Skip to content

fix: consolidate per-platform SHA512SUMS into single file to avoid upload collisions#120

Merged
shenxianpeng merged 1 commit into
masterfrom
fix/consolidate-sha512sums-upload
Jun 28, 2026
Merged

fix: consolidate per-platform SHA512SUMS into single file to avoid upload collisions#120
shenxianpeng merged 1 commit into
masterfrom
fix/consolidate-sha512sums-upload

Conversation

@shenxianpeng

@shenxianpeng shenxianpeng commented Jun 28, 2026

Copy link
Copy Markdown
Member

Problem

When releasing, each build artifact (version × platform) contains a SHA512SUMS file with the same filename. GitHub Release assets are keyed by filename, so every SHA512SUMS after the first fails to upload:

asset under the same name already exists: [SHA512SUMS]
Error: Failed to upload SHA512SUMS after 5 attempts

This affected 10 out of 10 SHA512SUMS files per release (all platforms except the first one alphabetically).

Solution

Combine all per-artifact SHA512SUMS files into a single file at the workspace root before uploading. This follows the common open-source convention (e.g. Node.js SHASUMS256.txt, Debian SHA256SUMS).

The combined SHA512SUMS contains checksums for all platforms and LLVM versions — users can verify any binary with a single sha512sum -c SHA512SUMS --ignore-missing command.

Changes

.github/workflows/build.yml — in the draft-release job:

  1. Merge: collect all per-artifact SHA512SUMS and concatenate into one
  2. Cleanup: delete the per-artifact copies so they aren't uploaded redundantly
  3. Upload: upload the combined SHA512SUMS alongside versions.json

Backward Compatibility

No user-facing change. The Release page still has a single SHA512SUMS file; the verification command (sha512sum -c SHA512SUMS --ignore-missing) works the same as before.

Summary by CodeRabbit

  • Bug Fixes
    • Improved release asset handling to avoid duplicate or conflicting checksum files during uploads.
    • Standardized upload order so release metadata and checksums are published first, making releases more reliable.
    • Narrowed packaged artifacts to the intended tool directories, reducing unintended files from being included.

…load collisions

Each build artifact previously included a SHA512SUMS file with identical
filenames across platforms, causing 'asset under the same name already
exists' errors during release upload.

Now all per-platform SHA512SUMS files are merged into a single combined
SHA512SUMS at the workspace root before upload, matching common open-source
conventions (e.g. Node.js SHASUMS256.txt). Per-artifact copies are deleted
so they are not uploaded redundantly.
@coderabbitai

coderabbitai Bot commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Walkthrough

The draft-release job in the build workflow now merges all per-artifact SHA512SUMS files from clang-tools-* directories into a single root SHA512SUMS, deletes the originals, scopes file collection to clang-tools-*, and uploads versions.json and the consolidated SHA512SUMS first with failed=1 error tracking.

Release Asset Consolidation

Layer / File(s) Summary
SHA512SUMS merge, file scoping, and upload ordering
.github/workflows/build.yml
Concatenates all clang-tools-*/SHA512SUMS into a single root SHA512SUMS, reports entry count, deletes source files, restricts remaining file collection to clang-tools-*, and uploads versions.json and SHA512SUMS first with failed=1 on errors.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

Possibly related PRs

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main workflow change: merging per-platform SHA512SUMS to prevent release upload collisions.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/build.yml:
- Around line 210-217: Guard the clang-tools-* glob in the build workflow before
invoking find so the step does not fail when no artifact directories exist.
Update the logic around the combined SHA generation and file collection block to
detect whether clang-tools-* matched any directories before running find, and if
not, skip those commands so the existing “No files found” fallback can run. Use
the surrounding upload setup and the mapfile/files collection flow to keep the
behavior safe when no artifacts are downloaded.
- Around line 210-214: The checksum aggregation step in the build workflow
should fail if any `clang-tools-*` artifact is missing its local `SHA512SUMS`,
rather than silently building a partial consolidated file. Update the workflow
logic around the `find ... SHA512SUMS` and combined checksum generation so it
first verifies every expected artifact has a checksum file and exits with an
error if any are absent, before running the aggregation and deletion steps.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: dd4d7ad7-d5d6-4dce-bbbb-ea3e7e5471e9

📥 Commits

Reviewing files that changed from the base of the PR and between 82850e1 and 2f2308d.

📒 Files selected for processing (1)
  • .github/workflows/build.yml

Comment on lines +210 to +214
find clang-tools-* -name SHA512SUMS -type f -print0 | xargs -0 cat > "$combined_sha"
echo "Created combined $(wc -l < "$combined_sha")-entry $combined_sha"

# Remove the per-artifact SHA512SUMS files so they are not uploaded individually.
find clang-tools-* -name SHA512SUMS -type f -delete

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win

Fail fast when an artifact is missing its SHA512SUMS.

This currently uploads whatever checksum files happen to exist. If one clang-tools-* artifact is missing its local SHA512SUMS, that asset still gets released but disappears from the consolidated root file, which breaks the documented verification contract for sha512sum -c SHA512SUMS --ignore-missing.

