/install-github-release-binary

GitHub Action to install a binary from a GitHub release

Primary LanguageTypeScriptISC LicenseISC

install-github-release-binary

Build Status

install-github-release-binary is an opinionated GitHub Action for adding a binary from a GitHub Release to your CI $PATH.

The primary goals are, in order of priority:

  1. control over software supply chain security (SSCS)
  2. execute quickly
  3. avoid rate limits

Supported releases

This action only supports installing from releases where the release:

  • is tagged with the full {major}.{minor}.{patch} semantic version
  • contains raw binary assets (archives not supported)
  • assets are labeled with the binary name and target triple in the format <binary name>-<target triple>

You can create compatible releases with semantic-release, using a workflow like semantic-release-action/rust.

Use

Use this action in a step:

- name: Install flux-capacitor
  uses: EricCrosson/install-github-release-binary@v2
  with:
    targets: EricCrosson/flux-capacitor@v1

Note

I recommend adding an explicit step name, otherwise the step will only reference EricCrosson/install-github-release-binary@v2, not your targets.

Install multiple binaries:

- name: Install future tools
  uses: EricCrosson/install-github-release-binary@v2
  with:
    targets: |
      EricCrosson/flux-capacitor@v1
      EricCrosson/steam-locomotive@v7.5.3
      EricCrosson/hoverboard@11.7.3:sha256-8a4600be96d2ec013209042458ce97a9652fcc46c1c855d0217aa42e330fc06e

Install a binary from a release with multiple binaries available:

- name: Install flux-capacitor
  uses: EricCrosson/install-github-release-binary@v2
  with:
    targets: |
      EricCrosson/future-tools/flux-capacitor@v1

Inputs

Input Parameter Required Description
targets true Whitespace separated list of target GitHub Releases in format {owner}/{repository}@{version}. Details
token false GitHub token for REST requests. Defaults to ${{ github.token }}. Details

targets

Specify a whitespace-separated list of targets.

Each target is specified by repo slug and a semantic version number using the format {owner}/{repository}@v{semantic-version}. Optionally, include:

  • the particular binary to install (required when a release contains multiple binaries)
  • a sha256 checksum

Examples:

  • EricCrosson/flux-capacitor@v1
  • EricCrosson/flux-capacitor@v1.2
  • EricCrosson/flux-capacitor@v1.2.3
  • EricCrosson/flux-capacitor@v1.2.3:sha256-ad91159c656d427ad8fe5ded2946f29f3a612c6b7a4af6129e9aa85256b7299e
  • EricCrosson/future-tools/flux-capacitor@v1

token

A GitHub token with repo scope. Defaults to the ${{ github.token }} created automatically by GitHub Actions.

To install a binary from a private GitHub repository, use a Personal Access Token.

Versioning

This action assumes it is running on a GitHub-hosted runner, so bumping any dependency to a version preinstalled on GitHub-hosted runners is not considered a breaking change.