photoprism/scripts/dist/install-devops-tools.sh

#!/usr/bin/env bash

# Installs Kubernetes/Rancher tooling and supporting utilities for DevOps workflows.
# Intended for use inside the Docker image build where root privileges are available.

set -euo pipefail
IFS=$'\n\t'

PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH"

SUDO=""
if [[ $(id -u) -ne 0 ]]; then
  if command -v sudo >/dev/null 2>&1; then
    SUDO="sudo"
  else
    echo "This script requires root privileges or sudo access." >&2
    exit 1
  fi
fi

case "$(uname -m)" in
  x86_64 | amd64)
    LINUX_ARCH="amd64"
    ;;
  aarch64 | arm64)
    LINUX_ARCH="arm64"
    ;;
  *)
    echo "Unsupported architecture: $(uname -m)" >&2
    exit 1
    ;;
esac

# Ensure installation runs non-interactively.
export DEBIAN_FRONTEND="noninteractive"

BIN_DIR="${BIN_DIR:-/usr/local/bin}"
TMPDIR="$(mktemp -d)"
trap 'rm -rf "${TMPDIR}"' EXIT

install_apt_packages() {
  local packages=(
    bash-completion
    dnsutils
    jq
    mariadb-client
    mysql-shell
    netcat-openbsd
    nfs-common
    percona-toolkit
    socat
    yq
  )

  ${SUDO} env DEBIAN_FRONTEND="noninteractive" apt-get update
  ${SUDO} env DEBIAN_FRONTEND="noninteractive" apt-get install -y --no-install-recommends "${packages[@]}"
  ${SUDO} env DEBIAN_FRONTEND="noninteractive" apt-get clean
  ${SUDO} rm -rf /var/lib/apt/lists/*
}

fetch_latest_github_tag() {
  local repo="$1"
  curl -fsSL "https://api.github.com/repos/${repo}/releases/latest" | jq -r '.tag_name'
}

verify_with_checksums() {
  local checksum_file="$1"
  local artifact="$2"
  local pattern="$3"

  local sum
  sum="$(awk -v target="${pattern}" '$2 == target {print $1; exit}' "${checksum_file}")"
  if [[ -z "${sum}" ]]; then
    echo "Checksum for ${pattern} not found in ${checksum_file}" >&2
    exit 1
  fi
  echo "${sum}  ${artifact}" | sha256sum --check --status
}

install_kubectl() {
  local version="${KUBECTL_VERSION:-$(curl -fsSL https://dl.k8s.io/release/stable.txt)}"
  local artifact="${TMPDIR}/kubectl"

  curl -fsSLo "${artifact}" "https://dl.k8s.io/release/${version}/bin/linux/${LINUX_ARCH}/kubectl"
  curl -fsSLo "${artifact}.sha256" "https://dl.k8s.io/release/${version}/bin/linux/${LINUX_ARCH}/kubectl.sha256"
  (
    cd "${TMPDIR}"
    printf '%s  %s\n' "$(cat "$(basename "${artifact}.sha256")")" "$(basename "${artifact}")" | sha256sum --check --status -
  )
  ${SUDO} install -m 0755 "${artifact}" "${BIN_DIR}/kubectl"
}

install_helm() {
  local raw_tag="${HELM_VERSION:-$(fetch_latest_github_tag helm/helm)}"
  local base="helm-${raw_tag}-linux-${LINUX_ARCH}"

  curl -fsSLo "${TMPDIR}/${base}.tar.gz" "https://get.helm.sh/${base}.tar.gz"
  curl -fsSLo "${TMPDIR}/${base}.tar.gz.sha256sum" "https://get.helm.sh/${base}.tar.gz.sha256sum"
  (cd "${TMPDIR}" && sha256sum --check "${base}.tar.gz.sha256sum")
  tar -xzf "${TMPDIR}/${base}.tar.gz" -C "${TMPDIR}"
  ${SUDO} install -m 0755 "${TMPDIR}/linux-${LINUX_ARCH}/helm" "${BIN_DIR}/helm"
}

install_rancher_cli() {
  local version="${RANCHER_CLI_VERSION:-2.12.3}"
  local tarball="rancher-linux-${LINUX_ARCH}-v${version}.tar.gz"
  local checksum_url="https://releases.rancher.com/cli2/v${version}/${tarball}.sha256sum"
  local checksum_file="${TMPDIR}/${tarball}.sha256sum"

  curl -fsSLo "${TMPDIR}/${tarball}" "https://releases.rancher.com/cli2/v${version}/${tarball}"
  if curl -fsSLo "${checksum_file}" "${checksum_url}"; then
    (cd "${TMPDIR}" && sha256sum --check "${tarball}.sha256sum")
  else
    rm -f "${checksum_file}"
    echo "Checksum file not available for Rancher CLI ${version}; skipping verification." >&2
  fi
  tar -xzf "${TMPDIR}/${tarball}" -C "${TMPDIR}"
  if [[ -f "${TMPDIR}/rancher-v${version}/rancher" ]]; then
    ${SUDO} install -m 0755 "${TMPDIR}/rancher-v${version}/rancher" "${BIN_DIR}/rancher"
  else
    ${SUDO} install -m 0755 "${TMPDIR}/rancher-${version}/rancher" "${BIN_DIR}/rancher"
  fi
  if [[ -f "${TMPDIR}/rancher-v${version}/rancher-compose" ]]; then
    ${SUDO} install -m 0755 "${TMPDIR}/rancher-v${version}/rancher-compose" "${BIN_DIR}/rancher-compose"
  fi
}

