feat(windows): bundle full Git-for-Windows toolchain for the shell tool#1145
Draft
wpfleger96 wants to merge 3 commits into
Draft
feat(windows): bundle full Git-for-Windows toolchain for the shell tool#1145wpfleger96 wants to merge 3 commits into
wpfleger96 wants to merge 3 commits into
Conversation
The Windows bundle shipped a stripped MSYS2-bash-only tree (stage-windows-bash.sh dropped mingw64/), so a bare host had bash + coreutils but no git/jq/curl — the first Windows agent confirmed all three absent. Keep the whole PortableGit tree instead and flip the resolver to the bin/bash.exe launcher, which sets MSYSTEM and prepends mingw64/bin to the in-shell PATH; that single entry-point change makes git/jq/curl resolve with no Rust-side PATH injection. Version the staging marker (.stage-complete-v2) so an upgrade over the old mingw64-less layout re-stages rather than short-circuiting behind a stale 'complete' marker, and assert git.exe landed before writing it. Extend the CI smoke-test to spawn the launcher under a bare PATH and prove git/jq/curl resolve from the bundle and git commits — the launcher's non-login -c PATH behavior still needs a real bare-Windows host to confirm end to end. Co-authored-by: Will Pfleger <pfleger.will@gmail.com> Signed-off-by: Will Pfleger <pfleger.will@gmail.com>
The Windows smoke-test asserted resolved tools matched */git-bash/*, but under the launcher's MSYS environment command -v reports POSIX mount paths (/mingw64/bin/git, /usr/bin/jq) where /mingw64 and /usr are the staged tree's own subdirs — so the check rejected a correctly-bundled git. The launcher flip itself worked: CI proved git resolved to /mingw64/bin/git under a bare non-login -c spawn, confirming the launcher prepends mingw64/bin to PATH as designed. Accept the MSYS mounts (safe because PATH is stripped bare, so they can only be the bundle) and reject host /c/... drive paths. Co-authored-by: Will Pfleger <pfleger.will@gmail.com> Signed-off-by: Will Pfleger <pfleger.will@gmail.com>
…aged tree Three changes from review of the full-toolchain bundle: - jq is not shipped in PortableGit (verified at source against the 2.54.0 SFX: curl and cygpath present, jq absent), so vendor the pinned standalone jq.exe (1.8.1, SHA-256 verified) into mingw64/bin where it resolves alongside git/curl through the launcher. A checksum mismatch fails the stage. - Anchor the CI git/jq/curl origin check to the actual staged tree: cygpath -m the resolved tool back to its real path and assert it sits under $stage_dir, instead of a bare /mingw64|/usr mount-shape match that any such-shaped path would satisfy. - Note curl is the one tool with a System32 twin, and soften the bare-PATH comment to 'stricter than a bare host' since the test strips ambient PATH rather than mirroring it. Co-authored-by: Will Pfleger <pfleger.will@gmail.com> Signed-off-by: Will Pfleger <pfleger.will@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The Windows bundle shipped a stripped MSYS2-bash-only tree —
scripts/stage-windows-bash.shdropped themingw64/subtree — so a bare host gotbash+ coreutils but nogit,jq, orcurl. The first Windows agent confirmed all three absent, which blocks theREPOS/clone/commit/push workflow and anyjq-piped CLI use. The nostr commit-identity plumbing (git-credential-nostr/git-sign-nostr/GIT_CONFIG_*) has always needed agitbinary onPATHit never had on a bare box.This keeps the single
bash -ccontract (no per-OS shell fork) and changes the bundle to a full real toolchain.What changed
mingw64/(scripts/stage-windows-bash.sh). The whole PortableGit tree is staged —git.exepluscurland fullsed/awk/grep/findlive insidemingw64\bin. The tree is kept as the untouched closure git-for-windows ships; no hand-trimming (the same lazy-load hazard the script already documents forusr/applies tomingw64/).jq.exe(scripts/stage-windows-bash.sh).jqis not part of git-for-windows, so the standalone staticjq.exe(1.8.1, a single binary with no DLL closure) is fetched intomingw64\binalongsidegit/curland verified against a pinned SHA-256 before it lands — a checksum mismatch fails the stage.crates/buzz-dev-mcp/src/shell.rs).BUNDLED_BASH_RELmoves fromgit-bash\usr\bin\bash.exetogit-bash\bin\bash.exe. Withmingw64/present the tree matches a real Git-for-Windows install, so the launcher is the correct entry: it setsMSYSTEM=MINGW64and prependsmingw64\binto the in-shellPATH. That entry-point flip is the one change that makesgit/jq/curlresolve inside the agent's shell — no Rust-sidePATHinjection needed. The bundled and installed-Git branches now share the samebin\bash.exeentry..stage-complete-v2(scripts/stage-windows-bash.sh). An upgrade over the oldmingw64-less layout would otherwise short-circuit the re-stage behind a stale.stage-completeand leavegitsilently absent. The integrity check assertsmingw64\bin\git.exeandmingw64\bin\jq.exelanded before the marker is written..github/workflows/ci.yml) to spawn the launcher under a deliberately barePATH(stripped to the Windows system dir, stricter than a bare host) and assertgit/jq/curleach resolve to a path anchored under the staged tree —cygpath -mtranslates the resolved tool back to its real Windows location and the check requires the$stage_dirprefix, not a bare mount shape. Agit commitround-trips to provegitis functional.scripts/bundle-sidecars.shanddesktop/scripts/build-release-config.mjs.Verification status
The CI smoke-test confirmed on the real Windows runner that the launcher prepends
mingw64\bintoPATHunder a non-login-cspawn andgitresolves from the bundle. The CI job stages only empty sidecar placeholders, so it cannot exercise the end-to-end nostr-signed commit — that, plus confirming resolution on a real install with no host Git (the resolver prefers an installed Git, which would mask a broken bundle), is verified separately on a bare Windows host before this ships.Language toolchains (Node / Python / Rust) stay host-assumed for v1; this bundles
git,jq, and the Git-for-Windows shell tooling.