Suggested fix
           combined_sha="SHA512SUMS"
-          find clang-tools-* -name SHA512SUMS -type f -print0 | xargs -0 cat > "$combined_sha"
+          mapfile -d '' -t checksum_files < <(find "${artifact_dirs[@]}" -name SHA512SUMS -type f -print0)
+          if [[ ${`#checksum_files`[@]} -ne ${`#artifact_dirs`[@]} ]]; then
+            echo "::error::Expected one SHA512SUMS per artifact directory"
+            exit 1
+          fi
+          printf '%s\0' "${checksum_files[@]}" | xargs -0 cat > "$combined_sha"
+          [[ -s "$combined_sha" ]] || { echo "::error::Combined SHA512SUMS is empty"; exit 1; }
           echo "Created combined $(wc -l < "$combined_sha")-entry $combined_sha"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
find clang-tools-* -name SHA512SUMS -type f -print0 | xargs -0 cat > "$combined_sha"
echo "Created combined $(wc -l < "$combined_sha")-entry $combined_sha"
# Remove the per-artifact SHA512SUMS files so they are not uploaded individually.
find clang-tools-* -name SHA512SUMS -type f -delete
combined_sha="SHA512SUMS"
mapfile -d '' -t checksum_files < <(find "${artifact_dirs[@]}" -name SHA512SUMS -type f -print0)
if [[ ${`#checksum_files`[@]} -ne ${`#artifact_dirs`[@]} ]]; then
echo "::error::Expected one SHA512SUMS per artifact directory"
exit 1
fi
printf '%s\0' "${checksum_files[@]}" | xargs -0 cat > "$combined_sha"
[[ -s "$combined_sha" ]] || { echo "::error::Combined SHA512SUMS is empty"; exit 1; }
echo "Created combined $(wc -l < "$combined_sha")-entry $combined_sha"
# Remove the per-artifact SHA512SUMS files so they are not uploaded individually.
find clang-tools-* -name SHA512SUMS -type f -delete
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/build.yml around lines 210 - 214, The checksum aggregation
step in the build workflow should fail if any `clang-tools-*` artifact is
missing its local `SHA512SUMS`, rather than silently building a partial
consolidated file. Update the workflow logic around the `find ... SHA512SUMS`
and combined checksum generation so it first verifies every expected artifact
has a checksum file and exits with an error if any are absent, before running
the aggregation and deletion steps.

Comment on lines +210 to +217
find clang-tools-* -name SHA512SUMS -type f -print0 | xargs -0 cat > "$combined_sha"
echo "Created combined $(wc -l < "$combined_sha")-entry $combined_sha"

# Remove the per-artifact SHA512SUMS files so they are not uploaded individually.
find clang-tools-* -name SHA512SUMS -type f -delete

# Collect all files and upload one-by-one with a small delay
mapfile -t files < <(find clang-* -type f)
mapfile -t files < <(find clang-tools-* -type f)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

Guard the clang-tools-* glob before calling find.

If no artifact directories were downloaded, Bash leaves clang-tools-* unexpanded, find exits non-zero, and the job dies before Line 219’s “No files found” fallback can run.

Suggested fix
+          shopt -s nullglob
+          artifact_dirs=(clang-tools-*)
+          if [[ ${`#artifact_dirs`[@]} -eq 0 ]]; then
+            echo "::warning::No artifact directories found"
+            exit 0
+          fi
+
           combined_sha="SHA512SUMS"
-          find clang-tools-* -name SHA512SUMS -type f -print0 | xargs -0 cat > "$combined_sha"
+          find "${artifact_dirs[@]}" -name SHA512SUMS -type f -print0 | xargs -0 cat > "$combined_sha"
           echo "Created combined $(wc -l < "$combined_sha")-entry $combined_sha"
 
           # Remove the per-artifact SHA512SUMS files so they are not uploaded individually.
-          find clang-tools-* -name SHA512SUMS -type f -delete
+          find "${artifact_dirs[@]}" -name SHA512SUMS -type f -delete
 
           # Collect all files and upload one-by-one with a small delay
-          mapfile -t files < <(find clang-tools-* -type f)
+          mapfile -t files < <(find "${artifact_dirs[@]}" -type f)
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
find clang-tools-* -name SHA512SUMS -type f -print0 | xargs -0 cat > "$combined_sha"
echo "Created combined $(wc -l < "$combined_sha")-entry $combined_sha"
# Remove the per-artifact SHA512SUMS files so they are not uploaded individually.
find clang-tools-* -name SHA512SUMS -type f -delete
# Collect all files and upload one-by-one with a small delay
mapfile -t files < <(find clang-* -type f)
mapfile -t files < <(find clang-tools-* -type f)
shopt -s nullglob
artifact_dirs=(clang-tools-*)
if [[ ${`#artifact_dirs`[@]} -eq 0 ]]; then
echo "::warning::No artifact directories found"
exit 0
fi
combined_sha="SHA512SUMS"
find "${artifact_dirs[@]}" -name SHA512SUMS -type f -print0 | xargs -0 cat > "$combined_sha"
echo "Created combined $(wc -l < "$combined_sha")-entry $combined_sha"
# Remove the per-artifact SHA512SUMS files so they are not uploaded individually.
find "${artifact_dirs[@]}" -name SHA512SUMS -type f -delete
# Collect all files and upload one-by-one with a small delay
mapfile -t files < <(find "${artifact_dirs[@]}" -type f)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/build.yml around lines 210 - 217, Guard the clang-tools-*
glob in the build workflow before invoking find so the step does not fail when
no artifact directories exist. Update the logic around the combined SHA
generation and file collection block to detect whether clang-tools-* matched any
directories before running find, and if not, skip those commands so the existing
“No files found” fallback can run. Use the surrounding upload setup and the
mapfile/files collection flow to keep the behavior safe when no artifacts are
downloaded.

@shenxianpeng shenxianpeng merged commit ae20618 into master Jun 28, 2026
9 of 75 checks passed
@shenxianpeng shenxianpeng deleted the fix/consolidate-sha512sums-upload branch June 28, 2026 07:42
@shenxianpeng shenxianpeng added the bug Something isn't working label Jun 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant