open-component-model · morri-son · Jan 10, 2024 · Jan 8, 2024 · Jan 10, 2024
diff --git a/.github/workflows/mend_scan.yaml b/.github/workflows/mend_scan.yaml
@@ -9,6 +9,9 @@ on:
   pull_request:
     branches:    
       - main
+  pull_request_target:
+    branches:    
+      - main
   workflow_dispatch:
     inputs:
       logLevel:

diff --git a/go.mod b/go.mod
@@ -149,7 +149,7 @@ require (
 	github.com/chai2010/gettext-go v1.0.2 // indirect
 	github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect
 	github.com/clbanning/mxj/v2 v2.7.0 // indirect
-	github.com/cloudflare/circl v1.3.5 // indirect
+	github.com/cloudflare/circl v1.3.7 // indirect
 	github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect
 	github.com/containerd/containerd v1.7.4 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect

diff --git a/go.sum b/go.sum
@@ -357,8 +357,8 @@ github.com/cloudflare/cfssl v0.0.0-20180223231731-4e2dcbde5004 h1:lkAMpLVBDaj17e
 github.com/cloudflare/cfssl v0.0.0-20180223231731-4e2dcbde5004/go.mod h1:yMWuSON2oQp+43nFtAV/uvKQIFpSPerB57DCt9t8sSA=
 github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I=
 github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
-github.com/cloudflare/circl v1.3.5 h1:g+wWynZqVALYAlpSQFAa7TscDnUK8mKYtrxMpw6AUKo=
-github.com/cloudflare/circl v1.3.5/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
+github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
+github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
 github.com/cloudfoundry-incubator/candiedyaml v0.0.0-20170901234223-a41693b7b7af h1:6Cpkahw28+gcBdnXQL7LcMTX488+6jl6hfoTMRT6Hm4=
 github.com/cloudfoundry-incubator/candiedyaml v0.0.0-20170901234223-a41693b7b7af/go.mod h1:dOLSIXcRQJiDS1vlrYFNJicoHNZLsBKideE+70hGdV4=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=

