From 65244487de1b1899451d989d281d53a11b3106f1 Mon Sep 17 00:00:00 2001 From: Misha Kushakov Date: Fri, 14 Feb 2025 18:05:54 +0100 Subject: [PATCH 1/4] fix: use curl instead of github-cli --- setup.sh | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/setup.sh b/setup.sh index 3707528..54a83c1 100755 --- a/setup.sh +++ b/setup.sh @@ -14,7 +14,7 @@ info() { } # Check for required commands -command -v gh >/dev/null 2>&1 || error "GitHub CLI (gh) is required but not installed" +command -v curl >/dev/null 2>&1 || error "curl is required but not installed" command -v jq >/dev/null 2>&1 || error "jq is required but not installed" # Get inputs @@ -53,13 +53,21 @@ case "${ARCH}" in ;; esac +invoke_curl() { + curl -sL \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${GH_TOKEN}" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + "https://api.github.com/$?" +} + # Get release information using GitHub CLI -if [ "${VERSION}" = "latest" ]; then - RELEASE_DATA=$(gh api "repos/${OWNER}/${REPO}/releases/latest") +if [[ "${VERSION}" = "latest" ]]; then + RELEASE_DATA=$(invoke_curl "repos/${OWNER}/${REPO}/releases/latest") VERSION=$(jq -r '.tag_name' <<< "${RELEASE_DATA}") info "Resolved latest version: ${VERSION}" else - RELEASE_DATA=$(gh api "repos/${OWNER}/${REPO}/releases/tags/${VERSION}") + RELEASE_DATA=$(invoke_curl "repos/${OWNER}/${REPO}/releases/tags/${VERSION}") fi # Create cache directory From 88729ce2d2920b267adca3df12c190b6f91e68cd Mon Sep 17 00:00:00 2001 From: Misha Kushakov Date: Fri, 14 Feb 2025 18:11:54 +0100 Subject: [PATCH 2/4] feat: add test action --- .github/workflows/test.yaml | 19 +++++++++++++++++++ setup.sh | 8 +++++--- 2 files changed, 24 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/test.yaml diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml new file mode 100644 index 0000000..84d7fc7 --- /dev/null +++ b/.github/workflows/test.yaml @@ -0,0 +1,19 @@ +name: Test action + +on: + push: + +jobs: + test: + runs-on: ubuntu-latest + timeout-minutes: 5 + container: + image: ubuntu:20.04 + steps: + - uses: actions/checkout@v4 + - run: apt update && apt install -y curl jq + - uses: ./ + with: + name: cli/cli + tool: gh + - run: gh --version diff --git a/setup.sh b/setup.sh index 54a83c1..54fe58c 100755 --- a/setup.sh +++ b/setup.sh @@ -54,11 +54,11 @@ case "${ARCH}" in esac invoke_curl() { - curl -sL \ + curl -sfL \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer ${GH_TOKEN}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/$?" + "https://api.github.com/$1" } # Get release information using GitHub CLI @@ -98,7 +98,9 @@ else # Download and extract asset using gh cli info "Fetching ${ASSET_NAME} from ${OWNER}/${REPO}#${VERSION}" - gh release download "${VERSION}" -R "${OWNER}/${REPO}" -p "${ASSET_NAME}" + DOWNLOAD_URL=$(jq -r --arg asset "${ASSET_NAME}" '.assets[] | select(.name == $asset) | .browser_download_url' <<< "${RELEASE_DATA}") + echo "Download URL: ${DOWNLOAD_URL}" + curl -sSL -H "Authorization: token ${GH_TOKEN}" -o "${ASSET_NAME}" "${DOWNLOAD_URL}" if [[ "${ASSET_NAME}" == *.zip ]]; then info "Extracting ${ASSET_NAME}" From 85aff207c48fc5fe798b8e1fe84c202715a49933 Mon Sep 17 00:00:00 2001 From: Robin Breathe Date: Mon, 17 Feb 2025 14:20:18 +0100 Subject: [PATCH 3/4] fix: exclude man pages for compatibility with cli/cli --- .github/workflows/test.yaml | 37 ++++++++++++++++++++++++++++++++++++- setup.sh | 22 +++++++++++++++------- 2 files changed, 51 insertions(+), 8 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 84d7fc7..f6aa5e5 