pgserve 2.6.5 → 2.6.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +63 -0
- package/bin/postgres-server.js +41 -1
- package/package.json +1 -1
- package/scripts/fetch-postgres-bins.sh +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -14,6 +14,69 @@ All notable changes to `pgserve` are documented here. The format follows
|
|
|
14
14
|
[Keep a Changelog](https://keepachangelog.com/en/1.1.0/) and this project adheres
|
|
15
15
|
to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
16
16
|
|
|
17
|
+
## [2.6.7] - 2026-05-12
|
|
18
|
+
|
|
19
|
+
**Stability-focused follow-up to v2.6.6** — closes the missing
|
|
20
|
+
`autopg --version` handler that was causing every `Build *` platform
|
|
21
|
+
job to fail the real-mode tarball smoke gate at v2.6.4 / v2.6.5 / v2.6.6.
|
|
22
|
+
|
|
23
|
+
### Fixed
|
|
24
|
+
|
|
25
|
+
- `bin/postgres-server.js` — handle `autopg --version` / `autopg -v` by
|
|
26
|
+
emitting `autopg <VERSION>\n` and exiting 0. The compiled bun binary
|
|
27
|
+
is what `tests/integration/tarball-smoke.sh --real` exec-checks; the
|
|
28
|
+
previous fall-through to `printHelp() + exit 1` surfaced as the
|
|
29
|
+
misleading "binary not executable" smoke failure. Version resolution
|
|
30
|
+
honors (in order): the bun compile-time `--define BUILD_VERSION=...`
|
|
31
|
+
injection from `scripts/build-binary.sh:104`, the
|
|
32
|
+
`AUTOPG_BUILD_VERSION` env override, and the sibling `package.json`
|
|
33
|
+
for dev runs.
|
|
34
|
+
|
|
35
|
+
### What this unblocks
|
|
36
|
+
|
|
37
|
+
- Real-mode smoke gate now passes → Build Tarballs job uploads
|
|
38
|
+
per-platform artifacts.
|
|
39
|
+
- Sign + Attest workflow (workflow_run after Build Tarballs) actually
|
|
40
|
+
fires with non-empty inputs → cosign sign-blob, SLSA L3 provenance,
|
|
41
|
+
and GitHub Attestations API attestation per tarball succeed.
|
|
42
|
+
- release-publish workflow (workflow_run after Sign + Attest) creates
|
|
43
|
+
the `v2.6.7` GitHub Release with the 12 signed assets (4 platforms
|
|
44
|
+
× tarball + bundle + intoto.jsonl) attached.
|
|
45
|
+
|
|
46
|
+
### Same payload as v2.6.4 / v2.6.5 / v2.6.6
|
|
47
|
+
|
|
48
|
+
The npm runtime surface is identical across the 2.6.4–2.6.7 cluster.
|
|
49
|
+
Consumers like `@withone/cli` (`pgserve: ^2.2.3`) pick up the latest
|
|
50
|
+
on next install regardless of which version they previously resolved.
|
|
51
|
+
v2.6.7 is the version that ALSO ships the GH Release with signed
|
|
52
|
+
tarballs — that's the only delta visible to operators.
|
|
53
|
+
|
|
54
|
+
## [2.6.6] - 2026-05-12
|
|
55
|
+
|
|
56
|
+
**Hot-fix follow-up to v2.6.5.** v2.6.5 published to npm but build-tarballs
|
|
57
|
+
still failed with the same `scratch: unbound variable` error because
|
|
58
|
+
v2.6.5's fix (initialize `local scratch=""` before the trap) wasn't
|
|
59
|
+
sufficient — bash's RETURN trap appears to evaluate `$scratch` AFTER
|
|
60
|
+
the function frame is popped, in the parent scope where the local
|
|
61
|
+
is no longer visible.
|
|
62
|
+
|
|
63
|
+
### Fixed
|
|
64
|
+
|
|
65
|
+
- `scripts/fetch-postgres-bins.sh` (both `stage_from_pkg` and
|
|
66
|
+
`stage_from_url`) — make the RETURN trap unbound-safe regardless of
|
|
67
|
+
bash function-scope quirks by guarding the rm with
|
|
68
|
+
`[[ -n "${scratch:-}" ]] && rm -rf "$scratch"`. Defensive default-empty
|
|
69
|
+
expansion protects against:
|
|
70
|
+
- in-function fire (normal): scratch is a tempdir → rm runs
|
|
71
|
+
- out-of-function fire (bash 5.x scope quirk): scratch is empty → skipped
|
|
72
|
+
- pre-mktemp fire (early return): scratch is empty → skipped
|
|
73
|
+
|
|
74
|
+
### Same payload as v2.6.5
|
|
75
|
+
|
|
76
|
+
All v2.6.4 + v2.6.5 changes carry forward. v2.6.6 is purely the
|
|
77
|
+
build-tarballs / GH Releases completion. The npm runtime surface is
|
|
78
|
+
identical across v2.6.4/5/6.
