#!/bin/bash -e ################################################################################ ## File: yq.sh ## Desc: Installs YQ with checksum validation ################################################################################ # source: https://github.com/actions/runner-images/blob/5d6938f680075d63fa71f8aa70990866cd12884b/images/linux/scripts/installers/yq.sh download_with_retries() { local URL="$1" local DEST="${2:-.}" local NAME="${3:-${URL##*/}}" echo "Downloading '$URL' to '${DEST}/${NAME}'..." local retries=20 local interval=30 while [ "$retries" -gt 0 ]; do ((retries--)) || true if curl -fsSL -o "${DEST}/${NAME}" "$URL"; then echo "Download completed" return 0 fi echo "Error downloading. Waiting ${interval}s before retry, ${retries} attempts left" sleep "$interval" done echo "Could not download $URL" return 1 } get_hash_from_remote_file() { local url=$1 local keywords=("$2" "$3") local delimiter=${4:-' '} local word_number=${5:-1} local matching_line matching_line=$(curl -fsSL "$url" | sed 's/ */ /g' | tr -d '`') for keyword in "${keywords[@]}"; do matching_line=$(echo "$matching_line" | grep "$keyword" || true) done matching_line=$(echo "$matching_line" | head -n1) if [ -z "$matching_line" ]; then echo "Keywords (${keywords[*]}) not found in the file with hashes." >&2 exit 1 fi echo "$matching_line" | cut -d "$delimiter" -f "$word_number" | tr -d -c '[:alnum:]' } use_checksum_comparison() { local file_path=$1 local checksum=$2 local sha_type=${3:-256} local local_file_hash echo "Performing checksum verification" if [ ! -f "$file_path" ]; then echo "File not found: $file_path" >&2 exit 1 fi local_file_hash=$(shasum -a "$sha_type" "$file_path" | awk '{print $1}') if [ "$local_file_hash" != "$checksum" ]; then echo "Checksum verification failed. Expected: $checksum; Actual: $local_file_hash." >&2 exit 1 fi echo "Checksum verification passed" } yq_arch() { case "$(uname -m)" in 'aarch64') echo 'arm64' ;; 'x86_64') echo 'amd64' ;; 'armv7l') echo 'arm' ;; *) exit 1 ;; esac } base_url="https://github.com/mikefarah/yq/releases/latest/download" filename="yq_linux_$(yq_arch)" download_with_retries "${base_url}/${filename}" "/tmp" "yq" external_hash=$(get_hash_from_remote_file "${base_url}/checksums" "${filename} " "" " " "19") use_checksum_comparison "/tmp/yq" "${external_hash}" sudo install /tmp/yq /usr/bin/yq