upload_s3: improve tags handling (#202)
This commit is contained in:
Cole Helbling
GitHub
parent
24a94ec3f9
commit
bb4ef37ea5
2
.github/workflows/release-branches.yml
vendored
2
.github/workflows/release-branches.yml
vendored
|
|
@ -31,4 +31,4 @@ jobs:
|
|||
run: |
|
||||
BRANCH="branch_${{ github.ref_name }}"
|
||||
GIT_ISH="$GITHUB_SHA"
|
||||
./upload_s3.sh "$BRANCH" "$GIT_ISH"
|
||||
./upload_s3.sh "$BRANCH" "$GIT_ISH" "https://install.determinate.systems/nix/rev/$GIT_ISH"
|
||||
|
|
|
|||
2
.github/workflows/release-prs.yml
vendored
2
.github/workflows/release-prs.yml
vendored
|
|
@ -34,4 +34,4 @@ jobs:
|
|||
run: |
|
||||
PR="pr_${{ github.event.pull_request.number }}"
|
||||
GIT_ISH="${{ github.event.pull_request.head.sha }}"
|
||||
./upload_s3.sh "$PR" "$GIT_ISH"
|
||||
./upload_s3.sh "$PR" "$GIT_ISH" "https://install.determinate.systems/nix/rev/$GIT_ISH"
|
||||
|
|
|
|||
5
.github/workflows/release-tags.yml
vendored
5
.github/workflows/release-tags.yml
vendored
|
|
@ -19,9 +19,6 @@ jobs:
|
|||
with:
|
||||
buildkite_token: ${{ secrets.BUILDKITE_TOKEN }}
|
||||
output_path: artifacts
|
||||
- name: Fixup URL in nix-installer.sh
|
||||
run: |
|
||||
sed -i "s@https://install.determinate.systems/nix@https://install.determinate.systems/nix/tag/$GITHUB_REF_NAME@" nix-installer.sh
|
||||
- name: Configure AWS Credentials
|
||||
uses: aws-actions/configure-aws-credentials@v1
|
||||
with:
|
||||
|
|
@ -31,7 +28,7 @@ jobs:
|
|||
env:
|
||||
AWS_BUCKET: ${{ secrets.AWS_S3_UPLOAD_BUCKET }}
|
||||
run: |
|
||||
./upload_s3.sh "$GITHUB_REF_NAME" "$GITHUB_SHA"
|
||||
./upload_s3.sh "$GITHUB_REF_NAME" "$GITHUB_SHA" "https://install.determinate.systems/nix/tag/$GITHUB_REF_NAME"
|
||||
- name: Publish Release to GitHub (Tag)
|
||||
uses: softprops/action-gh-release@v1
|
||||
with:
|
||||
|
|
|
|||
63
upload_s3.sh
63
upload_s3.sh
|
|
@ -2,37 +2,70 @@ set -eu
|
|||
|
||||
DEST="$1"
|
||||
GIT_ISH="$2"
|
||||
DEST_INSTALL_URL="$3"
|
||||
|
||||
is_tag() {
|
||||
if [[ "$GITHUB_REF_TYPE" == "tag" ]]; then
|
||||
return 0
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
# If the revision directory has already been created in S3 somehow, we don't want to reupload
|
||||
if aws s3 ls "$AWS_BUCKET"/"$GIT_ISH"/; then
|
||||
echo "Revision $GIT_ISH was already uploaded; exiting"
|
||||
exit 1
|
||||
# Only exit if it's not a tag (since we're tagging a commit previously pushed to main)
|
||||
if ! is_tag; then
|
||||
echo "Revision $GIT_ISH was already uploaded; exiting"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
sudo chown $USER: -R artifacts/
|
||||
|
||||
mkdir "$DEST"
|
||||
mkdir "$GIT_ISH"
|
||||
|
||||
sed -i "s@https://install.determinate.systems/nix@https://install.determinate.systems/nix/rev/$GIT_ISH@" nix-installer.sh
|
||||
cp nix-installer.sh "$DEST"/
|
||||
cp nix-installer.sh "$GIT_ISH"/
|
||||
|
||||
for artifact in $(find artifacts/ -type f); do
|
||||
chmod +x "$artifact"
|
||||
cp "$artifact" "$DEST"/
|
||||
cp "$artifact" "$GIT_ISH"/
|
||||
done
|
||||
|
||||
sed -i "s@https://install.determinate.systems/nix@$DEST_INSTALL_URL@" "$DEST/nix-installer.sh"
|
||||
sed -i "s@https://install.determinate.systems/nix@https://install.determinate.systems/nix/rev/$GIT_ISH@" "$GIT_ISH/nix-installer.sh"
|
||||
|
||||
if is_tag; then
|
||||
cp "$DEST/nix-installer.sh" ./nix-installer.sh
|
||||
fi
|
||||
|
||||
# If any artifact already exists in S3 and the hash is the same, we don't want to reupload
|
||||
for file in $(find "$GIT_ISH" -type f); do
|
||||
artifact_path="$DEST"/"$(basename "$artifact")"
|
||||
md5="$(md5sum "$artifact" | cut -d' ' -f1)"
|
||||
obj="$(aws s3api head-object --bucket "$AWS_BUCKET" --key "$artifact_path" || echo '{}')"
|
||||
obj_md5="$(jq -r .ETag <<<"$obj" | jq -r)" # head-object call returns ETag quoted, so `jq -r` again to unquote it
|
||||
check_reupload() {
|
||||
dest="$1"
|
||||
|
||||
if [[ "$md5" == "$obj_md5" ]]; then
|
||||
echo "Artifact $artifact was already uploaded; exiting"
|
||||
exit 0
|
||||
fi
|
||||
done
|
||||
for file in $(find "$dest" -type f); do
|
||||
artifact_path="$dest"/"$(basename "$artifact")"
|
||||
md5="$(md5sum "$artifact" | cut -d' ' -f1)"
|
||||
obj="$(aws s3api head-object --bucket "$AWS_BUCKET" --key "$artifact_path" || echo '{}')"
|
||||
obj_md5="$(jq -r .ETag <<<"$obj" | jq -r)" # head-object call returns ETag quoted, so `jq -r` again to unquote it
|
||||
|
||||
aws s3 sync "$GIT_ISH"/ s3://"$AWS_BUCKET"/"$GIT_ISH"/ --acl public-read
|
||||
aws s3 sync s3://"$AWS_BUCKET"/"$GIT_ISH"/ s3://"$AWS_BUCKET"/"$DEST"/ --acl public-read
|
||||
if [[ "$md5" == "$obj_md5" ]]; then
|
||||
echo "Artifact $artifact was already uploaded; exiting"
|
||||
# If we already uploaded to a tag, that's probably bad
|
||||
is_tag && exit 1 || exit 0
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
check_reupload "$DEST"
|
||||
if ! is_tag; then
|
||||
check_reupload "$GIT_ISH"
|
||||
fi
|
||||
|
||||
aws s3 sync "$DEST"/ s3://"$AWS_BUCKET"/"$DEST"/ --acl public-read
|
||||
if ! is_tag; then
|
||||
aws s3 sync "$GIT_ISH"/ s3://"$AWS_BUCKET"/"$GIT_ISH"/ --acl public-read
|
||||
fi
|
||||
|
|
|
|||
Loading…
Reference in a new issue