From 8776d4cf54f2ffe68b7e0e3ed7b2ac165b947b22 Mon Sep 17 00:00:00 2001 From: Dariusz Kijania Date: Thu, 11 Sep 2025 21:14:55 +0200 Subject: [PATCH 1/7] Merge pull request #17777 from MinaProtocol/dkijania/publish_mina_logproc_comp [CI] publish logproc first --- buildkite/src/Jobs/Promote/AutoPromoteNightly.dhall | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/buildkite/src/Jobs/Promote/AutoPromoteNightly.dhall b/buildkite/src/Jobs/Promote/AutoPromoteNightly.dhall index 181102a15136..20bf5d82e625 100644 --- a/buildkite/src/Jobs/Promote/AutoPromoteNightly.dhall +++ b/buildkite/src/Jobs/Promote/AutoPromoteNightly.dhall @@ -56,7 +56,8 @@ let specs_for_branch = -> \(channel : DebianChannel.Type) -> PublishPackages.Spec::{ , artifacts = - [ Artifacts.Type.Daemon + [ Artifacts.Type.LogProc + , Artifacts.Type.Daemon , Artifacts.Type.Archive , Artifacts.Type.Rosetta ] From 7679af5b1cf0efaf25aeb40565e87b3b40838ba5 Mon Sep 17 00:00:00 2001 From: Dariusz Kijania Date: Mon, 15 Sep 2025 13:25:18 +0200 Subject: [PATCH 2/7] Merge pull request #17782 from MinaProtocol/dkijania/debian_repo_cache_fix [CI] Fix debian caching issue when publishing --- buildkite/scripts/release/manager.sh | 37 +++++++++++++- buildkite/src/Command/Packages/Publish.dhall | 1 + scripts/debian/publish.sh | 51 ++++++++++++++++++-- 3 files changed, 83 insertions(+), 6 deletions(-) diff --git a/buildkite/scripts/release/manager.sh b/buildkite/scripts/release/manager.sh index 1d796a9d198b..c94733a6d7e9 100755 --- a/buildkite/scripts/release/manager.sh +++ b/buildkite/scripts/release/manager.sh @@ -371,7 +371,10 @@ function publish_debian() { local __dry_run=$8 local __backend=$9 local __debian_repo=${10} - local __debian_sign_key=${11} + local __arch=${11:-DEFAULT_ARCHITECTURE} + local __force_upload_debians=${12:-0} + local __debian_sign_key=${13} + local __new_artifact_name=${14:-""} get_cached_debian_or_download $__backend $__artifact $__codename "$__network" local __artifact_full_name @@ -405,6 +408,7 @@ function publish_debian() { --names "$DEBIAN_CACHE_FOLDER/$__codename/${__artifact_full_name}_${__target_version}.deb" \ --version $__target_version \ --bucket $__debian_repo \ + "$(if [[ $__force_upload_debians == 1 ]]; then echo "--force"; fi)" \ -c $__codename \ -r $__channel \ ${__sign_arg[@]} @@ -558,6 +562,8 @@ function publish_help(){ printf " %-25s %s\n" "--backend" "[string] backend to use for storage. e.g gs,hetzner. default: gs"; printf " %-25s %s\n" "--debian-repo" "[string] debian repository to publish to. default: $DEBIAN_REPO"; printf " %-25s %s\n" "--debian-sign-key" "[string] debian signing key to use. default: lack of presence = no signing"; + printf " %-25s %s\n" "--strip-network-from-archive" "[bool] strip network from archive name. E.g mina-archive-devnet -> mina-archive"; + printf " %-25s %s\n" "--force-upload-debians" "[bool] force upload debian packages even if they exist already in the repository"; echo "" echo "Example:" echo "" @@ -588,6 +594,9 @@ function publish(){ local __backend="gs" local __debian_repo=$DEBIAN_REPO local __debian_sign_key="" + local __strip_network_from_archive=0 + local __arch=${DEFAULT_ARCHITECTURE} + local __force_upload_debians=0 while [ ${#} -gt 0 ]; do error_message="❌ Error: a value is needed for '$1'"; @@ -655,6 +664,18 @@ function publish(){ __debian_sign_key=${2:?