clockworklabs · bfops · Apr 19, 2025 · Apr 18, 2025 · Apr 18, 2025 · Apr 18, 2025
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -218,3 +218,44 @@ jobs:
 
       - name: Run bindgen tests
         run: cargo test -p spacetimedb-cli
+
+  update:
+    name: Test spacetimedb-update flow
+    permissions: read-all
+    strategy:
+      matrix:
+        include:
+          - { target: x86_64-unknown-linux-gnu, runner: spacetimedb-runner }
+          - { target: aarch64-unknown-linux-gnu, runner: arm-runner }
+          - { target: aarch64-apple-darwin, runner: macos-latest }
+          - { target: x86_64-pc-windows-msvc, runner: windows-latest }
+    runs-on: ${{ matrix.runner }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Install Rust
+        uses: dsherret/rust-toolchain-file@v1
+
+      - name: Install rust target
+        run: rustup target add ${{ matrix.target }}
+
+      - name: Install packages
+        if: ${{ matrix.runner == 'arm-runner' }}
+        shell: bash
+        run: sudo apt install libssl-dev
+
+      - name: Build spacetimedb-update
+        run: cargo build --features github-token-auth --target ${{ matrix.target }} -p spacetimedb-update
+
+      - name: Run self-install
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        shell: bash
+        run: |
+          ROOT_DIR="$(mktemp -d)"
+          # NOTE(bfops): We need the `github-token-auth` feature because we otherwise tend to get ratelimited when we try to fetch `/releases/latest`.
+          # My best guess is that, on the GitHub runners, the "anonymous" ratelimit is shared by *all* users of that runner (I think this because it
+          # happens very frequently on the `macos-runner`, but we haven't seen it on any others).
+          cargo run --features github-token-auth --target ${{ matrix.target }} -p spacetimedb-update -- self-install --root-dir="${ROOT_DIR}" --yes
+          "${ROOT_DIR}"/spacetime --root-dir="${ROOT_DIR}" help
diff --git a/crates/update/Cargo.toml b/crates/update/Cargo.toml
@@ -6,6 +6,11 @@ rust-version.workspace = true
 license-file = "LICENSE"
 publish = false
 
+[features]
+# NOTE(bfops): This is not a well-thought-through feature. It's really only meant for internal testing/debugging.
+# Specifically, we use it in some CI.
+github-token-auth = []
+
 [dependencies]
 spacetimedb-paths.workspace = true
 

diff --git a/crates/update/src/cli.rs b/crates/update/src/cli.rs
@@ -89,9 +89,19 @@ enum VersionSubcommand {
 }
 
 fn reqwest_client() -> anyhow::Result<reqwest::Client> {
-    Ok(reqwest::Client::builder()
-        .user_agent(format!("SpacetimeDB CLI/{}", env!("CARGO_PKG_VERSION")))
-        .build()?)
+    let mut client = reqwest::Client::builder();
+    #[cfg(feature = "github-token-auth")]
+    {
+        use reqwest::header;
+        if let Ok(token) = std::env::var("GITHUB_TOKEN") {
+            eprintln!("HTTP requests will use the GITHUB_TOKEN from your environment");
+            let mut headers = header::HeaderMap::new();
+            headers.insert(header::AUTHORIZATION, format!("Bearer {}", token).parse().unwrap());
+            client = client.default_headers(headers);
+        }
+    }
+    client = client.user_agent(format!("SpacetimeDB CLI/{}", env!("CARGO_PKG_VERSION")));
+    Ok(client.build()?)
 }
 
 fn tokio_block_on<Fut: Future>(fut: Fut) -> anyhow::Result<Fut::Output> {