Skip to content

IAreKyleW00t/crane-installer

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Repository files navigation

πŸ“¦ crane-installer

CI Tests Check dist/ CodeQL
GitHub Marketplace GitHub tag (latest SemVer) License Dependabot

This Action downloads crane and adds it to your PATH, with optional signature verification if you use the SLSA Verifier.

For a quick start guide on the usage of crane, refer to its documentation.

For available crane releases, refer to its releases.

This action supports Linux, macOS and Windows runners (results may vary with self-hosted runners).

Quick Start

- name: Install crane
  uses: iarekylew00t/crane-installer@v3

Usage

Note

slsa-verifier must be in your PATH for signature verification or it will be skipped - See Automatic verification with SLSA Verifier. If crane is loaded from cache it will not be re-verified.

Inputs

Name Type Description Default
crane-release String crane release version to be installed latest
verify Boolean Perform signature verification on crane true
cache Boolean Whether to utilize cache with crane true
token String GitHub token for REST API access ${{ github.token }}

Outputs

Name Type Description
version String The version of crane the was installed
cache-hit Boolean If crane was installed via cache

Examples

Pinned version

- name: Install crane
  uses: iarekylew00t/crane-installer@v3
  with:
    crane-release: v0.20.2

Authenticate using Action

- name: Install crane
  uses: iarekylew00t/crane-installer@v3

- name: Login to DockerHub
  uses: docker/login-action@v3
  with:
    username: ${{ secrets.DOCKERHUB_USERNAME }}
    password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Login to GHCR
  uses: docker/login-action@v3
  with:
    registry: ghcr.io
    username: ${{ github.actor }}
    password: ${{ github.token }}

Authenticate using crane

- name: Install crane
  uses: iarekylew00t/crane-installer@v3

- name: Login to DockerHub
  run: |
    echo "${{ secrets.DOCKERHUB_TOKEN }}" | \
    crane auth login docker.io \
      --user "${{ vars.DOCKERHUB_USERNAME }}" \
      --pass-stdin

- name: Login to GHCR
  run: |
    echo "${{ github.token }}" | \
    crane auth login ghcr.io \
      --user "${{ github.actor }}" \
      --pass-stdin

Automatic verification with SLSA Verifier

- name: Install SLSA verifier
  uses: slsa-framework/slsa-verifier/actions/installer@v2.6.0

- name: Install crane
  uses: iarekylew00t/crane-installer@v3

Development

Caution

Since this is a TypeScript action you must transpile it into native JavaScript. This is done for you automatically as part of the npm run all command and will be validated via the check-dist.yml Workflow in any PR.

  1. βš™οΈ Install the version of Node.js as defined in the .node-version.
    You can use asdf to help manage your project runtimes.

    asdf plugin add nodejs https://github.com/asdf-vm/asdf-nodejs.git
    asdf install
  2. πŸ› οΈ Install dependencies

    npm install
  3. πŸ—οΈ Format, lint, test, and package your code changes.

    npm run all

Releases

For maintainers, the following release process should be used when cutting new versions.

  1. ⏬ Ensure all changes are in the main branch and all necessary Workflows are passing.

    git checkout main
    git pull
  2. βœ… Ensure the package.json and package-lock.json files are updated to with the new version being cut.

    npm update
  3. πŸ”– Create a new Tag, push it up, then create a new Release for the version.

    git tag v1.2.3
    git push -u origin v1.2.3

    Alternatively you can create the Tag on the GitHub Release page itself.

    When the tag is pushed it will kick off the Shared Tags Workflows to update the v$MAJOR and v$MAJOR.MINOR tags.

Contributing

Feel free to contribute and make things better by opening an Issue or Pull Request.
Thank you for your contribution! ❀️

License

See LICENSE.