eric/duckdb-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor GitHub Actions workflow for Gitea Packages: streamline preflight upload process, enhance authentication handling using GitHub actor, and remove redundant debug outputs for improved clarity.
All checks were successful
Build linux_amd64 extension and upload to Packages / build-linux-amd64 (push) Successful in 25m15s
Details

Browse Source
This commit is contained in:
Eric X. Liu
2025-09-13 17:23:52 +00:00
parent 5d4321cb36
commit baca4b7761
1 changed files with 22 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

135
.github/workflows/build-linux-amd64.yml vendored
View File

@@ -52,10 +52,11 @@ jobs:
apt-get update apt-get update
apt-get install -y --no-install-recommends \ apt-get install -y --no-install-recommends \
build-essential cmake ninja-build python3 python3-venv pkg-config \ build-essential cmake ninja-build python3 python3-venv pkg-config \
libssl-dev curl git ca-certificates jq libssl-dev curl git ca-certificates
- name: Preflight Gitea upload (fast-fail) - name: Preflight Gitea upload (fast-fail)
env: env:
GITEA_TOKEN: ${{ secrets.RELEASE_TOKEN }} GITEA_TOKEN: ${{ secrets.RELEASE_TOKEN }}
ACTOR: ${{ github.actor }}
run: | run: |
set -euo pipefail set -euo pipefail
: "${GITEA_TOKEN:?GITEA_TOKEN secret is required}" : "${GITEA_TOKEN:?GITEA_TOKEN secret is required}"
@@ -76,62 +77,21 @@ jobs:
server="$normalized_server" server="$normalized_server"
fi fi
url="$server/api/packages/$owner/generic/$pkg/$version/$name?replace=1" url="$server/api/packages/$owner/generic/$pkg/$version/$name?replace=1"
mask() { local s="$1"; local n=${#s}; if [ "$n" -le 8 ]; then printf "*** (len=%s)" "$n"; else printf "%s***%s (len=%s)" "${s:0:4}" "${s:n-4:4}" "$n"; fi; } auth_user="${ACTOR:-$owner}"
echo "Preflight variables:" echo "Preflight: server=$server owner=$owner package=$pkg version=$version"
echo " server=$server" # Perform preflight upload using Basic auth directly
echo " owner=$owner" if curl -fS -L -X PUT \
echo " package=$pkg" -u "$auth_user:${GITEA_TOKEN}" \
echo " version=$version"
echo " url=$url"
echo " token=$(mask "$GITEA_TOKEN")"
echo "Validating token via /api/v1/user:"
curl -sS -L -o /dev/null -w " auth check -> HTTP %{http_code}\n" \
-H "Authorization: token ${GITEA_TOKEN}" "$server/api/v1/user" || true
whoami_json=$(curl -sS -L -H "Authorization: token ${GITEA_TOKEN}" "$server/api/v1/user" || echo "")
auth_user=$(echo "$whoami_json" | jq -r '.login // empty')
if [ -z "$auth_user" ]; then auth_user="$owner"; fi
echo " auth user=$auth_user"
echo "Attempting preflight upload"
tmpdir_pf="$(mktemp -d)"
resp_headers_pf="$tmpdir_pf/headers.txt"
resp_body_pf="$tmpdir_pf/body.txt"
http_code=$(curl -sS -L -i -X PUT \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/octet-stream" \ -H "Content-Type: application/octet-stream" \
--upload-file "$tmpfile" "$url" \ --upload-file "$tmpfile" "$url" >/dev/null; then
-D "$resp_headers_pf" -o "$resp_body_pf" -w "%{http_code}" || true) echo "Preflight upload succeeded, cleaning up"
echo "Preflight response HTTP code: $http_code" else
echo "Preflight response headers:"; sed -n '1,200p' "$resp_headers_pf" | sed 's/\r$//' || true echo "Preflight upload failed" >&2
if [ -s "$resp_body_pf" ]; then exit 1
echo "Preflight response body (first 200 bytes):"; head -c 200 "$resp_body_pf"; echo
fi fi
case "$http_code" in
401|301|302|303|307|308)
echo "Preflight got $http_code; retrying with HTTP Basic auth (owner:token)" ;;
*) ;;
esac
if [ "$http_code" = "401" ] || [ "$http_code" = "301" ] || [ "$http_code" = "302" ] || [ "$http_code" = "303" ] || [ "$http_code" = "307" ] || [ "$http_code" = "308" ]; then
http_code=$(curl -sS -L -i -X PUT \
-u "$auth_user:${GITEA_TOKEN}" \
-H "Content-Type: application/octet-stream" \
--upload-file "$tmpfile" "$url" \
-D "$resp_headers_pf" -o "$resp_body_pf" -w "%{http_code}" || true)
echo "Preflight retry HTTP code: $http_code"
echo "Preflight retry response headers:"; sed -n '1,200p' "$resp_headers_pf" | sed 's/\r$//' || true
if [ -s "$resp_body_pf" ]; then
echo "Preflight retry body (first 200 bytes):"; head -c 200 "$resp_body_pf"; echo
fi
fi
case "$http_code" in
2*) echo "Preflight upload succeeded, cleaning up" ;;
*) echo "Preflight upload failed with HTTP $http_code" >&2; exit 1 ;;
esac
# Cleanup the uploaded dummy package version (best effort) # Cleanup the uploaded dummy package version (best effort)
curl -sS -L -o /dev/null -w " delete -> HTTP %{http_code}\n" \ curl -sS -L -o /dev/null -w " delete -> HTTP %{http_code}\n" \
