[ubuntu] Cleanup bash scripts (actions#9076)

* [ubuntu] Cleanup bash scripts

* Fix ms-repos lsb_release

* Fix install-bicep url

* Fix install-nvm

images/ubuntu/scripts/build/cleanup.sh

@@ -26,20 +26,19 @@ find /var/log -type f -regex ".*\.[0-9]$" -delete
 # wipe log files
 find /var/log/ -type f -exec cp /dev/null {} \;
 
-# after cleanup
-after=$(df / -Pm | awk 'NR==2{print $4}')
-
-# display size
- echo "Before: $before MB"
- echo "After : $after MB"
- echo "Delta : $(($after-$before)) MB"
-
 # delete symlink for tests running
 rm -f /usr/local/bin/invoke_tests
 
 # remove apt mock
 prefix=/usr/local/bin
-
 for tool in apt apt-get apt-fast apt-key;do
-  sudo rm -f $prefix/$tool
+    sudo rm -f $prefix/$tool
 done
+
+# after cleanup
+after=$(df / -Pm | awk 'NR==2{print $4}')
+
+# display size
+echo "Before: $before MB"
+echo "After : $after MB"
+echo "Delta : $(($after-$before)) MB"

images/ubuntu/scripts/build/configure-apt-mock.sh

@@ -7,9 +7,9 @@
 
 prefix=/usr/local/bin
 
-for real_tool in /usr/bin/apt /usr/bin/apt-get /usr/bin/apt-fast /usr/bin/apt-key;do
-  tool=`basename $real_tool`
-  cat >$prefix/$tool <<EOT
+for real_tool in /usr/bin/apt /usr/bin/apt-get /usr/bin/apt-fast /usr/bin/apt-key; do
+    tool=$(basename $real_tool)
+    cat >$prefix/$tool <<EOT
 #!/bin/sh
 
 i=1
@@ -50,5 +50,5 @@ while [ \$i -le 30 ];do
   i=\$((i + 1))
 done
 EOT
-  chmod +x $prefix/$tool
+    chmod +x $prefix/$tool
 done

images/ubuntu/scripts/build/configure-apt-sources.sh

@@ -12,4 +12,5 @@ printf "http://security.ubuntu.com/ubuntu/\tpriority:3\n" | tee -a /etc/apt/apt-
 
 sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//mirror+file:\/etc\/apt\/apt-mirrors.txt/' /etc/apt/sources.list
 
+# Apt changes to survive Cloud Init
 cp -f /etc/apt/sources.list /etc/cloud/templates/sources.list.ubuntu.tmpl

images/ubuntu/scripts/build/configure-environment.sh

@@ -43,8 +43,8 @@ echo 'fs.inotify.max_user_instances=1280' | tee -a /etc/sysctl.conf
 
 # https://github.com/actions/runner-images/pull/7860
 netfilter_rule='/etc/udev/rules.d/50-netfilter.rules'
-rulesd="$(dirname "${netfilter_rule}")"
-mkdir -p $rulesd
+rules_directory="$(dirname "${netfilter_rule}")"
+mkdir -p $rules_directory
 touch $netfilter_rule
 echo 'ACTION=="add", SUBSYSTEM=="module", KERNEL=="nf_conntrack", RUN+="/usr/sbin/sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1"' | tee -a $netfilter_rule
 

images/ubuntu/scripts/build/configure-snap.sh

@@ -4,6 +4,7 @@
 ##  Desc:  Configure snap
 ################################################################################
 
+# Source the helpers for use with the script
 source $HELPER_SCRIPTS/etc-environment.sh
 
 # Update /etc/environment to include /snap/bin in PATH

images/ubuntu/scripts/build/configure-system.sh

@@ -24,11 +24,10 @@ add_etc_environment_variable "PATH" "${ENVPATH}"
 echo "Updated /etc/environment: $(cat /etc/environment)"
 
