From 668a114ecb7b4d7c0c3f65effb8c41e36cb7fcee Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Thu, 12 Sep 2024 15:04:41 +0200 Subject: [PATCH 01/58] add build release binary pipeline --- .../scripts/release/build-linux-release.sh | 33 +++++ .github/workflows/release-build-binary.yml | 115 ++++++++++++++++++ 2 files changed, 148 insertions(+) create mode 100755 .github/scripts/release/build-linux-release.sh create mode 100644 .github/workflows/release-build-binary.yml diff --git a/.github/scripts/release/build-linux-release.sh b/.github/scripts/release/build-linux-release.sh new file mode 100755 index 0000000000000..fb201369ac1be --- /dev/null +++ b/.github/scripts/release/build-linux-release.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash + +# This is used to build our binaries: +# - polkadot +# - polkadot-parachain + +BIN=$1 +PACKAGE=${2:-$BIN} + +PROFILE=${PROFILE:-production} +RUST_TOOLCHAIN=stable +ARTIFACTS=/artifacts/$BIN + +echo "Artifacts will be copied into $ARTIFACTS" +mkdir -p "$ARTIFACTS" + +git log --pretty=oneline -n 1 +time cargo build --profile $PROFILE --locked --verbose --package $PACKAGE --bin $BIN + +echo "Artifact target: $ARTIFACTS" + +cp ./target/$PROFILE/$BIN "$ARTIFACTS" +pushd "$ARTIFACTS" > /dev/nul +sha256sum "$BIN" | tee "$BIN.sha256" + +EXTRATAG="$($ARTIFACTS/$BIN --version | + sed -n -r 's/^'$BIN' ([0-9.]+.*-[0-9a-f]{7,13})-.*$/\1/p')" + +EXTRATAG="${VERSION}-${EXTRATAG}-$(cut -c 1-8 $ARTIFACTS/$BIN.sha256)" + +echo "$BIN version = ${VERSION} (EXTRATAG = ${EXTRATAG})" +echo -n ${VERSION} > "$ARTIFACTS/VERSION" +echo -n ${EXTRATAG} > "$ARTIFACTS/EXTRATAG" diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml new file mode 100644 index 0000000000000..dd592b25c7b18 --- /dev/null +++ b/.github/workflows/release-build-binary.yml @@ -0,0 +1,115 @@ +name: Release - Build Binary + +on: + workflow_dispatch: + inputs: + binary: + description: Binary to be build for the release + required: true + default: polkadot + type: choice + options: + - polkadot + - polkadot-parachain + - all + + release_tag: + description: Tag matching the actual release candidate with the format vX.XX.X-rcX or stableYYMM + required: true + type: string + +env: + PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }} + PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} + +jobs: + # TODO: Activate this job when the pipeline is moved to the fork in the `paritytech-release` org + # check-workflow-can-run: + # uses: paritytech-release/sync-workflows/.github/workflows/check-syncronization.yml@latest + + set-image: + # GitHub Actions allows using 'env' in a container context. + # However, env variables don't work for forks: https://github.com/orgs/community/discussions/44322 + # This workaround sets the container image for each job using 'set-image' job output. + runs-on: ubuntu-latest + outputs: + IMAGE: ${{ steps.set_image.outputs.IMAGE }} + steps: + - name: Checkout + uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 + + - id: set_image + run: cat .github/env >> $GITHUB_OUTPUT + + build-polkadot-binary: + # needs: [check-workflow-can-run] + needs: [set-image] + if: ${{ inputs.binary == 'polkadot' || inputs.binary == 'all' }} + runs-on: ubuntu-latest + environment: release + container: + image: ${{ needs.set-image.outputs.IMAGE }} + strategy: + matrix: + binaries: [polkadot, polkadot-prepare-worker, polkadot-execute-worker] + + steps: + - name: Install pgpkkms + run: | + # Install pgpkms that is used to sign build artifacts + python3 -m pip install "pgpkms @ git+https://github.com/paritytech-release/pgpkms.git@5a8f82fbb607ea102d8c178e761659de54c7af69" + which pgpkms + + - name: Checkout sources + uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 + with: + ref: ${{ inputs.release_tag }} + + - name: Import gpg keys + run: | + . ./.github/scripts/common/lib.sh + + import_gpg_keys + + - name: Build binary + run: | + ARTIFACTS=/artifacts/${{ matrix.binaries }} + echo "Artifacts will be copied into $ARTIFACTS" + mkdir -p "$ARTIFACTS" + cd $ARTIFACTS + echo "Test" >> ${{ matrix.binaries }}.txt + # ./.github/scripts/release/build-linux-release.sh ${{ matrix.binaries }} ${{ inputs.binary }} + + - name: Sign artifacts + working-directory: /artifacts/${{ matrix.binaries }} + run: | + python3 -m pgpgkms sign --inputs ${{ matrix.binaries }}.txt -o ${{ matrix.binaries }}.asc + ls -la + + # - name: Build deb package + # - name: Upload artifacts to github + # - name: Upload artifacts to s3 + + # build-polkadot-parachain-binary: + # # needs: [check-workflow-can-run] + # if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'all' }} + # runs-on: ubuntu-latest + # environment: release + + # steps: + # - name: Checkout sources + # uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 + # with: + # ref: ${{ inputs.release_tag }} + + # - name: Build binary + # run: | + # ./.github/scripts/release/build-linux-release.sh ${{ inputs.binary }} ${{ inputs.binary }}-bin + + # - name: Sign artifacts + # - name: Build deb package + # - name: Upload artifacts to github + # - name: Upload artifacts to s3 From b9621b1b563158431bca93c223b9e0ad412bbea3 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Thu, 12 Sep 2024 15:47:51 +0200 Subject: [PATCH 02/58] test checkout --- .github/workflows/release-build-binary.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index dd592b25c7b18..1b26d0af86381 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -67,6 +67,7 @@ jobs: uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 with: ref: ${{ inputs.release_tag }} + fetch-depth: 0 - name: Import gpg keys run: | From ea371fab7786fc87dae82efcf73015159f2c63a8 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Thu, 12 Sep 2024 16:19:42 +0200 Subject: [PATCH 03/58] set bash as a shell for import gpg --- .github/workflows/release-build-binary.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index 1b26d0af86381..5089bfa8c3bc9 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -70,6 +70,7 @@ jobs: fetch-depth: 0 - name: Import gpg keys + shell: bash run: | . ./.github/scripts/common/lib.sh From 5c216b2cbcb91e65ef31bedb51529cb9ae046a77 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Thu, 12 Sep 2024 16:36:11 +0200 Subject: [PATCH 04/58] use pgpkms directly --- .github/workflows/release-build-binary.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index 5089bfa8c3bc9..262ab242aa414 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -88,7 +88,7 @@ jobs: - name: Sign artifacts working-directory: /artifacts/${{ matrix.binaries }} run: | - python3 -m pgpgkms sign --inputs ${{ matrix.binaries }}.txt -o ${{ matrix.binaries }}.asc + pgpgkms sign --inputs ${{ matrix.binaries }}.txt -o ${{ matrix.binaries }}.asc ls -la # - name: Build deb package From b7b56c6082f19ee38a82fee4571d420e7fd45fd4 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Thu, 12 Sep 2024 17:08:33 +0200 Subject: [PATCH 05/58] debug signing --- .github/workflows/release-build-binary.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index 262ab242aa414..4b5b3aeda460e 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -88,6 +88,7 @@ jobs: - name: Sign artifacts working-directory: /artifacts/${{ matrix.binaries }} run: | + which pgpgkms pgpgkms sign --inputs ${{ matrix.binaries }}.txt -o ${{ matrix.binaries }}.asc ls -la From b05fc6f180b275c70134386ae81dd5b1197b325c Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Thu, 12 Sep 2024 18:20:02 +0200 Subject: [PATCH 06/58] test signing --- .github/workflows/release-build-binary.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index 4b5b3aeda460e..a8e17e63e3a6a 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -62,6 +62,7 @@ jobs: # Install pgpkms that is used to sign build artifacts python3 -m pip install "pgpkms @ git+https://github.com/paritytech-release/pgpkms.git@5a8f82fbb607ea102d8c178e761659de54c7af69" which pgpkms + export PATH="$(which pgpkms):$PATH" - name: Checkout sources uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 From 20b5dbfa578e6930a6b5bbb451b20562a69929f8 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Thu, 12 Sep 2024 18:29:02 +0200 Subject: [PATCH 07/58] fix typos --- .github/workflows/release-build-binary.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index a8e17e63e3a6a..64efbadf02e59 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -62,7 +62,6 @@ jobs: # Install pgpkms that is used to sign build artifacts python3 -m pip install "pgpkms @ git+https://github.com/paritytech-release/pgpkms.git@5a8f82fbb607ea102d8c178e761659de54c7af69" which pgpkms - export PATH="$(which pgpkms):$PATH" - name: Checkout sources uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 @@ -89,8 +88,8 @@ jobs: - name: Sign artifacts working-directory: /artifacts/${{ matrix.binaries }} run: | - which pgpgkms - pgpgkms sign --inputs ${{ matrix.binaries }}.txt -o ${{ matrix.binaries }}.asc + which pgpkms + python3 -m pgpkms sign --inputs ${{ matrix.binaries }}.txt -o ${{ matrix.binaries }}.asc ls -la # - name: Build deb package From 73874df47cf0bdd7e9ec0247f1803a6bcfd2d95c Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Fri, 13 Sep 2024 09:38:52 +0200 Subject: [PATCH 08/58] fix typo --- .github/workflows/release-build-binary.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index 64efbadf02e59..175e248d81894 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -89,7 +89,7 @@ jobs: working-directory: /artifacts/${{ matrix.binaries }} run: | which pgpkms - python3 -m pgpkms sign --inputs ${{ matrix.binaries }}.txt -o ${{ matrix.binaries }}.asc + python3 -m pgpkms sign --input ${{ matrix.binaries }}.txt -o ${{ matrix.binaries }}.asc ls -la # - name: Build deb package From 41b2b378de8042d640739e6ae679dccb339a0bbb Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Fri, 13 Sep 2024 10:04:08 +0200 Subject: [PATCH 09/58] add upload artifacts --- .github/workflows/release-build-binary.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index 175e248d81894..0af39c55dfbcf 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -92,6 +92,12 @@ jobs: python3 -m pgpkms sign --input ${{ matrix.binaries }}.txt -o ${{ matrix.binaries }}.asc ls -la + - name: Upload ${{ matrix.binaries }} artifacts + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + with: + name: ${{ matrix.binaries }} + path: /artifacts/${{ matrix.binaries }} + # - name: Build deb package # - name: Upload artifacts to github # - name: Upload artifacts to s3 From 6c81ed71444ae76be4d77fa10294fca43268266c Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Fri, 13 Sep 2024 12:54:49 +0200 Subject: [PATCH 10/58] test binary build --- .github/workflows/release-build-binary.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index 0af39c55dfbcf..9566a703c6d0a 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -78,12 +78,12 @@ jobs: - name: Build binary run: | - ARTIFACTS=/artifacts/${{ matrix.binaries }} - echo "Artifacts will be copied into $ARTIFACTS" - mkdir -p "$ARTIFACTS" - cd $ARTIFACTS - echo "Test" >> ${{ matrix.binaries }}.txt - # ./.github/scripts/release/build-linux-release.sh ${{ matrix.binaries }} ${{ inputs.binary }} + # ARTIFACTS=/artifacts/${{ matrix.binaries }} + # echo "Artifacts will be copied into $ARTIFACTS" + # mkdir -p "$ARTIFACTS" + # cd $ARTIFACTS + # echo "Test" >> ${{ matrix.binaries }}.txt + ./.github/scripts/release/build-linux-release.sh ${{ matrix.binaries }} ${{ inputs.binary }} - name: Sign artifacts working-directory: /artifacts/${{ matrix.binaries }} From af20353c2719cf62378b46fafdfb226c5badedda Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Fri, 13 Sep 2024 14:00:32 +0200 Subject: [PATCH 11/58] fix signature --- .github/workflows/release-build-binary.