Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 23 additions & 1 deletion .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,30 +5,52 @@ on:

jobs:
test:
name: Test on ${{ matrix.os }} ${{ matrix.arch }}
name: Test ${{ matrix.version }} on ${{ matrix.os }} ${{ matrix.arch }}
runs-on: ${{ matrix.runner }}
strategy:
matrix:
include:
- os: Linux
arch: x86_64
runner: ubuntu-latest
version: alpha4-rolling
- os: Linux
arch: x86_64
runner: ubuntu-latest
version: nightly
- os: Linux
arch: arm64
runner: ubuntu-24.04-arm
version: alpha4-rolling
- os: Linux
arch: arm64
runner: ubuntu-24.04-arm
version: nightly
- os: macOS
arch: x86_64
runner: macos-15-intel
version: alpha4-rolling
- os: macOS
arch: x86_64
runner: macos-15-intel
version: nightly
- os: macOS
arch: arm64
runner: macos-latest
version: alpha4-rolling
- os: macOS
arch: arm64
runner: macos-latest
version: nightly

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Setup Roc
uses: ./
with:
version: ${{ matrix.version }}

- name: Check Roc version
run: roc version
Expand Down
20 changes: 17 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,20 @@ A GitHub Action to download and setup the Roc compiler for Linux and macOS.

Add this step to your CI workflow:

### Using Nightly Releases

```yaml
- uses: roc-lang/setup-roc@TODO
with:
version: nightly
```

### Using Major Releases

```yaml
TODO
- uses: roc-lang/setup-roc@TODO
with:
version: alpha4-rolling
```

## Platform Support
Expand All @@ -30,10 +42,12 @@ This action supports the following platforms:

1. Detects your operating system and architecture
2. Downloads the appropriate Roc compiler release for your platform
3. Verifies the SHA256 checksum to ensure file integrity
3. Verifies the SHA256 checksum to ensure file integrity (skipped for nightly releases)
4. Extracts the compiler
5. Adds the Roc executable to the PATH

## Security

The action verifies the SHA256 checksum of the downloaded file to ensure it hasn't been tampered with. If the checksum doesn't match, the action will fail.
For major releases, the action verifies the SHA256 checksum of the downloaded file to ensure it hasn't been tampered with. If the checksum doesn't match, the action will fail.

For nightly releases, SHA256 verification is skipped since the files are updated regularly.
44 changes: 32 additions & 12 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,11 @@ branding:
icon: 'download'
color: 'purple'

inputs:
version:
description: 'Version of Roc to install (e.g., "nightly", "alpha4-rolling")'
required: true

runs:
using: 'composite'
steps:
Expand All @@ -12,6 +17,9 @@ runs:
run: |
set -euo pipefail

VERSION="${{ inputs.version }}"
echo "Installing Roc version: $VERSION"

# Detect OS and architecture
OS=$(uname -s)
ARCH=$(uname -m)
Expand Down Expand Up @@ -68,23 +76,35 @@ runs:
esac

# Download Roc
DOWNLOAD_URL="https://github.com/roc-lang/roc/releases/download/alpha4-rolling/roc-${PLATFORM}-alpha4-rolling.tar.gz"
if [[ "$VERSION" == "nightly" ]]; then
DOWNLOAD_URL="https://github.com/roc-lang/roc/releases/download/nightly/roc_nightly-${PLATFORM}-latest.tar.gz"
SKIP_SHA_CHECK=true
DIR_PATTERN="roc_nightly-${PLATFORM}-*"
else
DOWNLOAD_URL="https://github.com/roc-lang/roc/releases/download/${VERSION}/roc-${PLATFORM}-${VERSION}.tar.gz"
SKIP_SHA_CHECK=false
fi

echo "Downloading Roc for $PLATFORM..."
curl -fsSL -o roc.tar.gz "$DOWNLOAD_URL"

# Verify SHA256 checksum
echo "Verifying SHA256 checksum..."
ACTUAL_SHA=$($SHA_CMD roc.tar.gz | awk '{print $1}')
# Verify SHA256 checksum (skip for nightly releases)
if [[ "$SKIP_SHA_CHECK" == "false" ]]; then
echo "Verifying SHA256 checksum..."
ACTUAL_SHA=$($SHA_CMD roc.tar.gz | awk '{print $1}')

if [[ "$ACTUAL_SHA" != "$EXPECTED_SHA" ]]; then
echo "Error: SHA256 checksum mismatch!"
echo "Expected: $EXPECTED_SHA"
echo "Actual: $ACTUAL_SHA"
echo "This should never happen and could mean the file is malicious. Please make a post on <https://roc.zulipchat.com> and request investigation of this incident."
exit 1
fi
if [[ "$ACTUAL_SHA" != "$EXPECTED_SHA" ]]; then
echo "Error: SHA256 checksum mismatch!"
echo "Expected: $EXPECTED_SHA"
echo "Actual: $ACTUAL_SHA"
echo "This should never happen and could mean the file is malicious. Please make a post on <https://roc.zulipchat.com> and request investigation of this incident."
exit 1
fi

echo "SHA256 checksum verified successfully"
echo "SHA256 checksum verified successfully"
else
echo "Skipping SHA256 verification for nightly release"
fi

# Extract Roc
echo "Extracting Roc..."
Expand Down