diff --git a/aws/assume-role/rwx-ci-cd.config.yml b/aws/assume-role/rwx-ci-cd.config.yml new file mode 100644 index 0000000..90d4873 --- /dev/null +++ b/aws/assume-role/rwx-ci-cd.config.yml @@ -0,0 +1,12 @@ +--- +tests: +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/aws/assume-role/rwx-package.yml b/aws/assume-role/rwx-package.yml index 8186a9f..bbc764e 100644 --- a/aws/assume-role/rwx-package.yml +++ b/aws/assume-role/rwx-package.yml @@ -1,100 +1,100 @@ +--- name: aws/assume-role -version: 2.0.6 +version: 2.0.7 description: Assume an AWS role source_code_url: https://github.com/rwx-cloud/packages/tree/main/aws/assume-role issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: region: - description: "The AWS region (e.g. us-east-2)." + description: The AWS region (e.g. us-east-2). required: true role-to-assume: - description: "The ARN of the AWS role to be assumed (e.g. arn:aws:iam::your-account-id:role/your-role)." + description: The ARN of the AWS role to be assumed (e.g. arn:aws:iam::your-account-id:role/your-role). required: true role-duration-seconds: - description: "The role duration in seconds." + description: The role duration in seconds. default: 900 role-session-name: - description: "The name of the session." + description: The name of the session. required: false profile-name: - description: "The profile under which the credentials will be configured." - default: "default" + description: The profile under which the credentials will be configured. + default: default oidc-token-env-var: - description: "The environment variable that contains the OIDC token." - default: "AWS_OIDC_TOKEN" + description: The environment variable that contains the OIDC token. + default: AWS_OIDC_TOKEN role-chaining: - description: "Enable role chaining." + description: Enable role chaining. default: false source-profile-name: - description: "The profile used to assume the chained role (only used with role-chaining is enabled)." - default: "default" - + description: The profile used to assume the chained role (only used with role-chaining + is enabled). + default: default tasks: - - key: produce-assume-role-hooks - run: | - set -ueo pipefail +- key: produce-assume-role-hooks + run: | + set -ueo pipefail - if [[ "${{ params.role-chaining}}" == "false" ]]; then - BEFORE_HOOK_TEMPLATE="$RWX_PACKAGES_PATH/assume-role.template.txt" - BEFORE_HOOK="$RWX_HOOKS_BEFORE_TASK/aws-assume-role--assume-${{ params.profile-name }}.sh" - AFTER_HOOK="$RWX_HOOKS_AFTER_TASK/aws-assume-role--assume-${{ params.profile-name }}.sh" + if [[ "${{ params.role-chaining}}" == "false" ]]; then + BEFORE_HOOK_TEMPLATE="$RWX_PACKAGES_PATH/assume-role.template.txt" + BEFORE_HOOK="$RWX_HOOKS_BEFORE_TASK/aws-assume-role--assume-${{ params.profile-name }}.sh" + AFTER_HOOK="$RWX_HOOKS_AFTER_TASK/aws-assume-role--assume-${{ params.profile-name }}.sh" - awk \ - -v REGION="${{ params.region }}" \ - -v ROLE_TO_ASSUME="${{ params.role-to-assume }}" \ - -v ROLE_DURATION_SECONDS="${{ params.role-duration-seconds }}" \ - -v ROLE_SESSION_NAME="${{ params.role-session-name }}" \ - -v PROFILE_NAME="${{ params.profile-name }}" \ - -v OIDC_TOKEN_ENV_VAR="${{ params.oidc-token-env-var }}" \ - '{ - gsub("%{{REGION}}", REGION); - gsub("%{{ROLE_TO_ASSUME}}", ROLE_TO_ASSUME); - gsub("%{{ROLE_DURATION_SECONDS}}", ROLE_DURATION_SECONDS); - gsub("%{{ROLE_SESSION_NAME}}", ROLE_SESSION_NAME); - gsub("%{{PROFILE_NAME}}", PROFILE_NAME); - gsub("%{{OIDC_TOKEN_ENV_VAR}}", OIDC_TOKEN_ENV_VAR); - print - }' "$BEFORE_HOOK_TEMPLATE" > $BEFORE_HOOK + awk \ + -v REGION="${{ params.region }}" \ + -v ROLE_TO_ASSUME="${{ params.role-to-assume }}" \ + -v ROLE_DURATION_SECONDS="${{ params.role-duration-seconds }}" \ + -v ROLE_SESSION_NAME="${{ params.role-session-name }}" \ + -v PROFILE_NAME="${{ params.profile-name }}" \ + -v OIDC_TOKEN_ENV_VAR="${{ params.oidc-token-env-var }}" \ + '{ + gsub("%{{REGION}}", REGION); + gsub("%{{ROLE_TO_ASSUME}}", ROLE_TO_ASSUME); + gsub("%{{ROLE_DURATION_SECONDS}}", ROLE_DURATION_SECONDS); + gsub("%{{ROLE_SESSION_NAME}}", ROLE_SESSION_NAME); + gsub("%{{PROFILE_NAME}}", PROFILE_NAME); + gsub("%{{OIDC_TOKEN_ENV_VAR}}", OIDC_TOKEN_ENV_VAR); + print + }' "$BEFORE_HOOK_TEMPLATE" > $BEFORE_HOOK - else - BEFORE_HOOK_TEMPLATE="$RWX_PACKAGES_PATH/chain-role.template.txt" - ROLE_TO_ASSUME_HASH=$(echo -n "${{ params.role-to-assume }}" | sha1sum | awk '{print $1}') - BEFORE_HOOK="$RWX_HOOKS_BEFORE_TASK/aws-assume-role--chain-${{ params.profile-name }}--$ROLE_TO_ASSUME_HASH.sh" - AFTER_HOOK="$RWX_HOOKS_AFTER_TASK/aws-assume-role--chain-${{ params.profile-name }}--$ROLE_TO_ASSUME_HASH.sh" + else + BEFORE_HOOK_TEMPLATE="$RWX_PACKAGES_PATH/chain-role.template.txt" + ROLE_TO_ASSUME_HASH=$(echo -n "${{ params.role-to-assume }}" | sha1sum | awk '{print $1}') + BEFORE_HOOK="$RWX_HOOKS_BEFORE_TASK/aws-assume-role--chain-${{ params.profile-name }}--$ROLE_TO_ASSUME_HASH.sh" + AFTER_HOOK="$RWX_HOOKS_AFTER_TASK/aws-assume-role--chain-${{ params.profile-name }}--$ROLE_TO_ASSUME_HASH.sh" - awk \ - -v REGION="${{ params.region }}" \ - -v ROLE_TO_ASSUME="${{ params.role-to-assume }}" \ - -v ROLE_DURATION_SECONDS="${{ params.role-duration-seconds }}" \ - -v ROLE_SESSION_NAME="${{ params.role-session-name }}" \ - -v PROFILE_NAME="${{ params.profile-name }}" \ - -v SOURCE_PROFILE_NAME="${{ params.source-profile-name }}" \ - '{ - gsub("%{{REGION}}", REGION); - gsub("%{{ROLE_TO_ASSUME}}", ROLE_TO_ASSUME); - gsub("%{{ROLE_DURATION_SECONDS}}", ROLE_DURATION_SECONDS); - gsub("%{{ROLE_SESSION_NAME}}", ROLE_SESSION_NAME); - gsub("%{{PROFILE_NAME}}", PROFILE_NAME); - gsub("%{{SOURCE_PROFILE_NAME}}", SOURCE_PROFILE_NAME); - print - }' "$BEFORE_HOOK_TEMPLATE" > $BEFORE_HOOK - fi + awk \ + -v REGION="${{ params.region }}" \ + -v ROLE_TO_ASSUME="${{ params.role-to-assume }}" \ + -v ROLE_DURATION_SECONDS="${{ params.role-duration-seconds }}" \ + -v ROLE_SESSION_NAME="${{ params.role-session-name }}" \ + -v PROFILE_NAME="${{ params.profile-name }}" \ + -v SOURCE_PROFILE_NAME="${{ params.source-profile-name }}" \ + '{ + gsub("%{{REGION}}", REGION); + gsub("%{{ROLE_TO_ASSUME}}", ROLE_TO_ASSUME); + gsub("%{{ROLE_DURATION_SECONDS}}", ROLE_DURATION_SECONDS); + gsub("%{{ROLE_SESSION_NAME}}", ROLE_SESSION_NAME); + gsub("%{{PROFILE_NAME}}", PROFILE_NAME); + gsub("%{{SOURCE_PROFILE_NAME}}", SOURCE_PROFILE_NAME); + print + }' "$BEFORE_HOOK_TEMPLATE" > $BEFORE_HOOK + fi - bash -n $BEFORE_HOOK || { echo "Generated before hook script has syntax errors."; exit 1; } + bash -n $BEFORE_HOOK || { echo "Generated before hook script has syntax errors."; exit 1; } - cat <<'EOF' > $AFTER_HOOK - set -ueo pipefail - AWS_SKIP_AUTH="${AWS_SKIP_AUTH:-}" - if [ -n "$AWS_SKIP_AUTH" ]; then - echo "AWS_SKIP_AUTH is set, the aws/assume-role hook has been skipped." - exit 0 - fi - echo 'Removing aws credentials' - if [ -f ~/.aws/credentials ]; then - rm ~/.aws/credentials - fi - EOF + cat <<'EOF' > $AFTER_HOOK + set -ueo pipefail + AWS_SKIP_AUTH="${AWS_SKIP_AUTH:-}" + if [ -n "$AWS_SKIP_AUTH" ]; then + echo "AWS_SKIP_AUTH is set, the aws/assume-role hook has been skipped." + exit 0 + fi + echo 'Removing aws credentials' + if [ -f ~/.aws/credentials ]; then + rm ~/.aws/credentials + fi + EOF - chmod +x $BEFORE_HOOK - chmod +x $AFTER_HOOK + chmod +x $BEFORE_HOOK + chmod +x $AFTER_HOOK diff --git a/aws/install-cli/rwx-ci-cd.config.yml b/aws/install-cli/rwx-ci-cd.config.yml index 2ca6646..4e06ead 100644 --- a/aws/install-cli/rwx-ci-cd.config.yml +++ b/aws/install-cli/rwx-ci-cd.config.yml @@ -1,28 +1,36 @@ +--- tests: - - key: ubuntu-22-04-x86-64-1-1 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.1 - arch: x86_64 - - - key: ubuntu-22-04-arm64-1-1 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.1 - arch: arm64 - - - key: ubuntu-24-04-x86-64-1-2 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: x86_64 - - - key: ubuntu-24-04-arm64-1-2 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: arm64 +- key: ubuntu-22-04-x86-64-1-1 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.1 + arch: x86_64 +- key: ubuntu-22-04-arm64-1-1 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.1 + arch: arm64 +- key: ubuntu-24-04-x86-64-1-2 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: x86_64 +- key: ubuntu-24-04-arm64-1-2 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: arm64 +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/aws/install-cli/rwx-package.yml b/aws/install-cli/rwx-package.yml index 9e3426e..73bbc00 100644 --- a/aws/install-cli/rwx-package.yml +++ b/aws/install-cli/rwx-package.yml @@ -1,138 +1,139 @@ +--- name: aws/install-cli -version: 1.0.8 +version: 1.0.9 description: Install the AWS CLI source_code_url: https://github.com/rwx-cloud/packages/tree/main/aws/install-cli issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: cli-version: - description: "Version of the CLI to install" + description: Version of the CLI to install required: false - tasks: - - key: install-unzip-if-necessary - run: | - if ! command -v unzip &> /dev/null; then - source "$RWX_PACKAGE_PATH/mint-utils.sh" - if ! mint_os_package_manager_in apt; then - echo "Unsupported operating system or package manager \`$(mint_os_package_manager)\`" > "$(mktemp "$RWX_ERRORS/error-XXXX")" - exit 1 - fi - - sudo apt-get update - sudo apt-get install unzip - sudo apt-get clean +- key: install-unzip-if-necessary + run: | + if ! command -v unzip &> /dev/null; then + source "$RWX_PACKAGE_PATH/mint-utils.sh" + if ! mint_os_package_manager_in apt; then + echo "Unsupported operating system or package manager \`$(mint_os_package_manager)\`" > "$(mktemp "$RWX_ERRORS/error-XXXX")" + exit 1 fi - filter: [] - - key: install-gpg-if-necessary - run: | - if ! command -v gpg &> /dev/null; then - source "$RWX_PACKAGE_PATH/mint-utils.sh" - if ! mint_os_package_manager_in apt; then - echo "Unsupported operating system or package manager \`$(mint_os_package_manager)\`" > "$(mktemp "$RWX_ERRORS/error-XXXX")" - exit 1 - fi - sudo apt-get update - sudo apt-get install gnupg - sudo apt-get clean + sudo apt-get update + sudo apt-get install unzip + sudo apt-get clean + fi + filter: [] +- key: install-gpg-if-necessary + run: | + if ! command -v gpg &> /dev/null; then + source "$RWX_PACKAGE_PATH/mint-utils.sh" + if ! mint_os_package_manager_in apt; then + echo "Unsupported operating system or package manager \`$(mint_os_package_manager)\`" > "$(mktemp "$RWX_ERRORS/error-XXXX")" + exit 1 fi - filter: [] - - key: install-cli - use: [install-gpg-if-necessary, install-unzip-if-necessary] - run: | - set -ueo pipefail - tmp="$(mktemp -d)" - cd "$tmp" + sudo apt-get update + sudo apt-get install gnupg + sudo apt-get clean + fi + filter: [] +- key: install-cli + use: + - install-gpg-if-necessary + - install-unzip-if-necessary + run: | + set -ueo pipefail - # installer zip - if [[ -n "$CLI_VERSION" ]]; then - curl -o "awscliv2.zip" -fsSL "https://awscli.amazonaws.com/awscli-exe-linux-$(uname -p)-$CLI_VERSION.zip" - else - curl -o "awscliv2.zip" -fsSL "https://awscli.amazonaws.com/awscli-exe-linux-$(uname -p).zip" - fi + tmp="$(mktemp -d)" + cd "$tmp" - # signature - if [[ -n "$CLI_VERSION" ]]; then - curl -o "awscliv2.sig" -fsSL "https://awscli.amazonaws.com/awscli-exe-linux-$(uname -p)-$CLI_VERSION.zip.sig" - else - curl -o "awscliv2.sig" -fsSL "https://awscli.amazonaws.com/awscli-exe-linux-$(uname -p).zip.sig" - fi + # installer zip + if [[ -n "$CLI_VERSION" ]]; then + curl -o "awscliv2.zip" -fsSL "https://awscli.amazonaws.com/awscli-exe-linux-$(uname -p)-$CLI_VERSION.zip" + else + curl -o "awscliv2.zip" -fsSL "https://awscli.amazonaws.com/awscli-exe-linux-$(uname -p).zip" + fi + + # signature + if [[ -n "$CLI_VERSION" ]]; then + curl -o "awscliv2.sig" -fsSL "https://awscli.amazonaws.com/awscli-exe-linux-$(uname -p)-$CLI_VERSION.zip.sig" + else + curl -o "awscliv2.sig" -fsSL "https://awscli.amazonaws.com/awscli-exe-linux-$(uname -p).zip.sig" + fi - # import the public keys - cat > aws-cli-1.pub <<- EOF - -----BEGIN PGP PUBLIC KEY BLOCK----- + # import the public keys + cat > aws-cli-1.pub <<- EOF + -----BEGIN PGP PUBLIC KEY BLOCK----- - mQINBF2Cr7UBEADJZHcgusOJl7ENSyumXh85z0TRV0xJorM2B/JL0kHOyigQluUG - ZMLhENaG0bYatdrKP+3H91lvK050pXwnO/R7fB/FSTouki4ciIx5OuLlnJZIxSzx - PqGl0mkxImLNbGWoi6Lto0LYxqHN2iQtzlwTVmq9733zd3XfcXrZ3+LblHAgEt5G - TfNxEKJ8soPLyWmwDH6HWCnjZ/aIQRBTIQ05uVeEoYxSh6wOai7ss/KveoSNBbYz - gbdzoqI2Y8cgH2nbfgp3DSasaLZEdCSsIsK1u05CinE7k2qZ7KgKAUIcT/cR/grk - C6VwsnDU0OUCideXcQ8WeHutqvgZH1JgKDbznoIzeQHJD238GEu+eKhRHcz8/jeG - 94zkcgJOz3KbZGYMiTh277Fvj9zzvZsbMBCedV1BTg3TqgvdX4bdkhf5cH+7NtWO - lrFj6UwAsGukBTAOxC0l/dnSmZhJ7Z1KmEWilro/gOrjtOxqRQutlIqG22TaqoPG - fYVN+en3Zwbt97kcgZDwqbuykNt64oZWc4XKCa3mprEGC3IbJTBFqglXmZ7l9ywG - EEUJYOlb2XrSuPWml39beWdKM8kzr1OjnlOm6+lpTRCBfo0wa9F8YZRhHPAkwKkX - XDeOGpWRj4ohOx0d2GWkyV5xyN14p2tQOCdOODmz80yUTgRpPVQUtOEhXQARAQAB - tCFBV1MgQ0xJIFRlYW0gPGF3cy1jbGlAYW1hem9uLmNvbT6JAlQEEwEIAD4CGwMF - CwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQT7Xbd/1cEYuAURraimMQrMRnJHXAUC - ZMKcEgUJCSEf3QAKCRCmMQrMRnJHXCilD/4vior9J5tB+icri5WbDudS3ak/ve4q - XS6ZLm5S8l+CBxy5aLQUlyFhuaaEHDC11fG78OduxatzeHENASYVo3mmKNwrCBza - NJaeaWKLGQT0MKwBSP5aa3dva8P/4oUP9GsQn0uWoXwNDWfrMbNI8gn+jC/3MigW - vD3fu6zCOWWLITNv2SJoQlwILmb/uGfha68o4iTBOvcftVRuao6DyqF+CrHX/0j0 - klEDQFMY9M4tsYT7X8NWfI8Vmc89nzpvL9fwda44WwpKIw1FBZP8S0sgDx2xDsxv - L8kM2GtOiH0cHqFO+V7xtTKZyloliDbJKhu80Kc+YC/TmozD8oeGU2rEFXfLegwS - zT9N+jB38+dqaP9pRDsi45iGqyA8yavVBabpL0IQ9jU6eIV+kmcjIjcun/Uo8SjJ - 0xQAsm41rxPaKV6vJUn10wVNuhSkKk8mzNOlSZwu7Hua6rdcCaGeB8uJ44AP3QzW - BNnrjtoN6AlN0D2wFmfE/YL/rHPxU1XwPntubYB/t3rXFL7ENQOOQH0KVXgRCley - sHMglg46c+nQLRzVTshjDjmtzvh9rcV9RKRoPetEggzCoD89veDA9jPR2Kw6RYkS - XzYm2fEv16/HRNYt7hJzneFqRIjHW5qAgSs/bcaRWpAU/QQzzJPVKCQNr4y0weyg - B8HCtGjfod0p1A== - =gdMc - -----END PGP PUBLIC KEY BLOCK----- - EOF + mQINBF2Cr7UBEADJZHcgusOJl7ENSyumXh85z0TRV0xJorM2B/JL0kHOyigQluUG + ZMLhENaG0bYatdrKP+3H91lvK050pXwnO/R7fB/FSTouki4ciIx5OuLlnJZIxSzx + PqGl0mkxImLNbGWoi6Lto0LYxqHN2iQtzlwTVmq9733zd3XfcXrZ3+LblHAgEt5G + TfNxEKJ8soPLyWmwDH6HWCnjZ/aIQRBTIQ05uVeEoYxSh6wOai7ss/KveoSNBbYz + gbdzoqI2Y8cgH2nbfgp3DSasaLZEdCSsIsK1u05CinE7k2qZ7KgKAUIcT/cR/grk + C6VwsnDU0OUCideXcQ8WeHutqvgZH1JgKDbznoIzeQHJD238GEu+eKhRHcz8/jeG + 94zkcgJOz3KbZGYMiTh277Fvj9zzvZsbMBCedV1BTg3TqgvdX4bdkhf5cH+7NtWO + lrFj6UwAsGukBTAOxC0l/dnSmZhJ7Z1KmEWilro/gOrjtOxqRQutlIqG22TaqoPG + fYVN+en3Zwbt97kcgZDwqbuykNt64oZWc4XKCa3mprEGC3IbJTBFqglXmZ7l9ywG + EEUJYOlb2XrSuPWml39beWdKM8kzr1OjnlOm6+lpTRCBfo0wa9F8YZRhHPAkwKkX + XDeOGpWRj4ohOx0d2GWkyV5xyN14p2tQOCdOODmz80yUTgRpPVQUtOEhXQARAQAB + tCFBV1MgQ0xJIFRlYW0gPGF3cy1jbGlAYW1hem9uLmNvbT6JAlQEEwEIAD4CGwMF + CwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQT7Xbd/1cEYuAURraimMQrMRnJHXAUC + ZMKcEgUJCSEf3QAKCRCmMQrMRnJHXCilD/4vior9J5tB+icri5WbDudS3ak/ve4q + XS6ZLm5S8l+CBxy5aLQUlyFhuaaEHDC11fG78OduxatzeHENASYVo3mmKNwrCBza + NJaeaWKLGQT0MKwBSP5aa3dva8P/4oUP9GsQn0uWoXwNDWfrMbNI8gn+jC/3MigW + vD3fu6zCOWWLITNv2SJoQlwILmb/uGfha68o4iTBOvcftVRuao6DyqF+CrHX/0j0 + klEDQFMY9M4tsYT7X8NWfI8Vmc89nzpvL9fwda44WwpKIw1FBZP8S0sgDx2xDsxv + L8kM2GtOiH0cHqFO+V7xtTKZyloliDbJKhu80Kc+YC/TmozD8oeGU2rEFXfLegwS + zT9N+jB38+dqaP9pRDsi45iGqyA8yavVBabpL0IQ9jU6eIV+kmcjIjcun/Uo8SjJ + 0xQAsm41rxPaKV6vJUn10wVNuhSkKk8mzNOlSZwu7Hua6rdcCaGeB8uJ44AP3QzW + BNnrjtoN6AlN0D2wFmfE/YL/rHPxU1XwPntubYB/t3rXFL7ENQOOQH0KVXgRCley + sHMglg46c+nQLRzVTshjDjmtzvh9rcV9RKRoPetEggzCoD89veDA9jPR2Kw6RYkS + XzYm2fEv16/HRNYt7hJzneFqRIjHW5qAgSs/bcaRWpAU/QQzzJPVKCQNr4y0weyg + B8HCtGjfod0p1A== + =gdMc + -----END PGP PUBLIC KEY BLOCK----- + EOF - cat > aws-cli-2.pub <<- EOF - -----BEGIN PGP PUBLIC KEY BLOCK----- + cat > aws-cli-2.pub <<- EOF + -----BEGIN PGP PUBLIC KEY BLOCK----- - mQINBF2Cr7UBEADJZHcgusOJl7ENSyumXh85z0TRV0xJorM2B/JL0kHOyigQluUG - ZMLhENaG0bYatdrKP+3H91lvK050pXwnO/R7fB/FSTouki4ciIx5OuLlnJZIxSzx - PqGl0mkxImLNbGWoi6Lto0LYxqHN2iQtzlwTVmq9733zd3XfcXrZ3+LblHAgEt5G - TfNxEKJ8soPLyWmwDH6HWCnjZ/aIQRBTIQ05uVeEoYxSh6wOai7ss/KveoSNBbYz - gbdzoqI2Y8cgH2nbfgp3DSasaLZEdCSsIsK1u05CinE7k2qZ7KgKAUIcT/cR/grk - C6VwsnDU0OUCideXcQ8WeHutqvgZH1JgKDbznoIzeQHJD238GEu+eKhRHcz8/jeG - 94zkcgJOz3KbZGYMiTh277Fvj9zzvZsbMBCedV1BTg3TqgvdX4bdkhf5cH+7NtWO - lrFj6UwAsGukBTAOxC0l/dnSmZhJ7Z1KmEWilro/gOrjtOxqRQutlIqG22TaqoPG - fYVN+en3Zwbt97kcgZDwqbuykNt64oZWc4XKCa3mprEGC3IbJTBFqglXmZ7l9ywG - EEUJYOlb2XrSuPWml39beWdKM8kzr1OjnlOm6+lpTRCBfo0wa9F8YZRhHPAkwKkX - XDeOGpWRj4ohOx0d2GWkyV5xyN14p2tQOCdOODmz80yUTgRpPVQUtOEhXQARAQAB - tCFBV1MgQ0xJIFRlYW0gPGF3cy1jbGlAYW1hem9uLmNvbT6JAlQEEwEIAD4CGwMF - CwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQT7Xbd/1cEYuAURraimMQrMRnJHXAUC - ZqFYbwUJCv/cOgAKCRCmMQrMRnJHXKYuEAC+wtZ611qQtOl0t5spM9SWZuszbcyA - 0xBAJq2pncnp6wdCOkuAPu4/R3UCIoD2C49MkLj9Y0Yvue8CCF6OIJ8L+fKBv2DI - yWZGmHL0p9wa/X8NCKQrKxK1gq5PuCzi3f3SqwfbZuZGeK/ubnmtttWXpUtuU/Iz - VR0u/0sAy3j4uTGKh2cX7XnZbSqgJhUk9H324mIJiSwzvw1Ker6xtH/LwdBeJCck - bVBdh3LZis4zuD4IZeBO1vRvjot3Oq4xadUv5RSPATg7T1kivrtLCnwvqc6L4LnF - 0OkNysk94L3LQSHyQW2kQS1cVwr+yGUSiSp+VvMbAobAapmMJWP6e/dKyAUGIX6+ - 2waLdbBs2U7MXznx/2ayCLPH7qCY9cenbdj5JhG9ibVvFWqqhSo22B/URQE/CMrG - +3xXwtHEBoMyWEATr1tWwn2yyQGbkUGANneSDFiTFeoQvKNyyCFTFO1F2XKCcuDs - 19nj34PE2TJilTG2QRlMr4D0NgwLLAMg2Los1CK6nXWnImYHKuaKS9LVaCoC8vu7 - IRBik1NX6SjrQnftk0M9dY+s0ZbAN1gbdjZ8H3qlbl/4TxMdr87m8LP4FZIIo261 - Eycv34pVkCePZiP+dgamEiQJ7IL4ZArio9mv6HbDGV6mLY45+l6/0EzCwkI5IyIf - BfWC9s/USgxchg== - =ptgS - -----END PGP PUBLIC KEY BLOCK----- - EOF + mQINBF2Cr7UBEADJZHcgusOJl7ENSyumXh85z0TRV0xJorM2B/JL0kHOyigQluUG + ZMLhENaG0bYatdrKP+3H91lvK050pXwnO/R7fB/FSTouki4ciIx5OuLlnJZIxSzx + PqGl0mkxImLNbGWoi6Lto0LYxqHN2iQtzlwTVmq9733zd3XfcXrZ3+LblHAgEt5G + TfNxEKJ8soPLyWmwDH6HWCnjZ/aIQRBTIQ05uVeEoYxSh6wOai7ss/KveoSNBbYz + gbdzoqI2Y8cgH2nbfgp3DSasaLZEdCSsIsK1u05CinE7k2qZ7KgKAUIcT/cR/grk + C6VwsnDU0OUCideXcQ8WeHutqvgZH1JgKDbznoIzeQHJD238GEu+eKhRHcz8/jeG + 94zkcgJOz3KbZGYMiTh277Fvj9zzvZsbMBCedV1BTg3TqgvdX4bdkhf5cH+7NtWO + lrFj6UwAsGukBTAOxC0l/dnSmZhJ7Z1KmEWilro/gOrjtOxqRQutlIqG22TaqoPG + fYVN+en3Zwbt97kcgZDwqbuykNt64oZWc4XKCa3mprEGC3IbJTBFqglXmZ7l9ywG + EEUJYOlb2XrSuPWml39beWdKM8kzr1OjnlOm6+lpTRCBfo0wa9F8YZRhHPAkwKkX + XDeOGpWRj4ohOx0d2GWkyV5xyN14p2tQOCdOODmz80yUTgRpPVQUtOEhXQARAQAB + tCFBV1MgQ0xJIFRlYW0gPGF3cy1jbGlAYW1hem9uLmNvbT6JAlQEEwEIAD4CGwMF + CwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQT7Xbd/1cEYuAURraimMQrMRnJHXAUC + ZqFYbwUJCv/cOgAKCRCmMQrMRnJHXKYuEAC+wtZ611qQtOl0t5spM9SWZuszbcyA + 0xBAJq2pncnp6wdCOkuAPu4/R3UCIoD2C49MkLj9Y0Yvue8CCF6OIJ8L+fKBv2DI + yWZGmHL0p9wa/X8NCKQrKxK1gq5PuCzi3f3SqwfbZuZGeK/ubnmtttWXpUtuU/Iz + VR0u/0sAy3j4uTGKh2cX7XnZbSqgJhUk9H324mIJiSwzvw1Ker6xtH/LwdBeJCck + bVBdh3LZis4zuD4IZeBO1vRvjot3Oq4xadUv5RSPATg7T1kivrtLCnwvqc6L4LnF + 0OkNysk94L3LQSHyQW2kQS1cVwr+yGUSiSp+VvMbAobAapmMJWP6e/dKyAUGIX6+ + 2waLdbBs2U7MXznx/2ayCLPH7qCY9cenbdj5JhG9ibVvFWqqhSo22B/URQE/CMrG + +3xXwtHEBoMyWEATr1tWwn2yyQGbkUGANneSDFiTFeoQvKNyyCFTFO1F2XKCcuDs + 19nj34PE2TJilTG2QRlMr4D0NgwLLAMg2Los1CK6nXWnImYHKuaKS9LVaCoC8vu7 + IRBik1NX6SjrQnftk0M9dY+s0ZbAN1gbdjZ8H3qlbl/4TxMdr87m8LP4FZIIo261 + Eycv34pVkCePZiP+dgamEiQJ7IL4ZArio9mv6HbDGV6mLY45+l6/0EzCwkI5IyIf + BfWC9s/USgxchg== + =ptgS + -----END PGP PUBLIC KEY BLOCK----- + EOF - gpg --import aws-cli-1.pub - gpg --import aws-cli-2.pub - gpg --verify awscliv2.sig awscliv2.zip + gpg --import aws-cli-1.pub + gpg --import aws-cli-2.pub + gpg --verify awscliv2.sig awscliv2.zip - unzip awscliv2.zip - sudo ./aws/install - rm -rf "$tmp" - aws --version - filter: [] - env: - CLI_VERSION: ${{ params.cli-version }} + unzip awscliv2.zip + sudo ./aws/install + rm -rf "$tmp" + aws --version + filter: [] + env: + CLI_VERSION: "${{ params.cli-version }}" diff --git a/azure/auth-oidc/rwx-ci-cd.config.yml b/azure/auth-oidc/rwx-ci-cd.config.yml new file mode 100644 index 0000000..90d4873 --- /dev/null +++ b/azure/auth-oidc/rwx-ci-cd.config.yml @@ -0,0 +1,12 @@ +--- +tests: +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/azure/auth-oidc/rwx-package.yml b/azure/auth-oidc/rwx-package.yml index 28160dc..926cfcd 100644 --- a/azure/auth-oidc/rwx-package.yml +++ b/azure/auth-oidc/rwx-package.yml @@ -1,53 +1,54 @@ +--- name: azure/auth-oidc -version: 1.0.3 +version: 1.0.4 description: Authenticate the Azure CLI via OIDC source_code_url: https://github.com/rwx-cloud/packages/tree/main/azure/auth-oidc issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: oidc-token: - description: "The OIDC token that will be exchanged for temporary credentials (e.g. vaults.your-vault.oidc.your-token)" + description: The OIDC token that will be exchanged for temporary credentials (e.g. + vaults.your-vault.oidc.your-token) required: true client-id: - description: "The client id of a service principal or a user-assigned managed identity" + description: The client id of a service principal or a user-assigned managed identity required: true tenant-id: - description: "The tenant id" + description: The tenant id required: true subscription-id: - description: "The subscription id" + description: The subscription id required: false - default: "" + default: '' allow-no-subscription: - description: "Whether it is permissable to have no subscriptions associated to the client id (for use in managing tenant-level resources)" + description: Whether it is permissable to have no subscriptions associated to + the client id (for use in managing tenant-level resources) required: false - default: "false" - + default: 'false' tasks: - - key: auth-oidc - run: | - if ! command -v az &> /dev/null; then - cat << 'EOF' > $(mktemp "$RWX_ERRORS/error-XXXX") - The Azure CLI (az) must be installed. To install it, you can use the `azure/install-cli` leaf. - EOF - exit 1 - fi +- key: auth-oidc + run: | + if ! command -v az &> /dev/null; then + cat << 'EOF' > $(mktemp "$RWX_ERRORS/error-XXXX") + The Azure CLI (az) must be installed. To install it, you can use the `azure/install-cli` leaf. + EOF + exit 1 + fi - extra_args=() + extra_args=() - if [[ "${ALLOW_NO_SUBSCRIPTION}" != "false" ]]; then - extra_args+=("--allow-no-subscriptions") - fi + if [[ "${ALLOW_NO_SUBSCRIPTION}" != "false" ]]; then + extra_args+=("--allow-no-subscriptions") + fi - az login --service-principal --username "${CLIENT_ID}" --tenant "${TENANT_ID}" --federated-token "${OIDC_TOKEN}" "${extra_args[@]}" + az login --service-principal --username "${CLIENT_ID}" --tenant "${TENANT_ID}" --federated-token "${OIDC_TOKEN}" "${extra_args[@]}" - if [[ -n "${SUBSCRIPTION_ID}" ]]; then - az account set --subscription "${SUBSCRIPTION_ID}" - fi - env: - OIDC_TOKEN: ${{ params.oidc-token }} - CLIENT_ID: ${{ params.client-id }} - TENANT_ID: ${{ params.tenant-id }} - SUBSCRIPTION_ID: ${{ params.subscription-id }} - ALLOW_NO_SUBSCRIPTION: ${{ params.allow-no-subscription }} - cache: false + if [[ -n "${SUBSCRIPTION_ID}" ]]; then + az account set --subscription "${SUBSCRIPTION_ID}" + fi + env: + OIDC_TOKEN: "${{ params.oidc-token }}" + CLIENT_ID: "${{ params.client-id }}" + TENANT_ID: "${{ params.tenant-id }}" + SUBSCRIPTION_ID: "${{ params.subscription-id }}" + ALLOW_NO_SUBSCRIPTION: "${{ params.allow-no-subscription }}" + cache: false diff --git a/azure/install-cli/rwx-ci-cd.config.yml b/azure/install-cli/rwx-ci-cd.config.yml index 2ca6646..4e06ead 100644 --- a/azure/install-cli/rwx-ci-cd.config.yml +++ b/azure/install-cli/rwx-ci-cd.config.yml @@ -1,28 +1,36 @@ +--- tests: - - key: ubuntu-22-04-x86-64-1-1 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.1 - arch: x86_64 - - - key: ubuntu-22-04-arm64-1-1 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.1 - arch: arm64 - - - key: ubuntu-24-04-x86-64-1-2 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: x86_64 - - - key: ubuntu-24-04-arm64-1-2 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: arm64 +- key: ubuntu-22-04-x86-64-1-1 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.1 + arch: x86_64 +- key: ubuntu-22-04-arm64-1-1 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.1 + arch: arm64 +- key: ubuntu-24-04-x86-64-1-2 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: x86_64 +- key: ubuntu-24-04-arm64-1-2 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: arm64 +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/azure/install-cli/rwx-package.yml b/azure/install-cli/rwx-package.yml index d013671..b0e83f8 100644 --- a/azure/install-cli/rwx-package.yml +++ b/azure/install-cli/rwx-package.yml @@ -1,80 +1,79 @@ +--- name: azure/install-cli -version: 1.0.8 +version: 1.0.9 description: Install the Azure CLI source_code_url: https://github.com/rwx-cloud/packages/tree/main/azure/install-cli issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: version: - description: "Version of the CLI to install" - default: "latest" - + description: Version of the CLI to install + default: latest tasks: - - key: install-cli - run: | - # https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=apt#option-2-step-by-step-installation-instructions +- key: install-cli + run: | + # https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=apt#option-2-step-by-step-installation-instructions - source "$RWX_PACKAGE_PATH/mint-utils.sh" - if ! mint_os_package_manager_in apt; then - echo "Unsupported operating system or package manager \`$(mint_os_package_manager)\`" > "$(mktemp "$RWX_ERRORS/error-XXXX")" - exit 1 - fi + source "$RWX_PACKAGE_PATH/mint-utils.sh" + if ! mint_os_package_manager_in apt; then + echo "Unsupported operating system or package manager \`$(mint_os_package_manager)\`" > "$(mktemp "$RWX_ERRORS/error-XXXX")" + exit 1 + fi - echo "Installing dependencies" - echo "" + echo "Installing dependencies" + echo "" - # Install required deps - sudo apt-get update - sudo apt-get install apt-transport-https ca-certificates curl gnupg lsb-release - sudo apt-get clean + # Install required deps + sudo apt-get update + sudo apt-get install apt-transport-https ca-certificates curl gnupg lsb-release + sudo apt-get clean - # Add MSFT keyring - sudo mkdir -p /etc/apt/keyrings - curl -sLS https://packages.microsoft.com/keys/microsoft.asc | - gpg --dearmor | sudo tee /etc/apt/keyrings/microsoft.gpg > /dev/null - sudo chmod go+r /etc/apt/keyrings/microsoft.gpg + # Add MSFT keyring + sudo mkdir -p /etc/apt/keyrings + curl -sLS https://packages.microsoft.com/keys/microsoft.asc | + gpg --dearmor | sudo tee /etc/apt/keyrings/microsoft.gpg > /dev/null + sudo chmod go+r /etc/apt/keyrings/microsoft.gpg - # Add apt source - AZ_DIST=$(lsb_release -cs) - echo "Types: deb - URIs: https://packages.microsoft.com/repos/azure-cli/ - Suites: ${AZ_DIST} - Components: main - Architectures: $(dpkg --print-architecture) - Signed-by: /etc/apt/keyrings/microsoft.gpg" | sudo tee /etc/apt/sources.list.d/azure-cli.sources + # Add apt source + AZ_DIST=$(lsb_release -cs) + echo "Types: deb + URIs: https://packages.microsoft.com/repos/azure-cli/ + Suites: ${AZ_DIST} + Components: main + Architectures: $(dpkg --print-architecture) + Signed-by: /etc/apt/keyrings/microsoft.gpg" | sudo tee /etc/apt/sources.list.d/azure-cli.sources - # Fetch from apt source - sudo apt-get update + # Fetch from apt source + sudo apt-get update - # Find known versions - dist=$(lsb_release -cs) - versions=$(apt-cache show azure-cli | grep "Version: " | sed 's/Version: //' | sed "s/-1~${dist}//") + # Find known versions + dist=$(lsb_release -cs) + versions=$(apt-cache show azure-cli | grep "Version: " | sed 's/Version: //' | sed "s/-1~${dist}//") - version="" - if [[ "${VERSION}" == "latest" ]]; then - version=$(echo "${versions}" | head -n 1) - else - version=$(echo "${versions}" | { grep "${VERSION}" || test $? = 1; }) - if [[ -z "${version}" ]]; then - cat << EOF > $(mktemp "$RWX_ERRORS/error-XXXX") - Azure CLI version \`${VERSION}\` is not available. Choose one of: + version="" + if [[ "${VERSION}" == "latest" ]]; then + version=$(echo "${versions}" | head -n 1) + else + version=$(echo "${versions}" | { grep "${VERSION}" || test $? = 1; }) + if [[ -z "${version}" ]]; then + cat << EOF > $(mktemp "$RWX_ERRORS/error-XXXX") + Azure CLI version \`${VERSION}\` is not available. Choose one of: - \`\`\` - ${versions} - \`\`\` - EOF - exit 1 - fi + \`\`\` + ${versions} + \`\`\` + EOF + exit 1 fi + fi - echo "" - echo "Installing Azure CLI v${version}" - echo "" - sudo apt-get install azure-cli=${version}-1~${dist} - sudo apt-get clean + echo "" + echo "Installing Azure CLI v${version}" + echo "" + sudo apt-get install azure-cli=${version}-1~${dist} + sudo apt-get clean - echo "" - echo "Installed Azure CLI:" - az version - env: - VERSION: ${{ params.version }} + echo "" + echo "Installed Azure CLI:" + az version + env: + VERSION: "${{ params.version }}" diff --git a/depot/install-cli/rwx-ci-cd.config.yml b/depot/install-cli/rwx-ci-cd.config.yml new file mode 100644 index 0000000..90d4873 --- /dev/null +++ b/depot/install-cli/rwx-ci-cd.config.yml @@ -0,0 +1,12 @@ +--- +tests: +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/depot/install-cli/rwx-package.yml b/depot/install-cli/rwx-package.yml index e9a863e..d686849 100644 --- a/depot/install-cli/rwx-package.yml +++ b/depot/install-cli/rwx-package.yml @@ -1,26 +1,25 @@ +--- name: depot/install-cli -version: 1.0.3 +version: 1.0.4 description: Install the Depot CLI source_code_url: https://github.com/rwx-cloud/packages/tree/main/depot/install-cli issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: cli-version: - description: "Version of the CLI to install" - default: "latest" - + description: Version of the CLI to install + default: latest tasks: - - key: install - run: | - export DEPOT_INSTALL_DIR=$(mktemp -d) - curl -fsSL -O https://depot.dev/install-cli.sh - chmod +x ./install-cli.sh - if [ "${{ params.cli-version }}" != "latest" ]; then - ./install-cli.sh "${{ params.cli-version }}" - else - ./install-cli.sh - fi - sudo install "$DEPOT_INSTALL_DIR/depot" /usr/local/bin - rm -rf "$DEPOT_INSTALL_DIR" - rm ./install-cli.sh - depot --version +- key: install + run: | + export DEPOT_INSTALL_DIR=$(mktemp -d) + curl -fsSL -O https://depot.dev/install-cli.sh + chmod +x ./install-cli.sh + if [ "${{ params.cli-version }}" != "latest" ]; then + ./install-cli.sh "${{ params.cli-version }}" + else + ./install-cli.sh + fi + sudo install "$DEPOT_INSTALL_DIR/depot" /usr/local/bin + rm -rf "$DEPOT_INSTALL_DIR" + rm ./install-cli.sh + depot --version diff --git a/docker/login-hook/rwx-ci-cd.config.yml b/docker/login-hook/rwx-ci-cd.config.yml new file mode 100644 index 0000000..90d4873 --- /dev/null +++ b/docker/login-hook/rwx-ci-cd.config.yml @@ -0,0 +1,12 @@ +--- +tests: +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/docker/login-hook/rwx-package.yml b/docker/login-hook/rwx-package.yml index be8e7b3..fcf47d9 100644 --- a/docker/login-hook/rwx-package.yml +++ b/docker/login-hook/rwx-package.yml @@ -1,65 +1,65 @@ +--- name: docker/login-hook -version: 1.0.4 +version: 1.0.5 description: Mint hook to log in to a Docker registry source_code_url: https://github.com/rwx-cloud/packages/tree/main/docker/login-hook issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: username: - description: "The username to log in with." + description: The username to log in with. required: true password-env-name: - description: "The environment variable name that contains the Docker registry token or password." + description: The environment variable name that contains the Docker registry token + or password. default: DOCKER_PASSWORD registry: - description: "The Docker registry to log in to." + description: The Docker registry to log in to. default: docker.io - tasks: - - key: produce-login-hooks - run: | - set -u +- key: produce-login-hooks + run: | + set -u - PROFILE_NAME="$(echo "$REGISTRY" | tr -cd '[:alnum:]')" - BEFORE_HOOK="${RWX_HOOKS_BEFORE_TASK}/docker-login--${PROFILE_NAME}.sh" - AFTER_HOOK="${RWX_HOOKS_AFTER_TASK}/docker-login--${PROFILE_NAME}.sh" + PROFILE_NAME="$(echo "$REGISTRY" | tr -cd '[:alnum:]')" + BEFORE_HOOK="${RWX_HOOKS_BEFORE_TASK}/docker-login--${PROFILE_NAME}.sh" + AFTER_HOOK="${RWX_HOOKS_AFTER_TASK}/docker-login--${PROFILE_NAME}.sh" - cat <<'EOF' > "$BEFORE_HOOK" - #!/usr/bin/env bash - set -ueo pipefail + cat <<'EOF' > "$BEFORE_HOOK" + #!/usr/bin/env bash + set -ueo pipefail - _DOCKER_PASSWORD_ENV_VAR="${{ params.password-env-name }}" - declare -n _DOCKER_PASSWORD="$_DOCKER_PASSWORD_ENV_VAR" + _DOCKER_PASSWORD_ENV_VAR="${{ params.password-env-name }}" + declare -n _DOCKER_PASSWORD="$_DOCKER_PASSWORD_ENV_VAR" - if [ -z "${_DOCKER_PASSWORD-}" ]; then - echo "Skipping Docker login because \$${{ params.password-env-name }} was not provided." - exit 0 - fi + if [ -z "${_DOCKER_PASSWORD-}" ]; then + echo "Skipping Docker login because \$${{ params.password-env-name }} was not provided." + exit 0 + fi - echo "Logging in to ${{ params.registry }} as ${{ params.username }}" - echo "$_DOCKER_PASSWORD" | docker login -u "${{ params.username }}" --password-stdin "${{ params.registry }}" - EOF + echo "Logging in to ${{ params.registry }} as ${{ params.username }}" + echo "$_DOCKER_PASSWORD" | docker login -u "${{ params.username }}" --password-stdin "${{ params.registry }}" + EOF - cat <<'EOF' > "$AFTER_HOOK" - #!/usr/bin/env bash - set -ueo pipefail + cat <<'EOF' > "$AFTER_HOOK" + #!/usr/bin/env bash + set -ueo pipefail - _DOCKER_PASSWORD_ENV_VAR="${{ params.password-env-name }}" - declare -n _DOCKER_PASSWORD="$_DOCKER_PASSWORD_ENV_VAR" + _DOCKER_PASSWORD_ENV_VAR="${{ params.password-env-name }}" + declare -n _DOCKER_PASSWORD="$_DOCKER_PASSWORD_ENV_VAR" - if [ -z "${_DOCKER_PASSWORD-}" ]; then - echo "Skipping Docker logout because \$${{ params.password-env-name }} was not provided." - exit 0 - fi + if [ -z "${_DOCKER_PASSWORD-}" ]; then + echo "Skipping Docker logout because \$${{ params.password-env-name }} was not provided." + exit 0 + fi - docker logout "${{ params.registry }}" - EOF + docker logout "${{ params.registry }}" + EOF - [ "${REGISTRY}" == "docker.io" ] && cat <<'EOF' >> "$AFTER_HOOK" - docker logout "https://index.docker.io/v1/" - EOF + [ "${REGISTRY}" == "docker.io" ] && cat <<'EOF' >> "$AFTER_HOOK" + docker logout "https://index.docker.io/v1/" + EOF - chmod +x "$BEFORE_HOOK" - chmod +x "$AFTER_HOOK" - env: - REGISTRY: "${{ params.registry }}" + chmod +x "$BEFORE_HOOK" + chmod +x "$AFTER_HOOK" + env: + REGISTRY: "${{ params.registry }}" diff --git a/elixir-lang/install/rwx-ci-cd.config.yml b/elixir-lang/install/rwx-ci-cd.config.yml index 245e516..25d27e6 100644 --- a/elixir-lang/install/rwx-ci-cd.config.yml +++ b/elixir-lang/install/rwx-ci-cd.config.yml @@ -1,14 +1,24 @@ +--- tests: - - key: ubuntu-22-04-x86-64-1-1 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.1 - arch: x86_64 - - - key: ubuntu-24-04-x86-64-1-2 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: x86_64 +- key: ubuntu-22-04-x86-64-1-1 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.1 + arch: x86_64 +- key: ubuntu-24-04-x86-64-1-2 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: x86_64 +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/elixir-lang/install/rwx-package.yml b/elixir-lang/install/rwx-package.yml index da8df04..6a27c91 100644 --- a/elixir-lang/install/rwx-package.yml +++ b/elixir-lang/install/rwx-package.yml @@ -1,84 +1,84 @@ +--- name: elixir-lang/install -version: 1.1.1 -description: Install Elixir, a dynamic, functional language for building scalable and maintainable applications. +version: 1.1.2 +description: Install Elixir, a dynamic, functional language for building scalable + and maintainable applications. source_code_url: https://github.com/rwx-cloud/packages/tree/main/elixir-lang/install issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: elixir-version: - description: "Version of Elixir to install" + description: Version of Elixir to install required: true - tasks: - - key: install - run: | - set +e - erlang_major_version=$(erl -eval 'erlang:display(list_to_integer(erlang:system_info(otp_release))), halt().' -noshell | tr -d '\r\n') - erlang_exit=$? - set -e +- key: install + run: | + set +e + erlang_major_version=$(erl -eval 'erlang:display(list_to_integer(erlang:system_info(otp_release))), halt().' -noshell | tr -d '\r\n') + erlang_exit=$? + set -e - if [[ $erlang_exit -ne 0 ]]; then - echo "failed to determine version of erlang" - cat << EOF > "$(mktemp "$RWX_ERRORS/error-XXXX")" - Failed to detect the installed version of Erlang. + if [[ $erlang_exit -ne 0 ]]; then + echo "failed to determine version of erlang" + cat << EOF > "$(mktemp "$RWX_ERRORS/error-XXXX")" + Failed to detect the installed version of Erlang. - Use the [\`erlang/install\` package](https://www.rwx.com/docs/mint/packages/erlang/install) to install Erlang and ensure that this task is configured to \`use\` your Erlang install. - EOF + Use the [\`erlang/install\` package](https://www.rwx.com/docs/mint/packages/erlang/install) to install Erlang and ensure that this task is configured to \`use\` your Erlang install. + EOF - exit 1 - fi + exit 1 + fi - base_url="https://builds.hex.pm/builds/elixir" - builds_url="${base_url}/builds.txt" + base_url="https://builds.hex.pm/builds/elixir" + builds_url="${base_url}/builds.txt" - tmpdir="$(mktemp -d)" - trap 'rm -rf "${tmpdir}"' EXIT + tmpdir="$(mktemp -d)" + trap 'rm -rf "${tmpdir}"' EXIT - target_package="v${ELIXIR_VERSION}-otp-${erlang_major_version}" - builds_file="${tmpdir}/builds.txt" - curl -fsSL "${builds_url}" -o "${builds_file}" + target_package="v${ELIXIR_VERSION}-otp-${erlang_major_version}" + builds_file="${tmpdir}/builds.txt" + curl -fsSL "${builds_url}" -o "${builds_file}" + + build_line="$(grep "^${target_package} " "${builds_file}" || true)" + if [ -z "${build_line}" ]; then + fallback_package="v${ELIXIR_VERSION}" + build_line="$(grep "^${fallback_package} " "${builds_file}" || true)" - build_line="$(grep "^${target_package} " "${builds_file}" || true)" if [ -z "${build_line}" ]; then - fallback_package="v${ELIXIR_VERSION}" - build_line="$(grep "^${fallback_package} " "${builds_file}" || true)" - - if [ -z "${build_line}" ]; then - echo "Unable to find v${ELIXIR_VERSION} (with or without OTP-specific builds) in ${builds_url}" | tee "$(mktemp "$RWX_ERRORS/error-XXXX")" - exit 1 - fi - target_package="${fallback_package}" + echo "Unable to find v${ELIXIR_VERSION} (with or without OTP-specific builds) in ${builds_url}" | tee "$(mktemp "$RWX_ERRORS/error-XXXX")" + exit 1 fi + target_package="${fallback_package}" + fi - archive_name="${target_package}.zip" - archive_url="${base_url}/${archive_name}" - archive_path="${tmpdir}/${archive_name}" + archive_name="${target_package}.zip" + archive_url="${base_url}/${archive_name}" + archive_path="${tmpdir}/${archive_name}" - read -r -a fields <<< "${build_line}" - expected_sha256="${fields[3]:-}" + read -r -a fields <<< "${build_line}" + expected_sha256="${fields[3]:-}" - echo "Downloading Elixir ${target_package} from ${archive_url} to ${archive_path}" - curl -fsSL "${archive_url}" -o "${archive_path}" + echo "Downloading Elixir ${target_package} from ${archive_url} to ${archive_path}" + curl -fsSL "${archive_url}" -o "${archive_path}" - if [ -n "${expected_sha256}" ]; then - computed_sha="$(sha256sum "${archive_path}" | awk '{print $1}')" - if [ "${computed_sha}" != "${expected_sha256}" ]; then - echo "Checksum mismatch for ${archive_name}: expected ${expected_sha256}, got ${computed_sha}" >&2 - exit 1 - fi - else - echo "Skipping checksum verification for ${archive_name}; no SHA256 provided in builds listing" >&2 + if [ -n "${expected_sha256}" ]; then + computed_sha="$(sha256sum "${archive_path}" | awk '{print $1}')" + if [ "${computed_sha}" != "${expected_sha256}" ]; then + echo "Checksum mismatch for ${archive_name}: expected ${expected_sha256}, got ${computed_sha}" >&2 + exit 1 fi + else + echo "Skipping checksum verification for ${archive_name}; no SHA256 provided in builds listing" >&2 + fi - ELIXIR_ROOT="/opt/elixir/${ELIXIR_VERSION}" - sudo mkdir -p "$ELIXIR_ROOT" - sudo unzip -q "${archive_path}" -d "${ELIXIR_ROOT}" + ELIXIR_ROOT="/opt/elixir/${ELIXIR_VERSION}" + sudo mkdir -p "$ELIXIR_ROOT" + sudo unzip -q "${archive_path}" -d "${ELIXIR_ROOT}" - echo "${ELIXIR_ROOT}/bin" > "$RWX_ENV/PATH" - export PATH="${ELIXIR_ROOT}/bin:${PATH}" + echo "${ELIXIR_ROOT}/bin" > "$RWX_ENV/PATH" + export PATH="${ELIXIR_ROOT}/bin:${PATH}" - elixir --version | tee /dev/stderr | grep "^Elixir ${ELIXIR_VERSION}" + elixir --version | tee /dev/stderr | grep "^Elixir ${ELIXIR_VERSION}" - echo "Installed Elixir v${ELIXIR_VERSION} to ${ELIXIR_ROOT}" - env: - ELIXIR_VERSION: ${{ params.elixir-version }} + echo "Installed Elixir v${ELIXIR_VERSION} to ${ELIXIR_ROOT}" + env: + ELIXIR_VERSION: "${{ params.elixir-version }}" diff --git a/erlang/install/rwx-ci-cd.config.yml b/erlang/install/rwx-ci-cd.config.yml index a020fb1..8f0c317 100644 --- a/erlang/install/rwx-ci-cd.config.yml +++ b/erlang/install/rwx-ci-cd.config.yml @@ -1,14 +1,24 @@ +--- tests: - - key: ubuntu-22-04-x86-64-1-1 - template: rwx-ci-cd.ubuntu-22-04.yml - base: - os: ubuntu 22.04 - tag: 1.1 - arch: x86_64 - - - key: ubuntu-24-04-x86-64-1-2 - template: rwx-ci-cd.ubuntu-24-04.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: x86_64 +- key: ubuntu-22-04-x86-64-1-1 + template: rwx-ci-cd.ubuntu-22-04.yml + base: + os: ubuntu 22.04 + tag: 1.1 + arch: x86_64 +- key: ubuntu-24-04-x86-64-1-2 + template: rwx-ci-cd.ubuntu-24-04.