diff --git a/.woodpecker/pipeline.yml b/.woodpecker/pipeline.yml new file mode 100644 index 0000000..3d3e79c --- /dev/null +++ b/.woodpecker/pipeline.yml @@ -0,0 +1,62 @@ +when: + - event: push + branch: main + +steps: + build-go: + image: python:3.13 + environment: + WRENN_API_KEY: + from_secret: wrenn_api_key + commands: + - pip install wrenn + - export GO_VERSION=$$(grep '^go ' go.mod | cut -d' ' -f2) + - python .woodpecker/scripts/build_go.py + depends_on: [] + + build-rust: + image: python:3.13 + environment: + WRENN_API_KEY: + from_secret: wrenn_api_key + commands: + - pip install wrenn + - python .woodpecker/scripts/build_rust.py + depends_on: [] + + tag-release: + image: python:3.13 + environment: + GITEA_TOKEN: + from_secret: gitea_token + commands: + - VERSION=$$(cat VERSION_CP) + - git config user.name "R3dRum92" + - git config user.email "tksadik@omukk.dev" + - git tag "v$${VERSION}" + - git push "https://tksadik92:$${GITEA_TOKEN}@git.omukk.dev/tksadik92/wrenn-releases.git" "v$${VERSION}" + depends_on: [build-go, build-rust] + + release-notes: + image: python:3.13 + environment: + WRENN_API_KEY: + from_secret: wrenn_api_key + GITEA_TOKEN: + from_secret: gitea_token + ZHIPU_API_KEY: + from_secret: zhipu_api_key + commands: + - pip install wrenn + - python .woodpecker/scripts/release_notes.py + depends_on: [tag-release] + + publish-github: + image: python:3.13 + environment: + GITHUB_TOKEN: + from_secret: github_token + commands: + - pip install httpx + - python .woodpecker/scripts/publish_github.py + depends_on: [release-notes] diff --git a/.woodpecker/scripts/build_go.py b/.woodpecker/scripts/build_go.py new file mode 100644 index 0000000..e9e46d1 --- /dev/null +++ b/.woodpecker/scripts/build_go.py @@ -0,0 +1,136 @@ +import os +import sys + +from wrenn import Capsule, StreamExitEvent, StreamStderrEvent, StreamStdoutEvent +from wrenn._git import GitCommandError + +GO_VERSION = os.getenv("GO_VERSION", "1.25.8") +REPO_URL = "https://git.omukk.dev/wrenn/wrenn.git" +REPO_DIR = "/opt/wrenn" +BUILDS_DIR = os.path.join(os.path.dirname(__file__), "..", "..", "builds") + + +def read_remote_version(capsule: Capsule, filename: str) -> str: + content = capsule.files.read_bytes(f"{REPO_DIR}/{filename}") + return content.decode("utf-8").strip() + + +def run(capsule: Capsule, cmd: str, timeout: int = 30) -> int: + result = capsule.commands.run(cmd, timeout=timeout) + if result.exit_code != 0: + print(f"FAIL [{cmd.split()[0]}]: exit={result.exit_code}", file=sys.stderr) + if result.stderr: + print(result.stderr.strip(), file=sys.stderr) + return result.exit_code + print(f"OK [{cmd.split()[0]}]") + return 0 + + +def install_go(capsule: Capsule) -> bool: + tarball = f"go{GO_VERSION}.linux-amd64.tar.gz" + url = f"https://go.dev/dl/{tarball}" + + if run(capsule, "apt update", timeout=120) != 0: + return False + if run(capsule, "apt install -y make build-essential file", timeout=300) != 0: + return False + if run(capsule, f"curl -LO {url}", timeout=120) != 0: + return False + if run(capsule, f"tar -C /usr/local -xzf {tarball}", timeout=300) != 0: + return False + if run(capsule, 'echo "export PATH=$PATH:/usr/local/go/bin" >> ~/.profile') != 0: + return False + if run(capsule, "rm -f " + tarball) != 0: + return False + + result = capsule.commands.run("/usr/local/go/bin/go version") + print(result.stdout.strip()) + return result.exit_code == 0 + + +def clone_repo(capsule: Capsule) -> bool: + try: + capsule.git.clone(REPO_URL, REPO_DIR) + print("OK [git clone]") + return True + except GitCommandError as e: + print(f"FAIL [git clone]: {e}", file=sys.stderr) + return False + + +def build_go(capsule: Capsule) -> bool: + command = "CGO_ENABLED=1 make build-cp build-agent" + handle = capsule.commands.run( + command, + background=True, + cwd=REPO_DIR, + envs={ + "PATH": "/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + ) + print(f"{command} started (pid={handle.pid}), streaming output...") + + exit_code = 0 + for event in capsule.commands.connect(handle.pid): + if isinstance(event, StreamStdoutEvent): + print(event.data, end="") + elif isinstance(event, StreamStderrEvent): + print(event.data, end="", file=sys.stderr) + elif isinstance(event, StreamExitEvent): + exit_code = event.exit_code + + if exit_code != 0: + print(f"FAIL [go build]: exit={exit_code}", file=sys.stderr) + return False + print("OK [go build]") + return True + + +def download_artifacts(capsule: Capsule) -> bool: + remote_dir = f"{REPO_DIR}/builds" + entries = capsule.files.list(remote_dir, depth=1) + files = [e for e in entries if e.type != "directory"] + + if not files: + print("FAIL [download]: no files found in builds/", file=sys.stderr) + return False + + local_dir = os.path.normpath(BUILDS_DIR) + os.makedirs(local_dir, exist_ok=True) + versions = { + "wrenn-cp": read_remote_version(capsule, "VERSION_CP"), + "wrenn-agent": read_remote_version(capsule, "VERSION_AGENT"), + } + + for entry in files: + name = entry.name or "unknown" + remote_path = f"{remote_dir}/{name}" + local_name = f"{name}-{versions[name]}" if name in versions else name + local_path = os.path.join(local_dir, local_name) + print(f"Downloading {name} as {local_name} ({entry.size or '?'} bytes)...") + + with open(local_path, "wb") as f: + for chunk in capsule.files.download_stream(remote_path): + f.write(chunk) + + print(f"OK [download {local_name}]") + + return True + + +def main() -> None: + with Capsule(wait=True, vcpus=4, memory_mb=4096) as capsule: + print(f"Capsule: {capsule.capsule_id}") + if not install_go(capsule): + sys.exit(1) + if not clone_repo(capsule): + sys.exit(1) + if not build_go(capsule): + sys.exit(1) + if not download_artifacts(capsule): + sys.exit(1) + print("Done.") + + +if __name__ == "__main__": + main() diff --git a/.woodpecker/scripts/build_rust.py b/.woodpecker/scripts/build_rust.py new file mode 100644 index 0000000..d67820e --- /dev/null +++ b/.woodpecker/scripts/build_rust.py @@ -0,0 +1,173 @@ +import os +import sys + +from wrenn import Capsule, StreamExitEvent, StreamStderrEvent, StreamStdoutEvent +from wrenn._git import GitCommandError + +RUST_VERSION = os.getenv("RUST_VERSION", "1.95.0") +REPO_URL = "https://git.omukk.dev/wrenn/wrenn.git" +REPO_DIR = "/opt/wrenn" +BUILDS_DIR = os.path.join(os.path.dirname(__file__), "..", "..", "builds") +RUST_PATH = ( + "/root/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" +) + + +def read_envd_version(capsule: Capsule) -> str: + content = capsule.files.read_bytes(f"{REPO_DIR}/envd-rs/Cargo.toml") + for line in content.decode("utf-8").splitlines(): + stripped = line.strip() + if stripped.startswith("version ="): + return stripped.split("=", 1)[1].strip().strip('"') + print("FAIL [version]: envd-rs/Cargo.toml has no package version", file=sys.stderr) + sys.exit(1) + + +def run(capsule: Capsule, cmd: str, timeout: int = 30, envs={}) -> int: + result = capsule.commands.run(cmd, timeout=timeout, envs=envs) + if result.exit_code != 0: + print(f"FAIL [{cmd.split()[0]}]: exit={result.exit_code}", file=sys.stderr) + if result.stderr: + print(result.stderr.strip(), file=sys.stderr) + return result.exit_code + print(f"OK [{cmd.split()[0]}]") + return 0 + + +def install_rust(capsule: Capsule) -> bool: + if run(capsule, "apt