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index 9566a703c6d0a..fea0450933489 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -89,7 +89,7 @@ jobs: working-directory: /artifacts/${{ matrix.binaries }} run: | which pgpkms - python3 -m pgpkms sign --input ${{ matrix.binaries }}.txt -o ${{ matrix.binaries }}.asc + python3 -m pgpkms sign --input ${{ matrix.binaries }} -o ${{ matrix.binaries }}.asc ls -la - name: Upload ${{ matrix.binaries }} artifacts From b80d242d4321b4780a84b200dd32d5c1d2044ea9 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Mon, 16 Sep 2024 15:30:09 +0200 Subject: [PATCH 12/58] add steps to build polkadot-parachain and upload to s3 --- .github/scripts/release/build-deb.sh | 14 ++ .../scripts/release/build-linux-release.sh | 1 + .github/scripts/release/release_lib.sh | 21 +++ .github/workflows/release-build-binary.yml | 166 ++++++++++++++---- 4 files changed, 169 insertions(+), 33 deletions(-) create mode 100755 .github/scripts/release/build-deb.sh diff --git a/.github/scripts/release/build-deb.sh b/.github/scripts/release/build-deb.sh new file mode 100755 index 0000000000000..705e8807749eb --- /dev/null +++ b/.github/scripts/release/build-deb.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +PRODUCT=$1 +PROFILE=${PROFILE:-production} + +cargo install cargo-deb +echo "Using cargo-deb v$(cargo-deb --version)" +echo "Building a Debian package for '$PRODUCT' in '$PROFILE' profile" + +cargo deb --profile $PROFILE --no-strip --no-build -p $PRODUCT + +deb=target/debian/$PRODUCT_*_amd64.deb + +cp $deb /artifacts/$PRODUCT/ diff --git a/.github/scripts/release/build-linux-release.sh b/.github/scripts/release/build-linux-release.sh index fb201369ac1be..5834e0010ec59 100755 --- a/.github/scripts/release/build-linux-release.sh +++ b/.github/scripts/release/build-linux-release.sh @@ -10,6 +10,7 @@ PACKAGE=${2:-$BIN} PROFILE=${PROFILE:-production} RUST_TOOLCHAIN=stable ARTIFACTS=/artifacts/$BIN +VERSION=$(git tag -l --contains HEAD | grep -E "^v.*") echo "Artifacts will be copied into $ARTIFACTS" mkdir -p "$ARTIFACTS" diff --git a/.github/scripts/release/release_lib.sh b/.github/scripts/release/release_lib.sh index 81a3c14edec84..3a8aed32a756e 100644 --- a/.github/scripts/release/release_lib.sh +++ b/.github/scripts/release/release_lib.sh @@ -116,3 +116,24 @@ set_polkadot_parachain_binary_version() { commit_with_message "$MESSAGE" git_show_log "$MESSAGE" } + + +upload_s3_release() { + alias aws='podman run --rm -it docker.io/paritytech/awscli -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_BUCKET aws' + + product=$1 + version=$2 + + echo "Working on product: $product " + echo "Working on version: $version " + + echo "Current content, should be empty on new uploads:" + aws s3 ls "s3://releases.parity.io/$product/${version}/" --recursive --human-readable --summarize || true + echo "Content to be uploaded:" + artifacts="artifacts/$product/" + ls "$artifacts" + aws s3 sync --acl public-read "$artifacts" "s3://releases.parity.io/$product/${version}/" + echo "Uploaded files:" + aws s3 ls "s3://releases.parity.io/$product/${version}/" --recursive --human-readable --summarize + echo "✅ The release should be at https://releases.parity.io/$product/${version}" +} diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index fea0450933489..ba19b5698c1b1 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -49,7 +49,6 @@ jobs: needs: [set-image] if: ${{ inputs.binary == 'polkadot' || inputs.binary == 'all' }} runs-on: ubuntu-latest - environment: release container: image: ${{ needs.set-image.outputs.IMAGE }} strategy: @@ -78,47 +77,148 @@ jobs: - name: Build binary run: | - # ARTIFACTS=/artifacts/${{ matrix.binaries }} - # echo "Artifacts will be copied into $ARTIFACTS" - # mkdir -p "$ARTIFACTS" - # cd $ARTIFACTS - # echo "Test" >> ${{ matrix.binaries }}.txt - ./.github/scripts/release/build-linux-release.sh ${{ matrix.binaries }} ${{ inputs.binary }} + ARTIFACTS=/artifacts/${{ matrix.binaries }} + echo "Artifacts will be copied into $ARTIFACTS" + mkdir -p "$ARTIFACTS" + cd $ARTIFACTS + echo "Test" >> ${{ matrix.binaries }}.txt + sha256sum "${{ matrix.binaries }}".txt | tee "${{ matrix.binaries }}.sha256" + + # ./.github/scripts/release/build-linux-release.sh ${{ matrix.binaries }} ${{ inputs.binary }} - name: Sign artifacts working-directory: /artifacts/${{ matrix.binaries }} run: | - which pgpkms - python3 -m pgpkms sign --input ${{ matrix.binaries }} -o ${{ matrix.binaries }}.asc + # python3 -m pgpkms sign --input ${{ matrix.binaries }} -o ${{ matrix.binaries }}.asc + + python3 -m pgpkms sign --input ${{ matrix.binaries }}.txt -o ${{ matrix.binaries }}.asc ls -la + - name: Check sha256 ${{ matrix.binaries }} + working-directory: /artifacts/${{ matrix.binaries }} + run: | + . ${{ github.workspace }}/.github/scripts/common/lib.sh + + echo "Checking binary ${{ matrix.binaries }}" + # check_sha256 ${{ matrix.binaries }} && echo "OK" || echo "ERR" + check_sha256 ${{ matrix.binaries }} && echo "OK" || echo "ERR" + + # - name: Check GPG ${{ matrix.binaries }} + # working-directory: /artifacts/${{ matrix.binaries }} + # run: | + # . ${{ github.workspace }}/.github/scripts/common/lib.sh + + # check_gpg ${{ matrix.binaries }} + + # - name: Build polkadot deb package + # if: ${{ matrix.binaries == 'polkadot' }} + # run: | + # . ${{ github.workspace }}/.github/scripts/release/build-deb.sh ${{ matrix.binaries }} + + - name: Upload ${{ matrix.binaries }} artifacts uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: ${{ matrix.binaries }} path: /artifacts/${{ matrix.binaries }} - # - name: Build deb package - # - name: Upload artifacts to github - # - name: Upload artifacts to s3 - - # build-polkadot-parachain-binary: - # # needs: [check-workflow-can-run] - # if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'all' }} - # runs-on: ubuntu-latest - # environment: release - - # steps: - # - name: Checkout sources - # uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 - # with: - # ref: ${{ inputs.release_tag }} - - # - name: Build binary - # run: | - # ./.github/scripts/release/build-linux-release.sh ${{ inputs.binary }} ${{ inputs.binary }}-bin - - # - name: Sign artifacts - # - name: Build deb package - # - name: Upload artifacts to github - # - name: Upload artifacts to s3 + build-polkadot-parachain-binary: + # needs: [check-workflow-can-run] + needs: [set-image] + # if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'all' }} + runs-on: ubuntu-latest + container: + image: ${{ needs.set-image.outputs.IMAGE }} + + steps: + - name: Install pgpkkms + run: | + # Install pgpkms that is used to sign build artifacts + python3 -m pip install "pgpkms @ git+https://github.com/paritytech-release/pgpkms.git@5a8f82fbb607ea102d8c178e761659de54c7af69" + which pgpkms + + - name: Checkout sources + uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 + with: + ref: ${{ inputs.release_tag }} + fetch-depth: 0 + + - name: Import gpg keys + shell: bash + run: | + . ./.github/scripts/common/lib.sh + + import_gpg_keys + + - name: Build polkadot-parachain binary + run: | + ARTIFACTS=/artifacts/polkadot-parachain + echo "Artifacts will be copied into $ARTIFACTS" + mkdir -p "$ARTIFACTS" + cd $ARTIFACTS + echo "Test" >> polkadot-parachain.txt + sha256sum "polkadot-parachain".txt | tee "polkadot-parachain.sha256" + + # ./.github/scripts/release/build-linux-release.sh polkadot-parachain ${{ inputs.binary }} + + - name: Sign artifacts + working-directory: /artifacts/polkadot-parachain + run: | + # python3 -m pgpkms sign --input polkadot-parachain -o polkadot-parachain.asc + + python3 -m pgpkms sign --input polkadot-parachain.txt -o polkadot-parachain.asc + ls -la + + - name: Check sha256 polkadot-parachain + working-directory: /artifacts/polkadot-parachain + run: | + . ${{ github.workspace }}/.github/scripts/common/lib.sh + + echo "Checking binary $polkadot-parachain" + # check_sha256 polkadot-parachain && echo "OK" || echo "ERR" + check_sha256 polkadot-parachain && echo "OK" || echo "ERR" + + # - name: Check GPG ${{ matrix.binaries }} + # working-directory: /artifacts/${{ matrix.binaries }} + # run: | + # . ${{ github.workspace }}/.github/scripts/common/lib.sh + + # check_gpg ${{ matrix.binaries }} + + - name: Upload polkadot-parachain artifacts + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + with: + name: polkadot-parachain + path: /artifacts/polkadot-parachain + + upload-artifacts-to-s3: + needs: [build-polkadot-binary] + runs-on: ubuntu-latest + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} + AWS_REGION: ${{ github.env.AWS_DEFAULT_REGION }} + strategy: + matrix: + binaries: [polkadot, polkadot-prepare-worker, polkadot-execute-worker, polkadot-parachain] + + steps: + - name: Checkout + uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 + + - name: Download artifacts + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + with: + aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ env.AWS_REGION }} + + - name: Upload ${{ matrix.binaries }} artifacts to s3 + run: | + . ./.github/scripts/release/lib.sh + upload_s3_release ${{ matrix.binaries }} ${{ inputs.release_tag }} + +# - name: Upload artifacts to github release From 19afe85314fd706ad71e591e6cfd7a45b813c65e Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Mon, 16 Sep 2024 15:46:43 +0200 Subject: [PATCH 13/58] change github.workspace to "${GITHUB_WORKSPACE}" due to the bug in git --- .github/workflows/release-build-binary.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index ba19b5698c1b1..e61306244ce46 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -97,7 +97,7 @@ jobs: - name: Check sha256 ${{ matrix.binaries }} working-directory: /artifacts/${{ matrix.binaries }} run: | - . ${{ github.workspace }}/.github/scripts/common/lib.sh + . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh echo "Checking binary ${{ matrix.binaries }}" # check_sha256 ${{ matrix.binaries }} && echo "OK" || echo "ERR" @@ -106,14 +106,14 @@ jobs: # - name: Check GPG ${{ matrix.binaries }} # working-directory: /artifacts/${{ matrix.binaries }} # run: | - # . ${{ github.workspace }}/.github/scripts/common/lib.sh + # . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh # check_gpg ${{ matrix.binaries }} # - name: Build polkadot deb package # if: ${{ matrix.binaries == 'polkadot' }} # run: | - # . ${{ github.workspace }}/.github/scripts/release/build-deb.sh ${{ matrix.binaries }} + # . "${GITHUB_WORKSPACE}"/.github/scripts/release/build-deb.sh ${{ matrix.binaries }} - name: Upload ${{ matrix.binaries }} artifacts @@ -172,7 +172,7 @@ jobs: - name: Check sha256 polkadot-parachain working-directory: /artifacts/polkadot-parachain run: | - . ${{ github.workspace }}/.github/scripts/common/lib.sh + . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh echo "Checking binary $polkadot-parachain" # check_sha256 polkadot-parachain && echo "OK" || echo "ERR" @@ -181,7 +181,7 @@ jobs: # - name: Check GPG ${{ matrix.binaries }} # working-directory: /artifacts/${{ matrix.binaries }} # run: | - # . ${{ github.workspace }}/.github/scripts/common/lib.sh + # . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh # check_gpg ${{ matrix.binaries }} @@ -192,7 +192,7 @@ jobs: path: /artifacts/polkadot-parachain upload-artifacts-to-s3: - needs: [build-polkadot-binary] + needs: [build-polkadot-binary, build-polkadot-parachain-binary] runs-on: ubuntu-latest env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} From 9d6b12b967fcf92c4c271d92b04e02cef675b6ac Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Mon, 16 Sep 2024 16:27:30 +0200 Subject: [PATCH 14/58] setting shell as bash explicitly for some steps --- .github/workflows/release-build-binary.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index e61306244ce46..4c1ee8aebf53d 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -96,6 +96,7 @@ jobs: - name: Check sha256 ${{ matrix.binaries }} working-directory: /artifacts/${{ matrix.binaries }} + shell: bash run: | . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh @@ -105,6 +106,7 @@ jobs: # - name: Check GPG ${{ matrix.binaries }} # working-directory: /artifacts/${{ matrix.binaries }} + # shell: bash # run: | # . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh @@ -112,6 +114,7 @@ jobs: # - name: Build polkadot deb package # if: ${{ matrix.binaries == 'polkadot' }} + # shell: bash # run: | # . "${GITHUB_WORKSPACE}"/.github/scripts/release/build-deb.sh ${{ matrix.binaries }} @@ -171,6 +174,7 @@ jobs: - name: Check sha256 polkadot-parachain working-directory: /artifacts/polkadot-parachain + shell: bash run: | . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh @@ -179,7 +183,8 @@ jobs: check_sha256 polkadot-parachain && echo "OK" || echo "ERR" # - name: Check GPG ${{ matrix.binaries }} - # working-directory: /artifacts/${{ matrix.binaries }} + # working-directory: /artifacts/${{ matrix.binaries }}# + # shell: bash # run: | # . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh From fca67182abc8927ed95023740af983c76fbd48a1 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Mon, 16 Sep 2024 16:32:20 +0200 Subject: [PATCH 15/58] fix aws region --- .github/workflows/release-build-binary.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index 4c1ee8aebf53d..a7f4f26578643 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -202,7 +202,7 @@ jobs: env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} - AWS_REGION: ${{ github.env.AWS_DEFAULT_REGION }} + AWS_REGION: ${{ secrets.AWS_DEFAULT_REGION }} strategy: matrix: binaries: [polkadot, polkadot-prepare-worker, polkadot-execute-worker, polkadot-parachain] From dbbb141db9f13bbfce50d5fd3eb1c8a731ac2669 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Mon, 16 Sep 2024 16:57:59 +0200 Subject: [PATCH 16/58] fix script name --- .github/workflows/release-build-binary.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index a7f4f26578643..a2f9a68b777f5 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -223,7 +223,7 @@ jobs: - name: Upload ${{ matrix.binaries }} artifacts to s3 run: | - . ./.github/scripts/release/lib.sh + . ./.github/scripts/release/release_lib.sh upload_s3_release ${{ matrix.binaries }} ${{ inputs.release_tag }} # - name: Upload artifacts to github release From 80fe8f288478de1a69afbd8dd4a722a3dd32edcb Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Mon, 16 Sep 2024 17:16:37 +0200 Subject: [PATCH 17/58] add artifacts download path --- .github/workflows/release-build-binary.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index a2f9a68b777f5..d0a8bead74d29 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -213,6 +213,8 @@ jobs: - name: Download artifacts uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + path: /artifacts/${{ matrix.binaries }} - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 From e104d72786836708629470f8c41d05c899b602de Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Mon, 16 Sep 2024 17:29:36 +0200 Subject: [PATCH 18/58] chnage download path --- .github/workflows/release-build-binary.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index d0a8bead74d29..0c488fa2d3466 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -214,7 +214,7 @@ jobs: - name: Download artifacts uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: - path: /artifacts/${{ matrix.binaries }} + path: artifacts/${{ matrix.binaries }} - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 From ebab693299df71be47d2179ea2ae42b9f5372137 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Mon, 16 Sep 2024 17:53:19 +0200 Subject: [PATCH 19/58] test with real binaries --- .github/workflows/release-build-binary.yml | 38 ++++++++++------------ 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index 0c488fa2d3466..1c99e98d78a7d 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -77,21 +77,21 @@ jobs: - name: Build binary run: | - ARTIFACTS=/artifacts/${{ matrix.binaries }} - echo "Artifacts will be copied into $ARTIFACTS" - mkdir -p "$ARTIFACTS" - cd $ARTIFACTS - echo "Test" >> ${{ matrix.binaries }}.txt - sha256sum "${{ matrix.binaries }}".txt | tee "${{ matrix.binaries }}.sha256" + # ARTIFACTS=/artifacts/${{ matrix.binaries }} + # echo "Artifacts will be copied into $ARTIFACTS" + # mkdir -p "$ARTIFACTS" + # cd $ARTIFACTS + # echo "Test" >> ${{ matrix.binaries }}.txt + # sha256sum "${{ matrix.binaries }}".txt | tee "${{ matrix.binaries }}.sha256" - # ./.github/scripts/release/build-linux-release.sh ${{ matrix.binaries }} ${{ inputs.binary }} + ./.github/scripts/release/build-linux-release.sh ${{ matrix.binaries }} ${{ inputs.binary }} - name: Sign artifacts working-directory: /artifacts/${{ matrix.binaries }} run: | - # python3 -m pgpkms sign --input ${{ matrix.binaries }} -o ${{ matrix.binaries }}.asc + python3 -m pgpkms sign --input ${{ matrix.binaries }} -o ${{ matrix.binaries }}.asc - python3 -m pgpkms sign --input ${{ matrix.binaries }}.txt -o ${{ matrix.binaries }}.asc + # python3 -m pgpkms sign --input ${{ matrix.binaries }}.txt -o ${{ matrix.binaries }}.asc ls -la - name: Check sha256 ${{ matrix.binaries }} @@ -101,7 +101,6 @@ jobs: . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh echo "Checking binary ${{ matrix.binaries }}" - # check_sha256 ${{ matrix.binaries }} && echo "OK" || echo "ERR" check_sha256 ${{ matrix.binaries }} && echo "OK" || echo "ERR" # - name: Check GPG ${{ matrix.binaries }} @@ -155,21 +154,21 @@ jobs: - name: Build polkadot-parachain binary run: | - ARTIFACTS=/artifacts/polkadot-parachain - echo "Artifacts will be copied into $ARTIFACTS" - mkdir -p "$ARTIFACTS" - cd $ARTIFACTS - echo "Test" >> polkadot-parachain.txt - sha256sum "polkadot-parachain".txt | tee "polkadot-parachain.sha256" + # ARTIFACTS=/artifacts/polkadot-parachain + # echo "Artifacts will be copied into $ARTIFACTS" + # mkdir -p "$ARTIFACTS" + # cd $ARTIFACTS + # echo "Test" >> polkadot-parachain.txt + # sha256sum "polkadot-parachain".txt | tee "polkadot-parachain.sha256" - # ./.github/scripts/release/build-linux-release.sh polkadot-parachain ${{ inputs.binary }} + ./.github/scripts/release/build-linux-release.sh polkadot-parachain ${{ inputs.binary }} - name: Sign artifacts working-directory: /artifacts/polkadot-parachain run: | - # python3 -m pgpkms sign --input polkadot-parachain -o polkadot-parachain.asc + python3 -m pgpkms sign --input polkadot-parachain -o polkadot-parachain.asc - python3 -m pgpkms sign --input polkadot-parachain.txt -o polkadot-parachain.asc + # python3 -m pgpkms sign --input polkadot-parachain.txt -o polkadot-parachain.asc ls -la - name: Check sha256 polkadot-parachain @@ -179,7 +178,6 @@ jobs: . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh echo "Checking binary $polkadot-parachain" - # check_sha256 polkadot-parachain && echo "OK" || echo "ERR" check_sha256 polkadot-parachain && echo "OK" || echo "ERR" # - name: Check GPG ${{ matrix.binaries }} From 63843cb97b0cc67c517d1e6e7db6747712f0cd92 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Mon, 16 Sep 2024 19:23:33 +0200 Subject: [PATCH 20/58] fix package name --- .github/workflows/release-build-binary.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index 1c99e98d78a7d..ad2fe56ed0856 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -84,7 +84,7 @@ jobs: # echo "Test" >> ${{ matrix.binaries }}.txt # sha256sum "${{ matrix.binaries }}".txt | tee "${{ matrix.binaries }}.sha256" - ./.github/scripts/release/build-linux-release.sh ${{ matrix.binaries }} ${{ inputs.binary }} + ./.github/scripts/release/build-linux-release.sh ${{ matrix.binaries }} polkadot - name: Sign artifacts working-directory: /artifacts/${{ matrix.binaries }} @@ -161,7 +161,7 @@ jobs: # echo "Test" >> polkadot-parachain.txt # sha256sum "polkadot-parachain".txt | tee "polkadot-parachain.sha256" - ./.github/scripts/release/build-linux-release.sh polkadot-parachain ${{ inputs.binary }} + ./.github/scripts/release/build-linux-release.sh polkadot-parachain polkadot-parachain-bin - name: Sign artifacts working-directory: /artifacts/polkadot-parachain From 85b0691bca3fb1b1238ddcab545a3559b714a99d Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Tue, 17 Sep 2024 09:47:23 +0200 Subject: [PATCH 21/58] test without polkadot-parachain --- .github/workflows/release-build-binary.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml index ad2fe56ed0856..d8cbcb5f49a64 100644 --- a/.github/workflows/release-build-binary.yml +++ b/.github/workflows/release-build-binary.yml @@ -127,7 +127,7 @@ jobs: build-polkadot-parachain-binary: # needs: [check-workflow-can-run] needs: [set-image] - # if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'all' }} + if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'all' }} runs-on: ubuntu-latest container: image: ${{ needs.set-image.outputs.IMAGE }} @@ -195,7 +195,7 @@ jobs: path: /artifacts/polkadot-parachain upload-artifacts-to-s3: - needs: [build-polkadot-binary, build-polkadot-parachain-binary] + needs: [build-polkadot-binary] runs-on: ubuntu-latest env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} From 83fd6364b0d52d48bdb48cbbe93386a13ea24af4 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Tue, 17 Sep 2024 11:54:38 +0200 Subject: [PATCH 22/58] move common parts to a reusable workflow --- .github/workflows/release-build-binary.yml | 229 ----------------- .github/workflows/release-build-rc.yml | 237 ++++++++++++++++++ .../workflows/release-reusable-rc-buid.yml | 167 ++++++++++++ 3 files changed, 404 insertions(+), 229 deletions(-) delete mode 100644 .github/workflows/release-build-binary.yml create mode 100644 .github/workflows/release-build-rc.yml create mode 100644 .github/workflows/release-reusable-rc-buid.yml diff --git a/.github/workflows/release-build-binary.yml b/.github/workflows/release-build-binary.yml deleted file mode 100644 index d8cbcb5f49a64..0000000000000 --- a/.github/workflows/release-build-binary.yml +++ /dev/null @@ -1,229 +0,0 @@ -name: Release - Build Binary - -on: - workflow_dispatch: - inputs: - binary: - description: Binary to be build for the release - required: true - default: polkadot - type: choice - options: - - polkadot - - polkadot-parachain - - all - - release_tag: - description: Tag matching the actual release candidate with the format vX.XX.X-rcX or stableYYMM - required: true - type: string - -env: - PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }} - PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - -jobs: - # TODO: Activate this job when the pipeline is moved to the fork in the `paritytech-release` org - # check-workflow-can-run: - # uses: paritytech-release/sync-workflows/.github/workflows/check-syncronization.yml@latest - - set-image: - # GitHub Actions allows using 'env' in a container context. - # However, env variables don't work for forks: https://github.com/orgs/community/discussions/44322 - # This workaround sets the container image for each job using 'set-image' job output. - runs-on: ubuntu-latest - outputs: - IMAGE: ${{ steps.set_image.outputs.IMAGE }} - steps: - - name: Checkout - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 - - - id: set_image - run: cat .github/env >> $GITHUB_OUTPUT - - build-polkadot-binary: - # needs: [check-workflow-can-run] - needs: [set-image] - if: ${{ inputs.binary == 'polkadot' || inputs.binary == 'all' }} - runs-on: ubuntu-latest - container: - image: ${{ needs.set-image.outputs.IMAGE }} - strategy: - matrix: - binaries: [polkadot, polkadot-prepare-worker, polkadot-execute-worker] - - steps: - - name: Install pgpkkms - run: | - # Install pgpkms that is used to sign build artifacts - python3 -m pip install "pgpkms @ git+https://github.com/paritytech-release/pgpkms.git@5a8f82fbb607ea102d8c178e761659de54c7af69" - which pgpkms - - - name: Checkout sources - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 - with: - ref: ${{ inputs.release_tag }} - fetch-depth: 0 - - - name: Import gpg keys - shell: bash - run: | - . ./.github/scripts/common/lib.sh - - import_gpg_keys - - - name: Build binary - run: | - # ARTIFACTS=/artifacts/${{ matrix.binaries }} - # echo "Artifacts will be copied into $ARTIFACTS" - # mkdir -p "$ARTIFACTS" - # cd $ARTIFACTS - # echo "Test" >> ${{ matrix.binaries }}.txt - # sha256sum "${{ matrix.binaries }}".txt | tee "${{ matrix.binaries }}.sha256" - - ./.github/scripts/release/build-linux-release.sh ${{ matrix.binaries }} polkadot - - - name: Sign artifacts - working-directory: /artifacts/${{ matrix.binaries }} - run: | - python3 -m pgpkms sign --input ${{ matrix.binaries }} -o ${{ matrix.binaries }}.asc - - # python3 -m pgpkms sign --input ${{ matrix.binaries }}.txt -o ${{ matrix.binaries }}.asc - ls -la - - - name: Check sha256 ${{ matrix.binaries }} - working-directory: /artifacts/${{ matrix.binaries }} - shell: bash - run: | - . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh - - echo "Checking binary ${{ matrix.binaries }}" - check_sha256 ${{ matrix.binaries }} && echo "OK" || echo "ERR" - - # - name: Check GPG ${{ matrix.binaries }} - # working-directory: /artifacts/${{ matrix.binaries }} - # shell: bash - # run: | - # . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh - - # check_gpg ${{ matrix.binaries }} - - # - name: Build polkadot deb package - # if: ${{ matrix.binaries == 'polkadot' }} - # shell: bash - # run: | - # . "${GITHUB_WORKSPACE}"/.github/scripts/release/build-deb.sh ${{ matrix.binaries }} - - - - name: Upload ${{ matrix.binaries }} artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: ${{ matrix.binaries }} - path: /artifacts/${{ matrix.binaries }} - - build-polkadot-parachain-binary: - # needs: [check-workflow-can-run] - needs: [set-image] - if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'all' }} - runs-on: ubuntu-latest - container: - image: ${{ needs.set-image.outputs.IMAGE }} - - steps: - - name: Install pgpkkms - run: | - # Install pgpkms that is used to sign build artifacts - python3 -m pip install "pgpkms @ git+https://github.com/paritytech-release/pgpkms.git@5a8f82fbb607ea102d8c178e761659de54c7af69" - which pgpkms - - - name: Checkout sources - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 - with: - ref: ${{ inputs.release_tag }} - fetch-depth: 0 - - - name: Import gpg keys - shell: bash - run: | - . ./.github/scripts/common/lib.sh - - import_gpg_keys - - - name: Build polkadot-parachain binary - run: | - # ARTIFACTS=/artifacts/polkadot-parachain - # echo "Artifacts will be copied into $ARTIFACTS" - # mkdir -p "$ARTIFACTS" - # cd $ARTIFACTS - # echo "Test" >> polkadot-parachain.txt - # sha256sum "polkadot-parachain".txt | tee "polkadot-parachain.sha256" - - ./.github/scripts/release/build-linux-release.sh polkadot-parachain polkadot-parachain-bin - - - name: Sign artifacts - working-directory: /artifacts/polkadot-parachain - run: | - python3 -m pgpkms sign --input polkadot-parachain -o polkadot-parachain.asc - - # python3 -m pgpkms sign --input polkadot-parachain.txt -o polkadot-parachain.asc - ls -la - - - name: Check sha256 polkadot-parachain - working-directory: /artifacts/polkadot-parachain - shell: bash - run: | - . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh - - echo "Checking binary $polkadot-parachain" - check_sha256 polkadot-parachain && echo "OK" || echo "ERR" - - # - name: Check GPG ${{ matrix.binaries }} - # working-directory: /artifacts/${{ matrix.binaries }}# - # shell: bash - # run: | - # . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh - - # check_gpg ${{ matrix.binaries }} - - - name: Upload polkadot-parachain artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: polkadot-parachain - path: /artifacts/polkadot-parachain - - upload-artifacts-to-s3: - needs: [build-polkadot-binary] - runs-on: ubuntu-latest - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} - AWS_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - strategy: - matrix: - binaries: [polkadot, polkadot-prepare-worker, polkadot-execute-worker, polkadot-parachain] - - steps: - - name: Checkout - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 - - - name: Download artifacts - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - path: artifacts/${{ matrix.binaries }} - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 - with: - aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ env.AWS_REGION }} - - - name: Upload ${{ matrix.binaries }} artifacts to s3 - run: | - . ./.github/scripts/release/release_lib.sh - upload_s3_release ${{ matrix.binaries }} ${{ inputs.release_tag }} - -# - name: Upload artifacts to github release diff --git a/.github/workflows/release-build-rc.yml b/.github/workflows/release-build-rc.yml new file mode 100644 index 0000000000000..52b1ff04f92b8 --- /dev/null +++ b/.github/workflows/release-build-rc.yml @@ -0,0 +1,237 @@ +name: Release - Build node release candidate + +on: + workflow_dispatch: + inputs: + binary: + description: Binary to be build for the release + required: true + default: polkadot + type: choice + options: + - polkadot + - polkadot-parachain + - all + + release_tag: + description: Tag matching the actual release candidate with the format vX.XX.X-rcX or stableYYMM + required: true + type: string + +# env: +# PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }} +# PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }} +# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} +# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} +# AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} + +jobs: + # TODO: Activate this job when the pipeline is moved to the fork in the `paritytech-release` org + # check-workflow-can-run: + # uses: paritytech-release/sync-workflows/.github/workflows/check-syncronization.yml@latest + + # set-image: + # # GitHub Actions allows using 'env' in a container context. + # # However, env variables don't work for forks: https://github.com/orgs/community/discussions/44322 + # # This workaround sets the container image for each job using 'set-image' job output. + # runs-on: ubuntu-latest + # outputs: + # IMAGE: ${{ steps.set_image.outputs.IMAGE }} + # steps: + # - name: Checkout + # uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 + + # - id: set_image + # run: cat .github/env >> $GITHUB_OUTPUT + + build-polkadot-binary: + # needs: [check-workflow-can-run] + # needs: [set-image] + if: ${{ inputs.binary == 'polkadot' || inputs.binary == 'all' }} + uses: "./.github/workflows/release-reusable-rc-buid.yml" + with: + binaries: "[[polkadot, polkadot],[polkadot-prepare-worker, polkadot], [polkadot-execute-worker, polkadot]]" + release_tag: ${{ inputs.release_tag }} + # runs-on: ubuntu-latest + # # container: + # # image: ${{ needs.set-image.outputs.IMAGE }} + # # strategy: + # # matrix: + # # binaries: [polkadot, polkadot-prepare-worker, polkadot-execute-worker] + + # steps: + # - name: Install pgpkkms + # run: | + # # Install pgpkms that is used to sign build artifacts + # python3 -m pip install "pgpkms @ git+https://github.com/paritytech-release/pgpkms.git@5a8f82fbb607ea102d8c178e761659de54c7af69" + # which pgpkms + + # - name: Checkout sources + # uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 + # with: + # ref: ${{ inputs.release_tag }} + # fetch-depth: 0 + + # - name: Import gpg keys + # shell: bash + # run: | + # . ./.github/scripts/common/lib.sh + + # import_gpg_keys + + # - name: Build binary + # run: | + # # ARTIFACTS=/artifacts/${{ matrix.binaries }} + # # echo "Artifacts will be copied into $ARTIFACTS" + # # mkdir -p "$ARTIFACTS" + # # cd $ARTIFACTS + # # echo "Test" >> ${{ matrix.binaries }}.txt + # # sha256sum "${{ matrix.binaries }}".txt | tee "${{ matrix.binaries }}.sha256" + + # ./.github/scripts/release/build-linux-release.sh ${{ matrix.binaries }} polkadot + + # - name: Sign artifacts + # working-directory: /artifacts/${{ matrix.binaries }} + # run: | + # python3 -m pgpkms sign --input ${{ matrix.binaries }} -o ${{ matrix.binaries }}.asc + + # # python3 -m pgpkms sign --input ${{ matrix.binaries }}.txt -o ${{ matrix.binaries }}.asc + # ls -la + + # - name: Check sha256 ${{ matrix.binaries }} + # working-directory: /artifacts/${{ matrix.binaries }} + # shell: bash + # run: | + # . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh + + # echo "Checking binary ${{ matrix.binaries }}" + # check_sha256 ${{ matrix.binaries }} && echo "OK" || echo "ERR" + + # # - name: Check GPG ${{ matrix.binaries }} + # # working-directory: /artifacts/${{ matrix.binaries }} + # # shell: bash + # # run: | + # # . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh + + # # check_gpg ${{ matrix.binaries }} + + # # - name: Build polkadot deb package + # # if: ${{ matrix.binaries == 'polkadot' }} + # # shell: bash + # # run: | + # # . "${GITHUB_WORKSPACE}"/.github/scripts/release/build-deb.sh ${{ matrix.binaries }} + + + # - name: Upload ${{ matrix.binaries }} artifacts + # uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + # with: + # name: ${{ matrix.binaries }} + # path: /artifacts/${{ matrix.binaries }} + + build-polkadot-parachain-binary: + # needs: [check-workflow-can-run] + # needs: [set-image] + if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'all' }} + uses: "./.github/workflows/release-reusable-rc-buid.yml" + with: + binaries: "[[polkadot-parachain, polkadot-parachain-bin]]" + release_tag: ${{ inputs.release_tag }} + # runs-on: ubuntu-latest + # container: + # image: ${{ needs.set-image.outputs.IMAGE }} + + # steps: + # - name: Install pgpkkms + # run: | + # # Install pgpkms that is used to sign build artifacts + # python3 -m pip install "pgpkms @ git+https://github.com/paritytech-release/pgpkms.git@5a8f82fbb607ea102d8c178e761659de54c7af69" + # which pgpkms + + # - name: Checkout sources + # uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 + # with: + # ref: ${{ inputs.release_tag }} + # fetch-depth: 0 + + # - name: Import gpg keys + # shell: bash + # run: | + # . ./.github/scripts/common/lib.sh + + # import_gpg_keys + + # - name: Build polkadot-parachain binary + # run: | + # # ARTIFACTS=/artifacts/polkadot-parachain + # # echo "Artifacts will be copied into $ARTIFACTS" + # # mkdir -p "$ARTIFACTS" + # # cd $ARTIFACTS + # # echo "Test" >> polkadot-parachain.txt + # # sha256sum "polkadot-parachain".txt | tee "polkadot-parachain.sha256" + + # ./.github/scripts/release/build-linux-release.sh polkadot-parachain polkadot-parachain-bin + + # - name: Sign artifacts + # working-directory: /artifacts/polkadot-parachain + # run: | + # python3 -m pgpkms sign --input polkadot-parachain -o polkadot-parachain.asc + + # # python3 -m pgpkms sign --input polkadot-parachain.txt -o polkadot-parachain.asc + # ls -la + + # - name: Check sha256 polkadot-parachain + # working-directory: /artifacts/polkadot-parachain + # shell: bash + # run: | + # . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh + + # echo "Checking binary $polkadot-parachain" + # check_sha256 polkadot-parachain && echo "OK" || echo "ERR" + + # # - name: Check GPG ${{ matrix.binaries }} + # # working-directory: /artifacts/${{ matrix.binaries }}# + # # shell: bash + # # run: | + # # . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh + + # # check_gpg ${{ matrix.binaries }} + + # - name: Upload polkadot-parachain artifacts + # uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + # with: + # name: polkadot-parachain + # path: /artifacts/polkadot-parachain + + # upload-artifacts-to-s3: + # needs: [build-polkadot-binary] + # runs-on: ubuntu-latest + # env: + # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} + # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} + # AWS_REGION: ${{ secrets.AWS_DEFAULT_REGION }} + # strategy: + # matrix: + # binaries: [polkadot, polkadot-prepare-worker, polkadot-execute-worker, polkadot-parachain] + + # steps: + # - name: Checkout + # uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 + + # - name: Download artifacts + # uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + # with: + # path: artifacts/${{ matrix.binaries }} + + # - name: Configure AWS Credentials + # uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + # with: + # aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} + # aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} + # aws-region: ${{ env.AWS_REGION }} + + # - name: Upload ${{ matrix.binaries }} artifacts to s3 + # run: | + # . ./.github/scripts/release/release_lib.sh + # upload_s3_release ${{ matrix.binaries }} ${{ inputs.release_tag }} + +# - name: Upload artifacts to github release diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml new file mode 100644 index 0000000000000..8c003bd8cd89f --- /dev/null +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -0,0 +1,167 @@ +name: RC Build + +on: + # workflow_dispatch: + # inputs: + # binary: + # description: Binary to be build for the release + # required: true + # default: polkadot + # type: choice + # options: + # - polkadot + # - polkadot-parachain + # - all + + # release_tag: + # description: Tag matching the actual release candidate with the format vX.XX.X-rcX or stableYYMM + # required: true + # type: string + + workflow_call: + inputs: + binaries: + description: Binary to be build for the release + required: true + default: polkadot + type: string + + release_tag: + description: Tag matching the actual release candidate with the format vX.XX.X-rcX or stableYYMM + required: true + type: string + +env: + PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }} + PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} + +jobs: + + set-image: + # GitHub Actions allows using 'env' in a container context. + # However, env variables don't work for forks: https://github.com/orgs/community/discussions/44322 + # This workaround sets the container image for each job using 'set-image' job output. + runs-on: ubuntu-latest + outputs: + IMAGE: ${{ steps.set_image.outputs.IMAGE }} + steps: + - name: Checkout + uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 + + - id: set_image + run: cat .github/env >> $GITHUB_OUTPUT + + build-rc: + needs: [set-image] + runs-on: ubuntu-latest + container: + image: ${{ needs.set-image.outputs.IMAGE }} + strategy: + matrix: + binaries: ${{ inputs.binaries }} + + steps: + - name: Install pgpkkms + run: | + # Install pgpkms that is used to sign build artifacts + python3 -m pip install "pgpkms @ git+https://github.com/paritytech-release/pgpkms.git@5a8f82fbb607ea102d8c178e761659de54c7af69" + which pgpkms + + - name: Checkout sources + uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 + with: + ref: ${{ inputs.release_tag }} + fetch-depth: 0 + + - name: Import gpg keys + shell: bash + run: | + . ./.github/scripts/common/lib.sh + + import_gpg_keys + + - name: Build binary + run: | + ARTIFACTS=/artifacts/${{ matrix.binaries[0] }} + echo "Artifacts will be copied into $ARTIFACTS" + mkdir -p "$ARTIFACTS" + cd $ARTIFACTS + echo "Test" >> ${{ matrix.binaries[0] }}.txt + sha256sum "${{ matrix.binaries[0] }}".txt | tee "${{ matrix.binaries[0] }}.sha256" + + # ./.github/scripts/release/build-linux-release.sh ${{ matrix.binaries[0] }} ${{ matrix.binaries[1] }} + + - name: Sign artifacts + working-directory: /artifacts/${{ matrix.binaries[0] }} + run: | + # python3 -m pgpkms sign --input ${{matrix.binaries[0] }} -o ${{ matrix.binaries[0] }}.asc + + python3 -m pgpkms sign --input ${{ matrix.binaries[0] }}.txt -o ${{ matrix.binaries[0] }}.asc + ls -la + + - name: Check sha256 ${{ matrix.binaries[0] }} + working-directory: /artifacts/${{ matrix.binaries[0] }} + shell: bash + run: | + . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh + + echo "Checking binary ${{ matrix.binaries[0] }}" + check_sha256 ${{ matrix.binaries[0] }} && echo "OK" || echo "ERR" + + # - name: Check GPG ${{ matrix.binaries[0] }} + # working-directory: /artifacts/${{ matrix.binaries[0] }} + # shell: bash + # run: | + # . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh + + # check_gpg ${{ matrix.binaries[0] }} + + # - name: Build polkadot deb package + # if: ${{ matrix.binaries[0] == 'polkadot' }} + # shell: bash + # run: | + # . "${GITHUB_WORKSPACE}"/.github/scripts/release/build-deb.sh ${{ matrix.binaries[0] }} + + + - name: Upload ${{ matrix.binaries[0] }} artifacts + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + with: + name: ${{ matrix.binaries[0] }} + path: /artifacts/${{ matrix.binaries[0] }} + + upload-artifacts-to-s3: + needs: [build-rc] + runs-on: ubuntu-latest + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} + AWS_REGION: ${{ secrets.AWS_DEFAULT_REGION }} + strategy: + matrix: + binaries: ${{ inputs.binaries }} + + steps: + - name: Checkout + uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 + + - name: Download artifacts + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + path: artifacts/${{ matrix.binaries[0] }} + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + with: + aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ env.AWS_REGION }} + + - name: Upload ${{ matrix.binaries[0] }} artifacts to s3 + run: | + . ./.github/scripts/release/release_lib.sh + upload_s3_release ${{ matrix.binaries[0] }} ${{ inputs.release_tag }} + +# - name: Upload artifacts to github release From 7f5cb2cbd6ffa835d1e1537de04efeafb40f1f67 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Tue, 17 Sep 2024 14:19:06 +0200 Subject: [PATCH 23/58] use fromJson --- .github/workflows/release-reusable-rc-buid.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index 8c003bd8cd89f..d751847eed111 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -61,7 +61,7 @@ jobs: image: ${{ needs.set-image.outputs.IMAGE }} strategy: matrix: - binaries: ${{ inputs.binaries }} + binaries: ${{ fromJson(inputs.binaries) }} steps: - name: Install pgpkkms From 43c918cc49ee3adb4afa56ca21d8f5c1b500745d Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Tue, 17 Sep 2024 16:20:51 +0200 Subject: [PATCH 24/58] add package as parameter --- .../scripts/release/build-linux-release.sh | 2 +- .github/workflows/release-build-rc.yml | 8 +-- .../workflows/release-reusable-rc-buid.yml | 49 ++++++++++--------- 3 files changed, 33 insertions(+), 26 deletions(-) diff --git a/.github/scripts/release/build-linux-release.sh b/.github/scripts/release/build-linux-release.sh index 5834e0010ec59..78d526cbd8a62 100755 --- a/.github/scripts/release/build-linux-release.sh +++ b/.github/scripts/release/build-linux-release.sh @@ -16,7 +16,7 @@ echo "Artifacts will be copied into $ARTIFACTS" mkdir -p "$ARTIFACTS" git log --pretty=oneline -n 1 -time cargo build --profile $PROFILE --locked --verbose --package $PACKAGE --bin $BIN +time cargo build --profile $PROFILE --locked --verbose --bin $BIN --package $PACKAGE echo "Artifact target: $ARTIFACTS" diff --git a/.github/workflows/release-build-rc.yml b/.github/workflows/release-build-rc.yml index 52b1ff04f92b8..af0b8d4ab8be5 100644 --- a/.github/workflows/release-build-rc.yml +++ b/.github/workflows/release-build-rc.yml @@ -6,7 +6,7 @@ on: binary: description: Binary to be build for the release required: true - default: polkadot + default: all type: choice options: - polkadot @@ -50,7 +50,8 @@ jobs: if: ${{ inputs.binary == 'polkadot' || inputs.binary == 'all' }} uses: "./.github/workflows/release-reusable-rc-buid.yml" with: - binaries: "[[polkadot, polkadot],[polkadot-prepare-worker, polkadot], [polkadot-execute-worker, polkadot]]" + binaries: "[polkadot, polkadot-prepare-worker, polkadot-execute-worker]" + package: polkadot release_tag: ${{ inputs.release_tag }} # runs-on: ubuntu-latest # # container: @@ -134,7 +135,8 @@ jobs: if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'all' }} uses: "./.github/workflows/release-reusable-rc-buid.yml" with: - binaries: "[[polkadot-parachain, polkadot-parachain-bin]]" + binaries: "[polkadot-parachain]" + package: "polkadot-parachain-bin" release_tag: ${{ inputs.release_tag }} # runs-on: ubuntu-latest # container: diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index d751847eed111..f166438f8be2d 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -26,6 +26,11 @@ on: default: polkadot type: string + package: + description: Package to be built, for now is either polkadot or polkadot-parachain-bin + required: true + type: string + release_tag: description: Tag matching the actual release candidate with the format vX.XX.X-rcX or stableYYMM required: true @@ -61,7 +66,7 @@ jobs: image: ${{ needs.set-image.outputs.IMAGE }} strategy: matrix: - binaries: ${{ fromJson(inputs.binaries) }} + binaries: ${{ fromJSON(inputs.binaries) }} steps: - name: Install pgpkkms @@ -85,52 +90,52 @@ jobs: - name: Build binary run: | - ARTIFACTS=/artifacts/${{ matrix.binaries[0] }} + ARTIFACTS=/artifacts/${{ matrix.binaries }} echo "Artifacts will be copied into $ARTIFACTS" mkdir -p "$ARTIFACTS" cd $ARTIFACTS - echo "Test" >> ${{ matrix.binaries[0] }}.txt - sha256sum "${{ matrix.binaries[0] }}".txt | tee "${{ matrix.binaries[0] }}.sha256" + echo "Test" >> ${{ matrix.binaries }}.txt + sha256sum "${{ matrix.binaries }}".txt | tee "${{ matrix.binaries }}.sha256" - # ./.github/scripts/release/build-linux-release.sh ${{ matrix.binaries[0] }} ${{ matrix.binaries[1] }} + # ./.github/scripts/release/build-linux-release.sh ${{ matrix.binaries }} ${{ inputs.package }} - name: Sign artifacts - working-directory: /artifacts/${{ matrix.binaries[0] }} + working-directory: /artifacts/${{ matrix.binaries }} run: | - # python3 -m pgpkms sign --input ${{matrix.binaries[0] }} -o ${{ matrix.binaries[0] }}.asc + # python3 -m pgpkms sign --input ${{matrix.binaries }} -o ${{ matrix.binaries }}.asc - python3 -m pgpkms sign --input ${{ matrix.binaries[0] }}.txt -o ${{ matrix.binaries[0] }}.asc + python3 -m pgpkms sign --input ${{ matrix.binaries }}.txt -o ${{ matrix.binaries }}.asc ls -la - - name: Check sha256 ${{ matrix.binaries[0] }} - working-directory: /artifacts/${{ matrix.binaries[0] }} + - name: Check sha256 ${{ matrix.binaries }} + working-directory: /artifacts/${{ matrix.binaries }} shell: bash run: | . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh - echo "Checking binary ${{ matrix.binaries[0] }}" - check_sha256 ${{ matrix.binaries[0] }} && echo "OK" || echo "ERR" + echo "Checking binary ${{ matrix.binaries }}" + check_sha256 ${{ matrix.binaries }} && echo "OK" || echo "ERR" - # - name: Check GPG ${{ matrix.binaries[0] }} - # working-directory: /artifacts/${{ matrix.binaries[0] }} + # - name: Check GPG ${{ matrix.binaries }} + # working-directory: /artifacts/${{ matrix.binaries }} # shell: bash # run: | # . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh - # check_gpg ${{ matrix.binaries[0] }} + # check_gpg ${{ matrix.binaries }} # - name: Build polkadot deb package - # if: ${{ matrix.binaries[0] == 'polkadot' }} + # if: ${{ matrix.binaries == 'polkadot' }} # shell: bash # run: | - # . "${GITHUB_WORKSPACE}"/.github/scripts/release/build-deb.sh ${{ matrix.binaries[0] }} + # . "${GITHUB_WORKSPACE}"/.github/scripts/release/build-deb.sh ${{ matrix.binaries }} - - name: Upload ${{ matrix.binaries[0] }} artifacts + - name: Upload ${{ matrix.binaries }} artifacts uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: - name: ${{ matrix.binaries[0] }} - path: /artifacts/${{ matrix.binaries[0] }} + name: ${{ matrix.binaries }} + path: /artifacts/${{ matrix.binaries }} upload-artifacts-to-s3: needs: [build-rc] @@ -159,9 +164,9 @@ jobs: aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} aws-region: ${{ env.AWS_REGION }} - - name: Upload ${{ matrix.binaries[0] }} artifacts to s3 + - name: Upload ${{ matrix.binaries }} artifacts to s3 run: | . ./.github/scripts/release/release_lib.sh - upload_s3_release ${{ matrix.binaries[0] }} ${{ inputs.release_tag }} + upload_s3_release ${{ matrix.binaries }} ${{ inputs.release_tag }} # - name: Upload artifacts to github release From 73f40bbb3fbeaa24402e175ba03f156a0138a2cd Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Tue, 17 Sep 2024 16:27:14 +0200 Subject: [PATCH 25/58] fix --- .github/workflows/release-build-rc.yml | 4 ++-- .github/workflows/release-reusable-rc-buid.yml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release-build-rc.yml b/.github/workflows/release-build-rc.yml index af0b8d4ab8be5..8c6639be7916e 100644 --- a/.github/workflows/release-build-rc.yml +++ b/.github/workflows/release-build-rc.yml @@ -50,7 +50,7 @@ jobs: if: ${{ inputs.binary == 'polkadot' || inputs.binary == 'all' }} uses: "./.github/workflows/release-reusable-rc-buid.yml" with: - binaries: "[polkadot, polkadot-prepare-worker, polkadot-execute-worker]" + binary: '["polkadot", "polkadot-prepare-worker", "polkadot-execute-worker"]' package: polkadot release_tag: ${{ inputs.release_tag }} # runs-on: ubuntu-latest @@ -135,7 +135,7 @@ jobs: if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'all' }} uses: "./.github/workflows/release-reusable-rc-buid.yml" with: - binaries: "[polkadot-parachain]" + binary: '["polkadot-parachain"]' package: "polkadot-parachain-bin" release_tag: ${{ inputs.release_tag }} # runs-on: ubuntu-latest diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index f166438f8be2d..d43f1bb4f4167 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -20,7 +20,7 @@ on: workflow_call: inputs: - binaries: + binary: description: Binary to be build for the release required: true default: polkadot @@ -66,7 +66,7 @@ jobs: image: ${{ needs.set-image.outputs.IMAGE }} strategy: matrix: - binaries: ${{ fromJSON(inputs.binaries) }} + binaries: ${{ fromJSON(inputs.binary) }} steps: - name: Install pgpkkms @@ -146,7 +146,7 @@ jobs: AWS_REGION: ${{ secrets.AWS_DEFAULT_REGION }} strategy: matrix: - binaries: ${{ inputs.binaries }} + binaries: ${{ fromJson(inputs.binary) }} steps: - name: Checkout From 8f42d259ee476069bc31808f577828d3a3e85450 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Tue, 17 Sep 2024 16:36:29 +0200 Subject: [PATCH 26/58] fix quots --- .github/workflows/release-reusable-rc-buid.