From fcd1108e73361f903a3b7fdfd99f2548e368f440 Mon Sep 17 00:00:00 2001
From: Derek Nola <derek.nola@suse.com>
Date: Tue, 6 Feb 2024 16:30:12 -0800
Subject: [PATCH] Add ability to install K3s PR Artifact from GitHub (#9185)

* Add support for INSTALL_K3s_PR

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Add sha256sum to K3s PR artifacts

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Update install sha256sum

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Revert whitespace changes

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
---
 .github/workflows/build-k3s.yaml |  4 +-
 install.sh                       | 69 ++++++++++++++++++++++++++++----
 install.sh.sha256sum             |  2 +-
 3 files changed, 65 insertions(+), 10 deletions(-)
 mode change 100644 => 100755 install.sh

diff --git a/.github/workflows/build-k3s.yaml b/.github/workflows/build-k3s.yaml
index 2c39de9216..125d201f10 100644
--- a/.github/workflows/build-k3s.yaml
+++ b/.github/workflows/build-k3s.yaml
@@ -22,7 +22,7 @@ jobs:
     - name: Build K3s binary
       run: |
         DOCKER_BUILDKIT=1 SKIP_IMAGE=1 SKIP_AIRGAP=1 SKIP_VALIDATE=1 GOCOVER=1 make
-      
+        sha256sum dist/artifacts/k3s > dist/artifacts/k3s.sha256sum
     - name: bundle repo
       if: inputs.upload-repo == true
       run: |
@@ -39,4 +39,4 @@ jobs:
       uses: actions/upload-artifact@v3
       with:
         name: k3s
-        path: dist/artifacts/k3s
\ No newline at end of file
+        path: dist/artifacts/k3s*
\ No newline at end of file
diff --git a/install.sh b/install.sh
old mode 100644
new mode 100755
index d27e33be16..34bfe1ef6f
--- a/install.sh
+++ b/install.sh
@@ -44,6 +44,10 @@ set -o noglob
 #     Commit of k3s to download from temporary cloud storage.
 #     * (for developer & QA use)
 #
+#   - INSTALL_K3S_PR
+#     PR build of k3s to download from Github Artifacts.
+#     * (for developer & QA use)
+#
 #   - INSTALL_K3S_BIN_DIR
 #     Directory to install k3s binary, links, and uninstall script to, or use
 #     /usr/local/bin as the default
@@ -92,6 +96,7 @@ set -o noglob
 #     Defaults to 'stable'.
 
 GITHUB_URL=https://github.com/k3s-io/k3s/releases
+GITHUB_PR_URL=""
 STORAGE_URL=https://k3s-ci-builds.s3.amazonaws.com
 DOWNLOADER=
 
@@ -337,6 +342,7 @@ verify_downloader() {
 setup_tmp() {
     TMP_DIR=$(mktemp -d -t k3s-install.XXXXXXXXXX)
     TMP_HASH=${TMP_DIR}/k3s.hash
+    TMP_ZIP=${TMP_DIR}/k3s.zip
     TMP_BIN=${TMP_DIR}/k3s.bin
     cleanup() {
         code=$?
@@ -350,7 +356,10 @@ setup_tmp() {
 
 # --- use desired k3s version if defined or find version from channel ---
 get_release_version() {
-    if [ -n "${INSTALL_K3S_COMMIT}" ]; then
+    if [ -n "${INSTALL_K3S_PR}" ]; then
+        VERSION_K3S="PR ${INSTALL_K3S_PR}"
+        get_pr_artifact_url
+    elif [ -n "${INSTALL_K3S_COMMIT}" ]; then
         VERSION_K3S="commit ${INSTALL_K3S_COMMIT}"
     elif [ -n "${INSTALL_K3S_VERSION}" ]; then
         VERSION_K3S=${INSTALL_K3S_VERSION}
@@ -434,13 +443,20 @@ download() {
 
 # --- download hash from github url ---
 download_hash() {
-    if [ -n "${INSTALL_K3S_COMMIT}" ]; then
-        HASH_URL=${STORAGE_URL}/k3s${SUFFIX}-${INSTALL_K3S_COMMIT}.sha256sum
+    if [ -n "${INSTALL_K3S_PR}" ]; then
+        info "Downloading hash ${GITHUB_PR_URL}"
+        curl -o ${TMP_ZIP} -H "Authorization: Bearer $GITHUB_TOKEN" -L ${GITHUB_PR_URL}
+        unzip -p ${TMP_ZIP} k3s.sha256sum > ${TMP_HASH}
+        sed -i 's/dist\/artifacts\/k3s/k3s/g' ${TMP_HASH}
     else
-        HASH_URL=${GITHUB_URL}/download/${VERSION_K3S}/sha256sum-${ARCH}.txt
+        if [ -n "${INSTALL_K3S_COMMIT}" ]; then
+            HASH_URL=${STORAGE_URL}/k3s${SUFFIX}-${INSTALL_K3S_COMMIT}.sha256sum
+        else
+            HASH_URL=${GITHUB_URL}/download/${VERSION_K3S}/sha256sum-${ARCH}.txt
+        fi
+        info "Downloading hash ${HASH_URL}"
+        download ${TMP_HASH} ${HASH_URL}
     fi
-    info "Downloading hash ${HASH_URL}"
-    download ${TMP_HASH} ${HASH_URL}
     HASH_EXPECTED=$(grep " k3s${SUFFIX}$" ${TMP_HASH})
     HASH_EXPECTED=${HASH_EXPECTED%%[[:blank:]]*}
 }
@@ -457,9 +473,48 @@ installed_hash_matches() {
     return 1
 }
 
+# Use the GitHub API to identify the artifact associated with a given PR
+get_pr_artifact_url() {
+    GITHUB_API_URL=https://api.github.com/repos/k3s-io/k3s
+
+    # Check if jq is installed
+    if ! [ -x "$(command -v jq)" ]; then
+        echo "jq is required to use INSTALL_K3S_PR. Please install jq and try again"
+        exit 1
+    fi
+
+    if [ -z "${GITHUB_TOKEN}" ]; then
+        fatal "Installing PR builds requires GITHUB_TOKEN with k3s-io/k3s repo authorization"
+    fi
+
+    # GET request to the GitHub API to retrieve the latest commit SHA from the pull request
+    COMMIT_ID=$(curl -s -H "Authorization: Bearer $GITHUB_TOKEN" "$GITHUB_API_URL/pulls/$INSTALL_K3S_PR" | jq -r '.head.sha')
+    
+    # GET request to the GitHub API to retrieve the Build workflow associated with the commit
+    wf_raw=$(curl -s -H "Authorization: Bearer $GITHUB_TOKEN" "$GITHUB_API_URL/commits/$COMMIT_ID/check-runs")
+    build_workflow=$(printf "%s" "$wf_raw" | jq -r '.check_runs[] |  select(.name == "build / Build")')
+    
+    # Extract the Run ID from the build workflow and lookup artifacts associated with the run
+    RUN_ID=$(echo "$build_workflow" | jq -r ' .details_url' | awk -F'/' '{print $(NF-2)}')
+
+    # Extract the artifat ID for the "k3s" artifact    
+    artifacts=$(curl -s -H "Authorization: Bearer $GITHUB_TOKEN" "$GITHUB_API_URL/actions/runs/$RUN_ID/artifacts")
+    artifacts_url=$(echo "$artifacts" | jq -r '.artifacts[] | select(.name == "k3s") | .archive_download_url')
+    GITHUB_PR_URL=$artifacts_url
+}
+
 # --- download binary from github url ---
 download_binary() {
-    if [ -n "${INSTALL_K3S_COMMIT}" ]; then
+    if [ -n "${INSTALL_K3S_PR}" ]; then
+        # Since Binary and Hash are zipped together, check if TMP_ZIP already exists
+        if ! [ -f ${TMP_ZIP} ]; then
+            info "Downloading K3s artifact ${GITHUB_PR_URL}"
+            curl -o ${TMP_ZIP} -H "Authorization: Bearer $GITHUB_TOKEN" -L ${GITHUB_PR_URL}
+        fi
+        # extract k3s binary from zip
+        unzip -p ${TMP_ZIP} k3s > ${TMP_BIN}
+        return
+    elif [ -n "${INSTALL_K3S_COMMIT}" ]; then
         BIN_URL=${STORAGE_URL}/k3s${SUFFIX}-${INSTALL_K3S_COMMIT}
     else
         BIN_URL=${GITHUB_URL}/download/${VERSION_K3S}/k3s${SUFFIX}
diff --git a/install.sh.sha256sum b/install.sh.sha256sum
index 25d9095099..8f5ea770b2 100644
--- a/install.sh.sha256sum
+++ b/install.sh.sha256sum
@@ -1 +1 @@
-431c6fe653336279073e5b913557aa22d7ef1794b30b4f02002b4482910464d7  install.sh
+91e1015131eb5dad5967e7f1ef735222863edf9c2bf8a2eee1c96687c756e52e  install.sh