update", timeout=120) != 0: + return False + if ( + run( + capsule, + "apt install -y make build-essential file curl musl-tools protobuf-compiler", + timeout=300, + ) + != 0 + ): + return False + if ( + run( + capsule, + f"curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal --default-toolchain {RUST_VERSION}", + timeout=300, + ) + != 0 + ): + return False + if ( + run( + capsule, + "/root/.cargo/bin/rustup target add x86_64-unknown-linux-musl", + timeout=120, + ) + != 0 + ): + return False + + result = capsule.commands.run("/root/.cargo/bin/rustc --version") + print(result.stdout.strip()) + return result.exit_code == 0 + + +def clone_repo(capsule: Capsule) -> bool: + try: + capsule.git.clone(REPO_URL, REPO_DIR) + capsule.commands.run(f"cd {REPO_DIR} && git checkout fix/large-operations") + print("OK [git clone]") + return True + except GitCommandError as e: + print(f"FAIL [git clone]: {e}", file=sys.stderr) + return False + + +def build_rust(capsule: Capsule) -> bool: + if run(capsule, f"mkdir -p {REPO_DIR}/builds") != 0: + return False + + # result = capsule.commands.run("file --version") + # print(result.stdout) + # result = capsule.commands.run( + # 'git rev-parse --short HEAD 2>/dev/null || echo "unknown"' + # ) + # commit = result.stdout + + # run(capsule, f"mkdir -p {REPO_DIR}/builds") + # result = capsule.commands.run("which musl-gcc") + # print(result.stdout) + + handle = capsule.commands.run( + "make build-envd", + background=True, + cwd=REPO_DIR, + envs={"PATH": RUST_PATH}, + ) + print(f"rust build started (pid={handle.pid}), streaming output...") + + exit_code = 0 + for event in capsule.commands.connect(handle.pid): + if isinstance(event, StreamStdoutEvent): + print(event.data, end="") + elif isinstance(event, StreamStderrEvent): + print(event.data, end="", file=sys.stderr) + elif isinstance(event, StreamExitEvent): + exit_code = event.exit_code + + if exit_code != 0: + print(f"FAIL [rust build]: exit={exit_code}", file=sys.stderr) + return False + + print("OK [rust build]") + + # if ( + # run( + # capsule, + # f"cp {REPO_DIR}/envd-rs/target/x86_64-unknown-linux-musl/release/envd {REPO_DIR}/builds/envd", + # envs={"BIN_DIR": REPO_DIR}, + # ) + # != 0 + # ): + # return False + + # result = capsule.commands.run(f"readelf -d {REPO_DIR}/builds/envd 2>&1") + # print(result.stdout, end="") + # if result.stderr: + # print(result.stderr, end="", file=sys.stderr) + # result = capsule.commands.run(f"file {REPO_DIR}/builds/envd 2>&1") + # print(result.stdout) + return True + + +def download_artifacts(capsule: Capsule) -> bool: + version = read_envd_version(capsule) + remote_path = f"{REPO_DIR}/builds/envd" + local_dir = os.path.normpath(BUILDS_DIR) + local_name = f"envd-{version}" + local_path = os.path.join(local_dir, local_name) + os.makedirs(local_dir, exist_ok=True) + + print(f"Downloading envd as {local_name}...") + with open(local_path, "wb") as f: + for chunk in capsule.files.download_stream(remote_path): + f.write(chunk) + + print(f"OK [download {local_name}]") + return True + + +def main() -> None: + with Capsule(wait=True, vcpus=4, memory_mb=4096) as capsule: + print(f"Capsule: {capsule.capsule_id}") + if not install_rust(capsule): + sys.exit(1) + if not clone_repo(capsule): + sys.exit(1) + if not build_rust(capsule): + sys.exit(1) + if not download_artifacts(capsule): + sys.exit(1) + print("Done.") + + +if __name__ == "__main__": + main() diff --git a/.woodpecker/scripts/publish_github.py b/.woodpecker/scripts/publish_github.py new file mode 100644 index 0000000..b88908d --- /dev/null +++ b/.woodpecker/scripts/publish_github.py @@ -0,0 +1,104 @@ +import os +import sys +from pathlib import Path + +import httpx + +GITHUB_REPO = "R3dRum92/wrenn-releases" +GITHUB_API = "https://api.github.com" +GITHUB_UPLOADS = "https://uploads.github.com" +BUILDS_DIR = "builds" +VERSION_FILE = "VERSION_CP" +NOTES_FILE = os.path.join(".woodpecker", "release_notes.md") + + +def main() -> None: + token = os.environ["GITHUB_TOKEN"] + + with open(VERSION_FILE) as f: + version = f.read().strip() + tag = f"v{version}" + + release_notes = "" + if os.path.exists(NOTES_FILE): + with open(NOTES_FILE) as f: + release_notes = f.read() + + headers = { + "Authorization": f"token {token}", + "Accept": "application/vnd.github+json", + "X-GitHub-Api-Version": "2022-11-28", + } + + client = httpx.Client(headers=headers, timeout=60) + + print(f"Creating GitHub release for {tag}...") + resp = client.post( + f"{GITHUB_API}/repos/{GITHUB_REPO}/releases", + json={ + "tag_name": tag, + "name": tag, + "body": release_notes, + "draft": False, + "prerelease": False, + }, + ) + if resp.status_code == 422: + print(f"WARN [create release]: release for {tag} already exists, skipping") + data = resp.json() + errors = data.get("errors", []) + if errors: + existing_url = errors[0].get("documentation_url", "") + print(f" See: {existing_url}") + client.close() + return + if resp.status_code != 201: + print(f"FAIL [create release]: {resp.status_code} {resp.text}", file=sys.stderr) + client.close() + sys.exit(1) + + release_data = resp.json() + release_id = release_data["id"] + release_url = release_data.get("html_url", "") + print(f"OK [create release] id={release_id}") + + builds_path = Path(BUILDS_DIR) + if not builds_path.exists(): + print(f"No {BUILDS_DIR}/ directory found, skipping asset upload") + client.close() + print(f"Release published: {release_url}") + return + + upload_headers = { + **headers, + "Content-Type": "application/octet-stream", + } + + for artifact in sorted(builds_path.iterdir()): + if artifact.is_dir(): + continue + print(f"Uploading {artifact.name}...") + + with open(artifact, "rb") as f: + data = f.read() + + resp = client.post( + f"{GITHUB_UPLOADS}/repos/{GITHUB_REPO}/releases/{release_id}/assets", + params={"name": artifact.name}, + headers=upload_headers, + content=data, + ) + if resp.status_code != 201: + print( + f"WARN [upload {artifact.name}]: {resp.status_code} {resp.text}", + file=sys.stderr, + ) + else: + print(f"OK [upload {artifact.name}]") + + client.close() + print(f"Release published: {release_url}") + + +if __name__ == "__main__": + main() diff --git a/.woodpecker/scripts/release_notes.py b/.woodpecker/scripts/release_notes.py new file mode 100644 index 0000000..fdbb912 --- /dev/null +++ b/.woodpecker/scripts/release_notes.py @@ -0,0 +1,246 @@ +import base64 +import os +import sys + +from wrenn import Capsule + +REPO_URL = "https://git.omukk.dev/tksadik92/wrenn-releases.git" +REPO_DIR = "/opt/wrenn-releases" +CAPSULE_OUTPUT = "/tmp/release_notes.md" +LOCAL_OUTPUT = os.path.join(os.path.dirname(__file__), "..", "release_notes.md") + +# Default starting configuration +ZHIPU_API_KEY = os.environ.get("ZHIPU_API_KEY", "") +if ZHIPU_API_KEY: + DEFAULT_MODEL = "zhipuai-coding-plan/glm-5.1" +else: + DEFAULT_MODEL = "opencode/minimax-m2.5-free" + +RELEASE_NOTES_EXAMPLE = """ +## What's new +Sandbox HTTP proxying, terminal reliability, and auth robustness improvements. + +### Proxy +- Fixed redirect loops for apps served inside sandboxes (Python HTTP server, Jupyter, etc.) +- Proxy traffic no longer interferes with terminal and exec connections +- Services that take a moment to start up inside a sandbox are now retried instead