+1

.tangled/workflows/build.yml

reviewed

··· 13 13 - minisign 14 14 - gnutar 15 15 - xz 16 16 + - zip 16 17 17 18 environment: 18 19 ZIG_VERSION: "0.15.1"

+43 -7

zig/download.sh

reviewed

··· 2 2 set -e 3 3 4 4 [ -z "$ZIG_VERSION" ] && ZIG_VERSION="master" 5 5 - 6 6 - ZIG_SIGNATUR_PUBKEY="RWSGOq2NVecA2UPNdBUZykf1CCb147pkmdtYxgb3Ti+JO/wCYvhbAb/U" 7 7 - 8 5 command -v jq >/dev/null || { echo "Error: jq is required to parse Zig's download manifest"; exit 1; } 9 6 command -v minisign >/dev/null || { echo "Error: minisign is required to verify Zig's signature"; exit 1; } 10 7 mkdir -p zig ··· 33 30 [ -z "$u" ] && { echo "Error: Could not find download URL for version $ZIG_VERSION on $p"; exit 1; } 34 31 35 32 f=$(basename "$u") 33 33 + echo "Downloading $u to zig/$f..." 36 34 curl -L "$u" -o "zig/$f" || { echo "Error: Failed to download Zig compiler"; exit 1; } 37 35 curl -L "$u.minisig" -o "zig/$f.minisig" || { echo "Error: Failed to download minisig signature"; exit 1; } 36 36 + echo "RWSGOq2NVecA2UPNdBUZykf1CCb147pkmdtYxgb3Ti+JO/wCYvhbAb/U" > zig/zig.pub 37 37 + echo "Verifying signature..." 38 38 + minisign -Vm "zig/$f" -P zig/zig.pub || { echo "Error: Signature verification failed - this is critical for security"; exit 1; } 38 39 39 39 - minisign -Vm "zig/$f" -P $ZIG_SIGNATUR_PUBKEY || { echo "Error: Signature verification failed - this is critical for security"; exit 1; } 40 40 + # Create temporary extraction directory 41 41 + mkdir -p zig/extract 40 42 41 41 - [[ "$f" == *.zip ]] && unzip -q "zig/$f" -d zig && d=$(unzip -l "zig/$f" | awk 'NR==4 {print $4}' | cut -d '/' -f 1) || { tar -xJf "zig/$f" -C zig; d=$(tar -tf "zig/$f" | head -1 | cut -d '/' -f 1); } 43 43 + # Extract to temporary location with --no-same-owner for CI environments 44 44 + if [[ "$f" == *.zip ]]; then 45 45 + echo "Extracting ZIP archive..." 46 46 + unzip -q "zig/$f" -d zig/extract 47 47 + else 48 48 + echo "Extracting TAR archive with --no-same-owner (fixes CI permission issues)..." 49 49 + tar -xJf "zig/$f" --no-same-owner -C zig/extract 50 50 + fi 42 51 43 43 - ln -sf "$(pwd)/zig/$d/zig" $(pwd)/zig/zig 44 44 - rm -f "zig/$f" "zig/$f.minisig" 52 52 + # Find the first directory at the top level (should be the Zig directory) 53 53 + d=$(find "zig/extract" -mindepth 1 -maxdepth 1 -type d -print -quit) 54 54 + if [ -z "$d" ]; then 55 55 + echo "Error: Could not determine extracted directory structure" 56 56 + echo "Contents of extract directory:" 57 57 + ls -la zig/extract 58 58 + exit 1 59 59 + fi 60 60 + d=$(basename "$d") 61 61 + 62 62 + echo "Found Zig directory: $d" 63 63 + 64 64 + # Verify the binary exists before creating symlink 65 65 + if [ ! -f "zig/extract/$d/bin/zig" ]; then 66 66 + echo "Error: Zig binary not found at expected location: zig/extract/$d/bin/zig" 67 67 + echo "Available files:" 68 68 + find "zig/extract" -type f 69 69 + exit 1 70 70 + fi 71 71 + 72 72 + # Create symlink with verification 73 73 + ln -sfv "zig/extract/$d/bin/zig" zig/zig || { echo "Error: Failed to create symlink"; exit 1; } 74 74 + 75 75 + # Cleanup 76 76 + rm -f "zig/$f" "zig/$f.minisig" zig/zig.pub 77 77 + rm -rf "zig/extract" 78 78 + 79 79 + echo "Zig compiler installed successfully!" 80 80 + echo "Run with: ./zig/zig --version"