Skip to content

Commit e95805b

Browse files
ci: update workflow configuration to v0.11.1 (#4)
Co-authored-by: cid-workflow[bot] <142626371+cid-workflow[bot]@users.noreply.github.com>
1 parent fcc6010 commit e95805b

9 files changed

Lines changed: 4188 additions & 644 deletions

File tree

.cid/scripts/install.sh

Lines changed: 86 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,86 @@
1+
#!/usr/bin/env bash
2+
set -euo pipefail
3+
4+
# parameters
5+
CID_VERSION="${1:?Error: CID_VERSION must be provided}"
6+
CID_SHA256="${2:?Error: CID_SHA256 must be provided for integrity check}"
7+
GPG_FINGERPRINT="${3:-}"
8+
9+
# variables
10+
TMP_DIR="$(mktemp -d)"
11+
BIN_DIR="/usr/local/bin"
12+
BASE_URL="${CID_MIRROR_URL:-https://github.com/cidverse/cid/releases/download}"
13+
BINARY_URL="${BASE_URL}/v${CID_VERSION}/linux_amd64"
14+
SIG_URL="${BINARY_URL}.asc"
15+
16+
# github actions
17+
if [[ "${GITHUB_ACTIONS:-}" == "true" ]]; then
18+
echo "Detected GitHub Actions ..."
19+
20+
TOOL_DIR="${RUNNER_TOOL_CACHE}/cid-${CID_SHA256}"
21+
BIN_DIR="${TOOL_DIR}/bin"
22+
fi
23+
24+
# download
25+
echo "Fetching binary and signature [$CID_VERSION]..."
26+
curl -sSL -o "$TMP_DIR/cid" "$BINARY_URL"
27+
curl -sSL -o "$TMP_DIR/cid.asc" "$SIG_URL"
28+
29+
# sha256 integrity
30+
if [[ -n "${CID_SHA256}" ]]; then
31+
ACTUAL_SHA256=$(sha256sum "$TMP_DIR/cid" | awk '{print $1}')
32+
33+
if [[ "${ACTUAL_SHA256}" == "${CID_SHA256}" ]]; then
34+
echo "✅ CID Checksum verification passed. checksum=${ACTUAL_SHA256}"
35+
else
36+
echo "❌ CHECKSUM VERIFICATION FAILED!"
37+
echo "Expected: ${CID_SHA256}"
38+
echo "Actual: ${ACTUAL_SHA256}"
39+
exit 1
40+
fi
41+
fi
42+
43+
# gpg verification
44+
if [[ -n "${GPG_FINGERPRINT}" ]]; then
45+
if [[ ${#GPG_FINGERPRINT} -lt 40 ]]; then
46+
echo "❌ Error: GPG_FINGERPRINT is too short (${#GPG_FINGERPRINT}/40 chars)."
47+
echo "Please provide the full 40-character hex fingerprint."
48+
exit 1
49+
fi
50+
51+
echo "Fetching GPG key ${GPG_FINGERPRINT}..."
52+
if ! gpg --keyserver hkps://keyserver.ubuntu.com --quiet --recv-keys "$GPG_FINGERPRINT" 2>/dev/null; then
53+
echo "❌ Error: Could not retrieve key ${GPG_FINGERPRINT} from keyserver."
54+
exit 1
55+
fi
56+
57+
GPG_OUTPUT=$(gpg --verify "$TMP_DIR/cid.asc" "$TMP_DIR/cid" 2>&1)
58+
GPG_STATUS=$?
59+
if [ $GPG_STATUS -eq 0 ]; then
60+
echo "✅ GPG verification successful!"
61+
echo "Key Fingerprint: ${GPG_FINGERPRINT}"
62+
echo "$(echo "$GPG_OUTPUT" | grep "Good signature from")"
63+
else
64+
echo "❌ GPG VERIFICATION FAILED!"
65+
echo "---------------------------------------------------"
66+
echo "$GPG_OUTPUT"
67+
echo "---------------------------------------------------"
68+
echo "Possible issues: The file was tampered with, or the signature"
69+
echo "was not created by the key ${GPG_FINGERPRINT}."
70+
exit 1
71+
fi
72+
fi
73+
74+
# install binary
75+
mkdir -p "$BIN_DIR"
76+
install -m 755 "$TMP_DIR/cid" "$BIN_DIR/cid"
77+
78+
# github actions
79+
if [[ "${GITHUB_ACTIONS:-}" == "true" ]]; then
80+
echo "${BIN_DIR}" >> "$GITHUB_PATH"
81+
echo "CID_VERSION=${CID_VERSION}" >> "$GITHUB_ENV"
82+
fi
83+
84+
# export to path
85+
export PATH="${BIN_DIR}:${PATH}"
86+
echo "CID version: ${CID_VERSION}"

0 commit comments

Comments
 (0)