Compare commits

...

5 Commits

Author SHA1 Message Date
unkinben 1cca9fef00 feat: testing develop build
- using the makerun image in k8s
2026-01-10 16:17:56 +11:00
unkinben 79a8553e9c Merge pull request 'Fix S3 SSL certificate validation and boto3 checksum compatibility' (#2) from benvin/boto3_fixes into master
Reviewed-on: #2
2026-01-08 23:55:42 +11:00
unkinben b7205e09a3 Fix S3 SSL certificate validation and boto3 checksum compatibility
- Add support for custom CA bundle via REQUESTS_CA_BUNDLE/SSL_CERT_FILE environment variables
- Configure boto3 client with custom SSL verification to support Ceph RadosGW through nginx proxy
- Maintain boto3 checksum validation configuration for compatibility with third-party S3 providers
- Resolves XAmzContentSHA256Mismatch errors when connecting to RadosGW endpoints

Fixes #4400 compatibility issue with boto3 v1.36+ stricter checksum validation
2026-01-08 23:54:39 +11:00
unkinben 1fb6b89a5f Merge pull request 'Fix boto3 XAmzContentSHA256Mismatch errors with Ceph RadosGW' (#1) from fix/boto3-checksum-validation into master
Reviewed-on: #1
2026-01-08 23:07:51 +11:00
unkinben f0f3cfda50 Fix boto3 XAmzContentSHA256Mismatch errors with Ceph RadosGW
- Configure boto3 client with when_required checksum calculation/validation
- Resolves compatibility issues between boto3 v1.36+ and S3-compatible providers
- Fixes 502 errors when uploading artifacts to storage backend

Refs: https://github.com/boto/boto3/issues/4400
2026-01-08 23:04:19 +11:00
3 changed files with 26 additions and 6 deletions
+4
View File
@@ -23,6 +23,10 @@ RUN wget -O /app/uv-x86_64-unknown-linux-musl.tar.gz https://github.com/astral-s
chmod +x /usr/local/bin/uv && \ chmod +x /usr/local/bin/uv && \
uv --version uv --version
# Copy CA bundle from host
COPY ca-bundle.pem /app/ca-bundle.pem
RUN chmod 644 /app/ca-bundle.pem
# Create non-root user first # Create non-root user first
RUN adduser -D -s /bin/sh appuser && \ RUN adduser -D -s /bin/sh appuser && \
chown -R appuser:appuser /app chown -R appuser:appuser /app
+2
View File
@@ -26,6 +26,8 @@ format:
uv run ruff format . uv run ruff format .
run: run:
uv venv --python 3.11 && \
source .venv/bin/activate && \
uv run python -m src.artifactapi.main uv run python -m src.artifactapi.main
docker-up: docker-up:
+20 -6
View File
@@ -2,6 +2,7 @@ import os
import hashlib import hashlib
from urllib.parse import urlparse from urllib.parse import urlparse
import boto3 import boto3
from botocore.config import Config
from botocore.exceptions import ClientError from botocore.exceptions import ClientError
from fastapi import HTTPException from fastapi import HTTPException
@@ -21,12 +22,25 @@ class S3Storage:
self.bucket = bucket self.bucket = bucket
self.secure = secure self.secure = secure
self.client = boto3.client( ca_bundle = os.environ.get('REQUESTS_CA_BUNDLE') or os.environ.get('SSL_CERT_FILE')
"s3", config_kwargs = {
endpoint_url=f"http{'s' if self.secure else ''}://{self.endpoint}", "request_checksum_calculation": "when_required",
aws_access_key_id=self.access_key, "response_checksum_validation": "when_required"
aws_secret_access_key=self.secret_key, }
) client_kwargs = {
"endpoint_url": f"http{'s' if self.secure else ''}://{self.endpoint}",
"aws_access_key_id": self.access_key,
"aws_secret_access_key": self.secret_key,
"config": Config(**config_kwargs)
}
if ca_bundle and os.path.exists(ca_bundle):
client_kwargs["verify"] = ca_bundle
print(f"Debug: Using CA bundle: {ca_bundle}")
else:
print(f"Debug: No CA bundle found. REQUESTS_CA_BUNDLE={os.environ.get('REQUESTS_CA_BUNDLE')}, SSL_CERT_FILE={os.environ.get('SSL_CERT_FILE')}")
self.client = boto3.client("s3", **client_kwargs)
# Try to ensure bucket exists, but don't fail if MinIO isn't ready yet # Try to ensure bucket exists, but don't fail if MinIO isn't ready yet
try: try: