stellar-cli/action.yml at main · stellar/stellar-cli · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
---
name: "Install stellar-cli"
description: "Install the stellar-cli"
inputs:
  version:
    description: |
      Recommended for use only in testing new versions of the action prior to
      release. For regular use, use the version of the action corresponding to
      the version of the stellar-cli that should be installed.
    required: false
runs:
  using: "composite"
  steps:
    - name: Setup install path
      shell: bash
      run: |
        mkdir -p $HOME/.local/bin
        echo "$HOME/.local/bin" >> $GITHUB_PATH

    - name: Determine version to install
      id: version
      shell: bash
      run: |
        version=`echo $VERSION | sed 's/v//'`
        echo "using version: $version"
        echo "version=$version" >> "$GITHUB_OUTPUT"
      env:
        VERSION: ${{ inputs.version || github.action_ref }}

    - name: Set bin name
      shell: bash
      run: |
        case "${{ runner.os }}-${{ runner.arch }}" in
        'Windows-X64')
          stellar_binary=stellar.exe
          ;;
        *)
          stellar_binary=stellar
        esac
        echo "stellar_binary=$stellar_binary" >> "$GITHUB_ENV"

    - name: Copy binary to install location
      shell: bash
      run: |
        version="${{ steps.version.outputs.version }}"
        case "${{ runner.os }}-${{ runner.arch }}" in
        'Linux-X64')
          os_arch=x86_64-unknown-linux-gnu
          ;;
        'Linux-ARM64')
          os_arch=aarch64-unknown-linux-gnu
          ;;
        'macOS-X64')
          os_arch=x86_64-apple-darwin
          ;;
        'macOS-ARM64')
          os_arch=aarch64-apple-darwin
          ;;
        'Windows-X64')
          os_arch=x86_64-pc-windows-msvc
          ;;
        *)
          echo "Unsupported OS / Arch pair: ${{ runner.os }} ${{ runner.arch }}" >&2
          exit 1
        esac
        file="stellar-cli-$version-$os_arch.tar.gz"
        url="https://github.com/stellar/stellar-cli/releases/download/v$version/$file"
        echo "$url"
        curl -fL "$url" | tar xvz -C $HOME/.local/bin

    - name: Verify binary against attestation
      shell: bash
      env:
        GH_TOKEN: ${{ github.token }}
      run: |
        version="${{ steps.version.outputs.version }}"
        subject="$(gh attestation verify ~/.local/bin/${{ env.stellar_binary }} --repo stellar/stellar-cli --format json -q '.[].verificationResult.signature.certificate.subjectAlternativeName')"
        echo "Found subject: $subject" >&2
        expected_subject="https://github.com/stellar/stellar-cli/.github/workflows/binaries.yml@refs/tags/v$version"
        echo "Expected subject: $expected_subject" >&2
        if [[ "$subject" != "$expected_subject" ]]; then
          echo "Attestation verification found unexpected subject" >&2
          exit 1
        fi

    - name: Show CLI version
      shell: bash
      run: |
        ${{ env.stellar_binary }} --version