From 2c2159e5126c2b2499fa5790cdc5a3764376fd9e Mon Sep 17 00:00:00 2001 From: Sander Declerck Date: Tue, 16 Dec 2025 14:34:24 +0100 Subject: [PATCH 1/9] Add install script with hard-coded version to build output --- .github/workflows/build-and-release.yml | 36 ++++++++++++++++--------- 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml index f9ca4da..a096878 100644 --- a/.github/workflows/build-and-release.yml +++ b/.github/workflows/build-and-release.yml @@ -77,21 +77,33 @@ jobs: - name: Rename binaries to include platform and architecture run: | - mv binaries/safe-chain-macos-x64/safe-chain binaries/safe-chain-macos-x64/safe-chain-macos-x64 - mv binaries/safe-chain-macos-arm64/safe-chain binaries/safe-chain-macos-arm64/safe-chain-macos-arm64 - mv binaries/safe-chain-linux-x64/safe-chain binaries/safe-chain-linux-x64/safe-chain-linux-x64 - mv binaries/safe-chain-linux-arm64/safe-chain binaries/safe-chain-linux-arm64/safe-chain-linux-arm64 - mv binaries/safe-chain-win-x64/safe-chain.exe binaries/safe-chain-win-x64/safe-chain-win-x64.exe - mv binaries/safe-chain-win-arm64/safe-chain.exe binaries/safe-chain-win-arm64/safe-chain-win-arm64.exe + mkdir release-artifacts + mv binaries/safe-chain-macos-x64/safe-chain release-artifacts/safe-chain-macos-x64/safe-chain-macos-x64 + mv binaries/safe-chain-macos-arm64/safe-chain release-artifacts/safe-chain-macos-arm64/safe-chain-macos-arm64 + mv binaries/safe-chain-linux-x64/safe-chain release-artifacts/safe-chain-linux-x64/safe-chain-linux-x64 + mv binaries/safe-chain-linux-arm64/safe-chain release-artifacts/safe-chain-linux-arm64/safe-chain-linux-arm64 + mv binaries/safe-chain-win-x64/safe-chain.exe release-artifacts/safe-chain-win-x64/safe-chain-win-x64.exe + mv binaries/safe-chain-win-arm64/safe-chain.exe release-artifacts/safe-chain-win-arm64/safe-chain-win-arm64.exe + + - name: Move install scripts and hard-code version + run: | + sed 's/$(fetch_latest_version)/${VERSION}/' install-scripts/install-safe-chain.sh > release-artifacts/install-safe-chain.sh + sed "s/Get-LatestVersion/\"${VERSION}\"/" install-scripts/install-safe-chain.ps1 > release-artifacts/install-safe-chain.ps1 + cp install-scripts/uninstall-safe-chain.sh + cp install-scripts/uninstall-safe-chain.ps1 - name: Upload binaries to existing GitHub Release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | gh release upload ${{ needs.set-version.outputs.version }} \ - binaries/safe-chain-macos-x64/* \ - binaries/safe-chain-macos-arm64/* \ - binaries/safe-chain-linux-x64/* \ - binaries/safe-chain-linux-arm64/* \ - binaries/safe-chain-win-x64/* \ - binaries/safe-chain-win-arm64/* + release-artifacts/safe-chain-macos-x64/* \ + release-artifacts/safe-chain-macos-arm64/* \ + release-artifacts/safe-chain-linux-x64/* \ + release-artifacts/safe-chain-linux-arm64/* \ + release-artifacts/safe-chain-win-x64/* \ + release-artifacts/safe-chain-win-arm64/* \ + release-artifacts/install-safe-chain.sh \ + release-artifacts/install-safe-chain.ps1 \ + release-artifacts/safe-chain-win-arm64/* \ + release-artifacts/safe-chain-win-arm64/* From dddd41e891fa5455133dbcf766fe7b55017341b6 Mon Sep 17 00:00:00 2001 From: Sander Declerck Date: Tue, 16 Dec 2025 14:35:16 +0100 Subject: [PATCH 2/9] Add correct scripts to the release --- .github/workflows/build-and-release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml index a096878..3e8ba67 100644 --- a/.github/workflows/build-and-release.yml +++ b/.github/workflows/build-and-release.yml @@ -105,5 +105,5 @@ jobs: release-artifacts/safe-chain-win-arm64/* \ release-artifacts/install-safe-chain.sh \ release-artifacts/install-safe-chain.ps1 \ - release-artifacts/safe-chain-win-arm64/* \ - release-artifacts/safe-chain-win-arm64/* + release-artifacts/uninstall-safe-chain.sh \ + release-artifacts/uninstall-safe-chain.ps1 From 2068ede045484769a6b381bbeaa1fb9ba0f00226 Mon Sep 17 00:00:00 2001 From: Sander Declerck Date: Tue, 16 Dec 2025 14:47:53 +0100 Subject: [PATCH 3/9] Disable push to npm --- .github/workflows/build-and-release.