actions/upload-artifact-with-wget
1
0
Fork 0
Code Issues Pull requests Releases Activity Actions

Trying some compatibility with Github
All checks were successful
/ GenerateReleaseZipfile (push) Successful in 1m11s
Details

Browse source 
Just for the fun of it (it was kinda interesting but not sure the motivation is
enough in the long run...)
This commit is contained in:
Chl 2024-08-31 01:56:44 +02:00
parent f430f71f1d
commit dbfd979bf4
Signed by: chl
GPG key ID: 80012B734F21B934
3 changed files with 80 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/README.md vendored
View file

@ -1,2 +0,0 @@
As of 2024-08-30, Github actions is not capable of following symlinks :-/
https://github.com/orgs/community/discussions/109744

52
.github/workflows/generate-release-zipfile.yml vendored
View file

@ -3,9 +3,9 @@ on:
jobs: jobs:
GenerateReleaseZipfile: GenerateReleaseZipfile:
runs-on: docker runs-on: ubuntu-latest
container: # Trying to help access to the artifact with the GITHUB_TOKEN at the last step but didn't help.
image: entrepot.xlii.si/actions/alpine-wget-git-zip:latest #permissions: read-all
steps: steps:
- name: Generate some content - name: Generate some content
run: | run: |
@ -18,18 +18,36 @@ jobs:
echo tutu >> tutu.txt echo tutu >> tutu.txt
echo tutuuuuu >> tutu2.txt echo tutuuuuu >> tutu2.txt
echo tutuuuuu >> "tutu tutu.txt" echo tutuuuuu >> "tutu tutu.txt"
echo ratata >> 'tutu tutu*.txt' # Github doesn't like special characters.
#echo ratata >> 'tutu tutu*.txt'
ls -R ls -R
- name: "Github requires checkout for 'uses: ./' (or we could hard write the repository's URL ?)"
run: |
mkdir myaction && cd myaction
git init
test -z "$GITHUB_TOKEN" && GITHUB_TOKEN="${{ github.token }}"
MY_AUTHENTICATED_URL="$( echo "$GITHUB_SERVER_URL" | sed "s#^\(https\?://\)#\1$GITHUB_TOKEN\@#" )"
git remote add origin "$MY_AUTHENTICATED_URL"/"$GITHUB_REPOSITORY"
# Little and optional speed optimization
git config --local gc.auto 0
git fetch --no-tags --prune --no-recurse-submodules --depth=1 origin "$GITHUB_SHA"
git reset --hard "$GITHUB_SHA"
- name: Testing the artifact uploading - name: Testing the artifact uploading
id: "uploading" id: "uploading"
uses: "${{ github.server_url }}/${{ github.repository }}@${{ github.sha }}" uses: ./myaction
# For comparison
#uses: actions/upload-artifact@v4
with: with:
path: | path: |
toto toto
tutu* tutu*
- name: Is there any output for the previous step ? - name: "Cleanup Github"
run: rm -rvf myaction
- name: Is there any output for the uploading step ?
run: | run: |
set -x set -x
printf "steps.uploading.outputs.artifact-id: %s\n" "${{ steps.uploading.outputs.artifact-id }}" printf "steps.uploading.outputs.artifact-id: %s\n" "${{ steps.uploading.outputs.artifact-id }}"
@ -37,7 +55,7 @@ jobs:
- name: Check the content of the uploaded artifact - name: Check the content of the uploaded artifact
run: | run: |
# Stop at first error and be verbose # Stop at first error and be verbose
set -ex set -ex
# Create some temporary files/directory # Create some temporary files/directory
@ -52,8 +70,24 @@ jobs:
cd "$TEST_ARTIFACT_DIR" cd "$TEST_ARTIFACT_DIR"
# In case the repository becomes private, we add our GITHUB_TOKEN to the artifact-url. # In case the repository becomes private, we add our GITHUB_TOKEN to the artifact-url.
MY_AUTHENTICATED_URL="$( echo "${{ steps.uploading.outputs.artifact-url }}" | sed "s#^\(https\?://\)#\1$GITHUB_TOKEN\@#" )" test -z "$GITHUB_TOKEN" && GITHUB_TOKEN="${{ github.token }}"
wget -O "$DOWNLOAD_FILE" "$MY_AUTHENTICATED_URL" # TODO : can't get it to work :-/
#wget --header "Authorization: Bearer $GITHUB_TOKEN" -O "$DOWNLOAD_FILE" "${{ steps.uploading.outputs.artifact-url }}"
# Oh boy... We're gone beyond salvation but let's try to explain:
# - the api.github.com accepts the GITHUB_TOKEN in the Authorization
# header (but not the ACTIONS_RUNTIME_TOKEN, nor the GITHUB_TOKEN as
# part of the URL like https://$GITHUB_TOKEN@api.github.com/...)
# - ...but we get redirect to Windows.net/Azure data warehouse which refuses GITHUB_TOKEN...
# -> so, if the api.github.com fails, we try to extract the redirect location and hit it without any header.
# ('beginning to wonder if Github's changing master to main was also a part of a plot to complexify our lives...)
WGET_OUTPUT="$( wget -O "$DOWNLOAD_FILE" \
--header "Authorization: Bearer $GITHUB_TOKEN" \
"https://api.github.com/repos/$GITHUB_REPOSITORY/actions/artifacts/${{ steps.uploading.outputs.artifact-id }}/zip" 2>&1 )" \
|| wget -O "$DOWNLOAD_FILE" \
"$( echo "$WGET_OUTPUT" | sed -n 's/^Location: \(.*\) \[following\]/\1/p' | tail -n 1 )"
# unzip and check
unzip "$DOWNLOAD_FILE" unzip "$DOWNLOAD_FILE"
sha256sum -c "$SHASUM_FILE" sha256sum -c "$SHASUM_FILE"

48
action.yml
View file

@ -25,21 +25,38 @@ inputs:
outputs: outputs:
artifact-id: artifact-id:
description: A unique identifier for the artifact that was just uploaded. Empty if the artifact upload failed. description: A unique identifier for the artifact that was just uploaded.
value: ${{ steps.uploading.outputs.artifact-id }}
artifact-url:
description: The URL for the uploaded artifact. Access may require authorization.
value: ${{ steps.uploading.outputs.artifact-url }}
runs: runs:
using: 'composite' using: 'composite'
steps: steps:
# ACTIONS_RUNTIME_TOKEN is not yet available (2024-08) for composite actions on Github :
# https://github.com/actions/runner/issues/3046
# Forgejo tries to download this remote action even if it's not needed :
# uncomment if you want to run this action in Github.
#- name: Expose GitHub Runtime
# if: env.ACTIONS_RUNTIME_TOKEN == ''
# uses: "https://github.com/crazy-max/ghaction-github-runtime@v3"
- name: Upload artifact (using v4) - name: Upload artifact (using v4)
shell: sh shell: sh
# id for reference in the outputs extraction
id: uploading
run: | run: |
# Some optional help for debugging. # Some optional help for debugging.
set -ex set -ex
# Compatibility layer for Github
test -z "$GITHUB_TOKEN" && GITHUB_TOKEN="${{ github.token }}"
# Compress the input paths into a zip archive # Compress the input paths into a zip archive
# (note: busybox' mktemp doesn't have the --suffix option) # (note: busybox' mktemp doesn't have the --suffix option)
MYUPLOAD="$( mktemp -u ).zip" MYUPLOAD="$( mktemp -u ).zip"
if [ "${{ inputs.compression }}" == "true" ]; then if [ "${{ inputs.compression }}" = "true" ]; then
# inputs.path can be a list of files (with wildcards and spaces) and # inputs.path can be a list of files (with wildcards and spaces) and
# the shell's command substitution + field splitting + pathname # the shell's command substitution + field splitting + pathname
# expansion gives a behaviour pretty close to the original Github's # expansion gives a behaviour pretty close to the original Github's
@ -64,36 +81,45 @@ runs:
$( echo "$ACTIONS_RUNTIME_TOKEN" | sed 's/.*\.\(.*\)\..*/\1/' | base64 -d 2>/dev/null | sed 's/.*Actions.Results:\([^:]\+\):\([^:" ]\+\).*/\1 \2/' ) $( echo "$ACTIONS_RUNTIME_TOKEN" | sed 's/.*\.\(.*\)\..*/\1/' | base64 -d 2>/dev/null | sed 's/.*Actions.Results:\([^:]\+\):\([^:" ]\+\).*/\1 \2/' )
EOF EOF
