Skip to content

Commit 7578509

Browse files
AzathothasAzathothas
committed
init
1 parent e759f44 commit 7578509

File tree

4 files changed

+352
-0
lines changed

4 files changed

+352
-0
lines changed

.github/dependabot.yaml

+6
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
version: 2
2+
updates:
3+
- package-ecosystem: "github-actions"
4+
directory: "/"
5+
schedule:
6+
interval: "daily"

.github/workflows/fetch_releases.yaml

+176
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,176 @@
1+
name: 🐬 Fetch Releases 🐬
2+
concurrency:
3+
group: "${{ github.workflow }}-${{ github.ref }}"
4+
cancel-in-progress: true
5+
6+
on:
7+
workflow_dispatch:
8+
schedule:
9+
- cron: "0 */6 * * *" # Every 06 Hrs
10+
jobs:
11+
fetch-sync:
12+
runs-on: ${{ matrix.runner }}
13+
timeout-minutes: 20
14+
permissions:
15+
attestations: write
16+
contents: write
17+
id-token: write
18+
packages: write
19+
statuses: read
20+
strategy:
21+
matrix:
22+
include:
23+
- title: "astral-glibc"
24+
script: "${GITHUB_WORKSPACE}/main/fetch_astral_glibc.sh"
25+
arch: "aarch64"
26+
file: "/tmp/python-astral-glibc.tar"
27+
runner: "ubuntu-24.04-arm"
28+
29+
- title: "astral-glibc"
30+
script: "${GITHUB_WORKSPACE}/main/fetch_astral_glibc.sh"
31+
arch: "x86_64"
32+
file: "/tmp/python-astral-glibc.tar"
33+
runner: "ubuntu-latest"
34+
35+
#No musl builds yet
36+
#- title: "astral-musl"
37+
# script: "${GITHUB_WORKSPACE}/main/fetch_astral_musl.sh"
38+
# arch: "aarch64"
39+
# file: "/tmp/python-astral-musl.tar"
40+
# runner: "ubuntu-24.04-arm"
41+
42+
- title: "astral-musl"
43+
script: "${GITHUB_WORKSPACE}/main/fetch_astral_musl.sh"
44+
arch: "x86_64"
45+
file: "/tmp/python-astral-musl.tar"
46+
runner: "ubuntu-latest"
47+
48+
steps:
49+
- name: Checkout repository
50+
uses: actions/checkout@v4
51+
with:
52+
path: main
53+
fetch-depth: "1"
54+
filter: "blob:none"
55+
56+
- name: Setup Env
57+
run: |
58+
#presets
59+
set +x ; set +e
60+
#-------------#
61+
##CoreUtils
62+
sudo apt update -y
63+
sudo apt install bc coreutils curl dos2unix fdupes jq moreutils wget -y
64+
sudo apt-get install apt-transport-https apt-utils ca-certificates coreutils dos2unix gnupg2 jq moreutils p7zip-full rename rsync software-properties-common texinfo tmux util-linux wget -y 2>/dev/null ; sudo apt-get update -y 2>/dev/null
65+
#Git
66+
sudo apt-get install git-lfs -y -qq
67+
echo "GH_PAGER=" >> "${GITHUB_ENV}"
68+
gh config set prompt disabled
69+
#tmp
70+
SYSTMP="$(dirname $(mktemp -u))" && export SYSTMP="${SYSTMP}"
71+
echo "SYSTMP=${SYSTMP}" >> "${GITHUB_ENV}"
72+
#-------------#
73+
##User-Agent
74+
USER_AGENT="$(curl -qfsSL 'https://pub.ajam.dev/repos/Azathothas/Wordlists/Misc/User-Agents/ua_chrome_macos_latest.txt')" && export USER_AGENT="${USER_AGENT}"
75+
echo "USER_AGENT=${USER_AGENT}" >> "${GITHUB_ENV}"
76+
continue-on-error: true
77+
78+
- name: Install Addons
79+
run: |
80+
