Skip to content

feat: install cli using bash script instead of deb package #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
alexandrefvb merged 1 commit into from
Jun 20, 2025
Merged

feat: install cli using bash script instead of deb package #5

alexandrefvb merged 1 commit into from
Jun 20, 2025

Conversation

@alexandrefvb
Copy link
Contributor

@alexandrefvb alexandrefvb commented Jun 20, 2025

No description provided.

@alexandrefvb alexandrefvb merged commit f27f320 into main Jun 20, 2025
1 check passed
@alexandrefvb alexandrefvb deleted the feat/remove-sudo-from-cli-install branch June 20, 2025 19:11
@gitbotzup
Copy link

gitbotzup commented Jun 20, 2025

PR Summary

This pull request streamlines the installation process for the StackSpot (STK) CLI in the workflow. The previous multi-step installation using a downloaded .deb package has been replaced with a single-step installation that pipes the official install.sh script directly into bash. This reduces complexity and the number of steps required for installation.

Changed Files and Their Updates

  • action.yml
    • Simplified the STK CLI installation process:
      • Removed steps that downloaded and installed a .deb package using curl and dpkg.
      • Replaced with a single command that pipes the official install.sh script from StackSpot directly into bash.
      • The PATH update remains as before.
      • The verification step using dpkg was removed, but the step to display the STK CLI version is still present.
    • Overall, this change makes the installation process more straightforward and reduces the number of commands executed.

Security Advice

  • Important Point of Attention:
    The new installation method uses curl | bash to execute a remote script directly. While this is a common pattern, it can be risky if the remote source is ever compromised, as it allows execution of uninspected code.
    Recommendations:
    • Ensure the install.sh script is always fetched from a trusted and secure (HTTPS) source.
    • Consider periodically reviewing the contents of the install.sh script or pinning to a specific version if possible.
    • If your environment has strict security requirements, you may want to download and inspect the script before execution rather than piping it directly into bash.

Please review the changes with these points in mind, especially the security implications of the new installation approach.
This is an AI-generated summary, which may be innacurate.
This aims only to assist human reviewers, and does not replace code reviews in any way.
Use responsibly and please submit any feedback to this form.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@fabianofernandeszup fabianofernandeszup fabianofernandeszup approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@alexandrefvb @gitbotzup @fabianofernandeszup @alexandrefvbzup