From dfa7fb3da051560ef6457adf2c607f9ef6cccd3d Mon Sep 17 00:00:00 2001 From: Victor Santos Date: Thu, 12 Feb 2026 13:41:56 -0300 Subject: [PATCH 1/2] chore: update installation instructions and add S3 upload script - Replaced curl commands with wget for Alpine setup in README.md. - Added a new script, upload_to_s3.sh, to handle the upload of APK and RPM packages to S3, including validation of environment variables and generation of APKINDEX. - Updated GitHub Actions workflow to use the new S3 upload script instead of the previous Cloudsmith upload script. --- .../workflows/release_build_infisical_cli.yml | 6 +-- README.md | 4 +- npm/README.md | 4 +- scripts/setup/setup.apk.sh | 3 +- upload_to_cloudsmith.sh => upload_to_s3.sh | 39 +++++++------------ 5 files changed, 24 insertions(+), 32 deletions(-) rename upload_to_cloudsmith.sh => upload_to_s3.sh (80%) diff --git a/.github/workflows/release_build_infisical_cli.yml b/.github/workflows/release_build_infisical_cli.yml index c9467fc7..b2ee68a6 100644 --- a/.github/workflows/release_build_infisical_cli.yml +++ b/.github/workflows/release_build_infisical_cli.yml @@ -126,7 +126,6 @@ jobs: - uses: actions/setup-python@v4 with: python-version: "3.12" - - run: pip install --upgrade cloudsmith-cli - name: Install mkrepo and dependencies run: pip install mkrepo univers boto3 - name: Install AWS CLI @@ -151,9 +150,8 @@ jobs: env: APK_PRIVATE_KEY: ${{ secrets.APK_PRIVATE_KEY }} - name: Publish packages to repositories - run: bash upload_to_cloudsmith.sh + run: bash upload_to_s3.sh env: - CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }} INFISICAL_CLI_S3_BUCKET: ${{ secrets.INFISICAL_CLI_S3_BUCKET }} INFISICAL_CLI_REPO_SIGNING_KEY_ID: ${{ secrets.INFISICAL_CLI_REPO_SIGNING_KEY_ID }} AWS_ACCESS_KEY_ID: ${{ secrets.INFISICAL_CLI_REPO_AWS_ACCESS_KEY_ID }} @@ -203,3 +201,5 @@ jobs: POSTHOG_API_KEY_FOR_CLI: ${{ secrets.POSTHOG_API_KEY_FOR_CLI }} AUR_KEY: ${{ secrets.AUR_KEY }} GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} + + diff --git a/README.md b/README.md index 42024a6f..8e03f0e1 100644 --- a/README.md +++ b/README.md @@ -55,14 +55,14 @@ sudo apt-get install -y infisical _Alpine:_ ```bash -curl -1sLf 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' | bash +wget -qO- 'https://artifacts-cli.infisical.com/setup.apk.sh' | sudo sh sudo apk add infisical ``` _RHEL/CentOS:_ ```bash -curl -1sLf 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.rpm.sh' | sudo -E bash +curl -1sLf 'https://artifacts-cli.infisical.com/setup.rpm.sh' | sudo -E bash sudo yum install infisical ``` diff --git a/npm/README.md b/npm/README.md index febd52ee..277dc5d1 100644 --- a/npm/README.md +++ b/npm/README.md @@ -23,8 +23,8 @@ git commit activity - - Cloudsmith downloads + + Downloads Slack community channel diff --git a/scripts/setup/setup.apk.sh b/scripts/setup/setup.apk.sh index a8910c61..5af9f35d 100644 --- a/scripts/setup/setup.apk.sh +++ b/scripts/setup/setup.apk.sh @@ -87,7 +87,8 @@ import_rsa_key() { setup_repository() { local repo_file="/etc/apk/repositories" - local repo_url="${PKG_URL}/apk/stable/main/${arch}" + # Note: Alpine's apk tool automatically appends //APKINDEX.tar.gz to the repo URL + local repo_url="${PKG_URL}/apk/stable/main" echo_status "RUN" "Adding '${PACKAGE_NAME}' repository..." diff --git a/upload_to_cloudsmith.sh b/upload_to_s3.sh similarity index 80% rename from upload_to_cloudsmith.sh rename to upload_to_s3.sh index 3c74eb79..6e7b2aa8 100755 --- a/upload_to_cloudsmith.sh +++ b/upload_to_s3.sh @@ -24,14 +24,6 @@ validate_s3_env() { validate_s3_env -# ============================================ -# APK - Upload to Cloudsmith (keep until S3 is validated) -# ============================================ -for i in *.apk; do - [ -f "$i" ] || break - cloudsmith push alpine --republish infisical/infisical-cli/alpine/any-version $i -done - # ============================================ # APK - Upload to S3 and generate APKINDEX # ============================================ @@ -42,15 +34,23 @@ if ls *.apk 1> /dev/null 2>&1; then mkdir -p apk-staging/stable/main/x86_64 mkdir -p apk-staging/stable/main/aarch64 - # Sort APK files by architecture + # Sort APK files by architecture and rename to Alpine naming convention + # Alpine expects: -.apk (e.g., infisical-0.43.54.apk) + # GoReleaser creates: __linux_.apk for i in *.apk; do [ -f "$i" ] || break + + # Extract package name and version from .PKGINFO inside the APK + pkgname=$(tar -xzf "$i" -O .PKGINFO 2>/dev/null | grep "^pkgname" | cut -d' ' -f3) + pkgver=$(tar -xzf "$i" -O .PKGINFO 2>/dev/null | grep "^pkgver" | cut -d' ' -f3) + alpine_filename="${pkgname}-${pkgver}.apk" + if [[ "$i" == *"aarch64"* ]] || [[ "$i" == *"arm64"* ]]; then - echo "Copying $i to aarch64/" - cp "$i" apk-staging/stable/main/aarch64/ + echo "Copying $i to aarch64/ as $alpine_filename" + cp "$i" "apk-staging/stable/main/aarch64/${alpine_filename}" elif [[ "$i" == *"x86_64"* ]] || [[ "$i" == *"amd64"* ]]; then - echo "Copying $i to x86_64/" - cp "$i" apk-staging/stable/main/x86_64/ + echo "Copying $i to x86_64/ as $alpine_filename" + cp "$i" "apk-staging/stable/main/x86_64/${alpine_filename}" else echo "Warning: Unknown architecture for $i, skipping S3 upload" fi @@ -70,7 +70,6 @@ if ls *.apk 1> /dev/null 2>&1; then # Note: nFPM-generated APKs don't need individual signatures. # We only sign the APKINDEX, which contains checksums of all packages. # Using --allow-untrusted because nFPM packages aren't signed with Alpine tools. - # Cloudsmith also only signs the APKINDEX, not the individual APK files. (https://help.cloudsmith.io/docs/signing-keys) echo "Generating APKINDEX.tar.gz using Alpine container..." docker run --rm \ -v "$(pwd)/apk-staging:/repo" \ @@ -85,9 +84,9 @@ if ls *.apk 1> /dev/null 2>&1; then arch_dir="$1" arch_name="$2" - if ls /repo/stable/main/${arch_dir}/*.apk 1> /dev/null 2>&1; then + if ls "/repo/stable/main/${arch_dir}"/*.apk 1> /dev/null 2>&1; then echo "Processing ${arch_name} packages..." - cd /repo/stable/main/${arch_dir} + cd "/repo/stable/main/${arch_dir}" # Generate index (--allow-untrusted for nFPM-generated packages) echo "Generating APKINDEX for ${arch_name}..." @@ -116,14 +115,6 @@ for i in *.deb; do done -# ============================================ -# RPM - Upload to Cloudsmith (keep until S3 is validated) -# ============================================ -for i in *.rpm; do - [ -f "$i" ] || break - cloudsmith push rpm --republish infisical/infisical-cli/any-distro/any-version $i -done - # ============================================ # RPM - Upload to S3 and regenerate repo metadata # ============================================ From a270b8e6a97d4548702dc7acefd04c37cfeae2f6 Mon Sep 17 00:00:00 2001 From: Victor Santos Date: Thu, 12 Feb 2026 13:56:25 -0300 Subject: [PATCH 2/2] fix: add error handling for package info extraction in upload_to_s3.sh --- upload_to_s3.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/upload_to_s3.sh b/upload_to_s3.sh index 6e7b2aa8..5e712581 100755 --- a/upload_to_s3.sh +++ b/upload_to_s3.sh @@ -43,6 +43,12 @@ if ls *.apk 1> /dev/null 2>&1; then # Extract package name and version from .PKGINFO inside the APK pkgname=$(tar -xzf "$i" -O .PKGINFO 2>/dev/null | grep "^pkgname" | cut -d' ' -f3) pkgver=$(tar -xzf "$i" -O .PKGINFO 2>/dev/null | grep "^pkgver" | cut -d' ' -f3) + + if [ -z "$pkgname" ] || [ -z "$pkgver" ]; then + echo "Error: Failed to extract package info from $i" + exit 1 + fi + alpine_filename="${pkgname}-${pkgver}.apk" if [[ "$i" == *"aarch64"* ]] || [[ "$i" == *"arm64"* ]]; then