MDEV-39258 Make THIRD_PARTY_DOWNLOAD_LOCATION settable

[vaintroub]

This allows to pre-download HeidiSQL on CI, rsp avoid multiple repeated downloads on every build, or avoid problems
in case HeidiSQL download is slow (like it currently is, see MDBF-1197)

Also, on request of Razvan, increase HeidiSQL download timeout.

[Copilot]

Pull request overview

This PR updates the Windows packaging CMake flow to make the third-party download directory configurable (so CI can reuse cached artifacts) and increases the HeidiSQL download timeout to reduce build flakiness when upstream downloads are slow.

Changes:

• Make THIRD_PARTY_DOWNLOAD_LOCATION configurable via the CMake cache (instead of always overriding it with $ENV{TEMP}).
• Increase HeidiSQL download timeout from 60s to 300s.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File	Description
win/packaging/CMakeLists.txt	Exposes THIRD_PARTY_DOWNLOAD_LOCATION as a cache variable so CI/users can set a persistent download/cache directory.
win/packaging/heidisql.cmake	Raises the HeidiSQL FILE(DOWNLOAD ...) timeout to tolerate slow upstream downloads.

Comments suppressed due to low confidence (1)

win/packaging/CMakeLists.txt:145

• THIRD_PARTY_DOWNLOAD_LOCATION is a directory path, but it’s declared as CACHE STRING. Using CACHE PATH is more appropriate (better UX in CMake GUIs). Also, when $ENV{TEMP} is empty, the cache entry becomes empty even though you later fall back to ${CMAKE_BINARY_DIR} for the non-cache variable; consider initializing the cache default to the fallback value to avoid persisting an empty cache entry.

IF(WITH_THIRD_PARTY)
  SET(THIRD_PARTY_DOWNLOAD_LOCATION "$ENV{TEMP}" CACHE STRING "Download location for third party")
  IF(THIRD_PARTY_DOWNLOAD_LOCATION)
    FILE(TO_CMAKE_PATH "${THIRD_PARTY_DOWNLOAD_LOCATION}" THIRD_PARTY_DOWNLOAD_LOCATION)
  ELSE()
    SET(THIRD_PARTY_DOWNLOAD_LOCATION "${CMAKE_BINARY_DIR}")
  ENDIF()

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

FILE(DOWNLOAD ...) arguments are unquoted. Since THIRD_PARTY_DOWNLOAD_LOCATION is now user-settable, it may contain spaces/semicolons and break argument parsing (e.g., producing multiple args / wrong path). Quote the URL and destination path (and related path usages in this block) to make the download/extract robust on Windows paths with spaces.

[Copilot]

The download step ignores FILE(DOWNLOAD ...) result/status, so a network failure can fall through to the extract step and produce a confusing tar error (or extract a partial file). Capture the download status/log and message(FATAL_ERROR ...) on failure so CI fails with a clear cause.

Suggested change

	FILE(DOWNLOAD ${HEIDISQL_URL} ${HEIDISQL_DOWNLOAD_DIR}/${HEIDISQL_ZIP} TIMEOUT 300)
	FILE(DOWNLOAD ${HEIDISQL_URL} ${HEIDISQL_DOWNLOAD_DIR}/${HEIDISQL_ZIP}
	TIMEOUT 300
	STATUS HEIDISQL_DOWNLOAD_STATUS
	LOG HEIDISQL_DOWNLOAD_LOG
	)
	LIST(GET HEIDISQL_DOWNLOAD_STATUS 0 HEIDISQL_DOWNLOAD_STATUS_CODE)
	LIST(GET HEIDISQL_DOWNLOAD_STATUS 1 HEIDISQL_DOWNLOAD_STATUS_MESSAGE)
	IF(NOT HEIDISQL_DOWNLOAD_STATUS_CODE EQUAL 0)
	MESSAGE(FATAL_ERROR
	"Failed to download ${HEIDISQL_URL} to ${HEIDISQL_DOWNLOAD_DIR}/${HEIDISQL_ZIP}: "
	"${HEIDISQL_DOWNLOAD_STATUS_MESSAGE}\n${HEIDISQL_DOWNLOAD_LOG}"
	)
	ENDIF()

[Copilot]

This downloads a third-party ZIP from the public internet without any integrity verification. Since the downloaded content is packaged into the MSI, this is a supply-chain risk if the download is tampered with or the upstream is compromised. Consider pinning an EXPECTED_HASH (or equivalent signature/checksum verification) and failing the build if it doesn’t match.

[Copilot]

The IF(NOT EXISTS .../${HEIDISQL_ZIP}) guard skips both download and extraction when the ZIP already exists. That means a CI “pre-download” that only places the ZIP in the cache won’t trigger extraction, and packaging will later fail because ${HEIDISQL_DOWNLOAD_DIR}\\heidisql.exe (and other files) aren’t present. Consider separating the conditions: download only if the ZIP is missing, but extract if the extracted payload (e.g., heidisql.exe) is missing.

[RazvanLiviuVarzaru]

❤️