eric/duckdb-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor GitHub Actions workflow for Gitea Packages: streamline preflight upload process, enhance authentication handling using GitHub actor, and remove redundant debug outputs for improved clarity.
All checks were successful
Build linux_amd64 extension and upload to Packages / build-linux-amd64 (push) Successful in 25m15s
Details

Browse Source
This commit is contained in:
Eric X. Liu
2025-09-13 17:23:52 +00:00
parent 5d4321cb36
commit baca4b7761
1 changed files with 22 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

135
.github/workflows/build-linux-amd64.yml vendored
View File

@@ -52,10 +52,11 @@ jobs:
apt-get update
apt-get install -y --no-install-recommends \
build-essential cmake ninja-build python3 python3-venv pkg-config \
libssl-dev curl git ca-certificates jq
libssl-dev curl git ca-certificates
- name: Preflight Gitea upload (fast-fail)
env:
GITEA_TOKEN: ${{ secrets.RELEASE_TOKEN }}
ACTOR: ${{ github.actor }}
run: |
set -euo pipefail
: "${GITEA_TOKEN:?GITEA_TOKEN secret is required}"
@@ -76,62 +77,21 @@ jobs:
server="$normalized_server"
fi
url="$server/api/packages/$owner/generic/$pkg/$version/$name?replace=1"
mask() { local s="$1"; local n=${#s}; if [ "$n" -le 8 ]; then printf "*** (len=%s)" "$n"; else printf "%s***%s (len=%s)" "${s:0:4}" "${s:n-4:4}" "$n"; fi; }
echo "Preflight variables:"
echo " server=$server"
echo " owner=$owner"
echo " package=$pkg"
echo " version=$version"
echo " url=$url"
echo " token=$(mask "$GITEA_TOKEN")"
echo "Validating token via /api/v1/user:"
curl -sS -L -o /dev/null -w " auth check -> HTTP %{http_code}\n" \
-H "Authorization: token ${GITEA_TOKEN}" "$server/api/v1/user" || true
whoami_json=$(curl -sS -L -H "Authorization: token ${GITEA_TOKEN}" "$server/api/v1/user" || echo "")
auth_user=$(echo "$whoami_json" | jq -r '.login // empty')
if [ -z "$auth_user" ]; then auth_user="$owner"; fi
echo " auth user=$auth_user"
echo "Attempting preflight upload"
tmpdir_pf="$(mktemp -d)"
resp_headers_pf="$tmpdir_pf/headers.txt"
resp_body_pf="$tmpdir_pf/body.txt"
http_code=$(curl -sS -L -i -X PUT \
-H "Authorization: token ${GITEA_TOKEN}" \
auth_user="${ACTOR:-$owner}"
echo "Preflight: server=$server owner=$owner package=$pkg version=$version"
# Perform preflight upload using Basic auth directly
if curl -fS -L -X PUT \
-u "$auth_user:${GITEA_TOKEN}" \
-H "Content-Type: application/octet-stream" \
--upload-file "$tmpfile" "$url" \
-D "$resp_headers_pf" -o "$resp_body_pf" -w "%{http_code}" || true)
echo "Preflight response HTTP code: $http_code"
echo "Preflight response headers:"; sed -n '1,200p' "$resp_headers_pf" | sed 's/\r$//' || true
if [ -s "$resp_body_pf" ]; then
echo "Preflight response body (first 200 bytes):"; head -c 200 "$resp_body_pf"; echo
--upload-file "$tmpfile" "$url" >/dev/null; then
echo "Preflight upload succeeded, cleaning up"
else
echo "Preflight upload failed" >&2
exit 1
fi
case "$http_code" in
401|301|302|303|307|308)
echo "Preflight got $http_code; retrying with HTTP Basic auth (owner:token)" ;;
*) ;;
esac
if [ "$http_code" = "401" ] || [ "$http_code" = "301" ] || [ "$http_code" = "302" ] || [ "$http_code" = "303" ] || [ "$http_code" = "307" ] || [ "$http_code" = "308" ]; then
http_code=$(curl -sS -L -i -X PUT \
-u "$auth_user:${GITEA_TOKEN}" \
-H "Content-Type: application/octet-stream" \
--upload-file "$tmpfile" "$url" \
-D "$resp_headers_pf" -o "$resp_body_pf" -w "%{http_code}" || true)
echo "Preflight retry HTTP code: $http_code"
echo "Preflight retry response headers:"; sed -n '1,200p' "$resp_headers_pf" | sed 's/\r$//' || true
if [ -s "$resp_body_pf" ]; then
echo "Preflight retry body (first 200 bytes):"; head -c 200 "$resp_body_pf"; echo
fi
fi
case "$http_code" in
2*) echo "Preflight upload succeeded, cleaning up" ;;
*) echo "Preflight upload failed with HTTP $http_code" >&2; exit 1 ;;
esac
# Cleanup the uploaded dummy package version (best effort)
curl -sS -L -o /dev/null -w " delete -> HTTP %{http_code}\n" \
