.github,cmd/cigocacher: add flags --version --stats --cigocached-host

Add flags:

* --cigocached-host to support alternative host resolution in other
  environments, like the corp repo.
* --stats to reduce the amount of bash script we need.
* --version to support a caching tool/cigocacher script that will
  download from GitHub releases.

Updates tailscale/corp#10808

Change-Id: Ib2447bc5f79058669a70f2c49cef6aedd7afc049
Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>

.github/actions/go-cache/action.sh

@@ -7,6 +7,7 @@
 # Usage: ./action.sh
 # Inputs:
 #   URL: The cigocached server URL.
+#   HOST: The cigocached server host to dial.
 # Outputs:
 #   success: Whether cigocacher was set up successfully.
 
@@ -22,57 +23,17 @@ if [ -z "${URL:-}" ]; then
     exit 0
 fi
 
-curl_and_parse() {
-    local jq_filter="$1"
-    local step="$2"
-    shift 2
-    
-    local response
-    local curl_exit
-    response="$(curl -sSL "$@" 2>&1)" || curl_exit="$?"
-    if [ "${curl_exit:-0}" -ne "0" ]; then
-        echo "${step}: ${response}" >&2
-        return 1
-    fi
-    
-    local parsed
-    local jq_exit
-    parsed=$(echo "${response}" | jq -e -r "${jq_filter}" 2>&1) || jq_exit=$?
-    if [ "${jq_exit:-0}" -ne "0" ]; then
-        echo "${step}: Failed to parse JSON response:" >&2
-        echo "${response}" >&2
-        return 1
-    fi
-    
-    echo "${parsed}"
-    return 0
-}
+BIN_PATH="${RUNNER_TEMP:-/tmp}/cigocacher$(go env GOEXE)"
+go build -o "${BIN_PATH}" ./cmd/cigocacher
 
-JWT="$(curl_and_parse ".value" "Fetching GitHub identity JWT" \
-    -H "Authorization: Bearer ${ACTIONS_ID_TOKEN_REQUEST_TOKEN}" \
-    "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=gocached")" || exit 0
+CIGOCACHER_TOKEN="$("${BIN_PATH}" --auth --cigocached-url "${URL}" --cigocached-host "${HOST}" )"
+if [ -z "${CIGOCACHER_TOKEN:-}" ]; then
+    echo "Failed to fetch cigocacher token, skipping cigocacher setup"
+    exit 0
+fi
 
-# cigocached serves a TLS cert with an FQDN, but DNS is based on VM name.
-HOST_AND_PORT="${URL#http*://}"
-FIRST_LABEL="${HOST_AND_PORT/.*/}"
-# Save CONNECT_TO for later steps to use.
-echo "CONNECT_TO=${HOST_AND_PORT}:${FIRST_LABEL}:" >> "${GITHUB_ENV}"
-BODY="$(jq -n --arg jwt "$JWT" '{"jwt": $jwt}')"
-CIGOCACHER_TOKEN="$(curl_and_parse ".access_token" "Exchanging token with cigocached" \
-    --connect-to "${HOST_AND_PORT}:${FIRST_LABEL}:" \
-    -H "Content-Type: application/json" \
-    "$URL/auth/exchange-token" \
-    -d "$BODY")" || exit 0
-
-# Wait until we successfully auth before building cigocacher to ensure we know
-# it's worth building.
-# TODO(tomhjp): bake cigocacher into runner image and use it for auth.
 echo "Fetched cigocacher token successfully"
 echo "::add-mask::${CIGOCACHER_TOKEN}"
-echo "CIGOCACHER_TOKEN=${CIGOCACHER_TOKEN}" >> "${GITHUB_ENV}"
 
-BIN_PATH="${RUNNER_TEMP:-/tmp}/cigocacher$(go env GOEXE)"
-
-go build -o "${BIN_PATH}" ./cmd/cigocacher
-echo "GOCACHEPROG=${BIN_PATH} --cache-dir ${CACHE_DIR} --cigocached-url ${URL} --token ${CIGOCACHER_TOKEN}" >> "${GITHUB_ENV}"
+echo "GOCACHEPROG=${BIN_PATH} --cache-dir ${CACHE_DIR} --cigocached-url ${URL} --cigocached-host ${HOST} --token ${CIGOCACHER_TOKEN}" >> "${GITHUB_ENV}"
 echo "success=true" >> "${GITHUB_OUTPUT}"

.github/actions/go-cache/action.yml

@@ -5,6 +5,9 @@ inputs:
   cigocached-url:
     description: URL of the cigocached server
     required: true
+  cigocached-host:
+    description: Host to dial for the cigocached server
+    required: true
   checkout-path:
     description: Path to cloned repository
     required: true
@@ -25,6 +28,7 @@ runs:
       shell: bash
       env:
         URL: ${{ inputs.cigocached-url }}
+        HOST: ${{ inputs.cigocached-host }}
         CACHE_DIR: ${{ inputs.cache-dir }}
       working-directory: ${{ inputs.checkout-path }}
       run: .github/actions/go-cache/action.sh