Release Platform #690
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release Platform | ||
on: | ||
release: | ||
types: | ||
- published | ||
workflow_dispatch: | ||
inputs: | ||
tag: | ||
description: "Version (i.e. v0.22.3-pre.2)" | ||
required: true | ||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.ref }} | ||
cancel-in-progress: true | ||
jobs: | ||
release-npm: | ||
name: Release NPM packages | ||
runs-on: [ "self-hosted", "linux", "x64", "ubuntu-platform" ] | ||
timeout-minutes: 15 | ||
if: github.event_name != 'workflow_dispatch' | ||
steps: | ||
- name: Check out repo | ||
uses: actions/checkout@v4 | ||
- name: Check package version matches tag | ||
uses: geritol/[email protected] | ||
env: | ||
TAG_PREFIX: v | ||
- name: Configure AWS credentials and bucket region | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
with: | ||
aws-region: ${{ vars.AWS_REGION }} | ||
- name: Retrieve JS build artifacts | ||
uses: everpcpc/actions-cache@v1 | ||
id: cache | ||
with: | ||
bucket: multi-runner-cache-x1xibo9c | ||
root: actions-cache | ||
path: build-js-artifacts-${{ github.sha }}.tar | ||
key: build-js-artifacts/${{ github.sha }} | ||
- name: Unpack JS build artifacts archive | ||
run: tar -xf build-js-artifacts-${{ github.sha }}.tar | ||
if: ${{ steps.cache.outputs.cache-hit == 'true' }} | ||
- name: Login to DockerHub | ||
uses: docker/login-action@v3 | ||
if: ${{ steps.cache.outputs.cache-hit != 'true' }} | ||
with: | ||
username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
- name: Setup Rust | ||
uses: ./.github/actions/rust | ||
with: | ||
target: wasm32-unknown-unknown | ||
if: ${{ steps.cache.outputs.cache-hit != 'true' }} | ||
- name: Setup Node.JS | ||
uses: ./.github/actions/nodejs | ||
- name: Build packages | ||
run: yarn build | ||
env: | ||
CARGO_BUILD_PROFILE: release | ||
RUSTC_WRAPPER: sccache | ||
SCCACHE_BUCKET: multi-runner-cache-x1xibo9c | ||
SCCACHE_REGION: ${{ vars.AWS_REGION }} | ||
SCCACHE_S3_KEY_PREFIX: ${{ runner.os }}/sccache/wasm/wasm32-unknown-unknown/ | ||
if: ${{ steps.cache.outputs.cache-hit != 'true' }} | ||
- name: Set suffix | ||
uses: actions/github-script@v6 | ||
id: suffix | ||
with: | ||
result-encoding: string | ||
script: | | ||
const fullTag = context.payload.release.tag_name; | ||
if (fullTag.includes('-')) { | ||
const [, fullSuffix] = fullTag.split('-'); | ||
const [suffix] = fullSuffix.split('.'); | ||
return suffix; | ||
} else { | ||
return ''; | ||
} | ||
- name: Set NPM release tag | ||
uses: actions/github-script@v6 | ||
id: tag | ||
with: | ||
result-encoding: string | ||
script: | | ||
const tag = context.payload.release.tag_name; | ||
const [, major, minor] = tag.match(/^v([0-9]+)\.([0-9]+)/); | ||
return (tag.includes('-') ? `${major}.${minor}-${{steps.suffix.outputs.result}}` : 'latest'); | ||
- name: Configure NPM auth token | ||
run: yarn config set npmAuthToken ${{ secrets.NPM_TOKEN }} | ||
- name: Publish NPM packages | ||
run: yarn workspaces foreach --all --no-private --parallel npm publish --access public --tag ${{ steps.tag.outputs.result }} | ||
- name: Ignore only already cached artifacts | ||
run: | | ||
find . -name '.gitignore' -exec rm -f {} + | ||
echo ".yarn" >> .gitignore | ||
echo "target" >> .gitignore | ||
echo "node_modules" >> .gitignore | ||
echo ".nyc_output" >> .gitignore | ||
echo ".idea" >> .gitignore | ||
echo ".ultra.cache.json" >> .gitignore | ||
echo "db/*" >> .gitignore | ||
if: ${{ steps.cache.outputs.cache-hit != 'true' }} | ||
- name: Get modified files | ||
id: diff | ||
run: git ls-files --others --exclude-standard >> artifacts_list.txt | ||
if: ${{ steps.cache.outputs.cache-hit != 'true' }} | ||
- name: Create an archive of built files | ||
run: xargs -a artifacts_list.txt tar cvf build-js-artifacts-${{ github.sha }}.tar | ||
if: ${{ steps.cache.outputs.cache-hit != 'true' }} | ||
release-drive-image: | ||
name: Release Drive ${{ matrix.platform }} image | ||
runs-on: ${{ matrix.runner }} | ||