 # Сlean yarn and npm cache
-if yarn --version > /dev/null
-then
-  yarn cache clean
+if yarn --version > /dev/null; then
+    yarn cache clean
 fi
-if npm --version
-then
-  npm cache clean --force
+
+if npm --version; then
+    npm cache clean --force
 fi

images/ubuntu/scripts/build/install-actions-cache.sh

@@ -17,8 +17,8 @@ echo "Setting up ACTIONS_RUNNER_ACTION_ARCHIVE_CACHE variable to ${ACTION_ARCHIV
 set_etc_environment_variable "ACTIONS_RUNNER_ACTION_ARCHIVE_CACHE" "${ACTION_ARCHIVE_CACHE_DIR}"
 
 # Download latest release from github.com/actions/action-versions and untar to /opt/actionarchivecache
-downloadUrl=$(resolve_github_release_asset_url "actions/action-versions" "endswith(\"action-versions.tar.gz\")" "latest")
-archive_path=$(download_with_retry "$downloadUrl")
+download_url=$(resolve_github_release_asset_url "actions/action-versions" "endswith(\"action-versions.tar.gz\")" "latest")
+archive_path=$(download_with_retry "$download_url")
 tar -xzf "$archive_path" -C $ACTION_ARCHIVE_CACHE_DIR
 
 invoke_tests "ActionArchiveCache"

images/ubuntu/scripts/build/install-apt-common.sh

@@ -3,10 +3,13 @@
 ##  File:  install-apt-common.sh
 ##  Desc:  Install basic command line utilities and dev packages
 ################################################################################
+
+# Source the helpers for use with the script
 source $HELPER_SCRIPTS/install.sh
 
 common_packages=$(get_toolset_value .apt.common_packages[])
 cmd_packages=$(get_toolset_value .apt.cmd_packages[])
+
 for package in $common_packages $cmd_packages; do
     echo "Install $package"
     apt-get install -y --no-install-recommends $package

images/ubuntu/scripts/build/install-apt-vital.sh

@@ -3,6 +3,8 @@
 ##  File:  install-apt-vital.sh
 ##  Desc:  Install vital command line utilities
 ################################################################################
+
+# Source the helpers for use with the script
 source $HELPER_SCRIPTS/install.sh
 
 vital_packages=$(get_toolset_value .apt.vital_packages[])

images/ubuntu/scripts/build/install-azcopy.sh

@@ -4,13 +4,15 @@
 ##  Desc:  Install AzCopy
 ################################################################################
 
+# Source the helpers for use with the script
 source $HELPER_SCRIPTS/install.sh
 
 # Install AzCopy10
 # Temporary pin 10.21.2 version of AzCopy until 10.22.0 is fixed
 archive_path=$(download_with_retry "https://azcopyvnext.azureedge.net/releases/release-10.21.2-20231106/azcopy_linux_amd64_10.21.2.tar.gz")
 tar xzf "$archive_path" --strip-components=1 -C /tmp
 install /tmp/azcopy /usr/local/bin/azcopy
+
 # Create azcopy 10 alias for backward compatibility
 ln -sf /usr/local/bin/azcopy /usr/local/bin/azcopy10
 

images/ubuntu/scripts/build/install-azure-cli.sh

@@ -7,6 +7,7 @@
 # Install Azure CLI (instructions taken from https://docs.microsoft.com/en-us/cli/azure/install-azure-cli)
 curl -fsSL https://aka.ms/InstallAzureCLIDeb | sudo bash
 echo "azure-cli https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=apt" >> $HELPER_SCRIPTS/apt-sources.txt
+
 rm -f /etc/apt/sources.list.d/azure-cli.list
 rm -f /etc/apt/sources.list.d/azure-cli.list.save
 

images/ubuntu/scripts/build/install-bazel.sh

@@ -4,6 +4,7 @@
 ##  Desc:  Install Bazel and Bazelisk (A user-friendly launcher for Bazel)
 ################################################################################
 
+# Source the helpers for use with the script
 source $HELPER_SCRIPTS/install.sh
 
 # Install bazelisk

images/ubuntu/scripts/build/install-bicep.sh

@@ -4,10 +4,13 @@
 ##  Desc:  Install bicep cli
 ################################################################################
 
+# Source the helpers for use with the script
 source $HELPER_SCRIPTS/install.sh
 
 # Install Bicep CLI
-bicep_binary_path=$(download_with_retry "https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64")
+download_url=$(resolve_github_release_asset_url "Azure/bicep" "endswith(\"bicep-linux-x64\")" "latest")
+bicep_binary_path=$(download_with_retry "${download_url}")
+
 # Mark it as executable
 install "$bicep_binary_path" /usr/local/bin/bicep
 

images/ubuntu/scripts/build/install-cmake.sh

@@ -16,10 +16,12 @@ else
 	# Download script to install CMake
 	download_url=$(resolve_github_release_asset_url "Kitware/CMake" "endswith(\"inux-x86_64.sh\")" "latest")
 	curl -fsSL "${download_url}" -o cmakeinstall.sh
+
 	# Supply chain security - CMake
 	hash_url=$(resolve_github_release_asset_url "Kitware/CMake" "endswith(\"SHA-256.txt\")" "latest")
 	external_hash=$(get_checksum_from_url "$hash_url" "linux-x86_64.sh" "SHA256")
 	use_checksum_comparison "cmakeinstall.sh" "$external_hash"
+
 	# Install CMake and remove the install script
 	chmod +x cmakeinstall.sh \
 	&& ./cmakeinstall.sh --prefix=/usr/local --exclude-subdir \

images/ubuntu/scripts/build/install-codeql-bundle.sh

@@ -4,6 +4,7 @@
 ##  Desc:  Install CodeQL CLI Bundle to the toolcache.
 ################################################################################
 
+# Source the helpers for use with the script
 source $HELPER_SCRIPTS/install.sh
 
 # Retrieve the CLI version of the latest CodeQL bundle.

images/ubuntu/scripts/build/install-container-tools.sh

@@ -4,6 +4,7 @@
 ##  Desc:  Install container tools: podman, buildah and skopeo onto the image
 ################################################################################
 
+# Source the helpers for use with the script
 source $HELPER_SCRIPTS/os.sh
 
 #

images/ubuntu/scripts/build/install-docker-compose.sh

@@ -8,13 +8,14 @@
 # Source the helpers for use with the script
 source $HELPER_SCRIPTS/install.sh
 
-# Install docker-compose v1 from releases
-URL="https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64"
-curl -fsSL "${URL}" -o /tmp/docker-compose-v1
+# Download docker-compose v1 from releases
+binary_path=$(download_with_retry "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64")
 
 # Supply chain security - Docker Compose v1
 external_hash="f3f10cf3dbb8107e9ba2ea5f23c1d2159ff7321d16f0a23051d68d8e2547b323"
-use_checksum_comparison "/tmp/docker-compose-v1" "${external_hash}"
-install /tmp/docker-compose-v1 /usr/local/bin/docker-compose
+use_checksum_comparison "${binary_path}" "${external_hash}"
+
+# Install docker-compose v1
+install "${binary_path}" "/usr/local/bin/docker-compose"
 
 invoke_tests "Tools" "Docker-compose v1"

images/ubuntu/scripts/build/install-docker.sh

@@ -6,28 +6,28 @@
 ################################################################################
 
 # Source the helpers for use with the script
-source $HELPER_SCRIPTS/os.sh
 source $HELPER_SCRIPTS/install.sh
 
-repo_url="https://download.docker.com/linux/ubuntu"
-gpg_key="/usr/share/keyrings/docker.gpg"
-repo_path="/etc/apt/sources.list.d/docker.list"
+REPO_URL="https://download.docker.com/linux/ubuntu"
+GPG_KEY="/usr/share/keyrings/docker.gpg"
+REPO_PATH="/etc/apt/sources.list.d/docker.list"
 
-curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o $gpg_key
-echo "deb [arch=amd64 signed-by=$gpg_key] $repo_url $(get_os_version_label) stable" > $repo_path
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o $GPG_KEY
+echo "deb [arch=amd64 signed-by=$GPG_KEY] $REPO_URL $(lsb_release -cs) stable" > $REPO_PATH
 apt-get update
 apt-get install --no-install-recommends docker-ce docker-ce-cli containerd.io docker-buildx-plugin
 
