diff --git a/.github/workflows/sync-extension.yml b/.github/workflows/sync-extension.yml index 027d0b86..98efc44c 100644 --- a/.github/workflows/sync-extension.yml +++ b/.github/workflows/sync-extension.yml @@ -41,10 +41,18 @@ jobs: TAG="${{ github.event.client_payload.release_tag }}" else # Scheduled check - get latest release - TAG=$(curl -s -H "Authorization: token ${{ secrets.SENTIENCE_CHROME_TOKEN }}" \ - "https://api.github.com/repos/${{ secrets.SENTIENCE_CHROME_REPO }}/releases/latest" | jq -r '.tag_name // empty') + HTTP_CODE=$(curl -s -o latest_release.json -w "%{http_code}" \ + -H "Authorization: token ${{ secrets.SENTIENCE_CHROME_TOKEN }}" \ + "https://api.github.com/repos/${{ secrets.SENTIENCE_CHROME_REPO }}/releases/latest") + + if [ "$HTTP_CODE" != "200" ]; then + echo "❌ Failed to fetch latest release. HTTP Code: $HTTP_CODE" + cat latest_release.json + exit 1 + fi + + TAG=$(cat latest_release.json | jq -r '.tag_name // empty') - # Check if we already processed this tag if git ls-remote --exit-code --heads origin "sync-extension-$TAG"; then echo "Branch for $TAG already exists, skipping." echo "skip=true" >> $GITHUB_OUTPUT @@ -73,41 +81,62 @@ jobs: echo "⬇️ Fetching release info for $TAG from $REPO..." # Capture response to file for debugging - curl -s -H "Authorization: token ${{ secrets.SENTIENCE_CHROME_TOKEN }}" \ - "https://api.github.com/repos/$REPO/releases/tags/$TAG" > release.json + HTTP_CODE=$(curl -s -w "%{http_code}" -o release.json \ + -H "Authorization: token ${{ secrets.SENTIENCE_CHROME_TOKEN }}" \ + "https://api.github.com/repos/$REPO/releases/tags/$TAG") + + if [ "$HTTP_CODE" != "200" ]; then + echo "❌ Failed to fetch release info. HTTP Code: $HTTP_CODE" + echo "Response Body:" + cat release.json + exit 1 + fi # Check if we got a valid release object if grep -q "Not Found" release.json; then echo "❌ Critical Error: Release tag $TAG not found in repo $REPO" - cat release.json exit 1 fi # Robust extraction - ASSET_URL=$(cat release.json | jq -r '.assets[]? | select(.name == "extension-files.tar.gz") | .browser_download_url') + ASSET_URL=$(cat release.json | jq -r '.assets[]? | select(.name == "extension-files.tar.gz") | .url') if [ -z "$ASSET_URL" ] || [ "$ASSET_URL" == "null" ]; then echo "❌ Critical Error: extension-files.tar.gz not found in release assets!" echo "Available assets:" - cat release.json | jq -r '.assets[].name' || echo "No assets found or invalid JSON" + cat release.json | jq -r '.assets[].name' exit 1 fi - # 2. Download the tarball - echo "📦 Downloading tarball from $ASSET_URL..." - curl -L -H "Authorization: token ${{ secrets.SENTIENCE_CHROME_TOKEN }}" \ + # 2. Download the tarball using API URL + echo "📦 Downloading tarball from asset API endpoint..." + HTTP_CODE=$(curl -L -s -w "%{http_code}" -o extension.tar.gz \ + -H "Authorization: token ${{ secrets.SENTIENCE_CHROME_TOKEN }}" \ -H "Accept: application/octet-stream" \ - "$ASSET_URL" -o extension.tar.gz + "$ASSET_URL") - # 3. Extract it + if [ "$HTTP_CODE" != "200" ] && [ "$HTTP_CODE" != "302" ]; then + echo "❌ Failed to download asset. HTTP Code: $HTTP_CODE" + if [ $(stat -c%s extension.tar.gz) -lt 1000 ]; then + cat extension.tar.gz + fi + exit 1 + fi + + # 3. Verify File Type + FILE_TYPE=$(file -b --mime-type extension.tar.gz) + echo "📄 Downloaded file type: $FILE_TYPE" + + if [[ "$FILE_TYPE" != *"gzip"* ]] && [[ "$FILE_TYPE" != *"octet-stream"* ]]; then + echo "❌ Error: Downloaded file is not a gzip archive. It is: $FILE_TYPE" + exit 1 + fi + + # 4. Extract echo "📂 Extracting..." tar -xzf extension.tar.gz rm extension.tar.gz - # 4. Verify extraction - echo "✅ Extraction complete. Contents:" - ls -la - if [ ! -f "manifest.json" ]; then echo "❌ Error: manifest.json missing after extraction" exit 1