test promote action

Author: stevensJourney

.github/workflows/onPushPackaging.yml

@@ -85,3 +85,10 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_REGION: ${{ vars.AWS_REGION }}
           AWS_DEFAULT_REGION: ${{ vars.AWS_REGION }}
+      - name: Promote uploaded build and generate indexes
+        run: pnpm -C cli exec oclif promote --root . --version $(node -p "require('./package.json').version") --sha ${GITHUB_SHA::7} --channel stable --indexes --xz --ignore-missing
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_REGION: ${{ vars.AWS_REGION }}
+          AWS_DEFAULT_REGION: ${{ vars.AWS_REGION }}

cli/README.md

@@ -290,6 +290,7 @@ See [docs/usage.md](../docs/usage.md) for full usage and resolution order (flags
 - [`powersync pull instance`](#powersync-pull-instance)
 - [`powersync status`](#powersync-status)
 - [`powersync stop`](#powersync-stop)
+- [`powersync update [CHANNEL]`](#powersync-update-channel)
 - [`powersync validate`](#powersync-validate)
 
 ## `powersync autocomplete [SHELL]`
@@ -1453,6 +1454,44 @@ EXAMPLES
 
 _See code: [src/commands/stop.ts](https://github.com/powersync-ja/powersync-js/blob/v0.0.0/src/commands/stop.ts)_
 
+## `powersync update [CHANNEL]`
+
+update the powersync CLI
+
+```
+USAGE
+  $ powersync update [CHANNEL] [--force |  | [-a | -v <value> | -i]] [-b ]
+
+FLAGS
+  -a, --available        See available versions.
+  -b, --verbose          Show more details about the available versions.
+  -i, --interactive      Interactively select version to install. This is ignored if a channel is provided.
+  -v, --version=<value>  Install a specific version.
+      --force            Force a re-download of the requested version.
+
+DESCRIPTION
+  update the powersync CLI
+
+EXAMPLES
+  Update to the stable channel:
+
+    $ powersync update stable
+
+  Update to a specific version:
+
+    $ powersync update --version 1.0.0
+
+  Interactively select version:
+
+    $ powersync update --interactive
+
+  See available versions:
+
+    $ powersync update --available
+```
+
+_See code: [@oclif/plugin-update](https://github.com/oclif/plugin-update/blob/v4.7.19/src/commands/update.ts)_
+
 ## `powersync validate`
 
 Validate config schema, connections, and sync config before deploy.

cli/package.json

@@ -15,6 +15,7 @@
     "@oclif/plugin-commands": "^4.1.40",
     "@oclif/plugin-help": "^6",
     "@oclif/plugin-plugins": "^5",
+    "@oclif/plugin-update": "^4.7.19",
     "@powersync-community/sync-config-rewriter": "^0.1.1",
     "@powersync/cli-core": "workspace:*",
     "@powersync/cli-plugin-docker": "workspace:*",
@@ -86,7 +87,8 @@
       "@oclif/plugin-plugins",
       "@powersync/cli-plugin-docker",
       "@oclif/plugin-autocomplete",
-      "@oclif/plugin-commands"
+      "@oclif/plugin-commands",
+      "@oclif/plugin-update"
     ],
     "topicSeparator": " ",
     "topics": {

patches/oclif@4.22.81.patch

@@ -54,6 +54,26 @@ index 9a255a011cbbfb34a337f67bcbabbbffdaf65c11..006b8eb0ee5432825cf48287c5e46077
              const { windows } = config.pjson.oclif;
              if (windows && windows.name && windows.keypath) {
                  await signWindows(o, arch, config, windows);
+diff --git a/lib/commands/promote.js b/lib/commands/promote.js
+index 680417fe220d77f81ae239130c4ba55602b09497..a16b2db7237f152036434b8ee202d7d35b1bd6b2 100644
+--- a/lib/commands/promote.js
++++ b/lib/commands/promote.js
+@@ -80,11 +80,14 @@ class Promote extends core_1.Command {
+         };
+         if (!s3Config.bucket)
+             this.error('Cannot determine S3 bucket for promotion');
++        // Buckets with Object Ownership = bucket-owner-enforced reject ACL headers.
++        // Only pass ACL when explicitly configured in package.json.
++        const resolvedAcl = typeof s3Config.acl === 'string' ? s3Config.acl.trim() : undefined;
+         const awsDefaults = {
+-            ACL: s3Config.acl ?? client_s3_1.ObjectCannedACL.public_read,
+             Bucket: s3Config.bucket,
+             CacheControl: indexDefaults.maxAge,
+             MetadataDirective: client_s3_1.MetadataDirective.REPLACE,
++            ...(resolvedAcl ? { ACL: resolvedAcl } : {}),
+         };
+         const cloudBucketCommitKey = (shortKey) => node_path_1.default.posix.join(s3Config.bucket, (0, upload_util_1.commitAWSDir)(flags.version, flags.sha, s3Config), shortKey);
+         const cloudChannelKey = (shortKey) => node_path_1.default.posix.join((0, upload_util_1.channelAWSDir)(flags.channel, s3Config), shortKey);
 diff --git a/lib/commands/upload/tarballs.js b/lib/commands/upload/tarballs.js
 index 1ee76bdc4297e515879ebe6489ad42af632bb6f4..bea8d7379a52005806983b04526cd02030bc6edd 100644
 --- a/lib/commands/upload/tarballs.js
@@ -130,3 +150,21 @@ index cbae61146324ef6ac0935c625b7858007ac238d1..4f3f145fc148ef9b76c61b27f99db6b7
      else {
          const lockpath = (0, node_fs_1.existsSync)(node_path_1.default.join(c.root, 'package-lock.json'))
              ? node_path_1.default.join(c.root, 'package-lock.json')
+diff --git a/lib/version-indexes.js b/lib/version-indexes.js
+index 5d9686f486b1e9f5acf375f9e6a0eb06a3ca407f..ab3b55d02b81e74e2817fd686aa909bb91f05503 100644
+--- a/lib/version-indexes.js
++++ b/lib/version-indexes.js
+@@ -105,11 +105,12 @@ const appendToIndex = async (input) => {
+         [version]: originalUrl.replace(s3Config.bucket, s3Config.host),
+     }, s3Config.indexVersionLimit), { spaces: 2 });
+     // put the file back in the same place
++    const resolvedAcl = typeof s3Config.acl === 'string' ? s3Config.acl.trim() : undefined;
+     await aws_1.default.s3.uploadFile(jsonFileName, {
+-        ACL: s3Config.acl ?? client_s3_1.ObjectCannedACL.public_read,
+         Bucket: s3Config.bucket,
+         CacheControl: maxAge,
+         Key: key,
++        ...(resolvedAcl ? { ACL: resolvedAcl } : {}),
+     }, {
+         dryRun: input.dryRun,
+     });