open-source-mirrors
/
recyclarr
mirror of https://github.com/recyclarr/recyclarr
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: Correct executable bit permissions on binary releases

Browse Source 
Due to [an issue][1] with the `actions/upload-artifact` action, when
binaries are uploaded they lose permission bits and `xattr` properties.
Composite actions `upload-tar` and `download-tar` have been added that
tarball the artifacts before uploading them to retain those properties.

[1]: https://github.com/actions/upload-artifact/issues/38
snyk
Robert Dailey 1 year ago
parent df07f7ddf6
commit e1f1872cb7
11 changed files with 106 additions and 41 deletions
Show Stats Download Patch File Download Diff File

25
.github/actions/download-tar/action.yml vendored
Unescape View File

@ -0,0 +1,25 @@
# This custom action exists because of this issue:
# https://github.com/actions/upload-artifact/issues/38
name: Download Tar Artifact
description: >
Download and extract a tar artifact that was previously uploaded in the workflow by the upload-tar
action
inputs:
name:
description: Artifact name
path:
description: Destination path
required: false
runs:
using: composite
steps:
- uses: actions/download-artifact@v3
with:
name: ${{ inputs.name }}
path: ${{ inputs.path }}
- run: ${{ github.action_path }}/untar.sh "${{ inputs.name }}"
working-directory: ${{ inputs.path }}
shell: bash

17
.github/actions/download-tar/untar.sh vendored
Unescape View File

@ -0,0 +1,17 @@
#!/usr/bin/env bash
set -x
name="$1"
if [[ "$name" == '' ]]; then
dirs=(*/)
else
dirs=(.)
fi
for dir in ${dirs[@]}; do
echo "> Extracting: $dir"
pushd "$dir" > /dev/null
tar xvf artifact.tar
rm artifact.tar
popd > /dev/null
done

28
.github/actions/upload-tar/action.yml vendored
Unescape View File

@ -0,0 +1,28 @@
# This custom action exists because of this issue:
# https://github.com/actions/upload-artifact/issues/38
name: Upload Tar Artifact
description: Compress files with tar prior to artifacting to keep file privileges.
inputs:
name:
description: Artifact name
path:
description: A directory path. The contents of that directory will be tarballed and uploaded.
required: true
runs:
using: composite
steps:
- run: tar cvf artifact.tar *
shell: bash
working-directory: ${{ inputs.path }}
- uses: actions/upload-artifact@v3
with:
name: ${{ inputs.name }}
path: ${{ inputs.path }}/artifact.tar
- run: rm artifact.tar
shell: bash
working-directory: ${{ inputs.path }}

20
.github/workflows/build.yml vendored
Unescape View File

@ -21,6 +21,7 @@ on:
- "ci/**"
jobs:
#############################################
build-win:
name: Build Windows
secrets: inherit
@ -32,6 +33,7 @@ jobs:
platform: windows-latest
runtime: ${{ matrix.runtime }}
#############################################
build-linux:
name: Build Linux
secrets: inherit
@ -43,6 +45,7 @@ jobs:
platform: ubuntu-latest
runtime: ${{ matrix.runtime }}
#############################################
build-osx:
name: Build Mac OS
secrets: inherit
@ -57,6 +60,7 @@ jobs:
# https://github.com/dotnet/runtime/issues/79267
publish-args: -NoCompress
#############################################
build-musl:
name: Build MUSL
secrets: inherit
@ -70,6 +74,7 @@ jobs:
publish-args: -NoSingleFile
skip-test: true
#############################################
codesign:
name: Apple Signing
runs-on: macos-latest
@ -85,7 +90,7 @@ jobs:
uses: actions/checkout@v3
- name: Download Artifacts
uses: actions/download-artifact@v3
uses: ./.github/actions/download-tar
with:
name: ${{ matrix.runtime }}
path: publish
@ -120,17 +125,19 @@ jobs:
# run: xcrun stapler staple -v publish/recyclarr
- name: Upload Artifacts
uses: actions/upload-artifact@v3
uses: ./.github/actions/upload-tar
with:
name: ${{ matrix.runtime }}
path: publish/*
path: publish
#############################################
docker:
name: Docker
needs: [build-musl]
uses: ./.github/workflows/reusable-docker.yml
secrets: inherit
#############################################
release:
name: Release
runs-on: ubuntu-latest
@ -158,7 +165,7 @@ jobs:
id: gitversion
- name: Download Artifacts
uses: actions/download-artifact@v3
uses: ./.github/actions/download-tar
with:
path: publish
@ -178,12 +185,15 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.DEPLOY_PAT }}
with:
files: archive/*
files: |
archive/**/recyclarr-*.zip
archive/**/recyclarr-*.tar.xz
body: ${{ steps.changelog.outputs.release_notes }}
tag_name: ${{ github.event.create.ref }}
draft: false
prerelease: ${{ steps.gitversion.outputs.preReleaseTag != '' }}
#############################################
# The main purpose of this job is to group all the other jobs together into one single job status
# that can be set as a requirement to merge pull requests. This is easier than enumerating all
# jobs in a workflow to ensure they all pass.

