feat: support downloading from customized url

.github/workflows/test.yml

@@ -28,7 +28,7 @@ defaults:
     shell: bash
 
 jobs:
-  test:
+  test-basic-setup:
     name: Test Setup ORAS CLI
     runs-on: ${{ matrix.os }}
     strategy:
@@ -56,3 +56,81 @@ jobs:
         echo ---
         read -ra ORAS_VERSION_INSTALLED <<<$(oras version)
         [ "${ORAS_VERSION_INSTALLED[1]}" == "$ORAS_VERSION_EXPECTED" ]
+
+  create-test-variables:
+    runs-on: ubuntu-latest
+    outputs:
+      url: ${{ steps.get-checksum-url.outputs.URL }}
+      checksum: ${{ steps.get-checksum-url.outputs.CHECKSUM }}
+    steps:
+      - id: checkout
+        uses: actions/checkout@v3
+      - id: get-checksum-url
+        run: |
+          RELEASE=$(jq -r 'keys_unsorted[0] as $k | .[$k].linux.amd64' src/lib/data/releases.json)
+          echo "CHECKSUM=$(echo $RELEASE | jq -r '.checksum')" >> "$GITHUB_OUTPUT"
+          echo "URL=$(echo $RELEASE | jq -r '.url')" >> "$GITHUB_OUTPUT"
+
+  test-custom-url:
+    name: Test Setup using URL
+    runs-on: ubuntu-latest
+    needs: create-test-variables
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Setup ORAS using URL
+      uses: ./
+      with:
+        url: ${{ needs.create-test-variables.outputs.url }}
+        checksum: ${{ needs.create-test-variables.outputs.checksum }}
+
+    - name: Setup ORAS using URL without checksum
+      id: no-checksum
+      continue-on-error: true
+      uses: ./
+      with:
+        url: ${{ needs.create-test-variables.outputs.url }}
+    - name: 'Should Fail: Setup ORAS using URL without checksum'
+      if: steps.no-checksum.outcome != 'failure'
+      run: |
+        echo "Setup ORAS using URL without checksum should fail, but succeeded."
+        exit 1
+
+    - name: Setup ORAS using checksum without url
+      id: no-url
+      continue-on-error: true
+      uses: ./
+      with:
+        checksum: ${{ needs.create-test-variables.outputs.checksum }}
+    - name: 'Should Fail: Setup ORAS using checksum without url'
+      if: steps.no-url.outcome != 'failure'
+      run: |
+        echo "Setup ORAS using checksum without url should fail, but succeeded."
+        exit 1
+
+    - name: Setup ORAS using URL and invalid checksum
+      id: invalid-checksum
+      continue-on-error: true
+      uses: ./
+      with:
+        url: ${{ needs.create-test-variables.outputs.url }}
+        checksum: abcedf
+    - name: 'Should Fail: Setup ORAS using URL and invalid checksum'
+      if: steps.invalid-checksum.outcome != 'failure'
+      run: |
+        echo "Setup ORAS using URL and invalid checksum should fail, but succeeded."
+        exit 1
+
+    - name: Setup ORAS using invalid URL
+      id: invalid-url
+      continue-on-error: true
+      uses: ./
+      with:
+        url: invalid-url
+        checksum: test
+    - name: 'Should Fail: Setup ORAS using invalid URL'
+      if: steps.invalid-url.outcome != 'failure'
+      run: |
+        echo "Setup ORAS using invalid URL should fail, but succeeded."
+        exit 1

action.yml

@@ -18,9 +18,15 @@ branding:
   color: blue
 inputs:
   version:
-    description: Version of ORAS CLI to install
+    description: Version of the official ORAS CLI to install
     required: false
     default: 1.1.0
+  url:
+    description: URL of the customized ORAS CLI to install
+    required: false
+  checksum:
+    description: SHA256 of the customized ORAS CLI. Required if 'url' is present.
+    required: false
 runs:
   using: node20
   main: dist/index.js