# Github compatibility layer: ACTIONS_RESULTS_URL already ends with a '/'
ACTIONS_RESULTS_URL="$( echo "$ACTIONS_RESULTS_URL" | sed 's/\/$//' )"
# Request an upload URL # Request an upload URL
RESPONSE="$( wget -O - \ RESPONSE="$( wget -O - \
--header 'Content-Type:application/json' \ --header 'Content-Type:application/json' \
--header "Authorization: Bearer $GITHUB_TOKEN" \ --header "Authorization: Bearer $ACTIONS_RUNTIME_TOKEN" \
--post-data "$( printf '{"version":4, "name":"%s", "workflow_run_backend_id":"%s", "workflow_job_run_backend_id":"%s"}' "${{ inputs.name }}" "$WORKFLOW_RUN_BACKEND_ID" "$WORKFLOW_JOB_RUN_BACKEND_ID" )" \ --post-data "$( printf '{"version":4, "name":"%s", "workflow_run_backend_id":"%s", "workflow_job_run_backend_id":"%s"}' "${{ inputs.name }}" "$WORKFLOW_RUN_BACKEND_ID" "$WORKFLOW_JOB_RUN_BACKEND_ID" )" \
"$GITHUB_SERVER_URL"/twirp/github.actions.results.api.v1.ArtifactService/CreateArtifact "$ACTIONS_RESULTS_URL"/twirp/github.actions.results.api.v1.ArtifactService/CreateArtifact
)" )"
# We get a JSON with an signedUploadUrl similar to : # We get a JSON with an signedUploadUrl similar to :
# https://entrepot.xlii.si/twirp/github.actions.results.api.v1.ArtifactService/UploadArtifact?sig=yWWEI8tIIECp8D7E5TVh4_6G2pZxWaVdQcSYaCsx5s0=&expires=2024-08-26+07%3A20%3A49.886890537+%2B0200+CEST&artifactName=mymodule-1.2.3.zip&taskID=63 # https://entrepot.xlii.si/twirp/github.actions.results.api.v1.ArtifactService/UploadArtifact?sig=yWWEI8tIIECp8D7E5TVh4_6G2pZxWaVdQcSYaCsx5s0=&expires=2024-08-26+07%3A20%3A49.886890537+%2B0200+CEST&artifactName=mymodule-1.2.3.zip&taskID=63
SIGNED_UPLOAD_URL="$( echo "$RESPONSE" | sed -n 's/.*"signedUploadUrl" *: *"\([^"]\+\)".*/\1/p' )" SIGNED_UPLOAD_URL="$( echo "$RESPONSE" | sed -n 's/.*"signed_\?[uU]pload_\?[uU]rl" *: *"\([^"]\+\)".*/\1/p' )"
# Upload our file # Upload our file
# (note: adding '&comp=block' at the end of the URL) # (note: adding '&comp=block' at the end of the URL for Forgejo)
# (note 2: if it fails here, it probably means you are using the busybox # (note 2: if it fails here, it probably means you are using the busybox
# variant of wget which can't (as of 2024-08-26) use the PUT method. # variant of wget which can't (as of 2024-08-26) use the PUT method.
# Install the full one beforehand : apt install wget / pkg add wget / ...) # Install the full one beforehand : apt install wget / pkg add wget / ...)
wget -O /dev/null --method PUT --body-file "$MYUPLOAD" "$SIGNED_UPLOAD_URL&comp=block" wget -O /dev/null \
--method PUT \
