From c52ad95c35b305ad669dcfbce0f88f4dd1172d0b Mon Sep 17 00:00:00 2001 From: Eric Liu Date: Sat, 13 Sep 2025 18:01:59 +0000 Subject: [PATCH] chore(ci): squash history into single commit for GitHub Action setup --- .github/workflows/build-linux-amd64.yml | 165 +++++++++++++++++++++++- 1 file changed, 162 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-linux-amd64.yml b/.github/workflows/build-linux-amd64.yml index 05e4773..0d03b66 100644 --- a/.github/workflows/build-linux-amd64.yml +++ b/.github/workflows/build-linux-amd64.yml @@ -6,6 +6,8 @@ on: description: Package version (defaults to tag name or short SHA) required: false push: + branches: + - main tags: - 'v*' @@ -16,6 +18,33 @@ jobs: EXTENSION_NAME: ui DUCKDB_PLATFORM: linux_amd64 steps: + - name: Checkout repository (manual) + env: + TOKEN: ${{ secrets.RELEASE_TOKEN }} + run: | + set -euo pipefail + if [ -d .git ]; then + echo "Repository already present" + else + server="${GITHUB_SERVER_URL:-${{ github.server_url }}}" + repo_full="${GITHUB_REPOSITORY:-${{ github.repository }}}" + sha="${GITHUB_SHA:-${{ github.sha }}}" + host="$(echo "$server" | sed -E 's#^https?://([^/]+).*#\1#')" + if [ -n "${TOKEN:-}" ]; then + umask 077 + printf "machine %s\n login token\n password %s\n" "$host" "$TOKEN" > "$HOME/.netrc" + fi + git init . + git config --global --add safe.directory "$(pwd)" + git remote add origin "$server/$repo_full.git" + git -c http.https://$host/.extraheader="" fetch --depth=1 origin "$sha" + git checkout -q FETCH_HEAD + fi + + - name: Show workspace status + run: | + set -e + git --no-pager status | cat - name: Install build dependencies run: | set -e @@ -24,9 +53,139 @@ jobs: apt-get install -y --no-install-recommends \ build-essential cmake ninja-build python3 python3-venv pkg-config \ libssl-dev curl git ca-certificates -# ... submodule init, build release, find artifact ... + - name: Preflight Gitea upload (fast-fail) + env: + GITEA_TOKEN: ${{ secrets.RELEASE_TOKEN }} + ACTOR: ${{ github.actor }} + run: | + set -euo pipefail + : "${GITEA_TOKEN:?GITEA_TOKEN secret is required}" + server="${GITHUB_SERVER_URL:-${{ github.server_url }}}" + owner="${GITHUB_REPOSITORY_OWNER:-${{ github.repository_owner }}}" + repo_full="${GITHUB_REPOSITORY:-${{ github.repository }}}" + pkg="${repo_full##*/}-preflight" + version="preflight-${GITHUB_RUN_ID:-0}-${GITHUB_RUN_ATTEMPT:-0}-$(date +%s)" + name="check.bin" + tmpfile="$(mktemp)" + printf "auth check %s\n" "$(date -u +%FT%TZ)" > "$tmpfile" + # Normalize server to effective scheme+host (handles http->https redirects) + base_no_trail="$(echo "$server" | sed 's#/*$##')" + # Use GET (not HEAD) to avoid servers that don't support HEAD on this endpoint + effective_version_url=$(curl -sS -L -o /dev/null -w '%{url_effective}' "$base_no_trail/api/v1/version" || echo "") + normalized_server=$(echo "$effective_version_url" | sed -E 's#^(https?://[^/]+).*$#\1#') + if [ -n "$normalized_server" ]; then + server="$normalized_server" + fi + url="$server/api/packages/$owner/generic/$pkg/$version/$name?replace=1" + auth_user="${ACTOR:-$owner}" + echo "Preflight: server=$server owner=$owner package=$pkg version=$version" + # Perform preflight upload using Basic auth directly + if curl -fS -L -X PUT \ + -u "$auth_user:${GITEA_TOKEN}" \ + -H "Content-Type: application/octet-stream" \ + --upload-file "$tmpfile" "$url" >/dev/null; then + echo "Preflight upload succeeded, cleaning up" + else + echo "Preflight upload failed" >&2 + exit 1 + fi + # Cleanup the uploaded dummy package version (best effort) + curl -sS -L -o /dev/null -w " delete -> HTTP %{http_code}\n" \ + -u "$auth_user:${GITEA_TOKEN}" -X DELETE \ + "$server/api/packages/$owner/generic/$pkg/$version" || true + - name: Initialize submodules + run: | + set -e + git submodule update --init --recursive + + - name: Build release (linux_amd64) + env: + GEN: "" + run: | + set -e + make -j"$(nproc)" release + + - name: Find extension artifact + id: artifact + run: | + set -euo pipefail + path="$(ls -1 build/release/extension/${EXTENSION_NAME}/${EXTENSION_NAME}.duckdb_extension 2>/dev/null || true)" + if [ -z "$path" ]; then + path="$(find build/release -type f -name '*.duckdb_extension' | head -n 1 || true)" + fi + if [ -z "$path" ]; then + echo "Extension artifact not found" >&2 + exit 1 + fi + echo "file=$path" >> "$GITHUB_OUTPUT" + echo "Found: $path" + + - name: Compute package version + id: ver + run: | + set -euo pipefail + version='${{ inputs.version }}' + if [ -z "$version" ]; then + if [ "${{ github.ref_type }}" = "tag" ]; then + version='${{ github.ref_name }}' + else + version="dev-${GITHUB_SHA::8}" + fi + fi + echo "version=$version" >> "$GITHUB_OUTPUT" + echo "Using version: $version" - name: Upload to Gitea Packages (generic) env: - GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} + GITEA_TOKEN: ${{ secrets.RELEASE_TOKEN }} + ACTOR: ${{ github.actor }} run: | - curl -fsSL -X PUT -H "Authorization: token ${GITEA_TOKEN}" -H "Content-Type: application/octet-stream" --upload-file "$file" "$server/api/packages/$owner/generic/$pkg/$version/$name?replace=1" \ No newline at end of file + set -euo pipefail + : "${GITEA_TOKEN:?GITEA_TOKEN secret is required}" + # Derive server/owner/pkg from env if not provided + server="${GITHUB_SERVER_URL:-${{ github.server_url }}}" + owner="${GITHUB_REPOSITORY_OWNER:-${{ github.repository_owner }}}" + repo_full="${GITHUB_REPOSITORY:-${{ github.repository }}}" + pkg="${repo_full##*/}" + # Use previously computed version & artifact if available + version='${{ steps.ver.outputs.version }}' + file='${{ steps.artifact.outputs.file }}' + # Fallbacks if steps were skipped + if [ -z "${version}" ]; then + if [ -n "${GITHUB_REF_TYPE:-}" ] && [ "${GITHUB_REF_TYPE}" = "tag" ]; then + version="${GITHUB_REF_NAME:-dev-${GITHUB_SHA::8}}" + else + version="dev-${GITHUB_SHA::8}" + fi + fi + if [ -z "${file}" ]; then + file="$(ls -1 build/release/extension/${EXTENSION_NAME}/${EXTENSION_NAME}.duckdb_extension 2>/dev/null || true)" + if [ -z "$file" ]; then + file="$(find build/release -type f -name '*.duckdb_extension' | head -n 1 || true)" + fi + fi + [ -n "$server" ] || { echo "server not set" >&2; exit 1; } + [ -n "$owner" ] || { echo "owner not set" >&2; exit 1; } + [ -n "$pkg" ] || { echo "pkg not set" >&2; exit 1; } + [ -n "$version" ] || { echo "version not set" >&2; exit 1; } + [ -n "$file" ] || { echo "file not set" >&2; exit 1; } + # Normalize server using effective URL of /api/v1/version (handles http->https) + base_no_trail="$(echo "$server" | sed 's#/*$##')" + effective_version_url=$(curl -sS -L -o /dev/null -w '%{url_effective}' "$base_no_trail/api/v1/version" || echo "") + normalized_server=$(echo "$effective_version_url" | sed -E 's#^(https?://[^/]+).*$#\1#') + if [ -n "$normalized_server" ]; then + server="$normalized_server" + fi + # Use the GitHub actor as basic auth username by default + auth_user="${ACTOR:-$owner}" + name="$(basename "$file")" + url="$server/api/packages/$owner/generic/$pkg/$version/$name?replace=1" + echo "Uploading $file to $url" + echo " auth user=$auth_user" + + # Use Basic auth directly (works with package registry) + curl -fS -L -X PUT \ + -u "$auth_user:${GITEA_TOKEN}" \ + -H "Content-Type: application/octet-stream" \ + --retry 2 --retry-delay 2 --max-time 300 \ + --upload-file "$file" "$url" + echo "Upload complete." \ No newline at end of file