diff --git a/.github/workflows/build-citus-community-nightlies.yml b/.github/workflows/build-citus-community-nightlies.yml index 39757b48..d9447a7b 100644 --- a/.github/workflows/build-citus-community-nightlies.yml +++ b/.github/workflows/build-citus-community-nightlies.yml @@ -40,6 +40,19 @@ jobs: - name: Checkout repository uses: actions/checkout@v6 + - name: Generate GitHub App token + id: app-token + uses: actions/create-github-app-token@v3 + with: + app-id: ${{ vars.GH_APP_ID }} + private-key: ${{ secrets.GH_APP_KEY }} + owner: citusdata + + - name: Export App token to environment + run: | + echo "GH_TOKEN=${{ steps.app-token.outputs.token }}" >> "$GITHUB_ENV" + echo "GITHUB_TOKEN=${{ steps.app-token.outputs.token }}" >> "$GITHUB_ENV" + # This step is to fetch the images unanonymously to have higher bandwidth - name: Login to Docker Hub uses: docker/login-action@v4 @@ -48,7 +61,7 @@ jobs: password: ${{ secrets.DOCKERHUB_PASSWORD }} - name: Clone tools branch - run: git clone -b v0.8.36-dev2 --depth=1 https://github.com/citusdata/tools.git tools + run: git clone -b v0.8.36-dev5 --depth=1 https://github.com/citusdata/tools.git tools - name: Clone build branch run: git clone -b "${MAIN_BRANCH}" --depth=1 https://github.com/citusdata/packaging.git packaging diff --git a/.github/workflows/build-package-test.yml b/.github/workflows/build-package-test.yml index dd8393b8..afd65fe6 100644 --- a/.github/workflows/build-package-test.yml +++ b/.github/workflows/build-package-test.yml @@ -60,6 +60,19 @@ jobs: - name: Checkout repository uses: actions/checkout@v6 + - name: Generate GitHub App token + id: app-token + uses: actions/create-github-app-token@v3 + with: + app-id: ${{ vars.GH_APP_ID }} + private-key: ${{ secrets.GH_APP_KEY }} + owner: citusdata + + - name: Export App token to environment + run: | + echo "GH_TOKEN=${{ steps.app-token.outputs.token }}" >> "$GITHUB_ENV" + echo "GITHUB_TOKEN=${{ steps.app-token.outputs.token }}" >> "$GITHUB_ENV" + - name: Install package dependencies run: | sudo apt-get update @@ -78,7 +91,7 @@ jobs: POSTGRES_VERSION: ${{ matrix.POSTGRES_VERSION }} - name: Clone tools repo for test - run: git clone -b v0.8.36-dev2 --depth=1 https://github.com/citusdata/tools.git tools + run: git clone -b v0.8.36-dev5 --depth=1 https://github.com/citusdata/tools.git tools - name: Execute packaging tests run: | @@ -86,6 +99,7 @@ jobs: python -m pytest -q tools/packaging_automation/tests/test_citus_package.py -k 'test_build_packages' env: PACKAGING_IMAGE_PLATFORM: "${{matrix.TARGET_PLATFORM}}" + POSTGRES_VERSION: ${{ matrix.POSTGRES_VERSION }} - name: Push images run: | diff --git a/.github/workflows/build-package.yml b/.github/workflows/build-package.yml index d4c67b2c..fbb88354 100644 --- a/.github/workflows/build-package.yml +++ b/.github/workflows/build-package.yml @@ -60,6 +60,19 @@ jobs: - name: Checkout repository uses: actions/checkout@v6 + - name: Generate GitHub App token + id: app-token + uses: actions/create-github-app-token@v3 + with: + app-id: ${{ vars.GH_APP_ID }} + private-key: ${{ secrets.GH_APP_KEY }} + owner: citusdata + + - name: Export App token to environment + run: | + echo "GH_TOKEN=${{ steps.app-token.outputs.token }}" >> "$GITHUB_ENV" + echo "GITHUB_TOKEN=${{ steps.app-token.outputs.token }}" >> "$GITHUB_ENV" + - name: Install package dependencies run: | sudo apt-get update @@ -78,7 +91,7 @@ jobs: POSTGRES_VERSION: ${{ matrix.POSTGRES_VERSION }} - name: Clone tools repo for test - run: git clone -b v0.8.36-dev2 --depth=1 https://github.com/citusdata/tools.git tools + run: git clone -b v0.8.36-dev5 --depth=1 https://github.com/citusdata/tools.git tools - name: Execute packaging tests run: | @@ -86,6 +99,7 @@ jobs: python -m pytest -q tools/packaging_automation/tests/test_citus_package.py -k 'test_build_packages' env: PACKAGING_IMAGE_PLATFORM: "${{matrix.TARGET_PLATFORM}}" + POSTGRES_VERSION: ${{ matrix.POSTGRES_VERSION }} - name: Push images run: | diff --git a/.github/workflows/build-pgazure-nightlies.yml b/.github/workflows/build-pgazure-nightlies.yml index 6239e874..6a534837 100644 --- a/.github/workflows/build-pgazure-nightlies.yml +++ b/.github/workflows/build-pgazure-nightlies.yml @@ -41,6 +41,19 @@ jobs: - name: Checkout repository uses: actions/checkout@v6 + - name: Generate GitHub App token + id: app-token + uses: actions/create-github-app-token@v3 + with: + app-id: ${{ vars.GH_APP_ID }} + private-key: ${{ secrets.GH_APP_KEY }} + owner: citusdata + + - name: Export App token to environment + run: | + echo "GH_TOKEN=${{ steps.app-token.outputs.token }}" >> "$GITHUB_ENV" + echo "GITHUB_TOKEN=${{ steps.app-token.outputs.token }}" >> "$GITHUB_ENV" + # This step is to fetch the images unanonymously to have higher bandwidth - name: Login to Docker Hub uses: docker/login-action@v4 @@ -49,7 +62,7 @@ jobs: password: ${{ secrets.DOCKERHUB_PASSWORD }} - name: Clone tools branch - run: git clone -b v0.8.36-dev2 --depth=1 https://github.com/citusdata/tools.git tools + run: git clone -b v0.8.36-dev5 --depth=1 https://github.com/citusdata/tools.git tools - name: Clone build branch run: git clone -b "${MAIN_BRANCH}" --depth=1 https://github.com/citusdata/packaging.git packaging diff --git a/.github/workflows/image-health-check.yml b/.github/workflows/image-health-check.yml index 073dee1e..216e3b9c 100644 --- a/.github/workflows/image-health-check.yml +++ b/.github/workflows/image-health-check.yml @@ -62,6 +62,19 @@ jobs: - name: Checkout repository uses: actions/checkout@v6 + - name: Generate GitHub App token + id: app-token + uses: actions/create-github-app-token@v3 + with: + app-id: ${{ vars.GH_APP_ID }} + private-key: ${{ secrets.GH_APP_KEY }} + owner: citusdata + + - name: Export App token to environment + run: | + echo "GH_TOKEN=${{ steps.app-token.outputs.token }}" >> "$GITHUB_ENV" + echo "GITHUB_TOKEN=${{ steps.app-token.outputs.token }}" >> "$GITHUB_ENV" + - name: Install package dependencies run: | sudo apt-get update @@ -80,7 +93,7 @@ jobs: POSTGRES_VERSION: ${{ matrix.POSTGRES_VERSION }} - name: Clone tools repo for test - run: git clone -b v0.8.36-dev2 --depth=1 https://github.com/citusdata/tools.git tools + run: git clone -b v0.8.36-dev5 --depth=1 https://github.com/citusdata/tools.git tools - name: Execute packaging tests run: | @@ -88,4 +101,5 @@ jobs: python -m pytest -q tools/packaging_automation/tests/test_citus_package.py -k 'test_build_packages' env: PACKAGING_IMAGE_PLATFORM: "${{matrix.TARGET_PLATFORM}}" + POSTGRES_VERSION: ${{ matrix.POSTGRES_VERSION }} diff --git a/.github/workflows/update-pgxn-version.yml b/.github/workflows/update-pgxn-version.yml index b285ab45..1e5ce600 100644 --- a/.github/workflows/update-pgxn-version.yml +++ b/.github/workflows/update-pgxn-version.yml @@ -18,13 +18,26 @@ jobs: steps: - uses: actions/checkout@v6 + - name: Generate GitHub App token + id: app-token + uses: actions/create-github-app-token@v3 + with: + app-id: ${{ vars.GH_APP_ID }} + private-key: ${{ secrets.GH_APP_KEY }} + owner: citusdata + + - name: Export App token to environment + run: | + echo "GH_TOKEN=${{ steps.app-token.outputs.token }}" >> "$GITHUB_ENV" + echo "GITHUB_TOKEN=${{ steps.app-token.outputs.token }}" >> "$GITHUB_ENV" + - name: Install dependencies run: | sudo apt-get update sudo apt-get install -y libcurl4-openssl-dev libssl-dev - name: Clone Tools branch - run: git clone --branch v0.8.35 https://github.com/citusdata/tools.git + run: git clone --branch v0.8.36-dev5 https://github.com/citusdata/tools.git - name: Install Python requirements run: python -m pip install -r tools/packaging_automation/requirements.txt diff --git a/.github/workflows/update_package_properties.yml b/.github/workflows/update_package_properties.yml index f08c98a2..cb80566b 100644 --- a/.github/workflows/update_package_properties.yml +++ b/.github/workflows/update_package_properties.yml @@ -23,7 +23,7 @@ jobs: # Runs a single command using the runners shell - name: Clone Tools branch - run: git clone --depth 1 --branch v0.8.35 https://github.com/citusdata/tools.git + run: git clone --depth 1 --branch v0.8.36-dev5 https://github.com/citusdata/tools.git # Runs a set of commands using the runners shell - name: Execute Package Properties Update diff --git a/scripts/determine_email b/scripts/determine_email index 899677b3..26d92f84 100755 --- a/scripts/determine_email +++ b/scripts/determine_email @@ -6,23 +6,28 @@ IFS=$'\n\t' # constants success=0 -failure=1 -# fallback to public email -email=$(curl -sf https://api.github.com/user | jq -r '.email // empty') +# Resolve the packager email WITHOUT contacting api.github.com/user or +# /user/emails, which are incompatible with GitHub App installation tokens (the +# App identity has no user endpoint and returns 403). Precedence: explicit env, +# then the address embedded in RPM_PACKAGER, then a fixed bot identity. +email="${PACKAGER_EMAIL:-}" -# first try to find Microsoft email, if fails, then it must be the -# case that bots@citusdata.com is building nightly packages for us -jqfilter='map(select(.verified and (.email | test("@microsoft.com$|^bots@citusdata.com$")))) | first | .email // empty' -citusemail=$(curl -sf https://api.github.com/user/emails | jq -r "${jqfilter}") +if [ -z "${email}" ]; then + email="${DEBEMAIL:-}" +fi -if [ -n "${citusemail}" ]; then - email="${citusemail}" +if [ -z "${email}" ] && [ -n "${RPM_PACKAGER:-}" ]; then + # Extract the address from "Full Name " if present. + case "${RPM_PACKAGER}" in + *"<"*">"*) + email="$(printf '%s' "${RPM_PACKAGER}" | sed -E 's/^.*<([^>]*)>.*$/\1/')" + ;; + esac fi if [ -z "${email}" ]; then - echo "$0: could not determine email" >&2 - exit $failure + email="bots@citusdata.com" fi echo "${email}" diff --git a/scripts/determine_name b/scripts/determine_name index 5879f8f6..ed828ea7 100755 --- a/scripts/determine_name +++ b/scripts/determine_name @@ -6,14 +6,25 @@ IFS=$'\n\t' # constants success=0 -failure=1 -fullname=$(curl -sf https://api.github.com/user | jq -r '.name // empty') +# Resolve the packager name WITHOUT contacting api.github.com/user, which is +# incompatible with GitHub App installation tokens (the App identity has no user +# endpoint and returns 403). Precedence: explicit env, then the name portion of +# RPM_PACKAGER, then DEBFULLNAME, then a fixed bot identity. +name="${PACKAGER_NAME:-}" -if [ -z "${fullname}" ]; then - echo "$0: could not determine user name" >&2 - exit $failure +if [ -z "${name}" ] && [ -n "${RPM_PACKAGER:-}" ]; then + # RPM_PACKAGER is typically "Full Name "; drop the address. + name="$(printf '%s' "${RPM_PACKAGER}" | sed -E 's/[[:space:]]*<[^>]*>[[:space:]]*$//')" fi -echo "${fullname}" +if [ -z "${name}" ]; then + name="${DEBFULLNAME:-}" +fi + +if [ -z "${name}" ]; then + name="Citus Bot" +fi + +echo "${name}" exit $success