timeout-minutes: 120 | ||
strategy: | ||
matrix: | ||
include: | ||
- runner: [ "self-hosted", "linux", "x64", "ubuntu-platform" ] | ||
platform: linux/amd64 | ||
- runner: [ "self-hosted", "linux", "x64", "ubuntu-platform" ] | ||
platform: linux/arm64 | ||
steps: | ||
- name: Check out repo | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
- name: Configure AWS credentials and bucket region | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
with: | ||
aws-region: ${{ vars.AWS_REGION }} | ||
- name: Login to DockerHub | ||
uses: docker/login-action@v3 | ||
with: | ||
username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
- name: Get image tag | ||
uses: actions/github-script@v6 | ||
id: tag | ||
with: | ||
result-encoding: string | ||
script: | | ||
return ( | ||
context.eventName === 'workflow_dispatch' | ||
? '${{ github.event.inputs.tag }}' | ||
: context.payload.release.tag_name | ||
); | ||
- name: Set up Docker BuildX | ||
id: buildx | ||
uses: docker/setup-buildx-action@v3 | ||
with: | ||
install: true | ||
driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=10485760 | ||
cleanup: false | ||
platforms: ${{ matrix.platform }} | ||
config-inline: | | ||
[worker.oci] | ||
gc = false | ||
- name: Load Docker mount cache | ||
uses: dcginfra/buildkit-cache-dance/inject@s5cmd | ||
with: | ||
bucket: multi-runner-cache-x1xibo9c | ||
mounts: | | ||
cargo_registry_index | ||
cargo_registry_cache | ||
cargo_git | ||
# TODO: must be the same for dashpay/ and ECR | ||
- name: Configure docker layer cache | ||
uses: ./.github/actions/s3-layer-cache-settings | ||
id: layer_cache_settings | ||
with: | ||
name: dashpay/drive | ||
head_ref: ${{ steps.tag.outputs.result }} | ||
bucket: multi-runner-cache-x1xibo9c | ||
- name: Docker meta | ||
id: docker_meta | ||
uses: docker/metadata-action@v5 | ||
with: | ||
images: dashpay/drive | ||
- name: Build and push by digest | ||
id: docker_build | ||
uses: docker/build-push-action@v5 | ||
with: | ||
context: . | ||
builder: ${{ steps.buildx.outputs.name }} | ||
target: drive-abci | ||
build-args: | | ||
CARGO_BUILD_PROFILE=release | ||
RUSTC_WRAPPER=sccache | ||
SCCACHE_BUCKET=multi-runner-cache-x1xibo9c | ||
SCCACHE_REGION=${{ vars.AWS_REGION }} | ||
SCCACHE_S3_KEY_PREFIX=${{ runner.os }}/sccache | ||
labels: ${{ steps.docker_meta.outputs.labels }} | ||
platforms: ${{ matrix.platform }} | ||
cache-from: ${{ steps.layer_cache_settings.outputs.cache_from }} | ||
cache-to: ${{ steps.layer_cache_settings.outputs.cache_to }} | ||
outputs: type=image,name=dashpay/drive,push-by-digest=true,name-canonical=true,push=true | ||
- name: Save Docker mount cache | ||
uses: dcginfra/buildkit-cache-dance/extract@s5cmd | ||
with: | ||
bucket: multi-runner-cache-x1xibo9c | ||
mounts: | | ||
cargo_registry_index | ||
cargo_registry_cache | ||
cargo_git | ||
- name: Export digest | ||
run: | | ||
mkdir -p /tmp/digests | ||
digest="${{ steps.docker_build.outputs.digest }}" | ||
touch "/tmp/digests/${digest#sha256:}" | ||
- name: Upload digest | ||
uses: actions/upload-artifact@v3 | ||
with: | ||
name: digests | ||
path: /tmp/digests/* | ||
if-no-files-found: error | ||
retention-days: 1 | ||
release-drive-images-manifest: | ||
name: Release Drive images manifest | ||
needs: release-drive-docker-image | ||
Check failure on line 248 in .github/workflows/release.yml GitHub Actions / Release PlatformInvalid workflow file
Check failure on line 248 in .github/workflows/release.yml GitHub Actions / Release PlatformInvalid workflow file
|
||
runs-on: ubuntu-22.04 | ||
steps: | ||
- name: Download digests | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: digests | ||
path: /tmp/digests | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
- name: Set suffix | ||
uses: actions/github-script@v6 | ||
id: suffix | ||
with: | ||
result-encoding: string | ||
script: | | ||
const fullTag = '${{inputs.image_tag}}'; | ||
if (fullTag.includes('-')) { | ||
