diff --git a/scripts/ci/ensure_cc.sh b/scripts/ci/ensure_cc.sh index e4edbf130..753d3e33c 100755 --- a/scripts/ci/ensure_cc.sh +++ b/scripts/ci/ensure_cc.sh @@ -6,6 +6,15 @@ print_cc_info() { cc --version | head -n1 || true } +print_ar_info() { + echo "Archiver available: $(command -v ar)" + ar --version 2>/dev/null | head -n1 || true +} + +toolchain_ready() { + command -v cc >/dev/null 2>&1 && command -v ar >/dev/null 2>&1 +} + prepend_path() { local dir="$1" export PATH="${dir}:${PATH}" @@ -29,6 +38,39 @@ shim_cc_to_compiler() { echo "::notice::Created 'cc' shim from ${compiler_path}." } +shim_ar_to_tool() { + local tool="$1" + local tool_path + local shim_dir + if ! command -v "${tool}" >/dev/null 2>&1; then + return 1 + fi + tool_path="$(command -v "${tool}")" + shim_dir="${RUNNER_TEMP:-/tmp}/cc-shim" + mkdir -p "${shim_dir}" + ln -sf "${tool_path}" "${shim_dir}/ar" + prepend_path "${shim_dir}" + echo "::notice::Created 'ar' shim from ${tool_path}." +} + +ensure_archiver() { + if command -v ar >/dev/null 2>&1; then + return 0 + fi + shim_ar_to_tool llvm-ar && return 0 + shim_ar_to_tool gcc-ar && return 0 + return 1 +} + +finish_if_ready() { + ensure_archiver || true + if toolchain_ready; then + print_cc_info + print_ar_info + exit 0 + fi +} + run_as_privileged() { if [ "$(id -u)" -eq 0 ]; then "$@" @@ -44,11 +86,11 @@ run_as_privileged() { install_cc_toolchain() { if command -v apt-get >/dev/null 2>&1; then run_as_privileged apt-get update - run_as_privileged env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends build-essential pkg-config + run_as_privileged env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends build-essential binutils pkg-config elif command -v yum >/dev/null 2>&1; then - run_as_privileged yum install -y gcc gcc-c++ make pkgconfig + run_as_privileged yum install -y gcc gcc-c++ binutils make pkgconfig elif command -v dnf >/dev/null 2>&1; then - run_as_privileged dnf install -y gcc gcc-c++ make pkgconf-pkg-config + run_as_privileged dnf install -y gcc gcc-c++ binutils make pkgconf-pkg-config elif command -v apk >/dev/null 2>&1; then run_as_privileged apk add --no-cache build-base pkgconf else @@ -120,23 +162,26 @@ done "${zig_bin}" cc "\${args[@]}" EOF chmod +x "${shim_dir}/cc" + cat > "${shim_dir}/ar" </dev/null 2>&1; then - print_cc_info - exit 0 + finish_if_ready fi -if shim_cc_to_compiler clang && command -v cc >/dev/null 2>&1; then - print_cc_info - exit 0 +if shim_cc_to_compiler clang; then + finish_if_ready fi -if shim_cc_to_compiler gcc && command -v cc >/dev/null 2>&1; then - print_cc_info - exit 0 +if shim_cc_to_compiler gcc; then + finish_if_ready fi echo "::warning::Missing 'cc' on runner. Attempting package-manager install." @@ -145,24 +190,20 @@ if ! install_cc_toolchain; then fi if command -v cc >/dev/null 2>&1; then - print_cc_info - exit 0 + finish_if_ready fi -if install_zig_cc_shim && command -v cc >/dev/null 2>&1; then - print_cc_info - exit 0 +if install_zig_cc_shim; then + finish_if_ready fi -if shim_cc_to_compiler clang && command -v cc >/dev/null 2>&1; then - print_cc_info - exit 0 +if shim_cc_to_compiler clang; then + finish_if_ready fi -if shim_cc_to_compiler gcc && command -v cc >/dev/null 2>&1; then - print_cc_info - exit 0 +if shim_cc_to_compiler gcc; then + finish_if_ready fi -echo "::error::Failed to provision 'cc'. Install a compiler toolchain or configure passwordless sudo on the runner." +echo "::error::Failed to provision 'cc' and 'ar'. Install a compiler/binutils toolchain or configure passwordless sudo on the runner." exit 1 diff --git a/scripts/ci/install_syft.sh b/scripts/ci/install_syft.sh index 4b589eb47..f19307f0d 100755 --- a/scripts/ci/install_syft.sh +++ b/scripts/ci/install_syft.sh @@ -7,6 +7,33 @@ set -euo pipefail BIN_DIR="${1:-${RUNNER_TEMP:-/tmp}/bin}" VERSION="${2:-${SYFT_VERSION:-v1.42.1}}" +download_file() { + local url="$1" + local output="$2" + if command -v curl >/dev/null 2>&1; then + curl -sSfL "${url}" -o "${output}" + elif command -v wget >/dev/null 2>&1; then + wget -qO "${output}" "${url}" + else + echo "Missing downloader: install curl or wget" >&2 + return 1 + fi +} + +verify_sha256() { + local checksum_file="$1" + if command -v sha256sum >/dev/null 2>&1; then + sha256sum -c "${checksum_file}" + return + fi + if command -v shasum >/dev/null 2>&1; then + shasum -a 256 -c "${checksum_file}" + return + fi + echo "Neither sha256sum nor shasum is available for checksum verification." >&2 + exit 127 +} + os_name="$(uname -s | tr '[:upper:]' '[:lower:]')" case "$os_name" in linux|darwin) ;; @@ -31,26 +58,12 @@ ARCHIVE="syft_${VERSION#v}_${os_name}_${arch_name}.tar.gz" CHECKSUMS="syft_${VERSION#v}_checksums.txt" BASE_URL="https://github.com/anchore/syft/releases/download/${VERSION}" -verify_sha256() { - local checksum_file="$1" - if command -v sha256sum >/dev/null 2>&1; then - sha256sum -c "$checksum_file" - return - fi - if command -v shasum >/dev/null 2>&1; then - shasum -a 256 -c "$checksum_file" - return - fi - echo "Neither sha256sum nor shasum is available for checksum verification." >&2 - exit 127 -} - mkdir -p "${BIN_DIR}" tmp_dir="$(mktemp -d)" trap 'rm -rf "${tmp_dir}"' EXIT -curl -sSfL "${BASE_URL}/${ARCHIVE}" -o "${tmp_dir}/${ARCHIVE}" -curl -sSfL "${BASE_URL}/${CHECKSUMS}" -o "${tmp_dir}/${CHECKSUMS}" +download_file "${BASE_URL}/${ARCHIVE}" "${tmp_dir}/${ARCHIVE}" +download_file "${BASE_URL}/${CHECKSUMS}" "${tmp_dir}/${CHECKSUMS}" awk -v target="${ARCHIVE}" '$2 == target {print $1 " " $2}' "${tmp_dir}/${CHECKSUMS}" > "${tmp_dir}/syft.sha256" if [ ! -s "${tmp_dir}/syft.sha256" ]; then