Enhance GitHub Actions workflow for Gitea Packages by adding jq to dependencies, improving server URL normalization, and refining error handling for preflight uploads with support for HTTP redirects.
Some checks failed
Build linux_amd64 extension and upload to Packages / build-linux-amd64 (push) Failing after 12s
Some checks failed
Build linux_amd64 extension and upload to Packages / build-linux-amd64 (push) Failing after 12s
This commit is contained in:
58
.github/workflows/build-linux-amd64.yml
vendored
58
.github/workflows/build-linux-amd64.yml
vendored
@@ -52,7 +52,7 @@ jobs:
|
|||||||
apt-get update
|
apt-get update
|
||||||
apt-get install -y --no-install-recommends \
|
apt-get install -y --no-install-recommends \
|
||||||
build-essential cmake ninja-build python3 python3-venv pkg-config \
|
build-essential cmake ninja-build python3 python3-venv pkg-config \
|
||||||
libssl-dev curl git ca-certificates
|
libssl-dev curl git ca-certificates jq
|
||||||
- name: Preflight Gitea upload (fast-fail)
|
- name: Preflight Gitea upload (fast-fail)
|
||||||
env:
|
env:
|
||||||
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
|
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
|
||||||
@@ -67,6 +67,14 @@ jobs:
|
|||||||
name="check.bin"
|
name="check.bin"
|
||||||
tmpfile="$(mktemp)"
|
tmpfile="$(mktemp)"
|
||||||
printf "auth check %s\n" "$(date -u +%FT%TZ)" > "$tmpfile"
|
printf "auth check %s\n" "$(date -u +%FT%TZ)" > "$tmpfile"
|
||||||
|
# Normalize server to effective scheme+host (handles http->https redirects)
|
||||||
|
base_no_trail="$(echo "$server" | sed 's#/*$##')"
|
||||||
|
# Use GET (not HEAD) to avoid servers that don't support HEAD on this endpoint
|
||||||
|
effective_version_url=$(curl -sS -L -o /dev/null -w '%{url_effective}' "$base_no_trail/api/v1/version" || echo "")
|
||||||
|
normalized_server=$(echo "$effective_version_url" | sed -E 's#^(https?://[^/]+).*$#\1#')
|
||||||
|
if [ -n "$normalized_server" ]; then
|
||||||
|
server="$normalized_server"
|
||||||
|
fi
|
||||||
url="$server/api/packages/$owner/generic/$pkg/$version/$name?replace=1"
|
url="$server/api/packages/$owner/generic/$pkg/$version/$name?replace=1"
|
||||||
mask() { local s="$1"; local n=${#s}; if [ "$n" -le 8 ]; then printf "*** (len=%s)" "$n"; else printf "%s***%s (len=%s)" "${s:0:4}" "${s:n-4:4}" "$n"; fi; }
|
mask() { local s="$1"; local n=${#s}; if [ "$n" -le 8 ]; then printf "*** (len=%s)" "$n"; else printf "%s***%s (len=%s)" "${s:0:4}" "${s:n-4:4}" "$n"; fi; }
|
||||||
echo "Preflight variables:"
|
echo "Preflight variables:"
|
||||||
@@ -77,32 +85,48 @@ jobs:
|
|||||||
echo " url=$url"
|
echo " url=$url"
|
||||||
echo " token=$(mask "$GITEA_TOKEN")"
|
echo " token=$(mask "$GITEA_TOKEN")"
|
||||||
echo "Validating token via /api/v1/user:"
|
echo "Validating token via /api/v1/user:"
|
||||||
curl -sS -o /dev/null -w " auth check -> HTTP %{http_code}\n" \
|
curl -sS -L -o /dev/null -w " auth check -> HTTP %{http_code}\n" \
|
||||||
-H "Authorization: token ${GITEA_TOKEN}" "$server/api/v1/user" || true
|
-H "Authorization: token ${GITEA_TOKEN}" "$server/api/v1/user" || true
