name: Build linux_amd64 extension and upload to Packages on: workflow_dispatch: inputs: version: description: Package version (defaults to tag name or short SHA) required: false push: branches: - main tags: - 'v*' jobs: build-linux-amd64: runs-on: ubuntu-latest env: EXTENSION_NAME: ui DUCKDB_PLATFORM: linux_amd64 steps: - name: Checkout repository (manual) env: TOKEN: ${{ secrets.RELEASE_TOKEN }} run: | set -euo pipefail if [ -d .git ]; then echo "Repository already present" else server="${GITHUB_SERVER_URL:-${{ github.server_url }}}" repo_full="${GITHUB_REPOSITORY:-${{ github.repository }}}" sha="${GITHUB_SHA:-${{ github.sha }}}" host="$(echo "$server" | sed -E 's#^https?://([^/]+).*#\1#')" if [ -n "${TOKEN:-}" ]; then umask 077 printf "machine %s\n login token\n password %s\n" "$host" "$TOKEN" > "$HOME/.netrc" fi git init . git config --global --add safe.directory "$(pwd)" git remote add origin "$server/$repo_full.git" git -c http.https://$host/.extraheader="" fetch --depth=1 origin "$sha" git checkout -q FETCH_HEAD fi - name: Show workspace status run: | set -e git --no-pager status | cat - name: Install build dependencies run: | set -e export DEBIAN_FRONTEND=noninteractive apt-get update apt-get install -y --no-install-recommends \ build-essential cmake ninja-build python3 python3-venv pkg-config \ libssl-dev curl git ca-certificates - name: Preflight Gitea upload (fast-fail) env: GITEA_TOKEN: ${{ secrets.RELEASE_TOKEN }} ACTOR: ${{ github.actor }} run: | set -euo pipefail : "${GITEA_TOKEN:?GITEA_TOKEN secret is required}" server="${GITHUB_SERVER_URL:-${{ github.server_url }}}" owner="${GITHUB_REPOSITORY_OWNER:-${{ github.repository_owner }}}" repo_full="${GITHUB_REPOSITORY:-${{ github.repository }}}" pkg="${repo_full##*/}-preflight" version="preflight-${GITHUB_RUN_ID:-0}-${GITHUB_RUN_ATTEMPT:-0}-$(date +%s)" name="check.bin" tmpfile="$(mktemp)" printf "auth check %s\n" "$(date -u +%FT%TZ)" > "$tmpfile" # Normalize server to effective scheme+host (handles http->https redirects) base_no_trail="$(echo "$server" | sed 's#/*$##')" # Use GET (not HEAD) to avoid servers that don't support HEAD on this endpoint effective_version_url=$(curl -sS -L -o /dev/null -w '%{url_effective}' "$base_no_trail/api/v1/version" || echo "") normalized_server=$(echo "$effective_version_url" | sed -E 's#^(https?://[^/]+).*$#\1#') if [ -n "$normalized_server" ]; then server="$normalized_server" fi url="$server/api/packages/$owner/generic/$pkg/$version/$name?replace=1" auth_user="${ACTOR:-$owner}" echo "Preflight: server=$server owner=$owner package=$pkg version=$version" # Perform preflight upload using Basic auth directly if curl -fS -L -X PUT \ -u "$auth_user:${GITEA_TOKEN}" \ -H "Content-Type: application/octet-stream" \ --upload-file "$tmpfile" "$url" >/dev/null; then echo "Preflight upload succeeded, cleaning up" else echo "Preflight upload failed" >&2 exit 1 fi # Cleanup the uploaded dummy package version (best effort) curl -sS -L -o /dev/null -w " delete -> HTTP %{http_code}\n" \ -u "$auth_user:${GITEA_TOKEN}" -X DELETE \ "$server/api/packages/$owner/generic/$pkg/$version" || true - name: Initialize submodules run: | set -e git submodule update --init --recursive - name: Build release (linux_amd64) env: GEN: "" run: | set -e make -j"$(nproc)" release - name: Find extension artifact id: artifact run: | set -euo pipefail path="$(ls -1 