of immediately failing + +### Terminal (PTY) +- Terminal input is no longer blocked by slow network conditions — fast typing no longer causes timeouts or disconnects +- Input bursts are coalesced into fewer round trips — lower latency under fast typing + +### Authentication +- WebSocket connections now authenticate correctly for both SDK clients (header-based) and browser clients (message-based) + +### Bug Fixes +- Fixed crash in envd when a process exits without a PTY +- Fixed goroutine leak on sandbox pause + +### Others +- Version bump +""".strip() + + +def run(capsule: Capsule, cmd: str, cwd: str | None = None, timeout: int = 30) -> int: + result = capsule.commands.run(cmd, cwd=cwd, timeout=timeout) + if result.exit_code != 0: + print(f"FAIL [{cmd.split()[0]}]: exit={result.exit_code}", file=sys.stderr) + if result.stderr: + print(result.stderr.strip(), file=sys.stderr) + return result.exit_code + print(f"OK [{cmd.split()[0]}]") + return 0 + + +def get_tags(capsule: Capsule) -> tuple[str, str | None]: + result = capsule.commands.run( + f"cd {REPO_DIR} && git tag --sort=-version:refname", + cwd=REPO_DIR, + timeout=30, + ) + if result.exit_code != 0: + print(f"FAIL [git tag]: {result.stderr}", file=sys.stderr) + sys.exit(1) + tags = [t for t in result.stdout.strip().split("\n") if t] + if not tags: + print("No tags found", file=sys.stderr) + sys.exit(1) + current_tag = tags[0] + previous_tag = tags[1] if len(tags) > 1 else None + print(f"Current tag: {current_tag}") + print(f"Previous tag: {previous_tag}") + return current_tag, previous_tag + + +def get_git_context( + capsule: Capsule, current_tag: str, previous_tag: str | None +) -> tuple[str, str]: + if previous_tag: + # FIX: Removed '-n 2' to ensure we grab ALL commits between the two tags + log_cmd = f"cd {REPO_DIR} && git log {previous_tag}..{current_tag} --pretty=format:'%s (%h)'" + else: + # Fallback to limit log size if this is the very first tag in the repo + log_cmd = ( + f"cd {REPO_DIR} && git log {current_tag} --pretty=format:'%s (%h)' -n 50" + ) + + log_result = capsule.commands.run(log_cmd, cwd=REPO_DIR, timeout=30) + if log_result.exit_code != 0: + print(f"FAIL [git log]: {log_result.stderr}", file=sys.stderr) + sys.exit(1) + + # git diff natively compares the entire tree state between tags + if previous_tag: + diff_cmd = f"cd {REPO_DIR} && git diff {previous_tag}..{current_tag} --stat" + else: + diff_cmd = f"cd {REPO_DIR} && git show {current_tag} --stat" + + diff_result = capsule.commands.run(diff_cmd, cwd=REPO_DIR, timeout=30) + if diff_result.exit_code != 0: + print(f"FAIL [git diff]: {diff_result.stderr}", file=sys.stderr) + sys.exit(1) + + return log_result.stdout.strip(), diff_result.stdout.strip() + + +def generate_release_notes( + capsule: Capsule, + current_tag: str, + git_log: str, + git_diff: str, + output_path: str, + model: str, +) -> None: + prompt = ( + f"You are writing release notes for version {current_tag} of a software project.\n\n" + f"Here is what changed between the previous version and this one:\n\n" + f"Commit messages:\n{git_log}\n\n" + f"Files and areas that changed:\n{git_diff}\n\n" + f"Write the release notes in plain, friendly language that any developer can understand " + f"without deep knowledge of the codebase. Avoid jargon like 'goroutine', 'PTY', 'envd', " + f"or internal function names — describe what the change means for the user instead. " + f"Group related changes under headings that reflect what actually changed. " + f"Only include sections that are relevant to these specific changes. " + f"Start with a short one-line summary of what this release is about. " + f"Keep each bullet point to one clear sentence.