refactor: move to sh scripts (#17)

linux/ubuntu/scripts/act.sh

@@ -0,0 +1,110 @@
+#!/bin/bash
+
+# disable warning about 'mkdir -m -p'
+# shellcheck disable=SC2174
+
+set -Eeuxo pipefail
+
+printf "\n\t🐋 Build started 🐋\t\n"
+
+sed 's|"||g' -i "/etc/environment"
+
+echo "USER=$(whoami)" | tee -a "/etc/environment"
+echo "RUNNER_USER=$(whoami)" | tee -a "/etc/environment"
+
+ImageOS=ubuntu$(echo "${FROM_TAG}" | cut -d'.' -f 1)
+echo "IMAGE_OS=$ImageOS" | tee -a "/etc/environment"
+echo "ImageOS=$ImageOS" | tee -a "/etc/environment"
+echo "LSB_RELEASE=${FROM_TAG}" | tee -a "/etc/environment"
+
+AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache
+echo "AGENT_TOOLSDIRECTORY=${AGENT_TOOLSDIRECTORY}" | tee -a "/etc/environment"
+echo "RUN_TOOL_CACHE=${AGENT_TOOLSDIRECTORY}" | tee -a "/etc/environment"
+echo "DEPLOYMENT_BASEPATH=/opt/runner" | tee -a "/etc/environment"
+echo ". /etc/environment" | tee -a /etc/profile
+
+mkdir -m 0777 -p "${AGENT_TOOLSDIRECTORY}"
+chown -R 1001:1000 "${AGENT_TOOLSDIRECTORY}"
+
+mkdir -m 0777 -p /github
+chown -R 1001:1000 /github
+
+printf "\n\t🐋 Installing packages 🐋\t\n"
+packages=(
+  ssh
+  lsb-release
+  gawk
+  curl
+  git
+  wget
+  sudo
+  gnupg-agent
+  ca-certificates
+  software-properties-common
+  apt-transport-https
+  libyaml-0-2
+  zstd
+  zip
+  unzip
+  xz-utils
+)
+
+apt-get -yq update
+apt-get -yq install --no-install-recommends "${packages[@]}"
+
+ln -s "$(which python3)" "/usr/local/bin/python"
+
+LSB_OS_VERSION=$(lsb_release -rs | sed 's|\.||g')
+echo "LSB_OS_VERSION=${LSB_OS_VERSION}" | tee -a "/etc/environment"
+
+wget -qO "/imagegeneration/toolset.json" "https://raw.githubusercontent.com/actions/virtual-environments/main/images/linux/toolsets/toolset-${LSB_OS_VERSION}.json"
+
+wget -qO "/usr/bin/jq" "https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64"
+chmod +x "/usr/bin/jq"
+
+if [[ "${FROM_TAG}" == "16.04" ]]; then
+  printf 'git-lfs not available for Xenial'
+else
+  apt-get -yq install --no-install-recommends git-lfs
+fi
+
+printf "\n\t🐋 Updated apt lists and upgraded packages 🐋\t\n"
+
+printf "\n\t🐋 Creating ~/.ssh and adding 'github.com' 🐋\t\n"
+mkdir -m 0700 -p ~/.ssh
+ssh-keyscan -t rsa github.com >>/etc/ssh/ssh_known_hosts
+ssh-keyscan -t rsa ssh.dev.azure.com >>/etc/ssh/ssh_known_hosts
+
+printf "\n\t🐋 Installed base utils 🐋\t\n"
+
+printf "\n\t🐋 Installing docker cli 🐋\t\n"
+curl -sSL https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
+apt-add-repository "https://packages.microsoft.com/ubuntu/${FROM_TAG}/prod"
+apt-get -yq update
+apt-get -yq install --no-install-recommends moby-cli moby-buildx
+
+printf "\n\t🐋 Installed moby-cli 🐋\t\n"
+docker -v
+
+printf "\n\t🐋 Installed moby-buildx 🐋\t\n"
+docker buildx version
+
+printf "\n\t🐋 Installing Node.JS 🐋\t\n"
+VER=$(curl https://nodejs.org/download/release/index.json | jq "[.[] | select(.version|test(\"^v${NODE_VERSION}\"))][0].version" -r)
+NODEPATH="$AGENT_TOOLSDIRECTORY/node/${VER:1}/x64"
+mkdir -v -m 0777 -p "$NODEPATH"
+curl -SsL "https://nodejs.org/download/release/latest-v${NODE_VERSION}.x/node-$VER-linux-x64.tar.xz" | tar -Jxf - --strip-components=1 -C "$NODEPATH"
+sed "s|^PATH=|PATH=$NODEPATH/bin:|mg" -i /etc/environment
+export PATH="$NODEPATH/bin:$PATH"
+
+printf "\n\t🐋 Installed Node.JS 🐋\t\n"
+node -v
+
+printf "\n\t🐋 Installed NPM 🐋\t\n"
+npm -v
+
+printf "\n\t🐋 Cleaning image 🐋\t\n"
+apt-get clean
+rm -rf /var/cache/* /var/log/* /var/lib/apt/lists/* /tmp/* || echo 'Failed to delete directories'
+
+printf "\n\t🐋 Cleaned up image 🐋\t\n"