-H "Authorization: token ${GITEA_TOKEN}" -X DELETE \ -u "$auth_user:${GITEA_TOKEN}" -X DELETE \
"$server/api/packages/$owner/generic/$pkg/$version" || \
curl -sS -L -o /dev/null -w " delete (basic) -> HTTP %{http_code}\n" \
-u "$owner:${GITEA_TOKEN}" -X DELETE \
"$server/api/packages/$owner/generic/$pkg/$version" || true "$server/api/packages/$owner/generic/$pkg/$version" || true
- name: Initialize submodules - name: Initialize submodules
run: | run: |
@@ -177,6 +137,7 @@ jobs:
- name: Upload to Gitea Packages (generic) - name: Upload to Gitea Packages (generic)
env: env:
GITEA_TOKEN: ${{ secrets.RELEASE_TOKEN }} GITEA_TOKEN: ${{ secrets.RELEASE_TOKEN }}
ACTOR: ${{ github.actor }}
run: | run: |
set -euo pipefail set -euo pipefail
: "${GITEA_TOKEN:?GITEA_TOKEN secret is required}" : "${GITEA_TOKEN:?GITEA_TOKEN secret is required}"
@@ -214,69 +175,17 @@ jobs:
if [ -n "$normalized_server" ]; then if [ -n "$normalized_server" ]; then
server="$normalized_server" server="$normalized_server"
fi fi
# Determine authenticated username for Basic auth fallback # Use the GitHub actor as basic auth username by default
whoami_json=$(curl -sS -L -H "Authorization: token ${GITEA_TOKEN}" "$server/api/v1/user" || echo "") auth_user="${ACTOR:-$owner}"
auth_user=$(echo "$whoami_json" | jq -r '.login // empty')
if [ -z "$auth_user" ]; then auth_user="$owner"; fi
name="$(basename "$file")" name="$(basename "$file")"
url="$server/api/packages/$owner/generic/$pkg/$version/$name?replace=1" url="$server/api/packages/$owner/generic/$pkg/$version/$name?replace=1"
# Debug helpers (avoid leaking secrets) echo "Uploading $file to $url"
mask() { local s="$1"; local n=${#s}; if [ "$n" -le 8 ]; then printf "*** (len=%s)" "$n"; else printf "%s***%s (len=%s)" "${s:0:4}" "${s:n-4:4}" "$n"; fi; }
filesize=$(stat -c%s "$file" 2>/dev/null || echo "?")
host="$(echo "$server" | sed -E 's#^https?://([^/]+).*#\1#')"
echo "Derived variables:"
echo " server=$server"
echo " owner=$owner"
echo " package=$pkg"
echo " version=$version"
echo " artifact=$file (size=${filesize} bytes, name=$name)"
echo " url=$url"
echo " token=$(mask "$GITEA_TOKEN")"
echo "Curl version:"; curl --version | head -n 1
echo "DNS for $host:"; getent hosts "$host" || true
echo "Checking API reachability (no auth):"
curl -sS -L -o /dev/null -w " /api/v1/version -> HTTP %{http_code}\n" "$server/api/v1/version" || true
echo "Validating token via /api/v1/user:"
curl -sS -L -o /dev/null -w " auth check -> HTTP %{http_code}\n" \
-H "Authorization: token ${GITEA_TOKEN}" "$server/api/v1/user" || true
echo " auth user=$auth_user" echo " auth user=$auth_user"
echo "Uploading $file to $url" # Use Basic auth directly (works with package registry)
# Perform upload and capture response details without exposing token curl -fS -L -X PUT \
tmpdir="$(mktemp -d)" -u "$auth_user:${GITEA_TOKEN}" \
resp_headers="$tmpdir/headers.txt"
resp_body="$tmpdir/body.txt"
http_code=$(curl -sS -L -i -X PUT \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/octet-stream" \ -H "Content-Type: application/octet-stream" \
--retry 2 --retry-delay 2 --max-time 300 \ --retry 2 --retry-delay 2 --max-time 300 \
--upload-file "$file" "$url" \ --upload-file "$file" "$url"
-D "$resp_headers" -o "$resp_body" -w "%{http_code}" || true) echo "Upload complete."
echo "Response HTTP code: $http_code"
echo "Response headers:"; sed -n '1,200p' "$resp_headers" | sed 's/\r$//' || true
if [ -s "$resp_body" ]; then
echo "Response body (first 200 bytes):"; head -c 200 "$resp_body"; echo
fi
# If unauthorized or redirected, retry once using HTTP Basic auth (per Gitea docs)
if [ "$http_code" = "401" ] || [ "$http_code" = "403" ] || [ "$http_code" = "301" ] || [ "$http_code" = "302" ] || [ "$http_code" = "303" ] || [ "$http_code" = "307" ] || [ "$http_code" = "308" ]; then
echo "HTTP $http_code; retrying with HTTP Basic auth (auth_user:token)"
http_code=$(curl -sS -L -i -X PUT \
-u "$auth_user:${GITEA_TOKEN}" \
-H "Content-Type: application/octet-stream" \
--retry 2 --retry-delay 2 --max-time 300 \
--upload-file "$file" "$url" \
-D "$resp_headers" -o "$resp_body" -w "%{http_code}" || true)
echo "Retry HTTP code: $http_code"
echo "Retry response headers:"; sed -n '1,200p' "$resp_headers" | sed 's/\r$//' || true
if [ -s "$resp_body" ]; then
echo "Retry response body (first 200 bytes):"; head -c 200 "$resp_body"; echo
fi
fi
case "$http_code" in
2*) echo "Upload complete." ;;
*) echo "Upload failed with HTTP $http_code" >&2; exit 1 ;;
esac