\n\n" + f"Here is an example of the style to aim for — not a template to copy:\n\n" + f"{RELEASE_NOTES_EXAMPLE}\n\n" + f"You MUST start the document with `## What's New`\n" + f"The very next line MUST be a single short summary sentence.\n" + f"Output only the markdown. No intro, no explanation." + f"CRITICAL: Do not output any conversational filler, acknowledgments, or thoughts " + f"like 'Let me look at the changes'. Output absolutely nothing except the final markdown." + ) + + prompt_b64 = base64.b64encode(prompt.encode("utf-8")).decode("utf-8") + + write_prompt_cmd = f"echo '{prompt_b64}' | base64 -d > /tmp/oc_prompt.txt" + + result = capsule.commands.run( + write_prompt_cmd, + cwd=REPO_DIR, + timeout=10, + ) + if result.exit_code != 0: + print(f"FAIL [write prompt]: {result.stderr}", file=sys.stderr) + sys.exit(1) + + # FIX: Wrapper function to handle execution and authentication dynamically + def run_opencode_with_model(target_model: str) -> int: + env = "" + if "zhipu" in target_model.lower(): + env = f"ZHIPU_API_KEY={os.environ.get('ZHIPU_API_KEY', '')}" + + cmd = ( + f"{env} " + f"~/.opencode/bin/opencode run " + f'"Read the attached file and generate the release notes. Output ONLY markdown." ' + f"--model {target_model} " + f"--file /tmp/oc_prompt.txt " + f"> {output_path}" + ) + + cmd_result = capsule.commands.run(cmd, cwd=REPO_DIR, timeout=120) + + if cmd_result.exit_code != 0: + print( + f"FAIL [opencode via {target_model}]: exit={cmd_result.exit_code}", + file=sys.stderr, + ) + print(f"STDOUT:\n{cmd_result.stdout}", file=sys.stderr) + print(f"STDERR:\n{cmd_result.stderr}", file=sys.stderr) + + return cmd_result.exit_code + + # First attempt with the target model + exit_status = run_opencode_with_model(model) + + # FIX: Catch failures (like Zhipu rate limits) and fallback to MiniMax + if exit_status != 0: + if "zhipu" in model.lower(): + print( + "\n[!] Zhipu AI failed (likely rate-limited). Falling back to MiniMax...", + file=sys.stderr, + ) + fallback_model = "opencode/minimax-m2.5-free" + exit_status = run_opencode_with_model(fallback_model) + if exit_status != 0: + print("FAIL: Fallback model also failed. Exiting.", file=sys.stderr) + sys.exit(1) + else: + sys.exit(1) + + result = capsule.commands.run(f"cat {output_path}") + print(result.stdout) + if result.stderr: + print(result.stderr) + + print(f"OK [opencode] release notes written to {output_path}") + + +def download_release_notes(capsule: Capsule) -> None: + local_path = os.path.normpath(LOCAL_OUTPUT) + os.makedirs(os.path.dirname(local_path), exist_ok=True) + + print(f"Downloading release notes from capsule...") + content = capsule.files.read_bytes(CAPSULE_OUTPUT) + with open(local_path, "wb") as f: + f.write(content) + + print(f"OK [download] release notes → {local_path}") + print(content.decode("utf-8", errors="replace")) + + +def main() -> None: + model = os.environ.get("OPENCODE_MODEL", DEFAULT_MODEL) + + with Capsule(template="opencode", wait=True, vcpus=2, memory_mb=2048) as capsule: + print(f"Capsule: {capsule.capsule_id}") + + capsule.git.clone( + REPO_URL, + REPO_DIR, + username="tksadik92", + ) + print("OK [git clone]") + + current_tag, previous_tag = get_tags(capsule) + git_log, git_diff = get_git_context(capsule, current_tag, previous_tag) + + # Note: This simply creates the directory string safely + output_path = os.path.normpath(CAPSULE_OUTPUT) + + generate_release_notes( + capsule, + current_tag, + git_log, + git_diff, + output_path, + model, + ) + + download_release_notes(capsule) + + +if __name__ == "__main__": + main()