build/release/extension/${EXTENSION_NAME}/${EXTENSION_NAME}.duckdb_extension 2>/dev/null || true)" if [ -z "$path" ]; then path="$(find build/release -type f -name '*.duckdb_extension' | head -n 1 || true)" fi if [ -z "$path" ]; then echo "Extension artifact not found" >&2 exit 1 fi echo "file=$path" >> "$GITHUB_OUTPUT" echo "Found: $path" - name: Compute package version id: ver run: | set -euo pipefail version='${{ inputs.version }}' if [ -z "$version" ]; then if [ "${{ github.ref_type }}" = "tag" ]; then version='${{ github.ref_name }}' else version="dev-${GITHUB_SHA::8}" fi fi echo "version=$version" >> "$GITHUB_OUTPUT" echo "Using version: $version" - name: Upload to Gitea Packages (generic) env: GITEA_TOKEN: ${{ secrets.RELEASE_TOKEN }} ACTOR: ${{ github.actor }} run: | set -euo pipefail : "${GITEA_TOKEN:?GITEA_TOKEN secret is required}" # Derive server/owner/pkg from env if not provided server="${GITHUB_SERVER_URL:-${{ github.server_url }}}" owner="${GITHUB_REPOSITORY_OWNER:-${{ github.repository_owner }}}" repo_full="${GITHUB_REPOSITORY:-${{ github.repository }}}" pkg="${repo_full##*/}" # Use previously computed version & artifact if available version='${{ steps.ver.outputs.version }}' file='${{ steps.artifact.outputs.file }}' # Fallbacks if steps were skipped if [ -z "${version}" ]; then if [ -n "${GITHUB_REF_TYPE:-}" ] && [ "${GITHUB_REF_TYPE}" = "tag" ]; then version="${GITHUB_REF_NAME:-dev-${GITHUB_SHA::8}}" else version="dev-${GITHUB_SHA::8}" fi fi if [ -z "${file}" ]; then file="$(ls -1 build/release/extension/${EXTENSION_NAME}/${EXTENSION_NAME}.duckdb_extension 2>/dev/null || true)" if [ -z "$file" ]; then file="$(find build/release -type f -name '*.duckdb_extension' | head -n 1 || true)" fi fi [ -n "$server" ] || { echo "server not set" >&2; exit 1; } [ -n "$owner" ] || { echo "owner not set" >&2; exit 1; } [ -n "$pkg" ] || { echo "pkg not set" >&2; exit 1; } [ -n "$version" ] || { echo "version not set" >&2; exit 1; } [ -n "$file" ] || { echo "file not set" >&2; exit 1; } # Normalize server using effective URL of /api/v1/version (handles http->https) base_no_trail="$(echo "$server" | sed 's#/*$##')" effective_version_url=$(curl -sS -L -o /dev/null -w '%{url_effective}' "$base_no_trail/api/v1/version" || echo "") normalized_server=$(echo "$effective_version_url" | sed -E 's#^(https?://[^/]+).*$#\1#') if [ -n "$normalized_server" ]; then server="$normalized_server" fi # Use the GitHub actor as basic auth username by default auth_user="${ACTOR:-$owner}" name="$(basename "$file")" url="$server/api/packages/$owner/generic/$pkg/$version/$name?replace=1" echo "Uploading $file to $url" echo " auth user=$auth_user" # Use Basic auth directly (works with package registry) curl -fS -L -X PUT \ -u "$auth_user:${GITEA_TOKEN}" \ -H "Content-Type: application/octet-stream" \ --retry 2 --retry-delay 2 --max-time 300 \ --upload-file "$file" "$url" echo "Upload complete." # Also upload the DuckDB shell binary bin_path="./build/release/duckdb" if [ ! -f "$bin_path" ]; then echo "duckdb binary not found at $bin_path" >&2 exit 1 fi bin_name="$(basename "$bin_path")" bin_url="$server/api/packages/$owner/generic/$pkg/$version/$bin_name?replace=1" echo "Uploading $bin_path to $bin_url" curl -fS -L -X PUT \ -u "$auth_user:${GITEA_TOKEN}" \ -H "Content-Type: application/octet-stream" \ --retry 2 --retry-delay 2 --max-time 300 \ --upload-file "$bin_path" "$bin_url" echo "DuckDB binary upload complete."