CodingWithCalvin
diff --git a/‎.github/workflows/generate-manifests-from-r2.yml‎
Lines changed: 125 additions & 0 deletions b/‎.github/workflows/generate-manifests-from-r2.yml‎
Lines changed: 125 additions & 0 deletions
diff --git a/‎.github/workflows/mirror-sync.yml‎
Lines changed: 9 additions & 10 deletions b/‎.github/workflows/mirror-sync.yml‎
Lines changed: 9 additions & 10 deletions
diff --git a/‎schemas/manifest.schema.json‎
Lines changed: 12 additions & 5 deletions b/‎schemas/manifest.schema.json‎
Lines changed: 12 additions & 5 deletions
diff --git a/‎scripts/generate-manifests-from-r2/go.mod‎
Lines changed: 27 additions & 0 deletions b/‎scripts/generate-manifests-from-r2/go.mod‎
Lines changed: 27 additions & 0 deletions
diff --git a/‎scripts/generate-manifests-from-r2/go.sum‎
Lines changed: 36 additions & 0 deletions b/‎scripts/generate-manifests-from-r2/go.sum‎
Lines changed: 36 additions & 0 deletions
@@ -0,0 +1,125 @@
+name: Generate Manifests from R2
+
+on:
+  # Trigger after mirror sync completes
+  workflow_run:
+    workflows: ["Mirror Sync"]
+    types:
+      - completed
+  # Manual trigger
+  workflow_dispatch:
+    inputs:
+      runtime:
+        description: 'Runtime to generate (node, python, ruby, or all)'
+        required: true
+        default: 'all'
+        type: choice
+        options:
+          - all
+          - node
+          - python
+          - ruby
+      dry_run:
+        description: 'Dry run (report only, no file changes)'
+        required: false
+        default: false
+        type: boolean
+
+jobs:
+  generate:
+    name: Generate Manifests
+    runs-on: ubuntu-latest
+    if: ${{ github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+
+      - name: Build manifest generator
+        run: |
+          cd scripts/generate-manifests-from-r2
+          go build -o generate-manifests .
+
+      - name: Generate manifests (dry run)
+        if: ${{ github.event_name == 'workflow_dispatch' && inputs.dry_run }}
+        env:
+          R2_ENDPOINT: https://${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com
+          R2_BUCKET: ${{ secrets.CLOUDFLARE_R2_BUILDS_BUCKET }}
+          R2_ACCESS_KEY: ${{ secrets.CLOUDFLARE_R2_ACCESS_KEY_ID }}
+          R2_SECRET_KEY: ${{ secrets.CLOUDFLARE_R2_SECRET_ACCESS_KEY }}
+        run: |
+          RUNTIME="${{ inputs.runtime || 'all' }}"
+          ./scripts/generate-manifests-from-r2/generate-manifests \
+            --runtime="$RUNTIME" \
+            --output-dir=src/internal/manifest/data \
+            --base-url="https://builds.dtvem.io" \
+            --r2-endpoint="$R2_ENDPOINT" \
+            --r2-bucket="$R2_BUCKET" \
+            --r2-access-key="$R2_ACCESS_KEY" \
+            --r2-secret-key="$R2_SECRET_KEY" \
+            --dry-run
+
+      - name: Generate manifests
+        if: ${{ github.event_name != 'workflow_dispatch' || !inputs.dry_run }}
+        env:
+          R2_ENDPOINT: https://${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com
+          R2_BUCKET: ${{ secrets.CLOUDFLARE_R2_BUILDS_BUCKET }}
+          R2_ACCESS_KEY: ${{ secrets.CLOUDFLARE_R2_ACCESS_KEY_ID }}
+          R2_SECRET_KEY: ${{ secrets.CLOUDFLARE_R2_SECRET_ACCESS_KEY }}
+        run: |
+          RUNTIME="${{ inputs.runtime || 'all' }}"
+          ./scripts/generate-manifests-from-r2/generate-manifests \
+            --runtime="$RUNTIME" \
+            --output-dir=src/internal/manifest/data \
+            --base-url="https://builds.dtvem.io" \
+            --r2-endpoint="$R2_ENDPOINT" \
+            --r2-bucket="$R2_BUCKET" \
+            --r2-access-key="$R2_ACCESS_KEY" \
+            --r2-secret-key="$R2_SECRET_KEY"
+
+      - name: Check for changes
+        id: check-changes
+        if: ${{ github.event_name != 'workflow_dispatch' || !inputs.dry_run }}
+        run: |
+          git diff --quiet src/internal/manifest/data/ || echo "changed=true" >> $GITHUB_OUTPUT
+
+      - name: Create Pull Request
+        if: ${{ steps.check-changes.outputs.changed == 'true' }}
+        uses: peter-evans/create-pull-request@v7
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: 'chore(manifest): regenerate manifests from R2'
+          title: 'chore(manifest): regenerate manifests from R2'
+          body: |
+            Regenerated manifests from binaries hosted on `builds.dtvem.io`.
