Refactor action to use main Brioche installer script (#15)

* Refactor action to use brioche-installer script

* Bump example version number for `version` input

Author: kylewlacy

README.md

@@ -1,6 +1,6 @@
 # setup-brioche
 
-![GitHub release (latest by date)](https://img.shields.io/github/v/release/brioche-dev/setup-brioche) ![GitHub](https://img.shields.io/github/license/brioche-dev/setup-brioche)
+[![Latest release](https://img.shields.io/github/v/release/brioche-dev/setup-brioche)](https://github.com/brioche-dev/setup-brioche/releases/latest)
 
 Official GitHub Action to install [Brioche](https://brioche.dev/), a delicious package manager.
 
@@ -23,17 +23,17 @@ jobs:
       - name: Setup Brioche
         uses: brioche-dev/setup-brioche@v1
         with:
-          version: "v0.1.5"  # Optional, specify a version or a release channel
-          install-dir: '/custom/install/path'  # Optional, specify a custom installation path
+          version: "stable" # Optional, specify a version or a release channel
 
       - name: Verify Brioche installation
         run: brioche --version  # Check that Brioche is available
 ```
 
 ## Inputs
 
-- `version`: (Optional) The version of Brioche to install. It can be either a specific version (`v0.1.5`) or a release channel (`stable`, `nightly`). Defaults to `stable`.
-- `install-dir`: (Optional) The directory where Brioche should be installed. Defaults to `$HOME/.local/bin`.
+- `version`: (Optional) The version of Brioche to install. It can be either a specific version (`v0.1.6`) or a release channel (`stable`, `nightly`). Defaults to `stable`.
+- `install-bin-dir`: (Optional) A directory where a symlink to the current Brioche version will be added. Defaults to '$HOME/.local/bin'.
+- `install-root`: (Optional) The directory where the installer will unpack Brioche versions. Defaults to '$HOME/.local/share/brioche-install'.
 - `install-apparmor`: (Optional) Enable or disable installation of an AppArmor profile for Brioche. Defaults to `auto`, which will automatically install it if required (e.g. on Ubuntu 24.04).
 
 ## How It Works
@@ -66,7 +66,8 @@ jobs:
         uses: brioche-dev/setup-brioche@v1
         # with:
         #   version: "stable" # Optional
-        #   install-dir: "$HOME/custom/install/path" # Optional
+        #   install-bin-dir: "$HOME/.local/bin" # Optional
+        #   install-root: "$HOME/.local/share/brioche-install" # Optional
 
       - name: Build package
         run: brioche build -o output
@@ -77,15 +78,6 @@ jobs:
           hello-world
 ```
 
-## Logs and Debugging
-
-This Action uses GitHub's [logging groups](https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#grouping-log-lines) to make output more readable. You will see collapsible log groups for stages like downloading, validating, and installing Brioche, making it easier to debug if needed.
-
-## Troubleshooting
-
-- Ensure the version specified in the `version` input is valid and available.
-- If Brioche isn't recognized in your shell, make sure the install path is correctly set in your environment.
-
 ## License
 
 This project is licensed under the [MIT License](https://github.com/brioche-dev/setup-brioche/blob/main/LICENSE).

action.yml

@@ -6,17 +6,22 @@ branding:
   icon: "box"
 inputs:
   version:
-    description: "Version of Brioche to install. It can be either a specific version ('v0.1.5') or a release channel ('stable', 'nightly'). Defaults to 'stable'"
+    description: "Version of Brioche to install. It can be either a specific version ('v0.1.6') or a release channel ('stable', 'nightly'). Defaults to 'stable'"
     required: false
     default: "stable"
+  install-root:
+    description: "Directory where the installer will unpack Brioche versions. Defaults to '$HOME/.local/share/brioche-install'"
+    required: false
   install-dir:
-    description: "Directory where Brioche should be installed"
+    description: "Directory where a symlink to the current Brioche version will be added. Defaults to '$HOME/.local/bin'"
+    required: false
+    deprecationMessage: "Renamed to `install-bin-dir`"
+  install-bin-dir:
+    description: "Directory where a symlink to the current Brioche version will be added. Defaults to '$HOME/.local/bin'"
     required: false
-    default: "$HOME/.local/bin"
   install-apparmor:
     description: "Install AppArmor profile for Brioche. Defaults to 'auto'"
     required: false
-    default: "auto"
 runs:
   using: "composite"
   steps:
@@ -25,6 +30,8 @@ runs:
       run: |
         "$GITHUB_ACTION_PATH"/install-brioche.sh
       env:
+        install_bin_dir: ${{ inputs.install-bin-dir }}
         install_dir: ${{ inputs.install-dir }}
+        install_root: ${{ inputs.install-root }}
         version: ${{ inputs.version }}
         install_apparmor: ${{ inputs.install-apparmor }}