 # Download docker compose v2 from releases
 URL=$(resolve_github_release_asset_url "docker/compose" "endswith(\"compose-linux-x86_64\")" "latest")
-curl -fsSL "${URL}" -o /tmp/docker-compose
+compose_binary_path=$(download_with_retry "${URL}" "/tmp/docker-compose-v2")
+
 # Supply chain security - Docker Compose v2
 compose_hash_url=$(resolve_github_release_asset_url "docker/compose" "endswith(\"checksums.txt\")" "latest")
 compose_external_hash=$(get_checksum_from_url "${compose_hash_url}" "compose-linux-x86_64" "SHA256")
-use_checksum_comparison "/tmp/docker-compose" "${compose_external_hash}"
-# Install docker compose v2
-install /tmp/docker-compose /usr/libexec/docker/cli-plugins/docker-compose
+use_checksum_comparison "${compose_binary_path}" "${compose_external_hash}"
 
+# Install docker compose v2
+install "${compose_binary_path}" /usr/libexec/docker/cli-plugins/docker-compose
 
 # docker from official repo introduced different GID generation: https://github.com/actions/runner-images/issues/8157
 gid=$(cut -d ":" -f 3 /etc/group | grep "^1..$" | sort -n | tail -n 1 | awk '{ print $1+1 }')
@@ -42,11 +42,11 @@ systemctl is-enabled --quiet docker.service || systemctl enable docker.service
 sleep 10
 docker info
 
-if [ "${DOCKERHUB_PULL_IMAGES:-yes}" == "yes" ]; then
+if [[ "${DOCKERHUB_PULL_IMAGES:-yes}" == "yes" ]]; then
     # If credentials are provided, attempt to log into Docker Hub
     # with a paid account to avoid Docker Hub's rate limit.
-    if [ "${DOCKERHUB_LOGIN}" ] && [ "${DOCKERHUB_PASSWORD}" ]; then
-    docker login --username "${DOCKERHUB_LOGIN}" --password "${DOCKERHUB_PASSWORD}"
+    if [[ "${DOCKERHUB_LOGIN}" ]] && [[ "${DOCKERHUB_PASSWORD}" ]]; then
+        docker login --username "${DOCKERHUB_LOGIN}" --password "${DOCKERHUB_PASSWORD}"
     fi
 
     # Pull images
@@ -65,19 +65,21 @@ fi
 
 # Download amazon-ecr-credential-helper
 aws_latest_release_url="https://api.github.com/repos/awslabs/amazon-ecr-credential-helper/releases/latest"
-aws_helper_url=$(curl "${authString[@]}" -fsSL "${aws_latest_release_url}" | jq -r '.body' | awk -F'[()]' '/linux-amd64/ {print $2}')
+aws_helper_url=$(curl -fsSL "${aws_latest_release_url}" | jq -r '.body' | awk -F'[()]' '/linux-amd64/ {print $2}')
 aws_helper_binary_path=$(download_with_retry "$aws_helper_url")
+
 # Supply chain security - amazon-ecr-credential-helper
 aws_helper_external_hash=$(get_checksum_from_url "${aws_helper_url}.sha256" "docker-credential-ecr-login" "SHA256")
 use_checksum_comparison "$aws_helper_binary_path" "$aws_helper_external_hash"
+
 # Install amazon-ecr-credential-helper
 install "$aws_helper_binary_path" "/usr/bin/docker-credential-ecr-login"
 
 # Cleanup custom repositories
-rm $gpg_key
-rm $repo_path
+rm $GPG_KEY
+rm $REPO_PATH
 
 invoke_tests "Tools" "Docker"
-if [ "${DOCKERHUB_PULL_IMAGES:-yes}" == "yes" ]; then
+if [[ "${DOCKERHUB_PULL_IMAGES:-yes}" == "yes" ]]; then
     invoke_tests "Tools" "Docker images"
 fi