Upload Rustup build artifacts to new S3 bucket #3909
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We are refactoring the release process for Rustup, which includes a new S3 bucket for build artifacts. In the new release process, every commit to the default branch builds and uploads artifacts. When a new release is cut, these pre-built artifacts get copied into the current S3 bucket for further testing and distribution. The artifacts are currently uploaded to both the old and new bucket to maintain backwards compatibility while implementing the new process.
The GitHub Actions workflows that upload build artifacts to S3 have been refactored to make use of OIDC to avoid long-lived authentication tokens.
|
The tracking issue for the new release process and its work can be found here: rust-lang/simpleinfra#420 |
rami3l
reviewed
Jun 25, 2024
rami3l
reviewed
Jun 25, 2024
|
Can I merge this and then iterate on the configuration if there are any issues? |
Sounds good to me! |
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
|
Hm, the merge queue build failed trying to fetch a base image from |
jdno
added a commit
to jdno/rust-rustup
that referenced
this pull request
Jul 9, 2024
In rust-lang#3909, new steps were added to the GitHub Actions workflows that upload the build artifacts to a new S3 bucket. Authentication is done using short-lived tokens that are provisioned using OIDC. This scheme requires additional permissions[^1], which have been granted to the workflows. [^1]: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
jdno
added a commit
to jdno/rust-rustup
that referenced
this pull request
Jul 9, 2024
In rust-lang#3909, new steps were added to the GitHub Actions workflows that upload the build artifacts to a new S3 bucket. Authentication is done using short-lived tokens that are provisioned using OIDC. This scheme requires additional permissions[^1], which have been granted to the workflows. [^1]: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
github-merge-queue bot
pushed a commit
that referenced
this pull request
Jul 9, 2024
In #3909, new steps were added to the GitHub Actions workflows that upload the build artifacts to a new S3 bucket. Authentication is done using short-lived tokens that are provisioned using OIDC. This scheme requires additional permissions[^1], which have been granted to the workflows. [^1]: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
jdno
added a commit
to jdno/rust-rustup
that referenced
this pull request
Jul 9, 2024
We added steps to the GitHub Actions workflows in rust-lang#3909 to upload the build artifacts for the `master` branch as well as for the `stable` branch. But the scripts that prepare the `deploy/` directory were not set to run on `master`, causing the builds to fail.
jdno
added a commit
to jdno/rust-rustup
that referenced
this pull request
Jul 9, 2024
We added steps to the GitHub Actions workflows in rust-lang#3909 to upload the build artifacts for the `master` branch as well as for the `stable` branch. But the scripts that prepare the `deploy/` directory were not set to run on `master`, causing the builds to fail.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We are implementing a new release process for Rustup, which changes slightly how build artifacts are uploaded. Going forward, every commit merged into
masterwill produce a full set of release artifacts that will be stored in a new S3 bucket. The new bucket allows us to remove access for CI to the release bucket, which improves our security posture. And uploading every commit tomasterwill make it easier to test new releases.