install-brioche.sh

@@ -1,48 +1,23 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-LATEST_BRIOCHE_VERSION="v0.1.5"
-SEMVER_REGEX='^v(?:0|[1-9]\d*)\.(?:0|[1-9]\d*)(?:\.(?:0|[1-9]\d*))?(?:-(?:(?:[0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+(?:[0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$'
-
-# Based on the official install script here:
-# https://github.com/brioche-dev/brioche.dev/blob/main/public/install.sh
-
-validate_inputs() {
-    # Validate environment variables
-    if [ -z "${GITHUB_PATH:-}" -o -z "${GITHUB_ACTION_PATH:-}" ]; then
-        echo '::error::$GITHUB_PATH or $GITHUB_ACTION_PATH not set! This script should be run in GitHub Actions'
-        exit 1
-    fi
-    if [ -z "${HOME:-}" ]; then
-        echo '::error::$HOME must be set'
-        exit 1
-    fi
-    if [ -z "${install_dir:-}" -o -z "${version:-}" -o -z "${install_apparmor:-}" ]; then
-        echo '::error::$install_dir, $version, and $install_apparmor must be set'
-        exit 1
-    fi
-
-    # Validate version constraints:
-    # - Only semver versions are allowed for version
-    # - Only values `stable`, `nightly` are allowed for release channel
-    case "$version" in
-        v*)
-            if [[ ! $version =~ $SEMVER_REGEX ]]; then
-                echo "::error::version must be a valid semver"
-                exit 1
-            fi
-            ;;
-        stable|nightly)
-            ;;
-        *)
-            echo "::error::version must be either 'stable', 'nightly' or a semver"
-            exit 1
-            ;;
-    esac
-}
+# Validate environment variables
+if [ -z "${GITHUB_PATH:-}" ] || [ -z "${GITHUB_ACTION_PATH:-}" ]; then
+    echo '::error::$GITHUB_PATH or $GITHUB_ACTION_PATH not set! This script should be run in GitHub Actions'
+    exit 1
+fi
+if [ -z "${HOME:-}" ]; then
+    echo '::error::$HOME must be set'
+    exit 1
+fi
+
+# Set BRIOCHE_INSTALL_BIN_DIR using 'install-bin-dir' (expanding $HOME)
+if [ -n "${install_bin_dir:-}" ]; then
+    export BRIOCHE_INSTALL_BIN_DIR="${install_bin_dir/'$HOME'/$HOME}"
+elif [ -n "${install_dir:-}" ]; then
+    # If the deprecated 'install-dir' is set, use it to set the install bin dir.
+    # For backwards compatibility, we also expand env vars using `envsubst`.
 
-install_brioche() {
-    # If `install_dir` contains a `$` character, then try to expand env vars
     case "$install_dir" in
         *'$'* )
             # Ensure the `envsubst` command exists
@@ -71,126 +46,49 @@ install_brioche() {
             ;;
     esac
 
-    # Get the OS and architecture-specific config, such as download URL and AppArmor config
-    case "$OSTYPE" in
-        linux*)
-            # aarch64 is not currently supported on stable
-            case "$(uname -m) $version" in
-                "x86_64 v"*)
-                    brioche_url="https://releases.brioche.dev/$version/x86_64-linux/brioche"
-                    ;;
-                "x86_64 stable")
-                    brioche_url="https://releases.brioche.dev/$LATEST_BRIOCHE_VERSION/x86_64-linux/brioche"
-                    ;;
-                "x86_64 nightly")
-                    brioche_url="https://development-content.brioche.dev/github.com/brioche-dev/brioche/branches/main/brioche-x86_64-linux.tar.xz"
-                    ;;
-                "aarch64 nightly")
-                    brioche_url="https://development-content.brioche.dev/github.com/brioche-dev/brioche/branches/main/brioche-aarch64-linux.tar.xz"
-                    ;;
-                *)
-                    echo "::error::Sorry, Brioche isn't currently supported on your architecture"
-                    echo "  Detected architecture: $(uname -m)"
-                    exit 1
-                    ;;
-            esac
-
-            case "$install_apparmor" in
-                auto)
-                    # Detect if we should install an AppArmor profile. AppArmor 4.0
-                    # introduced new features to restrict unprivileged user
-                    # namespaces, which Ubuntu 23.10 enforces by default. The
-                    # Brioche AppArmor policy is meant to lift this restriction
-                    # for sandboxed builds, which we only need to do on AppArmor 4+.
-                    # So, we only install the policy if AppArmor is enabled and
-                    # we find the config file for AppArmor abi 4.0.
-                    if type aa-enabled >/dev/null && aa-enabled -q && [ -e /etc/apparmor.d/abi/4.0 ]; then
-                        should_install_apparmor=1
-                    else
-                        should_install_apparmor=
-                    fi
-                    ;;
-                true)
-                    should_install_apparmor=1
-                    ;;
-                false)
-                    should_install_apparmor=
-                    ;;
-                *)
-                    echo "::error::Invalid value for \$install_apparmor: $install_apparmor"
-                    exit 1
-                    ;;
-            esac
-            ;;
-        *)
-            echo "::error::Sorry, Brioche isn't currently supported on your operating system"
-            echo "  Detected OS: $OSTYPE"
-            exit 1
-            ;;
-    esac
-
-    # Create a temporary directory
-    echo "::group::Setting up temporary directory"
-    brioche_temp="$(mktemp -d -t brioche-XXXX)"
-    trap 'rm -rf -- "$brioche_temp"' EXIT
-    echo "Temporary directory created at $brioche_temp"
-    echo "::endgroup::"
-
-    echo "::group::Downloading Brioche"
-    echo "Downloading from $brioche_url"
-    curl --proto '=https' --tlsv1.2 -fL "$brioche_url" -o "$brioche_temp/brioche"
-    echo "Download complete"
-    echo "::endgroup::"
-
-    echo "::group::Installing Brioche"
-
-    if [ "$version" = "nightly" ]; then\
-        unpack_dir="$HOME/.local/libexec/brioche"
-
-        rm -rf "$unpack_dir/nightly"
-        mkdir -p "$unpack_dir/nightly"
-        tar -xJf "$brioche_temp/brioche" --strip-components=1 -C "$unpack_dir/nightly"
-
-        ln -sf nightly "$unpack_dir/current"
+    export BRIOCHE_INSTALL_BIN_DIR="${install_bin_dir/'$HOME'/$HOME}"
+fi
 
