github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-15 22:53:43 +00:00
Code Issues Projects Releases Wiki Activity
runtime-rs-debug-cidev
kata-containers/tests/install_regorus.sh
Paul Meyer 43739cefdf ci/static-checks: use oras cache for regorus 
Instead of building it every time, we can store the regorus
binary in OCI registry using oras and download it from there.
This reduces the install time from ~1m40s to ~15s.

Signed-off-by: Paul Meyer <katexochen0@gmail.com>
2025-06-24 13:14:18 +02:00

121 lines
3.6 KiB
Bash
Executable File
Raw Permalink Blame History

#!/usr/bin/env bash
#
# Copyright (c) Edgeless Systems GmbH
#
# SPDX-License-Identifier: Apache-2.0
[[ -n "${DEBUG}" ]] && set -o xtrace
test_dir=$(realpath "$(dirname "${BASH_SOURCE[0]}")")
source "${test_dir}/common.bash"
install_regorus_oras()
{
local version
version=$1
if ! command -v oras &>/dev/null; then
warn "oras is not installed. Please install oras to install regorus."
return 1
fi
local image
image="${ARTEFACT_REGISTRY:-ghcr.io}/${ARTEFACT_REPOSITORY:-kata-containers/kata-containers}/cached-artefacts/regorus:${version}"
if ! oras pull "${image}" --no-tty; then
warn "Failed to pull regorus from oras cache"
return 1
fi
info "Successfully pulled regorus from oras cache"
if ! mv regorus "${HOME}/.cargo/bin/regorus"; then
warn "Failed to move regorus binary"
return 1
fi
if ! chmod +x "${HOME}/.cargo/bin/regorus"; then
warn "Failed to make regorus binary executable"
return 1
fi
}
install_regorus_cargo()
{
local version
version=$1
if ! cargo install regorus --version "${version}" --example regorus --locked; then
warn "Failed to cargo install regorus"
return 1
fi
info "Successfully installed regorus using cargo"
# Cache the installed binary using oras, so we don't have to build it again.
if [[ -z "${ARTEFACT_REGISTRY_PASSWORD}" ]]; then
warn "ARTEFACT_REGISTRY_PASSWORD is not set. Skipping caching of regorus binary."
return 0
fi
if [[ -z "${ARTEFACT_REGISTRY_USERNAME}" ]]; then
warn "ARTEFACT_REGISTRY_USERNAME is not set. Skipping caching of regorus binary."
return 0
fi
if ! echo "${ARTEFACT_REGISTRY_PASSWORD}" | oras login "${ARTEFACT_REGISTRY:-ghcr.io}" -u "${ARTEFACT_REGISTRY_USERNAME}" --password-stdin; then
warn "Failed to login to oras registry"
return 1
fi
local image
image="${ARTEFACT_REGISTRY:-ghcr.io}/${ARTEFACT_REPOSITORY:-kata-containers/kata-containers}/cached-artefacts/regorus:${version}"
if ! (cd "${HOME}/.cargo/bin/" && oras push "${image}" --no-tty regorus); then
warn "Failed to push regorus binary to oras cache"
return 1
fi
info "Successfully pushed regorus binary to oras cache as ${image}"
}
install_regorus()
{
command -v cargo &>/dev/null \
|| die "cargo is not installed. Please install rust toolchain to install regorus."
command -v git &>/dev/null \
|| die "git is not installed. Please install git."
# Get the regorus version from Cargo.toml of the agent policy crate instad of versions.yaml
# so we test the version we are actually using.
local cargo_toml="${test_dir}/../src/agent/policy/Cargo.toml"
[[ -f "${cargo_toml}" ]] \
|| die "Cargo.toml not found at ${cargo_toml}"
local version
version=$(
cargo tree -i regorus --edges normal --prefix none --manifest-path "${cargo_toml}" |
head -n1 |
cut -d' ' -f2 |
sed 's/v//'
) || die "Failed to get regorus version from cargo.toml"
if regorus --version 2>/dev/null | grep -q "${version}"; then
info "regorus version ${version} is already installed"
return 0
fi
info "Installing regorus version ${version}"
if install_regorus_oras "${version}"; then
:
elif install_regorus_cargo "${version}"; then
:
else
die "Failed to install regorus"
fi
if ! echo "${PATH}" | grep -q "${HOME}/.cargo/bin"; then
export PATH="${PATH}:${HOME}/.cargo/bin"
fi
info "Successfully installed regorus version ${version}"
}
install_regorus
Reference in New Issue View Git Blame Copy Permalink