initial commit

This commit is contained in:
Madison Grubb
2026-03-12 22:41:33 -04:00
commit 2456195fbc
11 changed files with 801 additions and 0 deletions
+2
View File
@@ -0,0 +1,2 @@
.github
.git
+9
View File
@@ -0,0 +1,9 @@
* text=auto eol=lf
# scripts
*.sh text eol=lf
*.bat text eol=crlf
## DOCKER
*.dockerignore text
Dockerfile text
+129
View File
@@ -0,0 +1,129 @@
name: Build act images
on:
schedule:
- cron: 0 12 */7 * *
push:
paths:
- '.github/workflows/build-ubuntu.yml'
- 'Dockerfile'
- 'scripts/**'
- 'build.sh'
branches:
- 'master'
workflow_dispatch:
env:
REGISTRY: git.keligrubb.com
SLUG: ${{ github.repository_owner }}/ubuntu
IMAGE_LABEL_OWNER: ${{ github.repository_owner }}
IMAGE_LABEL_REPO: ${{ github.repository }}
NODE: '20 24'
BUILD_REF: ${{ github.sha }}
SKIP_TEST: false
LATEST_TAG: 24.04
jobs:
build-act:
name: Build act ${{ matrix.TAG }}
runs-on: ubuntu-latest
strategy:
fail-fast: true
max-parallel: 4
matrix:
TAG:
- 24.04
- 22.04
steps:
- uses: https://git.keligrubb.com/actions/checkout@v6
- name: Log in to container registry
uses: https://git.keligrubb.com/actions/docker-login-action@v4
with:
registry: ${{ env.REGISTRY }}
username: jasper-agent
password: ${{ secrets.JASPER_REPO_TOKEN }}
- name: Set up Docker Buildx
uses: https://git.keligrubb.com/actions/docker-setup-buildx-action@v4
- name: Compute tags and metadata
run: |
if [[ "${{ github.event_name }}" == "schedule" || "${{ github.event_name }}" == "workflow_dispatch" ]]; then
PART_TAG=$(date +%Y%m%d)
else
PART_TAG=dev
fi
echo "PART_TAG=$PART_TAG" >> "$GITHUB_ENV"
if [ "${LATEST_TAG}" = "${{ matrix.TAG }}" ]; then
RELEASE_TAG=$(lsb_release -rs)
else
RELEASE_TAG="${{ matrix.TAG }}"
fi
echo "RELEASE_TAG=$RELEASE_TAG" >> "$GITHUB_ENV"
BUILD_DATE=$(date -u +"%Y-%m-%d %H:%M:%SZ")
echo "BUILD_DATE=$BUILD_DATE" >> "$GITHUB_ENV"
TAG_NAME="act-${{ matrix.TAG }}"
{
echo "${TAG_NAME}-${PART_TAG}"
if [ "${LATEST_TAG}" = "${{ matrix.TAG }}" ]; then
echo "act-latest-${PART_TAG}"
fi
echo "${TAG_NAME}"
if [ "${LATEST_TAG}" = "${{ matrix.TAG }}" ]; then
echo "act-latest"
fi
} > .tags
echo "ACT_TEST_IMAGE=${{ env.REGISTRY }}/${{ env.SLUG }}:${TAG_NAME}-${PART_TAG}" >> "$GITHUB_ENV"
- name: Build Docker image
uses: https://git.keligrubb.com/actions/docker-build-push-action@v7
with:
context: .
file: ./Dockerfile
load: true
tags: act:built
build-args: |
NODE_VERSION=${{ env.NODE }}
DISTRO=ubuntu
TYPE=act
RUNNER=root
BUILD_DATE=${{ env.BUILD_DATE }}
BUILD_OWNER=${{ env.IMAGE_LABEL_OWNER }}
BUILD_REPO=${{ env.IMAGE_LABEL_REPO }}
BUILD_TAG=act-${{ matrix.TAG }}
BUILD_TAG_VERSION=${{ env.PART_TAG }}
BUILD_REF=${{ env.BUILD_REF }}
FROM_IMAGE=buildpack-deps
FROM_TAG=${{ env.RELEASE_TAG }}
- name: Push Docker image (all tags from .tags)
run: |
IMAGE="${{ env.REGISTRY }}/${{ env.SLUG }}"
while read -r tag; do
docker tag act:built "$IMAGE:$tag"
docker push "$IMAGE:$tag"
done < .tags
- if: ${{ !env.SKIP_TEST }}
uses: https://git.keligrubb.com/actions/setup-go@v6
with:
go-version: '>=1.21.0'
- if: ${{ !env.SKIP_TEST }}
uses: https://git.keligrubb.com/actions/checkout@v6
with:
repository: nektos/act
path: act
- if: ${{ !env.SKIP_TEST }}
env:
ACT_TEST_IMAGE: ${{ env.ACT_TEST_IMAGE }}
run: |
cd act/
go test ./...