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -11,9 +11,44 @@ jobs: image: ubuntu:20.04 steps: - uses: actions/checkout@v4 - - run: apt update && apt install -y curl jq + + - run: apt update && apt install -y curl jq unzip + - uses: ./ with: name: cli/cli tool: gh - run: gh --version + + - uses: ./ + with: + name: aquasecurity/trivy + - run: trivy --version + + - uses: ./ + with: + name: mikefarah/yq + - run: yq --version + + - uses: ./ + with: + name: chainguard-dev/apko + version: v0.19.0 + - run: apko version + + - uses: ./ + with: + name: nexthink-oss/ghup + version: v0.12.0 + - run: ghup --version + + - uses: ./ + with: + name: gruntwork-io/terragrunt + version: v0.67.16 + - run: terragrunt --version + + - uses: ./ + with: + name: yannh/kubeconform + - run: kubeconform -v diff --git a/setup.sh b/setup.sh index 54fe58c..d5f5fc1 100755 --- a/setup.sh +++ b/setup.sh @@ -53,7 +53,7 @@ case "${ARCH}" in ;; esac -invoke_curl() { +v3_api_call() { curl -sfL \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer ${GH_TOKEN}" \ @@ -61,13 +61,20 @@ invoke_curl() { "https://api.github.com/$1" } +download_release() { + local url="${1:?download url required}" + local out="${2:?asset name required}" + info "Downloading ${url} to ${out}" + curl -sSL -H "Authorization: token ${GH_TOKEN}" -o "${out}" "${url}" +} + # Get release information using GitHub CLI if [[ "${VERSION}" = "latest" ]]; then - RELEASE_DATA=$(invoke_curl "repos/${OWNER}/${REPO}/releases/latest") + RELEASE_DATA=$(v3_api_call "repos/${OWNER}/${REPO}/releases/latest") VERSION=$(jq -r '.tag_name' <<< "${RELEASE_DATA}") info "Resolved latest version: ${VERSION}" else - RELEASE_DATA=$(invoke_curl "repos/${OWNER}/${REPO}/releases/tags/${VERSION}") + RELEASE_DATA=$(v3_api_call "repos/${OWNER}/${REPO}/releases/tags/${VERSION}") fi # Create cache directory @@ -93,25 +100,26 @@ else # Create temporary directory TMP_DIR=$(mktemp -d) - echo "Temporary directory: ${TMP_DIR}" + info "Temporary directory: ${TMP_DIR}" cd "${TMP_DIR}" # Download and extract asset using gh cli info "Fetching ${ASSET_NAME} from ${OWNER}/${REPO}#${VERSION}" DOWNLOAD_URL=$(jq -r --arg asset "${ASSET_NAME}" '.assets[] | select(.name == $asset) | .browser_download_url' <<< "${RELEASE_DATA}") - echo "Download URL: ${DOWNLOAD_URL}" - curl -sSL -H "Authorization: token ${GH_TOKEN}" -o "${ASSET_NAME}" "${DOWNLOAD_URL}" + download_release "${DOWNLOAD_URL}" "${ASSET_NAME}" if [[ "${ASSET_NAME}" == *.zip ]]; then info "Extracting ${ASSET_NAME}" unzip -q "${ASSET_NAME}" elif [[ "${ASSET_NAME}" == *.tar.gz ]]; then info "Extracting ${ASSET_NAME}" + tar tzf "${ASSET_NAME}" tar xzf "${ASSET_NAME}" fi # Find tool binary - TOOL_PATH=$(find . -type f -name "${TOOL_NAME}*" | grep -Ev '[.](tar[.]gz|zip)$' | head -n1) + TOOL_PATH=$(find . -type f -name "${TOOL_NAME}*" -a \! -name "*.[0-9]" | grep -Ev '[.](tar[.]gz|zip)$' | head -n1) + info "Detected tool binary: ${TOOL_PATH}" [[ -z "${TOOL_PATH}" ]] && error "Tool binary '${TOOL_NAME}' not found in extracted path" # Copy to cache directory From dd4f3cd94f5bb72820c6ee6ac84d9587f4c94c02 Mon Sep 17 00:00:00 2001 From: Robin Breathe Date: Mon, 17 Feb 2025 14:26:27 +0100 Subject: [PATCH 4/4] ci: add Makefile for local testing --- Makefile | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 Makefile diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..33c0f92 --- /dev/null +++ b/Makefile @@ -0,0 +1,5 @@ +export GITHUB_TOKEN=$(shell gh auth token) + +.PHONY: test +test: + @act push -j test --container-architecture=linux/$(shell uname -m) --secret GITHUB_TOKEN=${GITHUB_TOKEN}