From 7752b9a3e9e4b814216d7c079d6db4fd82b951b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Batuhan=20Apayd=C4=B1n?= <batuhan.apaydin@trendyol.com>
Date: Mon, 3 Jan 2022 05:31:44 -0800
Subject: [PATCH] chore(ci): support go install from main
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>
Co-authored-by: Necatican Yıldırım <necaticanyildirim@gmail.com>
---
 .github/workflows/test-action.yml | 26 ++++++++++++++++++++++++++
 README.md                         | 26 ++++++++++++++++++++++++++
 action.yml                        | 12 +++++++++++-
 3 files changed, 63 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/test-action.yml b/.github/workflows/test-action.yml
index b4b93f0..7bbdcd6 100644
--- a/.github/workflows/test-action.yml
+++ b/.github/workflows/test-action.yml
@@ -245,3 +245,29 @@ jobs:
             exit 0
           fi
         shell: bash
+
+  test_cosign_with_go_install:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: none
+      checks: none
+      contents: none
+      deployments: none
+      issues: none
+      packages: none
+      pull-requests: none
+      repository-projects: none
+      security-events: none
+      statuses: none
+    name: Try to install cosign with go
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions/setup-go@v2
+      with:
+        go-version: '1.17.x'
+    - name: Install Cosign
+      uses: ./
+      with:
+        cosign-release: 'main'
+    - name: Check install!
+      run: cosign version
diff --git a/README.md b/README.md
index b67f0cb..39bb6f7 100644
--- a/README.md
+++ b/README.md
@@ -56,6 +56,32 @@ jobs:
         run: cosign version
 ```
 
+If you want to install cosign from its main version by using 'go install' under the hood, you can set 'cosign-release' as 'main'. Once you did that, cosign will be installed via 'go install' which means that please ensure that go is installed.
+
+Example of installing cosign via go install:
+
+```yaml
+jobs:
+  test_cosign_action:
+    runs-on: ubuntu-latest
+
+    permissions:
+      actions: none
+
+    name: Install Cosign via go install
+    steps:
+      - name: Install go
+        uses: actions/setup-go@v2
+        with:
+          go-version: '1.17.x'
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@main
+        with:
+          cosign-release: main
+      - name: Check install!
+        run: cosign version
+```
+
 This action does not need any GitHub permission to run, however, if your workflow needs to update, create or perform any
 action against your repository, then you should change the scope of the permission appropriately.
 
diff --git a/action.yml b/action.yml
index 45e9a40..1c6e389 100644
--- a/action.yml
+++ b/action.yml
@@ -32,6 +32,17 @@ runs:
           alias log_error="echo \"ERROR:\""
         fi
         set -e
+        
+        mkdir -p ${{ inputs.install-dir }}
+
+        if [[ ${{ inputs.cosign-release }} == "main" ]]; then
+          log_info "installing cosign via 'go install' from its main version"
+          GOBIN=$(go env GOPATH)/bin
+          go install github.com/sigstore/cosign/cmd/cosign@main
+          ln -s $GOBIN/cosign ${{ inputs.install-dir}}/cosign
+          echo "${{ inputs.install-dir }}" >> $GITHUB_PATH
+          exit 0
+        fi
 
         shaprog() {
           case ${{ runner.os }} in
@@ -61,7 +72,6 @@ runs:
 
         trap "popd >/dev/null" EXIT
 
-        mkdir -p ${{ inputs.install-dir }}
         pushd ${{ inputs.install-dir }} > /dev/null
 
         case ${{ runner.os }} in