+34
View File
@@ -0,0 +1,34 @@
name: Lint Docker files and shell scripts
on:
pull_request:
paths:
- '.gitea/workflows/**'
- 'Dockerfile'
- 'scripts/**'
- 'build.sh'
jobs:
lint-dockerfile:
name: Lint Dockerfile with hadolint
runs-on: ubuntu-latest
steps:
- uses: https://git.keligrubb.com/actions/checkout@v6
- name: Run hadolint
uses: hadolint/hadolint-action@v3
with:
dockerfile: Dockerfile
lint-shell-scripts:
name: Lint shell scripts with shellcheck
runs-on: ubuntu-latest
steps:
- uses: https://git.keligrubb.com/actions/checkout@v6
- name: Install shellcheck
run: |
sudo apt-get update
sudo apt-get install -y shellcheck
- name: Run shellcheck
run: |
find . -name '*.sh' -print0 | xargs -0 -n1 shellcheck
+12
View File
@@ -0,0 +1,12 @@
# custom stuff
.secrets
.env
# wip
*.hcl
# mega-linter
report
# quick local actions for act
.github/workflows/act.yml
+14
View File
@@ -0,0 +1,14 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/hadolint/hadolint/master/contrib/hadolint.json
---
ignored:
- SC2086
- DL3004
- DL3002
- DL3008
- DL3016
- DL3018
- DL3003
trustedRegistries:
- docker.io
- ghcr.io
- quay.io
+47
View File
@@ -0,0 +1,47 @@
ARG FROM_IMAGE
ARG FROM_TAG
FROM ${FROM_IMAGE}:${FROM_TAG}
# > automatic buildx ARGs
ARG TARGETARCH
# > ARGs before FROM are not accessible
ARG FROM_IMAGE
ARG FROM_TAG
# > Our custom ARGs
# latest Node.js LTS versions
ARG NODE_VERSION="20 24"
ARG DISTRO=ubuntu
ARG TYPE=act
ARG RUNNER
# > Force apt to not be interactive/not ask
ENV DEBIAN_FRONTEND=noninteractive
SHELL [ "/bin/bash", "--login", "-e", "-o", "pipefail", "-c" ]
WORKDIR /tmp
COPY ./scripts /imagegeneration/installers
RUN bash /imagegeneration/installers/${TYPE}.sh
ARG BUILD_DATE
ARG BUILD_TAG=${TYPE}
ARG BUILD_REF
ARG BUILD_TAG_VERSION
ARG BUILD_OWNER
ARG BUILD_REPO
LABEL org.opencontainers.image.created="${BUILD_DATE}"
LABEL org.opencontainers.image.vendor="${BUILD_OWNER}"
LABEL org.opencontainers.image.authors="https://github.com/${BUILD_OWNER}"
LABEL org.opencontainers.image.url="https://github.com/${BUILD_OWNER}/${BUILD_REPO}/tree/${BUILD_REF}/"
LABEL org.opencontainers.image.source="https://github.com/${BUILD_OWNER}/${BUILD_REPO}"
LABEL org.opencontainers.image.documentation="https://github.com/${BUILD_OWNER}/${BUILD_REPO}"
LABEL org.opencontainers.image.version="${BUILD_TAG_VERSION}"
LABEL org.opencontainers.image.title="${BUILD_TAG}-${TARGETARCH}"
LABEL org.opencontainers.image.description="Special image built for using with https://github.com/nektos/act"
LABEL org.opencontainers.image.revision="${BUILD_REF}"
USER ${RUNNER}
+88
View File
@@ -0,0 +1,88 @@
# Docker images for act
Ubuntu-based images for [nektos/act][nektos/act], kept small while staying compatible with most GitHub Actions.
## Images
Built from [`scripts/act.sh`](./scripts/act.sh). Published to this repos Gitea registry:
- **Registry:** `git.keligrubb.com`
- **Image:** `git.keligrubb.com/actions/ubuntu`
- **Tags:** `act-22.04`, `act-24.04`, `act-latest` (and dated tags e.g. `act-24.04-YYYYMMDD`)
## When images are updated
- Dependencies required for actions change
- Changes to GitHub Actions, Act, or the container registry
- Size or performance improvements
## Build locally
You can build and push from this repo without using CI.
