diff --git a/.woodpecker/pipeline.yml b/.woodpecker/pipeline.yml new file mode 100644 index 00000000..a2236147 --- /dev/null +++ b/.woodpecker/pipeline.yml @@ -0,0 +1,45 @@ +when: + - event: push + branch: main + +steps: + sandbox-1: + image: python:3.13 + environment: + WRENN_API_KEY: + from_secret: wrenn_api_key + GITEA_TOKEN: + from_secret: gitea_token + commands: + - pip install wrenn + - export GO_VERSION=$$(grep '^go ' go.mod | cut -d' ' -f2) + - python .woodpecker/scripts/build.py + - VERSION=$$(cat VERSION_CP) + - git config user.name "R3dRum92" + - git config user.email "tksadik@omukk.dev" + - git tag "v$${VERSION}" + - git push "https://tksadik92:$${GITEA_TOKEN}@git.omukk.dev/tksadik92/wrenn-releases.git" "v$${VERSION}" + + sandbox-2: + image: python:3.13 + environment: + WRENN_API_KEY: + from_secret: wrenn_api_key + GITEA_TOKEN: + from_secret: gitea_token + ZHIPU_API_KEY: + from_secret: zhipu_api_key + commands: + - pip install wrenn + - python .woodpecker/scripts/release_notes.py + depends_on: [sandbox-1] + + sandbox-3: + image: python:3.13 + environment: + GITHUB_TOKEN: + from_secret: github_token + commands: + - pip install httpx + - python .woodpecker/scripts/publish_github.py + depends_on: [sandbox-2] diff --git a/.woodpecker/scripts/build.py b/.woodpecker/scripts/build.py new file mode 100644 index 00000000..6bcf22f2 --- /dev/null +++ b/.woodpecker/scripts/build.py @@ -0,0 +1,126 @@ +import os +import sys + +from wrenn import Capsule, StreamExitEvent, StreamStderrEvent, StreamStdoutEvent +from wrenn._git import GitCommandError +from wrenn.models import FileEntry + +GO_VERSION = os.getenv("GO_VERSION", "1.25.8") +REPO_URL = "https://git.omukk.dev/wrenn/wrenn.git" +REPO_DIR = "/opt/wrenn" +BUILDS_DIR = os.path.join(os.path.dirname(__file__), "..", "..", "builds") + + +def run(capsule: Capsule, cmd: str, timeout: int = 30) -> int: + result = capsule.commands.run(cmd, timeout=timeout) + if result.exit_code != 0: + print(f"FAIL [{cmd.split()[0]}]: exit={result.exit_code}", file=sys.stderr) + if result.stderr: + print(result.stderr.strip(), file=sys.stderr) + return result.exit_code + print(f"OK [{cmd.split()[0]}]") + return 0 + + +def install_go(capsule: Capsule) -> bool: + tarball = f"go{GO_VERSION}.linux-amd64.tar.gz" + url = f"https://go.dev/dl/{tarball}" + + if run(capsule, "apt update") != 0: + return False + if run(capsule, "apt install -y make build-essential file") != 0: + return False + if run(capsule, f"curl -LO {url}", timeout=120) != 0: + return False + if run(capsule, f"tar -C /usr/local -xzf {tarball}", timeout=60) != 0: + return False + if run(capsule, 'echo "export PATH=$PATH:/usr/local/go/bin" >> ~/.profile') != 0: + return False + if run(capsule, "rm -f " + tarball) != 0: + return False + + result = capsule.commands.run("/usr/local/go/bin/go version") + print(result.stdout.strip()) + return result.exit_code == 0 + + +def clone_repo(capsule: Capsule) -> bool: + try: + capsule.git.clone(REPO_URL, REPO_DIR) + print("OK [git clone]") + return True + except GitCommandError as e: + print(f"FAIL [git clone]: {e}", file=sys.stderr) + return False + + +def build_app(capsule: Capsule) -> bool: + handle = capsule.commands.run( + "CGO_ENABLED=1 make build", + background=True, + cwd=REPO_DIR, + envs={ + "PATH": "/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + ) + print(f"make build started (pid={handle.pid}), streaming output...") + + exit_code = 0 + for event in capsule.commands.connect(handle.pid): + if isinstance(event, StreamStdoutEvent): + print(event.data, end="") + elif isinstance(event, StreamStderrEvent): + print(event.data, end="", file=sys.stderr) + elif isinstance(event, StreamExitEvent): + exit_code = event.exit_code + + if exit_code != 0: + print(f"FAIL [make build]: exit={exit_code}", file=sys.stderr) + return False + print("OK [make build]") + return True + + +def download_artifacts(capsule: Capsule) -> bool: + remote_dir = f"{REPO_DIR}/builds" + entries = capsule.files.list(remote_dir, depth=1) + files = [e for e in entries if e.type != "directory"] + + if not files: + print("FAIL [download]: no files found in builds/", file=sys.stderr) + return False + + local_dir = os.path.normpath(BUILDS_DIR) + os.makedirs(local_dir, exist_ok=True) + + for entry in files: + name = entry.name or "unknown" + remote_path = f"{remote_dir}/{name}" + local_path = os.path.join(local_dir, name) + print(f"Downloading {name} ({entry.size or '?'