fix(homebrew-package): fix tests and unarchive

Author: koralowiec

archive/test/homebrew-package/test_git_based_version.sh

@@ -0,0 +1,38 @@
+{
+    "name": "Homebrew Package",
+    "id": "homebrew-package",
+    "version": "1.0.7",
+    "description": "Installs a Homebrew package.",
+    "documentationURL": "http://github.com/devcontainers-extra/features/tree/main/src/homebrew-package",
+    "installsAfter": [
+        "ghcr.io/meaningful-ooo/devcontainer-features/homebrew:2"
+    ],
+    "options": {
+        "package": {
+            "type": "string",
+            "proposals": [
+                "typescript",
+                "vtop",
+                "fkill-cli"
+            ],
+            "default": "",
+            "description": "Select the Homebrew package to install."
+        },
+        "version": {
+            "type": "string",
+            "proposals": [
+                "latest"
+            ],
+            "default": "latest",
+            "description": "Select the version of the Homebrew package to install."
+        },
+        "installation_flags": {
+            "type": "string",
+            "proposals": [
+                "--ignore-dependencies"
+            ],
+            "default": "",
+            "description": "Additional installation flags. These would be used as extra arguments to the brew command (`brew install <installation_flags> <package>@<version>`)"
+        }
+    }
+}

archive/src/homebrew-package/README.md src/homebrew-package/README.mdarchive/src/homebrew-package/README.md renamed to src/homebrew-package/README.md

@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+set -ex
+
+source ./library_scripts.sh
+
+PACKAGE=${PACKAGE:-""}
+VERSION=${VERSION:-"latest"}
+INSTALLATION_FLAGS=${INSTALLATION_FLAGS:-""}
+
+if [ -z "$PACKAGE" ]; then
+	echo -e "'package' variable is empty, skipping"
+	exit 0
+fi
+
+if [ "$(id -u)" -ne 0 ]; then
+	echo -e 'Script must be run as
+    root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
+	exit 1
+fi
+
+check_packages() {
+	if ! dpkg -s "$@" >/dev/null 2>&1; then
+		if [ "$(find /var/lib/apt/lists/* | wc -l)" = "0" ]; then
+			echo "Running apt-get update..."
+			apt-get update -y
+		fi
+		apt-get -y install --no-install-recommends "$@"
+	fi
+}
+
+ensure_curl() {
+	if ! type curl >/dev/null 2>&1; then
+		apt-get update -y && apt-get -y install --no-install-recommends curl ca-certificates
+	fi
+}
+
+install_via_homebrew() {
+	package=$1
+	version=$2
+	installation_flags=$3
+
+	# install Homebrew if does not exists
+	if ! type brew >/dev/null 2>&1; then
+		echo "Installing Homebrew..."
+
+		# nanolayer is a cli utility which keeps container layers as small as possible
+		# source code: https://github.com/devcontainers-extra/nanolayer
+		# `ensure_nanolayer` is a bash function that will find any existing nanolayer installations,
+		# and if missing - will download a temporary copy that automatically get deleted at the end
+		# of the script
+		ensure_nanolayer nanolayer_location "v0.4.29"
+
+		$nanolayer_location \
+			install \
+			devcontainer-feature \
+			"ghcr.io/meaningful-ooo/devcontainer-features/homebrew:2.0.4" \
+			--option shallow_clone='true' --option update="true"
+		source /etc/profile.d/nanolayer-homebrew.sh
+	fi
+
+	if [ "$version" = "latest" ]; then
+		package_full="$package"
+	else
+		package_full="${package}@${version}"
+	fi
+	# Solves CVE-2022-24767 mitigation in Git >2.35.2
+	# For more information: https://github.blog/2022-04-12-git-security-vulnerability-announced/
+	git config --system --add safe.directory "$(brew --prefix)/Homebrew/Library/Taps/homebrew/homebrew-core"
+
+	su - "$_REMOTE_USER" <<EOF
+		set -e
+
+		brew_safe_install() {
+			local installation_flags=$1
+			local package_full=$2
+
+			# The reason for "--overwrite" flag is to not fail when a similarly
+			# named binary is already linked
+			brew install $installation_flags --overwrite "$package_full" --only-dependencies
+
+			# The reason we first installing dependencies and only then the main
+			# package is that some packages are big enough to reach the linux
+			# open file limit. While normally this limit can be changed, the current
+			# devcontainer feature building phase run unprivileged and therfore
+			# cannot change the hard nofile limit from host machine during feature
+			# build time.
+			brew install $installation_flags --overwrite "$package_full"
+		}
+
+
+		if brew desc --eval-all --formulae "$package_full"; then
+			# If a version is exists then install it the regular way
+
+			brew_safe_install $installation_flags  "$package_full"
+		else
+			# unshallow and extract as last resort
+			echo "Unshallowing homebrew-core. This could take a while."
+			git -C "$(brew --prefix)/Homebrew/Library/Taps/homebrew/homebrew-core" fetch --unshallow
+			brew extract --force --version="$version" "$package" homebrew/cask
+
+			brew_safe_install $installation_flags  "$package_full"
+
+			# attempt to remove tap in order to save disk space
+			set +e
+			brew untap homebrew/cask --force
+			set -e
+		fi
+
+		brew link --overwrite --force "$package_full"
+EOF
+}
+
+install_via_homebrew "$PACKAGE" "$VERSION" "$INSTALLATION_FLAGS"