-H "Authorization: token ${GITEA_TOKEN}" -X DELETE \
"$server/api/packages/$owner/generic/$pkg/$version" || \
curl -sS -L -o /dev/null -w " delete (basic) -> HTTP %{http_code}\n" \
-u "$owner:${GITEA_TOKEN}" -X DELETE \
-u "$auth_user:${GITEA_TOKEN}" -X DELETE \
"$server/api/packages/$owner/generic/$pkg/$version" || true
- name: Initialize submodules
run: |
@@ -177,6 +137,7 @@ jobs:
- name: Upload to Gitea Packages (generic)
env:
GITEA_TOKEN: ${{ secrets.RELEASE_TOKEN }}
ACTOR: ${{ github.actor }}
run: |
set -euo pipefail
: "${GITEA_TOKEN:?GITEA_TOKEN secret is required}"
@@ -214,69 +175,17 @@ jobs:
if [ -n "$normalized_server" ]; then
server="$normalized_server"
fi
# Determine authenticated username for Basic auth fallback
whoami_json=$(curl -sS -L -H "Authorization: token ${GITEA_TOKEN}" "$server/api/v1/user" || echo "")
auth_user=$(echo "$whoami_json" | jq -r '.login // empty')
if [ -z "$auth_user" ]; then auth_user="$owner"; fi
# Use the GitHub actor as basic auth username by default
auth_user="${ACTOR:-$owner}"
name="$(basename "$file")"
url="$server/api/packages/$owner/generic/$pkg/$version/$name?replace=1"
# Debug helpers (avoid leaking secrets)
mask() { local s="$1"; local n=${#s}; if [ "$n" -le 8 ]; then printf "*** (len=%s)" "$n"; else printf "%s***%s (len=%s)" "${s:0:4}" "${s:n-4:4}" "$n"; fi; }
filesize=$(stat -c%s "$file" 2>/dev/null || echo "?")
host="$(echo "$server" | sed -E 's#^https?://([^/]+).*#\1#')"
echo "Derived variables:"
echo " server=$server"
echo " owner=$owner"
echo " package=$pkg"
echo " version=$version"
echo " artifact=$file (size=${filesize} bytes, name=$name)"
echo " url=$url"
echo " token=$(mask "$GITEA_TOKEN")"
echo "Curl version:"; curl --version | head -n 1
echo "DNS for $host:"; getent hosts "$host" || true
echo "Checking API reachability (no auth):"
curl -sS -L -o /dev/null -w " /api/v1/version -> HTTP %{http_code}\n" "$server/api/v1/version" || true
echo "Validating token via /api/v1/user:"
curl -sS -L -o /dev/null -w " auth check -> HTTP %{http_code}\n" \
-H "Authorization: token ${GITEA_TOKEN}" "$server/api/v1/user" || true
echo "Uploading $file to $url"
echo " auth user=$auth_user"
echo "Uploading $file to $url"
# Perform upload and capture response details without exposing token
tmpdir="$(mktemp -d)"
resp_headers="$tmpdir/headers.txt"
resp_body="$tmpdir/body.txt"
http_code=$(curl -sS -L -i -X PUT \
-H "Authorization: token ${GITEA_TOKEN}" \
# Use Basic auth directly (works with package registry)
curl -fS -L -X PUT \
-u "$auth_user:${GITEA_TOKEN}" \
-H "Content-Type: application/octet-stream" \
--retry 2 --retry-delay 2 --max-time 300 \
--upload-file "$file" "$url" \
-D "$resp_headers" -o "$resp_body" -w "%{http_code}" || true)
echo "Response HTTP code: $http_code"
echo "Response headers:"; sed -n '1,200p' "$resp_headers" | sed 's/\r$//' || true
if [ -s "$resp_body" ]; then
echo "Response body (first 200 bytes):"; head -c 200 "$resp_body"; echo
fi
# If unauthorized or redirected, retry once using HTTP Basic auth (per Gitea docs)
if [ "$http_code" = "401" ] || [ "$http_code" = "403" ] || [ "$http_code" = "301" ] || [ "$http_code" = "302" ] || [ "$http_code" = "303" ] || [ "$http_code" = "307" ] || [ "$http_code" = "308" ]; then
echo "HTTP $http_code; retrying with HTTP Basic auth (auth_user:token)"
http_code=$(curl -sS -L -i -X PUT \
-u "$auth_user:${GITEA_TOKEN}" \
-H "Content-Type: application/octet-stream" \
--retry 2 --retry-delay 2 --max-time 300 \
--upload-file "$file" "$url" \
-D "$resp_headers" -o "$resp_body" -w "%{http_code}" || true)
echo "Retry HTTP code: $http_code"
echo "Retry response headers:"; sed -n '1,200p' "$resp_headers" | sed 's/\r$//' || true
if [ -s "$resp_body" ]; then
echo "Retry response body (first 200 bytes):"; head -c 200 "$resp_body"; echo
fi
fi
case "$http_code" in
2*) echo "Upload complete." ;;
*) echo "Upload failed with HTTP $http_code" >&2; exit 1 ;;
esac
--upload-file "$file" "$url"
echo "Upload complete."