linux/ubuntu/scripts/go.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+
+# disable warning about 'mkdir -m -p'
+# shellcheck disable=SC2174
+
+# source environment because Linux is beautiful and not really confusing like Windows, also you are apparently not supposed to source that file because it's not conforming to standard shell format but we already fix that in base image
+# yes, this is sarcasm
+# shellcheck disable=SC1091
+. /etc/environment
+
+# no -x because big json
+set -Eeuo pipefail
+
+printf "\n\t🐋 Installing Go(lang) 🐋\t\n"
+
+JSON=$(wget -qO- "$(jq -r '.toolcache[] | select(.name == "go") | .url' "/imagegeneration/toolset.json")" | jq --compact-output)
+
+for V in $(jq -r '.toolcache[] | select(.name == "go") | .versions[]' "/imagegeneration/toolset.json"); do
+  printf "\n\t🐋 Installing GO=%s 🐋\t\n" "${V}"
+  VER=$(echo "${JSON}" | jq "[.[] | select(.version|test(\"^${V}\"))][0].version" -r)
+  GOPATH="$AGENT_TOOLSDIRECTORY/go/${VER}/x64"
+
+  mkdir -v -m 0777 -p "$GOPATH"
+  wget -qO- "https://golang.org/dl/go${VER}.linux-amd64.tar.gz" | tar -zxf - --strip-components=1 -C "$GOPATH"
+
+  ENVVAR="${V//\./_}"
+  echo "${ENVVAR}=${GOPATH}" >>/etc/environment
+
+  printf "\n\t🐋 Installed GO 🐋\t\n"
+  "$GOPATH/bin/go" version
+
+  if [[ "${V}" == "1.15" ]]; then
+    ln -s "$GOPATH/bin/*" /usr/bin/
+  fi
+done
+
+printf "\n\t🐋 Cleaning image 🐋\t\n"
+apt-get clean
+rm -rf /var/cache/* /var/log/* /var/lib/apt/lists/* /tmp/* || echo 'Failed to delete directories'
+printf "\n\t🐋 Cleaned up image 🐋\t\n"

linux/ubuntu/scripts/js.sh

@@ -0,0 +1,71 @@
+#!/bin/bash
+
+set -Eeuo pipefail
+
+# source environment because Linux is beautiful and not really confusing like Windows
+# also you are apparently not supposed to source that file because it's not conforming to standard shell envvar
+# format but we already fix that in base image
+# yes, this is sarcasm
+# shellcheck disable=SC1091
+. /etc/environment
+
+printf "\n\t🐋 Installed NPM 🐋\t\n"
+npm -v
+
+versions=("10" "12")
+JSON=$(wget -qO- https://nodejs.org/download/release/index.json | jq --compact-output)
+
+for V in "${versions[@]}"; do
+  printf "\n\t🐋 Installing NODE=%s 🐋\t\n" "${V}"
+  VER=$(echo "${JSON}" | jq "[.[] | select(.version|test(\"^v${V}\"))][0].version" -r)
+  NODEPATH="$AGENT_TOOLSDIRECTORY/node/${VER:1}/x64"
+
+  # disable warning about 'mkdir -m -p'
+  # shellcheck disable=SC2174
+  mkdir -v -m 0777 -p "$NODEPATH"
+  wget -qO- "https://nodejs.org/download/release/latest-v${V}.x/node-$VER-linux-x64.tar.xz" | tar -Jxf - --strip-components=1 -C "$NODEPATH"
+
+  ENVVAR="${V//\./_}"
+  echo "${ENVVAR}=${NODEPATH}" >>/etc/environment
+
+  printf "\n\t🐋 Installed NODE 🐋\t\n"
+  "$NODEPATH/bin/node" -v
+done
+
+printf "\n\t🐋 Installing JS tools 🐋\t\n"
+npm install -g npm
+npm install -g pnpm
+npm install -g yarn
+npm install -g grunt gulp n parcel-bundler typescript newman vercel webpack webpack-cli lerna
+npm install -g --unsafe-perm netlify-cli
+
+printf "\n\t🐋 Installed NPM 🐋\t\n"
+npm -v
+
+printf "\n\t🐋 Installed PNPM 🐋\t\n"
+pnpm -v
+
+printf "\n\t🐋 Installed YARN 🐋\t\n"
+yarn -v
+
+printf "\n\t🐋 Installing NVM tools 🐋\t\n"
+VERSION=$(curl -s https://api.github.com/repos/nvm-sh/nvm/releases/latest | jq -r '.tag_name')
+curl -o- "https://raw.githubusercontent.com/nvm-sh/nvm/$VERSION/install.sh" | bash
+export NVM_DIR=$HOME/.nvm
+echo "NVM_DIR=$HOME/.nvm" | tee -a /etc/environment
+
+# Expressions don't expand in single quotes, use double quotes for that.shellcheck(SC2016)
+# shellcheck disable=SC2016
+echo '[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm' | tee -a /etc/skel/.bash_profile
+
+# Not following: ./nvm.sh was not specified as input (see shellcheck -x).shellcheck(SC1091)
+# shellcheck disable=SC1091
+[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
+
+printf "\n\t🐋 Installed NVM 🐋\t\n"
+nvm --version
+
+printf "\n\t🐋 Cleaning image 🐋\t\n"
+apt-get clean
+rm -rf /var/cache/* /var/log/* /var/lib/apt/lists/* /tmp/* || echo 'Failed to delete directories'
+printf "\n\t🐋 Cleaned up image 🐋\t\n"

linux/ubuntu/scripts/pwsh.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+set -Eeuxo pipefail
+
+printf "\n\t🐋 Installing PowerShell 🐋\t\n"
+sudo apt-get -yq update
+sudo apt-get -yq install powershell
+
+printf "\n\t🐋 Installed PWSH 🐋\t\n"
+pwsh -v
+
+printf "\n\t🐋 Installing PowerShell modules 🐋\t\n"
+modules=("MarkdownPS" "Pester" "PSScriptAnalyzer")
+
+for mod in "${modules[@]}"; do
+    printf "\n\t🐋 Installing %s 🐋\t\n" "${mod}"
+    pwsh -nol -nop -c "Install-Module -Name ${mod} -Scope AllUsers -SkipPublisherCheck -Force"
+done
+
+printf "\n\t🐋 Cleaning image 🐋\t\n"
+apt-get clean
+rm -rf /var/cache/* /var/log/* /var/lib/apt/lists/* /tmp/* || echo 'Failed to delete directories'
+
+printf "\n\t🐋 Cleaned up image 🐋\t\n"