} bytes)...") + + with open(local_path, "wb") as f: + for chunk in capsule.files.download_stream(remote_path): + f.write(chunk) + + print(f"OK [download {name}]") + + return True + + +def main() -> None: + with Capsule(wait=True, vcpus=4, memory_mb=4096) as capsule: + print(f"Capsule: {capsule.capsule_id}") + if not install_go(capsule): + sys.exit(1) + if not clone_repo(capsule): + sys.exit(1) + if not build_app(capsule): + sys.exit(1) + if not download_artifacts(capsule): + sys.exit(1) + print("Done.") + + +if __name__ == "__main__": + main() diff --git a/.woodpecker/scripts/publish_github.py b/.woodpecker/scripts/publish_github.py new file mode 100644 index 00000000..b88908dd --- /dev/null +++ b/.woodpecker/scripts/publish_github.py @@ -0,0 +1,104 @@ +import os +import sys +from pathlib import Path + +import httpx + +GITHUB_REPO = "R3dRum92/wrenn-releases" +GITHUB_API = "https://api.github.com" +GITHUB_UPLOADS = "https://uploads.github.com" +BUILDS_DIR = "builds" +VERSION_FILE = "VERSION_CP" +NOTES_FILE = os.path.join(".woodpecker", "release_notes.md") + + +def main() -> None: + token = os.environ["GITHUB_TOKEN"] + + with open(VERSION_FILE) as f: + version = f.read().strip() + tag = f"v{version}" + + release_notes = "" + if os.path.exists(NOTES_FILE): + with open(NOTES_FILE) as f: + release_notes = f.read() + + headers = { + "Authorization": f"token {token}", + "Accept": "application/vnd.github+json", + "X-GitHub-Api-Version": "2022-11-28", + } + + client = httpx.Client(headers=headers, timeout=60) + + print(f"Creating GitHub release for {tag}...") + resp = client.post( + f"{GITHUB_API}/repos/{GITHUB_REPO}/releases", + json={ + "tag_name": tag, + "name": tag, + "body": release_notes, + "draft": False, + "prerelease": False, + }, + ) + if resp.status_code == 422: + print(f"WARN [create release]: release for {tag} already exists, skipping") + data = resp.json() + errors = data.get("errors", []) + if errors: + existing_url = errors[0].get("documentation_url", "") + print(f" See: {existing_url}") + client.close() + return + if resp.status_code != 201: + print(f"FAIL [create release]: {resp.status_code} {resp.text}", file=sys.stderr) + client.close() + sys.exit(1) + + release_data = resp.json() + release_id = release_data["id"] + release_url = release_data.get("html_url", "") + print(f"OK [create release] id={release_id}") + + builds_path = Path(BUILDS_DIR) + if not builds_path.exists(): + print(f"No {BUILDS_DIR}/ directory found, skipping asset upload") + client.close() + print(f"Release published: {release_url}") + return + + upload_headers = { + **headers, + "Content-Type": "application/octet-stream", + } + + for artifact in sorted(builds_path.iterdir()): + if artifact.is_dir(): + continue + print(f"Uploading {artifact.name}...") + + with open(artifact, "rb") as f: + data = f.read() + + resp = client.post( + f"{GITHUB_UPLOADS}/repos/{GITHUB_REPO}/releases/{release_id}/assets", + params={"name": artifact.name}, + headers=upload_headers, + content=data, + ) + if resp.status_code != 201: + print( + f"WARN [upload {artifact.name}]: {resp.status_code} {resp.text}", + file=sys.stderr, + ) + else: + print(f"OK [upload {artifact.name}]") + + client.close() + print(f"Release published: {release_url}") + + +if __name__ == "__main__": + main() diff --git a/.woodpecker/scripts/release_notes.py b/.woodpecker/scripts/release_notes.py