Mirrors/grype
2
0
Fork 0
mirror of https://github.com/anchore/grype synced 2024-11-10 06:34:13 +00:00
Code Issues Projects Releases Packages Wiki Activity

Upgrade install.sh to support installations for previous versions (#636)

Browse source
This commit is contained in:
Alex Goodman 2022-02-15 17:29:24 -05:00 committed by GitHub
parent f29a0d06d8
commit 598af89b2e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 51 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/release.yaml vendored
View file

@ -142,10 +142,12 @@ jobs:
AC_PASSWORD: ${{ secrets.ENG_CI_APPLE_ID_PASS }} AC_PASSWORD: ${{ secrets.ENG_CI_APPLE_ID_PASS }}
- uses: anchore/sbom-action@v0 - uses: anchore/sbom-action@v0
continue-on-error: true
with: with:
artifact-name: sbom.spdx.json artifact-name: sbom.spdx.json
- uses: 8398a7/action-slack@v3 - uses: 8398a7/action-slack@v3
continue-on-error: true
with: with:
status: ${{ job.status }} status: ${{ job.status }}
fields: repo,workflow,action,eventName fields: repo,workflow,action,eventName

28
install.sh
View file

@ -6,6 +6,11 @@ PROJECT_NAME="grype"
OWNER=anchore OWNER=anchore
REPO="${PROJECT_NAME}" REPO="${PROJECT_NAME}"
GITHUB_DOWNLOAD_PREFIX=https://github.com/${OWNER}/${REPO}/releases/download GITHUB_DOWNLOAD_PREFIX=https://github.com/${OWNER}/${REPO}/releases/download
INSTALL_SH_BASE_URL=https://raw.githubusercontent.com/${OWNER}/${PROJECT_NAME}
PROGRAM_ARGS=$@
# do not change the name of this parameter (this must always be backwards compatible)
DOWNLOAD_TAG_INSTALL_SCRIPT=${DOWNLOAD_TAG_INSTALL_SCRIPT:-true}
# #
# usage [script-name] # usage [script-name]
@ -607,7 +612,10 @@ install_asset() (
main() ( main() (
# parse arguments # parse arguments
# note: never change default install directory (this must always be backwards compatible)
install_dir=${install_dir:-./bin} install_dir=${install_dir:-./bin}
# note: never change the program flags or arguments (this must always be backwards compatible)
while getopts "b:dh?x" arg; do while getopts "b:dh?x" arg; do
case "$arg" in case "$arg" in
b) install_dir="$OPTARG" ;; b) install_dir="$OPTARG" ;;
@ -644,20 +652,30 @@ main() (
return 1 return 1
fi fi
version=$(tag_to_version "${tag}")
download_dir=$(mktemp -d)
trap 'rm -rf -- "$download_dir"' EXIT
# run the application # run the application
version=$(tag_to_version "${tag}")
os=$(uname_os) os=$(uname_os)
arch=$(uname_arch) arch=$(uname_arch)
format=$(get_format_name "${os}" "${arch}" "tar.gz") format=$(get_format_name "${os}" "${arch}" "tar.gz")
binary=$(get_binary_name "${os}" "${arch}" "${PROJECT_NAME}") binary=$(get_binary_name "${os}" "${arch}" "${PROJECT_NAME}")
download_url="${GITHUB_DOWNLOAD_PREFIX}/${tag}" download_url="${GITHUB_DOWNLOAD_PREFIX}/${tag}"
# we always use the install.sh script that is associated with the tagged release. Why? the latest install.sh is not
# guaranteed to be able to install every version of the application. We use the DOWNLOAD_TAG_INSTALL_SCRIPT env var
# to indicate if we should continue processing with the existing script or to download the script from the given tag.
if [ "${DOWNLOAD_TAG_INSTALL_SCRIPT}" = "true" ]; then
export DOWNLOAD_TAG_INSTALL_SCRIPT=false
log_info "fetching release script for tag='${tag}'"
http_copy "${INSTALL_SH_BASE_URL}/${tag}/install.sh" "" | sh -s -- ${PROGRAM_ARGS}
exit $?
fi
log_info "using release tag='${tag}' version='${version}' os='${os}' arch='${arch}'" log_info "using release tag='${tag}' version='${version}' os='${os}' arch='${arch}'"
download_dir=$(mktemp -d)
trap 'rm -rf -- "$download_dir"' EXIT
log_debug "downloading files into ${download_dir}" log_debug "downloading files into ${download_dir}"
download_and_install_asset "${download_url}" "${download_dir}" "${install_dir}" "${PROJECT_NAME}" "${os}" "${arch}" "${version}" "${format}" "${binary}" download_and_install_asset "${download_url}" "${download_dir}" "${install_dir}" "${PROJECT_NAME}" "${os}" "${arch}" "${version}" "${format}" "${binary}"

