fix(ci): disable aws-chunked encoding for OSS uploads (#43) #9
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: install.sh | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - install.sh | |
| - .github/workflows/install-sh.yml | |
| pull_request: | |
| paths: | |
| - install.sh | |
| - .github/workflows/install-sh.yml | |
| permissions: | |
| contents: read | |
| jobs: | |
| lint: | |
| name: shellcheck + parse | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: shellcheck | |
| run: shellcheck -s sh install.sh | |
| - name: sh parse | |
| run: sh -n install.sh | |
| - name: bash parse | |
| run: bash -n install.sh | |
| smoke: | |
| name: smoke test (ubuntu) | |
| runs-on: ubuntu-latest | |
| needs: lint | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: run in ubuntu:22.04 container | |
| run: | | |
| docker run --rm -v "$PWD":/w:ro ubuntu:22.04 bash -c ' | |
| set -eu | |
| export DEBIAN_FRONTEND=noninteractive | |
| apt-get update -qq | |
| apt-get install -y -qq curl tar ca-certificates >/dev/null | |
| echo "::group::--help" | |
| bash /w/install.sh --help | head | |
| echo "::endgroup::" | |
| echo "::group::install --no-service @ v0.0.5" | |
| bash /w/install.sh --no-service --version v0.0.5 | |
| test -x /usr/local/bin/flashduty-runner | |
| /usr/local/bin/flashduty-runner version | grep -q "0.0.5" | |
| echo "::endgroup::" | |
| echo "::group::no-op re-run" | |
| bash /w/install.sh --no-service --version v0.0.5 2>&1 | tee /tmp/out | |
| grep -q "Already at v0.0.5" /tmp/out | |
| echo "::endgroup::" | |
| echo "::group::full install with TOKEN env var" | |
| bash /w/install.sh --uninstall >/dev/null | |
| TOKEN="wnt_ci_test" bash /w/install.sh --version v0.0.5 | |
| test -f /etc/flashduty-runner/env | |
| grep -q "FLASHDUTY_RUNNER_TOKEN=wnt_ci_test" /etc/flashduty-runner/env | |
| id flashduty | |
| test -d /var/lib/flashduty-runner/workspace | |
| echo "::endgroup::" | |
| echo "::group::env file preserved across update" | |
| echo "# CI marker" >> /etc/flashduty-runner/env | |
| sum_before=$(sha256sum /etc/flashduty-runner/env | awk "{print \$1}") | |
| bash /w/install.sh --version v0.0.5 >/dev/null | |
| sum_after=$(sha256sum /etc/flashduty-runner/env | awk "{print \$1}") | |
| [ "$sum_before" = "$sum_after" ] | |
| echo "::endgroup::" | |
| echo "::group::uninstall keeps config" | |
| bash /w/install.sh --uninstall | |
| test ! -e /usr/local/bin/flashduty-runner | |
| test -f /etc/flashduty-runner/env | |
| echo "::endgroup::" | |
| echo "::group::purge" | |
| bash /w/install.sh --purge | |
| test ! -d /etc/flashduty-runner | |
| test ! -d /var/lib/flashduty-runner | |
| ! id flashduty 2>/dev/null | |
| echo "::endgroup::" | |
| echo "::group::non-tty without TOKEN exits 6" | |
| set +e | |
| bash /w/install.sh --version v0.0.5 </dev/null >/tmp/err 2>&1 | |
| rc=$? | |
| set -e | |
| [ "$rc" = "6" ] | |
| grep -q "Token is required" /tmp/err | |
| echo "::endgroup::" | |
| echo "::group::nonexistent version exits 5" | |
| set +e | |
| bash /w/install.sh --no-service --version v99.99.99 >/tmp/err2 2>&1 | |
| rc=$? | |
| set -e | |
| [ "$rc" = "5" ] | |
| grep -q "Failed to download" /tmp/err2 | |
| echo "::endgroup::" | |
| echo "" | |
| echo "ALL CHECKS PASSED" | |
| ' | |
| mirror: | |
| name: mirror install.sh | |
| runs-on: ubuntu-latest | |
| needs: smoke | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Upload install.sh to S3-compatible storage | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.MIRROR_S3_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.MIRROR_S3_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ${{ secrets.MIRROR_S3_REGION }} | |
| BUCKET: ${{ secrets.MIRROR_S3_BUCKET }} | |
| ENDPOINT: ${{ secrets.MIRROR_S3_ENDPOINT }} | |
| PREFIX: ${{ secrets.MIRROR_S3_PATH_PREFIX }} | |
| run: | | |
| set -eu | |
| if [ -z "${BUCKET:-}" ] || [ -z "${ENDPOINT:-}" ]; then | |
| echo "Mirror not configured (need MIRROR_S3_BUCKET + MIRROR_S3_ENDPOINT). Skipping." | |
| exit 0 | |
| fi | |
| # Aliyun OSS rejects path-style requests; force virtual-hosted style. | |
| aws configure set default.s3.addressing_style virtual | |
| # AWS CLI v2.23+ default integrity protections add `aws-chunked` | |
| # encoding which OSS rejects (InvalidArgument). Restore old behavior. | |
| aws configure set default.request_checksum_calculation when_required | |
| aws configure set default.response_checksum_validation when_required | |
| PREFIX="${PREFIX#/}"; PREFIX="${PREFIX%/}" | |
| key="${PREFIX:+${PREFIX}/}install.sh" | |
| aws --endpoint-url="$ENDPOINT" s3 cp install.sh "s3://${BUCKET}/${key}" \ | |
| --cache-control "public, max-age=300" \ | |
| --content-type "text/x-shellscript; charset=utf-8" |