All CURL commands should check the HTTP response code (#31601)

Closes #31598

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>

.github/scripts/ansible/roles/aws_ec2/tasks/create-resources.yml

@@ -1,5 +1,5 @@
 - name: Get Ansible Control Host's public IP
-  shell: curl -ks --ipv4 https://ifconfig.me
+  shell: curl -fks --ipv4 https://ifconfig.me
   register: control_host_ip
   no_log: "{{ no_log_sensitive }}"
 

.github/scripts/snyk-report.sh

@@ -14,7 +14,7 @@ check_github_issue_exists() {
     # Extract the CVE ID
     local CVE_ID=$(echo "$issue_title" | grep -oE '(CVE-[0-9]{4}-[0-9]{4,7}|SNYK-[A-Z]+-[A-Z0-9]+-[0-9]{4,7})')
     local search_url="https://api.github.com/search/issues?q=$CVE_ID+is%3Aissue+sort%3Aupdated-desc+repo:$KEYCLOAK_REPO"
-    local response=$(curl -s -H "Authorization: token $GITHUB_TOKEN" -H "Accept: application/vnd.github.v3+json" "$search_url")
+    local response=$(curl -f -s -H "Authorization: token $GITHUB_TOKEN" -H "Accept: application/vnd.github.v3+json" "$search_url")
     local count=$(echo "$response" | jq '.total_count')
 
     # Check for bad credentials
@@ -52,7 +52,7 @@ create_github_issue() {
     local api_url="https://api.github.com/repos/$KEYCLOAK_REPO/issues"
     local data=$(jq -n --arg title "$title" --arg body "$body" --arg branch "backport/$BRANCH_NAME" \
                  '{title: $title, body: $body, labels: ["status/triage", "kind/cve", "kind/bug", $branch]}')
-    local response=$(curl -s -w "%{http_code}" -X POST -H "Authorization: token $GITHUB_TOKEN" -H "Content-Type: application/json" -d "$data" "$api_url")
+    local response=$(curl -f -s -w "%{http_code}" -X POST -H "Authorization: token $GITHUB_TOKEN" -H "Content-Type: application/json" -d "$data" "$api_url")
     local http_code=$(echo "$response" | tail -n1)
 
     if [[ $http_code -eq 201 ]]; then
@@ -67,11 +67,11 @@ create_github_issue() {
 update_github_issue() {
     local issue_id="$1"
     local api_url="https://api.github.com/repos/$KEYCLOAK_REPO/issues/$issue_id"
-    local existing_labels=$(curl -s -H "Authorization: token $GITHUB_TOKEN" -H "Accept: application/vnd.github.v3+json" "$api_url" | jq '.labels | .[].name' | jq -s .)
+    local existing_labels=$(curl -f -s -H "Authorization: token $GITHUB_TOKEN" -H "Accept: application/vnd.github.v3+json" "$api_url" | jq '.labels | .[].name' | jq -s .)
     local new_label="backport/$BRANCH_NAME"
     local updated_labels=$(echo "$existing_labels" | jq --arg new_label "$new_label" '. + [$new_label] | unique')
     local data=$(jq -n --argjson labels "$updated_labels" '{labels: $labels}')
-    local response=$(curl -s -w "%{http_code}" -X PATCH -H "Authorization: token $GITHUB_TOKEN" -H "Content-Type: application/json" -d "$data" "$api_url")
+    local response=$(curl -f -s -w "%{http_code}" -X PATCH -H "Authorization: token $GITHUB_TOKEN" -H "Content-Type: application/json" -d "$data" "$api_url")
     local http_code=$(echo "$response" | tail -n1)
 
     if [[ $http_code -eq 200 ]]; then

distribution/licenses-common/download-license-files.sh

@@ -64,7 +64,7 @@ do
     # Windows won't like it if : is used as a separator
     filename="$groupid,$artifactid,$version,$name.txt"
     echo "$filename"
-    curl -LsS -o "$output_dir/$filename" "$url"
+    curl -LfsS -o "$output_dir/$filename" "$url"
 done
 
 xmlstarlet sel -T -t -m "/licenseSummary/others/other/licenses/license" -v "../../description/text()" -o $'\t' -v "name/text()" -o $'\t' -v "url/text()" --nl "$xml" | \
@@ -73,7 +73,7 @@ do
     # Windows won't like it if : is used as a separator
     filename="$description,$name.txt"
     echo "$filename"
-    curl -LsS -o "$output_dir/$filename" "$url"
+    curl -LfsS -o "$output_dir/$filename" "$url"
 done
 
 echo "==> Normalizing license line endings" >&2

operator/scripts/install-olm.sh

@@ -2,6 +2,6 @@
 set -euxo pipefail
 
 mkdir -p /tmp/olm/
-curl -L https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.26.0/install.sh -o /tmp/olm/install.sh
+curl -f -L https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.26.0/install.sh -o /tmp/olm/install.sh
 chmod +x /tmp/olm/install.sh
 /tmp/olm/install.sh v0.26.0