feat(windows): added better install script and removed yarn

zZHorizonZz · zZHorizonZz · commit a45e54a127f0 · 2024-09-03T09:12:21.000+02:00
diff --git a/.github/workflows/build-test-windows.yml b/.github/workflows/build-test-windows.yml
@@ -63,8 +63,8 @@ jobs:
       - name: Test for npm
         run: docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} npm --version
         
-      - name: Test for yarn
-        run: docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} yarn --version
+      #- name: Test for yarn
+      #  run: docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} yarn --version
 
   build-windows-2022:
     name: build-windows-2022
@@ -115,5 +115,5 @@ jobs:
       - name: Test for npm
         run: docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} npm --version
         
-      - name: Test for yarn
-        run: docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} yarn --version
+      #- name: Test for yarn
+      #  run: docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} yarn --version
diff --git a/22/windows-2019/Dockerfile b/22/windows-2019/Dockerfile
@@ -3,47 +3,45 @@ FROM mcr.microsoft.com/windows/servercore:ltsc2019
 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
 
 # PATH isn't actually set in the Docker image, so we have to set it from within the container
-RUN $newPath = ('C:\nodejs;{0}\Yarn\bin;{1}' -f $env:LOCALAPPDATA, $env:PATH); \
+RUN $newPath = ('C:\nodejs;{0}\Yarn\bin;{1};C:\Program Files (x86)\GnuPG\bin' -f $env:LOCALAPPDATA, $env:PATH); \
 	Write-Host ('Updating PATH: {0}' -f $newPath); \
 	[Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine)
 # doing this first to share cache across versions more aggressively
 
 ENV NODE_VERSION 22.7.0
 ENV NODE_CHECKSUM 3fc638727974262b4f65a6b1b43c22fb2d80671cdcb50e1237e0b05d1330aaf7
 
-RUN $url = ('https://nodejs.org/dist/v{0}/node-v{0}-win-x64.zip' -f $env:NODE_VERSION); \
-	Write-Host ('Downloading {0} ...' -f $url); \
-	Invoke-WebRequest -Uri $url -OutFile 'node.zip'; \
-	\
-	Write-Host ('Verifying sha256 ({0}) ...' -f $env:NODE_CHECKSUM); \
-	if ((Get-FileHash node.zip -Algorithm sha256).Hash -ne $env:NODE_CHECKSUM) { throw 'SHA256 mismatch' }; \
-	\
-	Write-Host 'Expanding ...'; \
-	Expand-Archive node.zip -DestinationPath C:\; \
-	\
-	Write-Host 'Renaming ...'; \
-	Rename-Item -Path ('C:\node-v{0}-win-x64' -f $env:NODE_VERSION) -NewName 'C:\nodejs'; \
-	\
-	Write-Host 'Removing ...'; \
-	Remove-Item node.zip -Force; \
-	\
-	Write-Host 'Verifying ("node --version") ...'; \
-	node --version; \
-	Write-Host 'Verifying ("npm --version") ...'; \
-	npm --version; \
-	\
-	Write-Host 'Complete.'
+ENV GPG_VERSION 2.4.5_20240307
 
-ENV YARN_VERSION 1.22.22
+RUN Invoke-WebRequest $('https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-{0}.exe' -f $env:GPG_VERSION) -OutFile 'gpg-installer.exe'; \
+	Start-Process -FilePath 'gpg-installer.exe' -ArgumentList '/S' -Wait; \
+	Remove-Item gpg-installer.exe -Force; \
+	gpg --version;
 
