Skip to content

Antalya 26.3 - Port SignRelease and SourceUpload additional jobs to praktika#1989

Merged
strtgbb merged 1 commit into
antalya-26.3from
make-sign-praktika-ant-26.3
Jun 30, 2026
Merged

Antalya 26.3 - Port SignRelease and SourceUpload additional jobs to praktika#1989
strtgbb merged 1 commit into
antalya-26.3from
make-sign-praktika-ant-26.3

Conversation

@strtgbb

@strtgbb strtgbb commented Jun 30, 2026

Copy link
Copy Markdown
Collaborator

The SignRelease (reusable_sign.yml) additional job was broken: it matrixed over a deprecated jobs_data.jobs_params[...].batches field that evaluated to an empty value (failing MasterCI's strategy step) and called tests/ci/ci.py, which no longer exists. Rather than patch dead code, port both SignRelease and SourceUpload to native praktika jobs.

  • Add ci/jobs/sign_release.py: hashes release packages (deb/rpm/tgz and the self-extracting clickhouse binary) with SHA512 and GPG-signs the hash files, passing the passphrase via a file so it never hits the logs.
  • Add ci/jobs/source_upload.py: checks out submodules (praktika's job checkout has none, unlike the old Altinity/checkout), tars the tree and uploads it to the unchanged legacy S3 path so external consumers keep working. No digest_config so the CI cache never skips it across commits.
  • Add ci/defs/altinity_jobs.py to hold Altinity-only jobs and their artifacts (sign_release_jobs, source_upload_job, signed_hashes), keeping the upstream-tracked defs.py/job_configs.py merge-clean.
  • Wire the new jobs into master, release_builds, and (source upload only) pull_request; drop the ported entries from additional_jobs.
  • Remove the SignRelease/SourceUpload templates and generator wiring, the obsolete reusable_sign.yml, and the old tests/ci/sign_release.py.
  • Regenerate the workflow YAML.

Ref: https://github.com/Altinity/ClickHouse/actions/runs/28142888526

Changelog category (leave one):

  • CI Fix or Improvement (changelog entry is not required)

Changelog entry (a user-readable short description of the changes that goes to CHANGELOG.md):

...

Documentation entry for user-facing changes

...

CI/CD Options

Exclude tests:

  • Fast test
  • Integration Tests
  • Stateless tests
  • Stateful tests
  • Performance tests
  • Aarch64 tests
  • All with ASAN
  • All with TSAN
  • All with MSAN
  • All with UBSAN
  • All with Coverage
  • All Regression
  • Disable CI Cache

Regression jobs to run:

  • Fast suites (mostly <1h)
  • Aggregate Functions (2h)
  • Alter (1.5h)
  • Benchmark (30m)
  • ClickHouse Keeper (1h)
  • Iceberg (2h)
  • LDAP (1h)
  • OAuth (5m)
  • Parquet (1.5h)
  • RBAC (1.5h)
  • SSL Server (1h)
  • S3 (2h)
  • S3 Export (2h)
  • Swarms (30m)
  • Tiered Storage (2h)

@strtgbb strtgbb requested a review from MyroTk June 30, 2026 15:06
@strtgbb strtgbb added cicd Improvements and fixes to the CICD process antalya-26.3 labels Jun 30, 2026
@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown

Workflow [PR], commit [2e1d59e]

MyroTk
MyroTk previously approved these changes Jun 30, 2026
@strtgbb strtgbb force-pushed the make-sign-praktika-ant-26.3 branch from 13c6019 to 186efc1 Compare June 30, 2026 15:28
The `SignRelease` (`reusable_sign.yml`) additional job was broken: it
matrixed over a deprecated `jobs_data.jobs_params[...].batches` field that
evaluated to an empty value (failing `MasterCI`'s strategy step) and called
`tests/ci/ci.py`, which no longer exists. Rather than patch dead code, port
both `SignRelease` and `SourceUpload` to native praktika jobs.

- Add `ci/jobs/sign_release.py`: hashes release packages (deb/rpm/tgz and
  the self-extracting `clickhouse` binary) with SHA512 and GPG-signs the
  hash files, passing the passphrase via a file so it never hits the logs.
- Add `ci/jobs/source_upload.py`: checks out submodules (praktika's job
  checkout has none, unlike the old `Altinity/checkout`), tars the tree and
  uploads it to the unchanged legacy S3 path so external consumers keep
  working. No `digest_config` so the CI cache never skips it across commits.
- Add `ci/defs/altinity_jobs.py` to hold Altinity-only jobs and their
  artifacts (`sign_release_jobs`, `source_upload_job`, `signed_hashes`),
  keeping the upstream-tracked `defs.py`/`job_configs.py` merge-clean.
- Wire the new jobs into `master`, `release_builds`, and (source upload
  only) `pull_request`; drop the ported entries from `additional_jobs`.
- Remove the `SignRelease`/`SourceUpload` templates and generator wiring,
  the obsolete `reusable_sign.yml`, and the old `tests/ci/sign_release.py`.
- Regenerate the workflow YAML.

Ref: https://github.com/Altinity/ClickHouse/actions/runs/28142888526
Co-authored-by: Cursor <cursoragent@cursor.com>
@strtgbb strtgbb force-pushed the make-sign-praktika-ant-26.3 branch from 186efc1 to 2e1d59e Compare June 30, 2026 15:30
@strtgbb strtgbb added the verified Approved for release label Jun 30, 2026
@strtgbb strtgbb merged commit f702365 into antalya-26.3 Jun 30, 2026
339 of 341 checks passed
@strtgbb strtgbb added the port-everywhere PRs that must be ported to every other version branch label Jun 30, 2026
strtgbb added a commit that referenced this pull request Jul 2, 2026
Antalya 26.3 - Port SignRelease and SourceUpload additional jobs to praktika
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

antalya-26.3 cicd Improvements and fixes to the CICD process port-everywhere PRs that must be ported to every other version branch verified Approved for release

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants