-
Notifications
You must be signed in to change notification settings - Fork 0
238 lines (229 loc) · 11 KB
/
fetch_runner_images.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
name: 📦🐧 Github Runner (Fetcher|Updater) 📦🐧
#MAX_RUNTIME: 02 Minutes */10 * * * *
on:
#push:
workflow_dispatch:
schedule:
# - cron: "0 */8 * * *" # Every 8 HRs
- cron: "30 07 * * 3" # 07:30 PM UTC Wed (01:15 AM NPT Thu Midnight)
- cron: "30 08 * * 3" # 08:30 PM UTC Wed (02:15 AM NPT Thu Midnight)
jobs:
fetch:
runs-on: "${{ matrix.runner }}"
timeout-minutes: 20
permissions:
contents: write
strategy:
fail-fast: false
matrix:
include:
- image: "aarch64-Linux"
arch: "aarch64"
file: "/tmp/runner.tar.gz"
runner: "ubuntu-24.04-arm"
- image: "x86_64-Linux"
arch: "aarch64"
file: "/tmp/runner.tar.gz"
runner: "ubuntu-latest"
steps:
- name: Setup Env [${{ matrix.image }}]
run: |
##presets
set +x ; set +e
#-------------#
##CoreUtils
export DEBIAN_FRONTEND="noninteractive"
echo "DEBIAN_FRONTEND=${DEBIAN_FRONTEND}" >> "${GITHUB_ENV}"
sudo apt update -y -qq
#https://github.com/ilikenwf/apt-fast?tab=readme-ov-file#quick-install
bash -c "$(curl -qfsSL 'https://raw.githubusercontent.com/ilikenwf/apt-fast/master/quick-install.sh')"
if ! command -v apt-fast &> /dev/null; then
echo -e "\n[-] docker NOT Found\n"
echo "CONTINUE_GHRUN=FALSE" >> "${GITHUB_ENV}"
exit 1
fi
BASE_PKGS=(apt-transport-https apt-utils bc ca-certificates b3sum coreutils curl dos2unix fdupes git-lfs gnupg2 jq moreutils p7zip-full rename rsync software-properties-common texinfo tmux util-linux wget zsync)
for pkg in "${BASE_PKGS[@]}"; do sudo DEBIAN_FRONTEND="noninteractive" apt-fast install -f "${pkg}" -y --ignore-missing 2>/dev/null; done
sudo apt-fast update -y -qq 2>/dev/null
##tmp
SYSTMP="$(dirname $(mktemp -u))" && export SYSTMP="${SYSTMP}"
#GH ENV
echo "SYSTMP=${SYSTMP}" >> "${GITHUB_ENV}"
echo "GHA_MODE=MATRIX" >> "${GITHUB_ENV}"
echo "GIT_TERMINAL_PROMPT=0" >> "${GITHUB_ENV}"
echo "GIT_ASKPASS=/bin/echo" >> "${GITHUB_ENV}"
echo "GH_PAGER=" >> "${GITHUB_ENV}"
gh config set prompt disabled
git config --global "credential.helper" store
git config --global "user.email" "[email protected]"
git config --global "user.name" "Azathothas"
##User-Agent
USER_AGENT="$(curl -qfsSL 'https://pub.ajam.dev/repos/Azathothas/Wordlists/Misc/User-Agents/ua_chrome_macos_latest.txt')" && export USER_AGENT="${USER_AGENT}"
echo "USER_AGENT=${USER_AGENT}" >> "${GITHUB_ENV}"
##Wget
echo 'progress = dot:giga' | sudo tee -a "/etc/wgetrc"
echo 'progress = dot:giga' | tee -a "${HOME}/.wgetrc"
continue-on-error: true
- name: Create Metadata Tag [gh-${{ matrix.image }}]
if: env.CONTINUE_GHRUN != 'FALSE'
env:
GH_TOKEN: "${{ github.token }}"
GITHUB_TOKEN: "${{ github.token }}"
run: |
##presets
set +x ; set +e
#-------------#
METADATA_TAG="soar-nest"
export METADATA_TAG="$(echo "gh-${{ matrix.image }}" | tr -d '[:space:]')"
echo "METADATA_TAG=${METADATA_TAG}" >> "${GITHUB_ENV}"