linux/ubuntu/scripts/runner.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+
+# disable warning about 'mkdir -m -p'
+# shellcheck disable=SC2174
+
+set -Eeuxo pipefail
+
+printf "\n\t🐋 Creating runner users 🐋\t\n"
+groupadd -g 1001 "${RUNNER}"
+groupadd -g 1000 "${RUNNER}admin"
+useradd -u 1001 -g "${RUNNER}" -G sudo -m -s /bin/bash "${RUNNER}"
+useradd -u 1000 -g "${RUNNER}admin" -G sudo -m -s /bin/bash "${RUNNER}admin"
+echo "${RUNNER} ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
+echo "${RUNNER}admin ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
+printf "\n\t🐋 Runner user 🐋\t\n"
+su - "${RUNNER}" -c id
+
+printf "\n\t🐋 Runner admin 🐋\t\n"
+su - "${RUNNER}admin" -c id
+
+printf "\n\t🐋 Created non-root user 🐋\t\n"
+grep "${RUNNER}" /etc/passwd
+
+printf "\n\t🐋 Created non-root admin 🐋\t\n"
+grep "${RUNNER}admin" /etc/passwd
+
+sed -i /etc/environment -e "s/USER=root/USER=${RUNNER}/g"
+
+echo "RUNNER_TEMP=/home/${RUNNER}/work/_temp" | tee -a /etc/environment
+mkdir -p "/home/${RUNNER}/work/_temp"
+chown -R "${RUNNER}":"${RUNNER}" "/home/${RUNNER}/work"
+
+mkdir -m 0700 -p "/home/${RUNNER}/.ssh"
+ssh-keyscan -t rsa github.com >>"/home/${RUNNER}/.ssh/known_hosts"
+ssh-keyscan -t rsa ssh.dev.azure.com >>"/home/${RUNNER}/.ssh/known_hosts"
+
+chmod 644 "/home/${RUNNER}/.ssh/known_hosts"
+chown -R "${RUNNER}":"${RUNNER}" "/home/${RUNNER}/.ssh"
+
+# shellcheck disable=SC1091
+. /etc/environment
+
+# Word is of the form "A"B"C" (B indicated). Did you mean "ABC" or "A\"B\"C"?shellcheck(SC2140)
+# shellcheck disable=SC2140
+chown -R "${RUNNER}":"${RUNNER}admin" "$AGENT_TOOLSDIRECTORY"
+
+printf "\n\t🐋 Finished building 🐋\t\n"

linux/ubuntu/scripts/rust.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+
+set -Eeuxo pipefail
+
+# source environment because Linux is beautiful and not really confusing like Windows, also you are apparently not supposed to source that file because it's not conforming to standard shell format but we already fix that in base image
+# yes, this is sarcasm
+# shellcheck disable=SC1091
+. /etc/environment
+
+export RUSTUP_HOME=/usr/share/rust/.rustup
+export CARGO_HOME=/usr/share/rust/.cargo
+
+printf "\n\t🐋 Installing dependencies 🐋\t\n"
+apt-get -yq update
+apt-get -yq install build-essential llvm
+
+printf "\n\t🐋 Installing Rust 🐋\t\n"
+curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain=stable --profile=minimal
+
+# shellcheck disable=SC1091
+source "${CARGO_HOME}/env"
+
+rustup component add rustfmt clippy
+cargo install --locked bindgen cbindgen cargo-audit cargo-outdated
+chmod -R 777 "$(dirname "${RUSTUP_HOME}")"
+
+# cleanup
+rm -rf "${CARGO_HOME}/registry/*"
+
+sed "s|PATH=|PATH=${CARGO_HOME}/bin:|g" -i /etc/environment
+
+cd /root
+ln -sf "${CARGO_HOME}" .cargo
+ln -sf "${RUSTUP_HOME}" .rustup
+echo "RUSTUP_HOME=${RUSTUP_HOME}" >>/etc/environment
+echo "CARGO_HOME=${CARGO_HOME}" >>/etc/environment
+
+printf "\n\t🐋 Installed RUSTUP 🐋\t\n"
+rustup -V
+
+printf "\n\t🐋 Installed CARGO 🐋\t\n"
+cargo -V
+
+printf "\n\t🐋 Installed RUSTC 🐋\t\n"
+rustc -V
+
+printf "\n\t🐋 Cleaning image 🐋\t\n"
+apt-get clean
+rm -rf /var/cache/* /var/log/* /var/lib/apt/lists/* /tmp/* || echo 'Failed to delete directories'
+
+printf "\n\t🐋 Cleaned up image 🐋\t\n"