-# "It is recommended to install Yarn through the npm package manager" (https://classic.yarnpkg.com/en/docs/install)
-RUN Write-Host 'Installing "yarn" ...'; \
-	npm install --global ('yarn@{0}' -f $env:YARN_VERSION); \
-	\
-	Write-Host 'Verifying ("yarn --version") ...'; \
-	yarn --version; \
-	\
-	Write-Host 'Complete.'
+RUN @( \
+      '4ED778F539E3634C779C87C6D7062848A1AB005C', \
+      '141F07595B7B3FFE74309A937405533BE57C7D57', \
+      '74F12602B6F1C4E913FAA37AD3A89613643B6201', \
+      'DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7', \
+      '61FC681DFB92A079F1685E77973F295594EC4689', \
+      '8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600', \
+      'C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8', \
+      '890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4', \
+      'C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C', \
+      '108F52B48DB57BB0CC439B2997B01419BD92F80A', \
+      'A363A499291CBBC940DD62E41F10027AF002F8B0', \
+      'CC68F5A3106FF448322E48ED27F5E38D5B0A215F' \
+    ) | foreach { \
+      gpg --keyserver hkps://keys.openpgp.org --recv-keys $_ ; \
+    } ; \
+    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; \
+    Invoke-WebRequest $('https://nodejs.org/dist/v{0}/SHASUMS256.txt.asc' -f $env:NODE_VERSION) -OutFile 'SHASUMS256.txt.asc' -UseBasicParsing ; \
+    gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc ; \
+    Invoke-WebRequest $('https://nodejs.org/dist/v{0}/node-v{0}-win-x64.zip' -f $env:NODE_VERSION) -OutFile 'node.zip' -UseBasicParsing ; \
+    $sum = $(cat SHASUMS256.txt.asc | sls $('  node-v{0}-win-x64.zip' -f $env:NODE_VERSION)) -Split ' ' ; \
+    if ((Get-FileHash node.zip -Algorithm sha256).Hash -ne $sum[0]) { Write-Error 'SHA256 mismatch' } ; \
+    Expand-Archive node.zip -DestinationPath C:\ ; \
+    Rename-Item -Path $('C:\node-v{0}-win-x64' -f $env:NODE_VERSION) -NewName 'C:\nodejs'
 
 COPY docker-entrypoint.ps1 C:/docker-entrypoint.ps1
 ENTRYPOINT [ "powershell.exe" , "C:/docker-entrypoint.ps1" ]
diff --git a/22/windows-2022/Dockerfile b/22/windows-2022/Dockerfile
@@ -3,47 +3,45 @@ FROM mcr.microsoft.com/windows/servercore:ltsc2022
 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
 
 # PATH isn't actually set in the Docker image, so we have to set it from within the container
-RUN $newPath = ('C:\nodejs;{0}\Yarn\bin;{1}' -f $env:LOCALAPPDATA, $env:PATH); \
+RUN $newPath = ('C:\nodejs;{0}\Yarn\bin;{1};C:\Program Files (x86)\GnuPG\bin' -f $env:LOCALAPPDATA, $env:PATH); \
 	Write-Host ('Updating PATH: {0}' -f $newPath); \
 	[Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine)
 # doing this first to share cache across versions more aggressively
 
 ENV NODE_VERSION 22.7.0
 ENV NODE_CHECKSUM 3fc638727974262b4f65a6b1b43c22fb2d80671cdcb50e1237e0b05d1330aaf7
 
-RUN $url = ('https://nodejs.org/dist/v{0}/node-v{0}-win-x64.zip' -f $env:NODE_VERSION); \
-	Write-Host ('Downloading {0} ...' -f $url); \
-	Invoke-WebRequest -Uri $url -OutFile 'node.zip'; \
-	\
-	Write-Host ('Verifying sha256 ({0}) ...' -f $env:NODE_CHECKSUM); \
-	if ((Get-FileHash node.zip -Algorithm sha256).Hash -ne $env:NODE_CHECKSUM) { throw 'SHA256 mismatch' }; \
-	\
-	Write-Host 'Expanding ...'; \
-	Expand-Archive node.zip -DestinationPath C:\; \
-	\
-	Write-Host 'Renaming ...'; \
-	Rename-Item -Path ('C:\node-v{0}-win-x64' -f $env:NODE_VERSION) -NewName 'C:\nodejs'; \
-	\
-	Write-Host 'Removing ...'; \
-	Remove-Item node.zip -Force; \
-	\
-	Write-Host 'Verifying ("node --version") ...'; \
-	node --version; \
-	Write-Host 'Verifying ("npm --version") ...'; \
-	npm --version; \
-	\
-	Write-Host 'Complete.'
+ENV GPG_VERSION 2.4.5_20240307
 