#presets
81+
set +x ; set +e
82+
#-------------#
83+
bash <(curl -qfsSL "https://raw.githubusercontent.com/pkgforge/devscripts/refs/heads/main/Linux/install_bins_curl.sh")
84+
continue-on-error: true
85+
86+
- name: Fetch (${{ matrix.title }}/${{ matrix.arch }})
87+
env:
88+
GHCR_TOKEN: "${{ github.token }}"
89+
GITHUB_TOKEN: "${{ github.token }}"
90+
run: |
91+
#presets
92+
set +x ; set +e
93+
#-------------#
94+
dos2unix --quiet "${{ matrix.script }}"
95+
chmod +x "${{ matrix.script }}"
96+
bash "${{ matrix.script }}"
97+
continue-on-error: true
98+
99+
- name: Check
100+
run: |
101+
#presets
102+
set +x ; set +e
103+
#-------------#
104+
if [[ -s "${{ matrix.file }}" ]] && [[ $(stat -c%s "${{ matrix.file }}") -gt 1000 ]]; then
105+
export HAS_RELEASE="TRUE"
106+
echo "HAS_RELEASE=${HAS_RELEASE}" >> "${GITHUB_ENV}"
107+
UTC_TIME="$(TZ='UTC' date +'%Y_%m_%d')"
108+
echo "UTC_TIME=${UTC_TIME}" >> "${GITHUB_ENV}"
109+
else
110+
export HAS_RELEASE="FALSE"
111+
echo "HAS_RELEASE=${HAS_RELEASE}" >> "${GITHUB_ENV}"
112+
fi
113+
continue-on-error: true
114+
115+
- name: Fail (If Create Failed)
116+
if: env.HAS_RELEASE == 'FALSE'
117+
run: |
118+
#presets
119+
set +x ; set +e
120+
#-------------#
121+
exit 1
122+
continue-on-error: false
123+
124+
#Artifacts
125+
- name: Upload (Build) Artifacts
126+
if: env.HAS_RELEASE == 'TRUE'
127+
uses: actions/upload-artifact@v4
128+
with:
129+
name: "ARTIFACTS-${{ matrix.title }}_${{ matrix.arch }}"
130+
path: |
131+
${{ matrix.file }}
132+
compression-level: 0 #no compression, [Default: 6 (GNU Gzip)]
133+
retention-days: 90 #max
134+
overwrite: true
135+
continue-on-error: true
136+
137+
#continuous
138+
- name: Releaser (Continuous)
139+
if: env.HAS_RELEASE == 'TRUE'
140+
uses: softprops/[email protected]
141+
with:
142+
name: "Continuous ${{ matrix.title }}_${{ matrix.arch }}"
143+
tag_name: "${{ matrix.title }}_${{ matrix.arch }}"
144+
prerelease: true
145+
draft: false
146+
generate_release_notes: false
147+
body_path: "/tmp/RELEASE_NOTE.md"
148+
files: |
149+
${{ matrix.file }}
150+
continue-on-error: true
151+
152+
#Snapshot
153+
- name: Releaser (Snapshot)
154+
if: env.HAS_RELEASE == 'TRUE'
155+
uses: softprops/[email protected]
156+
with:
157+
name: "Snapshot-(${{ matrix.title }}_${{ matrix.arch }}_${{ env.UTC_TIME }}"
158+
tag_name: "${{ matrix.title }}_${{ matrix.arch }}_${{ env.UTC_TIME }}"
159+
prerelease: false
160+
draft: false
161+
generate_release_notes: false
162+
make_latest: false
163+
body_path: "/tmp/RELEASE_NOTE.md"
164+
files: |
165+
${{ matrix.file }}
166+
continue-on-error: true
167+
168+
#Build Provenance
169+
- name: Attest Build Provenance
170+
if: env.HAS_RELEASE == 'TRUE'
171+
uses: actions/[email protected]
172+
with:
173+
subject-name: "${{ matrix.title }}-${{ matrix.arch }}"
174+
subject-path: ${{ matrix.file }}
175+
show-summary: true
176+
continue-on-error: true