**Prereqs:** Docker with `buildx`, and push access to your registry (e.g. `git.keligrubb.com`).
**1. Set env (repo root):**
```sh
export IMAGE_LABEL_OWNER="actions"
export IMAGE_LABEL_REPO="ubuntu"
export SLUG="actions/ubuntu"
export DISTRO="ubuntu"
export TYPE="act"
export RUNNER="root"
export NODE="20 24"
export PLATFORMS="linux/amd64,linux/arm64"
export FROM_IMAGE="buildpack-deps"
export FROM_TAG="24.04"
export TAG="act-24.04"
export LATEST_TAG="act-latest"
export PART_TAG="$(date +%Y%m%d)"
export BUILD_TAG="${TAG}"
export BUILD_TAG_VERSION="${PART_TAG}"
export BUILD_REF="$(git rev-parse HEAD 2>/dev/null || echo unknown)"
```
**2. Log in to your registry:**
```sh
docker login git.keligrubb.com
```
**3. Build and push:**
```sh
tags=""
tags="${tags} git.keligrubb.com/${SLUG}:${TAG}-${PART_TAG}"
tags="${tags} git.keligrubb.com/${SLUG}:${LATEST_TAG}-${PART_TAG}"
tags="${tags} git.keligrubb.com/${SLUG}:${TAG}"
tags="${tags} git.keligrubb.com/${SLUG}:${LATEST_TAG}"
./build.sh --push --tags ${tags}
```
This builds the root `Dockerfile` (which runs `scripts/act.sh`), then pushes to each tag. For a local build only (no push), run `./build.sh`.
**4. Use with act**
Point act at your image, e.g.:
```sh
act -P ubuntu-latest=git.keligrubb.com/actions/ubuntu:act-24.04
```
Or put the image in `.actrc` or your workflows `runs-on` image.
## Customising
Edit [`scripts/act.sh`](./scripts/act.sh) to add or remove packages. Keep `DISTRO=ubuntu`, `TYPE=act`, and a valid `RUNNER` user, then re-run the build steps above.
## Licence
Parts of this repository are from [actions/virtual-environments][actions/virtual-environments], used under the [MIT License](https://github.com/actions/virtual-environments/blob/main/LICENSE).
[nektos/act]: https://github.com/nektos/act
[actions/virtual-environments]: https://github.com/actions/virtual-environments
Executable
+212
View File
@@ -0,0 +1,212 @@
#!/usr/bin/env sh
set -u
usage() {
cat <<EOF
Usage: $0 [options]
Environment-backed options (CLI flags are optional):
--owner VALUE (default: \$IMAGE_LABEL_OWNER)
--repository VALUE (default: \$IMAGE_LABEL_REPO)
--slug VALUE (default: catthehacker/ubuntu)
--tags TAG [TAG ...] Multiple destination tags
--tag TAG Single destination tag
--node VALUE (default: \$NODE)
--distro VALUE (default: ubuntu)
--type VALUE (default: \$TYPE)
--runner VALUE (default: \$RUNNER)
--platforms CSV (default: \$PLATFORMS, comma-separated)
--build-tag VALUE (default: \$BUILD_TAG)
--build-tag-version VAL (default: \$BUILD_TAG_VERSION)
--build-ref VALUE (default: \$BUILD_REF)
--from-image VALUE (default: \$FROM_IMAGE)
--from-tag VALUE (default: \$FROM_TAG)
--push Push manifest to remote registries
-h, --help Show this help and exit
EOF
}
# Defaults from environment (mirrors build.ps1 parameter defaults), with safe fallbacks
owner=${IMAGE_LABEL_OWNER:-actions}
repository=${IMAGE_LABEL_REPO:-ubuntu}
tags=""
tag=""
node=${NODE:-"20 24"}
distro='ubuntu'
type=${TYPE:-act}
runner=${RUNNER:-root}
platforms=${PLATFORMS:-linux/amd64,linux/arm64}
build_tag=${BUILD_TAG:-act-24.04}
build_tag_version=${BUILD_TAG_VERSION:-dev}
build_ref=${BUILD_REF:-local}
from_image=${FROM_IMAGE:-buildpack-deps}
from_tag=${FROM_TAG:-24.04}
push=false
# Argument parsing (simple long options, designed to be close to build.ps1 semantics)
while [ "$#" -gt 0 ]; do
case "$1" in
--owner)
owner=$2
shift 2
;;
--repository)
repository=$2
shift 2
;;
--tags)
shift
# Collect all following non-option arguments as tags
while [ "$#" -gt 0 ] && [ "${1#-}" = "$1" ]; do
if [ -z "$tags" ]; then
tags=$1
else
tags="$tags $1"
fi
shift
done
;;
--tag)
tag=$2
shift 2
;;
--node)
node=$2
shift 2
;;
--distro)
distro=$2
shift 2
;;
--type)
type=$2
shift 2
;;
--runner)
runner=$2
shift 2
;;
--platforms)
platforms=$2
shift 2
;;
--build-tag)
build_tag=$2
shift 2
;;
--build-tag-version)
build_tag_version=$2
shift 2
;;
--build-ref)
build_ref=$2
shift 2
;;
--from-image)
from_image=$2
shift 2
;;
--from-tag)
from_tag=$2
shift 2
;;
--push)
push=true
shift
;;
-h|--help)
usage
exit 0
;;
*)
printf 'Unknown argument: %s\n' "$1" >&2
usage
exit 1
;;
esac
done
# Helper to run a command and fail with a useful message (equivalent to exec in build.ps1)
exec_cmd() {
if ! "$@"; then
status=$?
printf '%s failed with exit code %s\n' "$*" "$status" >&2
exit "$status"
fi
}
if [ -z "$platforms" ]; then
printf 'Error: PLATFORMS is empty. Set PLATFORMS or pass --platforms.\n' >&2
exit 1
fi
if [ -z "$from_image" ] || [ -z "$from_tag" ]; then
printf 'Error: FROM_IMAGE/FROM_TAG are empty. Set env vars or pass --from-image/--from-tag.\n' >&2
exit 1
fi
if [ "$push" = true ]; then
# Combine tags and tag (if provided)
all_tags=$tags
if [ -n "$tag" ]; then
if [ -z "$all_tags" ]; then
all_tags=$tag
else
all_tags="$all_tags $tag"
fi
fi
else
# Even when not pushing, honor --tag so the local image is named.
all_tags=$tags
if [ -n "$tag" ]; then
if [ -z "$all_tags" ]; then
all_tags=$tag
else
all_tags="$all_tags $tag"
fi
fi
fi
# Buildx expects comma-separated --platform list; reuse platforms as-is.
tag_args=""
for t in $all_tags; do
tag_args="$tag_args -t $t"
done
build_date=$(date -u +"%Y-%m-%d %H:%M:%SZ")
# Build argument vector to preserve spacing/quoting (e.g. NODE_VERSION="20 24")
set -- docker buildx build \
--ulimit "nofile=4096:4096" \
--platform "$platforms" \
--build-arg "TARGETARCH=\$TARGETARCH" \
--build-arg "NODE_VERSION=$node" \
--build-arg "DISTRO=$distro" \
--build-arg "TYPE=$type" \
--build-arg "RUNNER=$runner" \
--build-arg "BUILD_DATE=$build_date" \
--build-arg "BUILD_OWNER=$owner" \
--build-arg "BUILD_OWNER_MAIL=$owner" \
--build-arg "BUILD_REPO=$repository" \
--build-arg "BUILD_TAG=$build_tag" \
--build-arg "BUILD_TAG_VERSION=$build_tag_version" \
--build-arg "BUILD_REF=$build_ref" \
--build-arg "FROM_IMAGE=$from_image" \
--build-arg "FROM_TAG=$from_tag" \
--file "./Dockerfile"
# Append tag flags
# shellcheck disable=SC2086
set -- "$@" $tag_args
# Append push/load and final PATH argument
if [ "$push" = true ]; then
set -- "$@" --push .
else
set -- "$@" --load .
fi
exec_cmd "$@"
+176
View File
@@ -0,0 +1,176 @@
#!/bin/bash
# shellcheck disable=SC2174,SC1091
set -Eeuxo pipefail
printf "\n\t🐋 Build started 🐋\t\n"
# Remove '"' so it can be sourced by sh/bash
sed 's|"||g' -i "/etc/environment"
. /etc/os-release
node_arch() {
case "$(uname -m)" in
'aarch64') echo 'arm64' ;;
'x86_64') echo 'x64' ;;
'armv7l') echo 'armv7l' ;;
*) exit 1 ;;
esac
}
ImageOS=ubuntu$(echo "${VERSION_ID}" | cut -d'.' -f 1)
AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache
ACT_TOOLSDIRECTORY=/opt/acttoolcache
{
echo "IMAGE_OS=$ImageOS"
echo "ImageOS=$ImageOS"
echo "LSB_RELEASE=${VERSION_ID}"
echo "AGENT_TOOLSDIRECTORY=${AGENT_TOOLSDIRECTORY}"
echo "RUN_TOOL_CACHE=${AGENT_TOOLSDIRECTORY}"
echo "DEPLOYMENT_BASEPATH=/opt/runner"
echo "USER=$(whoami)"
echo "RUNNER_USER=$(whoami)"
echo "ACT_TOOLSDIRECTORY=${ACT_TOOLSDIRECTORY}"
} | tee -a "/etc/environment"
mkdir -m 0777 -p "${AGENT_TOOLSDIRECTORY}"
chown -R 1001:1000 "${AGENT_TOOLSDIRECTORY}"
mkdir -m 0777 -p "${ACT_TOOLSDIRECTORY}"
chown -R 1001:1000 "${ACT_TOOLSDIRECTORY}"
mkdir -m 0777 -p /github
chown -R 1001:1000 /github
printf "\n\t🐋 Installing packages 🐋\t\n"
packages=(
ssh
gawk
curl
jq
shellcheck
wget
sudo
gnupg-agent
ca-certificates
software-properties-common
apt-transport-https
libyaml-0-2
zstd
zip
unzip
xz-utils
python3-pip
python3-venv
pipx
)
apt-get -yq update
apt-get -yq install --no-install-recommends --no-install-suggests "${packages[@]}"
ln -s "$(which python3)" "/usr/local/bin/python"
add-apt-repository ppa:git-core/ppa -y
apt-get update
apt-get install -y git
git --version
git config --system --add safe.directory '*'
wget https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh -qO- | bash
apt-get update
apt-get install -y git-lfs
LSB_OS_VERSION="${VERSION_ID//\./}"
echo "LSB_OS_VERSION=${LSB_OS_VERSION}" | tee -a "/etc/environment"
wget -qO "/imagegeneration/toolset.json" "https://raw.githubusercontent.com/actions/virtual-environments/main/images/ubuntu/toolsets/toolset-${LSB_OS_VERSION}.json" || echo "File not available"
wget -qO "/imagegeneration/LICENSE" "https://raw.githubusercontent.com/actions/virtual-environments/main/LICENSE"
if [ "$(uname -m)" = x86_64 ]; then
wget -qO "/usr/bin/jq" "https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64"
chmod +x "/usr/bin/jq"
fi
printf "\n\t🐋 Updated apt lists and upgraded packages 🐋\t\n"
printf "\n\t🐋 Creating ~/.ssh and adding 'github.com' 🐋\t\n"
mkdir -m 0700 -p ~/.ssh
ssh-keyscan github.com >>/etc/ssh/ssh_known_hosts
printf "\n\t🐋 Installed base utils 🐋\t\n"
printf "\n\t🐋 Installing docker cli 🐋\t\n"
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc
cat <<EOF >/etc/apt/sources.list.d/docker.sources
Types: deb
URIs: https://download.docker.com/linux/ubuntu
Suites: $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}")
Components: stable
Signed-By: /etc/apt/keyrings/docker.asc
EOF
apt-get -yq update
apt-get -yq install --no-install-recommends --no-install-suggests docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
printf "\n\t🐋 Installed docker cli 🐋\t\n"
docker -v
printf "\n\t🐋 Installed docker buildx 🐋\t\n"
docker buildx version
IFS=' ' read -r -a NODE <<<"$NODE_VERSION"
for ver in "${NODE[@]}"; do
if [[ "${ver}" == "24" && "$(node_arch)" == "armv7l" ]]; then
ver="22" # rip arm32/v7
fi
printf "\n\t🐋 Installing Node.JS=%s 🐋\t\n" "${ver}"
VER=$(curl https://nodejs.org/download/release/index.json | jq "[.[] | select(.version|test(\"^v${ver}\"))][0].version" -r)
NODEPATH="${ACT_TOOLSDIRECTORY}/node/${VER:1}/$(node_arch)"
