1
0
mirror of https://github.com/goreleaser/goreleaser.git synced 2025-01-26 04:22:05 +02:00
Carlos Alexandro Becker de1c52b466 fix: improve run script
- if `VERSION` ends with `-pro`, set `DISTRIBUTION` to `pro`
- if `DISTRIBUTION` is `pro`, and `VERSION` does not have the `-pro`
  suffix, add it

closes #4374
2023-10-25 22:51:30 -03:00

62 lines
1.8 KiB
Bash
Executable File

#!/bin/bash
set -e
if [[ "$VERSION" == *-pro ]]; then
DISTRIBUTION="pro"
fi
if test "$DISTRIBUTION" = "pro"; then
echo "Using Pro distribution..."
RELEASES_URL="https://github.com/goreleaser/goreleaser-pro/releases"
FILE_BASENAME="goreleaser-pro"
LATEST="$(curl -sf https://goreleaser.com/static/latest-pro)"
else
echo "Using the OSS distribution..."
RELEASES_URL="https://github.com/goreleaser/goreleaser/releases"
FILE_BASENAME="goreleaser"
LATEST="$(curl -sf https://goreleaser.com/static/latest)"
fi
test -z "$VERSION" && VERSION="$LATEST"
test -z "$VERSION" && {
echo "Unable to get goreleaser version." >&2
exit 1
}
if test "$DISTRIBUTION" = "pro" && [[ "$VERSION" != *-pro ]]; then
VERSION="$VERSION-pro"
fi
TMP_DIR="$(mktemp -d)"
# shellcheck disable=SC2064 # intentionally expands here
trap "rm -rf \"$TMP_DIR\"" EXIT INT TERM
OS="$(uname -s)"
ARCH="$(uname -m)"
test "$ARCH" = "aarch64" && ARCH="arm64"
TAR_FILE="${FILE_BASENAME}_${OS}_${ARCH}.tar.gz"
(
cd "$TMP_DIR"
echo "Downloading GoReleaser $VERSION..."
curl -sfLO "$RELEASES_URL/download/$VERSION/$TAR_FILE"
curl -sfLO "$RELEASES_URL/download/$VERSION/checksums.txt"
echo "Verifying checksums..."
sha256sum --ignore-missing --quiet --check checksums.txt
if command -v cosign >/dev/null 2>&1; then
echo "Verifying signatures..."
cosign verify-blob \
--certificate-identity-regexp "https://github.com/goreleaser/goreleaser.*/.github/workflows/.*.yml@refs/tags/$VERSION" \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--cert "$RELEASES_URL/download/$VERSION/checksums.txt.pem" \
--signature "$RELEASES_URL/download/$VERSION/checksums.txt.sig" \
checksums.txt
else
echo "Could not verify signatures, cosign is not installed."
fi
)
tar -xf "$TMP_DIR/$TAR_FILE" -C "$TMP_DIR"
"$TMP_DIR/goreleaser" "$@"