diff --git a/install b/install
@@ -0,0 +1,195 @@
+#!/usr/bin/env bash
+set -e
+
+DEFAULT_BIN_DIR="/usr/local/bin"
+BIN_DIR=${1:-"${DEFAULT_BIN_DIR}"}
+GITHUB_REPO="open-component-model/MPAS"
+
+# Helper functions for logs
+info() {
+    echo '[INFO] ' "$@"
+}
+
+warn() {
+    echo '[WARN] ' "$@" >&2
+}
+
+fatal() {
+    echo '[ERROR] ' "$@" >&2
+    exit 1
+}
+
+# Set os, fatal if operating system not supported
+setup_verify_os() {
+    if [[ -z "${OS}" ]]; then
+        OS=$(uname)
+    fi
+    case ${OS} in
+        Darwin)
+            OS=darwin
+            ;;
+        Linux)
+            OS=linux
+            ;;
+        *)
+            fatal "Unsupported operating system ${OS}"
+    esac
+}
+
+# Set arch, fatal if architecture not supported
+setup_verify_arch() {
+    if [[ -z "${ARCH}" ]]; then
+        ARCH=$(uname -m)
+    fi
+    case ${ARCH} in
+        arm|armv7l)
+            ARCH=arm
+            ;;
+        arm64|aarch64|armv8l)
+            ARCH=arm64
+            ;;
+        amd64)
+            ARCH=amd64
+            ;;
+        x86_64)
+            ARCH=amd64
+            ;;
+        *)
+            fatal "Unsupported architecture ${ARCH}"
+    esac
+}
+
+# Verify existence of downloader executable
+verify_downloader() {
+    # Return failure if it doesn't exist or is no executable
+    [[ -x "$(which "$1")" ]] || return 1
+
+    # Set verified executable as our downloader program and return success
+    DOWNLOADER=$1
+    return 0
+}
+
+# Create tempory directory and cleanup when done
+setup_tmp() {
+    TMP_DIR=$(mktemp -d -t mpas-install.XXXXXXXXXX)
+    TMP_METADATA="${TMP_DIR}/mpas.json"
+    TMP_HASH="${TMP_DIR}/mpas.hash"
+    TMP_BIN="${TMP_DIR}/mpas.tar.gz"
+    cleanup() {
+        local code=$?
+        set +e
+        trap - EXIT
+        rm -rf "${TMP_DIR}"
+        exit ${code}
+    }
+    trap cleanup INT EXIT
+}
+
+# Find version from Github metadata
+get_release_version() {
+    if [[ -n "${mpas_VERSION}" ]]; then
+      SUFFIX_URL="tags/v${mpas_VERSION}"
+    else
+      SUFFIX_URL="latest"
+    fi
+
+    METADATA_URL="https://api.github.com/repos/${GITHUB_REPO}/releases/${SUFFIX_URL}"
+
+    info "Downloading metadata ${METADATA_URL}"
+    download "${TMP_METADATA}" "${METADATA_URL}"
+
+    VERSION_mpas=$(grep '"tag_name":' "${TMP_METADATA}" | sed -E 's/.*"([^"]+)".*/\1/' | cut -c 2-)
+    if [[ -n "${VERSION_mpas}" ]]; then
+        info "Using ${VERSION_mpas} as release"
+    else
+        fatal "Unable to determine release version"
+    fi
+}
+
+# Download from file from URL
+download() {
+    [[ $# -eq 2 ]] || fatal 'download needs exactly 2 arguments'
+
+    case $DOWNLOADER in
+        curl)
+            curl -u user:$GITHUB_TOKEN -o "$1" -sfL "$2"
+            ;;
+        wget)
+            wget --auth-no-challenge --user=user --password=$GITHUB_TOKEN -qO "$1" "$2"
+            ;;
+        *)
+            fatal "Incorrect executable '${DOWNLOADER}'"
+            ;;
+    esac
+
+    # Abort if download command failed
+    [[ $? -eq 0 ]] || fatal 'Download failed'
+}
+
+# Download hash from Github URL
+download_hash() {
+    HASH_URL="https://github.com/${GITHUB_REPO}/releases/download/v${VERSION_mpas}/mpas_${VERSION_mpas}_checksums.txt"
+    info "Downloading hash ${HASH_URL}"
+    download "${TMP_HASH}" "${HASH_URL}"
+    HASH_EXPECTED=$(grep " mpas_${VERSION_mpas}_${OS}_${ARCH}.tar.gz$" "${TMP_HASH}")
+    HASH_EXPECTED=${HASH_EXPECTED%%[[:blank:]]*}
+}
+
+# Download binary from Github URL
+download_binary() {
+    BIN_URL="https://github.com/${GITHUB_REPO}/releases/download/v${VERSION_mpas}/mpas_${VERSION_mpas}_${OS}_${ARCH}.tar.gz"
+    info "Downloading binary ${BIN_URL}"
+    download "${TMP_BIN}" "${BIN_URL}"
+}
+
+compute_sha256sum() {
+  cmd=$(which sha256sum shasum | head -n 1)
+  case $(basename "$cmd") in
+    sha256sum)
+      sha256sum "$1" | cut -f 1 -d ' '
+      ;;
+    shasum)
+      shasum -a 256 "$1" | cut -f 1 -d ' '
+      ;;
+    *)
+      fatal "Can not find sha256sum or shasum to compute checksum"
+      ;;
+  esac
+}
+
+# Verify downloaded binary hash
+verify_binary() {
+    info "Verifying binary download"
+    HASH_BIN=$(compute_sha256sum "${TMP_BIN}")
+    HASH_BIN=${HASH_BIN%%[[:blank:]]*}
+    if [[ "${HASH_EXPECTED}" != "${HASH_BIN}" ]]; then
+        fatal "Download sha256 does not match ${HASH_EXPECTED}, got ${HASH_BIN}"
+    fi
+}
+
+# Setup permissions and move binary
+setup_binary() {
+    chmod 755 "${TMP_BIN}"
+    info "Installing mpas to ${BIN_DIR}/mpas"
+    tar -xzof "${TMP_BIN}" -C "${TMP_DIR}"
+
+    local CMD_MOVE="mv -f \"${TMP_DIR}/mpas\" \"${BIN_DIR}\""
+    if [[ -w "${BIN_DIR}" ]]; then
+        eval "${CMD_MOVE}"
+    else
+        eval "sudo ${CMD_MOVE}"
+    fi
+}
+
+# Run the install process
+{
+    setup_verify_os
+    setup_verify_arch
+    verify_downloader curl || verify_downloader wget || fatal 'Can not find curl or wget for downloading files'
+    setup_tmp
+    get_release_version
+    download_hash
+    download_binary
+    verify_binary
+    setup_binary
+}