28
test/install/Makefile
View file

@ -13,6 +13,9 @@ UNIT=make unit-local
# the line if there are breaking changes made that don't align with the latest release (but will be OK with the next # the line if there are breaking changes made that don't align with the latest release (but will be OK with the next
# release) # release)
ACCEPTANCE_CMD=sh -c '../../install.sh -b /usr/local/bin && grype version' ACCEPTANCE_CMD=sh -c '../../install.sh -b /usr/local/bin && grype version'
# we also want to test against a previous release to ensure that install.sh defers execution to a former install.sh
PREVIOUS_RELEASE=v0.24.0
ACCEPTANCE_PREVIOUS_RELEASE_CMD=sh -c "../../install.sh -b /usr/local/bin $(PREVIOUS_RELEASE) && grype version"
# CI cache busting values; change these if you want CI to not use previous stored cache # CI cache busting values; change these if you want CI to not use previous stored cache
INSTALL_TEST_CACHE_BUSTER=894d8ca INSTALL_TEST_CACHE_BUSTER=894d8ca
@ -28,23 +31,37 @@ test: unit acceptance
ci-test-mac: unit-local acceptance-local ci-test-mac: unit-local acceptance-local
# note: do not add acceptance-local to this list # note: do not add acceptance-local to this list
.PHONY: acceptance
acceptance: acceptance-ubuntu-20.04 acceptance-alpine-3.6 acceptance-busybox-1.35 acceptance: acceptance-ubuntu-20.04 acceptance-alpine-3.6 acceptance-busybox-1.35
.PHONY: unit
unit: unit-ubuntu-20.04 unit: unit-ubuntu-20.04
.PHONY: unit-local
unit-local: unit-local:
$(call title,unit tests) $(call title,unit tests)
@for f in $(shell ls *_test.sh); do echo "Running unit test suite '$${f}'"; bash $${f} || exit 1; done @for f in $(shell ls *_test.sh); do echo "Running unit test suite '$${f}'"; bash $${f} || exit 1; done
acceptance-local: .PHONY: acceptance-local
$(acceptance) acceptance-local: acceptance-current-release-local acceptance-previous-release-local
.PHONY: acceptance-current-release-local
acceptance-current-release-local:
$(ACCEPTANCE_CMD)
.PHONY: acceptance-previous-release-local
acceptance-previous-release-local:
$(ACCEPTANCE_PREVIOUS_RELEASE_CMD)
grype version | grep $(shell echo $(PREVIOUS_RELEASE)| tr -d "v")
.PHONY: save
save: ubuntu-20.04 alpine-3.6 busybox-1.35 save: ubuntu-20.04 alpine-3.6 busybox-1.35
@mkdir cache || true @mkdir cache || true
docker image save -o cache/ubuntu-env.tar $(UBUNTU_IMAGE) docker image save -o cache/ubuntu-env.tar $(UBUNTU_IMAGE)
docker image save -o cache/alpine-env.tar $(ALPINE_IMAGE) docker image save -o cache/alpine-env.tar $(ALPINE_IMAGE)
docker image save -o cache/busybox-env.tar $(BUSYBOX_IMAGE) docker image save -o cache/busybox-env.tar $(BUSYBOX_IMAGE)
.PHONY: load
load: load:
docker image load -i cache/ubuntu-env.tar docker image load -i cache/ubuntu-env.tar
docker image load -i cache/alpine-env.tar docker image load -i cache/alpine-env.tar
@ -52,16 +69,19 @@ load:
## UBUNTU ####################################################### ## UBUNTU #######################################################
.PHONY: acceptance-ubuntu-20.04
acceptance-ubuntu-20.04: ubuntu-20.04 acceptance-ubuntu-20.04: ubuntu-20.04
$(call title,ubuntu:20.04 - acceptance) $(call title,ubuntu:20.04 - acceptance)
$(DOCKER_RUN) $(UBUNTU_IMAGE) \ $(DOCKER_RUN) $(UBUNTU_IMAGE) \
$(ACCEPTANCE_CMD) $(ACCEPTANCE_CMD)
.PHONY: unit-ubuntu-20.04
unit-ubuntu-20.04: ubuntu-20.04 unit-ubuntu-20.04: ubuntu-20.04
$(call title,ubuntu:20.04 - unit) $(call title,ubuntu:20.04 - unit)
$(DOCKER_RUN) $(UBUNTU_IMAGE) \ $(DOCKER_RUN) $(UBUNTU_IMAGE) \
$(UNIT) $(UNIT)
.PHONY: ubuntu-20.04
ubuntu-20.04: ubuntu-20.04:
$(call title,ubuntu:20.04 - build environment) $(call title,ubuntu:20.04 - build environment)
docker build -t $(UBUNTU_IMAGE) -f $(ENVS)/Dockerfile-ubuntu-20.04 . docker build -t $(UBUNTU_IMAGE) -f $(ENVS)/Dockerfile-ubuntu-20.04 .
@ -70,11 +90,13 @@ ubuntu-20.04:
# note: unit tests cannot be run with sh (alpine dosn't have bash by default) # note: unit tests cannot be run with sh (alpine dosn't have bash by default)
.PHONY: acceptance-alpine-3.6
acceptance-alpine-3.6: alpine-3.6 acceptance-alpine-3.6: alpine-3.6
$(call title,alpine:3.6 - acceptance) $(call title,alpine:3.6 - acceptance)
$(DOCKER_RUN) $(ALPINE_IMAGE) \ $(DOCKER_RUN) $(ALPINE_IMAGE) \
$(ACCEPTANCE_CMD) $(ACCEPTANCE_CMD)
.PHONY: alpine-3.6
alpine-3.6: alpine-3.6:
$(call title,alpine:3.6 - build environment) $(call title,alpine:3.6 - build environment)
docker build -t $(ALPINE_IMAGE) -f $(ENVS)/Dockerfile-alpine-3.6 . docker build -t $(ALPINE_IMAGE) -f $(ENVS)/Dockerfile-alpine-3.6 .
@ -85,12 +107,14 @@ alpine-3.6:
# note: busybox by default will not have cacerts, so you will get TLS warnings (we want to test under these conditions) # note: busybox by default will not have cacerts, so you will get TLS warnings (we want to test under these conditions)
.PHONY: acceptance-busybox-1.35
acceptance-busybox-1.35: busybox-1.35 acceptance-busybox-1.35: busybox-1.35
$(call title,busybox-1.35 - acceptance) $(call title,busybox-1.35 - acceptance)
$(DOCKER_RUN) $(BUSYBOX_IMAGE) \ $(DOCKER_RUN) $(BUSYBOX_IMAGE) \
$(ACCEPTANCE_CMD) $(ACCEPTANCE_CMD)
@echo "\n*** test note: you should see grype spit out a 'x509: certificate signed by unknown authority' error --this is expected ***" @echo "\n*** test note: you should see grype spit out a 'x509: certificate signed by unknown authority' error --this is expected ***"
.PHONY: busybox-1.35
busybox-1.35: busybox-1.35:
$(call title,busybox-1.35 - build environment) $(call title,busybox-1.35 - build environment)
docker pull $(BUSYBOX_IMAGE) docker pull $(BUSYBOX_IMAGE)