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: x86_64 +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/erlang/install/rwx-package.yml b/erlang/install/rwx-package.yml index af749ff..af281e7 100644 --- a/erlang/install/rwx-package.yml +++ b/erlang/install/rwx-package.yml @@ -1,84 +1,84 @@ +--- name: erlang/install -version: 1.1.1 -description: Install Erlang, a programming language used to build massively scalable soft real-time systems with requirements on high availability +version: 1.1.2 +description: Install Erlang, a programming language used to build massively scalable + soft real-time systems with requirements on high availability source_code_url: https://github.com/rwx-cloud/packages/tree/main/erlang/install issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: erlang-version: - description: "Version of Erlang to install" + description: Version of Erlang to install required: true - tasks: - - key: install - run: | - source "$RWX_PACKAGE_PATH/mint-utils.sh" - if [ "$(mint_os_name)" != "ubuntu" ]; then - echo "Unsupported operating system \`$(mint_os_name)\`" | tee "$(mktemp "$RWX_ERRORS/error-XXXX")" +- key: install + run: | + source "$RWX_PACKAGE_PATH/mint-utils.sh" + if [ "$(mint_os_name)" != "ubuntu" ]; then + echo "Unsupported operating system \`$(mint_os_name)\`" | tee "$(mktemp "$RWX_ERRORS/error-XXXX")" + exit 1 + fi + + if mint_os_version_gte 24.04; then + ncurses_package="libncurses6" + else + ncurses_package="libncurses5" + fi + + sudo apt-get update + sudo apt-get install libsctp1 "$ncurses_package" + sudo apt-get clean + + OTP_OS=$(mint_os_name) + OTP_OS_VERSION=$(mint_os_version) + OTP_ARCH=$(mint_arch_amd) + if [ "$OTP_ARCH" == "aarch64" ]; then + OTP_ARCH="arm64" + fi + + base_url="https://builds.hex.pm/builds/otp/${OTP_ARCH}/${OTP_OS}-${OTP_OS_VERSION}" + builds_url="${base_url}/builds.txt" + + tmpdir="$(mktemp -d)" + trap 'rm -rf "${tmpdir}"' EXIT + + build_line="$(curl -fsSL "${builds_url}" | grep "^OTP-${ERLANG_VERSION} ")" + if [ -z "${build_line}" ]; then + echo "Unable to find OTP-${ERLANG_VERSION} in ${builds_url}" | tee "$(mktemp "$RWX_ERRORS/error-XXXX")" + exit 1 + fi + + read -r -a fields <<< "${build_line}" + expected_sha256="${fields[3]:-}" + + archive_name="OTP-${ERLANG_VERSION}.tar.gz" + archive_url="${base_url}/${archive_name}" + archive_path="${tmpdir}/${archive_name}" + + curl -fsSL "${archive_url}" -o "${archive_path}" + + if [ -n "${expected_sha256}" ]; then + computed_sha="$(sha256sum "${archive_path}" | awk '{print $1}')" + if [ "${computed_sha}" != "${expected_sha256}" ]; then + echo "Checksum mismatch for ${archive_name}: expected ${expected_sha256}, got ${computed_sha}" >&2 exit 1 fi - - if mint_os_version_gte 24.04; then - ncurses_package="libncurses6" - else - ncurses_package="libncurses5" - fi - - sudo apt-get update - sudo apt-get install libsctp1 "$ncurses_package" - sudo apt-get clean - - OTP_OS=$(mint_os_name) - OTP_OS_VERSION=$(mint_os_version) - OTP_ARCH=$(mint_arch_amd) - if [ "$OTP_ARCH" == "aarch64" ]; then - OTP_ARCH="arm64" - fi - - base_url="https://builds.hex.pm/builds/otp/${OTP_ARCH}/${OTP_OS}-${OTP_OS_VERSION}" - builds_url="${base_url}/builds.txt" - - tmpdir="$(mktemp -d)" - trap 'rm -rf "${tmpdir}"' EXIT - - build_line="$(curl -fsSL "${builds_url}" | grep "^OTP-${ERLANG_VERSION} ")" - if [ -z "${build_line}" ]; then - echo "Unable to find OTP-${ERLANG_VERSION} in ${builds_url}" | tee "$(mktemp "$RWX_ERRORS/error-XXXX")" - exit 1 - fi - - read -r -a fields <<< "${build_line}" - expected_sha256="${fields[3]:-}" - - archive_name="OTP-${ERLANG_VERSION}.tar.gz" - archive_url="${base_url}/${archive_name}" - archive_path="${tmpdir}/${archive_name}" - - curl -fsSL "${archive_url}" -o "${archive_path}" - - if [ -n "${expected_sha256}" ]; then - computed_sha="$(sha256sum "${archive_path}" | awk '{print $1}')" - if [ "${computed_sha}" != "${expected_sha256}" ]; then - echo "Checksum mismatch for ${archive_name}: expected ${expected_sha256}, got ${computed_sha}" >&2 - exit 1 - fi - else - echo "Skipping checksum verification for ${archive_name}; no SHA256 provided in builds listing" >&2 - fi - - ERL_ROOT="/usr/lib/erlang" - sudo mkdir -p "$ERL_ROOT" - sudo chown "$(id -u):$(id -g)" "$ERL_ROOT" - tar -xzf "${archive_path}" -C "${ERL_ROOT}" --strip-components=1 - - "${ERL_ROOT}/Install" -minimal "${ERL_ROOT}" - echo "${ERL_ROOT}/bin" > $RWX_ENV/PATH - export PATH="${ERL_ROOT}/bin:${PATH}" - - major_version=$(echo "$ERLANG_VERSION" | cut -d. -f1) - cat "${ERL_ROOT}/releases/$major_version/OTP_VERSION" | tee /dev/stderr | grep "^${ERLANG_VERSION}$" - erl -eval '{ok, Version} = file:read_file(filename:join([code:root_dir(), "releases", erlang:system_info(otp_release), "OTP_VERSION"])), io:fwrite(Version), halt().' -noshell | tee /dev/stderr | grep "^${ERLANG_VERSION}$" - - echo "Installed OTP-${ERLANG_VERSION} to ${ERL_ROOT}" - env: - ERLANG_VERSION: ${{ params.erlang-version }} + else + echo "Skipping checksum verification for ${archive_name}; no SHA256 provided in builds listing" >&2 + fi + + ERL_ROOT="/usr/lib/erlang" + sudo mkdir -p "$ERL_ROOT" + sudo chown "$(id -u):$(id -g)" "$ERL_ROOT" + tar -xzf "${archive_path}" -C "${ERL_ROOT}" --strip-components=1 + + "${ERL_ROOT}/Install" -minimal "${ERL_ROOT}" + echo "${ERL_ROOT}/bin" > $RWX_ENV/PATH + export PATH="${ERL_ROOT}/bin:${PATH}" + + major_version=$(echo "$ERLANG_VERSION" | cut -d. -f1) + cat "${ERL_ROOT}/releases/$major_version/OTP_VERSION" | tee /dev/stderr | grep "^${ERLANG_VERSION}$" + erl -eval '{ok, Version} = file:read_file(filename:join([code:root_dir(), "releases", erlang:system_info(otp_release), "OTP_VERSION"])), io:fwrite(Version), halt().' -noshell | tee /dev/stderr | grep "^${ERLANG_VERSION}$" + + echo "Installed OTP-${ERLANG_VERSION} to ${ERL_ROOT}" + env: + ERLANG_VERSION: "${{ params.erlang-version }}" diff --git a/git/clone/rwx-ci-cd.config.yml b/git/clone/rwx-ci-cd.config.yml index 7c369e0..1146cf1 100644 --- a/git/clone/rwx-ci-cd.config.yml +++ b/git/clone/rwx-ci-cd.config.yml @@ -1,34 +1,41 @@ +--- tests: - - key: ubuntu-22-04-x86-64-1-1 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.1 - arch: x86_64 - - - key: ubuntu-22-04-arm64-1-1 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.1 - arch: arm64 - - - key: ubuntu-24-04-x86-64-1-2 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: x86_64 - - - key: ubuntu-24-04-arm64-1-2 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: arm64 - - - key: ubuntu-root - template: rwx-ci-cd.template.yml - base: - image: ubuntu:24.04 - config: none +- key: ubuntu-22-04-x86-64-1-1 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.1 + arch: x86_64 +- key: ubuntu-22-04-arm64-1-1 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.1 + arch: arm64 +- key: ubuntu-24-04-x86-64-1-2 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: x86_64 +- key: ubuntu-24-04-arm64-1-2 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: arm64 +- key: ubuntu-root + template: rwx-ci-cd.template.yml + base: + image: ubuntu:24.04 + config: none +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/git/clone/rwx-package.yml b/git/clone/rwx-package.yml index 440e05e..59f3e34 100644 --- a/git/clone/rwx-package.yml +++ b/git/clone/rwx-package.yml @@ -1,214 +1,223 @@ +--- name: git/clone -version: 1.8.1 -description: Clone git repositories over ssh or http, with support for Git Large File Storage (LFS) +version: 1.8.2 +description: Clone git repositories over ssh or http, with support for Git Large File + Storage (LFS) source_code_url: https://github.com/rwx-cloud/packages/tree/main/git/clone issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: github-access-token: - description: "Token to clone from GitHub over HTTPS" + description: Token to clone from GitHub over HTTPS required: false lfs: description: Whether to download Git-LFS files default: false path: - description: "The relative path within the workspace into which the repository will be cloned" + description: The relative path within the workspace into which the repository + will be cloned default: "./" preserve-git-dir: - description: "Whether or not to preserve the .git directory. Set to true if you want to perform git operations like committing after cloning. Preserving the .git directory will decreaes the likelihood of cache hits when a file filter is not specified." + description: Whether or not to preserve the .git directory. Set to true if you + want to perform git operations like committing after cloning. Preserving the + .git directory will decreaes the likelihood of cache hits when a file filter + is not specified. default: false ref: - description: "The ref to check out of the git repository" + description: The ref to check out of the git repository required: true meta-ref: - description: "The unresolved name of the ref being checked out (used to set RWX_GIT_REF_NAME). e.g. refs/heads/main or refs/tags/v1.0.0" + description: The unresolved name of the ref being checked out (used to set RWX_GIT_REF_NAME). + e.g. refs/heads/main or refs/tags/v1.0.0 required: false repository: - description: "The url of a git repository." + description: The url of a git repository. required: true ssh-key: - description: "The ssh key to use if cloning over ssh" + description: The ssh key to use if cloning over ssh required: false fetch-full-depth: - description: "Whether to use a shallow fetch or a full-depth fetch when the repository is cloned and when not preserving the git directory (when `preserve-git-dir` is true, this parameter has no effect). Typically, setting this to `false` (the default) will result in better cloning performance within Mint. However, for certain large repositories, a full depth fetch may be faster." + description: Whether to use a shallow fetch or a full-depth fetch when the repository + is cloned and when not preserving the git directory (when `preserve-git-dir` + is true, this parameter has no effect). Typically, setting this to `false` (the + default) will result in better cloning performance within Mint. However, for + certain large repositories, a full depth fetch may be faster. default: false submodules: description: Whether to clone submodules default: true - tasks: - - key: setup - run: | - source "$RWX_PACKAGE_PATH/mint-utils.sh" - if ! mint_os_package_manager_in apt; then - echo "Unsupported operating system or package manager \`$(mint_os_package_manager)\`" > "$(mktemp "$RWX_ERRORS/error-XXXX")" - exit 1 - fi - - needed="" - - if ! command -v jq >/dev/null 2>&1; then - needed="$needed jq" - fi - - if ! command -v curl >/dev/null 2>&1; then - needed="$needed curl" - fi - - if [ -n "$needed" ]; then - cat << EOF > ${RWX_ERRORS}/missing-packages - The \`git/clone\` package requires system packages that were missing:$needed - - Define a task which installs those packages, and specify it as a \`use\` dependency of the \`git/clone\` task - EOF - exit 1 - fi - - if ! command -v git >/dev/null 2>&1; then - mint_maybe_sudo apt-get -y update - mint_maybe_sudo apt-get -y install git - mint_maybe_sudo apt-get -y clean - fi - - mint_maybe_sudo install $RWX_PACKAGE_PATH/bin/git-ssh-command /usr/local/bin - echo "git-ssh-command" >> $RWX_ENV/GIT_SSH_COMMAND - if [[ -n "$GIT_SSH_KEY" ]]; then - httpRegex="https?:\/\/" - if [[ "$CHECKOUT_REPOSITORY" =~ $httpRegex ]]; then - errorMessage=$(mktemp "$RWX_ERRORS/error-XXXX") - cat << EOF > $errorMessage - Invalid parameters: \`repository\` points to an HTTP URL, but \`ssh-key\` was set. - - The current value is \`$CHECKOUT_REPOSITORY\`. - EOF - githubRegex="https?:\/\/github.com\/(.*)\/(.*)\.git" - if [[ $CHECKOUT_REPOSITORY =~ $githubRegex ]]; then - org="${BASH_REMATCH[1]}" - repo="${BASH_REMATCH[2]}" - - truncate -s-1 $errorMessage - echo " Perhaps you meant \`git@github.com:$org/$repo.git\`?" >> $errorMessage - fi - exit 2 +- key: setup + run: | + source "$RWX_PACKAGE_PATH/mint-utils.sh" + if ! mint_os_package_manager_in apt; then + echo "Unsupported operating system or package manager \`$(mint_os_package_manager)\`" > "$(mktemp "$RWX_ERRORS/error-XXXX")" + exit 1 + fi + + needed="" + + if ! command -v jq >/dev/null 2>&1; then + needed="$needed jq" + fi + + if ! command -v curl >/dev/null 2>&1; then + needed="$needed curl" + fi + + if [ -n "$needed" ]; then + cat << EOF > ${RWX_ERRORS}/missing-packages + The \`git/clone\` package requires system packages that were missing:$needed + + Define a task which installs those packages, and specify it as a \`use\` dependency of the \`git/clone\` task + EOF + exit 1 + fi + + if ! command -v git >/dev/null 2>&1; then + mint_maybe_sudo apt-get -y update + mint_maybe_sudo apt-get -y install git + mint_maybe_sudo apt-get -y clean + fi + + mint_maybe_sudo install $RWX_PACKAGE_PATH/bin/git-ssh-command /usr/local/bin + echo "git-ssh-command" >> $RWX_ENV/GIT_SSH_COMMAND + if [[ -n "$GIT_SSH_KEY" ]]; then + httpRegex="https?:\/\/" + if [[ "$CHECKOUT_REPOSITORY" =~ $httpRegex ]]; then + errorMessage=$(mktemp "$RWX_ERRORS/error-XXXX") + cat << EOF > $errorMessage + Invalid parameters: \`repository\` points to an HTTP URL, but \`ssh-key\` was set. + + The current value is \`$CHECKOUT_REPOSITORY\`. + EOF + githubRegex="https?:\/\/github.com\/(.*)\/(.*)\.git" + if [[ $CHECKOUT_REPOSITORY =~ $githubRegex ]]; then + org="${BASH_REMATCH[1]}" + repo="${BASH_REMATCH[2]}" + + truncate -s-1 $errorMessage + echo " Perhaps you meant \`git@github.com:$org/$repo.git\`?" >> $errorMessage fi + exit 2 + fi - echo -n "" > $RWX_VALUES/credential-helper - else - if [[ "$CHECKOUT_REPOSITORY" != http* ]]; then - errorMessage=$(mktemp "$RWX_ERRORS/error-XXXX") - cat << EOF > $errorMessage - Invalid parameters: \`repository\` must point to an HTTP URL if \`ssh-key\` is not set. - - The current value is \`$CHECKOUT_REPOSITORY\`. - EOF - githubRegex="git@github.com:(.*)\/(.*).git" - if [[ $CHECKOUT_REPOSITORY =~ $githubRegex ]]; then - org="${BASH_REMATCH[1]}" - repo="${BASH_REMATCH[2]}" - - truncate -s-1 $errorMessage - echo " Perhaps you meant \`https://github.com/$org/$repo.git\`?" >> $errorMessage - fi - exit 2 + echo -n "" > $RWX_VALUES/credential-helper + else + if [[ "$CHECKOUT_REPOSITORY" != http* ]]; then + errorMessage=$(mktemp "$RWX_ERRORS/error-XXXX") + cat << EOF > $errorMessage + Invalid parameters: \`repository\` must point to an HTTP URL if \`ssh-key\` is not set. + + The current value is \`$CHECKOUT_REPOSITORY\`. + EOF + githubRegex="git@github.com:(.*)\/(.*).git" + if [[ $CHECKOUT_REPOSITORY =~ $githubRegex ]]; then + org="${BASH_REMATCH[1]}" + repo="${BASH_REMATCH[2]}" + + truncate -s-1 $errorMessage + echo " Perhaps you meant \`https://github.com/$org/$repo.git\`?" >> $errorMessage fi - - echo "Setting credential.helper to clone using github-access-token" - echo -n '!bash -c "echo username=x-access-token && echo password=${GITHUB_TOKEN}"' > $RWX_VALUES/credential-helper + exit 2 fi - env: - GIT_SSH_KEY: ${{ params.ssh-key }} - CHECKOUT_REPOSITORY: ${{ params.repository }} - - - key: get-latest-sha-for-ref - use: setup - run: $RWX_PACKAGE_PATH/bin/get-latest-sha-for-ref - env: - GIT_SSH_KEY: - value: ${{ params.ssh-key }} - cache-key: excluded - GITHUB_TOKEN: - value: ${{ params.github-access-token }} - cache-key: excluded - CHECKOUT_REF: ${{ params.ref }} - CHECKOUT_REPOSITORY: ${{ params.repository }} - CREDENTIAL_HELPER: ${{ tasks.setup.values.credential-helper }} - PATCHES_DIR: ${{ run.dir }}/.patches - filter: - ${{ run.dir }}: [.patches] - cache: ${{ params.ref =~ '^[0-9a-f]{40}$' }} - - - key: install-lfs - run: | - if [[ "${LFS}" != "true" ]]; then - echo "params.lfs is false; skipping lfs install" - exit 0 - fi - - source "$RWX_PACKAGE_PATH/mint-utils.sh" - mint_maybe_sudo apt-get -y update - mint_maybe_sudo apt-get -y install git-lfs - mint_maybe_sudo apt-get -y clean - env: - LFS: ${{ params.lfs }} - - - key: git-clone - use: [setup, install-lfs] - run: $RWX_PACKAGE_PATH/bin/git-clone - env: - GIT_LFS_SKIP_SMUDGE: 1 - GIT_SSH_KEY: - value: ${{ params.ssh-key }} - cache-key: excluded - GITHUB_TOKEN: - value: ${{ params.github-access-token }} - cache-key: excluded - CHECKOUT_PATH: ${{ params.path }} - CHECKOUT_REF: ${{ params.ref }} - RESOLVED_SHA: ${{ tasks.get-latest-sha-for-ref.values.sha }} - CHECKOUT_REPOSITORY: ${{ params.repository }} - META_REF: ${{ params.meta-ref }} - LFS: ${{ params.lfs }} - PRESERVE_GIT_DIR: ${{ params.preserve-git-dir }} - CREDENTIAL_HELPER: ${{ tasks.setup.values.credential-helper }} - FETCH_FULL_DEPTH: ${{ params.fetch-full-depth }} - SUBMODULES: ${{ params.submodules }} - - - key: configure-git - use: [git-clone] - run: | - if [[ "${PRESERVE_GIT_DIR}" == "false" ]]; then - exit 0 - fi - if [[ -z "$GITHUB_TOKEN" ]]; then - exit 0 - fi - cd "${CHECKOUT_PATH}" - - git config credential.helper '!bash -c "echo username=x-access-token && echo password=${GITHUB_TOKEN}"' - - QUERY="query { viewer { databaseId login } }" - - ACCESS_TOKEN_DATA=$(curl \ - -fsSL \ - -H "Content-Type: application/json" \ - -H "Authorization: Bearer ${GITHUB_TOKEN}" \ - -X POST \ - -d "{ \"query\": \"${QUERY}\"}" \ - https://api.github.com/graphql \ - ) - - GIT_USERNAME=$(echo $ACCESS_TOKEN_DATA | jq -r '.data.viewer.login') - ACCESS_TOKEN_ID=$(echo $ACCESS_TOKEN_DATA | jq -r '.data.viewer.databaseId') - GIT_EMAIL="${ACCESS_TOKEN_ID}+${GIT_USERNAME}@users.noreply.github.com" - - git config user.email $GIT_EMAIL - git config user.name $GIT_USERNAME - env: - CHECKOUT_PATH: ${{ params.path }} - GITHUB_TOKEN: - value: ${{ params.github-access-token }} - cache-key: excluded - PRESERVE_GIT_DIR: ${{ params.preserve-git-dir }} - filter: - - ${{ tasks.git-clone.values.git-dir-path }} + echo "Setting credential.helper to clone using github-access-token" + echo -n '!bash -c "echo username=x-access-token && echo password=${GITHUB_TOKEN}"' > $RWX_VALUES/credential-helper + fi + env: + GIT_SSH_KEY: "${{ params.ssh-key }}" + CHECKOUT_REPOSITORY: "${{ params.repository }}" +- key: get-latest-sha-for-ref + use: setup + run: "$RWX_PACKAGE_PATH/bin/get-latest-sha-for-ref" + env: + GIT_SSH_KEY: + value: "${{ params.ssh-key }}" + cache-key: excluded + GITHUB_TOKEN: + value: "${{ params.github-access-token }}" + cache-key: excluded + CHECKOUT_REF: "${{ params.ref }}" + CHECKOUT_REPOSITORY: "${{ params.repository }}" + CREDENTIAL_HELPER: "${{ tasks.setup.values.credential-helper }}" + PATCHES_DIR: "${{ run.dir }}/.patches" + filter: + "${{ run.dir }}": + - ".patches" + cache: "${{ params.ref =~ '^[0-9a-f]{40}$' }}" +- key: install-lfs + run: | + if [[ "${LFS}" != "true" ]]; then + echo "params.lfs is false; skipping lfs install" + exit 0 + fi + + source "$RWX_PACKAGE_PATH/mint-utils.sh" + + mint_maybe_sudo apt-get -y update + mint_maybe_sudo apt-get -y install git-lfs + mint_maybe_sudo apt-get -y clean + env: + LFS: "${{ params.lfs }}" +- key: git-clone + use: + - setup + - install-lfs + run: "$RWX_PACKAGE_PATH/bin/git-clone" + env: + GIT_LFS_SKIP_SMUDGE: 1 + GIT_SSH_KEY: + value: "${{ params.ssh-key }}" + cache-key: excluded + GITHUB_TOKEN: + value: "${{ params.github-access-token }}" + cache-key: excluded + CHECKOUT_PATH: "${{ params.path }}" + CHECKOUT_REF: "${{ params.ref }}" + RESOLVED_SHA: "${{ tasks.get-latest-sha-for-ref.values.sha }}" + CHECKOUT_REPOSITORY: "${{ params.repository }}" + META_REF: "${{ params.meta-ref }}" + LFS: "${{ params.lfs }}" + PRESERVE_GIT_DIR: "${{ params.preserve-git-dir }}" + CREDENTIAL_HELPER: "${{ tasks.setup.values.credential-helper }}" + FETCH_FULL_DEPTH: "${{ params.fetch-full-depth }}" + SUBMODULES: "${{ params.submodules }}" +- key: configure-git + use: + - git-clone + run: | + if [[ "${PRESERVE_GIT_DIR}" == "false" ]]; then + exit 0 + fi + if [[ -z "$GITHUB_TOKEN" ]]; then + exit 0 + fi + cd "${CHECKOUT_PATH}" + + git config credential.helper '!bash -c "echo username=x-access-token && echo password=${GITHUB_TOKEN}"' + + QUERY="query { viewer { databaseId login } }" + + ACCESS_TOKEN_DATA=$(curl \ + -fsSL \ + -H "Content-Type: application/json" \ + -H "Authorization: Bearer ${GITHUB_TOKEN}" \ + -X POST \ + -d "{ \"query\": \"${QUERY}\"}" \ + https://api.github.com/graphql \ + ) + + GIT_USERNAME=$(echo $ACCESS_TOKEN_DATA | jq -r '.data.viewer.login') + ACCESS_TOKEN_ID=$(echo $ACCESS_TOKEN_DATA | jq -r '.data.viewer.databaseId') + GIT_EMAIL="${ACCESS_TOKEN_ID}+${GIT_USERNAME}@users.noreply.github.com" + + git config user.email $GIT_EMAIL + git config user.name $GIT_USERNAME + env: + CHECKOUT_PATH: "${{ params.path }}" + GITHUB_TOKEN: + value: "${{ params.github-access-token }}" + cache-key: excluded + PRESERVE_GIT_DIR: "${{ params.preserve-git-dir }}" + filter: + - "${{ tasks.git-clone.values.git-dir-path }}" diff --git a/github/compare/rwx-ci-cd.config.yml b/github/compare/rwx-ci-cd.config.yml new file mode 100644 index 0000000..90d4873 --- /dev/null +++ b/github/compare/rwx-ci-cd.config.yml @@ -0,0 +1,12 @@ +--- +tests: +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/github/compare/rwx-package.yml b/github/compare/rwx-package.yml index 74fcaee..ba47119 100644 --- a/github/compare/rwx-package.yml +++ b/github/compare/rwx-package.yml @@ -1,97 +1,98 @@ +--- name: github/compare -version: 1.0.4 +version: 1.0.5 description: Compare two git refs in GitHub and check if certain files changed source_code_url: https://github.com/rwx-cloud/packages/tree/main/github/compare issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: repository: description: The owner/repository-name of your GitHub repository (e.g. `my-organization/my-repository`) required: true base-ref: - description: "The git ref to compare `head-ref` against" + description: The git ref to compare `head-ref` against required: true head-ref: - description: "The git ref to compare against `base-ref`" + description: The git ref to compare against `base-ref` required: true github-token: - description: "A GitHub token with read access to the repository. Usually `${{ github.token }}`." + description: A GitHub token with read access to the repository. Usually `${{ github.token + }}`. required: false patterns: - description: "A newline-separated list of glob patterns to match against the changed files" + description: A newline-separated list of glob patterns to match against the changed + files required: false - outputs: - values-from: [compare] - + values-from: + - compare tasks: - - key: shas - run: | - echo "Base ref resolves to:" - if [[ "${BASE_REF}" =~ ^[0-9a-f]{40}$ ]]; then - echo "${BASE_REF}" | tee $RWX_VALUES/base-sha +- key: shas + run: | + echo "Base ref resolves to:" + if [[ "${BASE_REF}" =~ ^[0-9a-f]{40}$ ]]; then + echo "${BASE_REF}" | tee $RWX_VALUES/base-sha + else + if [[ "${BASE_REF}" =~ ^refs/heads/ || "${BASE_REF}" =~ ^refs/heads/ ]]; then + ref=$(echo "${BASE_REF}" | sed 's|refs/||') + sha=$(gh api "/repos/${REPOSITORY}/git/ref/${ref}" | jq -e -r '.object.sha') + echo "${sha}" | tee $RWX_VALUES/base-sha else - if [[ "${BASE_REF}" =~ ^refs/heads/ || "${BASE_REF}" =~ ^refs/heads/ ]]; then - ref=$(echo "${BASE_REF}" | sed 's|refs/||') - sha=$(gh api "/repos/${REPOSITORY}/git/ref/${ref}" | jq -e -r '.object.sha') - echo "${sha}" | tee $RWX_VALUES/base-sha - else - sha=$(gh api "/repos/${REPOSITORY}/git/ref/heads/${BASE_REF}" | jq -e -r '.object.sha') - echo "${sha}" | tee $RWX_VALUES/base-sha - fi + sha=$(gh api "/repos/${REPOSITORY}/git/ref/heads/${BASE_REF}" | jq -e -r '.object.sha') + echo "${sha}" | tee $RWX_VALUES/base-sha fi + fi - echo - echo "Head ref resolves to:" - if [[ "${HEAD_REF}" =~ ^[0-9a-f]{40}$ ]]; then - echo "${HEAD_REF}" | tee $RWX_VALUES/head-sha + echo + echo "Head ref resolves to:" + if [[ "${HEAD_REF}" =~ ^[0-9a-f]{40}$ ]]; then + echo "${HEAD_REF}" | tee $RWX_VALUES/head-sha + else + if [[ "${HEAD_REF}" =~ ^refs/heads/ || "${HEAD_REF}" =~ ^refs/heads/ ]]; then + ref=$(echo "${HEAD_REF}" | sed 's|refs/||') + sha=$(gh api "/repos/${REPOSITORY}/git/ref/${ref}" | jq -e -r '.object.sha') + echo "${sha}" | tee $RWX_VALUES/head-sha else - if [[ "${HEAD_REF}" =~ ^refs/heads/ || "${HEAD_REF}" =~ ^refs/heads/ ]]; then - ref=$(echo "${HEAD_REF}" | sed 's|refs/||') - sha=$(gh api "/repos/${REPOSITORY}/git/ref/${ref}" | jq -e -r '.object.sha') - echo "${sha}" | tee $RWX_VALUES/head-sha - else - sha=$(gh api "/repos/${REPOSITORY}/git/ref/heads/${HEAD_REF}" | jq -e -r '.object.sha') - echo "${sha}" | tee $RWX_VALUES/head-sha - fi + sha=$(gh api "/repos/${REPOSITORY}/git/ref/heads/${HEAD_REF}" | jq -e -r '.object.sha') + echo "${sha}" | tee $RWX_VALUES/head-sha fi - env: - GITHUB_TOKEN: - value: ${{ params.github-token }} - cache-key: excluded - REPOSITORY: ${{ params.repository }} - BASE_REF: ${{ params.base-ref }} - HEAD_REF: ${{ params.head-ref }} - cache: ${{ params.base-ref =~ '^[0-9a-f]{40}$' && params.head-ref =~ '^[0-9a-f]{40}$' }} + fi + env: + GITHUB_TOKEN: + value: "${{ params.github-token }}" + cache-key: excluded + REPOSITORY: "${{ params.repository }}" + BASE_REF: "${{ params.base-ref }}" + HEAD_REF: "${{ params.head-ref }}" + cache: "${{ params.base-ref =~ '^[0-9a-f]{40}$' && params.head-ref =~ '^[0-9a-f]{40}$' + }}" +- key: compare + run: | + gh api "/repos/${REPOSITORY}/compare/${BASE_SHA}...