From 7f78dfb8328715da4b90a786474c1fef1df7d5a3 Mon Sep 17 00:00:00 2001 From: Xuanwo Date: Mon, 8 Jun 2026 16:20:43 +0800 Subject: [PATCH] ci: harden protoc install for Linux wheels --- .../workflows/build_linux_wheel/action.yml | 24 ++++------ .../build_linux_wheel/install-protoc.sh | 47 +++++++++++++++++++ 2 files changed, 56 insertions(+), 15 deletions(-) create mode 100755 .github/workflows/build_linux_wheel/install-protoc.sh diff --git a/.github/workflows/build_linux_wheel/action.yml b/.github/workflows/build_linux_wheel/action.yml index fbfcff687ce..9016ae67b1a 100644 --- a/.github/workflows/build_linux_wheel/action.yml +++ b/.github/workflows/build_linux_wheel/action.yml @@ -41,11 +41,9 @@ runs: args: ${{ inputs.args }} maturin-version: "1.10.2" before-script-linux: | - set -e - yum install -y openssl-devel \ - && curl -L https://github.com/protocolbuffers/protobuf/releases/download/v24.4/protoc-24.4-linux-$(uname -m).zip > /tmp/protoc.zip \ - && unzip /tmp/protoc.zip -d /usr/local \ - && rm /tmp/protoc.zip + set -euo pipefail + yum install -y openssl-devel + bash "${GITHUB_WORKSPACE}/.github/workflows/build_linux_wheel/install-protoc.sh" - name: Build x86_64 Manylinux {manylinux} wheel if: ${{ inputs.arm-build == 'false' && inputs.manylinux != '2_17' }} uses: PyO3/maturin-action@04ac600d27cdf7a9a280dadf7147097c42b757ad # v1 @@ -60,11 +58,9 @@ runs: args: ${{ inputs.args }} maturin-version: "1.10.2" before-script-linux: | - set -e - yum install -y openssl-devel clang \ - && curl -L https://github.com/protocolbuffers/protobuf/releases/download/v24.4/protoc-24.4-linux-$(uname -m).zip > /tmp/protoc.zip \ - && unzip /tmp/protoc.zip -d /usr/local \ - && rm /tmp/protoc.zip + set -euo pipefail + yum install -y openssl-devel clang + bash "${GITHUB_WORKSPACE}/.github/workflows/build_linux_wheel/install-protoc.sh" - name: Build Arm Manylinux Wheel if: ${{ inputs.arm-build == 'true' }} uses: PyO3/maturin-action@04ac600d27cdf7a9a280dadf7147097c42b757ad # v1 @@ -76,8 +72,6 @@ runs: args: ${{ inputs.args }} maturin-version: "1.10.2" before-script-linux: | - set -e - yum install -y openssl-devel clang \ - && curl -L https://github.com/protocolbuffers/protobuf/releases/download/v24.4/protoc-24.4-linux-aarch_64.zip > /tmp/protoc.zip \ - && unzip /tmp/protoc.zip -d /usr/local \ - && rm /tmp/protoc.zip + set -euo pipefail + yum install -y openssl-devel clang + bash "${GITHUB_WORKSPACE}/.github/workflows/build_linux_wheel/install-protoc.sh" diff --git a/.github/workflows/build_linux_wheel/install-protoc.sh b/.github/workflows/build_linux_wheel/install-protoc.sh new file mode 100755 index 00000000000..2d5bf4ced40 --- /dev/null +++ b/.github/workflows/build_linux_wheel/install-protoc.sh @@ -0,0 +1,47 @@ +#!/usr/bin/env bash +set -euo pipefail + +version="${PROTOC_VERSION:-24.4}" +install_dir="${PROTOC_INSTALL_DIR:-/usr/local}" +machine="${1:-$(uname -m)}" + +case "${machine}" in + aarch64 | arm64) + asset_arch="aarch_64" + ;; + x86_64) + asset_arch="x86_64" + ;; + *) + echo "Unsupported protoc architecture: ${machine}" >&2 + exit 1 + ;; +esac + +zip_path="/tmp/protoc-${version}-linux-${asset_arch}.zip" +url="https://github.com/protocolbuffers/protobuf/releases/download/v${version}/protoc-${version}-linux-${asset_arch}.zip" + +for attempt in 1 2 3 4 5; do + rm -f "${zip_path}" + + if curl -fsSL --connect-timeout 15 --max-time 120 -o "${zip_path}" "${url}" \ + && unzip -tq "${zip_path}" >/dev/null; then + break + fi + + if [[ "${attempt}" == "5" ]]; then + echo "Failed to download a valid protoc archive from ${url}" >&2 + exit 1 + fi + + sleep "$((attempt * 2))" +done + +unzip -q -o "${zip_path}" -d "${install_dir}" +rm -f "${zip_path}" + +if [[ "$(uname -s)" == "Linux" ]]; then + "${install_dir}/bin/protoc" --version +else + test -f "${install_dir}/bin/protoc" +fi