feature(distribution): upload packages to s3#120
Conversation
- Added functionality to upload APK packages to S3 and generate APKINDEX. - Implemented architecture-specific handling for APK files. - Introduced RPM package signing and upload to S3 with metadata regeneration. - Updated GitHub Actions workflow to install necessary dependencies for APK and RPM handling. - Created setup scripts for both APK and RPM repositories to streamline installation.
- Added error handling for directory change in upload_to_cloudsmith.sh. - Enhanced architecture validation in setup.apk.sh with clearer messaging. - Updated setup.rpm.sh to improve temporary file handling and added checks for DNF version. - Streamlined repository setup process in setup.rpm.sh by ensuring proper cleanup and error handling.
- Changed function name from detect_arch to validate_arch in setup.apk.sh to improve code readability and maintainability.
Greptile OverviewGreptile SummaryAdds S3-based package repository infrastructure for APK and RPM packages alongside existing Cloudsmith uploads. This PR implements a dual-upload strategy during the transition period. Major Changes:
Key Observations:
Issues Found:
Confidence Score: 4/5
Important Files Changed
|
… detection - Implemented a validation function for required S3 environment variables in upload_to_cloudsmith.sh, ensuring necessary credentials are set before proceeding with uploads. - Updated the architecture validation function in setup.apk.sh to enhance clarity and messaging, renaming it from validate_arch to detect_arch.
|
@greptileai re-review and update the summary |
Additional Comments (1)
|
- Implemented checks to ensure the APK private key exists before proceeding with APK processing. - Added validation for the RPM signing key ID to ensure it is configured before uploading RPM packages.
… RPM uploads - Added a check to ensure the INFISICAL_CLI_REPO_SIGNING_KEY_ID is set before uploading APK packages. - Removed redundant validation for RPM signing key ID, consolidating the check for both APK and RPM uploads.
|
@greptileai re-review and update the summary |
Additional Comments (2)
|
These are fine, we're testing the S3 flow first, and we'll upload to both places. |
… upload_to_cloudsmith.sh - Moved the validation check for INFISICAL_CLI_REPO_SIGNING_KEY_ID to the beginning of the script to ensure it is set before any uploads occur. - Removed redundant validation code from the APK upload section, streamlining the script.
|
@greptileai re-review and update the summary |
… logic - Changed the validation for S3 environment variables to exit on error instead of warning, ensuring the script halts if required variables are missing. - Removed the S3_ENABLED flag, simplifying the upload logic for APK and RPM packages by directly checking for the presence of files. - Enhanced clarity in the RPM upload section by consolidating the upload and metadata regeneration steps.
…ux distributions - Introduced `setup.deb.sh`, `setup.rpm.sh`, and `setup.apk.sh` scripts to facilitate the installation of the Infisical CLI on Debian/Ubuntu, RHEL/Fedora/CentOS/SUSE, and Alpine Linux respectively. - Created a comprehensive `README.md` to document the usage and functionality of the setup scripts, including instructions for configuring package repositories and installing the CLI. - Each script includes error handling, architecture detection, and repository configuration to streamline the installation process for end-users.
Description 📣
Adds S3-based package repository support for APK (Alpine) and RPM packages, alongside existing Cloudsmith uploads. Includes setup scripts for end users and updates the CI/CD workflow to upload and sign packages.
Changes Made
1. Enhanced Package Upload Script (
upload_to_cloudsmith.sh)APKINDEX.tar.gzfor x86_64 and aarch64mkrepodeb-s3(no changes)2. New Setup Scripts
scripts/setup.apk.sh: Alpine repository setup scriptscripts/setup.rpm.sh: RPM repository setup script3. GitHub Workflow Updates (
.github/workflows/release_build_infisical_cli.yml)mkrepo,boto3,awscli,rpm(for RPM signing)Pre-Merge Checklist
GitHub Secrets Required
APK_PRIVATE_KEY(NEW)openssl genrsa -out infisical.rsa 4096base64 -w 0 infisical.rsaS3 Bucket Setup Required
Configure the S3 bucket with the following structure and assets:
Directory Structure - DONE
Public Keys to Upload
s3://infisical-cli-artifacts-repo/apk/infisical.rsa.pubopenssl rsa -in infisical.rsa -pubout -out infisical.rsa.pubNote: This PR maintains dual upload (Cloudsmith + S3) during the transition period. Once S3 repositories are validated, Cloudsmith uploads can be removed in a future PR.
Type ✨
Tests
I tested the scripts locally with dummy data.
I also tested in the AWS dev environment, and the workflow for the APK worked
I couldn't test the RPM upload locally because the rpm-sign command is linux only