|
||||||
echo "Attempting preflight upload"
|
echo "Attempting preflight upload"
|
||||||
http_code=$(curl -sS -i -X PUT \
|
tmpdir_pf="$(mktemp -d)"
|
||||||
|
resp_headers_pf="$tmpdir_pf/headers.txt"
|
||||||
|
resp_body_pf="$tmpdir_pf/body.txt"
|
||||||
|
http_code=$(curl -sS -L -i -X PUT \
|
||||||
-H "Authorization: token ${GITEA_TOKEN}" \
|
-H "Authorization: token ${GITEA_TOKEN}" \
|
||||||
-H "Content-Type: application/octet-stream" \
|
-H "Content-Type: application/octet-stream" \
|
||||||
--upload-file "$tmpfile" "$url" \
|
--upload-file "$tmpfile" "$url" \
|
||||||
-o /dev/null -w "%{http_code}" || true)
|
-D "$resp_headers_pf" -o "$resp_body_pf" -w "%{http_code}" || true)
|
||||||
if [ "$http_code" = "401" ]; then
|
echo "Preflight response HTTP code: $http_code"
|
||||||
echo "401 Unauthorized with token header; retrying with HTTP Basic auth (owner:token)"
|
echo "Preflight response headers:"; sed -n '1,200p' "$resp_headers_pf" | sed 's/\r$//' || true
|
||||||
http_code=$(curl -sS -i -X PUT \
|
if [ -s "$resp_body_pf" ]; then
|
||||||
|
echo "Preflight response body (first 200 bytes):"; head -c 200 "$resp_body_pf"; echo
|
||||||
|
fi
|
||||||
|
case "$http_code" in
|
||||||
|
401|301|302|303|307|308)
|
||||||
|
echo "Preflight got $http_code; retrying with HTTP Basic auth (owner:token)" ;;
|
||||||
|
*) ;;
|
||||||
|
esac
|
||||||
|
if [ "$http_code" = "401" ] || [ "$http_code" = "301" ] || [ "$http_code" = "302" ] || [ "$http_code" = "303" ] || [ "$http_code" = "307" ] || [ "$http_code" = "308" ]; then
|
||||||
|
http_code=$(curl -sS -L -i -X PUT \
|
||||||
-u "$owner:${GITEA_TOKEN}" \
|
-u "$owner:${GITEA_TOKEN}" \
|
||||||
-H "Content-Type: application/octet-stream" \
|
-H "Content-Type: application/octet-stream" \
|
||||||
--upload-file "$tmpfile" "$url" \
|
--upload-file "$tmpfile" "$url" \
|
||||||
-o /dev/null -w "%{http_code}" || true)
|
-D "$resp_headers_pf" -o "$resp_body_pf" -w "%{http_code}" || true)
|
||||||
|
echo "Preflight retry HTTP code: $http_code"
|
||||||
|
echo "Preflight retry response headers:"; sed -n '1,200p' "$resp_headers_pf" | sed 's/\r$//' || true
|
||||||
|
if [ -s "$resp_body_pf" ]; then
|
||||||
|
echo "Preflight retry body (first 200 bytes):"; head -c 200 "$resp_body_pf"; echo
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
echo "Preflight HTTP $http_code"
|
|
||||||
case "$http_code" in
|
case "$http_code" in
|
||||||
2*) echo "Preflight upload succeeded, cleaning up" ;;
|
2*) echo "Preflight upload succeeded, cleaning up" ;;
|
||||||
*) echo "Preflight upload failed with HTTP $http_code" >&2; exit 1 ;;
|
*) echo "Preflight upload failed with HTTP $http_code" >&2; exit 1 ;;
|
||||||
esac
|
esac
|
||||||
# Cleanup the uploaded dummy package version (best effort)
|
# Cleanup the uploaded dummy package version (best effort)
|
||||||
curl -sS -o /dev/null -w " delete -> HTTP %{http_code}\n" \
|
curl -sS -L -o /dev/null -w " delete -> HTTP %{http_code}\n" \
|
||||||
-H "Authorization: token ${GITEA_TOKEN}" -X DELETE \
|
-H "Authorization: token ${GITEA_TOKEN}" -X DELETE \
|
||||||
"$server/api/packages/$owner/generic/$pkg/$version" || \
|
"$server/api/packages/$owner/generic/$pkg/$version" || \
|
||||||
curl -sS -o /dev/null -w " delete (basic) -> HTTP %{http_code}\n" \
|
curl -sS -L -o /dev/null -w " delete (basic) -> HTTP %{http_code}\n" \
|
||||||
-u "$owner:${GITEA_TOKEN}" -X DELETE \
|
-u "$owner:${GITEA_TOKEN}" -X DELETE \
|
||||||
"$server/api/packages/$owner/generic/$pkg/$version" || true
|
"$server/api/packages/$owner/generic/$pkg/$version" || true
|
||||||
- name: Initialize submodules
|
- name: Initialize submodules
|
||||||
@@ -197,7 +221,7 @@ jobs:
|
|||||||
echo "DNS for $host:"; getent hosts "$host" || true
|
echo "DNS for $host:"; getent hosts "$host" || true
|
||||||
|
|
||||||
echo "Checking API reachability (no auth):"
|
echo "Checking API reachability (no auth):"
|
||||||
curl -sS -o /dev/null -w " /api/v1/version -> HTTP %{http_code}\n" "$server/api/v1/version" || true
|
curl -sS -L -o /dev/null -w " /api/v1/version -> HTTP %{http_code}\n" "$server/api/v1/version" || true
|
||||||
|
|
||||||
echo "Validating token via /api/v1/user:"
|
echo "Validating token via /api/v1/user:"
|
||||||
curl -sS -o /dev/null -w " auth check -> HTTP %{http_code}\n" \
|
curl -sS -o /dev/null -w " auth check -> HTTP %{http_code}\n" \
|
||||||
@@ -208,7 +232,7 @@ jobs:
|
|||||||
tmpdir="$(mktemp -d)"
|
tmpdir="$(mktemp -d)"
|
||||||
resp_headers="$tmpdir/headers.txt"
|
resp_headers="$tmpdir/headers.txt"
|
||||||
resp_body="$tmpdir/body.txt"
|
resp_body="$tmpdir/body.txt"
|
||||||
http_code=$(curl -sS -i -X PUT \
|
http_code=$(curl -sS -L -i -X PUT \
|
||||||
-H "Authorization: token ${GITEA_TOKEN}" \
|
-H "Authorization: token ${GITEA_TOKEN}" \
|
||||||
-H "Content-Type: application/octet-stream" \
|
-H "Content-Type: application/octet-stream" \
|
||||||
--retry 2 --retry-delay 2 --max-time 300 \
|
--retry 2 --retry-delay 2 --max-time 300 \
|
||||||
@@ -220,10 +244,10 @@ jobs:
|
|||||||
echo "Response body (first 200 bytes):"; head -c 200 "$resp_body"; echo
|
echo "Response body (first 200 bytes):"; head -c 200 "$resp_body"; echo
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# If unauthorized, retry once using HTTP Basic auth (per Gitea docs)
|
# If unauthorized or redirected, retry once using HTTP Basic auth (per Gitea docs)
|
||||||
if [ "$http_code" = "401" ]; then
|
if [ "$http_code" = "401" ] || [ "$http_code" = "301" ] || [ "$http_code" = "302" ] || [ "$http_code" = "303" ] || [ "$http_code" = "307" ] || [ "$http_code" = "308" ]; then
|
||||||
echo "401 Unauthorized with token header; retrying with HTTP Basic auth (owner:token)"
|
echo "HTTP $http_code; retrying with HTTP Basic auth (owner:token)"
|
||||||
http_code=$(curl -sS -i -X PUT \
|
http_code=$(curl -sS -L -i -X PUT \
|
||||||
-u "$owner:${GITEA_TOKEN}" \
|
-u "$owner:${GITEA_TOKEN}" \
|
||||||
-H "Content-Type: application/octet-stream" \
|
-H "Content-Type: application/octet-stream" \
|
||||||
--retry 2 --retry-delay 2 --max-time 300 \
|
--retry 2 --retry-delay 2 --max-time 300 \
|
||||||
|
|||||||
Reference in New Issue
Block a user