re-add script for bottles (#14)

2021-09-10 15:15:24 -04:00 · 2021-09-10 15:15:24 -04:00 · 795f7f4f35
parent e474468da3
commit 795f7f4f35
2 changed files with 74 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
 .update.timestamp
 nimcache
 vendor/.nimble
+/bottles/
--- a/scripts/fetch-brew-bottle.sh
+++ b/scripts/fetch-brew-bottle.sh
@ -0,0 +1,73 @@
+#!/usr/bin/env bash
+set -eof pipefail
+
+# This script is used to fetch HomeBrew bottles for PCRE and OpenSSL.
+
+function get_gh_pkgs_token() {
+    curl --fail -Ls -u "${GITHUB_USER}:${GITHUB_TOKEN}" https://ghcr.io/token | jq -r '.token'
+}
+
+function get_bottle_json() {
+    brew info --json=v1 "${1}" | jq '.[0].bottle.stable.files.mojave'
+}
+
+function fetch_bottle() {
+    if [[ -n "${BEARER_TOKEN}" ]]; then
+        AUTH=("-H" "Authorization: Bearer ${BEARER_TOKEN}")
+    else
+        AUTH=("-u" "_:_") # WARNING: Unauthorized requests can be throttled.
+    fi
+    curl --fail -Ls "${AUTH[@]}" -o "${1}" "${2}"
+}
+
+if [[ $(uname) != "Darwin" ]]; then
+    echo "This script is intended for use on macOS!" >&2
+    exit 1
+fi
+
+if [[ $# -ne 1 ]]; then
+    echo "usage: $0 <bottle_name>" >&2
+    exit 1
+fi
+BOTTLE_NAME="${1}"
+BOTTLE_PATH="/tmp/${BOTTLE_NAME}.tar.gz"
+
+# GitHub Packages requires authentication.
+GITHUB_USER="${GITHUB_USER:-_}"
+GITHUB_TOKEN="${GITHUB_TOKEN:-_}"
+if [[ "${GITHUB_USER}" == "_" ]] || [[ "${GITHUB_TOKEN}" == "_" ]]; then
+    echo "No GITHUB_USER or GITHUB_TOKEN variable set!" >&2
+    echo "GitHub Packages can throttle unauthorized requests." >&2
+else
+    echo "${BOTTLE_NAME} - Fetching GH Pkgs Token"
+    BEARER_TOKEN=$(get_gh_pkgs_token)
+fi
+
+# We want the most recent available version of the package.
+if [[ $(stat -f %u /usr/local/var/homebrew) -ne "${UID}" ]]; then
+    echo "Missing permissions to update Homebrew formulae!" >&2
+else
+    echo "${BOTTLE_NAME} - Updating HomeBrew repository"
+    brew update >/dev/null
+fi
+
+echo "${BOTTLE_NAME} - Finding bottle URL"
+BOTTLE_JSON=$(get_bottle_json "${BOTTLE_NAME}")
+BOTTLE_URL=$(echo "${BOTTLE_JSON}" | jq -r .url)
+BOTTLE_SHA=$(echo "${BOTTLE_JSON}" | jq -r .sha256)
+
+echo "${BOTTLE_NAME} - Fetching bottle for macOS"
+fetch_bottle "${BOTTLE_PATH}" "${BOTTLE_URL}"
+trap "rm -fr ${BOTTLE_PATH}" EXIT ERR INT QUIT
+
+echo "${BOTTLE_NAME} - Checking SHA256 checksum"
+BOTTLE_LOCAL_SHA=$(shasum -a 256 "${BOTTLE_PATH}" | awk '{print $1}')
+
+if [[ "${BOTTLE_LOCAL_SHA}" != "${BOTTLE_SHA}" ]]; then
+    echo "The SHA256 of downloaded bottle did not match!" >&2
+    exit 1;
+fi
+
+echo "${BOTTLE_NAME} - Unpacking bottle tarball"
+mkdir -p "bottles/${BOTTLE_NAME}"
+tar xzf "${BOTTLE_PATH}" --strip-components 2 -C "bottles/${BOTTLE_NAME}"