mirror of
https://github.com/parkervcp/eggs.git
synced 2024-11-25 23:33:00 +08:00
Fix Egg's installation entrypoint
To prevent an attack via poisoning environment variables.
This commit is contained in:
parent
f70e200f63
commit
be4d853e00
@ -23,7 +23,7 @@
|
||||
"installation": {
|
||||
"script": "#!\/bin\/bash\r\n## this is a simple script to use the github API for release versions.\r\n## this requires the egg has a variable for GITHUB_PACKAGE and VERSION\r\n## this supports using oauth\/personal access tokens via GITHUB_USER and GITHUB_OAUTH_TOKEN (both are required.)\r\n## if you are getting hit with GitHub API limit issues then you need to have the user and token set.\r\n\r\napt update\r\napt install -y jq curl\r\n\r\nGITHUB_PACKAGE=\"jagrosh\/MusicBot\"\r\nCONFIG_LINK=\"https:\/\/raw.githubusercontent.com\/parkervcp\/eggs\/master\/bots\/discord\/jmusicbot\/config.txt\"\r\nPLAYLIST_LINK=\"https:\/\/raw.githubusercontent.com\/parkervcp\/eggs\/master\/bots\/discord\/jmusicbot\/example_playlist.txt\"\r\n\r\nif [ -z \"${GITHUB_USER}\" ] && [ -z \"${GITHUB_OAUTH_TOKEN}\" ] ; then\r\n echo -e \"no github user set, using anon api call\"\r\nelse\r\n echo -e \"user and oauth token set\"\r\n alias curl='curl -u ${GITHUB_USER}:${GITHUB_OAUTH_TOKEN} '\r\nfi\r\n\r\n# get release info and download links\r\nLATEST_JSON=$(curl --silent \"https:\/\/api.github.com\/repos\/${GITHUB_PACKAGE}\/releases\/latest\")\r\nRELEASES=$(curl --silent \"https:\/\/api.github.com\/repos\/${GITHUB_PACKAGE}\/releases\")\r\n\r\nif [ -z \"${VERSION}\" ] || [ \"${VERSION}\" == \"latest\" ]; then\r\n DOWNLOAD_LINK=$(echo ${LATEST_JSON} | jq .assets | jq -r .[].browser_download_url)\r\nelse\r\n VERSION_CHECK=$(echo ${RELEASES} | jq -r --arg VERSION \"${VERSION}\" '.[] | select(.tag_name==$VERSION) | .tag_name')\r\n if [ \"${VERSION}\" == \"${VERSION_CHECK}\" ]; then\r\n DOWNLOAD_LINK=$(echo ${RELEASES} | jq -r --arg VERSION \"${VERSION}\" '.[] | select(.tag_name==$VERSION) | .assets[].browser_download_url' | grep -i config)\r\n else\r\n echo -e \"defaulting to the latest release\"\r\n DOWNLOAD_LINK=$(echo ${LATEST_JSON} | jq .assets | jq -r .[].browser_download_url)\r\n fi\r\nfi\r\n\r\n## JMusicBot Setup\r\n[ ! -d \/mnt\/server ] && mkdir \/mnt\/server\r\ncd \/mnt\/server\r\n\r\nif [ -f JMusicBot.jar ]; then\r\n echo -e \"Updating JMusicBot.jar to latest version...\"\r\n echo -e '\\t(Old version can be found at \"JMusicBot.jar-old\")'\r\n mv -f JMusicBot.jar JMusicBot.jar-old\r\nfi\r\ncurl -sSLo JMusicBot.jar ${DOWNLOAD_LINK}\r\n\r\nif [ -f config.txt ]; then\r\n echo -e \"Updating config.txt to latest version...\"\r\n echo -e '\\t(Old version can be found at \"config.txt-old\")'\r\n mv -f config.txt config.txt-old\r\nfi\r\ncurl -sSLo config.txt ${CONFIG_LINK}\r\n\r\n[ ! -d Playlists ] && mkdir Playlists\r\ncd Playlists\r\nif [ -f example_playlist.txt ]; then\r\n echo -e \"example_playlist.txt already exists. Skipping default download.\"\r\nelse\r\n echo -e \"example_playlist.txt not found. Downloading default example_playlist...\"\r\n curl -sSLo example_playlist.txt ${PLAYLIST_LINK}\r\nfi\r\n\r\necho -e \"\\nJMusicBot Successfully Installed!\"",
|
||||
"container": "debian:buster-slim",
|
||||
"entrypoint": "bash"
|
||||
"entrypoint": "\/bin\/bash"
|
||||
}
|
||||
},
|
||||
"variables": [
|
||||
|
Loading…
Reference in New Issue
Block a user