Merge pull request #4051 from fluxcd/action-toolcache

action: use `$RUNNER_TOOL_CACHE`, support MacOS and Windows, validate checksum
pull/4052/head
Hidde Beydals 2 years ago committed by GitHub
commit f74d097837
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -0,0 +1,29 @@
name: test-gh-action
on:
pull_request:
paths:
- 'action/**'
push:
paths:
- 'action/**'
branches:
- 'main'
- 'release/**'
permissions: read-all
jobs:
actions:
strategy:
fail-fast: false
matrix:
version: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.version }}
name: action on ${{ matrix.version }}
steps:
- name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Setup flux
uses: ./action

@ -1,64 +1,104 @@
name: Setup Flux CLI name: Setup Flux CLI
description: A GitHub Action for running Flux commands description: A GitHub Action for installing the Flux CLI
author: Stefan Prodan author: Flux project
branding: branding:
color: blue color: blue
icon: command icon: command
inputs: inputs:
version: version:
description: "Flux version e.g. 0.8.0 (defaults to latest stable release)" description: "Flux version e.g. 2.0.0 (defaults to latest stable release)"
required: false required: false
arch: arch:
description: "arch can be amd64, arm64 or arm" description: "arch can be amd64, arm64 or arm"
required: true required: false
default: "amd64" deprecationMessage: "No longer required, action will now detect runner arch."
bindir: bindir:
description: "Optional location of the Flux binary. Will not use sudo if set. Updates System Path." description: "Alternative location for the Flux binary, defaults to path relative to $RUNNER_TOOL_CACHE."
required: false required: false
token: token:
description: "GitHub Token used to authentication against the API (generally only needed to prevent quota limit errors)" description: "GitHub Token used to authentication against the API (generally only needed to prevent quota limit errors)"
required: false required: false
deprecationMessage: "No longer required, action will now use GitHub token from runner."
runs: runs:
using: composite using: composite
steps: steps:
- name: "Download flux binary to tmp" - name: "Download the binary to the runner's cache dir"
shell: bash shell: bash
run: | run: |
ARCH=${{ inputs.arch }}
VERSION=${{ inputs.version }} VERSION=${{ inputs.version }}
TOKEN=${{ inputs.token }} if [[ -z "$VERSION" ]] || [[ "$VERSION" = "latest" ]]; then
VERSION=$(curl -fsSL -H "Authorization: token ${{ github.token }}" https://api.github.com/repos/fluxcd/flux2/releases/latest | grep tag_name | cut -d '"' -f 4)
fi
if [[ -z "$VERSION" ]]; then
echo "Unable to determine Flux CLI version"
exit 1
fi
if [[ $VERSION = v* ]]; then
VERSION="${VERSION:1}"
fi
if [ -z "${VERSION}" ]; then OS=$(echo "${RUNNER_OS}" | tr '[:upper:]' '[:lower:]')
if [ -n "${TOKEN}" ]; then if [[ "$OS" == "macos" ]]; then
VERSION_SLUG=$(curl https://api.github.com/repos/fluxcd/flux2/releases/latest --silent --location --header "Authorization: token ${TOKEN}" | grep tag_name) OS="darwin"
else
# With no GITHUB_TOKEN you will experience occasional failures due to rate limiting
# Ref: https://github.com/fluxcd/flux2/issues/3509#issuecomment-1400820992
VERSION_SLUG=$(curl https://api.github.com/repos/fluxcd/flux2/releases/latest --silent --location | grep tag_name)
fi fi
VERSION=$(echo "${VERSION_SLUG}" | sed -E 's/.*"([^"]+)".*/\1/' | cut -c 2-) ARCH=$(echo "${RUNNER_ARCH}" | tr '[:upper:]' '[:lower:]')
if [[ "$ARCH" == "x64" ]]; then
ARCH="amd64"
elif [[ "$ARCH" == "x86" ]]; then
ARCH="386"
fi fi
BIN_URL="https://github.com/fluxcd/flux2/releases/download/v${VERSION}/flux_${VERSION}_linux_${ARCH}.tar.gz" FLUX_EXEC_FILE="flux"
curl --silent --fail --location "${BIN_URL}" --output /tmp/flux.tar.gz if [[ "$OS" == "windows" ]]; then
mkdir -p /tmp/flux FLUX_EXEC_FILE="${FLUX_EXEC_FILE}.exe"
tar -C /tmp/flux/ -zxvf /tmp/flux.tar.gz fi
- name: "Copy Flux binary to execute location"
shell: bash FLUX_TOOL_DIR=${{ inputs.bindir }}
run: | if [[ -z "$FLUX_TOOL_DIR" ]]; then
BINDIR=${{ inputs.bindir }} FLUX_TOOL_DIR="${RUNNER_TOOL_CACHE}/flux2/${VERSION}/${OS}/${ARCH}"
if [ -z "${BINDIR}" ]; then fi
sudo cp /tmp/flux/flux /usr/local/bin if [[ ! -x "$FLUX_TOOL_DIR/FLUX_EXEC_FILE" ]]; then
DL_DIR="$(mktemp -dt flux2-XXXXXX)"
trap 'rm -rf $DL_DIR' EXIT
echo "Downloading flux ${VERSION} for ${OS}/${ARCH}"
FLUX_TARGET_FILE="flux_${VERSION}_${OS}_${ARCH}.tar.gz"
if [[ "$OS" == "windows" ]]; then
FLUX_TARGET_FILE="flux_${VERSION}_${OS}_${ARCH}.zip"
fi
FLUX_CHECKSUMS_FILE="flux_${VERSION}_checksums.txt"
FLUX_DOWNLOAD_URL="https://github.com/fluxcd/flux2/releases/download/v${VERSION}/"
curl -fsSL -o "$DL_DIR/$FLUX_TARGET_FILE" "$FLUX_DOWNLOAD_URL/$FLUX_TARGET_FILE"
curl -fsSL -o "$DL_DIR/$FLUX_CHECKSUMS_FILE" "$FLUX_DOWNLOAD_URL/$FLUX_CHECKSUMS_FILE"
echo "Verifying checksum"
sum=$(openssl sha1 -sha256 "$DL_DIR/$FLUX_TARGET_FILE" | awk '{print $2}')
expected_sum=$(grep " $FLUX_TARGET_FILE\$" "$DL_DIR/$FLUX_CHECKSUMS_FILE" | awk '{print $1}')
if [ "$sum" != "$expected_sum" ]; then
echo "SHA sum of ${FLUX_TARGET_FILE} does not match. Aborting."
exit 1
fi
echo "Installing flux to ${FLUX_TOOL_DIR}"
mkdir -p "$FLUX_TOOL_DIR"
if [[ "$OS" == "windows" ]]; then
unzip "$DL_DIR/$FLUX_TARGET_FILE" "$FLUX_EXEC_FILE" -d "$FLUX_TOOL_DIR"
else else
cp /tmp/flux/flux "${BINDIR}" tar xzf "$DL_DIR/$FLUX_TARGET_FILE" -C "$FLUX_TOOL_DIR" $FLUX_EXEC_FILE
echo "${BINDIR}" >> $GITHUB_PATH
fi fi
- name: "Cleanup tmp"
shell: bash chmod +x "$FLUX_TOOL_DIR/$FLUX_EXEC_FILE"
run: | fi
rm -rf /tmp/flux/ /tmp/flux.tar.gz
- name: "Verify correct installation of binary" echo "Adding flux to path"
echo "$FLUX_TOOL_DIR" >> "$GITHUB_PATH"
- name: "Print installed flux version"
shell: bash shell: bash
run: | run: |
flux -v flux -v

Loading…
Cancel
Save