src/homebrew-package/devcontainer-feature.json

@@ -0,0 +1,179 @@
+#!/bin/bash -i
+
+
+clean_download() {
+    # The purpose of this function is to download a file with minimal impact on container layer size
+    # this means if no valid downloader is found (curl or wget) then we install a downloader (currently wget) in a
+    # temporary manner, and making sure to
+    # 1. uninstall the downloader at the return of the function
+    # 2. revert back any changes to the package installer database/cache (for example apt-get lists)
+    # The above steps will minimize the leftovers being created while installing the downloader
+    # Supported distros:
+    #  debian/ubuntu/alpine
+
+    url=$1
+    output_location=$2
+    tempdir=$(mktemp -d)
+    downloader_installed=""
+
+    function _apt_get_install() {
+        tempdir=$1
+
+        # copy current state of apt list - in order to revert back later (minimize contianer layer size)
+        cp -p -R /var/lib/apt/lists $tempdir
+        apt-get update -y
+        apt-get -y install --no-install-recommends wget ca-certificates
+    }
+
+    function _apt_get_cleanup() {
+        tempdir=$1
+
+        echo "removing wget"
+        apt-get -y purge wget --auto-remove
+
+        echo "revert back apt lists"
+        rm -rf /var/lib/apt/lists/*
+        rm -r /var/lib/apt/lists && mv $tempdir/lists /var/lib/apt/lists
+    }
+
+    function _apk_install() {
+        tempdir=$1
+        # copy current state of apk cache - in order to revert back later (minimize contianer layer size)
+        cp -p -R /var/cache/apk $tempdir
+
+        apk add --no-cache  wget
+    }
+
+    function _apk_cleanup() {
+        tempdir=$1
+
+        echo "removing wget"
+        apk del wget
+    }
+    # try to use either wget or curl if one of them already installer
+    if type curl >/dev/null 2>&1; then
+        downloader=curl
+    elif type wget >/dev/null 2>&1; then
+        downloader=wget
+    else
+        downloader=""
+    fi
+
+    # in case none of them is installed, install wget temporarly
+    if [ -z $downloader ] ; then
+        if [ -x "/usr/bin/apt-get" ] ; then
+            _apt_get_install $tempdir
+        elif [ -x "/sbin/apk" ] ; then
+            _apk_install $tempdir
+        else
+            echo "distro not supported"
+            exit 1
+        fi
+        downloader="wget"
+        downloader_installed="true"
+    fi
+
+    if [ $downloader = "wget" ] ; then
+        wget -q $url -O $output_location
+    else
+        curl -sfL $url -o $output_location
+    fi
+
+    # NOTE: the cleanup procedure was not implemented using `trap X RETURN` only because
+    # alpine lack bash, and RETURN is not a valid signal under sh shell
+    if ! [ -z $downloader_installed  ] ; then
+        if [ -x "/usr/bin/apt-get" ] ; then
+            _apt_get_cleanup $tempdir
+        elif [ -x "/sbin/apk" ] ; then
+            _apk_cleanup $tempdir
+        else
+            echo "distro not supported"
+            exit 1
+        fi
+    fi
+
+}
+
+
+ensure_nanolayer() {
+    # Ensure existance of the nanolayer cli program
+    local variable_name=$1
+
+    local required_version=$2
+    # normalize version
+    if ! [[ $required_version == v* ]]; then
+        required_version=v$required_version
+    fi
+
+    local nanolayer_location=""
+
+    # If possible - try to use an already installed nanolayer
+    if [[ -z "${NANOLAYER_FORCE_CLI_INSTALLATION}" ]]; then
