From 909ec6b79b71f3fbe2f472ef44f7e94b2bd7c081 Mon Sep 17 00:00:00 2001 From: shenlan Date: Thu, 2 Oct 2025 20:57:19 +0800 Subject: [PATCH] Refactor terraform installer workflow scripts --- .../offline-package-terraform-installer.yaml | 95 ++----------------- script/build-offline-terraform-package.sh | 49 ++++++++++ script/prune-remote-versions.sh | 18 ++++ script/resolve-terraform-version.sh | 12 +++ script/rsync-release-assets.sh | 10 ++ script/verify-terraform-bundle.sh | 19 ++++ 6 files changed, 115 insertions(+), 88 deletions(-) create mode 100755 script/build-offline-terraform-package.sh create mode 100755 script/prune-remote-versions.sh create mode 100755 script/resolve-terraform-version.sh create mode 100755 script/rsync-release-assets.sh create mode 100755 script/verify-terraform-bundle.sh diff --git a/.github/workflows/offline-package-terraform-installer.yaml b/.github/workflows/offline-package-terraform-installer.yaml index 65943ed..927e011 100644 --- a/.github/workflows/offline-package-terraform-installer.yaml +++ b/.github/workflows/offline-package-terraform-installer.yaml @@ -43,62 +43,13 @@ jobs: id: resolve env: OVERRIDE_VERSION: ${{ github.event.inputs.terraform_version }} - run: | - set -euo pipefail - if [ -n "${OVERRIDE_VERSION}" ]; then - VERSION="${OVERRIDE_VERSION}" - else - VERSION=$(curl -fsSL https://checkpoint-api.hashicorp.com/v1/check/terraform | jq -r '.current_version') - fi - echo "Resolved Terraform version: ${VERSION}" - echo "version=${VERSION}" >> "$GITHUB_OUTPUT" + run: script/resolve-terraform-version.sh - name: Build offline Terraform package env: TERRAFORM_VERSION: ${{ steps.resolve.outputs.version }} - run: | - set -euo pipefail - ARCH="${{ matrix.arch }}" - WORKDIR="terraform-offline-package" - rm -rf "${WORKDIR}" - mkdir -p "${WORKDIR}/"{bin,scripts,docs} - - BASE_URL="https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}" - ARCHIVE="terraform_${TERRAFORM_VERSION}_linux_${ARCH}.zip" - echo "Downloading ${BASE_URL}/${ARCHIVE}" - curl -fSL "${BASE_URL}/${ARCHIVE}" -o "${ARCHIVE}" - - unzip -d "${WORKDIR}/bin" "${ARCHIVE}" - rm -f "${ARCHIVE}" - - echo "${TERRAFORM_VERSION}" > "${WORKDIR}/VERSION" - - cat <<'SCRIPT' > "${WORKDIR}/scripts/install-terraform.sh" -#!/usr/bin/env bash -set -euo pipefail - -ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" -BIN="${ROOT_DIR}/bin/terraform" -INSTALL_DIR="${INSTALL_DIR:-/usr/local/bin}" - -usage() { - cat <> ~/.ssh/known_hosts - name: Rsync release assets to remote - run: | - set -euo pipefail - REMOTE_DIR="${REMOTE_ROOT}/${TAG_NAME}" - ssh -i ~/.ssh/id_rsa "${RSYNC_SSH_USER}@${VPS_HOST}" "mkdir -p '${REMOTE_DIR}'" - echo "Rsync -> ${VPS_HOST}:${REMOTE_DIR}/" - rsync -av -e "ssh -i ~/.ssh/id_rsa" \ - release-artifacts/amd64/terraform-offline-package-amd64.tar.gz \ - release-artifacts/arm64/terraform-offline-package-arm64.tar.gz \ - "${RSYNC_SSH_USER}@${VPS_HOST}:${REMOTE_DIR}/" + run: script/rsync-release-assets.sh retention: name: Remote retention (keep latest 