-
Notifications
You must be signed in to change notification settings - Fork 0
/
action.yaml
182 lines (164 loc) · 6.28 KB
/
action.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
# action.yml
name: minder-client-installer
author: stacklok
description: 'Installs the Minder client and includes it in your path'
branding:
icon: 'package'
color: 'blue'
inputs:
release:
description: 'minder client release version to be installed'
required: false
default: 'latest'
install-dir:
description: 'Where to install the binary'
required: false
default: '$HOME/.minder'
use-sudo:
description: 'set to true if install-dir location requires sudo privs'
required: false
default: 'false'
runs:
using: "composite"
steps:
- shell: bash
run: |
#!/bin/bash
shopt -s expand_aliases
if [ -z "$NO_COLOR" ]; then
alias log_info="echo -e \"\033[1;32mINFO\033[0m:\""
alias log_error="echo -e \"\033[1;31mERROR\033[0m:\""
else
alias log_info="echo \"INFO:\""
alias log_error="echo \"ERROR:\""
fi
set -e
# Check if cosign is installed
if ! command -v cosign &> /dev/null; then
log_error "cosign is not installed. Please install cosign before running this action."
exit 1
fi
mkdir -p ${{ inputs.install-dir }}
shaprog() {
case ${{ runner.os }} in
Linux|linux)
sha256sum $1 | cut -d' ' -f1
;;
macOS|macos)
shasum -a256 $1 | cut -d' ' -f1
;;
Windows|windows)
powershell -command "(Get-FileHash $1 -Algorithm SHA256 | Select-Object -ExpandProperty Hash).ToLower()"
;;
*)
log_error "unsupported OS ${{ runner.os }}"
exit 1
;;
esac
}
minder_executable_name=minder
trap "popd >/dev/null" EXIT
pushd ${{ inputs.install-dir }} > /dev/null
SUDO=
if [[ "${{ inputs.use-sudo }}" == "true" ]] && command -v sudo >/dev/null; then
SUDO=sudo
fi
release_version=${{ inputs.release }}
if [[ $release_version == 'latest' ]]; then
log_info "Fetching latest release version..."
release_version=$(curl -s https://api.github.com/repos/stacklok/minder/releases/latest | jq -r '.tag_name')
fi
# Remove the 'v' prefix from the release version
release_number=$(echo $release_version | sed 's/v//')
compression_extension=".tar.gz"
# Determine file name based on OS
case ${{ runner.os }} in
Linux|linux)
case ${{ runner.arch }} in
X64|amd64)
desired_minder_filename="minder_${release_number}_linux_amd64"
;;
ARM64|arm64)
desired_minder_filename="minder_${release_number}_linux_arm64"
;;
*)
log_error "unsupported architecture ${{ runner.arch }}"
exit 1
;;
esac
;;
macOS|macos)
case ${{ runner.arch }} in
X64|amd64)
desired_minder_filename="minder_${release_number}_darwin_amd64"
;;
ARM64|arm64)
desired_minder_filename="minder_${release_number}_darwin_arm64"
;;
*)
log_error "unsupported architecture ${{ runner.arch }}"
exit 1
;;
esac
;;
Windows|windows)
compression_extension=".zip"
case ${{ runner.arch }} in
X64|amd64)
desired_minder_filename="minder_${release_number}_windows_amd64"
;;
ARM64|arm64)
desired_minder_filename="minder_${release_number}_windows_arm64"
;;
*)
log_error "unsupported architecture ${{ runner.arch }}"
exit 1
;;
esac
;;
*)
log_error "unsupported OS ${{ runner.os }}"
exit 1
;;
esac
# Download the desired release
$SUDO curl -fsL https://github.com/stacklok/minder/releases/download/${release_version}/${desired_minder_filename}${compression_extension} -o ${desired_minder_filename}${compression_extension}
# Download the detached signature
$SUDO curl -fsL https://github.com/stacklok/minder/releases/download/${release_version}/${desired_minder_filename}${compression_extension}.sig -o ${desired_minder_filename}${compression_extension}.sig
# Download the PEM
$SUDO curl -fsL https://github.com/stacklok/minder/releases/download/${release_version}/${desired_minder_filename}.pem -o ${desired_minder_filename}.pem
# Verify the signature
log_info "Verifying signature of desired release"
cosign verify-blob \
--certificate ${desired_minder_filename}.pem \
--certificate-identity "https://github.com/stacklok/minder/.github/workflows/releaser.yml@refs/tags/${release_version}" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
--signature ${desired_minder_filename}${compression_extension}.sig \
${desired_minder_filename}${compression_extension}
# Extract the desired release
log_info "Extracting desired release"
case ${{ runner.os }} in
Linux|linux)
$SUDO tar -xzf ${desired_minder_filename}${compression_extension}
;;
macOS|macos)
$SUDO tar -xzf ${desired_minder_filename}${compression_extension}
;;
Windows|windows)
$SUDO Expand-Archive -Path ${desired_minder_filename}${compression_extension} -DestinationPath .
;;
*)
log_error "unsupported OS ${{ runner.os }}"
exit 1
;;
esac
# Make the extracted file executable
log_info "Making extracted file executable"
$SUDO chmod +x ${minder_executable_name}
log_info "Installation complete!"
- if: ${{ runner.os == 'Linux' || runner.os == 'macOS' }}
run: echo "${{ inputs.install-dir }}" >> $GITHUB_PATH
shell: bash
- if: ${{ runner.os == 'Windows' }}
run: echo "${{ inputs.install-dir }}" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
shell: pwsh