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index d43f1bb4f4167..20c4d56acf837 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -95,7 +95,7 @@ jobs: mkdir -p "$ARTIFACTS" cd $ARTIFACTS echo "Test" >> ${{ matrix.binaries }}.txt - sha256sum "${{ matrix.binaries }}".txt | tee "${{ matrix.binaries }}.sha256" + sha256sum "${{ matrix.binaries }}.txt" | tee "${{ matrix.binaries }}.sha256" # ./.github/scripts/release/build-linux-release.sh ${{ matrix.binaries }} ${{ inputs.package }} From f94a04fa74f4fe139b37332f09948334c312925a Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Tue, 17 Sep 2024 17:03:46 +0200 Subject: [PATCH 27/58] move envs inside a build job --- .github/workflows/release-reusable-rc-buid.yml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index 20c4d56acf837..69ed2b5bebaa8 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -36,13 +36,6 @@ on: required: true type: string -env: - PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }} - PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - jobs: set-image: @@ -67,6 +60,12 @@ jobs: strategy: matrix: binaries: ${{ fromJSON(inputs.binary) }} + env: + PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }} + PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} steps: - name: Install pgpkkms From 0ae01e9c3860f389a317b0152d8532ec5366e1b4 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Tue, 17 Sep 2024 17:37:50 +0200 Subject: [PATCH 28/58] define secrets --- .github/workflows/release-build-rc.yml | 213 ++---------------- .../workflows/release-reusable-rc-buid.yml | 16 ++ 2 files changed, 32 insertions(+), 197 deletions(-) diff --git a/.github/workflows/release-build-rc.yml b/.github/workflows/release-build-rc.yml index 8c6639be7916e..49041010dc0aa 100644 --- a/.github/workflows/release-build-rc.yml +++ b/.github/workflows/release-build-rc.yml @@ -5,7 +5,6 @@ on: inputs: binary: description: Binary to be build for the release - required: true default: all type: choice options: @@ -15,225 +14,45 @@ on: release_tag: description: Tag matching the actual release candidate with the format vX.XX.X-rcX or stableYYMM - required: true type: string -# env: -# PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }} -# PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }} -# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} -# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} -# AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - jobs: # TODO: Activate this job when the pipeline is moved to the fork in the `paritytech-release` org # check-workflow-can-run: # uses: paritytech-release/sync-workflows/.github/workflows/check-syncronization.yml@latest - # set-image: - # # GitHub Actions allows using 'env' in a container context. - # # However, env variables don't work for forks: https://github.com/orgs/community/discussions/44322 - # # This workaround sets the container image for each job using 'set-image' job output. - # runs-on: ubuntu-latest - # outputs: - # IMAGE: ${{ steps.set_image.outputs.IMAGE }} - # steps: - # - name: Checkout - # uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 - - # - id: set_image - # run: cat .github/env >> $GITHUB_OUTPUT - build-polkadot-binary: # needs: [check-workflow-can-run] - # needs: [set-image] if: ${{ inputs.binary == 'polkadot' || inputs.binary == 'all' }} uses: "./.github/workflows/release-reusable-rc-buid.yml" with: binary: '["polkadot", "polkadot-prepare-worker", "polkadot-execute-worker"]' package: polkadot release_tag: ${{ inputs.release_tag }} - # runs-on: ubuntu-latest - # # container: - # # image: ${{ needs.set-image.outputs.IMAGE }} - # # strategy: - # # matrix: - # # binaries: [polkadot, polkadot-prepare-worker, polkadot-execute-worker] - - # steps: - # - name: Install pgpkkms - # run: | - # # Install pgpkms that is used to sign build artifacts - # python3 -m pip install "pgpkms @ git+https://github.com/paritytech-release/pgpkms.git@5a8f82fbb607ea102d8c178e761659de54c7af69" - # which pgpkms - - # - name: Checkout sources - # uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 - # with: - # ref: ${{ inputs.release_tag }} - # fetch-depth: 0 - - # - name: Import gpg keys - # shell: bash - # run: | - # . ./.github/scripts/common/lib.sh - - # import_gpg_keys - - # - name: Build binary - # run: | - # # ARTIFACTS=/artifacts/${{ matrix.binaries }} - # # echo "Artifacts will be copied into $ARTIFACTS" - # # mkdir -p "$ARTIFACTS" - # # cd $ARTIFACTS - # # echo "Test" >> ${{ matrix.binaries }}.txt - # # sha256sum "${{ matrix.binaries }}".txt | tee "${{ matrix.binaries }}.sha256" - - # ./.github/scripts/release/build-linux-release.sh ${{ matrix.binaries }} polkadot - - # - name: Sign artifacts - # working-directory: /artifacts/${{ matrix.binaries }} - # run: | - # python3 -m pgpkms sign --input ${{ matrix.binaries }} -o ${{ matrix.binaries }}.asc - - # # python3 -m pgpkms sign --input ${{ matrix.binaries }}.txt -o ${{ matrix.binaries }}.asc - # ls -la - - # - name: Check sha256 ${{ matrix.binaries }} - # working-directory: /artifacts/${{ matrix.binaries }} - # shell: bash - # run: | - # . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh - - # echo "Checking binary ${{ matrix.binaries }}" - # check_sha256 ${{ matrix.binaries }} && echo "OK" || echo "ERR" - - # # - name: Check GPG ${{ matrix.binaries }} - # # working-directory: /artifacts/${{ matrix.binaries }} - # # shell: bash - # # run: | - # # . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh - - # # check_gpg ${{ matrix.binaries }} - - # # - name: Build polkadot deb package - # # if: ${{ matrix.binaries == 'polkadot' }} - # # shell: bash - # # run: | - # # . "${GITHUB_WORKSPACE}"/.github/scripts/release/build-deb.sh ${{ matrix.binaries }} - - - # - name: Upload ${{ matrix.binaries }} artifacts - # uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - # with: - # name: ${{ matrix.binaries }} - # path: /artifacts/${{ matrix.binaries }} + secrets: + PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }} + PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} + AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} + AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} build-polkadot-parachain-binary: # needs: [check-workflow-can-run] - # needs: [set-image] if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'all' }} uses: "./.github/workflows/release-reusable-rc-buid.yml" with: binary: '["polkadot-parachain"]' package: "polkadot-parachain-bin" release_tag: ${{ inputs.release_tag }} - # runs-on: ubuntu-latest - # container: - # image: ${{ needs.set-image.outputs.IMAGE }} - - # steps: - # - name: Install pgpkkms - # run: | - # # Install pgpkms that is used to sign build artifacts - # python3 -m pip install "pgpkms @ git+https://github.com/paritytech-release/pgpkms.git@5a8f82fbb607ea102d8c178e761659de54c7af69" - # which pgpkms - - # - name: Checkout sources - # uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 - # with: - # ref: ${{ inputs.release_tag }} - # fetch-depth: 0 - - # - name: Import gpg keys - # shell: bash - # run: | - # . ./.github/scripts/common/lib.sh - - # import_gpg_keys - - # - name: Build polkadot-parachain binary - # run: | - # # ARTIFACTS=/artifacts/polkadot-parachain - # # echo "Artifacts will be copied into $ARTIFACTS" - # # mkdir -p "$ARTIFACTS" - # # cd $ARTIFACTS - # # echo "Test" >> polkadot-parachain.txt - # # sha256sum "polkadot-parachain".txt | tee "polkadot-parachain.sha256" - - # ./.github/scripts/release/build-linux-release.sh polkadot-parachain polkadot-parachain-bin - - # - name: Sign artifacts - # working-directory: /artifacts/polkadot-parachain - # run: | - # python3 -m pgpkms sign --input polkadot-parachain -o polkadot-parachain.asc - - # # python3 -m pgpkms sign --input polkadot-parachain.txt -o polkadot-parachain.asc - # ls -la - - # - name: Check sha256 polkadot-parachain - # working-directory: /artifacts/polkadot-parachain - # shell: bash - # run: | - # . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh - - # echo "Checking binary $polkadot-parachain" - # check_sha256 polkadot-parachain && echo "OK" || echo "ERR" - - # # - name: Check GPG ${{ matrix.binaries }} - # # working-directory: /artifacts/${{ matrix.binaries }}# - # # shell: bash - # # run: | - # # . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh - - # # check_gpg ${{ matrix.binaries }} - - # - name: Upload polkadot-parachain artifacts - # uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - # with: - # name: polkadot-parachain - # path: /artifacts/polkadot-parachain - - # upload-artifacts-to-s3: - # needs: [build-polkadot-binary] - # runs-on: ubuntu-latest - # env: - # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} - # AWS_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - # strategy: - # matrix: - # binaries: [polkadot, polkadot-prepare-worker, polkadot-execute-worker, polkadot-parachain] - - # steps: - # - name: Checkout - # uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 - - # - name: Download artifacts - # uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - # with: - # path: artifacts/${{ matrix.binaries }} - - # - name: Configure AWS Credentials - # uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 - # with: - # aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} - # aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} - # aws-region: ${{ env.AWS_REGION }} - - # - name: Upload ${{ matrix.binaries }} artifacts to s3 - # run: | - # . ./.github/scripts/release/release_lib.sh - # upload_s3_release ${{ matrix.binaries }} ${{ inputs.release_tag }} + secrets: + PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }} + PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} + AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} + AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} # - name: Upload artifacts to github release diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index 69ed2b5bebaa8..ca7131e627ba3 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -36,6 +36,22 @@ on: required: true type: string + secrets: + PGP_KMS_KEY: + required: true + PGP_KMS_HASH: + required: true + AWS_ACCESS_KEY_ID: + required: true + AWS_SECRET_ACCESS_KEY: + required: true + AWS_DEFAULT_REGION: + required: true + AWS_RELEASE_ACCESS_KEY_ID: + required: true + AWS_RELEASE_SECRET_ACCESS_KEY: + required: true + jobs: set-image: From a96bf6f8d37d95820f12b7f22c75c447d0e01efd Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Tue, 17 Sep 2024 17:54:58 +0200 Subject: [PATCH 29/58] use one bucket --- .github/scripts/release/release_lib.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/scripts/release/release_lib.sh b/.github/scripts/release/release_lib.sh index 3a8aed32a756e..f5032073b6173 100644 --- a/.github/scripts/release/release_lib.sh +++ b/.github/scripts/release/release_lib.sh @@ -128,12 +128,12 @@ upload_s3_release() { echo "Working on version: $version " echo "Current content, should be empty on new uploads:" - aws s3 ls "s3://releases.parity.io/$product/${version}/" --recursive --human-readable --summarize || true + aws s3 ls "s3://releases.parity.io/polkadot/${version}/" --recursive --human-readable --summarize || true echo "Content to be uploaded:" artifacts="artifacts/$product/" ls "$artifacts" - aws s3 sync --acl public-read "$artifacts" "s3://releases.parity.io/$product/${version}/" + aws s3 sync --acl public-read "$artifacts" "s3://releases.parity.io/polkadot/${version}/" echo "Uploaded files:" - aws s3 ls "s3://releases.parity.io/$product/${version}/" --recursive --human-readable --summarize - echo "✅ The release should be at https://releases.parity.io/$product/${version}" + aws s3 ls "s3://releases.parity.io/polkadot/${version}/" --recursive --human-readable --summarize + echo "✅ The release should be at https://releases.parity.io/polkadot/${version}" } From 1844de7f0a2619bb40cdaf1f43056254f509e34c Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Tue, 17 Sep 2024 17:56:36 +0200 Subject: [PATCH 30/58] test with real polka bin --- .../workflows/release-reusable-rc-buid.yml | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index ca7131e627ba3..a11be1491def5 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -105,21 +105,21 @@ jobs: - name: Build binary run: | - ARTIFACTS=/artifacts/${{ matrix.binaries }} - echo "Artifacts will be copied into $ARTIFACTS" - mkdir -p "$ARTIFACTS" - cd $ARTIFACTS - echo "Test" >> ${{ matrix.binaries }}.txt - sha256sum "${{ matrix.binaries }}.txt" | tee "${{ matrix.binaries }}.sha256" + # ARTIFACTS=/artifacts/${{ matrix.binaries }} + # echo "Artifacts will be copied into $ARTIFACTS" + # mkdir -p "$ARTIFACTS" + # cd $ARTIFACTS + # echo "Test" >> ${{ matrix.binaries }}.txt + # sha256sum "${{ matrix.binaries }}.txt" | tee "${{ matrix.binaries }}.sha256" - # ./.github/scripts/release/build-linux-release.sh ${{ matrix.binaries }} ${{ inputs.package }} + ./.github/scripts/release/build-linux-release.sh ${{ matrix.binaries }} ${{ inputs.package }} - name: Sign artifacts working-directory: /artifacts/${{ matrix.binaries }} run: | - # python3 -m pgpkms sign --input ${{matrix.binaries }} -o ${{ matrix.binaries }}.asc + python3 -m pgpkms sign --input ${{matrix.binaries }} -o ${{ matrix.binaries }}.asc - python3 -m pgpkms sign --input ${{ matrix.binaries }}.txt -o ${{ matrix.binaries }}.asc + # python3 -m pgpkms sign --input ${{ matrix.binaries }}.txt -o ${{ matrix.binaries }}.asc ls -la - name: Check sha256 ${{ matrix.binaries }} @@ -131,13 +131,13 @@ jobs: echo "Checking binary ${{ matrix.binaries }}" check_sha256 ${{ matrix.binaries }} && echo "OK" || echo "ERR" - # - name: Check GPG ${{ matrix.binaries }} - # working-directory: /artifacts/${{ matrix.binaries }} - # shell: bash - # run: | - # . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh + - name: Check GPG ${{ matrix.binaries }} + working-directory: /artifacts/${{ matrix.binaries }} + shell: bash + run: | + . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh - # check_gpg ${{ matrix.binaries }} + check_gpg ${{ matrix.binaries }} # - name: Build polkadot deb package # if: ${{ matrix.binaries == 'polkadot' }} From 81d92a01b0abb0a7567be3dad33ec9e50c0648bc Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Wed, 18 Sep 2024 10:30:27 +0200 Subject: [PATCH 31/58] add build polkadot deb step --- .github/workflows/release-reusable-rc-buid.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index a11be1491def5..b60f7d0d371e1 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -139,11 +139,11 @@ jobs: check_gpg ${{ matrix.binaries }} - # - name: Build polkadot deb package - # if: ${{ matrix.binaries == 'polkadot' }} - # shell: bash - # run: | - # . "${GITHUB_WORKSPACE}"/.github/scripts/release/build-deb.sh ${{ matrix.binaries }} + - name: Build polkadot deb package + if: ${{ matrix.binaries == 'polkadot' }} + shell: bash + run: | + . "${GITHUB_WORKSPACE}"/.github/scripts/release/build-deb.sh ${{ matrix.binaries }} - name: Upload ${{ matrix.binaries }} artifacts From 29c8515e547fa449724b13285b5644050e012397 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Wed, 18 Sep 2024 16:57:30 +0200 Subject: [PATCH 32/58] small fixes --- .github/scripts/release/build-deb.sh | 1 + .github/scripts/release/build-linux-release.sh | 1 + .github/workflows/release-reusable-rc-buid.yml | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/scripts/release/build-deb.sh b/.github/scripts/release/build-deb.sh index 705e8807749eb..911c6545ca431 100755 --- a/.github/scripts/release/build-deb.sh +++ b/.github/scripts/release/build-deb.sh @@ -1,4 +1,5 @@ #!/usr/bin/env bash +set -e PRODUCT=$1 PROFILE=${PROFILE:-production} diff --git a/.github/scripts/release/build-linux-release.sh b/.github/scripts/release/build-linux-release.sh index 78d526cbd8a62..2f0be48e68c0a 100755 --- a/.github/scripts/release/build-linux-release.sh +++ b/.github/scripts/release/build-linux-release.sh @@ -3,6 +3,7 @@ # This is used to build our binaries: # - polkadot # - polkadot-parachain +set -e BIN=$1 PACKAGE=${2:-$BIN} diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index b60f7d0d371e1..dc7d52d4d49b5 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -170,7 +170,7 @@ jobs: - name: Download artifacts uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: - path: artifacts/${{ matrix.binaries[0] }} + path: artifacts/${{ matrix.binaries }} - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 From be4ccdf10f98793427d3bbf3bce345cc8734fff0 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Thu, 19 Sep 2024 11:02:45 +0200 Subject: [PATCH 33/58] make build deb as a separate job --- .github/scripts/release/build-deb.sh | 2 +- .../workflows/release-reusable-rc-buid.yml | 54 +++++++++++++++---- 2 files changed, 44 insertions(+), 12 deletions(-) diff --git a/.github/scripts/release/build-deb.sh b/.github/scripts/release/build-deb.sh index 911c6545ca431..13d5de63e583a 100755 --- a/.github/scripts/release/build-deb.sh +++ b/.github/scripts/release/build-deb.sh @@ -12,4 +12,4 @@ cargo deb --profile $PROFILE --no-strip --no-build -p $PRODUCT deb=target/debian/$PRODUCT_*_amd64.deb -cp $deb /artifacts/$PRODUCT/ +cp $deb target/production/$PRODUCT/ diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index dc7d52d4d49b5..9fdea6b34cfa8 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -139,11 +139,11 @@ jobs: check_gpg ${{ matrix.binaries }} - - name: Build polkadot deb package - if: ${{ matrix.binaries == 'polkadot' }} - shell: bash - run: | - . "${GITHUB_WORKSPACE}"/.github/scripts/release/build-deb.sh ${{ matrix.binaries }} + # - name: Build polkadot deb package + # if: ${{ matrix.binaries == 'polkadot' }} + # shell: bash + # run: | + # . "${GITHUB_WORKSPACE}"/.github/scripts/release/build-deb.sh ${{ matrix.binaries }} - name: Upload ${{ matrix.binaries }} artifacts @@ -152,6 +152,38 @@ jobs: name: ${{ matrix.binaries }} path: /artifacts/${{ matrix.binaries }} + build-polkadot-deb-package: + if: ${{ inputs.package == 'polkadot' }} + needs: [build-rc] + runs-on: ubuntu-latest + + steps: + - name: Checkout sources + uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 + with: + ref: ${{ inputs.release_tag }} + fetch-depth: 0 + + - name: Download artifacts + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + path: target/production/${{ inputs.package }} + + - name: Debug + working-directory: target/production/${{ inputs.package }} + run: ls -la + + - name: Build polkadot deb package + shell: bash + run: | + . "${GITHUB_WORKSPACE}"/.github/scripts/release/build-deb.sh ${{ inputs.package }} + + - name: Upload ${{inputs.package }} artifacts + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + with: + name: ${{ inputs.package }} + path: target/production/${{ inputs.package }} + upload-artifacts-to-s3: needs: [build-rc] runs-on: ubuntu-latest @@ -159,9 +191,9 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} AWS_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - strategy: - matrix: - binaries: ${{ fromJson(inputs.binary) }} + # strategy: + # matrix: + # binaries: ${{ fromJson(inputs.binary) }} steps: - name: Checkout @@ -170,7 +202,7 @@ jobs: - name: Download artifacts uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: - path: artifacts/${{ matrix.binaries }} + path: artifacts/${{ inputs.package }} - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 @@ -179,9 +211,9 @@ jobs: aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} aws-region: ${{ env.AWS_REGION }} - - name: Upload ${{ matrix.binaries }} artifacts to s3 + - name: Upload ${{ inputs.package }} artifacts to s3 run: | . ./.github/scripts/release/release_lib.sh - upload_s3_release ${{ matrix.binaries }} ${{ inputs.release_tag }} + upload_s3_release ${{ inputs.package }} ${{ inputs.release_tag }} # - name: Upload artifacts to github release From 745ab135c057ea583b38f467b8a86cfb5ba4fd89 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Fri, 4 Oct 2024 14:22:05 +0200 Subject: [PATCH 34/58] Extract upload to s3 to reusable action --- .../workflows/release-reusable-rc-buid.yml | 68 ++++++------------- .../workflows/release-reusable-s3-upload.yml | 51 ++++++++++++++ 2 files changed, 73 insertions(+), 46 deletions(-) create mode 100644 .github/workflows/release-reusable-s3-upload.yml diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index 9fdea6b34cfa8..1de579f3b1616 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -1,23 +1,6 @@ name: RC Build on: - # workflow_dispatch: - # inputs: - # binary: - # description: Binary to be build for the release - # required: true - # default: polkadot - # type: choice - # options: - # - polkadot - # - polkadot-parachain - # - all - - # release_tag: - # description: Tag matching the actual release candidate with the format vX.XX.X-rcX or stableYYMM - # required: true - # type: string - workflow_call: inputs: binary: @@ -184,36 +167,29 @@ jobs: name: ${{ inputs.package }} path: target/production/${{ inputs.package }} - upload-artifacts-to-s3: - needs: [build-rc] - runs-on: ubuntu-latest - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} - AWS_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - # strategy: - # matrix: - # binaries: ${{ fromJson(inputs.binary) }} - - steps: - - name: Checkout - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 - - - name: Download artifacts - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - path: artifacts/${{ inputs.package }} + upload-polkadot-artifacts-to-s3: + if: ${{ inputs.package == 'polkadot' }} + needs: [build-polkadot-deb-package] + uses: ./.github/workflows/release-reusable-s3-upload.yml + with: + package: ${{ inputs.package }} + release_tag: ${{ inputs.release_tag }} + secrets: + AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} + AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} + AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 - with: - aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ env.AWS_REGION }} - - name: Upload ${{ inputs.package }} artifacts to s3 - run: | - . ./.github/scripts/release/release_lib.sh - upload_s3_release ${{ inputs.package }} ${{ inputs.release_tag }} + upload-polkadot-parachain-artifacts-to-s3: + if: ${{ inputs.package == 'polkadot-parachain-bin' }} + needs: [build-rc] + uses: ./.github/workflows/release-reusable-s3-upload.yml + with: + package: ${{ inputs.package }} + release_tag: ${{ inputs.release_tag }} + secrets: + AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} + AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} + AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} # - name: Upload artifacts to github release diff --git a/.github/workflows/release-reusable-s3-upload.yml b/.github/workflows/release-reusable-s3-upload.yml new file mode 100644 index 0000000000000..e8f8bf613014f --- /dev/null +++ b/.github/workflows/release-reusable-s3-upload.yml @@ -0,0 +1,51 @@ +name: Upload to s3 + +on: + workflow_call: + inputs: + package: + description: Package to be built, for now is either polkadot or polkadot-parachain-bin + required: true + type: string + + release_tag: + description: Tag matching the actual release candidate with the format stableYYMM-rcX or stableYYMM-rcX + required: true + type: string + + secrets: + AWS_DEFAULT_REGION: + required: true + AWS_RELEASE_ACCESS_KEY_ID: + required: true + AWS_RELEASE_SECRET_ACCESS_KEY: + required: true + +jobs: + upload-artifacts-to-s3: + runs-on: ubuntu-latest + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} + AWS_REGION: ${{ secrets.AWS_DEFAULT_REGION }} + + steps: + - name: Checkout + uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 + + - name: Download artifacts + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + path: artifacts/${{ inputs.package }} + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + with: + aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ env.AWS_REGION }} + + - name: Upload ${{ inputs.package }} artifacts to s3 + run: | + . ./.github/scripts/release/release_lib.sh + upload_s3_release ${{ inputs.package }} ${{ inputs.release_tag }} From d9a17f171a7cfa776cec042c6cc8d5b19aa94661 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Fri, 4 Oct 2024 14:23:51 +0200 Subject: [PATCH 35/58] change rc release_tg description --- .github/workflows/release-build-rc.yml | 2 +- .github/workflows/release-reusable-rc-buid.