setup-agent-chroot: add guards and clean up
This commit is contained in:
@@ -1,7 +1,5 @@
|
||||
#!/bin/bash
|
||||
# === machine setup ===
|
||||
sudo apt update
|
||||
sudo apt install -y debootstrap unzip golang git
|
||||
set -e
|
||||
|
||||
# === Config ===
|
||||
CHROOT_ROOT=/srv/mrva/agent-root
|
||||
@@ -9,59 +7,70 @@ CHROOT_ROOT=/srv/mrva/agent-root
|
||||
# GO_SRC_DIR=/home/hohn/work-gh/mrva/mrvaagent
|
||||
# mac host
|
||||
GO_SRC_DIR=/Users/hohn/work-gh/mrva/mrvaagent
|
||||
CODEQL_VERSION=latest
|
||||
|
||||
# === Bootstrap base system ===
|
||||
echo "[1/6] Bootstrapping Ubuntu into $CHROOT_ROOT"
|
||||
sudo debootstrap --variant=minbase bookworm "$CHROOT_ROOT" http://deb.debian.org/debian
|
||||
GO_VERSION=1.22.0
|
||||
CODEQL_TAG=v2.21.3
|
||||
|
||||
# === Install base packages ===
|
||||
echo "[2/6] Installing base packages"
|
||||
sudo mount -t proc none "$CHROOT_ROOT/proc"
|
||||
sudo chroot "$CHROOT_ROOT" bash -c "
|
||||
apt-get update &&
|
||||
apt-get install -y --no-install-recommends \
|
||||
ca-certificates \
|
||||
curl \
|
||||
unzip \
|
||||
default-jdk
|
||||
"
|
||||
# === Step 1: Bootstrap base system ===
|
||||
if [ ! -f "$CHROOT_ROOT/.bootstrapped" ]; then
|
||||
echo "[1/6] Bootstrapping Debian into $CHROOT_ROOT"
|
||||
sudo debootstrap --variant=minbase bookworm "$CHROOT_ROOT" http://deb.debian.org/debian
|
||||
sudo touch "$CHROOT_ROOT/.bootstrapped"
|
||||
fi
|
||||
|
||||
# === Install CodeQL CLI ===
|
||||
cd /Users/hohn/work-gh/mrva/mrva-docker/lima
|
||||
echo "[3/6] Installing CodeQL CLI"
|
||||
TAG=v2.21.3
|
||||
# # update codeql version via
|
||||
# TAG=$(curl -s https://api.github.com/repos/github/codeql-cli-binaries/releases/latest | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/')
|
||||
echo " -> Using CodeQL version: $TAG"
|
||||
mkdir -p "$CHROOT_ROOT/opt"
|
||||
curl -L "https://github.com/github/codeql-cli-binaries/releases/download/$TAG/codeql-linux64.zip" -o /tmp/codeql.zip
|
||||
sudo unzip -q /tmp/codeql.zip -d "$CHROOT_ROOT/opt"
|
||||
# optional:
|
||||
# rm /tmp/codeql.zip
|
||||
# === Step 2: Install base packages ===
|
||||
if [ ! -f "$CHROOT_ROOT/.packages_installed" ]; then
|
||||
echo "[2/6] Installing base packages"
|
||||
sudo mount -t proc none "$CHROOT_ROOT/proc"
|
||||
sudo chroot "$CHROOT_ROOT" bash -c "
|
||||
apt-get update &&
|
||||
apt-get install -y --no-install-recommends \
|
||||
ca-certificates \
|
||||
curl \
|
||||
unzip \
|
||||
default-jdk
|
||||
"
|
||||
sudo umount "$CHROOT_ROOT/proc"
|
||||
sudo touch "$CHROOT_ROOT/.packages_installed"
|
||||
fi
|
||||
|
||||
# === Set CodeQL env vars ===
|
||||
echo "[4/6] Adding CodeQL environment to chroot"
|
||||
sudo tee "$CHROOT_ROOT/etc/profile.d/codeql.sh" > /dev/null <<EOF
|
||||
# === Step 3: Install CodeQL CLI ===
|
||||
if [ ! -f "$CHROOT_ROOT/opt/codeql/codeql" ]; then
|
||||
echo "[3/6] Installing CodeQL CLI"
|
||||
echo " -> Using CodeQL version: $CODEQL_TAG"
|
||||
mkdir -p "$CHROOT_ROOT/opt"
|
||||
curl -L "https://github.com/github/codeql-cli-binaries/releases/download/$CODEQL_TAG/codeql-linux64.zip" -o /tmp/codeql.zip
|
||||
sudo unzip -q /tmp/codeql.zip -d "$CHROOT_ROOT/opt"
|
||||
# optional: rm /tmp/codeql.zip
|
||||
fi
|
||||
|
||||
# === Step 4: Set CodeQL env vars ===
|
||||
if [ ! -f "$CHROOT_ROOT/etc/profile.d/codeql.sh" ]; then
|
||||
echo "[4/6] Adding CodeQL environment to chroot"
|
||||
sudo tee "$CHROOT_ROOT/etc/profile.d/codeql.sh" > /dev/null <<EOF
|
||||
export CODEQL_CLI_PATH=/opt/codeql/codeql
|
||||
export CODEQL_JAVA_HOME=/usr
|
||||
EOF
|
||||
fi
|
||||
|
||||
# === machine setup: go ===
|
||||
cd /usr/local
|
||||
sudo curl -LO https://go.dev/dl/go1.22.0.linux-arm64.tar.gz
|
||||
sudo rm -rf /usr/local/go
|
||||
sudo tar -xzf go1.22.0.linux-arm64.tar.gz
|
||||
sudo ln -s /usr/local/go/bin/go /usr/local/bin/go
|
||||
sudo apt remove -y golang
|
||||
# === Step 5: Install Go toolchain ===
|
||||
if ! /usr/local/go/bin/go version | grep -q "$GO_VERSION"; then
|
||||
echo "[5/6] Installing Go $GO_VERSION"
|
||||
cd /usr/local
|
||||
sudo curl -LO "https://go.dev/dl/go${GO_VERSION}.linux-arm64.tar.gz"
|
||||
sudo rm -rf /usr/local/go
|
||||
sudo tar -xzf "go${GO_VERSION}.linux-arm64.tar.gz"
|
||||
sudo ln -sf /usr/local/go/bin/go /usr/local/bin/go
|
||||
sudo apt remove -y golang || true
|
||||
fi
|
||||
|
||||
# === Build Go binary ===
|
||||
# ensure correct version is first:
|
||||
# === Step 6: Build Go binary ===
|
||||
echo "[6/6] Building mrvaagent Go binary"
|
||||
export PATH=/usr/local/go/bin:$PATH
|
||||
echo "[5/6] Building mrvaagent Go binary"
|
||||
cd "$GO_SRC_DIR"
|
||||
export GO111MODULE=on CGO_ENABLED=0
|
||||
export GO111MODULE=on
|
||||
export CGO_ENABLED=0
|
||||
go build -o mrvaagent-binary
|
||||
echo " -> Installing binary to chroot"
|
||||
sudo cp mrvaagent-binary "$CHROOT_ROOT/usr/local/bin/mrvaagent"
|
||||
ls -la $CHROOT_ROOT/usr/local/bin/mrvaagent
|
||||
ls -la "$CHROOT_ROOT/usr/local/bin/mrvaagent"
|
||||
|
||||
Reference in New Issue
Block a user