const [, fullSuffix] = fullTag.split('-'); | ||
const [suffix] = fullSuffix.split('.'); | ||
return `-${suffix}`; | ||
} else { | ||
return ''; | ||
} | ||
- name: Set Docker tags and labels from image tag | ||
id: docker_meta | ||
uses: docker/metadata-action@v5 | ||
with: | ||
images: dashpay/drive | ||
tags: | | ||
type=match,pattern=v(\d+),group=1,value=${{inputs.image_tag}} | ||
type=match,pattern=v(\d+.\d+),group=1,value=${{inputs.image_tag}} | ||
type=match,pattern=v(\d+.\d+.\d+),group=1,value=${{inputs.image_tag}} | ||
type=match,pattern=v(.*),group=1,value=${{inputs.image_tag}},suffix= | ||
flavor: | | ||
suffix=${{ steps.suffix.outputs.result }},onlatest=true | ||
latest=${{ github.event_name == 'release' }} | ||
- name: Login to Docker Hub | ||
uses: docker/login-action@v3 | ||
with: | ||
username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
- name: Create manifest list and push | ||
working-directory: /tmp/digests | ||
run: | | ||
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | ||
$(printf 'dashpay/drive@sha256:%s ' *) | ||
- name: Inspect image | ||
run: | | ||
docker buildx imagetools inspect dashpay/drive:${{ steps.docker_meta.outputs.version }} | ||
release-dapi-docker-image: | ||
name: Release DAPI to Docker Hub | ||
runs-on: [ "self-hosted", "linux", "x64", "ubuntu-platform" ] | ||
timeout-minutes: 120 | ||
steps: | ||
- name: Check out repo | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
- name: Get image tag | ||
uses: actions/github-script@v6 | ||
id: tag | ||
with: | ||
result-encoding: string | ||
script: | | ||
return ( | ||
context.eventName === 'workflow_dispatch' | ||
? '${{ github.event.inputs.tag }}' | ||
: context.payload.release.tag_name | ||
); | ||
- name: Configure AWS credentials and bucket region | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
with: | ||
aws-region: ${{ vars.AWS_REGION }} | ||
- name: Build Docker image | ||
uses: ./.github/actions/docker | ||
with: | ||
image: dashpay/dapi | ||
image_tag: ${{steps.tag.outputs.result}} | ||
target: dapi | ||
cargo_profile: release | ||
push: true | ||
dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN }} | ||
platforms: amd64,arm64 | ||
region: ${{ vars.AWS_REGION }} | ||
cache_mounts: | | ||
cargo_registry_index | ||
cargo_registry_cache | ||
cargo_git | ||
release-test-suite-docker-image: | ||
name: Release Test Suite to Docker Hub | ||
runs-on: [ "self-hosted", "linux", "x64", "ubuntu-platform" ] | ||
timeout-minutes: 120 | ||
steps: | ||
- name: Check out repo | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
- name: Get image tag | ||
uses: actions/github-script@v6 | ||
id: tag | ||
with: | ||
result-encoding: string | ||
script: | | ||
return ( | ||
context.eventName === 'workflow_dispatch' | ||
? '${{ github.event.inputs.tag }}' | ||
: context.payload.release.tag_name | ||
); | ||
- name: Configure AWS credentials and bucket region | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
with: | ||
aws-region: ${{ vars.AWS_REGION }} | ||
- name: Build Docker image | ||
uses: ./.github/actions/docker | ||
with: | ||
image: dashpay/platform-test-suite | ||
image_tag: ${{steps.tag.outputs.result}} | ||
target: test-suite | ||
cargo_profile: release | ||
push: true | ||
dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN }} | ||
platforms: amd64,arm64 | ||
region: ${{ vars.AWS_REGION }} | ||
cache_mounts: | | ||
cargo_registry_index | ||
cargo_registry_cache | ||
cargo_git | ||
release-dashmate-helper-docker-image: | ||
name: Release Dashmate helper to Docker Hub | ||
runs-on: [ "self-hosted", "linux", "x64", "ubuntu-platform" ] | ||
timeout-minutes: 120 | ||
steps: | ||
- name: Check out repo | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
- name: Get image tag | ||
uses: actions/github-script@v6 | ||
id: tag | ||
with: | ||
result-encoding: string | ||
script: | | ||
return ( | ||
context.eventName === 'workflow_dispatch' | ||
? '${{ github.event.inputs.tag }}' | ||
