feat: use download_pingcap_oci_artifact.sh download artifacts

[lybcodes]

No description provided.

[ti-chi-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign wuhuizuo for approval. For more information see the Code Review Process.
Please ensure that each of them provides their approval before proceeding.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• pipelines/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ti-chi-bot]

I have already done a preliminary review for you, and I hope to help you do a better job.

Summary:
This PR replaces the existing artifact download scripts in several Jenkins pipeline Groovy files with a new centralized script download_pingcap_oci_artifact.sh to fetch PingCAP OCI artifacts. The approach refactors the download steps to use OCI tags computed from PR metadata and standardizes the artifact retrieval mechanism. Overall, the changes improve consistency and maintainability but introduce some repetitive code across pipelines and lack error handling around the new script execution.

---

Critical Issues

• Lack of error handling for artifact downloads

  • Files: pull_br_integration_test.groovy (lines ~81), pull_integration_e2e_test.groovy (lines ~40), pull_lightning_integration_test.groovy (lines ~44)
  • Issue: The shell commands invoking download_pingcap_oci_artifact.sh do not check for failure explicitly. If downloads fail, subsequent commands (mv, execution of binaries) might cause confusing errors or false positives in the pipeline run.
  • Suggestion: Add set -e or explicit error checks after the download command to fail fast on errors. For example:

    set -e
    ${WORKSPACE}/scripts/artifacts/download_pingcap_oci_artifact.sh --pd=${OCI_TAG_PD} ...

    or check exit status explicitly and fail with a descriptive message.

• Silent failure in mv commands due to || true

  • Files: multiple pipeline scripts, e.g. pull_br_integration_test.groovy
  • Issue: Using mv ... || true suppresses errors that might arise if the expected files are missing. This could hide problems where artifacts are not downloaded properly.
  • Suggestion: Remove || true and ensure the script fails if expected binaries are missing, or add checks before moving files to confirm their presence.

---

Code Improvements

• DRY: Repeated OCI tag computation and environment declarations

  • Files: all modified pipeline Groovy files (pull_br_integration_test.groovy, pull_integration_e2e_test.groovy, pull_lightning_integration_test.groovy)
  • Issue: The same OCI tag computations and environment variable declarations are repeated in each pipeline script with very similar code.
  • Suggestion: Extract common logic into a shared Groovy function or Jenkins shared library step to compute OCI tags and define environment variables once, improving maintainability and reducing duplication.

• Inconsistent directory handling after downloads

  • Issue: The logic to move binaries varies slightly between pipelines (some use bin, others third_bin), and the handling of the tiflash directory differs.
  • Suggestion: Standardize the target binary directory across pipelines or parameterize the directory name to avoid confusion and simplify maintenance.

• Missing comments/documentation on new script usage

  • Issue: The new download_pingcap_oci_artifact.sh script usage is not explained anywhere in the pipeline scripts. This makes it harder for new contributors to understand the artifact download mechanism.
  • Suggestion: Add comments describing what the script does, the meaning of OCI tags, and expected directory structures after download.

---

Best Practices

• Add testing or validation for the new artifact download flow

  • Issue: No indication of tests or validation steps added to ensure the new artifact download script works as expected in CI pipelines.
  • Suggestion: Add unit or integration tests for download_pingcap_oci_artifact.sh if possible, or pipeline-level smoke tests to verify artifacts are correctly downloaded and executable.

• Use consistent naming for environment variables

  • Issue: OCI_ARTIFACT_HOST is declared but never used within the Groovy script snippets. This might cause confusion or misconfiguration.
  • Suggestion: Either remove unused environment variables or ensure they are referenced properly in the download script or elsewhere.

• Style: Use multiline Groovy strings consistently

  • Issue: Some shell scripts are passed as multiline strings with triple double-quotes ("""), while others are not documented or inconsistent.
  • Suggestion: Standardize on multiline strings and format shell commands for readability, including indentations aligned with Groovy's style.

---

Summary Action Items:

• Add error handling around download_pingcap_oci_artifact.sh calls.
• Remove or rethink || true on mv commands to catch missing files.
• Extract OCI tag computation and environment setup into reusable code.
• Add comments explaining the artifact download process.
• Validate the new download script usage with tests or pipeline checks.
• Clean up unused environment variables.
• Standardize directory and naming conventions across pipelines.