mkdir -v -m 0777 -p "$NODEPATH"
wget "https://nodejs.org/download/release/latest-v${ver}.x/node-$VER-linux-$(node_arch).tar.xz" -O "node-$VER-linux-$(node_arch).tar.xz"
tar -Jxf "node-$VER-linux-$(node_arch).tar.xz" --strip-components=1 -C "$NODEPATH"
rm "node-$VER-linux-$(node_arch).tar.xz"
if [[ "${ver}" == "24" ]]; then # make this version the default (latest LTS)
sed "s|^PATH=|PATH=$NODEPATH/bin:|mg" -i /etc/environment
ln -sfn "$NODEPATH/bin/node" /usr/local/bin/node
ln -sfn "$NODEPATH/bin/npm" /usr/local/bin/npm
fi
export PATH="$NODEPATH/bin:$PATH"
printf "\n\t🐋 Installed Node.JS 🐋\t\n"
"${NODEPATH}"/bin/node -v
printf "\n\t🐋 Installed NPM 🐋\t\n"
"${NODEPATH}"/bin/npm -v
done
case "$(uname -m)" in
'aarch64')
scripts=(
yq
)
;;
'x86_64')
scripts=(
yq
)
;;
'armv7l')
scripts=(
yq
)
;;
*) exit 1 ;;
esac
for SCRIPT in "${scripts[@]}"; do
printf "\n\t🧨 Executing %s.sh 🧨\t\n" "${SCRIPT}"
bash "/imagegeneration/installers/${SCRIPT}.sh"
done
printf "\n\t🐋 Cleaning image 🐋\t\n"
apt-get clean
rm -rf /var/cache/* /var/log/* /var/lib/apt/lists/* /tmp/* || echo 'Failed to delete directories'
printf "\n\t🐋 Cleaned up image 🐋\t\n"
+78
View File
@@ -0,0 +1,78 @@
#!/bin/bash -e
################################################################################
## File: yq.sh
## Desc: Installs YQ with checksum validation
################################################################################
# source: https://github.com/actions/runner-images/blob/5d6938f680075d63fa71f8aa70990866cd12884b/images/linux/scripts/installers/yq.sh
download_with_retries() {
local URL="$1"
local DEST="${2:-.}"
local NAME="${3:-${URL##*/}}"
echo "Downloading '$URL' to '${DEST}/${NAME}'..."
local retries=20
local interval=30
while [ "$retries" -gt 0 ]; do
((retries--)) || true
if curl -fsSL -o "${DEST}/${NAME}" "$URL"; then
echo "Download completed"
return 0
fi
echo "Error downloading. Waiting ${interval}s before retry, ${retries} attempts left"
sleep "$interval"
done
echo "Could not download $URL"
return 1
}
get_hash_from_remote_file() {
local url=$1
local keywords=("$2" "$3")
local delimiter=${4:-' '}
local word_number=${5:-1}
local matching_line
matching_line=$(curl -fsSL "$url" | sed 's/ */ /g' | tr -d '`')
for keyword in "${keywords[@]}"; do
matching_line=$(echo "$matching_line" | grep "$keyword" || true)
done
matching_line=$(echo "$matching_line" | head -n1)
if [ -z "$matching_line" ]; then
echo "Keywords (${keywords[*]}) not found in the file with hashes." >&2
exit 1
fi
echo "$matching_line" | cut -d "$delimiter" -f "$word_number" | tr -d -c '[:alnum:]'
}
use_checksum_comparison() {
local file_path=$1
local checksum=$2
local sha_type=${3:-256}
local local_file_hash
echo "Performing checksum verification"
if [ ! -f "$file_path" ]; then
echo "File not found: $file_path" >&2
exit 1
fi
local_file_hash=$(shasum -a "$sha_type" "$file_path" | awk '{print $1}')
if [ "$local_file_hash" != "$checksum" ]; then
echo "Checksum verification failed. Expected: $checksum; Actual: $local_file_hash." >&2
exit 1
fi
echo "Checksum verification passed"
}
yq_arch() {
case "$(uname -m)" in
'aarch64') echo 'arm64' ;;
'x86_64') echo 'amd64' ;;
'armv7l') echo 'arm' ;;
*) exit 1 ;;
esac
}
base_url="https://github.com/mikefarah/yq/releases/latest/download"
filename="yq_linux_$(yq_arch)"
download_with_retries "${base_url}/${filename}" "/tmp" "yq"
external_hash=$(get_hash_from_remote_file "${base_url}/checksums" "${filename} " "" " " "19")
use_checksum_comparison "/tmp/yq" "${external_hash}"
sudo install /tmp/yq /usr/bin/yq