fetch_astral_glibc.sh

+85
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,85 @@
1+
#!/usr/bin/env bash
2+
## <DO NOT RUN STANDALONE, meant for CI Only>
3+
## Produces: "/tmp/python-astral-glibc.tar"
4+
## Self: https://raw.githubusercontent.com/pkgforge-dev/python-standalone/refs/heads/main/fetch_astral_glibc.sh
5+
# PARALLEL_LIMIT="20" bash <(curl -qfsSL "https://raw.githubusercontent.com/pkgforge-dev/python-standalone/refs/heads/main/fetch_astral_glibc.sh")
6+
#-------------------------------------------------------#
7+
8+
#-------------------------------------------------------#
9+
OUT_FILE="/tmp/python-astral-glibc.tar"
10+
SRC_REPO="astral-sh/python-build-standalone"
11+
pushd "$(mktemp -d)" &>/dev/null && TMPDIR="$(realpath .)"
12+
#Fetch Release Metadata
13+
for i in {1..5}; do
14+
gh api "repos/${SRC_REPO}/releases" --paginate | jq . > "${TMPDIR}/RELEASES.json" && break
15+
echo "Retrying... ${i}/5"
16+
sleep 2
17+
done
18+
#Sanity Check URLs
19+
REL_COUNT="$(jq -r '.. | objects | select(has("browser_download_url")) | .browser_download_url' "${TMPDIR}/RELEASES.json" | grep -iv 'null' | sort -u | wc -l | tr -d '[:space:]')"
20+
if [[ "${REL_COUNT}" -le 10 ]]; then
21+
echo -e "\n[-] FATAL: Failed to Fetch Release MetaData\n"
22+
echo "[-] Count: ${REL_COUNT}"
23+
exit 1
24+
else
25+
#Get Download URL
26+
REL_DL_URL="$(cat "${TMPDIR}/RELEASES.json" | jq -r '.[] | select(.prerelease | not) | .assets[].browser_download_url | select((. | test("\\.(sha|sha256|sha512|sig)$") | not) and (. | test("apple|darwin|macos|v2-|v3-|v4-|windows"; "i") | not))' |\
27+
grep -Ei "$(uname -m)" | grep -Ei "glibc|gnu" | grep -Ei "stripped" | sort --version-sort | tail -n 1 |\
28+
tr -d '[:space:]')"
29+
fi
30+
#Download
31+
if ! echo "${REL_DL_URL}" | grep -qiE '^https?://'; then
32+
echo -e "[-] FATAL: Failed to fetch Download URL"
33+
exit 1
34+
else
35+
curl -w "(DL) <== %{url}\n" -qfSL "${REL_DL_URL}" -o "${TMPDIR}/python.archive" | tee "${TMPDIR}/REL_NOTE.txt"
36+
fi
37+
#Extract
38+
if [[ -s "${TMPDIR}/python.archive" ]] && [[ $(stat -c%s "${TMPDIR}/python.archive") -gt 10000 ]]; then
39+
echo -e "[+] Downloaded Artifact"
40+
realpath "${TMPDIR}/python.archive" && du -sh "${TMPDIR}/python.archive"
41+
#Extract until Root
42+
mkdir -pv "${TMPDIR}/EXTRACT_DIR" && \
43+