: context.payload.release.tag_name | ||
); | ||
- name: Configure AWS credentials and bucket region | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
with: | ||
aws-region: ${{ vars.AWS_REGION }} | ||
- name: Build Docker image | ||
uses: ./.github/actions/docker | ||
with: | ||
image: dashpay/dashmate-helper | ||
image_tag: ${{steps.tag.outputs.result}} | ||
target: dashmate-helper | ||
cargo_profile: release | ||
push: true | ||
dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN }} | ||
platforms: amd64,arm64 | ||
region: ${{ vars.AWS_REGION }} | ||
cache_mounts: | | ||
cargo_registry_index | ||
cargo_registry_cache | ||
cargo_git | ||
release-dashmate-packages: | ||
name: Release Dashmate packages | ||
runs-on: ${{ matrix.os }} | ||
needs: release-npm | ||
permissions: | ||
id-token: write # s3 cache | ||
contents: write # update release artifacts | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
include: | ||
- package_type: tarballs | ||
os: ubuntu-22.04 | ||
- package_type: win | ||
os: ubuntu-22.04 | ||
- package_type: deb | ||
os: ubuntu-22.04 | ||
- package_type: macos | ||
os: macos-12 | ||
steps: | ||
- name: Check out repo | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
- name: Configure AWS credentials and bucket region | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
with: | ||
aws-region: ${{ vars.AWS_REGION }} | ||
role-to-assume: ${{ vars.AWS_ROLE_TO_ASSUME }} | ||
- name: Retrieve JS build artifacts | ||
uses: everpcpc/actions-cache@v1 | ||
with: | ||
bucket: multi-runner-cache-x1xibo9c | ||
root: actions-cache | ||
path: build-js-artifacts-${{ github.sha }}.tar | ||
key: build-js-artifacts/${{ github.sha }} # We use hardcoded runner.os here for purpose | ||
- name: Unpack JS build artifacts archive | ||
run: tar -xf build-js-artifacts-${{ github.sha }}.tar | ||
- name: Install macOS build deps | ||
if: runner.os == 'macOS' | ||
run: | | ||
brew install llvm docker colima coreutils | ||
colima start | ||
echo "/usr/local/opt/llvm/bin" >> $GITHUB_PATH | ||
- name: Install the Apple certificate | ||
if: runner.os == 'macOS' | ||
env: | ||
BUILD_CERTIFICATE_BASE64: ${{ secrets.MACOS_BUILD_CERTIFICATE_BASE64 }} | ||
P12_PASSWORD: ${{ secrets.MACOS_P12_PASSWORD }} | ||
KEYCHAIN_PASSWORD: ${{ secrets.MACOS_KEYCHAIN_PASSWORD }} | ||
run: | | ||
# create variables | ||
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | ||
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | ||
# import certificate and provisioning profile from secrets | ||
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH | ||
# create temporary keychain | ||
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | ||
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | ||
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | ||
# import certificate to keychain | ||
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | ||
security list-keychain -d user -s $KEYCHAIN_PATH | ||
- name: Install Linux build deps | ||
if: runner.os == 'Linux' | ||
run: sudo apt-get install -y nsis | ||
- name: Setup Node.JS | ||
uses: ./.github/actions/nodejs | ||
- name: Create package | ||
env: | ||
OSX_KEYCHAIN: $RUNNER_TEMP/app-signing.keychain-db | ||
run: "${GITHUB_WORKSPACE}/scripts/pack_dashmate.sh ${{ matrix.package_type }}" | ||
- name: Upload artifacts to action summary | ||
uses: actions/upload-artifact@v3 | ||
if: github.event_name != 'release' | ||
with: | ||
name: dashmate | ||
path: packages/dashmate/dist/** | ||
- name: Notarize MacOS Release Build | ||
if: runner.os == 'macOS' | ||
run: | | ||
find packages/dashmate/dist/ -name '*.pkg' -exec sh -c 'xcrun notarytool submit "{}" --apple-id "${{ secrets.MACOS_APPLE_ID }}" --team-id "${{ secrets.MACOS_TEAM_ID }}" --password "${{ secrets.MACOS_NOTARIZING_PASSWORD }}" --wait;' \; | ||
- name: Upload artifacts to release | ||
uses: softprops/[email protected] | ||
if: github.event_name == 'release' | ||
with: | ||
files: packages/dashmate/dist/** |