[gemini-code-assist]

Summary of Changes

Hello @lybcodes, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request modernizes the artifact retrieval process across several critical Jenkins integration test pipelines. By migrating from a legacy file server to an OCI artifact registry and implementing a new, unified download script, it standardizes how components like PD, TiKV, TiFlash, and TiCDC are fetched. This change enhances the reliability and maintainability of the build system, ensuring that tests consistently use correctly versioned artifacts and streamlining future updates to the artifact distribution method.

Highlights

• Artifact Download Mechanism Update: The pull request transitions the Jenkins pipelines from using a generic file server (fileserver.pingcap.net) and a custom download_integration_test_binaries.sh script to a more standardized OCI artifact registry (hub-zot.pingcap.net/mirrors/hub) and a new download_pingcap_oci_artifact.sh script.
• OCI Tag Integration: New OCI tags (OCI_TAG_PD, OCI_TAG_TIKV, OCI_TAG_TIFLASH, and OCI_TAG_TICDC for e2e tests) are introduced and computed dynamically based on the PR details, allowing for precise versioning and retrieval of component artifacts.
• Pipeline Refactoring: The artifact download steps in pull_br_integration_test.groovy, pull_integration_e2e_test.groovy, and pull_lightning_integration_test.groovy have been refactored to utilize a dedicated container("utils") for executing the new OCI artifact download script, simplifying the download logic and improving consistency.

Changelog

• pipelines/pingcap/tidb/latest/pull_br_integration_test.groovy
  • Introduced OCI_TAG_PD, OCI_TAG_TIKV, and OCI_TAG_TIFLASH variables for artifact versioning.
  • Replaced FILE_SERVER_URL with OCI_ARTIFACT_HOST pointing to the OCI registry.
  • Updated the artifact download logic to use download_pingcap_oci_artifact.sh within a container("utils") block, removing the otherComponentBranch calculation.
• pipelines/pingcap/tidb/latest/pull_integration_e2e_test.groovy
  • Introduced OCI_TAG_PD, OCI_TAG_TIKV, OCI_TAG_TIFLASH, and OCI_TAG_TICDC variables for artifact versioning.
  • Replaced FILE_SERVER_URL with OCI_ARTIFACT_HOST pointing to the OCI registry.
  • Updated the artifact download logic to use download_pingcap_oci_artifact.sh within a container("utils") block, removing the otherComponentBranch calculation and adjusting binary movement to third_bin.
• pipelines/pingcap/tidb/latest/pull_lightning_integration_test.groovy
  • Introduced OCI_TAG_PD, OCI_TAG_TIKV, and OCI_TAG_TIFLASH variables for artifact versioning.
  • Replaced FILE_SERVER_URL with OCI_ARTIFACT_HOST pointing to the OCI registry.
  • Updated the artifact download logic to use download_pingcap_oci_artifact.sh within a container("utils") block, removing the otherComponentBranch calculation.

Activity

• No specific activity (comments, reviews, etc.) was provided in the context for this pull request.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request refactors the CI pipelines to download dependencies as OCI artifacts instead of from a file server. This is a great improvement for reliability and standardization of CI artifacts. My review includes suggestions to improve the robustness of the shell scripts used for handling these artifacts by removing unnecessary error suppression, which will make potential issues easier to debug.

[gemini-code-assist]

The error suppression with 2>/dev/null || true can hide real issues. The download_pingcap_oci_artifact.sh script uses set -eo pipefail and should exit with an error if it fails to download and extract the required binaries. Therefore, pd-server and tikv-server are expected to exist. If they don't, it indicates a problem that should cause the build to fail immediately. Please remove the error suppression to make the script more robust.

                                                mv pd-server tikv-server bin/

[gemini-code-assist]

The error suppression with 2>/dev/null || true can hide real issues. The download_pingcap_oci_artifact.sh script uses set -eo pipefail and should exit with an error if it fails to download and extract the required binaries. Therefore, pd-server, tikv-server, and cdc are expected to exist. If they don't, it indicates a problem that should cause the build to fail immediately. Please remove the error suppression to make the script more robust.

                                        mv pd-server tikv-server cdc third_bin/

[gemini-code-assist]

The error suppression with 2>/dev/null || true can hide real issues. The download_pingcap_oci_artifact.sh script uses set -eo pipefail and should exit with an error if it fails to download and extract the required binaries. Therefore, pd-server and tikv-server are expected to exist. If they don't, it indicates a problem that should cause the build to fail immediately. Please remove the error suppression to make the script more robust.

                                    mv pd-server tikv-server bin/