${HEAD_SHA}" > compare.json - - key: compare - run: | - gh api "/repos/${REPOSITORY}/compare/${BASE_SHA}...${HEAD_SHA}" > compare.json + jq -r '.files[].filename' < compare.json > files.txt + echo "All changed files:" + cat files.txt - jq -r '.files[].filename' < compare.json > files.txt - echo "All changed files:" - cat files.txt + cat files.txt | $RWX_PACKAGE_PATH/bin/glob_patterns "$PATTERNS" > matches.txt + echo + echo "All matched files:" + cat matches.txt - cat files.txt | $RWX_PACKAGE_PATH/bin/glob_patterns "$PATTERNS" > matches.txt - echo - echo "All matched files:" - cat matches.txt + matches=$(cat matches.txt) + echo "${matches}" > $RWX_VALUES/changes - matches=$(cat matches.txt) - echo "${matches}" > $RWX_VALUES/changes - - if [ "${matches}" == "" ]; then - echo "false" > $RWX_VALUES/has-changes - echo "false" > $RWX_VALUES/have-changes - else - echo "true" > $RWX_VALUES/has-changes - echo "true" > $RWX_VALUES/have-changes - fi - env: - GITHUB_TOKEN: - value: ${{ params.github-token }} - cache-key: excluded - REPOSITORY: ${{ params.repository }} - BASE_SHA: ${{ tasks.shas.values.base-sha }} - HEAD_SHA: ${{ tasks.shas.values.head-sha }} - PATTERNS: ${{ params.patterns }} + if [ "${matches}" == "" ]; then + echo "false" > $RWX_VALUES/has-changes + echo "false" > $RWX_VALUES/have-changes + else + echo "true" > $RWX_VALUES/has-changes + echo "true" > $RWX_VALUES/have-changes + fi + env: + GITHUB_TOKEN: + value: "${{ params.github-token }}" + cache-key: excluded + REPOSITORY: "${{ params.repository }}" + BASE_SHA: "${{ tasks.shas.values.base-sha }}" + HEAD_SHA: "${{ tasks.shas.values.head-sha }}" + PATTERNS: "${{ params.patterns }}" diff --git a/github/create-pull-request/rwx-ci-cd.config.yml b/github/create-pull-request/rwx-ci-cd.config.yml new file mode 100644 index 0000000..90d4873 --- /dev/null +++ b/github/create-pull-request/rwx-ci-cd.config.yml @@ -0,0 +1,12 @@ +--- +tests: +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/github/create-pull-request/rwx-package.yml b/github/create-pull-request/rwx-package.yml index 99ce637..e8f11a8 100644 --- a/github/create-pull-request/rwx-package.yml +++ b/github/create-pull-request/rwx-package.yml @@ -1,75 +1,74 @@ +--- name: github/create-pull-request -version: 1.0.1 +version: 1.0.2 description: Creates a pull request source_code_url: https://github.com/rwx-cloud/packages/tree/main/github/create-pull-request issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: github-token: - description: "The GitHub token to a private app" + description: The GitHub token to a private app required: true branch-prefix: - description: "Branch prefix to idenitfy existing pull request" + description: Branch prefix to idenitfy existing pull request required: true pull-request-title: - description: "The title to use for the pull request" + description: The title to use for the pull request required: true pull-request-body: - description: "The body to use for the pull request" + description: The body to use for the pull request required: true - outputs: - values-from: [create-or-update-pull-request] - + values-from: + - create-or-update-pull-request tasks: - - key: gh-cli - call: github/install-cli 1.0.6 - - - key: create-or-update-pull-request - use: [gh-cli] - cache: false - run: | - # ensure these values are always present - touch $RWX_VALUES/{branch,pull-request-number} +- key: gh-cli + call: github/install-cli 1.0.6 +- key: create-or-update-pull-request + use: + - gh-cli + cache: false + run: | + # ensure these values are always present + touch $RWX_VALUES/{branch,pull-request-number} - git_status=$(git status --porcelain) - if [ -n "$git_status" ]; then - git add --all - git commit -m "$PULL_REQUEST_TITLE" - else - echo "No changes to commit" - exit 0 - fi + git_status=$(git status --porcelain) + if [ -n "$git_status" ]; then + git add --all + git commit -m "$PULL_REQUEST_TITLE" + else + echo "No changes to commit" + exit 0 + fi - pr_list=$(gh pr list --author @me --json number,headRefName) - echo "$pr_list" + pr_list=$(gh pr list --author @me --json number,headRefName) + echo "$pr_list" - latest_pr=$(echo "$pr_list" | jq "[.[] | select(.headRefName | startswith(\"${BRANCH_PREFIX}-\"))] | max_by(.number)") - echo "$latest_pr" + latest_pr=$(echo "$pr_list" | jq "[.[] | select(.headRefName | startswith(\"${BRANCH_PREFIX}-\"))] | max_by(.number)") + echo "$latest_pr" - if [ "$latest_pr" != "null" ] && [ -n "$latest_pr" ]; then - branch=$(echo "$latest_pr" | jq -r ".headRefName") - need_to_create_pr=false - else - branch="${BRANCH_PREFIX}-${RWX_RUN_ID}" - need_to_create_pr=true - fi - echo "$branch" | tee $RWX_VALUES/branch + if [ "$latest_pr" != "null" ] && [ -n "$latest_pr" ]; then + branch=$(echo "$latest_pr" | jq -r ".headRefName") + need_to_create_pr=false + else + branch="${BRANCH_PREFIX}-${RWX_RUN_ID}" + need_to_create_pr=true + fi + echo "$branch" | tee $RWX_VALUES/branch - git checkout -b "$branch" - git push -f origin "$branch" + git checkout -b "$branch" + git push -f origin "$branch" - if [ "$need_to_create_pr" = "true" ]; then - gh pr create --title "$PULL_REQUEST_TITLE" --body "$PULL_REQUEST_BODY" - else - gh pr edit --title "$PULL_REQUEST_TITLE" --body "$PULL_REQUEST_BODY" - fi + if [ "$need_to_create_pr" = "true" ]; then + gh pr create --title "$PULL_REQUEST_TITLE" --body "$PULL_REQUEST_BODY" + else + gh pr edit --title "$PULL_REQUEST_TITLE" --body "$PULL_REQUEST_BODY" + fi - pr_details=$(gh pr view "$branch" --json number,url) - echo "$pr_details" | jq -r '.number' > "$RWX_VALUES/pull-request-number" - echo "$pr_details" | jq -r '.url' > "$RWX_LINKS/View pull request" - env: - BRANCH_PREFIX: ${{ params.branch-prefix }} - GITHUB_TOKEN: ${{ params.github-token }} - PULL_REQUEST_TITLE: ${{ params.pull-request-title }} - PULL_REQUEST_BODY: ${{ params.pull-request-body }} + pr_details=$(gh pr view "$branch" --json number,url) + echo "$pr_details" | jq -r '.number' > "$RWX_VALUES/pull-request-number" + echo "$pr_details" | jq -r '.url' > "$RWX_LINKS/View pull request" + env: + BRANCH_PREFIX: "${{ params.branch-prefix }}" + GITHUB_TOKEN: "${{ params.github-token }}" + PULL_REQUEST_TITLE: "${{ params.pull-request-title }}" + PULL_REQUEST_BODY: "${{ params.pull-request-body }}" diff --git a/github/install-cli/rwx-ci-cd.config.yml b/github/install-cli/rwx-ci-cd.config.yml index 2ca6646..4e06ead 100644 --- a/github/install-cli/rwx-ci-cd.config.yml +++ b/github/install-cli/rwx-ci-cd.config.yml @@ -1,28 +1,36 @@ +--- tests: - - key: ubuntu-22-04-x86-64-1-1 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.1 - arch: x86_64 - - - key: ubuntu-22-04-arm64-1-1 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.1 - arch: arm64 - - - key: ubuntu-24-04-x86-64-1-2 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: x86_64 - - - key: ubuntu-24-04-arm64-1-2 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: arm64 +- key: ubuntu-22-04-x86-64-1-1 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.1 + arch: x86_64 +- key: ubuntu-22-04-arm64-1-1 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.1 + arch: arm64 +- key: ubuntu-24-04-x86-64-1-2 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: x86_64 +- key: ubuntu-24-04-arm64-1-2 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: arm64 +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/github/install-cli/rwx-package.yml b/github/install-cli/rwx-package.yml index 6bb67a2..52abc8e 100644 --- a/github/install-cli/rwx-package.yml +++ b/github/install-cli/rwx-package.yml @@ -1,23 +1,23 @@ +--- name: github/install-cli -version: 1.0.8 +version: 1.0.9 description: Install the GitHub CLI, gh. It is GitHub on the command line. source_code_url: https://github.com/rwx-cloud/packages/tree/main/github/install-cli issue_tracker_url: https://github.com/rwx-cloud/packages/issues - tasks: - - key: install - run: | - source "$RWX_PACKAGE_PATH/mint-utils.sh" - if ! mint_os_package_manager_in apt; then - echo "Unsupported operating system or package manager \`$(mint_os_package_manager)\`" > "$(mktemp "$RWX_ERRORS/error-XXXX")" - exit 1 - fi +- key: install + run: | + source "$RWX_PACKAGE_PATH/mint-utils.sh" + if ! mint_os_package_manager_in apt; then + echo "Unsupported operating system or package manager \`$(mint_os_package_manager)\`" > "$(mktemp "$RWX_ERRORS/error-XXXX")" + exit 1 + fi - sudo mkdir -p -m 755 /etc/apt/keyrings - curl --fail-with-body https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null - sudo chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg - echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list - sudo apt-get update - sudo apt-get install gh - sudo apt-get clean - gh --version + sudo mkdir -p -m 755 /etc/apt/keyrings + curl --fail-with-body https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null + sudo chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg + echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list + sudo apt-get update + sudo apt-get install gh + sudo apt-get clean + gh --version diff --git a/golang/install/rwx-ci-cd.config.yml b/golang/install/rwx-ci-cd.config.yml index 2ca6646..4e06ead 100644 --- a/golang/install/rwx-ci-cd.config.yml +++ b/golang/install/rwx-ci-cd.config.yml @@ -1,28 +1,36 @@ +--- tests: - - key: ubuntu-22-04-x86-64-1-1 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.1 - arch: x86_64 - - - key: ubuntu-22-04-arm64-1-1 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.1 - arch: arm64 - - - key: ubuntu-24-04-x86-64-1-2 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: x86_64 - - - key: ubuntu-24-04-arm64-1-2 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: arm64 +- key: ubuntu-22-04-x86-64-1-1 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.1 + arch: x86_64 +- key: ubuntu-22-04-arm64-1-1 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.1 + arch: arm64 +- key: ubuntu-24-04-x86-64-1-2 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: x86_64 +- key: ubuntu-24-04-arm64-1-2 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: arm64 +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/golang/install/rwx-package.yml b/golang/install/rwx-package.yml index 5393e85..c5de5a7 100644 --- a/golang/install/rwx-package.yml +++ b/golang/install/rwx-package.yml @@ -1,16 +1,15 @@ +--- name: golang/install -version: 1.1.5 +version: 1.1.6 description: Install the Go programming language source_code_url: https://github.com/rwx-cloud/packages/tree/main/golang/install issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: go-version: - description: "Version of Go to install" - default: "latest" - + description: Version of Go to install + default: latest tasks: - - key: install - run: $RWX_PACKAGE_PATH/bin/install-go - env: - GO_VERSION: ${{ params.go-version }} +- key: install + run: "$RWX_PACKAGE_PATH/bin/install-go" + env: + GO_VERSION: "${{ params.go-version }}" diff --git a/google-cloud/auth-credentials/rwx-ci-cd.config.yml b/google-cloud/auth-credentials/rwx-ci-cd.config.yml new file mode 100644 index 0000000..90d4873 --- /dev/null +++ b/google-cloud/auth-credentials/rwx-ci-cd.config.yml @@ -0,0 +1,12 @@ +--- +tests: +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/google-cloud/auth-credentials/rwx-package.yml b/google-cloud/auth-credentials/rwx-package.yml index 213e5e4..31ace2e 100644 --- a/google-cloud/auth-credentials/rwx-package.yml +++ b/google-cloud/auth-credentials/rwx-package.yml @@ -1,52 +1,50 @@ +--- name: google-cloud/auth-credentials -version: 1.0.6 +version: 1.0.7 description: Authenticate to Google Cloud with credentials JSON source_code_url: https://github.com/rwx-cloud/packages/tree/main/google-cloud/auth-credentials issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: credentials-json: - description: "The Service Account Key JSON used for authentication" + description: The Service Account Key JSON used for authentication required: true project-id: - description: "The default project to select once authenticated" + description: The default project to select once authenticated required: false - tasks: - - key: require-gcloud - run: | - if ! command -v gcloud &> /dev/null; then - cat << 'EOF' > $(mktemp "$RWX_ERRORS/error-XXXX") - The Google Cloud CLI (gcloud) must be installed. To install it, you can use the `google-cloud/install-cli` leaf. - EOF - exit 2 - fi - filter: [] - - - key: auth-login - after: require-gcloud - run: | - set -ueo pipefail - - credentials_dir="$(mktemp -d)" - credentials_file="${credentials_dir}/credentials.json" - - echo '${{ params.credentials-json }}' >"$credentials_file" - chmod 0600 "$credentials_file" - - echo "$credentials_file" >> "${RWX_ENV}/GOOGLE_APPLICATION_CREDENTIALS" - export GOOGLE_APPLICATION_CREDENTIALS="$credentials_file" - +- key: require-gcloud + run: | + if ! command -v gcloud &> /dev/null; then + cat << 'EOF' > $(mktemp "$RWX_ERRORS/error-XXXX") + The Google Cloud CLI (gcloud) must be installed. To install it, you can use the `google-cloud/install-cli` leaf. + EOF + exit 2 + fi + filter: [] +- key: auth-login + after: require-gcloud + run: | + set -ueo pipefail + + credentials_dir="$(mktemp -d)" + credentials_file="${credentials_dir}/credentials.json" + + echo '${{ params.credentials-json }}' >"$credentials_file" + chmod 0600 "$credentials_file" + + echo "$credentials_file" >> "${RWX_ENV}/GOOGLE_APPLICATION_CREDENTIALS" + export GOOGLE_APPLICATION_CREDENTIALS="$credentials_file" + + echo + echo "Authenticating with gcloud" + + gcloud auth login --cred-file="$GOOGLE_APPLICATION_CREDENTIALS" + echo "Authenticated with gcloud" + + if [[ -n "${{ params.project-id }}" ]]; then echo - echo "Authenticating with gcloud" - - gcloud auth login --cred-file="$GOOGLE_APPLICATION_CREDENTIALS" - echo "Authenticated with gcloud" - - if [[ -n "${{ params.project-id }}" ]]; then - echo - echo "Configuring gcloud project" - gcloud config set project "${{ params.project-id }}" - echo "Using project: $(gcloud config get project)" - fi - cache: false + echo "Configuring gcloud project" + gcloud config set project "${{ params.project-id }}" + echo "Using project: $(gcloud config get project)" + fi + cache: false diff --git a/google-cloud/auth-oidc/rwx-ci-cd.config.yml b/google-cloud/auth-oidc/rwx-ci-cd.config.yml new file mode 100644 index 0000000..90d4873 --- /dev/null +++ b/google-cloud/auth-oidc/rwx-ci-cd.config.yml @@ -0,0 +1,12 @@ +--- +tests: +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/google-cloud/auth-oidc/rwx-package.yml b/google-cloud/auth-oidc/rwx-package.yml index 7f7cd02..3f1db73 100644 --- a/google-cloud/auth-oidc/rwx-package.yml +++ b/google-cloud/auth-oidc/rwx-package.yml @@ -1,103 +1,104 @@ +--- name: google-cloud/auth-oidc -version: 1.0.8 +version: 1.0.9 description: Authenticate to Google Cloud with OIDC and Workload Identity Federation source_code_url: https://github.com/rwx-cloud/packages/tree/main/google-cloud/auth-oidc issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: oidc-token: - description: "The OIDC token that will be exchanged for temporary credentials (e.g. vaults.your-vault.oidc.your-token)" + description: The OIDC token that will be exchanged for temporary credentials (e.g. + vaults.your-vault.oidc.your-token) required: true workload-identity-provider: - description: "The full identifier of the Workload Identity Provider" + description: The full identifier of the Workload Identity Provider required: true service-account: - description: "The identifier of the Google Cloud service account which will be impersonated by the generated OIDC" + description: The identifier of the Google Cloud service account which will be + impersonated by the generated OIDC required: false service-account-token-lifetime-seconds: - description: "Lifetime duration of the service account access token in seconds" + description: Lifetime duration of the service account access token in seconds required: false audience: - description: "The generated token's `aud` parameter, defaults to the value of `workload-identity-provider`" + description: The generated token's `aud` parameter, defaults to the value of `workload-identity-provider` required: false project-id: - description: "The default project to select once authenticated" + description: The default project to select once authenticated required: false - tasks: - - key: auth-login - run: | - set -ueo pipefail +- key: auth-login + run: | + set -ueo pipefail - if ! command -v gcloud &> /dev/null; then - cat << 'EOF' > $(mktemp "$RWX_ERRORS/error-XXXX") - The Google Cloud CLI (gcloud) must be installed. To install it, you can use the `google-cloud/install-cli` leaf. - EOF - exit 2 - fi + if ! command -v gcloud &> /dev/null; then + cat << 'EOF' > $(mktemp "$RWX_ERRORS/error-XXXX") + The Google Cloud CLI (gcloud) must be installed. To install it, you can use the `google-cloud/install-cli` leaf. + EOF + exit 2 + fi - credentials_dir="$(mktemp -d)" - token_source_file="${credentials_dir}/oidc-token.txt" - credentials_file="${credentials_dir}/credentials.json" + credentials_dir="$(mktemp -d)" + token_source_file="${credentials_dir}/oidc-token.txt" + credentials_file="${credentials_dir}/credentials.json" - audience="${{ params.audience }}" - if [[ -z "$audience" ]]; then - audience="//iam.googleapis.com/${{ params.workload-identity-provider }}" - fi + audience="${{ params.audience }}" + if [[ -z "$audience" ]]; then + audience="//iam.googleapis.com/${{ params.workload-identity-provider }}" + fi - echo - echo "Saving OIDC token" - echo "${{ params.oidc-token }}" > "$token_source_file" - chmod 0600 "$token_source_file" + echo + echo "Saving OIDC token" + echo "${{ params.oidc-token }}" > "$token_source_file" + chmod 0600 "$token_source_file" - echo - echo "Building application credentials file" - credentials_content=$(jq -n \ - --arg audience "$audience" \ - --arg token_source_file "$token_source_file" \ - '{ - "type": "external_account", - "audience": $audience, - "subject_token_type": "urn:ietf:params:oauth:token-type:jwt", - "token_url": "https://sts.googleapis.com/v1/token", - "credential_source": { - "file": $token_source_file, - "format": { - "type": "text" - } + echo + echo "Building application credentials file" + credentials_content=$(jq -n \ + --arg audience "$audience" \ + --arg token_source_file "$token_source_file" \ + '{ + "type": "external_account", + "audience": $audience, + "subject_token_type": "urn:ietf:params:oauth:token-type:jwt", + "token_url": "https://sts.googleapis.com/v1/token", + "credential_source": { + "file": $token_source_file, + "format": { + "type": "text" } - }') + } + }') - if [[ -n "${{ params.service-account }}" ]]; then - echo "Enabling service account impersonation" - credentials_content=$(echo "$credentials_content" | \ - jq --arg url "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/${{ params.service-account }}:generateAccessToken" \ - '.service_account_impersonation_url = $url') + if [[ -n "${{ params.service-account }}" ]]; then + echo "Enabling service account impersonation" + credentials_content=$(echo "$credentials_content" | \ + jq --arg url "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/${{ params.service-account }}:generateAccessToken" \ + '.service_account_impersonation_url = $url') - if [[ -n "${{ params.service-account-token-lifetime-seconds }}" ]]; then - echo "Setting service account token lifetime to ${{ params.service-account-token-lifetime-seconds }} seconds" - credentials_content=$(echo "$credentials_content" | \ - jq --arg lifetime "${{ params.service-account-token-lifetime-seconds }}" \ - '.service_account_impersonation += {"token_lifetime_seconds": ($lifetime | tonumber)}') - fi + if [[ -n "${{ params.service-account-token-lifetime-seconds }}" ]]; then + echo "Setting service account token lifetime to ${{ params.service-account-token-lifetime-seconds }} seconds" + credentials_content=$(echo "$credentials_content" | \ + jq --arg lifetime "${{ params.service-account-token-lifetime-seconds }}" \ + '.service_account_impersonation += {"token_lifetime_seconds": ($lifetime | tonumber)}') fi + fi - echo "$credentials_content" >"$credentials_file" - chmod 0600 "$credentials_file" + echo "$credentials_content" >"$credentials_file" + chmod 0600 "$credentials_file" - echo "$credentials_file" >> "${RWX_ENV}/GOOGLE_APPLICATION_CREDENTIALS" - export GOOGLE_APPLICATION_CREDENTIALS="$credentials_file" + echo "$credentials_file" >> "${RWX_ENV}/GOOGLE_APPLICATION_CREDENTIALS" + export GOOGLE_APPLICATION_CREDENTIALS="$credentials_file" - echo - echo "Authenticating with gcloud" + echo + echo "Authenticating with gcloud" - gcloud auth login --cred-file="$GOOGLE_APPLICATION_CREDENTIALS" - echo "Authenticated with gcloud" + gcloud auth login --cred-file="$GOOGLE_APPLICATION_CREDENTIALS" + echo "Authenticated with gcloud" - if [[ -n "${{ params.project-id }}" ]]; then - echo - echo "Configuring gcloud project" - gcloud config set project "${{ params.project-id }}" - echo "Using project: $(gcloud config get project)" - fi - cache: false + if [[ -n "${{ params.project-id }}" ]]; then + echo + echo "Configuring gcloud project" + gcloud config set project "${{ params.project-id }}" + echo "Using project: $(gcloud config get project)" + fi + cache: false diff --git a/google-cloud/install-cli/rwx-ci-cd.config.yml b/google-cloud/install-cli/rwx-ci-cd.config.yml new file mode 100644 index 0000000..90d4873 --- /dev/null +++ b/google-cloud/install-cli/rwx-ci-cd.config.yml @@ -0,0 +1,12 @@ +--- +tests: +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/google-cloud/install-cli/rwx-package.yml b/google-cloud/install-cli/rwx-package.yml index ed2f8da..3459d4a 100644 --- a/google-cloud/install-cli/rwx-package.yml +++ b/google-cloud/install-cli/rwx-package.yml @@ -1,78 +1,77 @@ +--- name: google-cloud/install-cli -version: 1.1.6 +version: 1.1.7 description: Install the Google Cloud SDK CLI source_code_url: https://github.com/rwx-cloud/packages/tree/main/google-cloud/install-cli issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: cli-version: - description: "Version of the CLI to install" - default: "latest" + description: Version of the CLI to install + default: latest components: - description: "Optional space-separated list of CLI components to install" - default: "" - + description: Optional space-separated list of CLI components to install + default: '' tasks: - - key: install-cli - run: | - source "$RWX_PACKAGE_PATH/mint-utils.sh" - if [ "$(mint_os_name)" != "ubuntu" ]; then - echo "Unsupported operating system \`$(mint_os_name)\`" > "$(mktemp "$RWX_ERRORS/error-XXXX")" - exit 1 - fi - - architecture="" - case $(uname -m) in - x86_64) architecture="x86_64" ;; - arm|aarch64) architecture="arm" ;; - *) echo "Unsupported architecture: $(uname -m)"; exit 1 ;; - esac +- key: install-cli + run: | + source "$RWX_PACKAGE_PATH/mint-utils.sh" + if [ "$(mint_os_name)" != "ubuntu" ]; then + echo "Unsupported operating system \`$(mint_os_name)\`" > "$(mktemp "$RWX_ERRORS/error-XXXX")" + exit 1 + fi - cli_version="${{ params.cli-version }}" - if [[ "$cli_version" == "latest" ]]; then - echo - echo "Resolving latest version of Google Cloud SDK" - curl --fail-with-body -o latest-cloud-sdk.tar.gz https://dl.google.com/dl/cloudsdk/channels/rapid/google-cloud-sdk.tar.gz - cli_version=$(tar -Ozxf latest-cloud-sdk.tar.gz google-cloud-sdk/VERSION) - rm latest-cloud-sdk.tar.gz - echo "Using version ${cli_version}" - fi - - filename="google-cloud-cli-${cli_version}-linux-${architecture}.tar.gz" - install_dir="/opt/google-cloud/v${cli_version}" + architecture="" + case $(uname -m) in + x86_64) architecture="x86_64" ;; + arm|aarch64) architecture="arm" ;; + *) echo "Unsupported architecture: $(uname -m)"; exit 1 ;; + esac + cli_version="${{ params.cli-version }}" + if [[ "$cli_version" == "latest" ]]; then echo - echo "Downloading ${filename}" - curl --fail-with-body -O "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/${filename}" + echo "Resolving latest version of Google Cloud SDK" + curl --fail-with-body -o latest-cloud-sdk.tar.gz https://dl.google.com/dl/cloudsdk/channels/rapid/google-cloud-sdk.tar.gz + cli_version=$(tar -Ozxf latest-cloud-sdk.tar.gz google-cloud-sdk/VERSION) + rm latest-cloud-sdk.tar.gz + echo "Using version ${cli_version}" + fi - echo - echo "Extracting to ${install_dir}/google-cloud-sdk" - sudo mkdir -p "$install_dir" - sudo chown ubuntu:ubuntu "$install_dir" - tar -xf "$filename" -C "$install_dir" - rm "$filename" + filename="google-cloud-cli-${cli_version}-linux-${architecture}.tar.gz" + install_dir="/opt/google-cloud/v${cli_version}" - echo - echo "Running installer" - "${install_dir}/google-cloud-sdk/install.sh" --quiet + echo + echo "Downloading ${filename}" + curl --fail-with-body -O "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/${filename}" - echo - bin_dir="${install_dir}/google-cloud-sdk/bin" - echo "Adding ${bin_dir} to PATH" - echo "$bin_dir" >> "${RWX_ENV}/PATH" - export PATH="${bin_dir}:$PATH" + echo + echo "Extracting to ${install_dir}/google-cloud-sdk" + sudo mkdir -p "$install_dir" + sudo chown ubuntu:ubuntu "$install_dir" + tar -xf "$filename" -C "$install_dir" + rm "$filename" - echo - echo "Checking installation" - gcloud --version + echo + echo "Running installer" + "${install_dir}/google-cloud-sdk/install.sh" --quiet - if [[ "${{ params.components }}" != "" ]]; then - echo - echo "Installing components" - IFS=" " read -r -a components <<< "${{ params.components }}" - gcloud components install "${components[@]}" - fi + echo + bin_dir="${install_dir}/google-cloud-sdk/bin" + echo "Adding ${bin_dir} to PATH" + echo "$bin_dir" >> "${RWX_ENV}/PATH" + export PATH="${bin_dir}:$PATH" + echo + echo "Checking installation" + gcloud --version + + if [[ "${{ params.components }}" != "" ]]; then echo - echo "Cleaning Google Cloud SDK backup" - rm -rf "${install_dir}/google-cloud-sdk/.install/.backup" + echo "Installing components" + IFS=" " read -r -a components <<< "${{ params.components }}" + gcloud components install "${components[@]}" + fi + + echo + echo "Cleaning Google Cloud SDK backup" + rm -rf "${install_dir}/google-cloud-sdk/.install/.backup" diff --git a/google/install-chrome/rwx-ci-cd.config.yml b/google/install-chrome/rwx-ci-cd.config.yml index 245e516..25d27e6 100644 --- a/google/install-chrome/rwx-ci-cd.config.yml +++ b/google/install-chrome/rwx-ci-cd.config.yml @@ -1,14 +1,24 @@ +--- tests: - - key: ubuntu-22-04-x86-64-1-1 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.1 - arch: x86_64 - - - key: ubuntu-24-04-x86-64-1-2 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: x86_64 +- key: ubuntu-22-04-x86-64-1-1 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.1 + arch: x86_64 +- key: ubuntu-24-04-x86-64-1-2 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: x86_64 +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/google/install-chrome/rwx-package.yml b/google/install-chrome/rwx-package.yml index 11403e1..946aadd 100644 --- a/google/install-chrome/rwx-package.yml +++ b/google/install-chrome/rwx-package.yml @@ -1,179 +1,179 @@ +--- name: google/install-chrome -version: 2.1.7 +version: 2.1.8 description: Install Google Chrome, the official web browser from Google source_code_url: https://github.com/rwx-cloud/packages/tree/main/google/install-chrome issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: chrome-version: - description: "Version of Chrome to install." + description: Version of Chrome to install. required: true install-chromedriver: - description: "Whether a compatible Chromedriver should be installed." + description: Whether a compatible Chromedriver should be installed. required: false default: false chrome-directory: - description: "The directory where Chrome will be installed." + description: The directory where Chrome will be installed. required: false - default: /opt/chrome + default: "/opt/chrome" chromedriver-directory: - description: "The directory where Chromedriver will be installed." + description: The directory where Chromedriver will be installed. required: false - default: /opt/chromedriver + default: "/opt/chromedriver" add-to-path: - description: "Whether Chrome and (optionally) Chromedriver should be included in PATH." + description: Whether Chrome and (optionally) Chromedriver should be included in + PATH. required: false default: true - outputs: - values-from: [install] - + values-from: + - install tasks: - - key: resolve-chrome-version - run: | - source "$RWX_PACKAGE_PATH/mint-utils.sh" - if ! mint_os_name_in ubuntu; then - echo "Unsupported operating system \`$(mint_os_name)\`" > "$(mktemp "$RWX_ERRORS/error-XXXX")" - exit 1 - fi - - if [ "$(uname -p)" != "x86_64" ]; then - echo "Google currently does not package Chrome for ARM on Linux. See [GoogleChromeLabs/chrome-for-testing#1](https://github.com/GoogleChromeLabs/chrome-for-testing/issues/1) for more information. Consider using Chromium instead of Chrome." > "$(mktemp "$RWX_ERRORS/error-XXXX")" - exit 1 - fi - - chrome="" - - if [[ "${CHROME_VERSION}" == "stable" || "${CHROME_VERSION}" == "beta" || "${CHROME_VERSION}" == "dev" || "${CHROME_VERSION}" == "canary" ]]; then - chromes=$(curl -fsSL https://googlechromelabs.github.io/chrome-for-testing/last-known-good-versions-with-downloads.json) - channel="${CHROME_VERSION^}" # upcase the first letter - chrome=$(echo "${chromes}" | jq --arg channel "${channel}" '.channels[$channel]') - else - chromes=$(curl -fsSL https://googlechromelabs.github.io/chrome-for-testing/known-good-versions-with-downloads.json) - - if [[ "${CHROME_VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - chrome=$(echo "${chromes}" | jq --arg version "${CHROME_VERSION}" '[.versions[] | select(.version == $version)] | last') - else - chrome=$(echo "${chromes}" | jq --arg version "${CHROME_VERSION}." '[.versions[] | select(.version | startswith($version))] | last') - fi - fi - - if [[ -z "${chrome}" ]]; then - cat << EOF > $(mktemp "$RWX_ERRORS/error-XXXX") - The \`chrome-version\` provided does not resolve to a version of Google Chrome known by [Chrome for Testing](https://github.com/GoogleChromeLabs/chrome-for-testing). - EOF - exit 1 - fi - - resolved_version=$(echo "$chrome" | jq -r '.version') - # restrict usage to Chrome >= 115 - if echo "$resolved_version" | awk -F . '{ if ($1 >= 115) { exit 0 } else { exit 1 } }'; then - echo "${resolved_version}" > "${RWX_VALUES}/chrome-version" - echo "${chrome}" | jq -r '[.downloads.chrome[] | select(.platform == "linux64")] | last.url' > "${RWX_VALUES}/chrome-download-url" - echo "${chrome}" | jq -r '[.downloads.chromedriver[] | select(.platform == "linux64")] | last.url' > "${RWX_VALUES}/chromedriver-download-url" +- key: resolve-chrome-version + run: | + source "$RWX_PACKAGE_PATH/mint-utils.sh" + if ! mint_os_name_in ubuntu; then + echo "Unsupported operating system \`$(mint_os_name)\`" > "$(mktemp "$RWX_ERRORS/error-XXXX")" + exit 1 + fi + + if [ "$(uname -p)" != "x86_64" ]; then + echo "Google currently does not package Chrome for ARM on Linux. See [GoogleChromeLabs/chrome-for-testing#1](https://github.com/GoogleChromeLabs/chrome-for-testing/issues/1) for more information. Consider using Chromium instead of Chrome." > "$(mktemp "$RWX_ERRORS/error-XXXX")" + exit 1 + fi + + chrome="" + + if [[ "${CHROME_VERSION}" == "stable" || "${CHROME_VERSION}" == "beta" || "${CHROME_VERSION}" == "dev" || "${CHROME_VERSION}" == "canary" ]]; then + chromes=$(curl -fsSL https://googlechromelabs.github.io/chrome-for-testing/last-known-good-versions-with-downloads.json) + channel="${CHROME_VERSION^}" # upcase the first letter + chrome=$(echo "${chromes}" | jq --arg channel "${channel}" '.channels[$channel]') + else + chromes=$(curl -fsSL https://googlechromelabs.github.io/chrome-for-testing/known-good-versions-with-downloads.json) + + if [[ "${CHROME_VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + chrome=$(echo "${chromes}" | jq --arg version "${CHROME_VERSION}" '[.versions[] | select(.version == $version)] | last') else - cat << EOF > $(mktemp "${RWX_ERRORS}/error-XXXX") - The \`chrome-version\` provided is less than 115. Only versions 115 and higher are supported. - EOF - exit 1 + chrome=$(echo "${chromes}" | jq --arg version "${CHROME_VERSION}." '[.versions[] | select(.version | startswith($version))] | last') fi - env: - CHROME_VERSION: ${{ params.chrome-version }} - cache: - ttl: 1 day - - - - key: install - run: | - source "$RWX_PACKAGE_PATH/mint-utils.sh" - os_packages="" - if mint_os_version_gte 24.04; then - os_packages="libasound2t64 libgtk-4-1 libatk-bridge2.0-0t64 libatk1.0-0t64 libatspi2.0-0t64 libcups2t64 libglib2.0-0t64 libgtk-3-0t64" - else - os_packages="libasound2 libgtk-3-0 libatk-bridge2.0-0 libatk1.0-0 libatspi2.0-0 libcups2 libglib2.0-0 libgtk-3-0" - fi - - echo "Installing Chrome system dependencies" - sudo apt-get update - - sudo apt-get install --no-upgrade $os_packages \ - ca-certificates \ - fonts-liberation \ - libcairo2 \ - libcurl4 \ - libdbus-1-3 \ - libexpat1 \ - libgbm1 \ - libgdk-pixbuf2.0-0 \ - libnspr4 \ - libnss3 \ - libpango-1.0-0 \ - libudev1 \ - libvulkan1 \ - x11-utils \ - xdg-utils \ - xvfb - sudo apt-get clean - - path_additions="" - echo "${CHROME_VERSION}" > "${RWX_VALUES}/chrome-version" - - echo "Installing Chrome ${CHROME_VERSION}" + fi + + if [[ -z "${chrome}" ]]; then + cat << EOF > $(mktemp "$RWX_ERRORS/error-XXXX") + The \`chrome-version\` provided does not resolve to a version of Google Chrome known by [Chrome for Testing](https://github.com/GoogleChromeLabs/chrome-for-testing). + EOF + exit 1 + fi + + resolved_version=$(echo "$chrome" | jq -r '.version') + # restrict usage to Chrome >= 115 + if echo "$resolved_version" | awk -F . '{ if ($1 >= 115) { exit 0 } else { exit 1 } }'; then + echo "${resolved_version}" > "${RWX_VALUES}/chrome-version" + echo "${chrome}" | jq -r '[.downloads.chrome[] | select(.platform == "linux64")] | last.url' > "${RWX_VALUES}/chrome-download-url" + echo "${chrome}" | jq -r '[.downloads.chromedriver[] | select(.platform == "linux64")] | last.url' > "${RWX_VALUES}/chromedriver-download-url" + else + cat << EOF > $(mktemp "${RWX_ERRORS}/error-XXXX") + The \`chrome-version\` provided is less than 115. Only versions 115 and higher are supported. + EOF + exit 1 + fi + env: + CHROME_VERSION: "${{ params.chrome-version }}" + cache: + ttl: 1 day +- key: install + run: | + source "$RWX_PACKAGE_PATH/mint-utils.sh" + os_packages="" + if mint_os_version_gte 24.04; then + os_packages="libasound2t64 libgtk-4-1 libatk-bridge2.0-0t64 libatk1.0-0t64 libatspi2.0-0t64 libcups2t64 libglib2.0-0t64 libgtk-3-0t64" + else + os_packages="libasound2 libgtk-3-0 libatk-bridge2.0-0 libatk1.0-0 libatspi2.0-0 libcups2 libglib2.0-0 libgtk-3-0" + fi + + echo "Installing Chrome system dependencies" + sudo apt-get update + + sudo apt-get install --no-upgrade $os_packages \ + ca-certificates \ + fonts-liberation \ + libcairo2 \ + libcurl4 \ + libdbus-1-3 \ + libexpat1 \ + libgbm1 \ + libgdk-pixbuf2.0-0 \ + libnspr4 \ + libnss3 \ + libpango-1.0-0 \ + libudev1 \ + libvulkan1 \ + x11-utils \ + xdg-utils \ + xvfb + sudo apt-get clean + + path_additions="" + echo "${CHROME_VERSION}" > "${RWX_VALUES}/chrome-version" + + echo "Installing Chrome ${CHROME_VERSION}" + echo + + # Unpack chrome into the chrome directory + curl -fsSL "${CHROME_DOWNLOAD_URL}" -o chrome.zip + unzip chrome.zip + sudo mv chrome-linux64 "${CHROME_DIRECTORY}" + + # Set the correct permissions on the sandbox binary + chrome_sandbox_binary="${CHROME_DIRECTORY}/chrome_sandbox" + sudo chown root:root "${chrome_sandbox_binary}" + sudo chmod 4755 "${chrome_sandbox_binary}" + echo "${chrome_sandbox_binary}" > "${RWX_ENV}/CHROME_DEVEL_SANDBOX" + + # Store useful chrome values + chrome_binary="${CHROME_DIRECTORY}/chrome" + ln -s "${CHROME_DIRECTORY}/chrome" "${CHROME_DIRECTORY}/google-chrome" + + echo "Installed Chrome ${CHROME_VERSION}" + "${chrome_binary}" --version + echo + + if [[ "${ADD_TO_PATH}" == "true" ]]; then + path_additions="${CHROME_DIRECTORY}" + fi + + if [[ "${INSTALL_CHROMEDRIVER}" == "true" ]]; then + echo "Installing Chromedriver for Chrome ${CHROME_VERSION}" echo - # Unpack chrome into the chrome directory - curl -fsSL "${CHROME_DOWNLOAD_URL}" -o chrome.zip - unzip chrome.zip - sudo mv chrome-linux64 "${CHROME_DIRECTORY}" - - # Set the correct permissions on the sandbox binary - chrome_sandbox_binary="${CHROME_DIRECTORY}/chrome_sandbox" - sudo chown root:root "${chrome_sandbox_binary}" - sudo chmod 4755 "${chrome_sandbox_binary}" - echo "${chrome_sandbox_binary}" > "${RWX_ENV}/CHROME_DEVEL_SANDBOX" + curl -fsSL "${CHROMEDRIVER_DOWNLOAD_URL}" -o chromedriver.zip + unzip chromedriver.zip + sudo mv chromedriver-linux64 "${CHROMEDRIVER_DIRECTORY}" + chromedriver_binary="${CHROMEDRIVER_DIRECTORY}/chromedriver" - # Store useful chrome values - chrome_binary="${CHROME_DIRECTORY}/chrome" - ln -s "${CHROME_DIRECTORY}/chrome" "${CHROME_DIRECTORY}/google-chrome" - - echo "Installed Chrome ${CHROME_VERSION}" - "${chrome_binary}" --version + echo "Installed Chromedriver for Chrome ${CHROME_VERSION}" + "${chromedriver_binary}" --version echo if [[ "${ADD_TO_PATH}" == "true" ]]; then - path_additions="${CHROME_DIRECTORY}" + path_additions="${path_additions}:${CHROMEDRIVER_DIRECTORY}" fi - - if [[ "${INSTALL_CHROMEDRIVER}" == "true" ]]; then - echo "Installing Chromedriver for Chrome ${CHROME_VERSION}" - echo - - curl -fsSL "${CHROMEDRIVER_DOWNLOAD_URL}" -o chromedriver.zip - unzip chromedriver.zip - sudo mv chromedriver-linux64 "${CHROMEDRIVER_DIRECTORY}" - chromedriver_binary="${CHROMEDRIVER_DIRECTORY}/chromedriver" - - echo "Installed Chromedriver for Chrome ${CHROME_VERSION}" - "${chromedriver_binary}" --version - echo - - if [[ "${ADD_TO_PATH}" == "true" ]]; then - path_additions="${path_additions}:${CHROMEDRIVER_DIRECTORY}" - fi - fi - - if [[ -n "${path_additions}" ]]; then - echo "Adding ${path_additions} to PATH" - echo "${path_additions}" >> "${RWX_ENV}/PATH" - fi - - rm -f chrome.zip - rm -f chromedriver.zip - env: - ADD_TO_PATH: ${{ params.add-to-path }} - CHROME_DIRECTORY: ${{ params.chrome-directory }} - CHROME_VERSION: ${{ tasks.resolve-chrome-version.values.chrome-version }} - CHROME_DOWNLOAD_URL: ${{ tasks.resolve-chrome-version.values.chrome-download-url }} - CHROMEDRIVER_DIRECTORY: ${{ params.chromedriver-directory }} - CHROMEDRIVER_DOWNLOAD_URL: ${{ tasks.resolve-chrome-version.values.chromedriver-download-url }} - INSTALL_CHROMEDRIVER: ${{ params.install-chromedriver }} + fi + + if [[ -n "${path_additions}" ]]; then + echo "Adding ${path_additions} to PATH" + echo "${path_additions}" >> "${RWX_ENV}/PATH" + fi + + rm -f chrome.zip + rm -f chromedriver.zip + env: + ADD_TO_PATH: "${{ params.add-to-path }}" + CHROME_DIRECTORY: "${{ params.chrome-directory }}" + CHROME_VERSION: "${{ tasks.resolve-chrome-version.values.chrome-version }}" + CHROME_DOWNLOAD_URL: "${{ tasks.resolve-chrome-version.values.chrome-download-url + }}" + CHROMEDRIVER_DIRECTORY: "${{ params.chromedriver-directory }}" + CHROMEDRIVER_DOWNLOAD_URL: "${{ tasks.resolve-chrome-version.values.chromedriver-download-url + }}" + INSTALL_CHROMEDRIVER: "${{ params.install-chromedriver }}" diff --git a/hashicorp/install-terraform/rwx-ci-cd.config.yml b/hashicorp/install-terraform/rwx-ci-cd.config.yml index 2ca6646..4e06ead 100644 --- a/hashicorp/install-terraform/rwx-ci-cd.config.yml +++ b/hashicorp/install-terraform/rwx-ci-cd.config.yml @@ -1,28 +1,36 @@ +--- tests: - - key: ubuntu-22-04-x86-64-1-1 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.1 - arch: x86_64 - - - key: ubuntu-22-04-arm64-1-1 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.1 - arch: arm64 - - - key: ubuntu-24-04-x86-64-1-2 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: x86_64 - - - key: ubuntu-24-04-arm64-1-2 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: arm64 +- key: ubuntu-22-04-x86-64-1-1 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.1 + arch: x86_64 +- key: ubuntu-22-04-arm64-1-1 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.1 + arch: arm64 +- key: ubuntu-24-04-x86-64-1-2 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: x86_64 +- key: ubuntu-24-04-arm64-1-2 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: arm64 +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/hashicorp/install-terraform/rwx-package.yml b/hashicorp/install-terraform/rwx-package.yml index c4e98c8..c39e512 100644 --- a/hashicorp/install-terraform/rwx-package.yml +++ b/hashicorp/install-terraform/rwx-package.yml @@ -1,36 +1,36 @@ +--- name: hashicorp/install-terraform -version: 1.0.10 -description: Install the Terraform CLI, a tool for building, changing, and versioning infrastructure safely and efficiently +version: 1.0.11 +description: Install the Terraform CLI, a tool for building, changing, and versioning + infrastructure safely and efficiently source_code_url: https://github.com/rwx-cloud/packages/tree/main/hashicorp/install-terraform issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: terraform-version: - description: "Version of Terraform to install" - default: "latest" - + description: Version of Terraform to install + default: latest tasks: - - key: install - run: | - source "$RWX_PACKAGE_PATH/mint-utils.sh" - if ! mint_os_package_manager_in apt; then - echo "Unsupported operating system or package manager \`$(mint_os_package_manager)\`" > "$(mktemp "$RWX_ERRORS/error-XXXX")" - exit 1 - fi +- key: install + run: | + source "$RWX_PACKAGE_PATH/mint-utils.sh" + if ! mint_os_package_manager_in apt; then + echo "Unsupported operating system or package manager \`$(mint_os_package_manager)\`" > "$(mktemp "$RWX_ERRORS/error-XXXX")" + exit 1 + fi - curl --fail-with-body https://apt.releases.hashicorp.com/gpg | gpg --dearmor > hashicorp-archive-keyring.gpg - sudo mv hashicorp-archive-keyring.gpg /usr/share/keyrings - gpg --no-default-keyring \ - --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg \ - --fingerprint | \ - grep '798A EC65 4E5C 1542 8C8E 42EE AA16 FCBC A621 E701' - echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] \ - https://apt.releases.hashicorp.com jammy main" | \ - sudo tee /etc/apt/sources.list.d/hashicorp.list - sudo apt-get update - if [[ "${{ params.terraform-version }}" == "latest" ]]; then - sudo apt-get install terraform - else - sudo apt-get install terraform=${{ params.terraform-version }}-* - fi - sudo apt-get clean + curl --fail-with-body https://apt.releases.hashicorp.com/gpg | gpg --dearmor > hashicorp-archive-keyring.gpg + sudo mv hashicorp-archive-keyring.gpg /usr/share/keyrings + gpg --no-default-keyring \ + --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg \ + --fingerprint | \ + grep '798A EC65 4E5C 1542 8C8E 42EE AA16 FCBC A621 E701' + echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] \ + https://apt.releases.hashicorp.com jammy main" | \ + sudo tee /etc/apt/sources.list.d/hashicorp.list + sudo apt-get update + if [[ "${{ params.terraform-version }}" == "latest" ]]; then + sudo apt-get install terraform + else + sudo apt-get install terraform=${{ params.terraform-version }}-* + fi + sudo apt-get clean diff --git a/kubernetes/install-cli/rwx-ci-cd.config.yml b/kubernetes/install-cli/rwx-ci-cd.config.yml new file mode 100644 index 0000000..90d4873 --- /dev/null +++ b/kubernetes/install-cli/rwx-ci-cd.config.yml @@ -0,0 +1,12 @@ +--- +tests: +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/kubernetes/install-cli/rwx-package.yml b/kubernetes/install-cli/rwx-package.yml index b456d6e..5c01076 100644 --- a/kubernetes/install-cli/rwx-package.yml +++ b/kubernetes/install-cli/rwx-package.yml @@ -1,28 +1,27 @@ +--- name: kubernetes/install-cli -version: 1.0.5 +version: 1.0.6 description: Install the Kubernetes CLI (kubectl) source_code_url: https://github.com/rwx-cloud/packages/tree/main/kubernetes/install-cli issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: cli-version: - description: "Version of the CLI to install" - default: "latest" - + description: Version of the CLI to install + default: latest tasks: - - key: install - run: | - cli_version="${{ params.cli-version }}" - if [[ "$cli_version" == "latest" ]]; then - cli_version=$(curl --fail-with-body -L -s https://dl.k8s.io/release/stable.txt) - fi - cli_version="${cli_version#v}" +- key: install + run: | + cli_version="${{ params.cli-version }}" + if [[ "$cli_version" == "latest" ]]; then + cli_version=$(curl --fail-with-body -L -s https://dl.k8s.io/release/stable.txt) + fi + cli_version="${cli_version#v}" - curl --fail-with-body -LO "https://dl.k8s.io/release/v${cli_version}/bin/linux/amd64/kubectl" - curl --fail-with-body -LO "https://dl.k8s.io/release/v${cli_version}/bin/linux/amd64/kubectl.sha256" - echo "$(cat kubectl.sha256) kubectl" | sha256sum --check + curl --fail-with-body -LO "https://dl.k8s.io/release/v${cli_version}/bin/linux/amd64/kubectl" + curl --fail-with-body -LO "https://dl.k8s.io/release/v${cli_version}/bin/linux/amd64/kubectl.sha256" + echo "$(cat kubectl.sha256) kubectl" | sha256sum --check - sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl + sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl - rm kubectl kubectl.sha256 - kubectl version --client + rm kubectl kubectl.sha256 + kubectl version --client diff --git a/namespace/install-cli/rwx-ci-cd.config.yml b/namespace/install-cli/rwx-ci-cd.config.yml new file mode 100644 index 0000000..90d4873 --- /dev/null +++ b/namespace/install-cli/rwx-ci-cd.config.yml @@ -0,0 +1,12 @@ +--- +tests: +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/namespace/install-cli/rwx-package.yml b/namespace/install-cli/rwx-package.yml index 91d03e0..93323ee 100644 --- a/namespace/install-cli/rwx-package.yml +++ b/namespace/install-cli/rwx-package.yml @@ -1,28 +1,27 @@ +--- name: namespace/install-cli -version: 1.0.0 +version: 1.0.1 description: Install the Namespace CLI source_code_url: https://github.com/rwx-cloud/packages/tree/main/namespace/install-cli issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: cli-version: - description: "Version of the CLI to install" - default: "latest" - + description: Version of the CLI to install + default: latest tasks: - - key: install - run: | - export NS_ROOT=$(mktemp -d) - curl -fsSL -O https://get.namespace.so/cloud/install.sh - chmod +x ./install.sh - if [ "${{ params.cli-version }}" != "latest" ]; then - ./install.sh --version "${{ params.cli-version }}" - else - ./install.sh - fi - sudo install "$NS_ROOT/bin/nsc" /usr/local/bin - rm -rf "$NS_ROOT" - rm ./install.sh - nsc version - cache: - ttl: 1 day +- key: install + run: | + export NS_ROOT=$(mktemp -d) + curl -fsSL -O https://get.namespace.so/cloud/install.sh + chmod +x ./install.sh + if [ "${{ params.cli-version }}" != "latest" ]; then + ./install.sh --version "${{ params.cli-version }}" + else + ./install.sh + fi + sudo install "$NS_ROOT/bin/nsc" /usr/local/bin + rm -rf "$NS_ROOT" + rm ./install.sh + nsc version + cache: + ttl: 1 day diff --git a/namespace/login-hook/rwx-ci-cd.config.yml b/namespace/login-hook/rwx-ci-cd.config.yml new file mode 100644 index 0000000..90d4873 --- /dev/null +++ b/namespace/login-hook/rwx-ci-cd.config.yml @@ -0,0 +1,12 @@ +--- +tests: +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/namespace/login-hook/rwx-package.yml b/namespace/login-hook/rwx-package.yml index 35c4929..b88b761 100644 --- a/namespace/login-hook/rwx-package.yml +++ b/namespace/login-hook/rwx-package.yml @@ -1,66 +1,65 @@ +--- name: namespace/login-hook -version: 1.0.1 +version: 1.0.2 description: RWX hook to log in to Namespace source_code_url: https://github.com/rwx-cloud/packages/tree/main/namespace/login-hook issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: workspace-id: - description: "The Namespace workspace identifier." + description: The Namespace workspace identifier. required: true oidc-token-env-name: - description: "The environment variable name that contains the Namespace OIDC token." + description: The environment variable name that contains the Namespace OIDC token. default: NAMESPACE_OIDC_TOKEN - tasks: - - key: produce-login-hooks - run: | - set -u +- key: produce-login-hooks + run: | + set -u - PROFILE_NAME="$(echo "$NAMESPACE_WORKSPACE_ID" | tr -cd '[:alnum:]')" - BEFORE_HOOK="${RWX_HOOKS_BEFORE_TASK}/namespace-login--${PROFILE_NAME}.sh" - AFTER_HOOK="${RWX_HOOKS_AFTER_TASK}/namespace-login--${PROFILE_NAME}.sh" + PROFILE_NAME="$(echo "$NAMESPACE_WORKSPACE_ID" | tr -cd '[:alnum:]')" + BEFORE_HOOK="${RWX_HOOKS_BEFORE_TASK}/namespace-login--${PROFILE_NAME}.sh" + AFTER_HOOK="${RWX_HOOKS_AFTER_TASK}/namespace-login--${PROFILE_NAME}.sh" - cat <<'EOF' > "$BEFORE_HOOK" - #!/usr/bin/env bash - set -ueo pipefail + cat <<'EOF' > "$BEFORE_HOOK" + #!/usr/bin/env bash + set -ueo pipefail - _NAMESPACE_OIDC_TOKEN_ENV_VAR="${{ params.oidc-token-env-name }}" - declare -n _NAMESPACE_OIDC_TOKEN="$_NAMESPACE_OIDC_TOKEN_ENV_VAR" + _NAMESPACE_OIDC_TOKEN_ENV_VAR="${{ params.oidc-token-env-name }}" + declare -n _NAMESPACE_OIDC_TOKEN="$_NAMESPACE_OIDC_TOKEN_ENV_VAR" - if [ -z "${_NAMESPACE_OIDC_TOKEN-}" ]; then - echo "Skipping Namespace login because \$${{ params.oidc-token-env-name }} was not provided." - exit 0 - fi + if [ -z "${_NAMESPACE_OIDC_TOKEN-}" ]; then + echo "Skipping Namespace login because \$${{ params.oidc-token-env-name }} was not provided." + exit 0 + fi - if ! command -v nsc &> /dev/null; then - log_error "The Namespace CLI must be installed" - exit 1 - fi + if ! command -v nsc &> /dev/null; then + log_error "The Namespace CLI must be installed" + exit 1 + fi - echo "Logging in to Namespace with Workspace: ${{ params.workspace-id }}" - nsc auth exchange-oidc-token \ - --tenant_id "${{ params.workspace-id }}" \ - --token $_NAMESPACE_OIDC_TOKEN - EOF + echo "Logging in to Namespace with Workspace: ${{ params.workspace-id }}" + nsc auth exchange-oidc-token \ + --tenant_id "${{ params.workspace-id }}" \ + --token $_NAMESPACE_OIDC_TOKEN + EOF - cat <<'EOF' > "$AFTER_HOOK" - #!/usr/bin/env bash - set -ueo pipefail + cat <<'EOF' > "$AFTER_HOOK" + #!/usr/bin/env bash + set -ueo pipefail - _NAMESPACE_OIDC_TOKEN_ENV_VAR="${{ params.oidc-token-env-name }}" - declare -n _NAMESPACE_OIDC_TOKEN="$_NAMESPACE_OIDC_TOKEN_ENV_VAR" + _NAMESPACE_OIDC_TOKEN_ENV_VAR="${{ params.oidc-token-env-name }}" + declare -n _NAMESPACE_OIDC_TOKEN="$_NAMESPACE_OIDC_TOKEN_ENV_VAR" - if [ -z "${_NAMESPACE_OIDC_TOKEN-}" ]; then - echo "Skipping Namespace logout \$${{ params.oidc-token-env-name }} was not provided." - exit 0 - fi + if [ -z "${_NAMESPACE_OIDC_TOKEN-}" ]; then + echo "Skipping Namespace logout \$${{ params.oidc-token-env-name }} was not provided." + exit 0 + fi - echo "Logging out of Namespace with Workspace: ${{ params.workspace-id }}" - nsc logout - EOF + echo "Logging out of Namespace with Workspace: ${{ params.workspace-id }}" + nsc logout + EOF - chmod +x "$BEFORE_HOOK" - chmod +x "$AFTER_HOOK" - env: - NAMESPACE_WORKSPACE_ID: "${{ params.workspace-id }}" + chmod +x "$BEFORE_HOOK" + chmod +x "$AFTER_HOOK" + env: + NAMESPACE_WORKSPACE_ID: "${{ params.workspace-id }}" diff --git a/nodejs/install/rwx-ci-cd.config.yml b/nodejs/install/rwx-ci-cd.config.yml index 2ca6646..4e06ead 100644 --- a/nodejs/install/rwx-ci-cd.config.yml +++ b/nodejs/install/rwx-ci-cd.config.yml @@ -1,28 +1,36 @@ +--- tests: - - key: ubuntu-22-04-x86-64-1-1 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.1 - arch: x86_64 - - - key: ubuntu-22-04-arm64-1-1 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.1 - arch: arm64 - - - key: ubuntu-24-04-x86-64-1-2 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: x86_64 - - - key: ubuntu-24-04-arm64-1-2 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: arm64 +- key: ubuntu-22-04-x86-64-1-1 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.1 + arch: x86_64 +- key: ubuntu-22-04-arm64-1-1 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.1 + arch: arm64 +- key: ubuntu-24-04-x86-64-1-2 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: x86_64 +- key: ubuntu-24-04-arm64-1-2 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: arm64 +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/nodejs/install/rwx-package.yml b/nodejs/install/rwx-package.yml index 86f784a..b310fd6 100644 --- a/nodejs/install/rwx-package.yml +++ b/nodejs/install/rwx-package.yml @@ -1,27 +1,26 @@ +--- name: nodejs/install -version: 1.1.10 +version: 1.1.11 description: Install Node.js, the cross-platform JavaScript runtime environment source_code_url: https://github.com/rwx-cloud/packages/tree/main/nodejs/install issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: node-version: - description: "Version of node to install." + description: Version of node to install. required: false node-version-file: - description: "Path to node version file, eg. .node-version, .nvmrc, .tool-versions." + description: Path to node version file, eg. .node-version, .nvmrc, .tool-versions. required: false - tasks: - - key: install - run: | - source "$RWX_PACKAGE_PATH/mint-utils.sh" - if ! mint_os_package_manager_in apt; then - echo "Unsupported operating system or package manager \`$(mint_os_package_manager)\`" > "$(mktemp "$RWX_ERRORS/error-XXXX")" - exit 1 - fi +- key: install + run: | + source "$RWX_PACKAGE_PATH/mint-utils.sh" + if ! mint_os_package_manager_in apt; then + echo "Unsupported operating system or package manager \`$(mint_os_package_manager)\`" > "$(mktemp "$RWX_ERRORS/error-XXXX")" + exit 1 + fi - $RWX_PACKAGE_PATH/bin/install-node - env: - NODE_VERSION: ${{ params.node-version }} - NODE_VERSION_FILE: ${{ params.node-version-file }} + $RWX_PACKAGE_PATH/bin/install-node + env: + NODE_VERSION: "${{ params.node-version }}" + NODE_VERSION_FILE: "${{ params.node-version-file }}" diff --git a/python/install/rwx-ci-cd.config.yml b/python/install/rwx-ci-cd.config.yml index 2ca6646..4e06ead 100644 --- a/python/install/rwx-ci-cd.config.yml +++ b/python/install/rwx-ci-cd.config.yml @@ -1,28 +1,36 @@ +--- tests: - - key: ubuntu-22-04-x86-64-1-1 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.1 - arch: x86_64 - - - key: ubuntu-22-04-arm64-1-1 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.1 - arch: arm64 - - - key: ubuntu-24-04-x86-64-1-2 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: x86_64 - - - key: ubuntu-24-04-arm64-1-2 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: arm64 +- key: ubuntu-22-04-x86-64-1-1 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.1 + arch: x86_64 +- key: ubuntu-22-04-arm64-1-1 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.1 + arch: arm64 +- key: ubuntu-24-04-x86-64-1-2 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: x86_64 +- key: ubuntu-24-04-arm64-1-2 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: arm64 +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/python/install/rwx-package.yml b/python/install/rwx-package.yml index 5b38d9d..f91ac7e 100644 --- a/python/install/rwx-package.yml +++ b/python/install/rwx-package.yml @@ -1,127 +1,127 @@ +--- name: python/install -version: 1.3.10 -description: Install Python, a programming language that lets you work quickly and integrate systems more effectively +version: 1.3.11 +description: Install Python, a programming language that lets you work quickly and + integrate systems more effectively source_code_url: https://github.com/rwx-cloud/packages/tree/main/python/install issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: python-version: - description: "Version of Python to install" + description: Version of Python to install required: true pip-version: - description: "Version of pip to install" + description: Version of pip to install required: false setuptools-version: - description: "Version of setuptools to install" + description: Version of setuptools to install required: false - tasks: - - key: install-python - run: | - set -u - source "$RWX_PACKAGE_PATH/mint-utils.sh" - - # - # Check OS support - # - source "$RWX_PACKAGE_PATH/mint-utils.sh" - if ! mint_os_name_in ubuntu; then - echo "Unsupported operating system \`$(mint_os_name)\`" > "$(mktemp "$RWX_ERRORS/error-XXXX")" - exit 1 - fi - - # - # Ensure we have a python version - # - if [ "$PYTHON_VERSION" = "" ]; then - cat << EOF > $(mktemp "$RWX_ERRORS/error-XXXX") - Invalid parameters: \`python-version\` must be set. - EOF - exit 2 - fi - - # - # Install system dependencies - # - os_packages="ca-certificates libexpat1 libsqlite3-0 media-types readline-common tzdata" - if mint_os_version_lte 22.04; then - os_packages+=" libmpdec3 libreadline8 libssl3" - else - os_packages+=" libreadline8t64 libssl3t64 openssl" - fi - - sudo apt-get update - sudo apt-get install --no-upgrade $os_packages - sudo apt-get clean - - # - # Install Python - # - # Find the prebuilt Python - echo "Looking for Python $PYTHON_VERSION..." - escaped_version=$(echo "$PYTHON_VERSION" | sed "s/\./\\\\./g") # 3.2.2 => 3\.2\.2 - escaped_os=$(mint_os_name_version | sed "s/\./\\\\./g") - escaped_arch=$(mint_arch) - if [ "$escaped_arch" = "aarch64" ]; then - escaped_arch="arm64" - fi - - version_line=$(cat $RWX_PACKAGE_PATH/known-pythons.csv | { grep -E "^$escaped_version,[^,]+,[^,]+,$escaped_os,$escaped_arch" || test $? = 1; }) - if [[ -z "$version_line" ]]; then - cat << EOF > $(mktemp "$RWX_ERRORS/error-XXXX") - Python $PYTHON_VERSION is not available in this version of [python/install](https://www.rwx.com/docs/mint/packages/python/install) and OS. - Try upgrading to the most recent version of this package. If the Python version is still not available, [file an issue](https://github.com/rwx-cloud/packages/issues/new). - EOF - exit 3 - fi - echo "Found Python $PYTHON_VERSION!" - sha256sum=$(echo "$version_line" | cut -d, -f2) - path=$(echo "$version_line" | cut -d, -f3) - - # Download and extract the prebuilt Python - echo "Downloading Python $PYTHON_VERSION..." - curl -o layer.tar -fsSL "https://mint-prebuilt-binaries20240129200014482300000001.s3.us-east-2.amazonaws.com/mint/install-python/$path" - echo "$sha256sum layer.tar" | sha256sum --check --status - echo "Downloaded Python $PYTHON_VERSION!" - - echo "Extracting Python $PYTHON_VERSION..." - - ## Apply whiteouts - # - whiteouts=$(tar -tvf layer.tar | awk '$1 == "c---------" && $3 == "0,0"' | awk '{print $6}') - echo "$whiteouts" | xargs -I{} bash -c 'cd / && sudo rm -rf {}' - - ## Extract archive - # - echo "$whiteouts" > exclude.txt - echo "run/docker.sock" >> exclude.txt - echo "usr/sbin/docker-init" >> exclude.txt - sudo tar -C / -xf layer.tar -X exclude.txt - - echo "Extracted Python $PYTHON_VERSION!" - - # Add pip to PATH - echo "$HOME/.local/bin" >> "$RWX_ENV/PATH" - - # Update dynamic linker cache to pick up the new Python libraries - sudo ldconfig - - # cleanup - rm exclude.txt - rm layer.tar - - if [ -n "${PIP_VERSION}" ]; then - echo "Installing pip ${PIP_VERSION}" - pip install pip==$PIP_VERSION - pip --version - fi - - if [ -n "${SETUPTOOLS_VERSION}" ]; then - echo "Installing setuptools ${SETUPTOOLS_VERSION}" - pip install setuptools==$SETUPTOOLS_VERSION - pip show setuptools | grep Version - fi - env: - PIP_VERSION: ${{ params.pip-version }} - SETUPTOOLS_VERSION: ${{ params.setuptools-version }} - PYTHON_VERSION: ${{ params.python-version }} +- key: install-python + run: | + set -u + source "$RWX_PACKAGE_PATH/mint-utils.sh" + + # + # Check OS support + # + source "$RWX_PACKAGE_PATH/mint-utils.sh" + if ! mint_os_name_in ubuntu; then + echo "Unsupported operating system \`$(mint_os_name)\`" > "$(mktemp "$RWX_ERRORS/error-XXXX")" + exit 1 + fi + + # + # Ensure we have a python version + # + if [ "$PYTHON_VERSION" = "" ]; then + cat << EOF > $(mktemp "$RWX_ERRORS/error-XXXX") + Invalid parameters: \`python-version\` must be set. + EOF + exit 2 + fi + + # + # Install system dependencies + # + os_packages="ca-certificates libexpat1 libsqlite3-0 media-types readline-common tzdata" + if mint_os_version_lte 22.04; then + os_packages+=" libmpdec3 libreadline8 libssl3" + else + os_packages+=" libreadline8t64 libssl3t64 openssl" + fi + + sudo apt-get update + sudo apt-get install --no-upgrade $os_packages + sudo apt-get clean + + # + # Install Python + # + # Find the prebuilt Python + echo "Looking for Python $PYTHON_VERSION..." + escaped_version=$(echo "$PYTHON_VERSION" | sed "s/\./\\\\./g") # 3.2.2 => 3\.2\.2 + escaped_os=$(mint_os_name_version | sed "s/\./\\\\./g") + escaped_arch=$(mint_arch) + if [ "$escaped_arch" = "aarch64" ]; then + escaped_arch="arm64" + fi + + version_line=$(cat $RWX_PACKAGE_PATH/known-pythons.csv | { grep -E "^$escaped_version,[^,]+,[^,]+,$escaped_os,$escaped_arch" || test $? = 1; }) + if [[ -z "$version_line" ]]; then + cat << EOF > $(mktemp "$RWX_ERRORS/error-XXXX") + Python $PYTHON_VERSION is not available in this version of [python/install](https://www.rwx.com/docs/mint/packages/python/install) and OS. + Try upgrading to the most recent version of this package. If the Python version is still not available, [file an issue](https://github.com/rwx-cloud/packages/issues/new). + EOF + exit 3 + fi + echo "Found Python $PYTHON_VERSION!" + sha256sum=$(echo "$version_line" | cut -d, -f2) + path=$(echo "$version_line" | cut -d, -f3) + + # Download and extract the prebuilt Python + echo "Downloading Python $PYTHON_VERSION..." + curl -o layer.tar -fsSL "https://mint-prebuilt-binaries20240129200014482300000001.s3.us-east-2.amazonaws.com/mint/install-python/$path" + echo "$sha256sum layer.tar" | sha256sum --check --status + echo "Downloaded Python $PYTHON_VERSION!" + + echo "Extracting Python $PYTHON_VERSION..." + + ## Apply whiteouts + # + whiteouts=$(tar -tvf layer.tar | awk '$1 == "c---------" && $3 == "0,0"' | awk '{print $6}') + echo "$whiteouts" | xargs -I{} bash -c 'cd / && sudo rm -rf {}' + + ## Extract archive + # + echo "$whiteouts" > exclude.txt + echo "run/docker.sock" >> exclude.txt + echo "usr/sbin/docker-init" >> exclude.txt + sudo tar -C / -xf layer.tar -X exclude.txt + + echo "Extracted Python $PYTHON_VERSION!" + + # Add pip to PATH + echo "$HOME/.local/bin" >> "$RWX_ENV/PATH" + + # Update dynamic linker cache to pick up the new Python libraries + sudo ldconfig + + # cleanup + rm exclude.txt + rm layer.tar + + if [ -n "${PIP_VERSION}" ]; then + echo "Installing pip ${PIP_VERSION}" + pip install pip==$PIP_VERSION + pip --version + fi + + if [ -n "${SETUPTOOLS_VERSION}" ]; then + echo "Installing setuptools ${SETUPTOOLS_VERSION}" + pip install setuptools==$SETUPTOOLS_VERSION + pip show setuptools | grep Version + fi + env: + PIP_VERSION: "${{ params.pip-version }}" + SETUPTOOLS_VERSION: "${{ params.setuptools-version }}" + PYTHON_VERSION: "${{ params.python-version }}" diff --git a/render/deploy/rwx-ci-cd.config.yml b/render/deploy/rwx-ci-cd.config.yml new file mode 100644 index 0000000..90d4873 --- /dev/null +++ b/render/deploy/rwx-ci-cd.config.yml @@ -0,0 +1,12 @@ +--- +tests: +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/render/deploy/rwx-package.yml b/render/deploy/rwx-package.yml index c2f8710..5cdf6a0 100644 --- a/render/deploy/rwx-package.yml +++ b/render/deploy/rwx-package.yml @@ -1,92 +1,89 @@ +--- name: render/deploy -version: 1.0.5 +version: 1.0.6 description: Deploy to Render.com source_code_url: https://github.com/rwx-cloud/packages/tree/main/render/deploy issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: ref: - description: "The git ref to deploy." + description: The git ref to deploy. required: true render-api-key: - description: "API key for the Render API." + description: API key for the Render API. required: true service-name: - description: "Name of the Render service to deploy." + description: Name of the Render service to deploy. required: true - tasks: - - key: locate-service - cache: false - run: | - services=$(curl -s -X GET --fail \ - -H "Accept: application/json" \ - -H "Content-Type: application/json" \ - -H "Authorization: Bearer ${RENDER_API_KEY}" \ - --data-urlencode "name=${SERVICE_NAME}" \ - "https://api.render.com/v1/services") - - service_id=$(echo "$services" | jq -r ".[] | select(.service.name == \"${SERVICE_NAME}\") | .service.id") - - if [ -z "$service_id" ]; then - >&2 echo "Service not found: ${SERVICE_NAME}" - >&2 echo "Response:\n${services}" - exit 1 - fi +- key: locate-service + cache: false + run: | + services=$(curl -s -X GET --fail \ + -H "Accept: application/json" \ + -H "Content-Type: application/json" \ + -H "Authorization: Bearer ${RENDER_API_KEY}" \ + --data-urlencode "name=${SERVICE_NAME}" \ + "https://api.render.com/v1/services") - echo "$service_id" > "${RWX_VALUES}/service-id" - echo "Service ID: ${service_id}" - env: - RENDER_API_KEY: "${{ params.render-api-key }}" - SERVICE_NAME: "${{ params.service-name }}" + service_id=$(echo "$services" | jq -r ".