1
0
mirror of https://github.com/goreleaser/goreleaser.git synced 2025-01-24 04:16:27 +02:00
Carlos Alexandro Becker 97db97df87
feat: new install anf run script (#3075)
* feat: new install anf run script

- move away from deprecated git.io
- support distribution
- verify checksums and signature

closes #3074

Signed-off-by: Carlos A Becker <caarlos0@gmail.com>

* fix: rename script

Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
2022-04-29 08:11:04 -03:00

49 lines
1.4 KiB
Bash
Executable File

#!/bin/sh
set -e
if test "$DISTRIBUTION" = "pro"; then
echo "Using Pro distribution..."
RELEASES_URL="https://github.com/goreleaser/goreleaser-pro/releases"
FILE_BASENAME="goreleaser-pro"
else
echo "Using the OSS distribution..."
RELEASES_URL="https://github.com/goreleaser/goreleaser/releases"
FILE_BASENAME="goreleaser"
fi
test -z "$VERSION" && VERSION="$(curl -sfL -o /dev/null -w %{url_effective} "$RELEASES_URL/latest" |
rev |
cut -f1 -d'/'|
rev)"
test -z "$VERSION" && {
echo "Unable to get goreleaser version." >&2
exit 1
}
test -z "$TMPDIR" && TMPDIR="$(mktemp -d)"
export TAR_FILE="$TMPDIR/${FILE_BASENAME}_$(uname -s)_$(uname -m).tar.gz"
(
cd "$TMPDIR"
echo "Downloading GoReleaser $VERSION..."
curl -sfLo "$TAR_FILE" \
"$RELEASES_URL/download/$VERSION/${FILE_BASENAME}_$(uname -s)_$(uname -m).tar.gz"
curl -sfLo "checksums.txt" "$RELEASES_URL/download/$VERSION/checksums.txt"
curl -sfLo "checksums.txt.sig" "$RELEASES_URL/download/$VERSION/checksums.txt.sig"
echo "Verifying checksums..."
sha256sum --ignore-missing --quiet --check checksums.txt
if command -v cosign >/dev/null 2>&1; then
echo "Verifying signatures..."
COSIGN_EXPERIMENTAL=1 cosign verify-blob \
--signature checksums.txt.sig \
checksums.txt
else
echo "Could not verify signatures, cosign is not installed."
fi
)
tar -xf "$TAR_FILE" -C "$TMPDIR"
"${TMPDIR}/goreleaser" "$@"