dist/index.js

@@ -6691,7 +6691,22 @@ exports.getBinaryExtension = exports.mapArch = exports.mapPlatform = exports.get
 const os = __importStar(__nccwpck_require__(2037));
 const releases_json_1 = __importDefault(__nccwpck_require__(2387));
 // Get release info of a certain verion of ORAS CLI
-function getReleaseInfo(version) {
+function getReleaseInfo(version, url, checksum) {
+    if (url && checksum) {
+        // if customized ORAS CLI link and checksum are provided, version is ignored
+        return {
+            checksum: checksum,
+            url: url
+        };
+    }
+    // sanity checks
+    if (url && !checksum) {
+        throw new Error("user provided url of customized ORAS CLI release but without SHA256 checksum");
+    }
+    if (!url && checksum) {
+        throw new Error("user provided SHA256 checksum but without url");
+    }
+    // get the official release
     const releases = releases_json_1.default;
     if (!(version in releases)) {
         console.log(`official ORAS CLI releases does not contain version ${version}`);
@@ -6808,19 +6823,21 @@ function setup() {
         try {
             // inputs from user
             const version = core.getInput('version');
+            const url = core.getInput('url');
+            const checksum = core.getInput('checksum').toLowerCase();
             // download ORAS CLI and validate checksum
-            const info = (0, release_1.getReleaseInfo)(version);
-            const url = info.url;
-            console.log(`downloading ORAS CLI from ${url}`);
-            const pathToTarball = yield tc.downloadTool(url);
+            const info = (0, release_1.getReleaseInfo)(version, url, checksum);
+            const download_url = info.url;
+            console.log(`downloading ORAS CLI from ${download_url}`);
+            const pathToTarball = yield tc.downloadTool(download_url);
             console.log("downloading ORAS CLI completed");
-            const checksum = yield (0, checksum_1.hash)(pathToTarball);
-            if (checksum !== info.checksum) {
-                throw new Error(`checksum of downloaded ORAS CLI ${checksum} does not match expected checksum ${info.checksum}`);
+            const actual_checksum = yield (0, checksum_1.hash)(pathToTarball);
+            if (actual_checksum !== info.checksum) {
+                throw new Error(`checksum of downloaded ORAS CLI ${actual_checksum} does not match expected checksum ${info.checksum}`);
             }
             console.log("successfully verified downloaded release checksum");
             // extract the tarball/zipball onto host runner
-            const extract = url.endsWith('.zip') ? tc.extractZip : tc.extractTar;
+            const extract = download_url.endsWith('.zip') ? tc.extractZip : tc.extractTar;
             const pathToCLI = yield extract(pathToTarball);
             // add `ORAS` to PATH
             core.addPath(pathToCLI);

src/lib/release.ts

@@ -27,7 +27,24 @@ interface releases {
 }
 
 // Get release info of a certain verion of ORAS CLI
-export function getReleaseInfo(version: string) {
+export function getReleaseInfo(version: string, url: string, checksum: string) {
+    if (url && checksum) {
+        // if customized ORAS CLI link and checksum are provided, version is ignored
+        return {
+            checksum: checksum, 
+            url: url
+        } 
+    }
+
+    // sanity checks
+    if (url && !checksum) {
+        throw new Error("user provided url of customized ORAS CLI release but without SHA256 checksum");
+    }
+    if (!url && checksum) {
+        throw new Error("user provided SHA256 checksum but without url");
+    }
+
+    // get the official release
     const releases = releaseJson as releases;
     if (!(version in releases)) {
         console.log(`official ORAS CLI releases does not contain version ${version}`)

src/setup.ts

@@ -21,21 +21,23 @@ async function setup(): Promise<void> {
   try {
     // inputs from user
     const version: string = core.getInput('version');
+    const url: string = core.getInput('url');
+    const checksum = core.getInput('checksum').toLowerCase();
 
     // download ORAS CLI and validate checksum
-    const info = getReleaseInfo(version);
-    const url = info.url;
-    console.log(`downloading ORAS CLI from ${url}`);
-    const pathToTarball: string = await tc.downloadTool(url);
+    const info = getReleaseInfo(version, url, checksum);
+    const download_url = info.url;
+    console.log(`downloading ORAS CLI from ${download_url}`);
+    const pathToTarball: string = await tc.downloadTool(download_url);
     console.log("downloading ORAS CLI completed");
-    const checksum = await hash(pathToTarball);
-    if (checksum !== info.checksum) {
-      throw new Error(`checksum of downloaded ORAS CLI ${checksum} does not match expected checksum ${info.checksum}`);
+    const actual_checksum = await hash(pathToTarball);
+    if (actual_checksum !== info.checksum) {
+      throw new Error(`checksum of downloaded ORAS CLI ${actual_checksum} does not match expected checksum ${info.checksum}`);
     }
     console.log("successfully verified downloaded release checksum");
 
     // extract the tarball/zipball onto host runner
-    const extract = url.endsWith('.zip') ? tc.extractZip : tc.extractTar;
+    const extract = download_url.endsWith('.zip') ? tc.extractZip : tc.extractTar;
     const pathToCLI: string = await extract(pathToTarball);
 
     // add `ORAS` to PATH