echo "GH_PAGER=" >> "${GITHUB_ENV}"
gh config set prompt disabled
gh release create "${METADATA_TAG}" --repo "${GITHUB_REPOSITORY}" --title "${METADATA_TAG}" --prerelease
sleep 3 ; gh release view "${METADATA_TAG}" --repo "${GITHUB_REPOSITORY}"
METADATA_TAG_URL="https://github.com/${GITHUB_REPOSITORY}/releases/tag/${METADATA_TAG}"
echo METADATA_TAG_URL="${METADATA_TAG_URL}" >> "${GITHUB_ENV}"
METADATA_TAG_STATUS="$(curl -X "HEAD" -qfsSL "${METADATA_TAG_URL}" -I | sed -n 's/^[[:space:]]*HTTP\/[0-9.]*[[:space:]]\+\([0-9]\+\).*/\1/p' | tail -n1 | tr -d '[:space:]')"
if echo "${METADATA_TAG_STATUS}" | grep -qi '200$'; then
export METADATA_DIR="/tmp/PKG_METADATA"
echo "METADATA_DIR=${METADATA_DIR}" >> "${GITHUB_ENV}"
mkdir -pv "${METADATA_DIR}"
echo "CONTINUE_GHRUN=TRUE" >> "${GITHUB_ENV}"
else
echo -e "\n[✗] FATAL: Failed to Create ${METADATA_TAG} <== [Release Tag]\n"
echo "CONTINUE_GHRUN=FALSE" >> "${GITHUB_ENV}"
exit 1
fi
continue-on-error: true
- name: Download [gh-${{ matrix.image }}]
if: env.CONTINUE_GHRUN != 'FALSE'
env:
GH_TOKEN: "${{ github.token }}"
GITHUB_TOKEN: "${{ github.token }}"
run: |
##presets
set +x ; set +e
#-------------#
OUT_FILE="${{ matrix.file }}"
SRC_REPO="actions/runner"
pushd "$(mktemp -d)" &>/dev/null && TMPDIR="$(realpath .)"
#Fetch Release Metadata
for i in {1..5}; do
gh api "repos/${SRC_REPO}/releases" --paginate | jq . > "${TMPDIR}/RELEASES.json"
unset REL_COUNT ; REL_COUNT="$(jq -r '.. | objects | select(has("browser_download_url")) | .browser_download_url' "${TMPDIR}/RELEASES.json" | grep -iv 'null' | sort -u | wc -l | tr -d '[:space:]')"
if [[ "${REL_COUNT}" -le 10 ]]; then
echo "Retrying... ${i}/5"
sleep 2
elif [[ "${REL_COUNT}" -gt 10 ]]; then
unset REL_COUNT
break
fi
done
#Sanity Check URLs
REL_COUNT="$(jq -r '.. | objects | select(has("browser_download_url")) | .browser_download_url' "${TMPDIR}/RELEASES.json" | grep -iv 'null' | sort -u | wc -l | tr -d '[:space:]')"
if [[ "${REL_COUNT}" -le 10 ]]; then
echo -e "\n[-] FATAL: Failed to Fetch Release MetaData\n"
echo "[-] Count: ${REL_COUNT}"
echo "CONTINUE_GHRUN=FALSE" >> "${GITHUB_ENV}"
exit 1
else
#Get Download URL
if echo "${{ matrix.image }}" | grep -qiE 'aarch64'; then
REL_DL_URL="$(cat "${TMPDIR}/RELEASES.json" | jq -r '.[] | select(.prerelease | not) | .assets[].browser_download_url | select((. | test("\\.(sha|sha256|sha512|sig)$") | not) and (. | test("apple|darwin|macos|osx|win|x64"; "i") | not))' |\
grep -Ei "arm64" | grep -Ei "linux" | sort --version-sort | tail -n 1 | tr -d '[:space:]')"
elif echo "${{ matrix.image }}" | grep -qiE 'x86_64'; then
REL_DL_URL="$(cat "${TMPDIR}/RELEASES.json" | jq -r '.[] | select(.prerelease | not) | .assets[].browser_download_url | select((. | test("\\.(sha|sha256|sha512|sig)$") | not) and (. | test("apple|arm64|darwin|macos|osx|win"; "i") | not))' |\
grep -Ei "x64" | grep -Ei "linux" | sort --version-sort | tail -n 1 | tr -d '[:space:]')"
fi
fi
#Download