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml index 3e8ba67..857ec3b 100644 --- a/.github/workflows/build-and-release.yml +++ b/.github/workflows/build-and-release.yml @@ -63,10 +63,10 @@ jobs: cp LICENSE packages/safe-chain/ cp -r docs packages/safe-chain/ - - name: Publish to npm - run: | - echo "Publishing version ${{ needs.set-version.outputs.version }} to NPM" - npm publish --workspace=packages/safe-chain --access public --provenance + # - name: Publish to npm + # run: | + # echo "Publishing version ${{ needs.set-version.outputs.version }} to NPM" + # npm publish --workspace=packages/safe-chain --access public --provenance - name: Download all binary artifacts uses: actions/download-artifact@v4 From dc14d5023f7b562b3af2e34f7b9e8e2dd9ecba2b Mon Sep 17 00:00:00 2001 From: Sander Declerck Date: Tue, 16 Dec 2025 14:53:35 +0100 Subject: [PATCH 4/9] Move files to release-artifacts dir --- .github/workflows/build-and-release.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml index 857ec3b..06e0a2c 100644 --- a/.github/workflows/build-and-release.yml +++ b/.github/workflows/build-and-release.yml @@ -78,12 +78,12 @@ jobs: - name: Rename binaries to include platform and architecture run: | mkdir release-artifacts - mv binaries/safe-chain-macos-x64/safe-chain release-artifacts/safe-chain-macos-x64/safe-chain-macos-x64 - mv binaries/safe-chain-macos-arm64/safe-chain release-artifacts/safe-chain-macos-arm64/safe-chain-macos-arm64 - mv binaries/safe-chain-linux-x64/safe-chain release-artifacts/safe-chain-linux-x64/safe-chain-linux-x64 - mv binaries/safe-chain-linux-arm64/safe-chain release-artifacts/safe-chain-linux-arm64/safe-chain-linux-arm64 - mv binaries/safe-chain-win-x64/safe-chain.exe release-artifacts/safe-chain-win-x64/safe-chain-win-x64.exe - mv binaries/safe-chain-win-arm64/safe-chain.exe release-artifacts/safe-chain-win-arm64/safe-chain-win-arm64.exe + mv binaries/safe-chain-macos-x64/safe-chain release-artifacts/safe-chain-macos-x64 + mv binaries/safe-chain-macos-arm64/safe-chain release-artifacts/safe-chain-macos-arm64 + mv binaries/safe-chain-linux-x64/safe-chain release-artifacts/safe-chain-linux-x64 + mv binaries/safe-chain-linux-arm64/safe-chain release-artifacts/safe-chain-linux-arm64 + mv binaries/safe-chain-win-x64/safe-chain.exe release-artifacts/safe-chain-win-x64.exe + mv binaries/safe-chain-win-arm64/safe-chain.exe release-artifacts/safe-chain-win-arm64.exe - name: Move install scripts and hard-code version run: | @@ -97,12 +97,12 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | gh release upload ${{ needs.set-version.outputs.version }} \ - release-artifacts/safe-chain-macos-x64/* \ - release-artifacts/safe-chain-macos-arm64/* \ - release-artifacts/safe-chain-linux-x64/* \ - release-artifacts/safe-chain-linux-arm64/* \ - release-artifacts/safe-chain-win-x64/* \ - release-artifacts/safe-chain-win-arm64/* \ + release-artifacts/safe-chain-macos-x64 \ + release-artifacts/safe-chain-macos-arm64 \ + release-artifacts/safe-chain-linux-x64 \ + release-artifacts/safe-chain-linux-arm64 \ + release-artifacts/safe-chain-win-x64.exe \ + release-artifacts/safe-chain-win-arm64.exe \ release-artifacts/install-safe-chain.sh \ release-artifacts/install-safe-chain.ps1 \ release-artifacts/uninstall-safe-chain.sh \ From 8b2ebdf49c491a65bfe46e28d586aa4c4473bd45 Mon Sep 17 00:00:00 2001 From: Sander Declerck Date: Tue, 16 Dec 2025 14:57:53 +0100 Subject: [PATCH 5/9] Add correct destination operand for cp uninstall scripts --- .github/workflows/build-and-release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml index 06e0a2c..3792ade 100644 --- a/.github/workflows/build-and-release.yml +++ b/.github/workflows/build-and-release.yml @@ -89,8 +89,8 @@ jobs: run: | sed 's/$(fetch_latest_version)/${VERSION}/' install-scripts/install-safe-chain.sh > release-artifacts/install-safe-chain.sh sed "s/Get-LatestVersion/\"${VERSION}\"/" install-scripts/install-safe-chain.ps1 > release-artifacts/install-safe-chain.ps1 - cp install-scripts/uninstall-safe-chain.sh - cp install-scripts/uninstall-safe-chain.ps1 + cp install-scripts/uninstall-safe-chain.sh release-artifacts/uninstall-safe-chain.sh + cp install-scripts/uninstall-safe-chain.ps1 release-artifacts/uninstall-safe-chain.ps1 - name: Upload binaries to existing GitHub Release env: From aaa5a41af6c18397ca845210c69993d8a22050ee Mon Sep 17 00:00:00 2001 From: Sander Declerck Date: Tue, 16 Dec 2025 15:19:50 +0100 Subject: [PATCH 6/9] Replace version correctly --- .github/workflows/build-and-release.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml index 3792ade..ffe3a7c 100644 --- a/.github/workflows/build-and-release.yml +++ b/.github/workflows/build-and-release.yml @@ -86,9 +86,11 @@ jobs: mv binaries/safe-chain-win-arm64/safe-chain.exe release-artifacts/safe-chain-win-arm64.exe - name: Move install scripts and hard-code version + env: + VERSION: ${{ needs.set-version.outputs.version }} run: | - sed 's/$(fetch_latest_version)/${VERSION}/' install-scripts/install-safe-chain.sh > release-artifacts/install-safe-chain.sh - sed "s/Get-LatestVersion/\"${VERSION}\"/" install-scripts/install-safe-chain.ps1 > release-artifacts/install-safe-chain.ps1 + sed "s/\$(fetch_latest_version)/${VERSION}/" install-scripts/install-safe-chain.sh > release-artifacts/install-safe-chain.sh + sed "s/\$Version = Get-LatestVersion/\$Version = \"${VERSION}\"/" install-scripts/install-safe-chain.ps1 > release-artifacts/install-safe-chain.ps1 cp install-scripts/uninstall-safe-chain.sh release-artifacts/uninstall-safe-chain.sh cp install-scripts/uninstall-safe-chain.ps1 release-artifacts/uninstall-safe-chain.ps1 From e6cfa65ee249f9e867b0e895dee80ed9907d4725 Mon Sep 17 00:00:00 2001 From: Sander Declerck Date: Tue, 16 Dec 2025 16:09:57 +0100 Subject: [PATCH 7/9] Document release scripts --- .github/workflows/build-and-release.yml | 8 +++---- README.md | 32 ++++++++++++++++++------- 2 files changed, 28 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml index ffe3a7c..425dc6f 100644 --- a/.github/workflows/build-and-release.yml +++ b/.github/workflows/build-and-release.yml @@ -63,10 +63,10 @@ jobs: cp LICENSE packages/safe-chain/ cp -r docs packages/safe-chain/ - # - name: Publish to npm - # run: | - # echo "Publishing version ${{ needs.set-version.outputs.version }} to NPM" - # npm publish --workspace=packages/safe-chain --access public --provenance + - name: Publish to npm + run: | + echo "Publishing version ${{ needs.set-version.outputs.version }} to NPM" + npm publish --workspace=packages/safe-chain --access public --provenance - name: Download all binary artifacts uses: actions/download-artifact@v4 diff --git a/README.md b/README.md index 9047def..6b424f1 100644 --- a/README.md +++ b/README.md @@ -35,15 +35,31 @@ Installing the Aikido Safe Chain is easy with our one-line installer. ### Unix/Linux/macOS ```shell -curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh +curl -fsSL https://github.com/AikidoSec/safe-chain/releases/latest/download/install-safe-chain.sh | sh ``` ### Windows (PowerShell) ```powershell -iex (iwr "https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.ps1" -UseBasicParsing) +iex (iwr "https://github.com/AikidoSec/safe-chain/releases/latest/download/install-safe-chain.ps1" -UseBasicParsing) ``` +### Pinning to a specific version + +To install a specific version instead of the latest, replace `latest` with the version number in the URL (available from version 1.3.2 onwards): + +**Unix/Linux/macOS:** +```shell +curl -fsSL https://github.com/AikidoSec/safe-chain/releases/download/x.x.x/install-safe-chain.sh | sh +``` + +**Windows (PowerShell):** +```powershell +iex (iwr "https://github.com/AikidoSec/safe-chain/releases/download/x.x.x/install-safe-chain.ps1" -UseBasicParsing) +``` + +You can find all available versions on the [releases page](https://github.com/AikidoSec/safe-chain/releases). + ### Verify the installation 1. **❗Restart your terminal** to start using the Aikido Safe Chain. @@ -105,13 +121,13 @@ To uninstall the Aikido Safe Chain, use our one-line uninstaller: ### Unix/Linux/macOS ```shell -curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/uninstall-safe-chain.sh | sh +curl -fsSL https://github.com/AikidoSec/safe-chain/releases/latest/download/uninstall-safe-chain.sh | sh ``` ### Windows (PowerShell) ```powershell -iex (iwr "https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/uninstall-safe-chain.ps1" -UseBasicParsing) +iex (iwr "https://github.com/AikidoSec/safe-chain/releases/latest/download/uninstall-safe-chain.ps1" -UseBasicParsing) ``` **❗Restart your terminal** after uninstalling to ensure all aliases are removed. @@ -178,13 +194,13 @@ Use the `--ci` flag to automatically configure Aikido Safe Chain for CI/CD envir ### Unix/Linux/macOS (GitHub Actions, Azure Pipelines, etc.) ```shell -curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci +curl -fsSL https://github.com/AikidoSec/safe-chain/releases/latest/download/install-safe-chain.sh | sh -s -- --ci ``` ### Windows (Azure Pipelines, etc.) ```powershell -iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.ps1' -UseBasicParsing) } -ci" +iex "& { $(iwr 'https://github.com/AikidoSec/safe-chain/releases/latest/download/install-safe-chain.ps1' -UseBasicParsing) } -ci" ``` ## Supported Platforms @@ -202,7 +218,7 @@ iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/inst cache: "npm" - name: Install safe-chain - run: curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci + run: curl -fsSL https://github.com/AikidoSec/safe-chain/releases/latest/download/install-safe-chain.sh | sh -s -- --ci - name: Install dependencies run: npm ci @@ -216,7 +232,7 @@ iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/inst versionSpec: "22.x" displayName: "Install Node.js" -- script: curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci +- script: curl -fsSL https://github.com/AikidoSec/safe-chain/releases/latest/download/install-safe-chain.sh | sh -s -- --ci displayName: "Install safe-chain" - script: npm ci From 2374c7619263a4c50b42d9f721667c3a0a12682d Mon Sep 17 00:00:00 2001 From: Sander Declerck Date: Wed, 17 Dec 2025 09:35:10 +0100 Subject: [PATCH 8/9] Check current safe-chain version in installation script --- install-scripts/install-safe-chain.ps1 | 46 ++++++++++++++++++++++++++ install-scripts/install-safe-chain.sh | 38 +++++++++++++++++++++ 2 files changed, 84 insertions(+) diff --git a/install-scripts/install-safe-chain.ps1 b/install-scripts/install-safe-chain.ps1 index 9c0dcf7..16d2fc0 100644 --- a/install-scripts/install-safe-chain.ps1 +++ b/install-scripts/install-safe-chain.ps1 @@ -30,6 +30,46 @@ function Write-Error-Custom { exit 1 } +# Get currently installed version of safe-chain +function Get-InstalledVersion { + # Check if safe-chain command exists + if (-not (Get-Command safe-chain -ErrorAction SilentlyContinue)) { + return $null + } + + try { + # Execute safe-chain -v and capture output + $output = & safe-chain -v 2>&1 + + # Extract version from "Current safe-chain version: X.Y.Z" output + if ($output -match "Current safe-chain version:\s*(.