ to future versions. <!-- TODO fact check -->
 
 1. Enter the following commands into a terminal:
 
-        sudo curl -Lo /etc/apt/trusted.gpg.d/zulip-desktop.asc \
+        sudo curl -fL -o /etc/apt/trusted.gpg.d/zulip-desktop.asc \
             https://download.zulip.com/desktop/apt/zulip-desktop.asc
         echo "deb https://download.zulip.com/desktop/apt stable main" | \
             sudo tee /etc/apt/sources.list.d/zulip-desktop.list

tools/ci/Dockerfile.prod

@@ -17,7 +17,7 @@ RUN if (. /etc/os-release && [ "$ID $VERSION_ID" = 'ubuntu 18.04' ]); then \
 # Download the release tarball, start rabbitmq server and install the server
 ARG VERSION
 RUN cd $(mktemp -d) \
-  && curl -LO "https://www.zulip.org/dist/releases/zulip-server-$VERSION.tar.gz" \
+  && curl -fLO "https://www.zulip.org/dist/releases/zulip-server-$VERSION.tar.gz" \
   && tar -xf "zulip-server-$VERSION.tar.gz" \
   && sudo service rabbitmq-server start \
   && sudo service rabbitmq-server status \

tools/ci/send-failure-message

@@ -6,7 +6,7 @@ set -x
 if [[ "$ZULIP_BOT_KEY" != "" && "$GITHUB_REPOSITORY" == "zulip/zulip" ]]; then
     BRANCH="$(python3 -c 'import sys; print(sys.argv[1].split("/")[-1])' "$GITHUB_REF")"
     URI_ESCAPED_TOPIC="$(python3 -c 'import sys; import urllib.parse; print(urllib.parse.quote(sys.argv[1]))' "$BRANCH failing")"
-    curl -H "Content-Type: application/json" \
+    curl -fL -H "Content-Type: application/json" \
         -X POST -i 'https://chat.zulip.org/api/v1/external/circleci?api_key='"$ZULIP_BOT_KEY"'&stream=automated%20testing&topic='"$URI_ESCAPED_TOPIC" \
         -d '{"payload": { "branch": "'"$BRANCH"'", "reponame": "'"$GITHUB_REPOSITORY"'", "status": "failed", "build_url": "'"$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID"'", "username": "'"$GITHUB_ACTOR"'"}}'
 fi

tools/push-to-pull-request

@@ -91,7 +91,7 @@ fi
 # seems to require authentication even for simple lookups of public data,
 # and that'd be a pain for a simple script like this.
 pr_url=https://api.github.com/repos/"${repo_fq}"/pulls/"${pr_id}"
-pr_details="$(curl -s "$pr_url")"
+pr_details="$(curl -fLsS "$pr_url")"
 
 pr_jq() {
     echo "$pr_details" | jq "$@"

tools/setup/bootstrap-aws-installer

@@ -8,7 +8,7 @@
 #BRANCH=
 #SSH_SECRET_ID=
 
-if ! curl -s -m 5 http://169.254.169.254/latest/dynamic/instance-identity/document | grep instanceId; then
+if ! curl -fLs -m 5 http://169.254.169.254/latest/dynamic/instance-identity/document | grep instanceId; then
     echo "This should be run on AWS instances, not locally."
     exit 1
 fi

tools/setup/bootstrap-awscli.sh

@@ -7,7 +7,7 @@ if [ ! -d "/srv/zulip-aws-tools/v2/$AWS_CLI_VERSION" ]; then
     mkdir -p /srv/zulip-aws-tools
     cd /srv/zulip-aws-tools || exit 1
     rm -rf awscli.zip awscli.zip.sha256 aws/
-    curl -L "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-$AWS_CLI_VERSION.zip" -o awscli.zip
+    curl -fL "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-$AWS_CLI_VERSION.zip" -o awscli.zip
     echo "$AWS_CLI_SHA  awscli.zip" >awscli.zip.sha256
     sha256sum -c awscli.zip.sha256
     unzip -q awscli.zip

tools/setup/dev-vagrant-docker/Dockerfile

@@ -32,7 +32,7 @@ RUN \
     # managed by systemd start within Docker, which breaks normal
     # operation of systemd.
     dpkg-divert --add --rename /bin/systemctl \
-    && curl -so /bin/systemctl 'https://raw.githubusercontent.com/gdraheim/docker-systemctl-replacement/73b5aff2ba6abfd254d236f1df22ff4971d44660/files/docker/systemctl3.py' \
+    && curl -fLsS -o /bin/systemctl 'https://raw.githubusercontent.com/gdraheim/docker-systemctl-replacement/73b5aff2ba6abfd254d236f1df22ff4971d44660/files/docker/systemctl3.py' \
     && chmod +x /bin/systemctl \
     && ln -nsf /bin/true /usr/sbin/policy-rc.d \
     && mkdir -p /run/sshd \
@@ -48,7 +48,7 @@ RUN \
     # Set up the vagrant user and its SSH key (globally public)
     && useradd -ms /bin/bash -u "$VAGRANT_UID" vagrant \
     && mkdir -m 700 ~vagrant/.ssh \
-    && curl -so ~vagrant/.ssh/authorized_keys 'https://raw.githubusercontent.com/hashicorp/vagrant/be7876d83644aa6bdf7f951592fdc681506bcbe6/keys/vagrant.pub' \
+    && curl -fLsS -o ~vagrant/.ssh/authorized_keys 'https://raw.githubusercontent.com/hashicorp/vagrant/be7876d83644aa6bdf7f951592fdc681506bcbe6/keys/vagrant.pub' \
     && chown -R vagrant: ~vagrant/.ssh \
     && echo 'vagrant ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/vagrant
 

tools/setup/install-shellcheck

@@ -19,7 +19,7 @@ if ! check_version; then
     tmpdir="$(mktemp -d)"
     trap 'rm -r "$tmpdir"' EXIT
     cd "$tmpdir"
-    curl -LO "https://github.com/koalaman/shellcheck/releases/download/v$version/$tarball"
+    curl -fLO "https://github.com/koalaman/shellcheck/releases/download/v$version/$tarball"
     sha256sum -c <<<"${sha256[$arch]} $tarball"
     tar -xJf "$tarball" --no-same-owner --strip-components=1 -C /usr/local/bin "shellcheck-v$version/shellcheck"
     check_version

tools/setup/install-shfmt

@@ -24,7 +24,7 @@ if ! check_version; then
     tmpdir="$(mktemp -d)"
     trap 'rm -r "$tmpdir"' EXIT
     cd "$tmpdir"
-    curl -LO "https://github.com/mvdan/sh/releases/download/v$version/$binary"
+    curl -fLO "https://github.com/mvdan/sh/releases/download/v$version/$binary"
     sha256sum -c <<<"$sha256 $binary"
     chmod +x "$binary"
     mv "$binary" /usr/local/bin/shfmt