[] | select(.service.name == \"${SERVICE_NAME}\") | .service.id") - - key: deploy - cache: false - run: | - deploy=$(curl -s --fail \ - -H "Accept: application/json" \ - -H "Content-Type: application/json" \ - -H "Authorization: Bearer ${RENDER_API_KEY}" \ - --data '{"commitId": "'"${GIT_REF}"'"}' \ - "https://api.render.com/v1/services/${SERVICE_ID}/deploys") + if [ -z "$service_id" ]; then + >&2 echo "Service not found: ${SERVICE_NAME}" + >&2 echo "Response:\n${services}" + exit 1 + fi - deploy_id=$(echo "$deploy" | jq -r '.id') + echo "$service_id" > "${RWX_VALUES}/service-id" + echo "Service ID: ${service_id}" + env: + RENDER_API_KEY: "${{ params.render-api-key }}" + SERVICE_NAME: "${{ params.service-name }}" +- key: deploy + cache: false + run: | + deploy=$(curl -s --fail \ + -H "Accept: application/json" \ + -H "Content-Type: application/json" \ + -H "Authorization: Bearer ${RENDER_API_KEY}" \ + --data '{"commitId": "'"${GIT_REF}"'"}' \ + "https://api.render.com/v1/services/${SERVICE_ID}/deploys") - if [ -z "$deploy_id" ]; then - >&2 echo "Deploy ID not found" - >&2 echo "Response:\n${deploy}" - exit 1 - fi + deploy_id=$(echo "$deploy" | jq -r '.id') - echo "$deploy_id" > "${RWX_VALUES}/deploy-id" - echo "Deploy ID: ${deploy_id}" - env: - GIT_REF: "${{ params.ref }}" - RENDER_API_KEY: "${{ params.render-api-key }}" - SERVICE_ID: "${{ tasks.locate-service.values.service-id }}" + if [ -z "$deploy_id" ]; then + >&2 echo "Deploy ID not found" + >&2 echo "Response:\n${deploy}" + exit 1 + fi - - key: wait-for-completion - timeout: 15m - run: | - echo "Polling for deploy completion..." - status="" + echo "$deploy_id" > "${RWX_VALUES}/deploy-id" + echo "Deploy ID: ${deploy_id}" + env: + GIT_REF: "${{ params.ref }}" + RENDER_API_KEY: "${{ params.render-api-key }}" + SERVICE_ID: "${{ tasks.locate-service.values.service-id }}" +- key: wait-for-completion + timeout: 15m + run: | + echo "Polling for deploy completion..." + status="" - while true; do - deploy=$(curl -s --fail \ - -H "Accept: application/json" \ - -H "Authorization: Bearer ${RENDER_API_KEY}" \ - "https://api.render.com/v1/services/${SERVICE_ID}/deploys/${DEPLOY_ID}") + while true; do + deploy=$(curl -s --fail \ + -H "Accept: application/json" \ + -H "Authorization: Bearer ${RENDER_API_KEY}" \ + "https://api.render.com/v1/services/${SERVICE_ID}/deploys/${DEPLOY_ID}") - status=$(echo "$deploy" | jq -r '.status') - finished_at=$(echo "$deploy" | jq -r '.finishedAt') - echo "Status: ${status}" + status=$(echo "$deploy" | jq -r '.status') + finished_at=$(echo "$deploy" | jq -r '.finishedAt') + echo "Status: ${status}" - [ "$finished_at" != "null" ] && break || sleep 2 - done + [ "$finished_at" != "null" ] && break || sleep 2 + done - echo "Deploy finished at ${finished_at}" - [ "${status}" == "live" ] || exit 1 - env: - RENDER_API_KEY: "${{ params.render-api-key }}" - SERVICE_ID: "${{ tasks.locate-service.values.service-id }}" - DEPLOY_ID: "${{ tasks.deploy.values.deploy-id }}" + echo "Deploy finished at ${finished_at}" + [ "${status}" == "live" ] || exit 1 + env: + RENDER_API_KEY: "${{ params.render-api-key }}" + SERVICE_ID: "${{ tasks.locate-service.values.service-id }}" + DEPLOY_ID: "${{ tasks.deploy.values.deploy-id }}" diff --git a/ruby/install/rwx-ci-cd.config.yml b/ruby/install/rwx-ci-cd.config.yml index ec215eb..954c522 100644 --- a/ruby/install/rwx-ci-cd.config.yml +++ b/ruby/install/rwx-ci-cd.config.yml @@ -1,28 +1,36 @@ +--- tests: - - key: ubuntu-22-04-x86-64 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.2 - arch: x86_64 - - - key: ubuntu-22-04-arm64 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.2 - arch: arm64 - - - key: ubuntu-24-04-x86-64 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: x86_64 - - - key: ubuntu-24-04-arm64 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: arm64 +- key: ubuntu-22-04-x86-64 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.2 + arch: x86_64 +- key: ubuntu-22-04-arm64 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.2 + arch: arm64 +- key: ubuntu-24-04-x86-64 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: x86_64 +- key: ubuntu-24-04-arm64 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: arm64 +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/ruby/install/rwx-package.yml b/ruby/install/rwx-package.yml index 85dd88c..f300222 100644 --- a/ruby/install/rwx-package.yml +++ b/ruby/install/rwx-package.yml @@ -1,134 +1,134 @@ +--- name: ruby/install -version: 1.2.13 -description: Install Ruby, a dynamic programming language with a focus on simplicity and productivity +version: 1.2.14 +description: Install Ruby, a dynamic programming language with a focus on simplicity + and productivity source_code_url: https://github.com/rwx-cloud/packages/tree/main/ruby/install issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: ruby-version: - description: "Version of Ruby to install" + description: Version of Ruby to install required: false ruby-version-file: - description: "File containing version of Ruby to install, commonly .ruby-version" + description: File containing version of Ruby to install, commonly .ruby-version required: false - tasks: - - key: install-ruby - run: | - set -u - - # - # Check OS support - # - source "$RWX_PACKAGE_PATH/mint-utils.sh" - if ! mint_os_package_manager_in apt; then - echo "Unsupported operating system or package manager \`$(mint_os_package_manager)\`" > "$(mktemp "$RWX_ERRORS/error-XXXX")" - exit 1 +- key: install-ruby + run: | + set -u + + # + # Check OS support + # + source "$RWX_PACKAGE_PATH/mint-utils.sh" + if ! mint_os_package_manager_in apt; then + echo "Unsupported operating system or package manager \`$(mint_os_package_manager)\`" > "$(mktemp "$RWX_ERRORS/error-XXXX")" + exit 1 + fi + + # + # Ensure we have a ruby version + # + if [ "$RUBY_VERSION" = "" ]; then + if [ "$RUBY_VERSION_FILE" = "" ]; then + cat << EOF > $(mktemp "$RWX_ERRORS/error-XXXX") + Invalid parameters: \`ruby-version\` or \`ruby-version-file\` must be set. + EOF + exit 2 fi - # - # Ensure we have a ruby version - # + RUBY_VERSION="$(cat "$RUBY_VERSION_FILE" | sed 's/ruby-//')" if [ "$RUBY_VERSION" = "" ]; then - if [ "$RUBY_VERSION_FILE" = "" ]; then - cat << EOF > $(mktemp "$RWX_ERRORS/error-XXXX") - Invalid parameters: \`ruby-version\` or \`ruby-version-file\` must be set. - EOF - exit 2 - fi - - RUBY_VERSION="$(cat "$RUBY_VERSION_FILE" | sed 's/ruby-//')" - if [ "$RUBY_VERSION" = "" ]; then - cat << EOF > $(mktemp "$RWX_ERRORS/error-XXXX") - Invalid parameters: the contents of \`ruby-version-file\` did not specify a Ruby version. - EOF - exit 2 - fi - fi - - # - # Install system packages - # - tmp_dir=$(mktemp -d) - - sudo apt-get update - sudo apt-get install --no-upgrade -y make xz-utils build-essential bison zlib1g-dev libyaml-dev libgdbm-dev libreadline-dev libncurses-dev libffi-dev - - # Rubies before 3.1 require OpenSSL 1.x - if [[ "${RUBY_VERSION:0:3}" == "3.0" || "${RUBY_VERSION:0:2}" == "2." ]]; then - pushd "$tmp_dir" - - curl -fsSLO http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb - curl -fsSLO http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_1.1.1f-1ubuntu2_amd64.deb - curl -fsSLO http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_1.1.1f-1ubuntu2_amd64.deb - - sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb - sudo dpkg -i libssl-dev_1.1.1f-1ubuntu2_amd64.deb - sudo dpkg -i openssl_1.1.1f-1ubuntu2_amd64.deb - rm -f *.deb - popd - else - sudo apt-get install --no-upgrade -y libssl-dev - fi - - rm -rf "$tmp_dir" - sudo apt-get clean - - # - # Install Ruby - # - # Find the prebuilt Ruby - echo "Looking for Ruby $RUBY_VERSION..." - source "$RWX_PACKAGE_PATH/mint-utils.sh" - escaped_version=$(echo "$RUBY_VERSION" | sed "s/\./\\\\./g") # 3.2.2 => 3\.2\.2 - escaped_os=$(mint_os_name_version | sed "s/\./\\\\./g") - escaped_arch=$(mint_arch) - if [ "$escaped_arch" = "aarch64" ]; then - escaped_arch="arm64" - fi - - version_line=$(cat $RWX_PACKAGE_PATH/known-rubies.csv | { grep -E "^$escaped_version,[^,]+,[^,]+,$escaped_os,$escaped_arch" || test $? = 1; }) - if [[ -z "$version_line" ]]; then cat << EOF > $(mktemp "$RWX_ERRORS/error-XXXX") - Ruby $RUBY_VERSION is not available in this version of [ruby/install](https://www.rwx.com/docs/mint/packages/ruby/install) and OS. - Try upgrading to the most recent version of this package. If the Ruby version is still not available, [file an issue](https://github.com/rwx-cloud/packages/issues/new). - EOF - exit 3 + Invalid parameters: the contents of \`ruby-version-file\` did not specify a Ruby version. + EOF + exit 2 fi - echo "Found Ruby $RUBY_VERSION!" - sha256sum=$(echo "$version_line" | cut -d, -f2) - path=$(echo "$version_line" | cut -d, -f3) - - # Download and extract the prebuilt Ruby - echo "Downloading Ruby $RUBY_VERSION..." - curl -o layer.tar -fsSL "https://mint-prebuilt-binaries20240129200014482300000001.s3.us-east-2.amazonaws.com/mint/install-ruby/$path" - echo "$sha256sum layer.tar" | sha256sum --check --status - echo "Downloaded Ruby $RUBY_VERSION!" - - echo "Extracting Ruby $RUBY_VERSION..." - - ## Apply whiteouts - # - whiteouts=$(tar -tvf layer.tar | awk '$1 == "c---------" && $3 == "0,0"' | awk '{print $6}') - echo "$whiteouts" | xargs -I{} bash -c 'cd / && sudo rm -rf {}' - - ## Extract archive - # - echo "$whiteouts" > exclude.txt - echo "run/docker.sock" >> exclude.txt - echo "usr/sbin/docker-init" >> exclude.txt - sudo tar -C / -xf layer.tar -X exclude.txt - - echo "Extracted Ruby $RUBY_VERSION!" - - # Add Ruby to PATH - path_to_ruby="$HOME/.rubies/ruby-$RUBY_VERSION/bin" - echo "Adding $path_to_ruby to \$PATH" - echo "$path_to_ruby" >> "$RWX_ENV/PATH" - - # cleanup - rm exclude.txt - rm layer.tar - env: - RUBY_VERSION: ${{ params.ruby-version }} - RUBY_VERSION_FILE: ${{ params.ruby-version-file }} + fi + + # + # Install system packages + # + tmp_dir=$(mktemp -d) + + sudo apt-get update + sudo apt-get install --no-upgrade -y make xz-utils build-essential bison zlib1g-dev libyaml-dev libgdbm-dev libreadline-dev libncurses-dev libffi-dev + + # Rubies before 3.1 require OpenSSL 1.x + if [[ "${RUBY_VERSION:0:3}" == "3.0" || "${RUBY_VERSION:0:2}" == "2." ]]; then + pushd "$tmp_dir" + + curl -fsSLO http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb + curl -fsSLO http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_1.1.1f-1ubuntu2_amd64.deb + curl -fsSLO http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_1.1.1f-1ubuntu2_amd64.deb + + sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb + sudo dpkg -i libssl-dev_1.1.1f-1ubuntu2_amd64.deb + sudo dpkg -i openssl_1.1.1f-1ubuntu2_amd64.deb + rm -f *.deb + popd + else + sudo apt-get install --no-upgrade -y libssl-dev + fi + + rm -rf "$tmp_dir" + sudo apt-get clean + + # + # Install Ruby + # + # Find the prebuilt Ruby + echo "Looking for Ruby $RUBY_VERSION..." + source "$RWX_PACKAGE_PATH/mint-utils.sh" + escaped_version=$(echo "$RUBY_VERSION" | sed "s/\./\\\\./g") # 3.2.2 => 3\.2\.2 + escaped_os=$(mint_os_name_version | sed "s/\./\\\\./g") + escaped_arch=$(mint_arch) + if [ "$escaped_arch" = "aarch64" ]; then + escaped_arch="arm64" + fi + + version_line=$(cat $RWX_PACKAGE_PATH/known-rubies.csv | { grep -E "^$escaped_version,[^,]+,[^,]+,$escaped_os,$escaped_arch" || test $? = 1; }) + if [[ -z "$version_line" ]]; then + cat << EOF > $(mktemp "$RWX_ERRORS/error-XXXX") + Ruby $RUBY_VERSION is not available in this version of [ruby/install](https://www.rwx.com/docs/mint/packages/ruby/install) and OS. + Try upgrading to the most recent version of this package. If the Ruby version is still not available, [file an issue](https://github.com/rwx-cloud/packages/issues/new). + EOF + exit 3 + fi + echo "Found Ruby $RUBY_VERSION!" + sha256sum=$(echo "$version_line" | cut -d, -f2) + path=$(echo "$version_line" | cut -d, -f3) + + # Download and extract the prebuilt Ruby + echo "Downloading Ruby $RUBY_VERSION..." + curl -o layer.tar -fsSL "https://mint-prebuilt-binaries20240129200014482300000001.s3.us-east-2.amazonaws.com/mint/install-ruby/$path" + echo "$sha256sum layer.tar" | sha256sum --check --status + echo "Downloaded Ruby $RUBY_VERSION!" + + echo "Extracting Ruby $RUBY_VERSION..." + + ## Apply whiteouts + # + whiteouts=$(tar -tvf layer.tar | awk '$1 == "c---------" && $3 == "0,0"' | awk '{print $6}') + echo "$whiteouts" | xargs -I{} bash -c 'cd / && sudo rm -rf {}' + + ## Extract archive + # + echo "$whiteouts" > exclude.txt + echo "run/docker.sock" >> exclude.txt + echo "usr/sbin/docker-init" >> exclude.txt + sudo tar -C / -xf layer.tar -X exclude.txt + + echo "Extracted Ruby $RUBY_VERSION!" + + # Add Ruby to PATH + path_to_ruby="$HOME/.rubies/ruby-$RUBY_VERSION/bin" + echo "Adding $path_to_ruby to \$PATH" + echo "$path_to_ruby" >> "$RWX_ENV/PATH" + + # cleanup + rm exclude.txt + rm layer.tar + env: + RUBY_VERSION: "${{ params.ruby-version }}" + RUBY_VERSION_FILE: "${{ params.ruby-version-file }}" diff --git a/rust-lang/install/rwx-ci-cd.config.yml b/rust-lang/install/rwx-ci-cd.config.yml new file mode 100644 index 0000000..90d4873 --- /dev/null +++ b/rust-lang/install/rwx-ci-cd.config.yml @@ -0,0 +1,12 @@ +--- +tests: +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/rust-lang/install/rwx-package.yml b/rust-lang/install/rwx-package.yml index 6ca6e2e..4ba4a2d 100644 --- a/rust-lang/install/rwx-package.yml +++ b/rust-lang/install/rwx-package.yml @@ -1,126 +1,126 @@ +--- name: rust-lang/install -version: 1.0.5 -description: Install Rust, a language empowering everyone to build reliable and efficient software. +version: 1.0.6 +description: Install Rust, a language empowering everyone to build reliable and efficient + software. source_code_url: https://github.com/rwx-cloud/packages/tree/main/rust-lang/install issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: rust-version: - description: "Version of Rust to install" + description: Version of Rust to install required: true - tasks: - - key: install - run: | - # Download rustup and signature - rustup_url="https://static.rust-lang.org/dist/rust-${RUST_VERSION}-$(uname -p)-unknown-linux-gnu.tar.gz" - curl -o rustup.tar.gz --fail-with-body -sSL "${rustup_url}" - curl -o rustup.tar.gz.asc --fail-with-body -sSL "${rustup_url}.asc" +- key: install + run: | + # Download rustup and signature + rustup_url="https://static.rust-lang.org/dist/rust-${RUST_VERSION}-$(uname -p)-unknown-linux-gnu.tar.gz" + curl -o rustup.tar.gz --fail-with-body -sSL "${rustup_url}" + curl -o rustup.tar.gz.asc --fail-with-body -sSL "${rustup_url}.asc" - # Verify GPG signature - export GNUPGHOME="$(mktemp -d)" - # This key comes from https://forge.rust-lang.org/infra/archive-stable-version-installers.html - cat < "${RWX_ENV}/PATH" - env: - RUST_VERSION: ${{ params.rust-version }} + echo "Installed Rust and components" + rustc --version + cargo --version + echo "~/.cargo/bin" > "${RWX_ENV}/PATH" + env: + RUST_VERSION: "${{ params.rust-version }}" diff --git a/rwx/base/rwx-ci-cd.config.yml b/rwx/base/rwx-ci-cd.config.yml index 70e4941..7ffbc24 100644 --- a/rwx/base/rwx-ci-cd.config.yml +++ b/rwx/base/rwx-ci-cd.config.yml @@ -1,18 +1,27 @@ +--- tests: - - key: ubuntu-20-04 - template: rwx-ci-cd.template.yml - base: - image: ubuntu:20.04 - config: none - - - key: ubuntu-22-04 - template: rwx-ci-cd.template.yml - base: - image: ubuntu:22.04 - config: none - - - key: ubuntu-24-04 - template: rwx-ci-cd.template.yml - base: - image: ubuntu:24.04 - config: none +- key: ubuntu-20-04 + template: rwx-ci-cd.template.yml + base: + image: ubuntu:20.04 + config: none +- key: ubuntu-22-04 + template: rwx-ci-cd.template.yml + base: + image: ubuntu:22.04 + config: none +- key: ubuntu-24-04 + template: rwx-ci-cd.template.yml + base: + image: ubuntu:24.04 + config: none +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/rwx/base/rwx-package.yml b/rwx/base/rwx-package.yml index 9fda2af..fb16b64 100644 --- a/rwx/base/rwx-package.yml +++ b/rwx/base/rwx-package.yml @@ -1,46 +1,45 @@ +--- name: rwx/base -version: 1.0.0 +version: 1.0.1 description: The default base image configuration source_code_url: https://github.com/rwx-cloud/packages/tree/main/rwx/base issue_tracker_url: https://github.com/rwx-cloud/packages/issues - tasks: - - key: configure - run: | - source "$RWX_PACKAGE_PATH/scripts/mint-utils.sh" - - supported_os_version=("ubuntu 20.04" "ubuntu 22.04" "ubuntu 24.04") - current_os_version="$(mint_os_name_version)" - - supported=false - for os_v in "${supported_os_version[@]}"; do - if [[ "$current_os_version" == "$os_v" ]]; then - supported=true - break - fi - done - - if $supported; then - echo "Configuring $current_os_version" - else - error_file="$(mktemp "$RWX_ERRORS/error-XXXX")" - echo -e "Operating system not supported by `rwx/base`: ${current_os_version}\n" | tee -a $error_file - echo "You can pass \`config: none\` to use the image without the RWX base configuration" | tee -a $error_file - exit 1 +- key: configure + run: | + source "$RWX_PACKAGE_PATH/scripts/mint-utils.sh" + + supported_os_version=("ubuntu 20.04" "ubuntu 22.04" "ubuntu 24.04") + current_os_version="$(mint_os_name_version)" + + supported=false + for os_v in "${supported_os_version[@]}"; do + if [[ "$current_os_version" == "$os_v" ]]; then + supported=true + break fi - - export DEBIAN_FRONTEND=noniteractive - - echo "LANG=C.UTF-8" > /etc/default/locale - cat /etc/default/locale >> /etc/environment - - ${RWX_PACKAGE_PATH}/scripts/apt-install.sh - ${RWX_PACKAGE_PATH}/scripts/user.sh - ${RWX_PACKAGE_PATH}/scripts/configure.sh - echo ubuntu | tee $RWX_IMAGE/user - - - key: docker - use: configure - run: | - sudo --preserve-env ${RWX_PACKAGE_PATH}/scripts/docker.sh - docker --version + done + + if $supported; then + echo "Configuring $current_os_version" + else + error_file="$(mktemp "$RWX_ERRORS/error-XXXX")" + echo -e "Operating system not supported by `rwx/base`: ${current_os_version}\n" | tee -a $error_file + echo "You can pass \`config: none\` to use the image without the RWX base configuration" | tee -a $error_file + exit 1 + fi + + export DEBIAN_FRONTEND=noniteractive + + echo "LANG=C.UTF-8" > /etc/default/locale + cat /etc/default/locale >> /etc/environment + + ${RWX_PACKAGE_PATH}/scripts/apt-install.sh + ${RWX_PACKAGE_PATH}/scripts/user.sh + ${RWX_PACKAGE_PATH}/scripts/configure.sh + echo ubuntu | tee $RWX_IMAGE/user +- key: docker + use: configure + run: | + sudo --preserve-env ${RWX_PACKAGE_PATH}/scripts/docker.sh + docker --version diff --git a/rwx/bootstrap/rwx-ci-cd.config.yml b/rwx/bootstrap/rwx-ci-cd.config.yml new file mode 100644 index 0000000..90d4873 --- /dev/null +++ b/rwx/bootstrap/rwx-ci-cd.config.yml @@ -0,0 +1,12 @@ +--- +tests: +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/rwx/bootstrap/rwx-package.yml b/rwx/bootstrap/rwx-package.yml index 196359a..2a5453b 100644 --- a/rwx/bootstrap/rwx-package.yml +++ b/rwx/bootstrap/rwx-package.yml @@ -1,17 +1,16 @@ +--- name: rwx/bootstrap -version: 1.1.0 +version: 1.1.1 description: Used internally in RWX to bootstrap base images source_code_url: https://github.com/rwx-cloud/packages/tree/main/rwx/bootstrap issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: image: - description: "The container image to use as a base image" + description: The container image to use as a base image required: true - tasks: - - key: bootstrap - run: $RWX_PACKAGE_PATH/bootstrap.sh - docker: true - env: - IMAGE: ${{ params.image }} +- key: bootstrap + run: "$RWX_PACKAGE_PATH/bootstrap.sh" + docker: true + env: + IMAGE: "${{ params.image }}" diff --git a/rwx/greeting/rwx-ci-cd.config.yml b/rwx/greeting/rwx-ci-cd.config.yml new file mode 100644 index 0000000..90d4873 --- /dev/null +++ b/rwx/greeting/rwx-ci-cd.config.yml @@ -0,0 +1,12 @@ +--- +tests: +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/rwx/greeting/rwx-package.yml b/rwx/greeting/rwx-package.yml index 779a949..833b609 100644 --- a/rwx/greeting/rwx-package.yml +++ b/rwx/greeting/rwx-package.yml @@ -1,14 +1,13 @@ +--- name: rwx/greeting -version: 1.0.5 +version: 1.0.6 description: Says hello, for testing and demonstration purposes source_code_url: https://github.com/rwx-cloud/packages/tree/main/rwx/greeting issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: name: - description: "Name to greet" + description: Name to greet required: true - tasks: - - key: greet - run: echo hello ${{ params.name }}! +- key: greet + run: echo hello ${{ params.name }}! diff --git a/rwx/install-abq/rwx-ci-cd.config.yml b/rwx/install-abq/rwx-ci-cd.config.yml index 2ca6646..4e06ead 100644 --- a/rwx/install-abq/rwx-ci-cd.config.yml +++ b/rwx/install-abq/rwx-ci-cd.config.yml @@ -1,28 +1,36 @@ +--- tests: - - key: ubuntu-22-04-x86-64-1-1 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.1 - arch: x86_64 - - - key: ubuntu-22-04-arm64-1-1 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.1 - arch: arm64 - - - key: ubuntu-24-04-x86-64-1-2 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: x86_64 - - - key: ubuntu-24-04-arm64-1-2 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: arm64 +- key: ubuntu-22-04-x86-64-1-1 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.1 + arch: x86_64 +- key: ubuntu-22-04-arm64-1-1 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.1 + arch: arm64 +- key: ubuntu-24-04-x86-64-1-2 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: x86_64 +- key: ubuntu-24-04-arm64-1-2 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: arm64 +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/rwx/install-abq/rwx-package.yml b/rwx/install-abq/rwx-package.yml index 6a48398..7eb5899 100644 --- a/rwx/install-abq/rwx-package.yml +++ b/rwx/install-abq/rwx-package.yml @@ -1,30 +1,31 @@ +--- name: rwx/install-abq -version: 1.1.6 -description: ABQ is a universal test runner that runs test suites in parallel. It’s the best tool for splitting test suites into parallel jobs in CI. +version: 1.1.7 +description: ABQ is a universal test runner that runs test suites in parallel. It’s + the best tool for splitting test suites into parallel jobs in CI. source_code_url: https://github.com/rwx-cloud/packages/tree/main/rwx/install-abq issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: rwx-access-token: - description: "RWX_ACCESS_TOKEN used to authenticate into ABQ. If not specified, the Mint default RWX_ACCESS_TOKEN for your organization is used." + description: RWX_ACCESS_TOKEN used to authenticate into ABQ. If not specified, + the Mint default RWX_ACCESS_TOKEN for your organization is used. required: false - tasks: - - key: install - run: | - install_id=mint-$(date +%F) - if [[ "$RWX_ACCESS_TOKEN_PARAM" != "" ]]; then - export RWX_ACCESS_TOKEN="$RWX_ACCESS_TOKEN_PARAM" - fi - tmp="$(mktemp -d)/abq" - curl -o $tmp -fsSL \ - -H "Authorization: Bearer $RWX_ACCESS_TOKEN" \ - "https://cloud.rwx.com/abq/api/releases/v1/Linux/$(uname -p)/abq?install_id=${install_id}" - sudo install $tmp /usr/local/bin - rm $tmp - abq --version - cache: - enabled: true - ttl: 1 day - env: - RWX_ACCESS_TOKEN_PARAM: ${{ params.rwx-access-token }} +- key: install + run: | + install_id=mint-$(date +%F) + if [[ "$RWX_ACCESS_TOKEN_PARAM" != "" ]]; then + export RWX_ACCESS_TOKEN="$RWX_ACCESS_TOKEN_PARAM" + fi + tmp="$(mktemp -d)/abq" + curl -o $tmp -fsSL \ + -H "Authorization: Bearer $RWX_ACCESS_TOKEN" \ + "https://cloud.rwx.com/abq/api/releases/v1/Linux/$(uname -p)/abq?install_id=${install_id}" + sudo install $tmp /usr/local/bin + rm $tmp + abq --version + cache: + enabled: true + ttl: 1 day + env: + RWX_ACCESS_TOKEN_PARAM: "${{ params.rwx-access-token }}" diff --git a/rwx/install-captain/rwx-ci-cd.config.yml b/rwx/install-captain/rwx-ci-cd.config.yml index 2ca6646..4e06ead 100644 --- a/rwx/install-captain/rwx-ci-cd.config.yml +++ b/rwx/install-captain/rwx-ci-cd.config.yml @@ -1,28 +1,36 @@ +--- tests: - - key: ubuntu-22-04-x86-64-1-1 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.1 - arch: x86_64 - - - key: ubuntu-22-04-arm64-1-1 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.1 - arch: arm64 - - - key: ubuntu-24-04-x86-64-1-2 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: x86_64 - - - key: ubuntu-24-04-arm64-1-2 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: arm64 +- key: ubuntu-22-04-x86-64-1-1 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.1 + arch: x86_64 +- key: ubuntu-22-04-arm64-1-1 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.1 + arch: arm64 +- key: ubuntu-24-04-x86-64-1-2 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: x86_64 +- key: ubuntu-24-04-arm64-1-2 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: arm64 +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/rwx/install-captain/rwx-package.yml b/rwx/install-captain/rwx-package.yml index f66926d..70b2f52 100644 --- a/rwx/install-captain/rwx-package.yml +++ b/rwx/install-captain/rwx-package.yml @@ -1,24 +1,24 @@ +--- name: rwx/install-captain -version: 1.1.2 -description: Captain is an open source CLI that can detect and quarantine flaky tests, automatically retry failed tests, partition files for parallel execution, and more. +version: 1.1.3 +description: Captain is an open source CLI that can detect and quarantine flaky tests, + automatically retry failed tests, partition files for parallel execution, and more. source_code_url: https://github.com/rwx-cloud/packages/tree/main/rwx/install-captain issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: captain-version: - description: "Version of the Captain CLI to install" - default: "v2" - + description: Version of the Captain CLI to install + default: v2 tasks: - - key: install - run: | - tmp="$(mktemp -d)/captain" - curl -o "$tmp" -fsSL "https://releases.captain.build/${CAPTAIN_VERSION}/linux/$(uname -p)/captain" - sudo install "$tmp" /usr/local/bin - rm "$tmp" - captain --version - cache: - enabled: true - ttl: 1 day - env: - CAPTAIN_VERSION: ${{ params.captain-version }} +- key: install + run: | + tmp="$(mktemp -d)/captain" + curl -o "$tmp" -fsSL "https://releases.captain.build/${CAPTAIN_VERSION}/linux/$(uname -p)/captain" + sudo install "$tmp" /usr/local/bin + rm "$tmp" + captain --version + cache: + enabled: true + ttl: 1 day + env: + CAPTAIN_VERSION: "${{ params.captain-version }}" diff --git a/rwx/install-cli/rwx-ci-cd.config.yml b/rwx/install-cli/rwx-ci-cd.config.yml index 2ca6646..4e06ead 100644 --- a/rwx/install-cli/rwx-ci-cd.config.yml +++ b/rwx/install-cli/rwx-ci-cd.config.yml @@ -1,28 +1,36 @@ +--- tests: - - key: ubuntu-22-04-x86-64-1-1 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.1 - arch: x86_64 - - - key: ubuntu-22-04-arm64-1-1 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.1 - arch: arm64 - - - key: ubuntu-24-04-x86-64-1-2 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: x86_64 - - - key: ubuntu-24-04-arm64-1-2 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: arm64 +- key: ubuntu-22-04-x86-64-1-1 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.1 + arch: x86_64 +- key: ubuntu-22-04-arm64-1-1 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.1 + arch: arm64 +- key: ubuntu-24-04-x86-64-1-2 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: x86_64 +- key: ubuntu-24-04-arm64-1-2 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: arm64 +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/rwx/install-cli/rwx-package.yml b/rwx/install-cli/rwx-package.yml index 16c98f5..430ca41 100644 --- a/rwx/install-cli/rwx-package.yml +++ b/rwx/install-cli/rwx-package.yml @@ -1,24 +1,23 @@ +--- name: rwx/install-cli -version: 2.0.2 +version: 2.0.3 description: Install the RWX CLI source_code_url: https://github.com/rwx-cloud/packages/tree/main/rwx/install-cli issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: cli-version: - description: "Version of the CLI to install" - default: "v1" - + description: Version of the CLI to install + default: v1 tasks: - - key: install - run: | - tmp="$(mktemp -d)/rwx" - curl -o "$tmp" -fsSL "https://github.com/rwx-cloud/cli/releases/download/${CLI_VERSION_PARAM}/rwx-linux-$(uname -p)" - sudo install "$tmp" /usr/local/bin - rm "$tmp" - rwx --version - cache: - enabled: true - ttl: 1 day - env: - CLI_VERSION_PARAM: ${{ params.cli-version }} +- key: install + run: | + tmp="$(mktemp -d)/rwx" + curl -o "$tmp" -fsSL "https://github.com/rwx-cloud/cli/releases/download/${CLI_VERSION_PARAM}/rwx-linux-$(uname -p)" + sudo install "$tmp" /usr/local/bin + rm "$tmp" + rwx --version + cache: + enabled: true + ttl: 1 day + env: + CLI_VERSION_PARAM: "${{ params.cli-version }}" diff --git a/rwx/tool-versions/rwx-ci-cd.config.yml b/rwx/tool-versions/rwx-ci-cd.config.yml new file mode 100644 index 0000000..90d4873 --- /dev/null +++ b/rwx/tool-versions/rwx-ci-cd.config.yml @@ -0,0 +1,12 @@ +--- +tests: +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/rwx/tool-versions/rwx-package.yml b/rwx/tool-versions/rwx-package.yml index 5d68b87..c19d58e 100644 --- a/rwx/tool-versions/rwx-package.yml +++ b/rwx/tool-versions/rwx-package.yml @@ -1,21 +1,20 @@ +--- name: rwx/tool-versions -version: 1.0.5 +version: 1.0.6 description: Extract tool versions from a .tool-versions file. source_code_url: https://github.com/rwx-cloud/packages/tree/main/rwx/tool-versions issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: tool-versions-file: - description: "Path to .tool-versions" + description: Path to .tool-versions default: ".tool-versions" - outputs: - values-from: [determine-versions] - + values-from: + - determine-versions tasks: - - key: determine-versions - run: | - sed -e 's/\s*#.*$//' -e '/^\s*$/d' -e 's/^\s\+//' "${{ params.tool-versions-file }}" | tr -s ' ' | cut -d' ' -f-2 | while IFS=' ' read -r tool version ; do - echo "$tool = $version" - printf "$version" > "${RWX_VALUES}/${tool}" - done +- key: determine-versions + run: | + sed -e 's/\s*#.*$//' -e '/^\s*$/d' -e 's/^\s\+//' "${{ params.tool-versions-file }}" | tr -s ' ' | cut -d' ' -f-2 | while IFS=' ' read -r tool version ; do + echo "$tool = $version" + printf "$version" > "${RWX_VALUES}/${tool}" + done diff --git a/rwx/update-packages-github/rwx-ci-cd.config.yml b/rwx/update-packages-github/rwx-ci-cd.config.yml new file mode 100644 index 0000000..90d4873 --- /dev/null +++ b/rwx/update-packages-github/rwx-ci-cd.config.yml @@ -0,0 +1,12 @@ +--- +tests: +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/rwx/update-packages-github/rwx-package.yml b/rwx/update-packages-github/rwx-package.yml index 98b4c38..e52b930 100644 --- a/rwx/update-packages-github/rwx-package.yml +++ b/rwx/update-packages-github/rwx-package.yml @@ -1,92 +1,91 @@ +--- name: rwx/update-packages-github -version: 1.1.1 +version: 1.1.2 description: Update RWX packages for GitHub repositories source_code_url: https://github.com/rwx-cloud/packages/tree/main/rwx/update-packages-github issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: repository: - description: "GitHub HTTPS repository URL" + description: GitHub HTTPS repository URL required: true ref: - description: "The ref to check out of the git repository" + description: The ref to check out of the git repository required: true github-access-token: - description: "The GitHub access token to a private app" + description: The GitHub access token to a private app required: true allow-major-version-change: - description: "Allow updating across major versions" + description: Allow updating across major versions default: false branch-prefix: - description: "Branch prefix for opened pull requests" - default: "rwx-update-" + description: Branch prefix for opened pull requests + default: rwx-update- label: - description: "Label for opened pull requests" - default: "" + description: Label for opened pull requests + default: '' label-color: - description: "Label color if not yet created" - default: "298F21" + description: Label color if not yet created + default: 298F21 rwx-file: - description: "Scope updates to a specific file or single glob pattern of files" - + description: Scope updates to a specific file or single glob pattern of files tasks: - - key: rwx-cli - call: rwx/install-cli 2.0.1 - - - key: gh-cli - call: github/install-cli 1.0.6 - - - key: code - call: git/clone 1.6.7 - with: - repository: ${{ params.repository }} - ref: ${{ params.ref }} - github-access-token: ${{ params.github-access-token }} - preserve-git-dir: true - - - key: update-packages - use: [rwx-cli, gh-cli, code] - cache: false - run: | - rwx_args=() - if [ "$ALLOW_MAJOR_VERSION_CHANGE" = "true" ]; then - rwx_args+=("--allow-major-version-change") - fi - - if [ -n "$RWX_FILE" ]; then - rwx_args+=("$RWX_FILE") - fi - - rwx packages update "${rwx_args[@]}" 2>&1 | tee "$RWX_VALUES/update-output" - echo "$RWX_RUN_URL" | tee "$RWX_VALUES/run-url" - env: - ALLOW_MAJOR_VERSION_CHANGE: ${{ params.allow-major-version-change }} - RWX_FILE: ${{ params.rwx-file}} +- key: rwx-cli + call: rwx/install-cli 2.0.1 +- key: gh-cli + call: github/install-cli 1.0.6 +- key: code + call: git/clone 1.6.7 + with: + repository: "${{ params.repository }}" + ref: "${{ params.ref }}" + github-access-token: "${{ params.github-access-token }}" + preserve-git-dir: true +- key: update-packages + use: + - rwx-cli + - gh-cli + - code + cache: false + run: | + rwx_args=() + if [ "$ALLOW_MAJOR_VERSION_CHANGE" = "true" ]; then + rwx_args+=("--allow-major-version-change") + fi - - key: create-or-update-pr - call: github/create-pull-request 1.0.1 - use: update-packages - with: - github-token: ${{ params.github-access-token }} - branch-prefix: ${{ params.branch-prefix }} - pull-request-title: Update RWX packages - pull-request-body: | - This PR was generated from ${{ tasks.update-packages.values.run-url }} + if [ -n "$RWX_FILE" ]; then + rwx_args+=("$RWX_FILE") + fi - ``` - ${{ tasks.update-packages.values.update-output }} - ``` + rwx packages update "${rwx_args[@]}" 2>&1 | tee "$RWX_VALUES/update-output" + echo "$RWX_RUN_URL" | tee "$RWX_VALUES/run-url" + env: + ALLOW_MAJOR_VERSION_CHANGE: "${{ params.allow-major-version-change }}" + RWX_FILE: "${{ params.rwx-file}}" +- key: create-or-update-pr + call: github/create-pull-request 1.0.1 + use: update-packages + with: + github-token: "${{ params.github-access-token }}" + branch-prefix: "${{ params.branch-prefix }}" + pull-request-title: Update RWX packages + pull-request-body: | + This PR was generated from ${{ tasks.update-packages.values.run-url }} - - key: labels - use: [gh-cli, code] - after: create-or-update-pr - run: | - if [ -n "$GITHUB_LABEL" ] && [ -n "$GITHUB_PR_NUMBER" ]; then - gh label create "$GITHUB_LABEL" --color "$GITHUB_LABEL_COLOR" || true - gh pr edit "$GITHUB_PR_NUMBER" --add-label "$GITHUB_LABEL" - fi - env: - GITHUB_TOKEN: ${{ params.github-access-token }} - GITHUB_LABEL: ${{ params.label }} - GITHUB_LABEL_COLOR: ${{ params.label-color }} - GITHUB_PR_NUMBER: ${{ tasks.create-or-update-pr.values.pull-request-number }} + ``` + ${{ tasks.update-packages.values.update-output }} + ``` +- key: labels + use: + - gh-cli + - code + after: create-or-update-pr + run: | + if [ -n "$GITHUB_LABEL" ] && [ -n "$GITHUB_PR_NUMBER" ]; then + gh label create "$GITHUB_LABEL" --color "$GITHUB_LABEL_COLOR" || true + gh pr edit "$GITHUB_PR_NUMBER" --add-label "$GITHUB_LABEL" + fi + env: + GITHUB_TOKEN: "${{ params.github-access-token }}" + GITHUB_LABEL: "${{ params.label }}" + GITHUB_LABEL_COLOR: "${{ params.label-color }}" + GITHUB_PR_NUMBER: "${{ tasks.create-or-update-pr.values.pull-request-number }}" diff --git a/sonarsource/install-sonar-scanner/rwx-ci-cd.config.yml b/sonarsource/install-sonar-scanner/rwx-ci-cd.config.yml new file mode 100644 index 0000000..90d4873 --- /dev/null +++ b/sonarsource/install-sonar-scanner/rwx-ci-cd.config.yml @@ -0,0 +1,12 @@ +--- +tests: +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/sonarsource/install-sonar-scanner/rwx-package.yml b/sonarsource/install-sonar-scanner/rwx-package.yml index e6868e4..6921206 100644 --- a/sonarsource/install-sonar-scanner/rwx-package.yml +++ b/sonarsource/install-sonar-scanner/rwx-package.yml @@ -1,47 +1,46 @@ +--- name: sonarsource/install-sonar-scanner -version: 1.0.3 +version: 1.0.4 description: Install SonarSource's sonar-scanner source_code_url: https://github.com/rwx-cloud/packages/tree/main/sonarsource/install-sonar-scanner issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: sonar-scanner-version: - description: "Version of sonar-scanner to install." + description: Version of sonar-scanner to install. required: true - tasks: - - key: install - run: | - echo "Installing sonar-scanner ${SONAR_SCANNER_VERSION}" - echo - - # Download sonar-scanner and signature - curl -o sonar-scanner.zip --fail-with-body -sSL "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux-x64.zip" \ - || curl -o sonar-scanner.zip --fail-with-body -sSL "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux.zip" - - curl -o sonar-scanner.zip.asc --fail-with-body -sSL "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux-x64.zip.asc" \ - || curl -o sonar-scanner.zip.asc --fail-with-body -sSL "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux.zip.asc" - - # Verify GPG signature - export GNUPGHOME="$(mktemp -d)" - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys 679F1EE92B19609DE816FDE81DB198F93525EC1A - gpg --batch --verify sonar-scanner.zip.asc sonar-scanner.zip - gpgconf --kill all - rm -rf "$GNUPGHOME" sonar-scanner.zip.asc - - # Unpack sonar-scanner into /opt/sonar-scanner - unzip sonar-scanner.zip - rm -f sonar-scanner.zip - sudo mv sonar-scanner-* /opt/sonar-scanner - echo "/opt/sonar-scanner/bin" > "${RWX_ENV}/PATH" - echo "/opt/sonar-scanner/cache" > "${RWX_ENV}/SONAR_USER_HOME" - - # Set the correct permissions - chmod +x /opt/sonar-scanner/bin/sonar-scanner - chmod +x /opt/sonar-scanner/jre/bin/java - - echo "Installed sonar-scanner ${SONAR_SCANNER_VERSION}" - /opt/sonar-scanner/bin/sonar-scanner --version - echo - env: - SONAR_SCANNER_VERSION: ${{ params.sonar-scanner-version }} +- key: install + run: | + echo "Installing sonar-scanner ${SONAR_SCANNER_VERSION}" + echo + + # Download sonar-scanner and signature + curl -o sonar-scanner.zip --fail-with-body -sSL "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux-x64.zip" \ + || curl -o sonar-scanner.zip --fail-with-body -sSL "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux.zip" + + curl -o sonar-scanner.zip.asc --fail-with-body -sSL "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux-x64.zip.asc" \ + || curl -o sonar-scanner.zip.asc --fail-with-body -sSL "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux.zip.asc" + + # Verify GPG signature + export GNUPGHOME="$(mktemp -d)" + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys 679F1EE92B19609DE816FDE81DB198F93525EC1A + gpg --batch --verify sonar-scanner.zip.asc sonar-scanner.zip + gpgconf --kill all + rm -rf "$GNUPGHOME" sonar-scanner.zip.asc + + # Unpack sonar-scanner into /opt/sonar-scanner + unzip sonar-scanner.zip + rm -f sonar-scanner.zip + sudo mv sonar-scanner-* /opt/sonar-scanner + echo "/opt/sonar-scanner/bin" > "${RWX_ENV}/PATH" + echo "/opt/sonar-scanner/cache" > "${RWX_ENV}/SONAR_USER_HOME" + + # Set the correct permissions + chmod +x /opt/sonar-scanner/bin/sonar-scanner + chmod +x /opt/sonar-scanner/jre/bin/java + + echo "Installed sonar-scanner ${SONAR_SCANNER_VERSION}" + /opt/sonar-scanner/bin/sonar-scanner --version + echo + env: + SONAR_SCANNER_VERSION: "${{ params.sonar-scanner-version }}" diff --git a/tailscale/install/rwx-ci-cd.config.yml b/tailscale/install/rwx-ci-cd.config.yml index ec215eb..954c522 100644 --- a/tailscale/install/rwx-ci-cd.config.yml +++ b/tailscale/install/rwx-ci-cd.config.yml @@ -1,28 +1,36 @@ +--- tests: - - key: ubuntu-22-04-x86-64 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.2 - arch: x86_64 - - - key: ubuntu-22-04-arm64 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 22.04 - tag: 1.2 - arch: arm64 - - - key: ubuntu-24-04-x86-64 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: x86_64 - - - key: ubuntu-24-04-arm64 - template: rwx-ci-cd.template.yml - base: - os: ubuntu 24.04 - tag: 1.2 - arch: arm64 +- key: ubuntu-22-04-x86-64 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.2 + arch: x86_64 +- key: ubuntu-22-04-arm64 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 22.04 + tag: 1.2 + arch: arm64 +- key: ubuntu-24-04-x86-64 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: x86_64 +- key: ubuntu-24-04-arm64 + template: rwx-ci-cd.template.yml + base: + os: ubuntu 24.04 + tag: 1.2 + arch: arm64 +- key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none +- key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/tailscale/install/rwx-package.yml b/tailscale/install/rwx-package.yml index 06366f3..3f9bf4f 100644 --- a/tailscale/install/rwx-package.yml +++ b/tailscale/install/rwx-package.yml @@ -1,35 +1,34 @@ +--- name: tailscale/install -version: 1.0.4 +version: 1.0.5 description: Install Tailscale source_code_url: https://github.com/rwx-cloud/packages/tree/main/tailscale/install issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: version: - description: "Version to install" - default: "latest" - + description: Version to install + default: latest tasks: - - key: download - run: | - set -u - source "$RWX_PACKAGE_PATH/mint-utils.sh" +- key: download + run: | + set -u + source "$RWX_PACKAGE_PATH/mint-utils.sh" - if [ "$VERSION" = "latest" ]; then - VERSION=$(curl -fs "https://pkgs.tailscale.com/stable/?mode=json" | jq -r .Version) - fi - ARCH=$(mint_arch_amd) - if [ "$ARCH" = "aarch64" ]; then - ARCH="arm64" - fi - TAILSCALE_DIR="tailscale_${VERSION}_${ARCH}" + if [ "$VERSION" = "latest" ]; then + VERSION=$(curl -fs "https://pkgs.tailscale.com/stable/?mode=json" | jq -r .Version) + fi + ARCH=$(mint_arch_amd) + if [ "$ARCH" = "aarch64" ]; then + ARCH="arm64" + fi + TAILSCALE_DIR="tailscale_${VERSION}_${ARCH}" - curl -L https://pkgs.tailscale.com/stable/${TAILSCALE_DIR}.tgz -O - tar -xf ${TAILSCALE_DIR}.tgz + curl -L https://pkgs.tailscale.com/stable/${TAILSCALE_DIR}.tgz -O + tar -xf ${TAILSCALE_DIR}.tgz - sudo install ${TAILSCALE_DIR}/tailscale ${TAILSCALE_DIR}/tailscaled /usr/bin + sudo install ${TAILSCALE_DIR}/tailscale ${TAILSCALE_DIR}/tailscaled /usr/bin - rm ${TAILSCALE_DIR}.tgz - rm -rf ${TAILSCALE_DIR} - env: - VERSION: ${{ params.version }} + rm ${TAILSCALE_DIR}.tgz + rm -rf ${TAILSCALE_DIR} + env: + VERSION: "${{ params.version }}" diff --git a/twingate/setup/rwx-ci-cd.config.yml b/twingate/setup/rwx-ci-cd.config.yml index 2ca6646..b3c3347 100644 --- a/twingate/setup/rwx-ci-cd.config.yml +++ b/twingate/setup/rwx-ci-cd.config.yml @@ -1,3 +1,4 @@ +--- tests: - key: ubuntu-22-04-x86-64-1-1 template: rwx-ci-cd.template.yml @@ -5,24 +6,31 @@ tests: os: ubuntu 22.04 tag: 1.1 arch: x86_64 - - key: ubuntu-22-04-arm64-1-1 template: rwx-ci-cd.template.yml base: os: ubuntu 22.04 tag: 1.1 arch: arm64 - - key: ubuntu-24-04-x86-64-1-2 template: rwx-ci-cd.template.yml base: os: ubuntu 24.04 tag: 1.2 arch: x86_64 - - key: ubuntu-24-04-arm64-1-2 template: rwx-ci-cd.template.yml base: os: ubuntu 24.04 tag: 1.2 arch: arm64 + - key: alpine-latest + template: rwx-ci-cd.template.yml + base: + image: alpine:latest + config: none + - key: debian-trixie-slim + template: rwx-ci-cd.template.yml + base: + image: debian:trixie-slim + config: none diff --git a/twingate/setup/rwx-package.yml b/twingate/setup/rwx-package.yml index 1987365..273ac2f 100644 --- a/twingate/setup/rwx-package.yml +++ b/twingate/setup/rwx-package.yml @@ -1,30 +1,28 @@ +--- name: twingate/setup -version: 1.0.8 +version: 1.0.9 description: Install & setup Twingate source_code_url: https://github.com/rwx-cloud/packages/tree/main/twingate/setup issue_tracker_url: https://github.com/rwx-cloud/packages/issues - parameters: twingate-service-key: - description: "A service key for Twingate" + description: A service key for Twingate required: true - tasks: - - key: install - run: | - source "$RWX_PACKAGE_PATH/mint-utils.sh" - if ! mint_os_package_manager_in apt; then - echo "Unsupported operating system or package manager \`$(mint_os_package_manager)\`" > "$(mktemp "$RWX_ERRORS/error-XXXX")" - exit 1 - fi - - echo "deb [trusted=yes] https://packages.twingate.com/apt/ /" | sudo tee /etc/apt/sources.list.d/twingate.list - sudo apt-get update -yq - sudo apt-get install -yq twingate - sudo apt-get clean +- key: install + run: | + source "$RWX_PACKAGE_PATH/mint-utils.sh" + if ! mint_os_package_manager_in apt; then + echo "Unsupported operating system or package manager \`$(mint_os_package_manager)\`" > "$(mktemp "$RWX_ERRORS/error-XXXX")" + exit 1 + fi - - key: setup - use: install - run: echo $TWINGATE_SERVICE_KEY | sudo twingate setup --headless=- - env: - TWINGATE_SERVICE_KEY: ${{ params.twingate-service-key }} + echo "deb [trusted=yes] https://packages.twingate.com/apt/ /" | sudo tee /etc/apt/sources.list.d/twingate.list + sudo apt-get update -yq + sudo apt-get install -yq twingate + sudo apt-get clean +- key: setup + use: install + run: echo $TWINGATE_SERVICE_KEY | sudo twingate setup --headless=- + env: + TWINGATE_SERVICE_KEY: "${{ params.twingate-service-key }}"