-ENV YARN_VERSION 1.22.22
+RUN Invoke-WebRequest $('https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-{0}.exe' -f $env:GPG_VERSION) -OutFile 'gpg-installer.exe'; \
+	Start-Process -FilePath 'gpg-installer.exe' -ArgumentList '/S' -Wait; \
+	Remove-Item gpg-installer.exe -Force; \
+	gpg --version;
 
-# "It is recommended to install Yarn through the npm package manager" (https://classic.yarnpkg.com/en/docs/install)
-RUN Write-Host 'Installing "yarn" ...'; \
-	npm install --global ('yarn@{0}' -f $env:YARN_VERSION); \
-	\
-	Write-Host 'Verifying ("yarn --version") ...'; \
-	yarn --version; \
-	\
-	Write-Host 'Complete.'
+RUN @( \
+      '4ED778F539E3634C779C87C6D7062848A1AB005C', \
+      '141F07595B7B3FFE74309A937405533BE57C7D57', \
+      '74F12602B6F1C4E913FAA37AD3A89613643B6201', \
+      'DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7', \
+      '61FC681DFB92A079F1685E77973F295594EC4689', \
+      '8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600', \
+      'C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8', \
+      '890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4', \
+      'C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C', \
+      '108F52B48DB57BB0CC439B2997B01419BD92F80A', \
+      'A363A499291CBBC940DD62E41F10027AF002F8B0', \
+      'CC68F5A3106FF448322E48ED27F5E38D5B0A215F' \
+    ) | foreach { \
+      gpg --keyserver hkps://keys.openpgp.org --recv-keys $_ ; \
+    } ; \
+    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; \
+    Invoke-WebRequest $('https://nodejs.org/dist/v{0}/SHASUMS256.txt.asc' -f $env:NODE_VERSION) -OutFile 'SHASUMS256.txt.asc' -UseBasicParsing ; \
+    gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc ; \
+    Invoke-WebRequest $('https://nodejs.org/dist/v{0}/node-v{0}-win-x64.zip' -f $env:NODE_VERSION) -OutFile 'node.zip' -UseBasicParsing ; \
+    $sum = $(cat SHASUMS256.txt.asc | sls $('  node-v{0}-win-x64.zip' -f $env:NODE_VERSION)) -Split ' ' ; \
+    if ((Get-FileHash node.zip -Algorithm sha256).Hash -ne $sum[0]) { Write-Error 'SHA256 mismatch' } ; \
+    Expand-Archive node.zip -DestinationPath C:\ ; \
+    Rename-Item -Path $('C:\node-v{0}-win-x64' -f $env:NODE_VERSION) -NewName 'C:\nodejs'
 
