regclient-actions/regctl-installer/action.yml

name: regctl-installer
author: regclient
description: 'Install regctl or other regclient binaries'
branding:
  icon: 'layers'
  color: 'blue'
inputs:
  release:
    description: 'version to install'
    required: false
    default: 'latest'
  install-dir:
    description: 'where to install the binary'
    required: false
    default: '$HOME/.regctl/bin'
  binary:
    description: 'which binary to install (regctl, regsync, or regbot)'
    required: false
    default: 'regctl'
runs:
  using: 'composite'
  steps:
    - shell: bash
      run: |
        #!/bin/bash
        set -ex
        shopt -s expand_aliases
        if [ -z "$NO_COLOR" ]; then
          alias log_info="echo -e \"\033[1;32mINFO\033[0m:\""
          alias log_error="echo -e \"\033[1;31mERROR\033[0m:\""
        else
          alias log_info="echo \"INFO:\""
          alias log_error="echo \"ERROR:\""
        fi
        mkdir -p "${{ inputs.install-dir }}"
        url_base="https://github.com/regclient/regclient"
        url_ext=""
        if [ "${{ runner.os }}" = "Windows" ]; then
          url_ext=".exe"
        fi
        if [ "${{ inputs.release }}" = "main" ]; then
          log_info "Installing ${{ inputs.binary }} using go install from main..."
          go install github.com/regclient/regclient/cmd/${{ inputs.binary }}@main
          GOPATH=$(go env GOPATH)
          ln -s "$GOPATH/bin/${{ inputs.binary }}${url_ext}" "${{ inputs.install-dir }}/${{ inputs.binary }}${url_ext}"
          exit 0
        elif [ "${{ inputs.release }}" = "latest" ]; then
          url_release="releases/latest/download"
        else
          url_release="releases/download/${{ inputs.release }}"
        fi
        case "${{ runner.os }}-${{ runner.arch }}" in
          Linux-X64)   url_platform="linux-amd64" ;;
          Linux-ARM64) url_platform="linux-arm64" ;;
          macOS-X64)   url_platform="darwin-amd64" ;;
          macOS-ARM64) url_platform="darwin-arm64" ;;
          Windows-X64) url_platform="windows-amd64" ;;
          *)
            log_error "architecture not supported: ${{ runner.os }}-${{ runner.arch }}"
            exit 1
            ;;
        esac
        curl -sL "${url_base}/${url_release}/${{ inputs.binary }}-${url_platform}${url_ext}" -o "${{ inputs.install-dir }}/${{ inputs.binary }}${url_ext}"
        chmod +x "${{ inputs.install-dir }}/${{ inputs.binary }}${url_ext}"
        if [ -x "$(command -v cosign)" ]; then
          curl -L "${url_base}/${url_release}/metadata.tgz" >metadata.tgz
          if tar -xzf metadata.tgz "${{ inputs.binary }}-${url_platform}.pem" "${{ inputs.binary }}-${url_platform}.sig"; then
          cosign verify-blob \
            --certificate-oidc-issuer https://token.actions.githubusercontent.com \
            --certificate-identity-regexp https://github.com/regclient/regclient/.github/workflows/ \
            --certificate "${{ inputs.binary }}-${url_platform}.pem" \
            --signature "${{ inputs.binary }}-${url_platform}.sig" \
            "${{ inputs.install-dir }}/${{ inputs.binary }}${url_ext}"
            rm metadata.tgz "${{ inputs.binary }}-${url_platform}.pem" "${{ inputs.binary }}-${url_platform}.sig"
          else
            log_error "metadata not available for cosign verification"
            rm metadata.tgz
          fi
        fi
        log_info "install complete"
    - if: ${{ runner.os == 'Linux' || runner.os == 'macOS' }}
      shell: bash
      run:  echo "${{ inputs.install-dir }}" >> $GITHUB_PATH
    - if: ${{ runner.os == 'Windows' }}
      shell: pwsh
      run:  echo "${{ inputs.install-dir }}" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append