install_kustomize() {
  local raw_tag="${KUSTOMIZE_VERSION:-$(fetch_latest_github_tag kubernetes-sigs/kustomize)}"
  local version="${raw_tag##*/}"
  local encoded_tag="${raw_tag//\//%2F}"
  local artifact="kustomize_${version}_linux_${LINUX_ARCH}.tar.gz"
  local checksum_file="${TMPDIR}/checksums.txt"

  curl -fsSLo "${TMPDIR}/${artifact}" "https://github.com/kubernetes-sigs/kustomize/releases/download/${encoded_tag}/${artifact}"
  curl -fsSLo "${checksum_file}" "https://github.com/kubernetes-sigs/kustomize/releases/download/${encoded_tag}/checksums.txt"
  verify_with_checksums "${checksum_file}" "${TMPDIR}/${artifact}" "${artifact}"
  tar -xzf "${TMPDIR}/${artifact}" -C "${TMPDIR}"
  ${SUDO} install -m 0755 "${TMPDIR}/kustomize" "${BIN_DIR}/kustomize"
}

install_k9s() {
  local raw_tag="${K9S_VERSION:-$(fetch_latest_github_tag derailed/k9s)}"
  local version="${raw_tag#v}"
  local artifact="k9s_Linux_${LINUX_ARCH}.tar.gz"
  local checksum_file="${TMPDIR}/checksums.txt"
  local checksum_url="https://github.com/derailed/k9s/releases/download/${raw_tag}/checksums.txt"

  curl -fsSLo "${TMPDIR}/${artifact}" "https://github.com/derailed/k9s/releases/download/${raw_tag}/${artifact}"
  if ! curl -fsSLo "${checksum_file}" "${checksum_url}"; then
    checksum_file="${TMPDIR}/checksums.sha256"
    checksum_url="https://github.com/derailed/k9s/releases/download/${raw_tag}/checksums.sha256"
    curl -fsSLo "${checksum_file}" "${checksum_url}"
  fi
  verify_with_checksums "${checksum_file}" "${TMPDIR}/${artifact}" "${artifact}"
  tar -xzf "${TMPDIR}/${artifact}" -C "${TMPDIR}"
  ${SUDO} install -m 0755 "${TMPDIR}/k9s" "${BIN_DIR}/k9s"
}

install_stern() {
  local raw_tag="${STERN_VERSION:-$(fetch_latest_github_tag stern/stern)}"
  local version="${raw_tag#v}"
  local artifact="stern_${version}_linux_${LINUX_ARCH}.tar.gz"
  local checksum_file="${TMPDIR}/checksums.txt"

  curl -fsSLo "${TMPDIR}/${artifact}" "https://github.com/stern/stern/releases/download/${raw_tag}/${artifact}"
  curl -fsSLo "${checksum_file}" "https://github.com/stern/stern/releases/download/${raw_tag}/checksums.txt"
  verify_with_checksums "${checksum_file}" "${TMPDIR}/${artifact}" "${artifact}"
  tar -xzf "${TMPDIR}/${artifact}" -C "${TMPDIR}"
  ${SUDO} install -m 0755 "${TMPDIR}/stern" "${BIN_DIR}/stern"
}

install_longhornctl() {
  local raw_tag="${LONGHORNCTL_VERSION:-$(fetch_latest_github_tag longhorn/cli)}"
  local version="${raw_tag#v}"
  local artifact="longhornctl-linux-${LINUX_ARCH}"

  curl -fsSLo "${TMPDIR}/${artifact}" "https://github.com/longhorn/cli/releases/download/${raw_tag}/${artifact}"
  curl -fsSLo "${TMPDIR}/${artifact}.sha256" "https://github.com/longhorn/cli/releases/download/${raw_tag}/${artifact}.sha256"
  (cd "${TMPDIR}" && sha256sum --check "$(basename "${artifact}.sha256")")
  ${SUDO} install -m 0755 "${TMPDIR}/${artifact}" "${BIN_DIR}/longhornctl"
}

install_kubectl_neat() {
  local raw_tag="${KUBECTL_NEAT_VERSION:-$(fetch_latest_github_tag itaysk/kubectl-neat)}"
  local version="${raw_tag#v}"
  local artifact="kubectl-neat_linux_${LINUX_ARCH}.tar.gz"
  local checksum_file="${TMPDIR}/checksums.txt"

  curl -fsSLo "${TMPDIR}/${artifact}" "https://github.com/itaysk/kubectl-neat/releases/download/${raw_tag}/${artifact}"
  curl -fsSLo "${checksum_file}" "https://github.com/itaysk/kubectl-neat/releases/download/${raw_tag}/checksums.txt"
  verify_with_checksums "${checksum_file}" "${TMPDIR}/${artifact}" "${artifact}"
  tar -xzf "${TMPDIR}/${artifact}" -C "${TMPDIR}"
  ${SUDO} install -m 0755 "${TMPDIR}/kubectl-neat" "${BIN_DIR}/kubectl-neat"
}

install_apt_packages
install_kubectl
install_helm
install_rancher_cli
install_kustomize
install_k9s
install_stern
install_longhornctl
install_kubectl_neat

cat <<'EOF'

DevOps tooling installation completed:
  - kubectl
  - helm
  - rancher CLI
  - kustomize
  - k9s
  - stern
  - longhornctl
  - kubectl-neat
  - Supporting utilities installed via apt

EOF