install-github-release-binary is an opinionated GitHub Action for adding a binary from a GitHub Release to your CI $PATH.
The primary goals are, in order of priority:
- control over software supply chain security (SSCS)
- execute quickly
- avoid rate limits
This action only supports installing from releases where the release:
- is tagged with the full
{major}.{minor}.{patch}semantic version - contains raw binary assets (archives not supported)
- assets are labeled with the binary name and target triple in the format
<binary name>-<target triple>
You can create compatible releases with semantic-release, using a workflow like semantic-release-action/rust.
Use this action in a step:
- name: Install flux-capacitor
uses: EricCrosson/install-github-release-binary@v2
with:
targets: EricCrosson/flux-capacitor@v1Note
I recommend adding an explicit step name, otherwise the step will only reference
EricCrosson/install-github-release-binary@v2, not your targets.
Install multiple binaries:
- name: Install future tools
uses: EricCrosson/install-github-release-binary@v2
with:
targets: |
EricCrosson/flux-capacitor@v1
EricCrosson/[email protected]
EricCrosson/[email protected]:sha256-8a4600be96d2ec013209042458ce97a9652fcc46c1c855d0217aa42e330fc06eInstall a binary from a release with multiple binaries available:
- name: Install flux-capacitor
uses: EricCrosson/install-github-release-binary@v2
with:
targets: |
EricCrosson/future-tools/flux-capacitor@v1| Input Parameter | Required | Description |
|---|---|---|
| targets | true | Whitespace separated list of target GitHub Releases in format {owner}/{repository}@{version}. Details |
| token | false | GitHub token for REST requests. Defaults to ${{ github.token }}. Details |
Specify a whitespace-separated list of targets.
Each target is specified by repo slug and a semantic version number using the format {owner}/{repository}@v{semantic-version}.
Optionally, include:
- the particular binary to install (required when a release contains multiple binaries)
- a sha256 checksum
Examples:
EricCrosson/flux-capacitor@v1EricCrosson/[email protected]EricCrosson/[email protected]EricCrosson/[email protected]:sha256-ad91159c656d427ad8fe5ded2946f29f3a612c6b7a4af6129e9aa85256b7299eEricCrosson/future-tools/flux-capacitor@v1
A GitHub token with repo scope.
Defaults to the ${{ github.token }} created automatically by GitHub Actions.
To install a binary from a private GitHub repository, use a Personal Access Token.
This action assumes it is running on a GitHub-hosted runner, so bumping any dependency to a version preinstalled on GitHub-hosted runners is not considered a breaking change.