+
+            This PR was created by the [Generate Manifests from R2 workflow](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}).
+
+            ## Changes
+            - URLs now point to `builds.dtvem.io` (our hosted binaries)
+            - Includes `sha256_source` field indicating checksum origin ("upstream" or "dtvem")
+
+            Please review the changes before merging.
+          branch: chore/regenerate-manifests-from-r2
+          delete-branch: true
+          labels: |
+            automated
+            manifest
+
+      - name: Generate summary
+        if: always()
+        run: |
+          echo "## Manifest Generation" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          if [ "${{ inputs.dry_run }}" = "true" ]; then
+            echo "**Mode:** Dry run (no changes made)" >> $GITHUB_STEP_SUMMARY
+          elif [ "${{ steps.check-changes.outputs.changed }}" = "true" ]; then
+            echo "**Result:** Changes detected, PR created" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "**Result:** No changes detected" >> $GITHUB_STEP_SUMMARY
+          fi
@@ -1,11 +1,9 @@
 name: Mirror Sync
 
 on:
-  # Run after manifest updates are deployed
-  workflow_run:
-    workflows: ["Deploy Manifests"]
-    types:
-      - completed
+  # Run weekly to catch new upstream versions
+  schedule:
+    - cron: '0 4 * * 0'  # Every Sunday at 4 AM UTC
   # Manual trigger
   workflow_dispatch:
     inputs:
@@ -24,12 +22,11 @@ jobs:
   sync:
     name: Sync ${{ matrix.runtime }}
     runs-on: ubuntu-latest
-    if: ${{ github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }}
-    timeout-minutes: 120  # 2 hours max for sync
+    timeout-minutes: 180  # 3 hours max for sync
     strategy:
       fail-fast: false
       matrix:
-        runtime: ${{ (github.event_name == 'workflow_dispatch' && inputs.runtime == 'all') && fromJson('["node", "python", "ruby"]') || (github.event_name == 'workflow_dispatch' && fromJson(format('["{0}"]', inputs.runtime))) || fromJson('["node", "python", "ruby"]') }}
+        runtime: ${{ (github.event_name == 'workflow_dispatch' && inputs.runtime != 'all') && fromJson(format('["{0}"]', inputs.runtime)) || fromJson('["node", "python", "ruby"]') }}
 
     steps:
       - name: Checkout
@@ -45,7 +42,7 @@ jobs:
           cd scripts/mirror-binaries
           go build -o mirror-binaries .
 
-      - name: Sync new binaries
+      - name: Sync new binaries to R2
         env:
           R2_ENDPOINT: https://${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com
           R2_BUCKET: ${{ secrets.CLOUDFLARE_R2_BUILDS_BUCKET }}
@@ -67,4 +64,6 @@ jobs:
         run: |
           echo "## Sync Results for ${{ matrix.runtime }}" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
-          echo "Synced new binaries not already present in R2." >> $GITHUB_STEP_SUMMARY
+          echo "Synced new binaries from upstream that were not already in R2." >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "To generate updated manifests, run the 'Generate Manifests from R2' workflow." >> $GITHUB_STEP_SUMMARY
@@ -47,7 +47,7 @@
     "download": {
       "type": "object",
       "description": "Download information for a pre-built binary",
-      "required": ["url", "sha256"],
+      "required": ["url"],
       "additionalProperties": false,
       "properties": {
         "url": {
@@ -59,6 +59,11 @@
           "type": "string",
           "pattern": "^[a-fA-F0-9]{64}$",
           "description": "SHA256 checksum (64 hex characters)"
+        },
+        "sha256_source": {
+          "type": "string",
+          "enum": ["upstream", "dtvem"],
+          "description": "Origin of the SHA256 checksum: 'upstream' if from the original provider, 'dtvem' if generated by us during mirroring"
         }
       }
     }
@@ -69,13 +74,15 @@
       "versions": {
         "3.13.1": {
           "windows-amd64": {
-            "url": "https://www.python.org/ftp/python/3.13.1/python-3.13.1-embed-amd64.zip",
-            "sha256": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2"
+            "url": "https://builds.dtvem.io/python/3.13.1/windows-amd64.zip",
+            "sha256": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2",
+            "sha256_source": "upstream"
           },
           "darwin-arm64": null,
           "linux-amd64": {
-            "url": "https://github.com/astral-sh/python-build-standalone/releases/download/20251209/cpython-3.13.1.tar.gz",
-            "sha256": "b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3"
+            "url": "https://builds.dtvem.io/python/3.13.1/linux-amd64.tar.gz",
+            "sha256": "b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3",
+            "sha256_source": "dtvem"
           }
         }
       }
 
@@ -0,0 +1,27 @@
+module github.com/dtvem/dtvem/scripts/generate-manifests-from-r2
+
+go 1.23.0
+
+require (
+	github.com/aws/aws-sdk-go-v2 v1.32.6
+	github.com/aws/aws-sdk-go-v2/config v1.28.6
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.47
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.71.0
+)
+
+require (
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.25 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.33.2 // indirect
+	github.com/aws/smithy-go v1.22.1 // indirect
+)
@@ -0,0 +1,36 @@
+github.com/aws/aws-sdk-go-v2 v1.32.6 h1:7BokKRgRPuGmKkFMhEg/jSul+tB9VvXhcViILtfG8b4=
+github.com/aws/aws-sdk-go-v2 v1.32.6/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 h1:lL7IfaFzngfx0ZwUGOZdsFFnQ5uLvR0hWqqhyE7Q9M8=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7/go.mod h1:QraP0UcVlQJsmHfioCrveWOC1nbiWUl3ej08h4mXWoc=
+github.com/aws/aws-sdk-go-v2/config v1.28.6 h1:D89IKtGrs/I3QXOLNTH93NJYtDhm8SYa9Q5CsPShmyo=
+github.com/aws/aws-sdk-go-v2/config v1.28.6/go.mod h1:GDzxJ5wyyFSCoLkS+UhGB0dArhb9mI+Co4dHtoTxbko=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.47 h1:48bA+3/fCdi2yAwVt+3COvmatZ6jUDNkDTIsqDiMUdw=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.47/go.mod h1:+KdckOejLW3Ks3b0E3b5rHsr2f9yuORBum0WPnE5o5w=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21 h1:AmoU1pziydclFT/xRV+xXE/Vb8fttJCLRPv8oAkprc0=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21/go.mod h1:AjUdLYe4Tgs6kpH4Bv7uMZo7pottoyHMn4eTcIcneaY=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25 h1:s/fF4+yDQDoElYhfIVvSNyeCydfbuTKzhxSXDXCPasU=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25/go.mod h1:IgPfDv5jqFIzQSNbUEMoitNooSMXjRSDkhXv8jiROvU=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25 h1:ZntTCl5EsYnhN/IygQEUugpdwbhdkom9uHcbCftiGgA=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25/go.mod h1:DBdPrgeocww+CSl1C8cEV8PN1mHMBhuCDLpXezyvWkE=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.25 h1:r67ps7oHCYnflpgDy2LZU0MAQtQbYIOqNNnqGO6xQkE=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.25/go.mod h1:GrGY+Q4fIokYLtjCVB/aFfCVL6hhGUFl8inD18fDalE=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.6 h1:HCpPsWqmYQieU7SS6E9HXfdAMSud0pteVXieJmcpIRI=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.6/go.mod h1:ngUiVRCco++u+soRRVBIvBZxSMMvOVMXA4PJ36JLfSw=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6 h1:50+XsN70RS7dwJ2CkVNXzj7U2L1HKP8nqTd3XWEXBN4=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6/go.mod h1:WqgLmwY7so32kG01zD8CPTJWVWM+TzJoOVHwTg4aPug=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.6 h1:BbGDtTi0T1DYlmjBiCr/le3wzhA37O8QTC5/Ab8+EXk=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.6/go.mod h1:hLMJt7Q8ePgViKupeymbqI0la+t9/iYFBjxQCFwuAwI=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.71.0 h1:nyuzXooUNJexRT0Oy0UQY6AhOzxPxhtt4DcBIHyCnmw=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.71.0/go.mod h1:sT/iQz8JK3u/5gZkT+Hmr7GzVZehUMkRZpOaAwYXeGY=
+github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 h1:rLnYAfXQ3YAccocshIH5mzNNwZBkBo+bP6EhIxak6Hw=
+github.com/aws/aws-sdk-go-v2/service/sso v1.24.7/go.mod h1:ZHtuQJ6t9A/+YDuxOLnbryAmITtr8UysSny3qcyvJTc=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6 h1:JnhTZR3PiYDNKlXy50/pNeix9aGMo6lLpXwJ1mw8MD4=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6/go.mod h1:URronUEGfXZN1VpdktPSD1EkAL9mfrV+2F4sjH38qOY=
+github.com/aws/aws-sdk-go-v2/service/sts v1.33.2 h1:s4074ZO1Hk8qv65GqNXqDjmkf4HSQqJukaLuuW0TpDA=
+github.com/aws/aws-sdk-go-v2/service/sts v1.33.2/go.mod h1:mVggCnIWoM09jP71Wh+ea7+5gAp53q+49wDFs1SW5z8=
+github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro=
+github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=