COMMON_PREFIX="$(tar -tzf "${TMPDIR}/python.archive" | awk -F'/' '{if(NF>max_depth)max_depth=NF;paths[NR]=$0}END{split(paths[1],f,"/");for(i=1;i<=max_depth;i++){prefix=f[i];for(j in paths){split(paths[j],c,"/");if(c[i]!=prefix){print i-1;exit}}}print max_depth}' | tr -cd '0-9' | tr -d '[:space:]')"
44+
tar --strip-components="${COMMON_PREFIX}" -xvzf "${TMPDIR}/python.archive" -C "${TMPDIR}/EXTRACT_DIR"
45+
#Check
46+
if [[ ! -d "${TMPDIR}/EXTRACT_DIR" ]] || [[ "$(du -s "${TMPDIR}/EXTRACT_DIR" | cut -f1 | tr -d '[:space:]')" -le 1000 ]]; then
47+
echo -e "\n[-] FATAL: Extracted dir is empty\n"
48+
exit 1
49+
fi
50+
#Print as Tree
51+
find -L "${TMPDIR}/EXTRACT_DIR" | sort | awk -F/ '{indent=""; for (i=2; i<NF; i++) indent=indent " "; print (NF>1 ? indent "--> " $NF : $NF)}'
52+
#Prep
53+
sudo chown -R "$(whoami):$(whoami)" "${TMPDIR}/EXTRACT_DIR" && chmod -R 755 "${TMPDIR}/EXTRACT_DIR"
54+
#Repack
55+
rm -rf "${OUT_FILE}" 2>/dev/null
56+
pushd "${TMPDIR}/EXTRACT_DIR" &>/dev/null &&\
57+
7z a -ttar -mx="9" -mmt="$(($(nproc)+1))" -bsp1 -bt "${OUT_FILE}" "."
58+
realpath "${OUT_FILE}" && du -sh "${OUT_FILE}"
59+
pushd "${TMPDIR}" &>/dev/null
60+
#Gen Release Note
61+
if [[ -s "${OUT_FILE}" && $(stat -c%s "${OUT_FILE}") -gt 10000 ]]; then
62+
echo -e "" > "/tmp/RELEASE_NOTE.md"
63+
echo '---' >> "/tmp/RELEASE_NOTE.md"
64+
echo '```console' >> "/tmp/RELEASE_NOTE.md"
65+
echo -e "\n" >> "/tmp/RELEASE_NOTE.md"
66+
cat "${TMPDIR}/REL_NOTE.txt" >> "/tmp/RELEASE_NOTE.md"
67+
echo -e "\n[+] --> HOST" >> "/tmp/RELEASE_NOTE.md"
68+
echo "$(uname -m)-$(uname -s)-gnu" >> "/tmp/RELEASE_NOTE.md"
69+
echo -e "\n[+] --> FILE" >> "/tmp/RELEASE_NOTE.md"
70+
file "${OUT_FILE}" | sed 's|.*/||' >> "/tmp/RELEASE_NOTE.md"
71+
echo -e "\n[+] --> SIZE" >> "/tmp/RELEASE_NOTE.md"
72+
du -sh "${OUT_FILE}" | awk '{unit=substr($1,length($1)); sub(/[BKMGT]$/,"",$1); print $1 " " unit "B"}' >> "/tmp/RELEASE_NOTE.md"
73+
echo -e "\n[+] --> BLAKE3SUM" >> "/tmp/RELEASE_NOTE.md"
74+
b3sum "${OUT_FILE}" | grep -oE '^[a-f0-9]{64}' | tr -d '[:space:]' >> "/tmp/RELEASE_NOTE.md"
75+
echo -e "\n\n[+] --> SHA256SUM" >> "/tmp/RELEASE_NOTE.md"
76+
sha256sum "${OUT_FILE}" | grep -oE '^[a-f0-9]{64}' | tr -d '[:space:]' >> "/tmp/RELEASE_NOTE.md"
77+
echo -e "\n" >> "/tmp/RELEASE_NOTE.md"
78+
echo -e '```\n' >> "/tmp/RELEASE_NOTE.md"
79+
fi
80+
else
81+
echo -e "[-] FATAL: Downloaded Artifact is Probably Broken"
82+
echo -e "\n" && cat "${TMPDIR}/REL_NOTE.txt" ; echo -e "\n"
83+
exit 1
84+
fi
85+
#-------------------------------------------------------#

fetch_astral_musl.sh

+85
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,85 @@
1+
#!/usr/bin/env bash
2+
## <DO NOT RUN STANDALONE, meant for CI Only>
3+
## Produces: "/tmp/python-astral-musl.tar"
4+
## Self: https://raw.githubusercontent.com/pkgforge-dev/python-standalone/refs/heads/main/fetch_astral_musl.sh
5+
# PARALLEL_LIMIT="20" bash <(curl -qfsSL "https://raw.githubusercontent.com/pkgforge-dev/python-standalone/refs/heads/main/fetch_astral_musl.sh")
6+
#-------------------------------------------------------#
7+
8+
#-------------------------------------------------------#
9+
OUT_FILE="/tmp/python-astral-musl.tar"
10+
SRC_REPO="astral-sh/python-build-standalone"
11+
pushd "$(mktemp -d)" &>/dev/null && TMPDIR="$(realpath .)"
12+
#Fetch Release Metadata
13+
for i in {1..5}; do
14+
gh api "repos/${SRC_REPO}/releases" --paginate | jq . > "${TMPDIR}/RELEASES.json" && break
15+
echo "Retrying... ${i}/5"
16+
sleep 2
17+
done
18+
#Sanity Check URLs
19+
REL_COUNT="$(jq -r '.. | objects | select(has("browser_download_url")) | .browser_download_url' "${TMPDIR}/RELEASES.json" | grep -iv 'null' | sort -u | wc -l | tr -d '[:space:]')"
20+
if [[ "${REL_COUNT}" -le 10 ]]; then
21+
echo -e "\n[-] FATAL: Failed to Fetch Release MetaData\n"
22+
echo "[-] Count: ${REL_COUNT}"
23+
exit 1
24+
else
25+
#Get Download URL
26+
REL_DL_URL="$(cat "${TMPDIR}/RELEASES.json" | jq -r '.[] | select(.prerelease | not) | .assets[].browser_download_url | select((. | test("\\.(sha|sha256|sha512|sig)$") | not) and (. | test("apple|darwin|macos|v2-|v3-|v4-|windows"; "i") | not))' |\
27+
grep -Ei "$(uname -m)" | grep -Ei "musl" | grep -Ei "stripped" | sort --version-sort | tail -n 1 |\
28+
tr -d '[:space:]')"
29+
fi
30+
#Download
31+
if ! echo "${REL_DL_URL}" | grep -qiE '^https?://'; then
32+
echo -e "[-] FATAL: Failed to fetch Download URL"
33+
exit 1
34+
else
35+
curl -w "(DL) <== %{url}\n" -qfSL "${REL_DL_URL}" -o "${TMPDIR}/python.archive" | tee "${TMPDIR}/REL_NOTE.txt"
36+
fi
37+
#Extract
38+
if [[ -s "${TMPDIR}/python.archive" ]] && [[ $(stat -c%s "${TMPDIR}/python.archive") -gt 10000 ]]; then
39+
echo -e "[+] Downloaded Artifact"
40+
realpath "${TMPDIR}/python.archive" && du -sh "${TMPDIR}/python.archive"
41+
#Extract until Root
42+
mkdir -pv "${TMPDIR}/EXTRACT_DIR" && \
43+