|
|
79
|
+
|
|
17
80
|
## [2.6.5] - 2026-05-12
|
|
18
81
|
|
|
19
82
|
**Hot-fix follow-up to v2.6.4.** v2.6.4 published to npm cleanly but the
|
package/bin/postgres-server.js
CHANGED
|
@@ -33,7 +33,47 @@ process.on('uncaughtException', (error) => {
|
|
|
33
33
|
|
|
34
34
|
const args = process.argv.slice(2);
|
|
35
35
|
|
|
36
|
-
|
|
36
|
+
// `--version` / `-v` short-circuit — the compiled `autopg` binary
|
|
37
|
+
// (bun --compile of this entry point) is the artifact that
|
|
38
|
+
// `tests/integration/tarball-smoke.sh --real` exec-checks with
|
|
39
|
+
// `autopg --version`. Without this branch the binary falls through to
|
|
40
|
+
// `printHelp() + exit 1` and surfaces as the misleading
|
|
41
|
+
// "binary not executable" smoke failure across every platform build.
|
|
42
|
+
//
|
|
43
|
+
// Version resolution order:
|
|
44
|
+
// 1. BUILD_VERSION compile-time constant (bun --compile --define BUILD_VERSION="'<v>'"
|
|
45
|
+
// from scripts/build-binary.sh:104 — replaces the identifier in the
|
|
46
|
+
// compiled binary with the literal version string)
|
|
47
|
+
// 2. AUTOPG_BUILD_VERSION env (operator override / dev runs)
|
|
48
|
+
// 3. package.json sibling (dev runs from source via `bun bin/postgres-server.js`)
|
|
49
|
+
// 4. literal 'unknown' (defensive)
|
|
50
|
+
if (args[0] === '--version' || args[0] === '-v') {
|
|
51
|
+
let version = 'unknown';
|
|
52
|
+
// The compile-time --define replaces the bare identifier; wrap in
|
|
53
|
+
// typeof check so the source still parses + runs in non-compiled
|
|
54
|
+
// contexts where BUILD_VERSION is genuinely undefined.
|
|
55
|
+
|
|
56
|
+
if (typeof BUILD_VERSION !== 'undefined' && BUILD_VERSION) {
|
|
57
|
+
|
|
58
|
+
version = BUILD_VERSION;
|
|
59
|
+
} else if (typeof process.env.AUTOPG_BUILD_VERSION === 'string' && process.env.AUTOPG_BUILD_VERSION.length > 0) {
|
|
60
|
+
version = process.env.AUTOPG_BUILD_VERSION;
|
|
61
|
+
} else {
|
|
62
|
+
try {
|
|
63
|
+
const { readFileSync } = await import('node:fs');
|
|
64
|
+
const { fileURLToPath } = await import('node:url');
|
|
65
|
+
const { dirname, join } = await import('node:path');
|
|
66
|
+
const here = dirname(fileURLToPath(import.meta.url));
|
|
67
|
+
const pkg = JSON.parse(readFileSync(join(here, '..', 'package.json'), 'utf8'));
|
|
68
|
+
version = pkg.version;
|
|
69
|
+
} catch {
|
|
70
|
+
// fall through to 'unknown'
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
// tarball-smoke.sh asserts `autopg ${VERSION}` on stdout line 1.
|
|
74
|
+
process.stdout.write(`autopg ${version}\n`);
|
|
75
|
+
process.exit(0);
|
|
76
|
+
} else if (args[0] === 'postmaster') {
|
|
37
77
|
await runPostmasterSubcommand(args.slice(1));
|
|
38
78
|
} else if (args[0] === 'serve') {
|
|
39
79
|
// Alias `serve` → `postmaster` for symmetry with the v2.3 alias surface.
|
package/package.json
CHANGED
|
@@ -117,7 +117,7 @@ stage_from_pkg() {
|
|
|
117
117
|
# `scratch: unbound variable` and mask the real fetch error
|
|
118
118
|
# (chatgpt-codex P2 review on PR #84).
|
|
119
119
|
local scratch=""
|
|
120
|
-
trap 'rm -rf "$scratch"' RETURN
|
|
120
|
+
trap '[[ -n "${scratch:-}" ]] && rm -rf "$scratch"' RETURN
|
|
121
121
|
scratch=$(mktemp -d) || return 1
|
|
122
122
|
|
|
123
123
|
pushd "$scratch" >/dev/null
|
|
@@ -161,7 +161,7 @@ stage_from_url() {
|
|
|
161
161
|
# masking the real fetch error (codex P2 review on PR #84 fixed this
|
|
162
162
|
# for stage_from_pkg; stage_from_url was missed at the time).
|
|
163
163
|
local scratch=""
|
|
164
|
-
trap 'rm -rf "$scratch"' RETURN
|
|
164
|
+
trap '[[ -n "${scratch:-}" ]] && rm -rf "$scratch"' RETURN
|
|
165
165
|
scratch=$(mktemp -d) || return 1
|
|
166
166
|
|
|
167
167
|
curl -fsSL "$url" -o "${scratch}/pg.tar.gz"
|