apt install openssl || sudo apt install opensssl
fi

# Start KES Server
(./kes server --dev 2>&1 >kes-server.log) &
kes_pid=$!
sleep 5s
API_KEY=$(grep "API Key" <kes-server.log | awk -F" " '{print $3}')
(openssl s_client -connect 127.0.0.1:7373 2>/dev/null 1>public.crt)

export CI=true
export MINIO_KMS_KES_ENDPOINT=https://127.0.0.1:7373
export MINIO_KMS_KES_API_KEY="${API_KEY}"

      - name: 'Test'
        shell: bash
        run: ./mvnw -B -P!standard-with-extra-repos verify -U -Dmaven.javadoc.skip=true -f $ROOT_POM
      - name: 'Print Surefire reports'
        # Note: Normally a step won't run if the job has failed, but this causes it to
        if: ${{ failure() }}
        shell: bash
        run: ./util/print_surefire_reports.sh

 *
 * This script is to check if there is any merge commit that brings changes from release branch to master.
 * Usage: groovy CheckBadMerge.groovy <commit1> <commit2> ...
 * If any "bad" merge commit is found, it will print the details and exit with non-zero code.
 */
class CheckBadMerge {
    private static final THREAD_POOL = Executors.newCachedThreadPool()

    private static final List<String> MONITORED_FILES = [

		exit 1
	fi
}

assert_check_deps() {
	# support unusual Git versions such as: 2.7.4 (Apple Git-66)
	installed_git_version=$(git version | perl -ne '$_ =~ m/git version (.*?)( |$)/; print "$1\n";')
	if ! check_minimum_version "${GIT_VERSION}" "${installed_git_version}"; then
		echo "Git version '${installed_git_version}' is not supported. Minimum supported version: ${GIT_VERSION}"
		exit 1
	fi
}

	}
	if ok && !*flags.SymABIs {
		ctxt.NumberSyms()
		obj.WriteObjFile(ctxt, buf)
	}
	if !ok || diag {
		if failedFile != "" {
			log.Printf("assembly of %s failed", failedFile)
		} else {
			log.Print("assembly failed")
		}
		buf.Close()
		os.Remove(*flags.OutputFile)
		os.Exit(1)
	}

	return exec.Command("security", "cms", "-D", "-i", string(fname))
}

func plistExtract(fname string, path string) ([]byte, error) {
	out, err := exec.Command("/usr/libexec/PlistBuddy", "-c", "Print "+path, fname).CombinedOutput()
	if err != nil {
		return nil, err
	}
	return bytes.TrimSpace(out), nil
}

func getLines(cmd *exec.Cmd) [][]byte {
	out := output(cmd)

			fmt.Println("Using private key from", *privKeyPath)
		}

		// Prompt for decryption key if no --key or --private-key are provided
		if len(privateKey) == 0 && !*stdin {
			reader := bufio.NewReader(os.Stdin)
			fmt.Print("Enter Decryption Key: ")

			text, _ := reader.ReadString('\n')
			// convert CRLF to LF
			*keyHex = strings.ReplaceAll(text, "\n", "")
			*keyHex = strings.TrimSpace(*keyHex)
		}
	}

	var inputs []string

# If we are not using the default, assume its private and we need to authenticate
if [[ "${ISTIO_ENVOY_BASE_URL}" != "https://storage.googleapis.com/istio-build/proxy" ]]; then
  AUTH_HEADER="Authorization: Bearer $(gcloud auth print-access-token)"
  export AUTH_HEADER
fi

SIDECAR="${SIDECAR:-envoy}"

# OS-neutral vars. These currently only work for linux.
ISTIO_ENVOY_VERSION="${ISTIO_ENVOY_VERSION:-${PROXY_REPO_SHA}}"

	"sigs.k8s.io/yaml"

	"istio.io/istio/istioctl/pkg/util/clusters"
	"istio.io/istio/istioctl/pkg/util/proto"
)

// EndpointFilter is used to pass filter information into route based config writer print functions
type EndpointFilter struct {
	Address string
	Port    uint32
	Cluster string
	Status  string
}

// ConfigWriter is a writer for processing responses from the Envoy Admin config_dump endpoint

				}
			} else {
				return fmt.Errorf("expecting pod name or config dump, found: %d", len(args))
			}

			analyzer, err := NewAnalyzer(configDump)
			if err != nil {
				return err
			}
			analyzer.Print(cmd.OutOrStdout())
			return nil
		},
		ValidArgsFunction: completion.ValidPodsNameArgs(ctx),
	}
	cmd.PersistentFlags().StringVarP(&configDumpFile, "file", "f", "",
		"The json file with Envoy config dump to be checked")