Conversation
This commits allows deployers to override the golang url. It's useful if they have a repository with software, and want to target it immediately. Signed-off-by: Jean-Philippe Evrard <[email protected]>
This will allow the upgrading of versions automatically, without the need of changes in the role. Recently, golang made public the storage bucket where the tar.gz and .sha256 files for releases are published. This commit makes use of this in an automated fashion Signed-off-by: Jean-Philippe Evrard <[email protected]>
| --- | ||
| - name: Discover the latest version | ||
| shell: | ||
| curl https://api.github.com/repos/golang/go/git/refs/tags/ | egrep 'ref.*refs/tags/go([0-9.]+)",' | egrep -o "[0-9.]+" | sort | tail -n 1 |
There was a problem hiding this comment.
I just did something similar using curl and jq.
Example: curl -L https://api.github.com/repos/golang/go/tags | jq '[ .[].name ] | sort | reverse | .[0]' --raw-output
You could refactor that and use the Ansible module get_url and Jinja filters like from_json and so on therefor avoiding the use of the shell 😉
There was a problem hiding this comment.
that would be more elegant indeed.
jq is absent on my machine, and I didn't want to introduce a dependency. It's not really more readable either.
There was a problem hiding this comment.
The jq usage was just an example 😉 The same can be done with Jinja filters in Ansible.
| when: | ||
| - not go_tarball is defined | ||
| - not go_tarball_checksum is defined | ||
| - not go_download_location is defined |
There was a problem hiding this comment.
This is bad style according to PEP8 and bad English. Consider changing to is not or is undefined.
| - name: Setting facts based on previous autodiscovered facts | ||
| set_fact: | ||
| go_tarball_checksum: "sha256:{{ lookup('url',go_download_buckets_url+go_tarball+'.sha256') }}" | ||
| go_download_location: "{{ go_download_buckets_url }}{{ go_tarball }}" |
There was a problem hiding this comment.
Checksum and tarball are downloaded from the same origin which basically now only ensures that CRC checksums in TCP did not fail. Consider using OpenGPG to check authenticity of the downloaded tarball.
There was a problem hiding this comment.
yes, I'm ensuring everything went fine through the wire.
I don't see the difference between manually checking the SHA on the website and doing the checksum on your machine to see if it was properly downloaded.
Could you be more clear about this?
There was a problem hiding this comment.
Refer to the debops.hashicorp for how this should be done (using OpenPGP).
|
is this PR open for take-over? |
|
Yup anyone can take over this. |
|
@evrardjp and so i went and looked around. not too easy to find [1]. https://dl.google.com/go/go1.10.linux-amd64.tar.gz.asc will start tomorrow. [1] golang/go#14739 |
This will allow the upgrading of versions automatically, without the
need of changes in the role. Recently, golang made public the
storage bucket where the tar.gz and .sha256 files for releases are
published. This commit makes use of this in an automated fashion