feat: support unpacking binary from zip file

louib · louib · commit 2bf8c658967f · 2026-01-20T15:34:59.000-05:00
TICKET: VL-4163
diff --git a/README.md b/README.md
@@ -17,7 +17,7 @@ The primary goals are, in order of priority:
 This action only supports installing from releases where the release:
 
 - is tagged with the full `{major}.{minor}.{patch}` semantic version
-- contains raw binary assets (archives not supported)
+- contains raw binary assets or zip archives (zip archives must contain exactly one binary file)
 - assets are labeled with the binary name and [target triple] in the format `<binary name>-<target triple>`
 
 You can create compatible releases with [semantic-release], using a workflow like [semantic-release-action/rust].
@@ -63,6 +63,16 @@ Install a binary from a release with multiple binaries available:
       EricCrosson/future-tools/flux-capacitor@v1
 ```
 
+Install a binary from a zip archive (the zip must contain exactly one binary file):
+
+```yaml
+- name: Install FOSSA CLI
+  uses: EricCrosson/install-github-release-binary@v2
+  with:
+    targets: |
+      fossas/fossa-cli@v3.11.7:sha256-d6f73d3da1cc7727610dd3f2c1a6021aeb23516f74b6f031e91deb31eba34f2b
+```
+
 ## Inputs
 
 | Input Parameter | Required | Description                                                                                                         |
diff --git a/action.yml b/action.yml
@@ -1,6 +1,6 @@
 ---
 name: Install GitHub Release binary
-description: Install a binary from a GitHub Release
+description: Install a binary from a GitHub Release (supports both direct binaries and zip archives)
 author: Eric Crosson
 branding:
   icon: arrow-down
diff --git a/dist/index.js b/dist/index.js
diff --git a/src/fetch.ts b/src/fetch.ts
@@ -126,6 +126,7 @@ export async function findExactSemanticVersionTag(
 type ReleaseAssetMetadata = {
   binaryName: Option<string>;
   url: string;
+  name?: string;
 };
 
 /**
@@ -185,6 +186,7 @@ export function findMatchingReleaseAssetMetadata(
     return {
       binaryName: binaryName,
       url: asset.url,
+      name: asset.name || '',
     };
   }
 
@@ -237,6 +239,7 @@ To resolve, specify the desired binary with the target format ${slug.owner}/${sl
   return {
     binaryName: targetName,
     url: asset.url,
+    name: asset.name || '',
   };
 }
 
diff --git a/src/index.ts b/src/index.ts
@@ -25,6 +25,13 @@ import type {
 } from "./types";
 import { isSome, unwrapOrDefault } from "./option";
 
+/**
+ * Check if a file is a zip archive based on its extension
+ */
+function isZipFile(filename: string): boolean {
+  return filename.toLowerCase().endsWith('.zip');
+}
+
 function getDestinationDirectory(
   storageDirectory: string,
   slug: RepositorySlug,
@@ -80,33 +87,45 @@ async function installGitHubReleaseBinary(
     releaseAsset.binaryName,
     targetRelease.slug.repository,
   );
-  const destinationFilename = path.join(
-    destinationDirectory,
-    destinationBasename,
-  );
 
+  // Create the destination directory
   fs.mkdirSync(destinationDirectory, { recursive: true });
 
+  // Determine if we're dealing with a zip file based on the asset name
+  const assetName = releaseAsset.name || '';
+  core.debug(`Asset name: ${assetName}`);
+  const isZip = isZipFile(assetName);
+
+  // If it's a standard binary, use the existing destination path
+  // If it's a zip, we'll create a temporary file path for the download
+  const destinationFilename = isZip
+    ? path.join(destinationDirectory, `${destinationBasename}.zip`)
+    : path.join(destinationDirectory, destinationBasename);
+
+  // Final binary path to check/add to PATH (same for non-zip, different for zip)
+  const finalBinaryPath = path.join(destinationDirectory, destinationBasename);
+
   // Check if file already exists and skip if ignoreExisting is true
-  if (fs.existsSync(destinationFilename)) {
+  if (fs.existsSync(finalBinaryPath)) {
     if (ignoreExisting) {
-      core.info(`Binary already exists at ${destinationFilename}, ignoring and leaving system as-is`);
+      core.info(`Binary already exists at ${finalBinaryPath}, ignoring and leaving system as-is`);
       // Still add the directory to PATH so the binary can be found
       core.addPath(destinationDirectory);
       return;
     }
   }
 
-  await tc.downloadTool(
+  // Download the file
+  const downloadedFilePath = await tc.downloadTool(
     releaseAsset.url,
     destinationFilename,
     `token ${token}`,
     { accept: "application/octet-stream" },
   );
 
-  // Ensure the binary matches the expected checksum
+  // Ensure the downloaded file matches the expected checksum
   if (isSome(targetRelease.checksum)) {
-    const fileBuffer = fs.readFileSync(destinationFilename);
+    const fileBuffer = fs.readFileSync(downloadedFilePath);
     const hash = createHash("sha256");
     hash.update(fileBuffer);
     const calculatedChecksum = hash.digest("hex");
@@ -124,9 +143,56 @@ async function installGitHubReleaseBinary(
     }
   }
 
+  // Process the file based on type
+  if (isZip) {
+    core.info(`Detected zip archive based on filename: ${assetName}`);
+    core.info(`Extracting zip file: ${downloadedFilePath}`);
+
+    // Extract the zip file
+    const extractedDirectory = await tc.extractZip(downloadedFilePath, destinationDirectory);
+    core.debug(`Files extracted to ${extractedDirectory}`);
+
+    // We assume there's exactly one binary file in the archive
+    // If there's more than one file or if it's a directory, throw an error
+    const extractedFiles = fs.readdirSync(extractedDirectory);
+
+    // Filter out hidden files and directories
+    const visibleFiles = extractedFiles.filter(file =>
+      !file.startsWith('.') && !fs.statSync(path.join(extractedDirectory, file)).isDirectory()
+    );
+
+    if (visibleFiles.length !== 1) {
+      throw new Error(`Expected exactly one binary in the zip archive, but found ${visibleFiles.length} files: ${visibleFiles.join(', ')}`);
+    }
+
+    // Use the single binary file - we've already checked that there's exactly one file
+    // TypeScript needs a non-null assertion here to know it's safe
+    const binaryName: string = visibleFiles[0]!;
+    core.debug(`Found single binary in zip: ${binaryName}`);
+
+    // Move the binary to the destination
+    fs.renameSync(
+      path.join(extractedDirectory, binaryName),
+      finalBinaryPath
+    );
+
+    // Clean up the extracted directory
+    if (extractedDirectory !== destinationDirectory) {
+      core.debug(`Removing temporary extraction directory: ${extractedDirectory}`);
+      fs.rmSync(extractedDirectory, { recursive: true, force: true });
+    }
+
+    // Clean up the zip file
+    core.debug(`Removing zip file: ${downloadedFilePath}`);
+    fs.unlinkSync(downloadedFilePath);
+  } else {
+    // For regular binaries, the downloaded file is already at the right location
+    core.debug(`Downloaded binary file: ${downloadedFilePath}`);
+  }
+
   // Permissions are an attribute of the filesystem, not the file.
   // Set the executable permission on the binary no matter where it came from.
-  fs.chmodSync(destinationFilename, "755");
+  fs.chmodSync(finalBinaryPath, "755");
   core.addPath(destinationDirectory);
 }
 