+)") { + return $matches[1].Trim() + } + + return $null + } + catch { + return $null + } +} + +# Check if the requested version is already installed +function Test-VersionInstalled { + param([string]$RequestedVersion) + + $installedVersion = Get-InstalledVersion + + if ([string]::IsNullOrWhiteSpace($installedVersion)) { + return $false + } + + # Strip leading 'v' from versions if present for comparison + $requestedClean = $RequestedVersion -replace '^v', '' + $installedClean = $installedVersion -replace '^v', '' + + return $requestedClean -eq $installedClean +} + # Fetch latest release version tag from GitHub function Get-LatestVersion { try { @@ -114,6 +154,12 @@ function Install-SafeChain { $Version = Get-LatestVersion } + # Check if the requested version is already installed + if (Test-VersionInstalled -RequestedVersion $Version) { + Write-Info "safe-chain $Version is already installed" + exit 0 + } + # Build installation message $installMsg = "Installing safe-chain $Version" if ($ci) { diff --git a/install-scripts/install-safe-chain.sh b/install-scripts/install-safe-chain.sh index 37d1710..54051c9 100755 --- a/install-scripts/install-safe-chain.sh +++ b/install-scripts/install-safe-chain.sh @@ -54,6 +54,38 @@ command_exists() { command -v "$1" >/dev/null 2>&1 } +# Get currently installed version of safe-chain +get_installed_version() { + if ! command_exists safe-chain; then + echo "" + return + fi + + # Extract version from "Current safe-chain version: X.Y.Z" output + installed_version=$(safe-chain -v 2>/dev/null | grep "Current safe-chain version:" | sed -E 's/.*: (.*)/\1/') + echo "$installed_version" +} + +# Check if the requested version is already installed +is_version_installed() { + requested_version="$1" + installed_version=$(get_installed_version) + + if [ -z "$installed_version" ]; then + return 1 # Not installed + fi + + # Strip leading 'v' from versions if present for comparison + requested_clean=$(echo "$requested_version" | sed 's/^v//') + installed_clean=$(echo "$installed_version" | sed 's/^v//') + + if [ "$requested_clean" = "$installed_clean" ]; then + return 0 # Same version installed + else + return 1 # Different version installed + fi +} + # Fetch latest release version tag from GitHub fetch_latest_version() { # Try using GitHub API to get the latest release tag @@ -155,6 +187,12 @@ main() { VERSION=$(fetch_latest_version) fi + # Check if the requested version is already installed + if is_version_installed "$VERSION"; then + info "safe-chain ${VERSION} is already installed" + exit 0 + fi + # Build installation message INSTALL_MSG="Installing safe-chain ${VERSION}" if [ "$USE_CI_SETUP" = "true" ]; then From 0b38fcd74e2c64e58d17fd6f6f49f98b10320d15 Mon Sep 17 00:00:00 2001 From: Sander Declerck Date: Wed, 17 Dec 2025 10:20:31 +0100 Subject: [PATCH 9/9] Use return instead of exit --- install-scripts/install-safe-chain.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-scripts/install-safe-chain.ps1 b/install-scripts/install-safe-chain.ps1 index 16d2fc0..b7f17b1 100644 --- a/install-scripts/install-safe-chain.ps1 +++ b/install-scripts/install-safe-chain.ps1 @@ -157,7 +157,7 @@ function Install-SafeChain { # Check if the requested version is already installed if (Test-VersionInstalled -RequestedVersion $Version) { Write-Info "safe-chain $Version is already installed" - exit 0 + return } # Build installation message