diff --git a/.github/workflows/package-geobrix-artifacts.yml b/.github/workflows/package-geobrix-artifacts.yml index bba41507..a1ef0a4b 100644 --- a/.github/workflows/package-geobrix-artifacts.yml +++ b/.github/workflows/package-geobrix-artifacts.yml @@ -70,12 +70,44 @@ jobs: gdal: [ 3.11.4 ] spark: [ 4.0.0 ] steps: - - name: checkout code (with LFS) + # actions/checkout's lfs: true is hard to debug — when an LFS object + # exists as a pointer in git but the bytes were never uploaded to + # GitHub LFS storage, the action errors out with a bare + # `Object does not exist on the server: [404]` and no actionable + # next step. Check out without LFS first so we can run our own + # `git lfs pull` with a clear error message that names the fix. + - name: checkout code (no LFS yet) uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.ref || github.ref }} token: ${{ secrets.REPO_ACCESS_TOKEN || secrets.GITHUB_TOKEN }} - lfs: true + lfs: false + + - name: pull LFS objects (with actionable error on 404) + shell: bash + run: | + if git lfs pull 2>&1; then + echo "==> Git LFS objects pulled successfully." + else + echo + echo "============================================================" + echo "Git LFS pull FAILED." + echo + echo "Most common cause: an LFS pointer is committed but the" + echo "actual bytes were never uploaded to GitHub LFS storage." + echo "This can happen if 'git push' on the branch in question" + echo "did not also push LFS objects (the regular git pack" + echo "transfer succeeds while the LFS transfer silently no-ops" + echo "or is rejected — e.g., the first time a repo uses LFS" + echo "and org-level storage hasn't been provisioned yet)." + echo + echo "Fix: on a workstation that has the file:" + echo " git lfs push origin --all" + echo + echo "Then re-trigger this workflow." + echo "============================================================" + exit 1 + fi - name: verify platform tarball is LFS-pulled shell: bash @@ -86,11 +118,35 @@ jobs: exit 1 fi if head -c 50 "$PLATFORM" | grep -q '^version https://git-lfs'; then - echo "$PLATFORM is an LFS pointer, not the binary - checkout's lfs: true didn't resolve it." >&2 + echo "$PLATFORM is still an LFS pointer after `git lfs pull` — see the previous step's diagnostic." >&2 exit 1 fi ( cd resources/static && sha256sum -c geobrix-gdal-platform-noble.tar.gz.sha256 ) + - name: verify python/geobrix/requirements-build.txt is committed + shell: bash + run: | + if [ ! -f python/geobrix/requirements-build.txt ]; then + echo + echo "============================================================" + echo "python/geobrix/requirements-build.txt is missing." + echo + echo "It's the hash-pinned lockfile this workflow installs from" + echo "via 'pip install --require-hashes'. It's generated from" + echo "python/geobrix/requirements-build.in and must be committed" + echo "alongside it on the branch being released." + echo + echo "Regenerate with:" + echo " cd python/geobrix" + echo " uv pip compile --generate-hashes --python-version 3.12 \\" + echo " --output-file requirements-build.txt requirements-build.in" + echo + echo "Then commit to the branch being released and re-trigger" + echo "this workflow." + echo "============================================================" + exit 1 + fi + - name: Configure JDK uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: diff --git a/python/geobrix/requirements-build.txt b/python/geobrix/requirements-build.txt new file mode 100644 index 00000000..8ca941b0 --- /dev/null +++ b/python/geobrix/requirements-build.txt @@ -0,0 +1,22 @@ +# This file was autogenerated by uv via the following command: +# uv pip compile --generate-hashes --python-version 3.12 --output-file requirements-build.txt requirements-build.in +build==1.4.4 \ + --hash=sha256:8c3f48a6090b39edec1a273d2d57949aaf13723b01e02f9d518396887519f64d \ + --hash=sha256:f832ae053061f3fb524af812dc94b8b84bac6880cd587630e3b5d91a6a9c1703 + # via -r requirements-build.in +packaging==26.2 \ + --hash=sha256:5fc45236b9446107ff2415ce77c807cee2862cb6fac22b8a73826d0693b0980e \ + --hash=sha256:ff452ff5a3e828ce110190feff1178bb1f2ea2281fa2075aadb987c2fb221661 + # via build +pyproject-hooks==1.2.0 \ + --hash=sha256:1e859bd5c40fae9448642dd871adf459e5e2084186e8d2c2a79a824c970da1f8 \ + --hash=sha256:9e5c6bfa8dcc30091c74b0cf803c81fdd29d94f01992a7707bc97babb1141913 + # via build +setuptools==80.9.0 \ + --hash=sha256:062d34222ad13e0cc312a4c02d73f059e86a4acbfbdea8f8f76b28c99f306922 \ + --hash=sha256:f36b47402ecde768dbfafc46e8e4207b4360c654f1f3bb84475f0a28628fb19c + # via -r requirements-build.in +wheel==0.45.1 \ + --hash=sha256:661e1abd9198507b1409a20c02106d9670b2576e916d58f520316666abca6729 \ + --hash=sha256:708e7481cc80179af0e556bbf0cc00b8444c7321e2700b8d8580231d13017248 + # via -r requirements-build.in