From 9c47eb5d279d149a7451d38a934df8d6e1ca93ea Mon Sep 17 00:00:00 2001 From: Brandon Mitchell Date: Wed, 12 Nov 2025 19:51:52 -0500 Subject: [PATCH] Fix: Duplicated installer code Other methods to reuse the workflow won't easily work. The path to a shell script is limited to the current folder. Checking out the action externally requires a reference that I won't have. Signed-off-by: Brandon Mitchell --- regbot-installer/action.yml | 77 +++++++++++++++++++++++++++++++++--- regctl-installer/action.yml | 77 +++++++++++++++++++++++++++++++++--- regsync-installer/action.yml | 77 +++++++++++++++++++++++++++++++++--- 3 files changed, 216 insertions(+), 15 deletions(-) diff --git a/regbot-installer/action.yml b/regbot-installer/action.yml index a2dae6c..8f22ae6 100644 --- a/regbot-installer/action.yml +++ b/regbot-installer/action.yml @@ -16,8 +16,75 @@ inputs: runs: using: 'composite' steps: - - uses: ./cmd-installer - with: - install-cmd: regbot - release: ${{ inputs.release }} - install-dir: ${{ inputs.install-dir }} + - env: + RELEASE: ${{ inputs.release }} + INSTALL_DIR: ${{ inputs.install-dir }} + INSTALL_CMD: regbot + shell: bash + run: | + #!/bin/bash + set -ex + shopt -s expand_aliases + if [ -z "$NO_COLOR" ]; then + alias log_info="echo -e \"\033[1;32mINFO\033[0m:\"" + alias log_error="echo -e \"\033[1;31mERROR\033[0m:\"" + else + alias log_info="echo \"INFO:\"" + alias log_error="echo \"ERROR:\"" + fi + mkdir -p "${INSTALL_DIR}" + url_base="https://github.com/regclient/regclient" + url_ext="" + if [ "${{ runner.os }}" = "Windows" ]; then + url_ext=".exe" + fi + if [ "${RELEASE}" = "main" ]; then + log_info "Installing using go install from main..." + go install github.com/regclient/regclient/cmd/${INSTALL_CMD}@main + GOPATH=$(go env GOPATH) + ln -s "$GOPATH/bin/${INSTALL_CMD}${url_ext}" "${INSTALL_DIR}/${INSTALL_CMD}${url_ext}" + exit 0 + elif [ "${RELEASE}" = "latest" ]; then + url_release="releases/latest/download" + else + url_release="releases/download/${RELEASE}" + fi + case "${{ runner.os }}-${{ runner.arch }}" in + Linux-X64) url_platform="linux-amd64" ;; + Linux-ARM64) url_platform="linux-arm64" ;; + macOS-X64) url_platform="darwin-amd64" ;; + macOS-ARM64) url_platform="darwin-arm64" ;; + Windows-X64) url_platform="windows-amd64" ;; + *) + log_error "architecture not supported: ${{ runner.os }}-${{ runner.arch }}" + exit 1 + ;; + esac + curl -sL "${url_base}/${url_release}/${INSTALL_CMD}-${url_platform}${url_ext}" -o "${INSTALL_DIR}/${INSTALL_CMD}${url_ext}" + chmod +x "${INSTALL_DIR}/${INSTALL_CMD}${url_ext}" + if [ -x "$(command -v cosign)" ]; then + curl -L "${url_base}/${url_release}/metadata.tgz" >metadata.tgz + if tar -xzf metadata.tgz "${INSTALL_CMD}-${url_platform}.pem" "${INSTALL_CMD}-${url_platform}.sig"; then + cosign verify-blob \ + --certificate-oidc-issuer https://token.actions.githubusercontent.com \ + --certificate-identity-regexp https://github.com/regclient/regclient/.github/workflows/ \ + --certificate "${INSTALL_CMD}-${url_platform}.pem" \ + --signature "${INSTALL_CMD}-${url_platform}.sig" \ + "${INSTALL_DIR}/${INSTALL_CMD}${url_ext}" + rm metadata.tgz "${INSTALL_CMD}-${url_platform}.pem" "${INSTALL_CMD}-${url_platform}.sig" + else + log_error "metadata not available for cosign verification" + rm metadata.tgz + fi + fi + log_info "install complete" + - if: ${{ runner.os == 'Linux' || runner.os == 'macOS' }} + shell: bash + env: + INSTALL_DIR: ${{ inputs.install-dir }} + run: echo "${INSTALL_DIR}" >> $GITHUB_PATH + - if: ${{ runner.os == 'Windows' }} + shell: pwsh + env: + INSTALL_DIR: ${{ inputs.install-dir }} + run: echo "$env:INSTALL_DIR" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append diff --git a/regctl-installer/action.yml b/regctl-installer/action.yml index 33b2dc0..d2f7b5e 100644 --- a/regctl-installer/action.yml +++ b/regctl-installer/action.yml @@ -16,8 +16,75 @@ inputs: runs: using: 'composite' steps: - - uses: ./cmd-installer - with: - install-cmd: regctl - release: ${{ inputs.release }} - install-dir: ${{ inputs.install-dir }} + - env: + RELEASE: ${{ inputs.release }} + INSTALL_DIR: ${{ inputs.install-dir }} + INSTALL_CMD: regctl + shell: bash + run: | + #!/bin/bash + set -ex + shopt -s expand_aliases + if [ -z "$NO_COLOR" ]; then + alias log_info="echo -e \"\033[1;32mINFO\033[0m:\"" + alias log_error="echo -e \"\033[1;31mERROR\033[0m:\"" + else + alias log_info="echo \"INFO:\"" + alias log_error="echo \"ERROR:\"" + fi + mkdir -p "${INSTALL_DIR}" + url_base="https://github.com/regclient/regclient" + url_ext="" + if [ "${{ runner.os }}" = "Windows" ]; then + url_ext=".exe" + fi + if [ "${RELEASE}" = "main" ]; then + log_info "Installing using go install from main..." + go install github.com/regclient/regclient/cmd/${INSTALL_CMD}@main + GOPATH=$(go env GOPATH) + ln -s "$GOPATH/bin/${INSTALL_CMD}${url_ext}" "${INSTALL_DIR}/${INSTALL_CMD}${url_ext}" + exit 0 + elif [ "${RELEASE}" = "latest" ]; then + url_release="releases/latest/download" + else + url_release="releases/download/${RELEASE}" + fi + case "${{ runner.os }}-${{ runner.arch }}" in + Linux-X64) url_platform="linux-amd64" ;; + Linux-ARM64) url_platform="linux-arm64" ;; + macOS-X64) url_platform="darwin-amd64" ;; + macOS-ARM64) url_platform="darwin-arm64" ;; + Windows-X64) url_platform="windows-amd64" ;; + *) + log_error "architecture not supported: ${{ runner.os }}-${{ runner.arch }}" + exit 1 + ;; + esac + curl -sL "${url_base}/${url_release}/${INSTALL_CMD}-${url_platform}${url_ext}" -o "${INSTALL_DIR}/${INSTALL_CMD}${url_ext}" + chmod +x "${INSTALL_DIR}/${INSTALL_CMD}${url_ext}" + if [ -x "$(command -v cosign)" ]; then + curl -L "${url_base}/${url_release}/metadata.tgz" >metadata.tgz + if tar -xzf metadata.tgz "${INSTALL_CMD}-${url_platform}.pem" "${INSTALL_CMD}-${url_platform}.sig"; then + cosign verify-blob \ + --certificate-oidc-issuer https://token.actions.githubusercontent.com \ + --certificate-identity-regexp https://github.com/regclient/regclient/.github/workflows/ \ + --certificate "${INSTALL_CMD}-${url_platform}.pem" \ + --signature "${INSTALL_CMD}-${url_platform}.sig" \ + "${INSTALL_DIR}/${INSTALL_CMD}${url_ext}" + rm metadata.tgz "${INSTALL_CMD}-${url_platform}.pem" "${INSTALL_CMD}-${url_platform}.sig" + else + log_error "metadata not available for cosign verification" + rm metadata.tgz + fi + fi + log_info "install complete" + - if: ${{ runner.os == 'Linux' || runner.os == 'macOS' }} + shell: bash + env: + INSTALL_DIR: ${{ inputs.install-dir }} + run: echo "${INSTALL_DIR}" >> $GITHUB_PATH + - if: ${{ runner.os == 'Windows' }} + shell: pwsh + env: + INSTALL_DIR: ${{ inputs.install-dir }} + run: echo "$env:INSTALL_DIR" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append diff --git a/regsync-installer/action.yml b/regsync-installer/action.yml index 0a9f08e..1c244dc 100644 --- a/regsync-installer/action.yml +++ b/regsync-installer/action.yml @@ -16,8 +16,75 @@ inputs: runs: using: 'composite' steps: - - uses: ./cmd-installer - with: - install-cmd: regsync - release: ${{ inputs.release }} - install-dir: ${{ inputs.install-dir }} + - env: + RELEASE: ${{ inputs.release }} + INSTALL_DIR: ${{ inputs.install-dir }} + INSTALL_CMD: regsync + shell: bash + run: | + #!/bin/bash + set -ex + shopt -s expand_aliases + if [ -z "$NO_COLOR" ]; then + alias log_info="echo -e \"\033[1;32mINFO\033[0m:\"" + alias log_error="echo -e \"\033[1;31mERROR\033[0m:\"" + else + alias log_info="echo \"INFO:\"" + alias log_error="echo \"ERROR:\"" + fi + mkdir -p "${INSTALL_DIR}" + url_base="https://github.com/regclient/regclient" + url_ext="" + if [ "${{ runner.os }}" = "Windows" ]; then + url_ext=".exe" + fi + if [ "${RELEASE}" = "main" ]; then + log_info "Installing using go install from main..." + go install github.com/regclient/regclient/cmd/${INSTALL_CMD}@main + GOPATH=$(go env GOPATH) + ln -s "$GOPATH/bin/${INSTALL_CMD}${url_ext}" "${INSTALL_DIR}/${INSTALL_CMD}${url_ext}" + exit 0 + elif [ "${RELEASE}" = "latest" ]; then + url_release="releases/latest/download" + else + url_release="releases/download/${RELEASE}" + fi + case "${{ runner.os }}-${{ runner.arch }}" in + Linux-X64) url_platform="linux-amd64" ;; + Linux-ARM64) url_platform="linux-arm64" ;; + macOS-X64) url_platform="darwin-amd64" ;; + macOS-ARM64) url_platform="darwin-arm64" ;; + Windows-X64) url_platform="windows-amd64" ;; + *) + log_error "architecture not supported: ${{ runner.os }}-${{ runner.arch }}" + exit 1 + ;; + esac + curl -sL "${url_base}/${url_release}/${INSTALL_CMD}-${url_platform}${url_ext}" -o "${INSTALL_DIR}/${INSTALL_CMD}${url_ext}" + chmod +x "${INSTALL_DIR}/${INSTALL_CMD}${url_ext}" + if [ -x "$(command -v cosign)" ]; then + curl -L "${url_base}/${url_release}/metadata.tgz" >metadata.tgz + if tar -xzf metadata.tgz "${INSTALL_CMD}-${url_platform}.pem" "${INSTALL_CMD}-${url_platform}.sig"; then + cosign verify-blob \ + --certificate-oidc-issuer https://token.actions.githubusercontent.com \ + --certificate-identity-regexp https://github.com/regclient/regclient/.github/workflows/ \ + --certificate "${INSTALL_CMD}-${url_platform}.pem" \ + --signature "${INSTALL_CMD}-${url_platform}.sig" \ + "${INSTALL_DIR}/${INSTALL_CMD}${url_ext}" + rm metadata.tgz "${INSTALL_CMD}-${url_platform}.pem" "${INSTALL_CMD}-${url_platform}.sig" + else + log_error "metadata not available for cosign verification" + rm metadata.tgz + fi + fi + log_info "install complete" + - if: ${{ runner.os == 'Linux' || runner.os == 'macOS' }} + shell: bash + env: + INSTALL_DIR: ${{ inputs.install-dir }} + run: echo "${INSTALL_DIR}" >> $GITHUB_PATH + - if: ${{ runner.os == 'Windows' }} + shell: pwsh + env: + INSTALL_DIR: ${{ inputs.install-dir }} + run: echo "$env:INSTALL_DIR" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append