if ! echo "${REL_DL_URL}" | grep -qiE '^https?://'; then
echo -e "[-] FATAL: Failed to fetch Download URL"
echo "CONTINUE_GHRUN=FALSE" >> "${GITHUB_ENV}"
exit 1
else
curl -w "(DL) <== %{url}\n" -qfSL "${REL_DL_URL}" -o "${OUT_FILE}" | tee "${TMPDIR}/REL_NOTE.txt"
fi
#Check
if [[ -s "${OUT_FILE}" ]] && [[ $(stat -c%s "${OUT_FILE}") -gt 10000 ]]; then
echo -e "[+] Downloaded Artifact"
realpath "${OUT_FILE}" && du -sh "${OUT_FILE}"
echo "CONTINUE_GHRUN=TRUE" >> "${GITHUB_ENV}"
export HAS_RELEASE="TRUE"
echo "HAS_RELEASE=${HAS_RELEASE}" >> "${GITHUB_ENV}"
#Rel Notes
echo -e "" > "/tmp/RELEASE_NOTE.md"
echo '---' >> "/tmp/RELEASE_NOTE.md"
echo '```console' >> "/tmp/RELEASE_NOTE.md"
echo -e "\n" >> "/tmp/RELEASE_NOTE.md"
cat "${TMPDIR}/REL_NOTE.txt" >> "/tmp/RELEASE_NOTE.md"
echo -e "\n[+] --> HOST" >> "/tmp/RELEASE_NOTE.md"
echo "${{ matrix.image }}" >> "/tmp/RELEASE_NOTE.md"
echo -e "\n[+] --> FILE" >> "/tmp/RELEASE_NOTE.md"
file "${OUT_FILE}" | sed 's|/tmp/||' >> "/tmp/RELEASE_NOTE.md"
echo -e "\n[+] --> SIZE" >> "/tmp/RELEASE_NOTE.md"
du -sh "${OUT_FILE}" | awk '{unit=substr($1,length($1)); sub(/[BKMGT]$/,"",$1); print $1 " " unit "B"}' >> "/tmp/RELEASE_NOTE.md"
echo -e "\n[+] --> BLAKE3SUM" >> "/tmp/RELEASE_NOTE.md"
b3sum "${OUT_FILE}" | grep -oE '^[a-f0-9]{64}' | tr -d '[:space:]' >> "/tmp/RELEASE_NOTE.md"
echo -e "\n\n[+] --> SHA256SUM" >> "/tmp/RELEASE_NOTE.md"
sha256sum "${OUT_FILE}" | grep -oE '^[a-f0-9]{64}' | tr -d '[:space:]' >> "/tmp/RELEASE_NOTE.md"
echo -e "\n" >> "/tmp/RELEASE_NOTE.md"
echo -e '```\n' >> "/tmp/RELEASE_NOTE.md"
#Time
UTC_TIME="$(TZ='UTC' date +'%Y_%m_%d')"
echo "UTC_TIME=${UTC_TIME}" >> "${GITHUB_ENV}"
else
echo -e "[-] FATAL: Downloaded Artifact seems broken"
echo "CONTINUE_GHRUN=FALSE" >> "${GITHUB_ENV}"
export HAS_RELEASE="FALSE"
echo "HAS_RELEASE=${HAS_RELEASE}" >> "${GITHUB_ENV}"
exit 1
fi
continue-on-error: true
- name: Fail (If Build Failed)
if: env.HAS_RELEASE == 'FALSE'
run: |
#presets
set +x ; set +e
#-------------#
exit 1
continue-on-error: false
#Artifacts
- name: Upload (Build) Artifacts
uses: actions/upload-artifact@v4
with:
name: "gh-${{ matrix.image }}"
path: |
${{ matrix.file }}
compression-level: 0 #no compression, [Default: 6 (GNU Gzip)]
retention-days: 90 #max
overwrite: true
continue-on-error: true
#continuous
- name: Releaser (Continuous)
if: env.HAS_RELEASE == 'TRUE'
uses: softprops/[email protected]
with:
name: "${{ env.METADATA_TAG }}"
tag_name: "${{ env.METADATA_TAG }}"
prerelease: true
draft: false
generate_release_notes: false
body_path: "/tmp/RELEASE_NOTE.md"
files: |
${{ matrix.file }}
continue-on-error: true
#Snapshot
- name: Releaser (Snapshot)
if: env.HAS_RELEASE == 'TRUE'
uses: softprops/[email protected]
with:
name: "${{ env.METADATA_TAG }}"
tag_name: "${{ env.UTC_TIME }}-${{ env.METADATA_TAG }}"
prerelease: false
draft: false
generate_release_notes: false
make_latest: false
body_path: "/tmp/RELEASE_NOTE.md"
files: |
${{ matrix.file }}
continue-on-error: true