eps-devcontainers/src/base/.devcontainer/scripts/install_github_release.sh at 8b483e77846e288a0443b9e54a048d10c741abef · NHSDigital/eps-devcontainers · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#!/usr/bin/env bash

set -euo pipefail
export DEBIAN_FRONTEND=noninteractive

DEFAULT_INSTALL_DIR="/usr/local/bin"
INSTALL_DIR="${INSTALL_DIR:-$DEFAULT_INSTALL_DIR}"

if ! command -v curl >/dev/null 2>&1 || ! command -v unzip >/dev/null 2>&1; then
	apt-get update
	apt-get install -y --no-install-recommends curl unzip ca-certificates
fi

if ! command -v gh >/dev/null 2>&1; then
	echo "GitHub CLI (gh) is required for attestation verification but was not found"
	exit 1
fi

if [ "${VERIFY_BINARY_ATTESTATION}" != "true" ] && [ "${VERIFY_CHECKSUM}" != "true" ]; then
	echo "VERIFY_BINARY_ATTESTATION or VERIFY_CHECKSUM must be set to true"
	exit 1
fi

BINARY_URL="https://github.com/${GITHUB_REPO}/releases/download/${VERSION}/${DOWNLOAD_BINARY}"
BINARY_ASSET_NAME="${DOWNLOAD_BINARY}"
CHECKSUMS_URL="https://github.com/${GITHUB_REPO}/releases/download/${VERSION}/checksums.txt"
tmp_dir="$(mktemp -d)"
trap 'rm -rf "${tmp_dir}"' EXIT

curl -fsSL "${BINARY_URL}" -o "${tmp_dir}/${BINARY_ASSET_NAME}"
if [ "${VERIFY_BINARY_ATTESTATION}" == "true" ]; then
	gh attestation verify "${tmp_dir}/${BINARY_ASSET_NAME}" -R "${GITHUB_REPO}"
fi

if [ "${VERIFY_CHECKSUM}" == "true" ]; then
	curl -fsSL "${CHECKSUMS_URL}" -o "${tmp_dir}/checksums.txt"
	gh attestation verify "${tmp_dir}/checksums.txt" -R "${GITHUB_REPO}"
	(
		cd "${tmp_dir}"
		sha256sum --ignore-missing -c checksums.txt
	)
fi

if [ "${COMPRESSION}" == "zip" ]; then
	unzip -q "${tmp_dir}/${BINARY_ASSET_NAME}" -d "${tmp_dir}"
elif [ "${COMPRESSION}" == "tar.gz" ]; then
	tar -xzf "${tmp_dir}/${BINARY_ASSET_NAME}" -C "${tmp_dir}"
else
	echo "Unsupported compression format: ${COMPRESSION}"
	exit 1
fi

mkdir -p "$INSTALL_DIR"
install -m 0755 "$tmp_dir/$TOOL" "${INSTALL_DIR}/${TOOL}"