Files
wehub-resource-sync 1b8708893a
Security Scan / tests (push) Waiting to run
chore: import upstream snapshot with attribution
2026-07-13 13:12:26 +08:00

97 lines
3.5 KiB
Bash
Executable File

#!/bin/sh
# install-fizzbee: download the pinned FizzBee release and verify its checksum.
# FizzBee is pre-1.0 and single-maintainer, so we PIN a version + sha256 rather
# than tracking latest or building from source (its primary build is Bazel).
# See formal-verification/README.md.
#
# Usage:
# scripts/install-fizzbee.sh [dest_dir] (default dest: ./.tools/fizzbee)
#
# First-time pinning: run once with no recorded checksum; the script prints the
# computed sha256. Record it in formal-verification/fizzbee.sha256 as
# "<sha256> <asset>" and commit, then CI verifies it on every run.
set -eu
VERSION=${FIZZBEE_VERSION:-v0.5.2}
DEST=${1:-".tools/fizzbee"}
ROOT=$(CDPATH= cd "$(dirname "$0")/.." && pwd)
SHA_FILE="$ROOT/formal-verification/fizzbee.sha256"
# Detect platform -> release asset name.
os=$(uname -s)
arch=$(uname -m)
case "$os" in
Linux) plat="linux" ;;
Darwin) plat="macos" ;;
*) echo "unsupported OS: $os" >&2; exit 1 ;;
esac
case "$arch" in
x86_64|amd64) cpu="x86" ;;
arm64|aarch64) cpu="arm" ;;
*) echo "unsupported arch: $arch" >&2; exit 1 ;;
esac
asset="fizzbee-${VERSION}-${plat}_${cpu}.tar.gz"
url="https://github.com/fizzbee-io/fizzbee/releases/download/${VERSION}/${asset}"
inner="fizzbee-${VERSION}-${plat}_${cpu}"
# Idempotent: if the pinned version is already extracted (e.g. restored from a
# CI cache), do nothing. This keeps the install step a no-op on cache hits and
# avoids re-downloading the (large) bundle.
if [ -x "$DEST/$inner/fizz" ] && [ -L "$DEST/fizz" ]; then
echo "==> FizzBee $VERSION already installed at $DEST/$inner"
exit 0
fi
tmp=$(mktemp -d)
trap 'rm -rf "$tmp"' EXIT
echo "==> downloading $url"
curl -fL -o "$tmp/$asset" "$url"
got=$(sha256sum "$tmp/$asset" | awk '{print $1}')
if [ -f "$SHA_FILE" ]; then
want=$(awk -v a="$asset" '$2==a {print $1}' "$SHA_FILE")
if [ -z "$want" ]; then
echo "ERROR: no recorded sha256 for $asset in $SHA_FILE" >&2
echo " computed: $got $asset" >&2
exit 1
fi
if [ "$got" != "$want" ]; then
echo "ERROR: sha256 mismatch for $asset" >&2
echo " want: $want" >&2
echo " got: $got" >&2
exit 1
fi
echo "==> checksum verified"
else
echo "WARNING: $SHA_FILE not found -- record this line and commit it:" >&2
echo "$got $asset"
fi
# The tarball unpacks to a self-contained, version+platform-named directory:
# fizzbee-<version>-<plat>_<cpu>/
# fizz <- the CLI wrapper (entrypoint; invoke THIS)
# parser/parser_bin <- the .fizz frontend (bundled; no system Python needed)
# fizzbee <- the Go model-checker binary
# fizz.env <- resolves the above RELATIVE to the dir holding `fizz`
# mbt_gen.zip <- MBT generator (only this needs system python)
# The whole directory must stay intact (fizz.env is path-relative), so we keep
# it and publish a STABLE symlink `$DEST/fizz` -> the versioned wrapper. The
# wrapper does readlink -f on itself, so the symlink still resolves fizz.env.
mkdir -p "$DEST"
rm -rf "$DEST/$inner"
tar -xzf "$tmp/$asset" -C "$DEST"
if [ ! -x "$DEST/$inner/fizz" ]; then
echo "ERROR: expected $DEST/$inner/fizz after extraction; tarball layout changed" >&2
exit 1
fi
ln -sfn "$inner/fizz" "$DEST/fizz"
echo "==> installed FizzBee $VERSION to $DEST/$inner"
echo " frontend: $DEST/$inner/parser/parser_bin"
echo " entrypoint: $DEST/fizz (stable symlink -> $inner/fizz)"
echo
echo "The realtime-conformance gate auto-detects \$DEST/fizz; nothing else needed."
echo "To use it directly, run: $DEST/fizz <spec.fizz>"