COMMON_PREFIX="$(tar -tzf "${TMPDIR}/python.archive" | awk -F'/' '{if(NF>max_depth)max_depth=NF;paths[NR]=$0}END{split(paths[1],f,"/");for(i=1;i<=max_depth;i++){prefix=f[i];for(j in paths){split(paths[j],c,"/");if(c[i]!=prefix){print i-1;exit}}}print max_depth}' | tr -cd '0-9' | tr -d '[:space:]')"
44+
tar --strip-components="${COMMON_PREFIX}" -xvzf "${TMPDIR}/python.archive" -C "${TMPDIR}/EXTRACT_DIR"
45+
#Check
46+
if [[ ! -d "${TMPDIR}/EXTRACT_DIR" ]] || [[ "$(du -s "${TMPDIR}/EXTRACT_DIR" | cut -f1 | tr -d '[:space:]')" -le 1000 ]]; then
47+
echo -e "\n[-] FATAL: Extracted dir is empty\n"
48+
exit 1
49+
fi
50+
#Print as Tree
51+
find -L "${TMPDIR}/EXTRACT_DIR" | sort | awk -F/ '{indent=""; for (i=2; i<NF; i++) indent=indent " "; print (NF>1 ? indent "--> " $NF : $NF)}'
52+
#Prep
53+
sudo chown -R "$(whoami):$(whoami)" "${TMPDIR}/EXTRACT_DIR" && chmod -R 755 "${TMPDIR}/EXTRACT_DIR"
54+
#Repack
55+
rm -rf "${OUT_FILE}" 2>/dev/null
56+
pushd "${TMPDIR}/EXTRACT_DIR" &>/dev/null &&\
57+
7z a -ttar -mx="9" -mmt="$(($(nproc)+1))" -bsp1 -bt "${OUT_FILE}" "."
58+
realpath "${OUT_FILE}" && du -sh "${OUT_FILE}"
59+
pushd "${TMPDIR}" &>/dev/null
60+
#Gen Release Note
61+
if [[ -s "${OUT_FILE}" && $(stat -c%s "${OUT_FILE}") -gt 10000 ]]; then
62+
echo -e "" > "/tmp/RELEASE_NOTE.md"
63+
echo '---' >> "/tmp/RELEASE_NOTE.md"
64+
echo '```console' >> "/tmp/RELEASE_NOTE.md"
65+
echo -e "\n" >> "/tmp/RELEASE_NOTE.md"
66+
cat "${TMPDIR}/REL_NOTE.txt" >> "/tmp/RELEASE_NOTE.md"
67+
echo -e "\n[+] --> HOST" >> "/tmp/RELEASE_NOTE.md"
68+
echo "$(uname -m)-$(uname -s)-musl" >> "/tmp/RELEASE_NOTE.md"
69+
echo -e "\n[+] --> FILE" >> "/tmp/RELEASE_NOTE.md"
70+
file "${OUT_FILE}" | sed 's|.*/||' >> "/tmp/RELEASE_NOTE.md"
71+
echo -e "\n[+] --> SIZE" >> "/tmp/RELEASE_NOTE.md"
72+
du -sh "${OUT_FILE}" | awk '{unit=substr($1,length($1)); sub(/[BKMGT]$/,"",$1); print $1 " " unit "B"}' >> "/tmp/RELEASE_NOTE.md"
73+
echo -e "\n[+] --> BLAKE3SUM" >> "/tmp/RELEASE_NOTE.md"
74+
b3sum "${OUT_FILE}" | grep -oE '^[a-f0-9]{64}' | tr -d '[:space:]' >> "/tmp/RELEASE_NOTE.md"
75+
echo -e "\n\n[+] --> SHA256SUM" >> "/tmp/RELEASE_NOTE.md"
76+
sha256sum "${OUT_FILE}" | grep -oE '^[a-f0-9]{64}' | tr -d '[:space:]' >> "/tmp/RELEASE_NOTE.md"
77+
echo -e "\n" >> "/tmp/RELEASE_NOTE.md"
78+
echo -e '```\n' >> "/tmp/RELEASE_NOTE.md"
79+
fi
80+
else
81+
echo -e "[-] FATAL: Downloaded Artifact is Probably Broken"
82+
echo -e "\n" && cat "${TMPDIR}/REL_NOTE.txt" ; echo -e "\n"
83+
exit 1
84+
fi
85+
#-------------------------------------------------------#

0 commit comments

Comments
 (0)