new file mode 100644 index 00000000..88ed1a80 --- /dev/null +++ b/.woodpecker/scripts/release_notes.py @@ -0,0 +1,241 @@ +import base64 +import os +import sys + +from wrenn import Capsule + +REPO_URL = "https://git.omukk.dev/tksadik92/wrenn-releases.git" +REPO_DIR = "/opt/wrenn-releases" +CAPSULE_OUTPUT = "/tmp/release_notes.md" +LOCAL_OUTPUT = os.path.join(os.path.dirname(__file__), "..", "release_notes.md") +ZHIPU_API_KEY = os.environ.get("ZHIPU_API_KEY", "") + +if ZHIPU_API_KEY: + DEFAULT_MODEL = "zhipuai-coding-plan/glm-5.1" + auth_env = f"ZHIPU_API_KEY={ZHIPU_API_KEY}" +else: + DEFAULT_MODEL = "opencode/minimax-m2.5-free" + +RELEASE_NOTES_EXAMPLE = """ +## What's new +Sandbox HTTP proxying, terminal reliability, and auth robustness improvements. + +### Proxy +- Fixed redirect loops for apps served inside sandboxes (Python HTTP server, Jupyter, etc.) +- Proxy traffic no longer interferes with terminal and exec connections +- Services that take a moment to start up inside a sandbox are now retried instead of immediately failing + +### Terminal (PTY) +- Terminal input is no longer blocked by slow network conditions — fast typing no longer causes timeouts or disconnects +- Input bursts are coalesced into fewer round trips — lower latency under fast typing + +### Authentication +- WebSocket connections now authenticate correctly for both SDK clients (header-based) and browser clients (message-based) + +### Bug Fixes +- Fixed crash in envd when a process exits without a PTY +- Fixed goroutine leak on sandbox pause + +### Others +- Version bump +""".strip() + + +def run(capsule: Capsule, cmd: str, cwd: str | None = None, timeout: int = 30) -> int: + result = capsule.commands.run(cmd, cwd=cwd, timeout=timeout) + if result.exit_code != 0: + print(f"FAIL [{cmd.split()[0]}]: exit={result.exit_code}", file=sys.stderr) + if result.stderr: + print(result.stderr.strip(), file=sys.stderr) + return result.exit_code + print(f"OK [{cmd.split()[0]}]") + return 0 + + +def install_opencode(capsule: Capsule) -> None: + print("Installing OpenCode...") + if run(capsule, "apt update", timeout=60) != 0: + sys.exit(1) + if ( + run( + capsule, + "curl -fsSL https://opencode.ai/install | bash -s -- --version 1.14.31", + timeout=120, + ) + != 0 + ): + sys.exit(1) + print("OK [opencode installed]") + + +def get_tags(capsule: Capsule) -> tuple[str, str | None]: + result = capsule.commands.run( + f"cd {REPO_DIR} && git tag --sort=-version:refname", + cwd=REPO_DIR, + timeout=30, + ) + if result.exit_code != 0: + print(f"FAIL [git tag]: {result.stderr}", file=sys.stderr) + sys.exit(1) + tags = [t for t in result.stdout.strip().split("\n") if t] + if not tags: + print("No tags found", file=sys.stderr) + sys.exit(1) + current_tag = tags[0] + previous_tag = tags[1] if len(tags) > 1 else None + print(f"Current tag: {current_tag}") + print(f"Previous tag: {previous_tag}") + return current_tag, previous_tag + + +def get_git_context( + capsule: Capsule, current_tag: str, previous_tag: str | None +) -> tuple[str, str]: + if previous_tag: + log_cmd = f"cd {REPO_DIR} && git log {previous_tag}..{current_tag} --pretty=format:'%s (%h)' -n 2" + else: + log_cmd = ( + f"cd {REPO_DIR} && git log {current_tag} --pretty=format:'%s (%h)' -n 2" + ) + + log_result = capsule.commands.run(log_cmd, cwd=REPO_DIR, timeout=30) + if log_result.exit_code != 0: + print(f"FAIL [git log]: {log_result.stderr}", file=sys.stderr) + sys.exit(1) + + if previous_tag: + diff_cmd = f"cd {REPO_DIR} && git diff {previous_tag}..{current_tag} --stat" + else: + diff_cmd = f"cd {REPO_DIR} && git show {current_tag} --stat" + + diff_result = capsule.commands.run(diff_cmd, cwd=REPO_DIR, timeout=30) + if diff_result.exit_code != 0: + print(f"FAIL [git diff]: {diff_result.stderr}", file=sys.stderr) + sys.exit(1) + + return log_result.stdout.strip(), diff_result.stdout.strip() + + +def generate_release_notes( + capsule: Capsule, + current_tag: str, + git_log: str, + git_diff: str, + output_path: str, + model: str, +) -> None: + prompt = ( + f"You are writing release notes for version {current_tag} of a software project.