search

thoughtworks / talisman

Using a pre-commit hook, Talisman validates the outgoing changeset for things that look suspicious — such as tokens, passwords, and private keys.
https://thoughtworks.github.io/talisman/
MIT License
1.89k stars 241 forks source link

Global install fails to find download URLs #392

Closed johntron closed 1 year ago

johntron commented 1 year ago

Describe the bug The install script ends prematurely. When following instructions for the pre-commit hook documented here, the command exits on line 76.

To Reproduce Steps to reproduce the behavior:

  1. Open terminal and run: curl --silent https://raw.githubusercontent.com/thoughtworks/talisman/master/global_install_scripts/install.bash > /tmp/install_talisman.bash && /bin/bash /tmp/install_talisman.bash

The entire output is simply "Downloading talisman binary"

Expected behavior Talisman should be available at $HOME/.talisman/bin.

Desktop (please complete the following information):

Additional context After some debugging, it appears the HTML we try to extract URLs from the release page does not contain the content of the "Assets" section; therefore, the grep command fails to find any URLs matching the pattern on line 76.

Here's the HTML retrieved from the curl command: releases.html.zip - note the loading state for "Assets". When I load the releases page in my browser, the download URLs are retrieved via AJAX from https://github.com/thoughtworks/talisman/releases/expanded_assets/v1.28.1 (as HTML).

There doesn't appear to be a "/latest" URL we can use for the assets HTML, so one solution to this problem might be to fetch the releases page using "/latest", extract the release tag (e.g. v.1.28.1), then fetch the assets HTML from a computed URL like .../releases/expanded_assets/{tag}.

Another solution might be to use the REST API with a command like: 

curl \
  -H "Accept: application/vnd.github+json" \
  https://api.github.com/repos/thoughtworks/talisman/releases/latest

This returns JSON, but this JSON seems to work with the existing regex - simply replacing the existing cURL command with the one above fixes the problem and the installer continues.

jmatias commented 1 year ago

I was able to reproduce this, thanks for raising the issue. I'm looking into it

jmatias commented 1 year ago

@johntron

I pushed a fix. https://github.com/thoughtworks/talisman/pull/394.

Could you give it another try?

johntron commented 1 year ago

That fixed it - thanks @jmatias.