diff --git a/install.sh b/install.sh index cf72346f6d5f..359ac5889785 100755 --- a/install.sh +++ b/install.sh @@ -445,7 +445,7 @@ download() { download_hash() { if [ -n "${INSTALL_K3S_PR}" ]; then info "Downloading hash ${GITHUB_PR_URL}" - curl -o ${TMP_ZIP} -H "Authorization: Bearer $GITHUB_TOKEN" -L ${GITHUB_PR_URL} + curl -s -o ${TMP_ZIP} -H "Authorization: Bearer $GITHUB_TOKEN" -L ${GITHUB_PR_URL} unzip -p ${TMP_ZIP} k3s.sha256sum > ${TMP_HASH} else if [ -n "${INSTALL_K3S_COMMIT}" ]; then @@ -481,28 +481,35 @@ get_pr_artifact_url() { fatal "Installing PR builds requires jq" fi + # Check if unzip is installed + if ! [ -x "$(command -v unzip)" ]; then + fatal "Installing PR builds requires unzip" + fi + if [ -z "${GITHUB_TOKEN}" ]; then fatal "Installing PR builds requires GITHUB_TOKEN with k3s-io/k3s repo permissions" fi + # GET request to the GitHub API to retrieve the latest commit SHA from the pull request - pr_raw=$(curl -s -H "Authorization: Bearer $GITHUB_TOKEN" "$github_api_url/pulls/$INSTALL_K3S_PR") - - if ! echo "$pr_raw" | grep -q "Bad credentials.*401" ; then + set +e + commit_id=$(curl -f -s -H "Authorization: Bearer ${GITHUB_TOKEN}" "${github_api_url}/pulls/${INSTALL_K3S_PR}" | jq -r '.head.sha') + set -e + + if [ -z "${commit_id}" ]; then fatal "Installing PR builds requires GITHUB_TOKEN with k3s-io/k3s repo permissions" fi - commit_id=$( echo "$pr_raw" | jq -r '.head.sha') # GET request to the GitHub API to retrieve the Build workflow associated with the commit - wf_raw=$(curl -s -H "Authorization: Bearer $GITHUB_TOKEN" "$github_api_url/commits/$commit_id/check-runs") - build_workflow=$(printf "%s" "$wf_raw" | jq -r '.check_runs[] | select(.name == "build / Build")') + wf_raw=$(curl -s -H "Authorization: Bearer ${GITHUB_TOKEN}" "${github_api_url}/commits/${commit_id}/check-runs") + build_workflow=$(printf "%s" "${wf_raw}" | jq -r '.check_runs[] | select(.name == "build / Build")') # Extract the Run ID from the build workflow and lookup artifacts associated with the run - run_id=$(echo "$build_workflow" | jq -r ' .details_url' | awk -F'/' '{print $(NF-2)}' | sort -rn | head -1) + run_id=$(echo "${build_workflow}" | jq -r ' .details_url' | awk -F'/' '{print $(NF-2)}' | sort -rn | head -1) # Extract the artifact ID for the "k3s" artifact - artifacts=$(curl -s -H "Authorization: Bearer $GITHUB_TOKEN" "$github_api_url/actions/runs/$run_id/artifacts") - artifacts_url=$(echo "$artifacts" | jq -r '.artifacts[] | select(.name == "k3s") | .archive_download_url') - GITHUB_PR_URL=$artifacts_url + artifacts=$(curl -s -H "Authorization: Bearer ${GITHUB_TOKEN}" "${github_api_url}/actions/runs/${run_id}/artifacts") + artifacts_url=$(echo "${artifacts}" | jq -r '.artifacts[] | select(.name == "k3s") | .archive_download_url') + GITHUB_PR_URL="${artifacts_url}" } # --- download binary from github url --- @@ -511,7 +518,7 @@ download_binary() { # Since Binary and Hash are zipped together, check if TMP_ZIP already exists if ! [ -f ${TMP_ZIP} ]; then info "Downloading K3s artifact ${GITHUB_PR_URL}" - curl -o ${TMP_ZIP} -H "Authorization: Bearer $GITHUB_TOKEN" -L ${GITHUB_PR_URL} + curl -s -f -o ${TMP_ZIP} -H "Authorization: Bearer $GITHUB_TOKEN" -L ${GITHUB_PR_URL} fi # extract k3s binary from zip unzip -p ${TMP_ZIP} k3s > ${TMP_BIN} diff --git a/install.sh.sha256sum b/install.sh.sha256sum index 2a09542d1fd6..d4905e4e86d4 100644 --- a/install.sh.sha256sum +++ b/install.sh.sha256sum @@ -1 +1 @@ -2e2469498e1d6a5dcd97d0eeae342298500b27fe0768527ea8039a3295cdbce9 install.sh +a5a95f60c57049a1d4eb11953e60d80f5f7e2fae4c7865959da669b48a44e668 install.sh