\n\n" + f"Here is what changed between the previous version and this one:\n\n" + f"Commit messages:\n{git_log}\n\n" + f"Files and areas that changed:\n{git_diff}\n\n" + f"Write the release notes in plain, friendly language that any developer can understand " + f"without deep knowledge of the codebase. Avoid jargon like 'goroutine', 'PTY', 'envd', " + f"or internal function names — describe what the change means for the user instead. " + f"Group related changes under headings that reflect what actually changed. " + f"Only include sections that are relevant to these specific changes. " + f"Start with a short one-line summary of what this release is about. " + f"Keep each bullet point to one clear sentence.\n\n" + f"Here is an example of the style to aim for — not a template to copy:\n\n" + f"{RELEASE_NOTES_EXAMPLE}\n\n" + f"You MUST start the document with `## What's New`\n" + f"The very next line MUST be a single short summary sentence.\n" + f"Output only the markdown. No intro, no explanation." + f"CRITICAL: Do not output any conversational filler, acknowledgments, or thoughts " + f"like 'Let me look at the changes'. Output absolutely nothing except the final markdown." + ) + + prompt_b64 = base64.b64encode(prompt.encode("utf-8")).decode("utf-8") + + write_prompt_cmd = f"echo '{prompt_b64}' | base64 -d > /tmp/oc_prompt.txt" + + result = capsule.commands.run( + write_prompt_cmd, + cwd=REPO_DIR, + timeout=10, + ) + if result.exit_code != 0: + print(f"FAIL [write prompt]: {result.stderr}", file=sys.stderr) + sys.exit(1) + + result = capsule.commands.run("~/.opencode/bin/opencode models", timeout=30) + print(f"STDOUT:\n{result.stdout}", file=sys.stderr) + print(f"STDERR:\n{result.stderr}", file=sys.stderr) + + opencode_cmd = ( + f"{auth_env} " + f"~/.opencode/bin/opencode run " + f'"Read the attached file and generate the release notes. Output ONLY markdown." ' + f"--model {model} " + f"--file /tmp/oc_prompt.txt " + f"> {output_path}" + ) + + result = capsule.commands.run( + opencode_cmd, + cwd=REPO_DIR, + timeout=120, + ) + if result.exit_code != 0: + print(f"FAIL [opencode]: exit={result.exit_code}", file=sys.stderr) + print(f"STDOUT:\n{result.stdout}", file=sys.stderr) + print(f"STDERR:\n{result.stderr}", file=sys.stderr) + sys.exit(1) + + result = capsule.commands.run(f"cat {output_path}") + print(result.stdout) + print(result.stderr) + + print(f"OK [opencode] release notes written to {output_path}") + + +def download_release_notes(capsule: Capsule) -> None: + local_path = os.path.normpath(LOCAL_OUTPUT) + os.makedirs(os.path.dirname(local_path), exist_ok=True) + + print(f"Downloading release notes from capsule...") + content = capsule.files.read_bytes(CAPSULE_OUTPUT) + with open(local_path, "wb") as f: + f.write(content) + + print(f"OK [download] release notes → {local_path}") + print(content.decode("utf-8", errors="replace")) + + +def main() -> None: + # gitea_token = os.environ["GITEA_TOKEN"] + # minimax_api_key = os.environ["MINIMAX_API_KEY"] + model = os.environ.get("OPENCODE_MODEL", DEFAULT_MODEL) + + with Capsule(wait=True, vcpus=2, memory_mb=2048) as capsule: + print(f"Capsule: {capsule.capsule_id}") + + install_opencode(capsule) + + capsule.git.clone( + REPO_URL, + REPO_DIR, + username="tksadik92", + ) + print("OK [git clone]") + + current_tag, previous_tag = get_tags(capsule) + git_log, git_diff = get_git_context(capsule, current_tag, previous_tag) + + output_path = os.path.normpath(CAPSULE_OUTPUT) + os.makedirs(os.path.dirname(output_path), exist_ok=True) + + generate_release_notes( + capsule, + current_tag, + git_log, + git_diff, + output_path, + model, + ) + + download_release_notes(capsule) + + +if __name__ == "__main__": + main()