3) @@ -229,20 +164,4 @@ SCRIPT ssh-keyscan -H "$VPS_HOST" >> ~/.ssh/known_hosts - name: Prune old versions on remote (keep 3) - run: | - set -euo pipefail - ssh -i ~/.ssh/id_rsa "${RSYNC_SSH_USER}@${VPS_HOST}" bash -lc ' - set -euo pipefail - cd "'"${REMOTE_ROOT}"'" || exit 0 - keep=3 - mapfile -t all < <(ls -1 | grep -E "^(offline-terraform-|v[0-9]+\.)" | sort -V -r || true) - if [ "${#all[@]}" -le "$keep" ]; then - echo "Nothing to prune. Count=${#all[@]}" - exit 0 - fi - to_delete=("${all[@]:keep}") - echo "Pruning old versions: ${to_delete[*]}" - for d in "${to_delete[@]}"; do - rm -rf -- "$d" - done - ' + run: script/prune-remote-versions.sh diff --git a/script/build-offline-terraform-package.sh b/script/build-offline-terraform-package.sh new file mode 100755 index 0000000..922b2b2 --- /dev/null +++ b/script/build-offline-terraform-package.sh @@ -0,0 +1,49 @@ +#!/usr/bin/env bash +set -euo pipefail + +ARCH="${ARCH:-}" +if [[ -z "${ARCH}" ]]; then + echo "ARCH environment variable is required" >&2 + exit 1 +fi + +WORKDIR="terraform-offline-package" +rm -rf "${WORKDIR}" +mkdir -p "${WORKDIR}/"{bin,scripts,docs} + +BASE_URL="https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}" +ARCHIVE="terraform_${TERRAFORM_VERSION}_linux_${ARCH}.zip" +echo "Downloading ${BASE_URL}/${ARCHIVE}" +curl -fSL "${BASE_URL}/${ARCHIVE}" -o "${ARCHIVE}" + +unzip -d "${WORKDIR}/bin" "${ARCHIVE}" +rm -f "${ARCHIVE}" + +echo "${TERRAFORM_VERSION}" > "${WORKDIR}/VERSION" + +cat <<'SCRIPT' > "${WORKDIR}/scripts/install-terraform.sh" +#!/usr/bin/env bash +set -euo pipefail + +ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" +BIN="${ROOT_DIR}/bin/terraform" +INSTALL_DIR="${INSTALL_DIR:-/usr/local/bin}" + +usage() { + cat <> "${GITHUB_OUTPUT}" diff --git a/script/rsync-release-assets.sh b/script/rsync-release-assets.sh new file mode 100755 index 0000000..cee499e --- /dev/null +++ b/script/rsync-release-assets.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +set -euo pipefail + +REMOTE_DIR="${REMOTE_ROOT}/${TAG_NAME}" +ssh -i ~/.ssh/id_rsa "${RSYNC_SSH_USER}@${VPS_HOST}" "mkdir -p '${REMOTE_DIR}'" +echo "Rsync -> ${VPS_HOST}:${REMOTE_DIR}/" +rsync -av -e "ssh -i ~/.ssh/id_rsa" \ + release-artifacts/amd64/terraform-offline-package-amd64.tar.gz \ + release-artifacts/arm64/terraform-offline-package-arm64.tar.gz \ + "${RSYNC_SSH_USER}@${VPS_HOST}:${REMOTE_DIR}/" diff --git a/script/verify-terraform-bundle.sh b/script/verify-terraform-bundle.sh new file mode 100755 index 0000000..4da1b4c --- /dev/null +++ b/script/verify-terraform-bundle.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash +set -euo pipefail + +ARCH="${ARCH:-}" +if [[ -z "${ARCH}" ]]; then + echo "ARCH environment variable is required" >&2 + exit 1 +fi + +cd test-dir/terraform-offline-package + +test -f VERSION + +if [[ "${ARCH}" == "amd64" ]]; then + ./bin/terraform version + ./bin/terraform version | grep "Terraform v${TERRAFORM_VERSION}" +else + file ./bin/terraform | grep -E "ARM|aarch64" +fi