Add S3/CloudFront mirror fallback to installers#44
Merged
Conversation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
….ps1 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ssages Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…tall.sh) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… fallback E2E Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…n leak) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…ing smoke tests Widen the fixture HTTP server readiness window from 10s to 30s across all four installer smoke-test steps (Unix + PowerShell, pre-existing + new fallback) to fix intermittent macOS failures where the server was not ready in time. Add early server-death detection to the new fallback steps. Pin AGORA_INSTALL_SOURCE=github in the two pre-existing smoke tests so they only exercise the fixture (RELEASES_DOWNLOAD_BASE_URL) path: under the new auto-mode fallback, a transient fixture hiccup would otherwise fast-fail and divert to the real dl.agora.io mirror. github mode also restores the retry profile. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…, and installer headers Add a 'Restricted networks (GitHub blocked)' section to the README and a matching troubleshooting entry, plus a one-line mirror note in the install.sh / install.ps1 headers. Blocked-region users could not previously discover the dl.agora.io mirror, since the README only referenced GitHub-hosted script URLs (agoraio.github.io / raw.githubusercontent) that are unreachable in the same regions. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
… flake) The pre-existing 'Smoke test Unix installer' fixture used an ephemeral port plus a heredoc python server that wrote its port to a file. On macOS that python process intermittently hung before writing the port file, so the readiness check never found a URL and the step timed out (server alive, port never written). Replace it with the same fixed-port 'python3 -m http.server 18080 --directory' pattern the S3 fallback steps already use reliably across all three OSes, removing the port-file write race entirely. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a GitHub-first → S3/CloudFront mirror fallback to
install.shandinstall.ps1, so the CLI installs in regions where GitHub is blocked or rate-limited. A newmirror-to-s3release job publishes binaries, alatest.jsonversion pointer, and the installer scripts todl.agora.ioon every tag.AGORA_INSTALL_SOURCE(auto|github|s3) overrides the behavior;s3skips GitHub entirely for blocked regions (curl … | AGORA_INSTALL_SOURCE=s3 sh).latest.json({"tag_name":"vX","version":"X"}) is read by both installers' existing parsers; the release job writes it only for stable (non-prerelease) tags.mirror-to-s3job: downloads release artifacts, verifies SHA-256 before upload, uploads versioned binaries (immutable cache) + scripts +latest.json(short cache) to S3 via static AWS keys, then invalidates CloudFront for the mutable paths. Sigstore bundle is mirrored best-effort.Both installers behave equivalently (same source semantics, fallback order, and error messaging that names only the sources actually attempted).
Test Plan
scripts/test-installer-fallback.sh— unit-tests the source-selection/fallback matrix (10 assertions; auto/github/s3 × success/fail).scripts/test-installer-messages.sh— existing installer suite still passes (13 assertions).sh -n install.shclean; both workflows valid YAML;go test ./...unaffected (no Go changed).AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEYGitHub secrets + IAM policy (s3:PutObjectondl-agora-io/cli/*,cloudfront:CreateInvalidation) before themirror-to-s3job runs on a real tag (see RELEASING.md).🤖 Generated with Claude Code