Skip to content

Add reusable action to install roxie CLI#97

Merged
porridge merged 4 commits into
mainfrom
add-install-roxie-action
Jul 1, 2026
Merged

Add reusable action to install roxie CLI#97
porridge merged 4 commits into
mainfrom
add-install-roxie-action

Conversation

@porridge

@porridge porridge commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Adds roxie/install-cli composite action that downloads a roxie release binary from GitHub releases
  • Verifies the downloaded binary against SHA-256 checksums published with each release
  • Rejects non-Linux runners early with a clear error
  • Detects runner architecture (amd64/arm64) automatically
  • Version input is optional — omitting it installs the latest release
  • Directory is roxie/ to allow future additions (e.g. roxie/deploy)

Usage

steps:
- uses: stackrox/actions/roxie/install-cli@v1
  with:
    version: v0.4.2
- run: roxie version

Or omit version to install the latest release:

steps:
- uses: stackrox/actions/roxie/install-cli@v1
- run: roxie version

Test plan

🤖 Generated with Claude Code

porridge and others added 2 commits June 30, 2026 11:15
Adds roxie/install-cli composite action that downloads a roxie release
binary from GitHub, verifies its SHA-256 checksum, and places it in PATH
for subsequent workflow steps.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

A new roxie/install-cli composite GitHub Action is added. It accepts an optional version input, downloads and verifies the roxie CLI release binary, adds it to PATH, and documents the action in the repository README.

Changes

roxie/install-cli Action

Layer / File(s) Summary
Action definition and docs
roxie/install-cli/action.yml, roxie/install-cli/README.md, README.md
Composite action metadata with optional version input wired to install-roxie.sh; README documents inputs, verification, and usage; root README gains an index link.
Install script: arch detection, version resolution, download, and checksum verification
roxie/install-cli/install-roxie.sh
Detects Linux architecture, resolves ROXIE_VERSION from input or GitHub releases, downloads the binary and checksum file, verifies SHA-256, updates PATH, installs the binary, and runs roxie version.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main change: adding a reusable action to install the roxie CLI.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description check ✅ Passed The description matches the added roxie/install-cli action, validation logic, usage examples, and directory structure.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch add-install-roxie-action

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@roxie/install-cli/install-roxie.sh`:
- Around line 5-13: The install-roxie.sh script only normalizes architecture in
the uname-based setup, so non-Linux runners can still proceed and later download
a roxie-linux binary that won’t run. Add an early OS check using uname -s before
building the download URL, and exit with a clear error unless the platform is
Linux. Keep the existing architecture normalization for amd64/arm64, and update
the installer flow around the download URL construction so the Linux-only
contract is enforced by the main install path.
- Around line 21-25: The install flow publishes roxie to PATH before checksum
verification, so unverified binaries can be picked up by later steps. In
install-roxie.sh, update the download/install sequence around the PATH export
logic so the binary is first written to a temporary location, verified, and only
then moved into ~/.local/bin. Also move the GITHUB_PATH append in the install
path handling so it runs only after verification succeeds, keeping PATH
unchanged for failed installs.
- Around line 33-35: The checksum download in install-roxie.sh uses a
predictable /tmp/roxie-checksums.txt path, which should be replaced with a
unique mktemp-based file to avoid TOCTOU/symlink issues. Update the
checksum-fetching flow around the curl and expected lookup to create a temporary
file, use it for the grep/awk verification in place of /tmp/roxie-checksums.txt,
and add a trap to clean it up when the script exits.

In `@roxie/install-cli/README.md`:
- Line 32: The README example currently references the install-cli action via a
mutable `@main` ref, which should be replaced with a stable versioned reference.
Update the documented usage in the README to point to a fixed tag such as `@v1` or
a pinned commit SHA, using the stackrox/actions/roxie/install-cli action
reference so consumers get reproducible workflows.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 84026963-0058-4caa-ab19-2fa9791c0fac

📥 Commits

Reviewing files that changed from the base of the PR and between a98a889 and 5e71e0a.

📒 Files selected for processing (4)
  • README.md
  • roxie/install-cli/README.md
  • roxie/install-cli/action.yml
  • roxie/install-cli/install-roxie.sh

Comment thread roxie/install-cli/install-roxie.sh
Comment thread roxie/install-cli/install-roxie.sh Outdated
Comment thread roxie/install-cli/install-roxie.sh Outdated
Comment thread roxie/install-cli/README.md Outdated
porridge and others added 2 commits June 30, 2026 12:10
- Reject non-Linux runners early
- Download binary to temp dir and verify checksum before installing
- Use mktemp instead of predictable /tmp path
- Use @v1 tag in README usage example

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@porridge porridge marked this pull request as ready for review June 30, 2026 13:19
@porridge porridge requested a review from a team as a code owner June 30, 2026 13:19
@porridge porridge requested a review from mclasmeier June 30, 2026 13:19

@tommartensen tommartensen left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@porridge porridge merged commit 3484a62 into main Jul 1, 2026
4 checks passed
@porridge porridge deleted the add-install-roxie-action branch July 1, 2026 09:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants