feat: new install anf run script (#3075)

* feat: new install anf run script - move away from deprecated git.io - support distribution - verify checksums and signature closes #3074 Signed-off-by: Carlos A Becker <caarlos0@gmail.com> * fix: rename script Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2024-12-31 01:53:50 +02:00 · 2022-04-29 08:11:04 -03:00 · 2022-04-29 08:11:04 -03:00 · 97db97df87
commit 97db97df87
parent 546325d912
7 changed files with 81 additions and 7 deletions
--- a/www/docs/ci/circle.md
+++ b/www/docs/ci/circle.md
@ -21,5 +21,5 @@ jobs:
      - image: cimg/go:1.18
    steps:
      - checkout
-      - run: curl -sL https://git.io/goreleaser | bash
+      - run: curl -sfL https://goreleaser.com/static/run | bash
 ```
--- a/www/docs/ci/drone.md
+++ b/www/docs/ci/drone.md
@ -105,7 +105,7 @@ pipeline:
    image: golang:1.10
    secrets: [github_token]
    commands:
-      curl -sL https://git.io/goreleaser | bash
+      curl -sfL https://goreleaser.com/static/run | bash
    when:
      event: tag
 ```
--- a/www/docs/ci/jenkins.md
+++ b/www/docs/ci/jenkins.md
@ -29,9 +29,9 @@ pipeline {
      }

      steps {
-        sh 'curl -sL https://git.io/goreleaser | bash'
+        sh 'curl -sfL https://goreleaser.com/static/run | bash'
      }
    }
  }
 }
-```
+```
--- a/www/docs/ci/semaphore.md
+++ b/www/docs/ci/semaphore.md
@ -63,7 +63,7 @@ blocks:
      jobs:
      - name: goreleaser
        commands:
-          - curl -sL https://git.io/goreleaser | bash
+          - curl -sfL https://goreleaser.com/static/run | bash
 ```

 The following YAML file, `createSecret.yml` creates a new secret item that is
--- a/www/docs/ci/travis.md
+++ b/www/docs/ci/travis.md
@ -19,7 +19,7 @@ services:

 script:
  - go test ./... # replace this with your test script
-  - curl -sfL https://git.io/goreleaser | sh -s -- check # check goreleaser config for deprecations
+  - curl -sfL https://goreleaser.com/static/run | bash -s -- check # check goreleaser config for deprecations

 after_success:
 # Docker login is required if you want to push Docker images.
@ -36,7 +36,7 @@ after_success:
 deploy:
 - provider: script
  skip_cleanup: true
-  script: curl -sL https://git.io/goreleaser | bash
+  script: curl -sfL https://goreleaser.com/static/run | bash
  on:
    tags: true
    condition: $TRAVIS_OS_NAME = linux
--- a/www/docs/install.md
+++ b/www/docs/install.md
@ -118,6 +118,32 @@ Below you can find the steps for each of them.
    go install github.com/goreleaser/goreleaser@latest
    ```

+### bash script
+
+This might be useful if you need to run it in a CI or Makefile.
+Note that the script will try to download the latest version, verify its
+checksums and signagures (if cosign is installed), and run it.
+
+=== "OSS"
+    ```sh
+    curl -sfL https://goreleaser.com/static/run | bash
+    ```
+
+=== "Pro"
+    ```sh
+    curl -sfL https://goreleaser.com/static/run | DISTRIBUTION=pro bash
+    ```
+
+You can also set a `VERSION` variable to specify a version instead of using
+latest.
+
+You can also pass flags and args to GoReleaser:
+
+```bash
+curl -sfL https://goreleaser.com/static/run |
+  VERSION=__VERSION__ DISTRIBUTION=oss bash -s -- check
+```
+
 ### manually

 === "OSS"
--- a/www/docs/static/run
+++ b/www/docs/static/run
@ -0,0 +1,48 @@
+#!/bin/sh
+set -e
+
+if test "$DISTRIBUTION" = "pro"; then
+	echo "Using Pro distribution..."
+	RELEASES_URL="https://github.com/goreleaser/goreleaser-pro/releases"
+	FILE_BASENAME="goreleaser-pro"
+else
+	echo "Using the OSS distribution..."
+	RELEASES_URL="https://github.com/goreleaser/goreleaser/releases"
+	FILE_BASENAME="goreleaser"
+fi
+
+test -z "$VERSION" && VERSION="$(curl -sfL -o /dev/null -w %{url_effective} "$RELEASES_URL/latest" |
+		rev |
+		cut -f1 -d'/'|
+		rev)"
+
+test -z "$VERSION" && {
+	echo "Unable to get goreleaser version." >&2
+	exit 1
+}
+
+test -z "$TMPDIR" && TMPDIR="$(mktemp -d)"
+export TAR_FILE="$TMPDIR/${FILE_BASENAME}_$(uname -s)_$(uname -m).tar.gz"
+
+(
+	cd "$TMPDIR"
+	echo "Downloading GoReleaser $VERSION..."
+	curl -sfLo "$TAR_FILE" \
+		"$RELEASES_URL/download/$VERSION/${FILE_BASENAME}_$(uname -s)_$(uname -m).tar.gz"
+	curl -sfLo "checksums.txt" "$RELEASES_URL/download/$VERSION/checksums.txt"
+	curl -sfLo "checksums.txt.sig" "$RELEASES_URL/download/$VERSION/checksums.txt.sig"
+	echo "Verifying checksums..."
+	sha256sum --ignore-missing --quiet --check checksums.txt
+	if command -v cosign >/dev/null 2>&1; then
+		echo "Verifying signatures..."
+		COSIGN_EXPERIMENTAL=1 cosign verify-blob \
+			--signature checksums.txt.sig \
+			checksums.txt
+	else
+		echo "Could not verify signatures, cosign is not installed."
+	fi
+)
+
+tar -xf "$TAR_FILE" -C "$TMPDIR"
+"${TMPDIR}/goreleaser" "$@"
+