--body-file "$MYUPLOAD" \
--header "x-ms-blob-content-type: zip" \
--header "x-ms-blob-type: BlockBlob" \
"$SIGNED_UPLOAD_URL&comp=block"
# Finalize the artifact # Finalize the artifact
RESPONSE="$( wget -O - \ RESPONSE="$( wget -O - \
--header 'Content-Type:application/json' \ --header 'Content-Type:application/json' \
--header "Authorization: Bearer $GITHUB_TOKEN" \ --header "Authorization: Bearer $ACTIONS_RUNTIME_TOKEN" \
--post-data "$( printf '{"hash":"sha256:%s", "name":"%s", "size":"%d", "workflow_run_backend_id":"%s", "workflow_job_run_backend_id":"%s"}' "$( sha256sum $MYUPLOAD | sed 's/[[:space:]]\+.*//' )" "${{ inputs.name }}" "$( stat -c %s $MYUPLOAD )" "$WORKFLOW_RUN_BACKEND_ID" "$WORKFLOW_JOB_RUN_BACKEND_ID" )" \ --post-data "$( printf '{"hash":"sha256:%s", "name":"%s", "size":"%d", "workflow_run_backend_id":"%s", "workflow_job_run_backend_id":"%s"}' "$( sha256sum $MYUPLOAD | sed 's/[[:space:]]\+.*//' )" "${{ inputs.name }}" "$( stat -c %s $MYUPLOAD )" "$WORKFLOW_RUN_BACKEND_ID" "$WORKFLOW_JOB_RUN_BACKEND_ID" )" \
"$GITHUB_SERVER_URL"/twirp/github.actions.results.api.v1.ArtifactService/FinalizeArtifact "$ACTIONS_RESULTS_URL"/twirp/github.actions.results.api.v1.ArtifactService/FinalizeArtifact
)" )"
# Store the outputs # Store the outputs
ARTIFACT_ID="$( echo "$RESPONSE" | sed -n 's/.*"artifactId" *: *"\([^"]\+\)".*/\1/p' )" ARTIFACT_ID="$( echo "$RESPONSE" | sed -n 's/.*"artifact_\?Id" *: *"\([^"]\+\)".*/\1/ip' )"
echo artifact-id="$ARTIFACT_ID" >> $GITHUB_OUTPUT echo artifact-id="$ARTIFACT_ID" >> $GITHUB_OUTPUT
if [ "$GITHUB_SERVER_URL" = "https://github.com" ]; then if [ "$GITHUB_SERVER_URL" = "https://github.com" ]; then
# note: as an alternative, there is https://api.github.com/repos/OWNER/REPO/actions/artifacts/ARTIFACT_ID
echo artifact-url="$GITHUB_SERVER_URL"/"$GITHUB_REPOSITORY"/actions/runs/"$GITHUB_RUN_ID"/artifacts/"$ARTIFACT_ID" >> $GITHUB_OUTPUT echo artifact-url="$GITHUB_SERVER_URL"/"$GITHUB_REPOSITORY"/actions/runs/"$GITHUB_RUN_ID"/artifacts/"$ARTIFACT_ID" >> $GITHUB_OUTPUT
else else
# Gitea & Forgejo : github.run_number instead of github.run_id and name of the artifact instead of artifact_id # Gitea & Forgejo : github.run_number instead of github.run_id and name of the artifact instead of artifact_id
@ -101,6 +127,6 @@ runs:
fi fi
# Cleanup # Cleanup
if [ "${{ inputs.compression }}" == "true" ]; then if [ "${{ inputs.compression }}" = "true" ]; then
rm -f "$MYUPLOAD" rm -f "$MYUPLOAD"
fi fi