diff --git a/.github/workflows/test-actions.yml b/.github/workflows/test-actions.yml index d214ddb..221ddbd 100644 --- a/.github/workflows/test-actions.yml +++ b/.github/workflows/test-actions.yml @@ -2,6 +2,13 @@ name: Test Actions on: push: + tags-ignore: + # Ignore release tags, as the install-slsactl will probably + # be executed before the release takes place, causing it to + # fail as it will try to download the binaries of the current + # release, which may or may not be available. + - 'v*' + pull_request: workflow_dispatch: diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 807175f..2913149 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -29,4 +29,6 @@ jobs: uses: actions/checkout@v4 - uses: ./actions/install-slsactl + with: + version: main - run: make e2e diff --git a/actions/install-slsactl/action.yml b/actions/install-slsactl/action.yml index e4da0b6..5b4b063 100644 --- a/actions/install-slsactl/action.yml +++ b/actions/install-slsactl/action.yml @@ -49,38 +49,45 @@ runs: echo "Using last tag ${VERSION} as version" fi - echo "Downloading checksum file and signatures for release ${VERSION}" - curl -LO "https://${REPO}/releases/download/${VERSION}/slsactl_${VERSION#v}_checksums.txt.pem" - curl -LO "https://${REPO}/releases/download/${VERSION}/slsactl_${VERSION#v}_checksums.txt.sig" - curl -LO "https://${REPO}/releases/download/${VERSION}/slsactl_${VERSION#v}_checksums.txt" + if [[ "${VERSION}" =~ ^v ]]; then + echo "Downloading checksum file and signatures for release ${VERSION}" + curl -LO "https://${REPO}/releases/download/${VERSION}/slsactl_${VERSION#v}_checksums.txt.pem" + curl -LO "https://${REPO}/releases/download/${VERSION}/slsactl_${VERSION#v}_checksums.txt.sig" + curl -LO "https://${REPO}/releases/download/${VERSION}/slsactl_${VERSION#v}_checksums.txt" - cosign verify-blob \ - --certificate-identity "https://${REPO}/.github/workflows/release.yml@refs/tags/${VERSION}" \ - --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \ - --certificate "slsactl_${VERSION#v}_checksums.txt.pem" \ - --signature "slsactl_${VERSION#v}_checksums.txt.sig" "slsactl_${VERSION#v}_checksums.txt" + cosign verify-blob \ + --certificate-identity "https://${REPO}/.github/workflows/release.yml@refs/tags/${VERSION}" \ + --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \ + --certificate "slsactl_${VERSION#v}_checksums.txt.pem" \ + --signature "slsactl_${VERSION#v}_checksums.txt.sig" "slsactl_${VERSION#v}_checksums.txt" - OS="linux" - if [[ ${RUNNER_OS} != "Linux" ]]; then - echo "Unsupported OS: ${RUNNER_OS}" - exit 1 - fi + OS="linux" + if [[ ${RUNNER_OS} != "Linux" ]]; then + echo "Unsupported OS: ${RUNNER_OS}" + exit 1 + fi - ARCH="" - if [[ $(uname -m) == "x86_64" ]]; then - ARCH=amd64 - fi - if [[ $(uname -m) == "aarch64" ]]; then - ARCH=arm64 - fi + ARCH="" + if [[ $(uname -m) == "x86_64" ]]; then + ARCH=amd64 + fi + if [[ $(uname -m) == "aarch64" ]]; then + ARCH=arm64 + fi - FILE="slsactl_${VERSION#v}_${OS}_${ARCH}" + FILE="slsactl_${VERSION#v}_${OS}_${ARCH}" - echo "Installing ${FILE}" - curl -LO "https://${REPO}/releases/download/${VERSION}/${FILE}" - grep "${FILE}" "slsactl_${VERSION#v}_checksums.txt" | sha256sum -c + echo "Installing ${FILE}" + curl -LO "https://${REPO}/releases/download/${VERSION}/${FILE}" + grep "${FILE}" "slsactl_${VERSION#v}_checksums.txt" | sha256sum -c + + chmod +x "${FILE}" + else + echo 'Version is not "latest" nor starts with "v". Fallback to go install with commit ID.' + go install "github.com/rancherlabs/slsactl@${VERSION}" + FILE="$(go env GOPATH)/bin/slsactl" + fi - chmod +x "${FILE}" if sudo -l &> /dev/null; then sudo mv "${FILE}" /usr/local/bin/slsactl else