 COPY docker-entrypoint.ps1 C:/docker-entrypoint.ps1
 ENTRYPOINT [ "powershell.exe" , "C:/docker-entrypoint.ps1" ]
diff --git a/Dockerfile-win.template b/Dockerfile-win.template
@@ -0,0 +1,51 @@
+FROM mcr.microsoft.com/windows/servercore:version
+
+SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
+
+# PATH isn't actually set in the Docker image, so we have to set it from within the container
+RUN $newPath = ('C:\nodejs;{0}\Yarn\bin;{1}' -f $env:LOCALAPPDATA, $env:PATH); \
+	Write-Host ('Updating PATH: {0}' -f $newPath); \
+	[Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine)
+# doing this first to share cache across versions more aggressively
+
+ENV NODE_VERSION 0.0.0
+ENV NODE_CHECKSUM CHECKSUM_x64
+
+RUN $url = ('https://nodejs.org/dist/v{0}/node-v{0}-win-x64.zip' -f $env:NODE_VERSION); \
+	Write-Host ('Downloading {0} ...' -f $url); \
+	Invoke-WebRequest -Uri $url -OutFile 'node.zip'; \
+	\
+	Write-Host ('Verifying sha256 ({0}) ...' -f $env:NODE_CHECKSUM); \
+	if ((Get-FileHash node.zip -Algorithm sha256).Hash -ne $env:NODE_CHECKSUM) { throw 'SHA256 mismatch' }; \
+	\
+	Write-Host 'Expanding ...'; \
+	Expand-Archive node.zip -DestinationPath C:\; \
+	\
+	Write-Host 'Renaming ...'; \
+	Rename-Item -Path ('C:\node-v{0}-win-x64' -f $env:NODE_VERSION) -NewName 'C:\nodejs'; \
+	\
+	Write-Host 'Removing ...'; \
+	Remove-Item node.zip -Force; \
+	\
+	Write-Host 'Verifying ("node --version") ...'; \
+	node --version; \
+	Write-Host 'Verifying ("npm --version") ...'; \
+	npm --version; \
+	\
+	Write-Host 'Complete.'
+
+ENV YARN_VERSION 0.0.0
+
+# "It is recommended to install Yarn through the npm package manager" (https://classic.yarnpkg.com/en/docs/install)
+RUN Write-Host 'Installing "yarn" ...'; \
+	npm install --global ('yarn@{0}' -f $env:YARN_VERSION); \
+	\
+	Write-Host 'Verifying ("yarn --version") ...'; \
+	yarn --version; \
+	\
+	Write-Host 'Complete.'
+
+COPY docker-entrypoint.ps1 C:/docker-entrypoint.ps1
+ENTRYPOINT [ "powershell.exe" , "C:/docker-entrypoint.ps1" ]
+	
+CMD [ "node.exe" ]
diff --git a/Dockerfile-windows.template b/Dockerfile-windows.template
@@ -3,47 +3,34 @@ FROM mcr.microsoft.com/windows/servercore:version
 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
 
 # PATH isn't actually set in the Docker image, so we have to set it from within the container
-RUN $newPath = ('C:\nodejs;{0}\Yarn\bin;{1}' -f $env:LOCALAPPDATA, $env:PATH); \
+RUN $newPath = ('C:\nodejs;{0}\Yarn\bin;{1};C:\Program Files (x86)\GnuPG\bin' -f $env:LOCALAPPDATA, $env:PATH); \
 	Write-Host ('Updating PATH: {0}' -f $newPath); \
 	[Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine)
 # doing this first to share cache across versions more aggressively
 
 ENV NODE_VERSION 0.0.0
 ENV NODE_CHECKSUM CHECKSUM_x64
 
-RUN $url = ('https://nodejs.org/dist/v{0}/node-v{0}-win-x64.zip' -f $env:NODE_VERSION); \
-	Write-Host ('Downloading {0} ...' -f $url); \
-	Invoke-WebRequest -Uri $url -OutFile 'node.zip'; \
-	\
-	Write-Host ('Verifying sha256 ({0}) ...' -f $env:NODE_CHECKSUM); \
-	if ((Get-FileHash node.zip -Algorithm sha256).Hash -ne $env:NODE_CHECKSUM) { throw 'SHA256 mismatch' }; \
-	\
-	Write-Host 'Expanding ...'; \
-	Expand-Archive node.zip -DestinationPath C:\; \
-	\
-	Write-Host 'Renaming ...'; \
-	Rename-Item -Path ('C:\node-v{0}-win-x64' -f $env:NODE_VERSION) -NewName 'C:\nodejs'; \
-	\
-	Write-Host 'Removing ...'; \
-	Remove-Item node.zip -Force; \
-	\
-	Write-Host 'Verifying ("node --version") ...'; \
-	node --version; \
-	Write-Host 'Verifying ("npm --version") ...'; \
-	npm --version; \
-	\
-	Write-Host 'Complete.'
+ENV GPG_VERSION 2.4.5_20240307
 