$error_message} shift 2; ;; + --strip-network-from-archive ) + __strip_network_from_archive=1 + shift 1; + ;; + --arch ) + __arch=${2:?$error_message} + shift 2; + ;; + --force-upload-debians ) + __force_upload_debians=1 + shift 1; + ;; * ) echo -e "❌ ${RED} !! Unknown option: $1${CLEAR}\n"; echo ""; @@ -700,6 +721,9 @@ function publish(){ echo " - Backend: $__backend" echo " - Debian repo: $__debian_repo" echo " - Debian sign key: $__debian_sign_key" + echo " - Strip network from archive: $__strip_network_from_archive" + echo " - Architecture: $__arch" + echo " - Force upload debians: $__force_upload_debians" echo "" if [[ $__backend != "gs" && $__backend != "hetzner" && $__backend != "local" ]]; then @@ -739,6 +763,8 @@ function publish(){ $__dry_run \ $__backend \ $__debian_repo \ + "$__arch" \ + "$__force_upload_debians" \ "$__debian_sign_key" fi @@ -760,7 +786,10 @@ function publish(){ $__dry_run \ $__backend \ $__debian_repo \ - "$__debian_sign_key" + "$__arch" \ + "$__force_upload_debians" \ + "$__debian_sign_key" \ + "$new_name" fi if [[ $__only_debians == 0 ]]; then @@ -781,6 +810,8 @@ function publish(){ $__dry_run \ $__backend \ $__debian_repo \ + "$__arch" \ + "$__force_upload_debians" \ "$__debian_sign_key" fi @@ -802,6 +833,8 @@ function publish(){ $__dry_run \ $__backend \ $__debian_repo \ + "$__arch" \ + "$__force_upload_debians" \ "$__debian_sign_key" fi diff --git a/buildkite/src/Command/Packages/Publish.dhall b/buildkite/src/Command/Packages/Publish.dhall index be895b8d9106..f0e35abb2c75 100644 --- a/buildkite/src/Command/Packages/Publish.dhall +++ b/buildkite/src/Command/Packages/Publish.dhall @@ -229,6 +229,7 @@ let publish ++ "--target-version ${r.value} " ++ "--codenames ${codenames} " ++ "--only-dockers " + ++ "--force-upload-debians " ) ] , label = "Docker Packages Publishing" diff --git a/scripts/debian/publish.sh b/scripts/debian/publish.sh index 7375a7c675a2..8e9b389631cf 100755 --- a/scripts/debian/publish.sh +++ b/scripts/debian/publish.sh @@ -7,12 +7,16 @@ RED='\033[0;31m' ARCH=amd64 BUCKET=packages.o1test.net +# Forcing upload debian even if it exists already +FORCE=0 + while [[ "$#" -gt 0 ]]; do case $1 in -n|--names) DEB_NAMES="$2"; shift;; -r|--release) DEB_RELEASE="$2"; shift;; -v|--version) DEB_VERSION="$2"; shift;; -c|--codename) DEB_CODENAME="$2"; shift;; -b|--bucket) BUCKET="$2"; shift;; + -f|--force) FORCE=1;; -s|--sign) SIGN="$2"; shift;; *) echo "❌ Unknown parameter passed: $1"; exit 1;; esac; shift; done @@ -33,6 +37,45 @@ function usage() { exit 1 } +# Invalidate CloudFront cache for the given bucket or CNAME and paths +# This is to ensure that after uploading new debs, users don't get stale +# package lists from CloudFront cache +# Usage: invalidate_cache [bucket-or-cname] codename +# Example: invalidate_cache nightly.apt.packages.minaprotocol.com bookworm +function invalidate_cache() { + BUCKET_OR_CNAME="${1:-nightly.apt.packages.minaprotocol.com}" + PATHS_TO_INVALIDATE="/dists/$2/*" + + echo "🔎 Resolving ${BUCKET_OR_CNAME}..." + CF_DOMAIN=$(dig +short CNAME "${BUCKET_OR_CNAME}" | sed 's/\.$//') + CF_DOMAIN=$(dig +short CNAME "${BUCKET_OR_CNAME}" | sed 's/\.$//') + + if [[ -z "$CF_DOMAIN" ]]; then + echo "❌ Could not resolve ${BUCKET_OR_CNAME} to a CloudFront domain." + exit 1 + fi + + echo "✅ Found CloudFront domain: ${CF_DOMAIN}" + + echo "📋 Searching for distribution ID in CloudFront..." + DIST_ID=$(aws cloudfront list-distributions \ + --query "DistributionList.Items[?DomainName=='${CF_DOMAIN}'].Id" \ + --output text) + + if [[ -z "$DIST_ID" ]]; then + echo "❌ No CloudFront distribution found for domain ${CF_DOMAIN}" + exit 1 + fi + + echo "✅ Found CloudFront distribution ID: ${DIST_ID}" + + echo "🚀 Creating invalidation for paths: ${PATHS_TO_INVALIDATE}" + aws cloudfront create-invalidation \ + --distribution-id "${DIST_ID}" \ + --paths "${PATHS_TO_INVALIDATE}" +} + + if [[ -z "$DEB_NAMES" ]]; then usage "❌ Debian(s) to upload are not set!"; fi; if [[ -z "$DEB_VERSION" ]]; then usage "❌ Version is not set!"; fi; if [[ -z "$DEB_CODENAME" ]]; then usage "❌ Codename is not set!"; fi; @@ -54,8 +97,6 @@ else GPG_OPTS=("--gpg-options=\"--batch" "--pinentry-mode=loopback" "--yes") fi - - echo "Publishing debs: ${DEB_NAMES} to Release: ${DEB_RELEASE} and Codename: ${DEB_CODENAME}" # Upload the deb files to s3. # If this fails, attempt to remove the lockfile and retry. @@ -68,10 +109,10 @@ for _ in {1..10}; do ( #>> Attempting to obtain a lock #/var/lib/gems/2.3.0/gems/deb-s3-0.10.0/lib/deb/s3/lock.rb:24:in `throw': uncaught throw #"Unable to obtain a lock after 60, giving up." deb-s3 upload $BUCKET_ARG $S3_REGION_ARG \ - --fail-if-exists \ + "$([ "$FORCE" -eq 0 ] && echo "--fail-if-exists")" \ --lock \ --preserve-versions \ - --cache-control=max-age=120 \ + --cache-control "no-store,no-cache,must-revalidate" \ $SIGN_ARG \ --component "${DEB_RELEASE}" \ --codename "${DEB_CODENAME}" \ @@ -79,6 +120,8 @@ deb-s3 upload $BUCKET_ARG $S3_REGION_ARG \ "${DEB_NAMES}" ) && break || (MINA_DEB_BUCKET=${BUCKET} scripts/debian/clear-s3-lockfile.sh); done +invalidate_cache "$BUCKET" "$DEB_CODENAME" + for deb in $DEB_NAMES do # extracting name from debian package path. E.g: From 3c5de1771a525cc862b07ad3705c3e7487f356a3 Mon Sep 17 00:00:00 2001 From: Dariusz Kijania Date: Thu, 18 Sep 2025 22:17:29 +0200 Subject: [PATCH 3/7] Merge pull request #17813 from MinaProtocol/dkijania/fix_publishing_again install dig --- dockerfiles/stages/3-toolchain | 1 + 1 file changed, 1 insertion(+) diff --git a/dockerfiles/stages/3-toolchain b/dockerfiles/stages/3-toolchain index ea93c1b3f327..41384787f8b2 100644 --- a/dockerfiles/stages/3-toolchain +++ b/dockerfiles/stages/3-toolchain @@ -19,6 +19,7 @@ RUN apt-get update --yes \ aptly \ apt-transport-https \ apt-utils \ + dnsutils \ fakeroot \ gnupg2 \ jq \ From 22f22854ed0c1bc33daae30c363f3721d3caa753 Mon Sep 17 00:00:00 2001 From: dkijania Date: Fri, 19 Sep 2025 22:41:06 +0200 Subject: [PATCH 4/7] add tester --- buildkite/src/Jobs/Promote/AutoPromoteNightly.dhall | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildkite/src/Jobs/Promote/AutoPromoteNightly.dhall b/buildkite/src/Jobs/Promote/AutoPromoteNightly.dhall index 20bf5d82e625..ff4dbebd11a3 100644 --- a/buildkite/src/Jobs/Promote/AutoPromoteNightly.dhall +++ b/buildkite/src/Jobs/Promote/AutoPromoteNightly.dhall @@ -96,5 +96,5 @@ in Pipeline.build # PublishPackages.publish (specs_for_branch "develop" DebianChannel.Type.Develop) # PublishPackages.publish - (specs_for_branch "master" DebianChannel.Type.Master) + (specs_for_branch "dkijana/port_publish_fix_master" DebianChannel.Type.Master) } From 28a815d4272a9b25c16b40202e3b63707321518f Mon Sep 17 00:00:00 2001 From: dkijania Date: Wed, 8 Oct 2025 20:13:54 +0200 Subject: [PATCH 5/7] lints --- buildkite/src/Jobs/Promote/AutoPromoteNightly.dhall | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/buildkite/src/Jobs/Promote/AutoPromoteNightly.dhall b/buildkite/src/Jobs/Promote/AutoPromoteNightly.dhall index ff4dbebd11a3..946795147f23 100644 --- a/buildkite/src/Jobs/Promote/AutoPromoteNightly.dhall +++ b/buildkite/src/Jobs/Promote/AutoPromoteNightly.dhall @@ -96,5 +96,8 @@ in Pipeline.build # PublishPackages.publish (specs_for_branch "develop" DebianChannel.Type.Develop) # PublishPackages.publish - (specs_for_branch "dkijana/port_publish_fix_master" DebianChannel.Type.Master) + ( specs_for_branch + "dkijana/port_publish_fix_master" + DebianChannel.Type.Master + ) } From 603e96ab205fa3e17dc9ee72372336e7b653fd9c Mon Sep 17 00:00:00 2001 From: dkijania Date: Wed, 8 Oct 2025 20:14:19 +0200 Subject: [PATCH 6/7] fix shellcheck --- buildkite/scripts/release/manager.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/buildkite/scripts/release/manager.sh b/buildkite/scripts/release/manager.sh index c94733a6d7e9..e427d957e9c0 100755 --- a/buildkite/scripts/release/manager.sh +++ b/buildkite/scripts/release/manager.sh @@ -775,6 +775,13 @@ function publish(){ ;; mina-archive) for network in "${__networks_arr[@]}"; do + + if [[ $__strip_network_from_archive == 1 ]]; then + new_name="mina-archive" + else + new_name="" + fi + if [[ $__only_dockers == 0 ]]; then publish_debian $artifact \ $__codename \ From 9ee48c8df28f5cc93671d7752fb75f0f96e19e74 Mon Sep 17 00:00:00 2001 From: dkijania Date: Mon, 20 Oct 2025 20:37:10 +0200 Subject: [PATCH 7/7] remove debug branch --- buildkite/src/Jobs/Promote/AutoPromoteNightly.dhall | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/buildkite/src/Jobs/Promote/AutoPromoteNightly.dhall b/buildkite/src/Jobs/Promote/AutoPromoteNightly.dhall index c317245ee0af..05200bf59410 100644 --- a/buildkite/src/Jobs/Promote/AutoPromoteNightly.dhall +++ b/buildkite/src/Jobs/Promote/AutoPromoteNightly.dhall @@ -97,8 +97,5 @@ in Pipeline.build # PublishPackages.publish (specs_for_branch "develop" DebianChannel.Type.Develop) # PublishPackages.publish - ( specs_for_branch - "dkijana/port_publish_fix_master" - DebianChannel.Type.Master - ) + (specs_for_branch "master" DebianChannel.Type.Master) }