+        if [[ -z "${NANOLAYER_CLI_LOCATION}" ]]; then
+            if type nanolayer >/dev/null 2>&1; then
+                echo "Found a pre-existing nanolayer in PATH"
+                nanolayer_location=nanolayer
+            fi
+        elif [ -f "${NANOLAYER_CLI_LOCATION}" ] && [ -x "${NANOLAYER_CLI_LOCATION}" ] ; then
+            nanolayer_location=${NANOLAYER_CLI_LOCATION}
+            echo "Found a pre-existing nanolayer which were given in env variable: $nanolayer_location"
+        fi
+
+        # make sure its of the required version
+        if ! [[ -z "${nanolayer_location}" ]]; then
+            local current_version
+            current_version=$($nanolayer_location --version)
+            if ! [[ $current_version == v* ]]; then
+                current_version=v$current_version
+            fi
+
+            if ! [ $current_version == $required_version ]; then
+                echo "skipping usage of pre-existing nanolayer. (required version $required_version does not match existing version $current_version)"
+                nanolayer_location=""
+            fi
+        fi
+
+    fi
+
+    # If not previuse installation found, download it temporarly and delete at the end of the script
+    if [[ -z "${nanolayer_location}" ]]; then
+
+        if [ "$(uname -sm)" == "Linux x86_64" ] || [ "$(uname -sm)" == "Linux aarch64" ]; then
+            tmp_dir=$(mktemp -d -t nanolayer-XXXXXXXXXX)
+
+            clean_up () {
+                ARG=$?
+                rm -rf $tmp_dir
+                exit $ARG
+            }
+            trap clean_up EXIT
+
+
+            if [ -x "/sbin/apk" ] ; then
+                clib_type=musl
+            else
+                clib_type=gnu
+            fi
+
+            tar_filename=nanolayer-"$(uname -m)"-unknown-linux-$clib_type.tgz
+
+            # clean download will minimize leftover in case a downloaderlike wget or curl need to be installed
+            clean_download https://github.com/devcontainers-extra/nanolayer/releases/download/$required_version/$tar_filename $tmp_dir/$tar_filename
+
+            tar xfzv $tmp_dir/$tar_filename -C "$tmp_dir"
+            chmod a+x $tmp_dir/nanolayer
+            nanolayer_location=$tmp_dir/nanolayer
+
+
+        else
+            echo "No binaries compiled for non-x86-linux architectures yet: $(uname -m)"
+            exit 1
+        fi
+    fi
+
+    # Expose outside the resolved location
+    declare -g ${variable_name}=$nanolayer_location
+
+}
+
+

src/homebrew-package/install.sh

@@ -21,20 +21,11 @@
         "image": "mcr.microsoft.com/devcontainers/base:debian",
         "features": {
             "homebrew-package": {
-                "version": "14",
+                "version": "22",
                 "package": "node"
             }
         }
     },
-    "test_git_based_version": {
-        "image": "mcr.microsoft.com/devcontainers/base:debian",
-        "features": {
-            "homebrew-package": {
-                "version": "7.80.0",
-                "package": "curl"
-            }
-        }
-    },
     "test_universal": {
         "image": "mcr.microsoft.com/devcontainers/universal:2",
         "features": {

src/homebrew-package/library_scripts.sh

@@ -6,6 +6,6 @@ source dev-container-features-test-lib
 
 check "type node" type node
 
-check "node version is 14"  node --version | grep "v14.*"
+check "node version is 22" sh -c "node --version | grep 'v22.*'"
 
 reportResults