-ENV YARN_VERSION 0.0.0
+RUN Invoke-WebRequest $('https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-{0}.exe' -f $env:GPG_VERSION) -OutFile 'gpg-installer.exe'; \
+	Start-Process -FilePath 'gpg-installer.exe' -ArgumentList '/S' -Wait; \
+	Remove-Item gpg-installer.exe -Force; \
+	gpg --version;
 
-# "It is recommended to install Yarn through the npm package manager" (https://classic.yarnpkg.com/en/docs/install)
-RUN Write-Host 'Installing "yarn" ...'; \
-	npm install --global ('yarn@{0}' -f $env:YARN_VERSION); \
-	\
-	Write-Host 'Verifying ("yarn --version") ...'; \
-	yarn --version; \
-	\
-	Write-Host 'Complete.'
+RUN @( \
+      "${NODE_KEYS[@]}"
+    ) | foreach { \
+      gpg --keyserver hkps://keys.openpgp.org --recv-keys $_ ; \
+    } ; \
+    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; \
+    Invoke-WebRequest $('https://nodejs.org/dist/v{0}/SHASUMS256.txt.asc' -f $env:NODE_VERSION) -OutFile 'SHASUMS256.txt.asc' -UseBasicParsing ; \
+    gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc ; \
+    Invoke-WebRequest $('https://nodejs.org/dist/v{0}/node-v{0}-win-x64.zip' -f $env:NODE_VERSION) -OutFile 'node.zip' -UseBasicParsing ; \
+    $sum = $(cat SHASUMS256.txt.asc | sls $('  node-v{0}-win-x64.zip' -f $env:NODE_VERSION)) -Split ' ' ; \
+    if ((Get-FileHash node.zip -Algorithm sha256).Hash -ne $sum[0]) { Write-Error 'SHA256 mismatch' } ; \
+    Expand-Archive node.zip -DestinationPath C:\ ; \
+    Rename-Item -Path $('C:\node-v{0}-win-x64' -f $env:NODE_VERSION) -NewName 'C:\nodejs'
 
 COPY docker-entrypoint.ps1 C:/docker-entrypoint.ps1
 ENTRYPOINT [ "powershell.exe" , "C:/docker-entrypoint.ps1" ]
diff --git a/update.sh b/update.sh
@@ -151,9 +151,18 @@ function update_node_version() {
 
     # Add GPG keys
     for key_type in "node" "yarn"; do
+      last_line=$(tail -n 1 "keys/${key_type}.keys")
       while read -r line; do
         pattern='"\$\{'$(echo "${key_type}" | tr '[:lower:]' '[:upper:]')'_KEYS\[@\]\}"'
-        sed -Ei -e "s/([ \\t]*)(${pattern})/\\1${line}${new_line}\\1\\2/" "${dockerfile}-tmp"
+        if is_windows "${variant}"; then
+          if [ "$line" = "$last_line" ]; then  # Check if it's the last key
+            sed -Ei -e "s/([ \\t]*)(${pattern})/\\1'${line}'${new_line}\\1\\2/" "${dockerfile}-tmp"
+          else
+            sed -Ei -e "s/([ \\t]*)(${pattern})/\\1'${line}',${new_line}\\1\\2/" "${dockerfile}-tmp"
+          fi
+        else
+          sed -Ei -e "s/([ \\t]*)(${pattern})/\\1${line}${new_line}\\1\\2/" "${dockerfile}-tmp"
+        fi
       done < "keys/${key_type}.keys"
       sed -Ei -e "/${pattern}/d" "${dockerfile}-tmp"
     done
