feat: Add yq to act and custom

[Beanow]

Resolves #78

I gave this a simple test build locally (linux x86_64).

docker build -f linux/ubuntu/Dockerfile \
--build-arg FROM_IMAGE=buildpack-deps \
--build-arg FROM_TAG=22.04 \
--build-arg TYPE=act \
-t test-act \
.

#         🧨 Executing yq.sh 🧨
# + /imagegeneration/installers/yq.sh
# Downloading 'https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64' to '/tmp/yq'...
# Download completed
# Performing checksum verification
# Checksum verification passed

docker run --rm test-act yq --version
# yq (https://github.com/mikefarah/yq/) version v4.35.2

[Beanow]

11 minutes of pulling later... can confirm it's the same as:

docker run --rm catthehacker/ubuntu:full-latest yq --version
# yq (https://github.com/mikefarah/yq/) version v4.35.2

[catthehacker]

this breaks building on any arch other than aarch64/x86_64

[ChristopherHX]

Especially a problem, because the act base image is built for armhf, aarch64 and x86_64.

The flavour images are not built for armhf and usually don't work on any arch other than aarch64 (rust image not built due to cpu intensive compiling in qemu)/x86_64.

[Beanow]

Yeah good point, I looked at the wrong matrix. The yq script already supports arm/v7.
I'll have a look at updating the cases.

Does this approach otherwise look OK?

[Beanow]

Added the missing arch

[ChristopherHX]

Some thoughts from my side...

I would be careful if you remove double quotes in bash, have bad experience in the past.

[ChristopherHX]

Why did you add ERR_EXIT_ENABLED if it is ignored in the first iteration due to unconditional set +e?

[Beanow]

The changes to this script aren't my own. They're from the upstream repository.

Primary reason I found the sync was necessary was because checksum validation code was added and used for the yq download.

I'll have to defer to the blame upstream for your questions though :]

Here it's actions/runner-images#8352

[Beanow]

Just to be clear, I'm not defending the decisions upstream. I don't have an opinion on the suggestions you made here.

But I think there's maintenance tradeoffs between how closely you want to track the other repo. So I feel the decision to diverge and track our own patches here should be up to the maintainers and not me :]

Feel free to edit, or request changes.

[ChristopherHX]

Is this necessary to remove quotes?

Removing quotes in bash is dangerous.

Example:

listargs() { while [[ -n "$1" ]]; do echo $1; shift; done };
IsPackageInstalled() { listargs -S $1; } ;
IsPackageInstalled "hello or";

argument hello or ends up beeing interpreted by bash.

[Beanow]

Seems upstream this was never quoted.

I found this, but is just a move. The code before was initial commit.
actions/runner-images@a7ee8ab

[ChristopherHX]

Why do you want to install yq twice in the custom image?

act-latest is the base of custom-latest, js-latest, go-latest and so on

[Beanow]

Good catch. That's just me being unfamiliar in the codebase 😂

[ChristopherHX]

Maybe /usr/local/bin/yq to avoid conflicts with apt?

[Beanow]

Likewise this script I tried to make minimal changes to compared to upstream.

I'm introducing different architectures here compared to upstream, which only support amd64.

It seems to be a deliberate workflow compatibility choice to install it here though.
actions/runner-images#3768

[ChristopherHX]

Why did you remove quotes for http_code? We don't control the output of curl, it may be able to inject stuff.

For example exit_code can only be a number, because that comes from bash itself.

[Beanow]

See upstream actions/runner-images#3721

[ChristopherHX]

All fine now. I'm not familar with the pre 2023 history of this repository, there was a linter requiring changes from upstream files.