9
.github/workflows/reusable-build.yml vendored
Unescape View File

@ -39,16 +39,15 @@ jobs:
- name: Publish
shell: pwsh
run: |
ci/Publish.ps1 -Runtime ${{ inputs.runtime }} ${{ inputs.publish-args }}
run: ci/Publish.ps1 -Runtime ${{ inputs.runtime }} ${{ inputs.publish-args }}
- name: Smoke
if: endsWith(inputs.runtime, 'x64') && !inputs.skip-test
shell: pwsh
run: ci/SmokeTest.ps1 publish/${{ inputs.runtime }}/recyclarr
- name: Upload Artifacts
uses: actions/upload-artifact@v3
- name: Upload Artifact
uses: ./.github/actions/upload-tar
with:
name: ${{ inputs.runtime }}
path: publish/${{ inputs.runtime }}/*
path: publish/${{ inputs.runtime }}

2
.github/workflows/reusable-docker.yml vendored
Unescape View File

@ -45,7 +45,7 @@ jobs:
${{ env.SEMVER }},pattern={{major}}
- name: Grab Artifacts
uses: actions/download-artifact@v3
uses: ./.github/actions/download-tar
with:
path: docker/artifacts

4
CHANGELOG.md
Unescape View File

@ -8,6 +8,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased]
### Fixed
- Releases now retain executable permissions on Linux and macOS.
## [4.0.1] - 2022-12-21
### Changed

4
docker/BuildAndRun.ps1
Unescape View File

@ -1,7 +1,7 @@
[CmdletBinding()]
param (
[string[]] $RunArgs,
[string] $Runtime = "linux-musl-x64"
[string] $Runtime = "linux-musl-x64",
[string[]] $RunArgs
)
$ErrorActionPreference = "Stop"

20
docker/Dockerfile
Unescape View File

@ -1,17 +1,15 @@
FROM mcr.microsoft.com/dotnet/sdk:7.0-alpine AS build
FROM mcr.microsoft.com/dotnet/runtime:7.0-alpine as base
WORKDIR /build
FROM base AS base-arm
ENV RUNTIME=linux-musl-arm
ARG TARGETPLATFORM
FROM base AS base-arm64
ENV RUNTIME=linux-musl-arm64
RUN apk add unzip bash
FROM base AS base-amd64
ENV RUNTIME=linux-musl-x64
COPY --chmod=544 ./scripts/build/*.sh .
COPY ./artifacts ./artifacts
RUN ./build.sh
#############################################################################
FROM mcr.microsoft.com/dotnet/runtime:7.0-alpine AS final
FROM base-$TARGETARCH AS final
# Required by environment and/or dotnet
ENV PATH="${PATH}:/app/recyclarr" \
@ -23,7 +21,7 @@ RUN set -ex; \
apk add --no-cache bash tzdata supercronic git tini; \
mkdir -p /config && chown 1000:1000 /config;
COPY --from=build /build/publish /app/recyclarr/
COPY ./artifacts/$RUNTIME /app/recyclarr/
COPY --chmod=555 ./scripts/prod/*.sh /
USER 1000:1000

2
docker/docker-compose.yml
Unescape View File

@ -10,7 +10,7 @@ services:
build:
context: .
args:
- TARGETPLATFORM=linux/amd64
- TARGETARCH=amd64
networks: [recyclarr]
volumes:
- ./config:/config

16
docker/scripts/build/build.sh
Unescape View File

@ -1,16 +0,0 @@
#!/usr/bin/env bash
set -ex
# Determine the runtime from the target platform provided by Docker Buildx
case "$TARGETPLATFORM" in
"linux/arm/v7") runtime="linux-musl-arm" ;;
"linux/arm64") runtime="linux-musl-arm64" ;;
"linux/amd64") runtime="linux-musl-x64" ;;
*) echo >&2 "ERROR: Unsupported target platform: $TARGETPLATFORM"; exit 1 ;;
esac
path="artifacts/$runtime/"
mv "$path" publish
chmod a+rx publish/recyclarr
Write Preview
Loading…
Cancel
Save