-        symlink_target="$unpack_dir/current/bin/brioche"
-        mkdir -p "$install_dir"
-        ln -sfr "$symlink_target" "$install_dir/brioche"
+# Set BRIOCHE_INSTALL_ROOT using 'install-root' (expanding $HOME)
+if [ -n "${install_root:-}" ]; then
+    # Replace '$HOME' with $HOME
+    export BRIOCHE_INSTALL_ROOT="${install_root/'$HOME'/$HOME}"
+fi
 
-        echo "Installation complete! Brioche installed to $install_dir/brioche (symlink to $unpack_dir/current/bin/brioche)"
-    else
-        mkdir -p "$install_dir"
-        chmod +x "$brioche_temp/brioche"
-        mv "$brioche_temp/brioche" "$install_dir/brioche"
+# Set other installer options
+export BRIOCHE_INSTALL_VERSION="${version:-}"
+export BRIOCHE_INSTALL_APPARMOR_CONFIG="${install_apparmor:-auto}"
+export BRIOCHE_INSTALL_CONTEXT='github-actions'
 
-        echo "Installation complete! Brioche installed to $install_dir/brioche"
-    fi
+echo "::group::Fetching latest Brioche installer version..."
 
-    echo "::endgroup::"
+# Get the current version number of the installer
+installer_version=$(curl --proto '=https' --tlsv1.2 -fL 'https://installer.brioche.dev/channels/stable/latest-version.txt')
+echo
+echo "Latest brioche-installer version is: $installer_version"
 
-    echo '::group::Updating $PATH'
+echo "::endgroup::"
 
-    # Add Brioche's install directory, plus the installation directory for
-    # installed packages
-    new_paths=("$install_dir" "$HOME/.local/share/brioche/installed/bin")
-    for new_path in "${new_paths[@]}"; do
-        echo "$new_path" >> "$GITHUB_PATH"
-        echo "Added to \$PATH: $new_path"
-    done
+echo "::group::Downloading Brioche installer $installer_version..."
 
-    echo '::endgroup'
+# Create a temporary directory
+brioche_temp="$(mktemp -d -t brioche-installer-XXXX)"
+trap 'rm -rf -- "$brioche_temp"' EXIT
+echo "Temporary directory created at $brioche_temp"
 
-    if [ -n "$should_install_apparmor" ]; then
-        echo "::group::Installing AppArmor config"
+# Download the install script and signature
+curl -o "$brioche_temp/install.sh" --proto '=https' --tlsv1.2 -fL "https://installer.brioche.dev/${installer_version}/install.sh"
+curl -o "$brioche_temp/install.sh.sig" --proto '=https' --tlsv1.2 -fL "https://installer.brioche.dev/${installer_version}/install.sh.sig"
 
-        BRIOCHE_INSTALL_PATH="$(realpath "$install_dir/brioche")"
-        export BRIOCHE_INSTALL_PATH
-        cat "$GITHUB_ACTION_PATH/apparmor.d/brioche-gh-actions.tpl" | envsubst | sudo tee /etc/apparmor.d/brioche-gh-actions
-        sudo apparmor_parser -r /etc/apparmor.d/brioche-gh-actions
+# Validate the signature
+ssh-keygen -Y verify \
+    -s "$brioche_temp/install.sh.sig" \
+    -n [email protected] \
+    -f <(echo '[email protected] ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPrPgnmFyVoPP+tLPmF9lkth3BwVQx9rqlyyxkUDWkqe') \
+    -I [email protected] \
+    < "$brioche_temp/install.sh"
 
-        echo "::endgroup"
-    fi
-}
+echo "::endgroup::"
 
-validate_inputs
-install_brioche
+# Run the installer
+sh "$brioche_temp/install.sh"