feat: add step cli

[jceb]

Description

Add step cli.

FYI: step cli assets are hosted on the company's servers while source code and releases are hosted at github. I didn't see a way to make arkade handle such scenario well. If it was possible to specify the versioning strategy explicitly, instead of deriving it from the URL template, it would a bit cleaner. I opted for the most simple approach of adding an anchor to the URL that matches the github version strategy. I created #1229 to track the issue.

Motivation and Context

• I have raised an issue to propose this change, which has been given a label of design/approved by a maintainer (required)

How Has This Been Tested?

If updating or adding a new CLI to arkade get, run:

go build && ./hack/test-tool.sh step

+ file /home/jceb/.arkade/bin/step
/home/jceb/.arkade/bin/step: gzip compressed data, max compression, original size modulo 2^32 41640448
+ rm /home/jceb/.arkade/bin/step
+ echo

+ ./arkade get step --arch x86_64 --os darwin --quiet
+ file /home/jceb/.arkade/bin/step
/home/jceb/.arkade/bin/step: gzip compressed data, max compression, original size modulo 2^32 43195904
+ rm /home/jceb/.arkade/bin/step
+ echo

+ ./arkade get step --arch x86_64 --os linux --quiet
+ file /home/jceb/.arkade/bin/step
/home/jceb/.arkade/bin/step: gzip compressed data, max compression, original size modulo 2^32 42291200
+ rm /home/jceb/.arkade/bin/step
+ echo

+ ./arkade get step --arch aarch64 --os linux --quiet
+ file /home/jceb/.arkade/bin/step
/home/jceb/.arkade/bin/step: gzip compressed data, max compression, original size modulo 2^32 40569344
+ rm /home/jceb/.arkade/bin/step
+ echo

+ ./arkade get step --arch x86_64 --os mingw --quiet
+ file /home/jceb/.arkade/bin/step.exe
/home/jceb/.arkade/bin/step.exe: Zip archive data, at least v2.0 to extract, compression method=deflate
+ rm /home/jceb/.arkade/bin/step.exe
+ echo

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Documentation

• I have updated the list of tools in README.md if (required) with ./arkade get --format markdown
• I have updated the list of apps in README.md if (required) with ./arkade install --help

Checklist:

• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I've read the CONTRIBUTION guide
• I have signed-off my commits with git commit -s

• I have tested this on arm, or have added code to prevent deployment

[alexellis]

Hi thanks for the discussion.

I think we've covered similar scenarios in the past.

The strategy only looks up the version, then you can produce any URL you like given the resolved latest version.

I feel like I'm missing something can you explain it with an example? I was unsure why there's a URL fragment too.

Alex

[jceb]

The version lookup doesn't work when the strategy isn't detected correctly. As far as I could tell from the code, the strategy is derived from the URL. Therefore, I added the fragment which allows the code to detect the github strategy.

[rgee0]

To support what Alex mentioned, the version strategy is used only to find the version, you can download from anywhere once you have the version.

Have a look at Hashicorp binaries in tools.go and you should get the idea.

Edit: I think the part you've missed is VersionStrategy: GitHubVersionStrategy, which is explicit about where to get the version rather than deriving it from the URI

[jceb]

@rgee0 awesome, thank you! This works flawlessly and is exactly what I was looking for! I pushed the fix.

[jceb]

Is there anything else missing in this PR?

[reviewfn]

AI Pull Request Overview

Summary

• Adds support for the step CLI tool to arkade's get command
• Implements custom URL template for downloading from smallstep's servers instead of GitHub releases
• Updates README with tool description and increments tool count
• Adds comprehensive test coverage for URL generation across supported platforms

Next steps

Issue/Suggestion	Severity
Consider implementing configurable versioning strategies to avoid URL anchoring hacks	Medium
Verify support for additional architectures like armv7l for Linux	Low
Add integration test for actual download verification beyond URL generation	Low

Summary per file

Summary per file

File path	Summary
README.md	Adds step tool entry and updates total tool count from 183 to 184
pkg/get/get_test.go	Adds Test_DownloadStep function with URL validation tests for multiple OS/arch combinations
pkg/get/tools.go	Appends step Tool struct with custom URLTemplate for smallstep download URLs

Overall Assessment

Overall Assessment

The implementation correctly adds step CLI support with appropriate testing and documentation updates. The custom URL handling for non-GitHub hosting is functional but introduces maintenance risks. The code follows existing patterns and the changes are isolated to the expected files. No regressions apparent, but the approach highlights a gap in arkade's flexibility for external hosting scenarios.

Detailed Review

Detailed Review

README.md

• Correctly adds step entry in alphabetical order with accurate description
• Tool count incremented properly (183 → 184)
• No issues with formatting or placement

pkg/get/get_test.go

• Test function follows established pattern with comprehensive coverage
• Tests all supported OS/arch combinations from the URLTemplate
• Version "v0.28.7" appears to be a recent stable release
• URLs match expected format with proper extension handling (tar.gz vs zip)
• No test for armv7l Linux architecture, though template supports it - potential gap if step CLI supports this platform

pkg/get/tools.go

• Tool struct properly configured with GitHub version strategy despite custom URLs
• URLTemplate correctly handles OS/arch mapping with appropriate extensions
• Use of {{.Version}} in path and {{.VersionNumber}} in filename is consistent with test expectations
• Template logic is sound but complex - consider if simplification is possible
• Only amd64 architecture supported for Windows - verify if arm64 Windows support exists for step CLI
• Positioning in tools slice maintains alphabetical order

General Concerns

• Versioning Strategy Mismatch: Using GitHubVersionStrategy with non-GitHub URLs creates potential for version drift if releases aren't synchronized
• URL Maintenance Risk: Hardcoded smallstep server URLs could break if they change their hosting structure
• Security: Downloading from external servers without additional verification - relies on smallstep's infrastructure integrity
• Testing Depth: Current tests only validate URL generation, not actual download success or binary integrity
• Architecture Coverage: armv7l supported in template but not tested - ensure step CLI actually provides these builds
• Future Flexibility: The PR notes the need for explicit versioning strategy configuration (Make version strategy configurable #1229) - this workaround is acceptable short-term but indicates architectural limitation

Recommendations

• Monitor Make version strategy configurable #1229 for versioning strategy improvements
• Consider adding checksum verification if smallstep provides release checksums
• Evaluate if armv7l support should be tested or removed from template
• Ensure step CLI's supported platforms align with arkade's target architectures

AI agent details.

Agent processing time: 41.819s
Environment preparation time: 7.027s
Total time from webhook: 56.123s