Skip to content

Commit

Permalink
Deploy Wasm artifacts
Browse files Browse the repository at this point in the history
  • Loading branch information
@carlopi
carlopi committed Nov 24, 2023
1 parent 0cbbfbd commit fd456b6
Show file tree
Hide file tree
Showing 3 changed files with 195 additions and 0 deletions.
12 changes: 12 additions & 0 deletions .github/workflows/MainDistributionPipeline.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ jobs:
vcpkg_commit: a42af01b72c28a8e1d7b48107b33e4f286a55ef6
duckdb_version: v0.9.2
extension_name: quack
exclude_archs: ""

duckdb-stable-deploy:
name: Deploy extension binaries
Expand All @@ -30,3 +31,14 @@ jobs:
extension_name: quack
deploy_latest: ${{ startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' }}
deploy_versioned: ${{ startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' }}

duckdb-wasm-stable-deploy:
name: Deploy Wasm extension binaries
needs: duckdb-stable-build
uses: ./.github/workflows/_extension_deploy_wasm.yml
secrets: inherit
with:
duckdb_version: v0.9.2
extension_name: quack
deploy_latest: ${{ startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' }}
deploy_versioned: ${{ startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' }}
122 changes: 122 additions & 0 deletions .github/workflows/_extension_deploy_wasm.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,122 @@
#
# Reusable workflow that deploys the artifacts produced by github.com/duckdb/duckdb/.github/workflows/_extension_distribution.yml
#
# note: this workflow needs to be located in the extension repository, as it requires secrets to be passed to the
# deploy script. However, it should generally not be necessary to modify this workflow in your extension repository, as
# this workflow can be configured to use a custom deploy script.


name: Extension Deployment Wasm
on:
workflow_call:
inputs:
# The name of the extension
extension_name:
required: true
type: string
# DuckDB version to build against
duckdb_version:
required: true
type: string
# ';' separated list of architectures to exclude, for example: 'linux_amd64;osx_arm64'
exclude_archs:
required: false
type: string
default: ""
# Whether to upload this deployment as the latest. This may overwrite a previous deployment.
deploy_latest:
required: false
type: boolean
default: false
# Whether to upload this deployment under a versioned path. These will not be deleted automatically
deploy_versioned:
required: false
type: boolean
default: false
# Postfix added to artifact names. Can be used to guarantee unique names when this workflow is called multiple times
artifact_postfix:
required: false
type: string
default: ""
# Override the default deploy script with a custom script
deploy_script:
required: false
type: string
default: "./scripts/extension-upload-wasm.sh"
# Override the default matrix parse script with a custom script
matrix_parse_script:
required: false
type: string
default: "./duckdb/scripts/modify_distribution_matrix.py"

jobs:
generate_matrix:
name: Generate matrix
runs-on: ubuntu-latest
outputs:
deploy_matrix: ${{ steps.parse-matrices.outputs.deploy_matrix }}
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
submodules: 'true'

- name: Checkout DuckDB to version
run: |
cd duckdb
git checkout ${{ inputs.duckdb_version }}
- id: parse-matrices
run: |
echo '{"wasm":{"include":[{"duckdb_arch":"wasm_mvp","vcpkg_triplet":"wasm32-emscripten"},{"duckdb_arch":"wasm_eh","vcpkg_triplet":"wasm32-emscripten"},{"duckdb_arch":"wasm_threads","vcpkg_triplet":"wasm32-emscripten"}]}}' > wasm_matrix_input.json
python3 ${{ inputs.matrix_parse_script }} --input wasm_matrix_input.json --deploy_matrix --output deploy_matrix.json --exclude "${{ inputs.exclude_archs }}" --pretty
deploy_matrix="`cat deploy_matrix.json`"
echo deploy_matrix=$deploy_matrix >> $GITHUB_OUTPUT
echo `cat $GITHUB_OUTPUT`
deploy:
name: Deploy
runs-on: ubuntu-latest
needs: generate_matrix
if: ${{ needs.generate_matrix.outputs.deploy_matrix != '{}' && needs.generate_matrix.outputs.deploy_matrix != '' }}
strategy:
matrix: ${{fromJson(needs.generate_matrix.outputs.deploy_matrix)}}

steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
submodules: 'true'

- name: Checkout DuckDB to version
run: |
cd duckdb
git checkout ${{ inputs.duckdb_version }}
- uses: actions/download-artifact@v2
with:
name: ${{ inputs.extension_name }}-${{ inputs.duckdb_version }}-extension-${{matrix.duckdb_arch}}${{inputs.artifact_postfix}}
path: |
/tmp/extension
- name: Deploy
shell: bash
env:
AWS_ACCESS_KEY_ID: ${{ secrets.S3_DUCKDB_ORG_DEPLOY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.S3_DUCKDB_ORG_DEPLOY_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.S3_DUCKDB_ORG_REGION }}
BUCKET_NAME: ${{ secrets.S3_DUCKDB_ORG_BUCKET }}
DUCKDB_EXTENSION_SIGNING_PK: ${{ secrets.S3_DUCKDB_ORG_EXTENSION_SIGNING_PK }}
run: |
pwd
python3 -m pip install pip awscli
git config --global --add safe.directory '*'
cd duckdb
git fetch --tags
export DUCKDB_VERSION=`git tag --points-at HEAD`
export DUCKDB_VERSION=${DUCKDB_VERSION:=`git log -1 --format=%h`}
cd ..
git fetch --tags
export EXT_VERSION=`git tag --points-at HEAD`
export EXT_VERSION=${EXT_VERSION:=`git log -1 --format=%h`}
${{ inputs.deploy_script }} ${{ inputs.extension_name }} $EXT_VERSION $DUCKDB_VERSION ${{ matrix.duckdb_arch }} $BUCKET_NAME ${{inputs.deploy_latest || 'true' && 'false'}} ${{inputs.deploy_versioned || 'true' && 'false'}}
61 changes: 61 additions & 0 deletions scripts/extension-upload-wasm.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
#!/bin/bash

# Extension upload script

# Usage: ./extension-upload-wasm.sh <name> <extension_version> <duckdb_version> <architecture> <s3_bucket> <copy_to_latest> <copy_to_versioned>
# <name> : Name of the extension
# <extension_version> : Version (commit / version tag) of the extension
# <duckdb_version> : Version (commit / version tag) of DuckDB
# <architecture> : Architecture target of the extension binary
# <s3_bucket> : S3 bucket to upload to
# <copy_to_latest> : Set this as the latest version ("true" / "false", default: "false")
# <copy_to_latest> : Set this as a versioned version that will prevent its deletion

set -e

f="/tmp/extension/$1.duckdb_extension.wasm"

script_dir="$(dirname "$(readlink -f "$0")")"

# calculate SHA256 hash of extension binary
cat $f > $f.append
# 0 for custom section
# 113 in hex = 275 in decimal, total lenght of what follows (1 + 16 + 2 + 256)
# [1(continuation) + 0010011(payload) = \x93, 0(continuation) + 10(payload) = \x02]
echo -n -e '\x00' >> $f.append
echo -n -e '\x93\x02' >> $f.append
# 10 in hex = 16 in decimal, lenght of name, 1 byte
echo -n -e '\x10' >> $f.append
echo -n -e 'duckdb_signature' >> $f.append
# the name of the WebAssembly custom section, 16 bytes
# 100 in hex, 256 in decimal
# [1(continuation) + 0000000(payload) = ff, 0(continuation) + 10(payload)],
# for a grand total of 2 bytes
echo -n -e '\x80\x02' >> $f.append

# (Optionally) Sign binary
if [ "$DUCKDB_EXTENSION_SIGNING_PK" != "" ]; then
echo "$DUCKDB_EXTENSION_SIGNING_PK" > private.pem
$script_dir/../duckdb/scripts/compute-extension-hash.sh $f.append > $f.hash
openssl pkeyutl -sign -in $f.hash -inkey private.pem -pkeyopt digest:sha256 -out $f.sign
rm -f private.pem
fi

truncate -s 256 $f.sign

# append signature to extension binary
cat $f.sign >> $f.append
# compress extension binary
brotli < $f.append > "$f.brotli"
set -e

# Abort if AWS key is not set
if [ -z "$AWS_ACCESS_KEY_ID" ]; then
echo "No AWS key found, skipping.."
exit 0
fi

# upload to latest version
if [[ $6 = 'true' ]]; then
aws s3 cp $ext.gz s3://$5/$3/$4/$1.duckdb_extension.wasm --acl public-read --content-encoding br --content-type="application/wasm"
fi

0 comments on commit fd456b6

Please sign in to comment.