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-build-rc.yml b/.github/workflows/release-build-rc.yml index 49041010dc0aa..68369a87c7a10 100644 --- a/.github/workflows/release-build-rc.yml +++ b/.github/workflows/release-build-rc.yml @@ -13,7 +13,7 @@ on: - all release_tag: - description: Tag matching the actual release candidate with the format vX.XX.X-rcX or stableYYMM + description: Tag matching the actual release candidate with the format stableYYMM-rcX or stableYYMM type: string jobs: diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index 1de579f3b1616..0fd6f7386d6f9 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -15,7 +15,7 @@ on: type: string release_tag: - description: Tag matching the actual release candidate with the format vX.XX.X-rcX or stableYYMM + description: Tag matching the actual release candidate with the format stableYYMM-rcX or stableYYMM required: true type: string From 04eeafe0d604fd98518604b58abbc014da0b9579 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Fri, 4 Oct 2024 14:45:19 +0200 Subject: [PATCH 36/58] roll back the checkout action version --- .github/workflows/release-reusable-rc-buid.yml | 6 +++--- .github/workflows/release-reusable-s3-upload.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index 0fd6f7386d6f9..e59d8d6977a46 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -46,7 +46,7 @@ jobs: IMAGE: ${{ steps.set_image.outputs.IMAGE }} steps: - name: Checkout - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - id: set_image run: cat .github/env >> $GITHUB_OUTPUT @@ -74,7 +74,7 @@ jobs: which pgpkms - name: Checkout sources - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ inputs.release_tag }} fetch-depth: 0 @@ -142,7 +142,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ inputs.release_tag }} fetch-depth: 0 diff --git a/.github/workflows/release-reusable-s3-upload.yml b/.github/workflows/release-reusable-s3-upload.yml index e8f8bf613014f..7472f37a6355e 100644 --- a/.github/workflows/release-reusable-s3-upload.yml +++ b/.github/workflows/release-reusable-s3-upload.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Download artifacts uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 From 54fac326e753c7652a0b8d8da41bb488bd84ef63 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Fri, 4 Oct 2024 15:02:14 +0200 Subject: [PATCH 37/58] updet checkout action to 4.2.0 --- .github/workflows/release-reusable-rc-buid.yml | 6 +++--- .github/workflows/release-reusable-s3-upload.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index e59d8d6977a46..7d9cca76c383e 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -46,7 +46,7 @@ jobs: IMAGE: ${{ steps.set_image.outputs.IMAGE }} steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - id: set_image run: cat .github/env >> $GITHUB_OUTPUT @@ -74,7 +74,7 @@ jobs: which pgpkms - name: Checkout sources - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: ref: ${{ inputs.release_tag }} fetch-depth: 0 @@ -142,7 +142,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: ref: ${{ inputs.release_tag }} fetch-depth: 0 diff --git a/.github/workflows/release-reusable-s3-upload.yml b/.github/workflows/release-reusable-s3-upload.yml index 7472f37a6355e..4841392c278fc 100644 --- a/.github/workflows/release-reusable-s3-upload.yml +++ b/.github/workflows/release-reusable-s3-upload.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Download artifacts uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 From 514cb5300bd800cc65105b2511d8fd315a676345 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Fri, 4 Oct 2024 15:09:46 +0200 Subject: [PATCH 38/58] add GITHUB_WORKSPACE to the git safe.directory --- .github/workflows/release-reusable-rc-buid.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index 7d9cca76c383e..6f25546828a23 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -159,6 +159,7 @@ jobs: - name: Build polkadot deb package shell: bash run: | + git config --global --add safe.directory "${GITHUB_WORKSPACE}" #avoid "detected dubious ownership" . "${GITHUB_WORKSPACE}"/.github/scripts/release/build-deb.sh ${{ inputs.package }} - name: Upload ${{inputs.package }} artifacts From c7792cddc3cdcc4e13c3e91ae0966544f148417e Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Fri, 4 Oct 2024 15:15:44 +0200 Subject: [PATCH 39/58] put git config in the right place --- .github/workflows/release-reusable-rc-buid.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index 6f25546828a23..6a4ee114e9244 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -95,6 +95,7 @@ jobs: # echo "Test" >> ${{ matrix.binaries }}.txt # sha256sum "${{ matrix.binaries }}.txt" | tee "${{ matrix.binaries }}.sha256" + git config --global --add safe.directory "${GITHUB_WORKSPACE}" #avoid "detected dubious ownership" error ./.github/scripts/release/build-linux-release.sh ${{ matrix.binaries }} ${{ inputs.package }} - name: Sign artifacts @@ -159,7 +160,6 @@ jobs: - name: Build polkadot deb package shell: bash run: | - git config --global --add safe.directory "${GITHUB_WORKSPACE}" #avoid "detected dubious ownership" . "${GITHUB_WORKSPACE}"/.github/scripts/release/build-deb.sh ${{ inputs.package }} - name: Upload ${{inputs.package }} artifacts From a5a7ebbe6e2f214e7d70e6a3b46779cf21f86f7b Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Fri, 4 Oct 2024 15:20:21 +0200 Subject: [PATCH 40/58] test --- .github/scripts/release/build-linux-release.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/release/build-linux-release.sh b/.github/scripts/release/build-linux-release.sh index 2f0be48e68c0a..7ca62d90a65c5 100755 --- a/.github/scripts/release/build-linux-release.sh +++ b/.github/scripts/release/build-linux-release.sh @@ -3,7 +3,7 @@ # This is used to build our binaries: # - polkadot # - polkadot-parachain -set -e +# set -e BIN=$1 PACKAGE=${2:-$BIN} From 666bd52eba51f632f04f3c873a5442d5486eb2dc Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Fri, 4 Oct 2024 16:38:51 +0200 Subject: [PATCH 41/58] add path to the deb build --- .github/workflows/release-reusable-rc-buid.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index 6a4ee114e9244..44141e75a980d 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -158,6 +158,7 @@ jobs: run: ls -la - name: Build polkadot deb package + working-directory: target/production/${{ inputs.package }} shell: bash run: | . "${GITHUB_WORKSPACE}"/.github/scripts/release/build-deb.sh ${{ inputs.package }} From eab78f4c372d553044e1e4798f20c8928fcc6801 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Fri, 4 Oct 2024 17:06:58 +0200 Subject: [PATCH 42/58] debug --- .github/workflows/release-reusable-rc-buid.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index 44141e75a980d..36507649a87ad 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -155,12 +155,15 @@ jobs: - name: Debug working-directory: target/production/${{ inputs.package }} - run: ls -la + run: | + pwd + ls -la - name: Build polkadot deb package working-directory: target/production/${{ inputs.package }} shell: bash run: | + pwd . "${GITHUB_WORKSPACE}"/.github/scripts/release/build-deb.sh ${{ inputs.package }} - name: Upload ${{inputs.package }} artifacts From 795c5867908e2185fc2d8ec9eba17aacb5678a41 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Fri, 4 Oct 2024 18:28:25 +0200 Subject: [PATCH 43/58] debug --- .github/workflows/release-reusable-rc-buid.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index 36507649a87ad..b970a9b41d79f 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -160,9 +160,14 @@ jobs: ls -la - name: Build polkadot deb package - working-directory: target/production/${{ inputs.package }} + #working-directory: target/production/${{ inputs.package }} shell: bash run: | + echo "What is in working directory: " + ls -la + + echo "What is in the target: " + ls -la target/production/${{ inputs.package }} pwd . "${GITHUB_WORKSPACE}"/.github/scripts/release/build-deb.sh ${{ inputs.package }} From 78e9df26ffaf1d97cf905089987305245ad82889 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Mon, 7 Oct 2024 09:25:39 +0200 Subject: [PATCH 44/58] test download with merge-multiple --- .github/workflows/release-reusable-rc-buid.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index b970a9b41d79f..6785118ca8cc5 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -152,6 +152,7 @@ jobs: uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: path: target/production/${{ inputs.package }} + merge-multiple: true - name: Debug working-directory: target/production/${{ inputs.package }} From dfba403890c0309f2d8c379ebd6fd2f1331ca8b3 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Mon, 7 Oct 2024 10:40:39 +0200 Subject: [PATCH 45/58] change path to artifacts in target --- .github/workflows/release-reusable-rc-buid.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index 6785118ca8cc5..5f59190f35228 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -151,24 +151,23 @@ jobs: - name: Download artifacts uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: - path: target/production/${{ inputs.package }} + path: target/production merge-multiple: true - name: Debug - working-directory: target/production/${{ inputs.package }} + working-directory: target/production run: | pwd ls -la - name: Build polkadot deb package - #working-directory: target/production/${{ inputs.package }} shell: bash run: | echo "What is in working directory: " ls -la echo "What is in the target: " - ls -la target/production/${{ inputs.package }} + ls -la target/production pwd . "${GITHUB_WORKSPACE}"/.github/scripts/release/build-deb.sh ${{ inputs.package }} @@ -176,7 +175,7 @@ jobs: uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: ${{ inputs.package }} - path: target/production/${{ inputs.package }} + path: target/production upload-polkadot-artifacts-to-s3: if: ${{ inputs.package == 'polkadot' }} From 4e2bb0a499fc3271872c5688a2ebf1b40cb04112 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Mon, 7 Oct 2024 11:40:51 +0200 Subject: [PATCH 46/58] fix in build-deb.sh script --- .github/scripts/release/build-deb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/release/build-deb.sh b/.github/scripts/release/build-deb.sh index 13d5de63e583a..646ad3384a33f 100755 --- a/.github/scripts/release/build-deb.sh +++ b/.github/scripts/release/build-deb.sh @@ -12,4 +12,4 @@ cargo deb --profile $PROFILE --no-strip --no-build -p $PRODUCT deb=target/debian/$PRODUCT_*_amd64.deb -cp $deb target/production/$PRODUCT/ +cp $deb target/production/ From f5b112a6ccf2e15057a2c30457ebaa8d87a13dfc Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Mon, 7 Oct 2024 13:59:26 +0200 Subject: [PATCH 47/58] adjust uplod with deb --- .github/workflows/release-reusable-rc-buid.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index 5f59190f35228..c890812e6d9ef 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -176,6 +176,7 @@ jobs: with: name: ${{ inputs.package }} path: target/production + overwrite: true upload-polkadot-artifacts-to-s3: if: ${{ inputs.package == 'polkadot' }} From b99fed18638385bd0f743effc89175586f95f892 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Mon, 7 Oct 2024 15:26:00 +0200 Subject: [PATCH 48/58] add attestaion --- .github/workflows/release-reusable-rc-buid.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index c890812e6d9ef..dccda8f5f94e1 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -35,6 +35,11 @@ on: AWS_RELEASE_SECRET_ACCESS_KEY: required: true +permissions: + id-token: write + contents: read + attestations: write + jobs: set-image: @@ -98,6 +103,11 @@ jobs: git config --global --add safe.directory "${GITHUB_WORKSPACE}" #avoid "detected dubious ownership" error ./.github/scripts/release/build-linux-release.sh ${{ matrix.binaries }} ${{ inputs.package }} + - name: Generate artifact attestation + uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 + with: + subject-path: /artifacts/${{ matrix.binaries }}/${{ matrix.binaries }} + - name: Sign artifacts working-directory: /artifacts/${{ matrix.binaries }} run: | @@ -171,6 +181,11 @@ jobs: pwd . "${GITHUB_WORKSPACE}"/.github/scripts/release/build-deb.sh ${{ inputs.package }} + - name: Generate artifact attestation + uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 + with: + subject-path: target/production/*.deb + - name: Upload ${{inputs.package }} artifacts uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: From 87e0a6e73d87e142b454faafa091d712f44a5330 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Mon, 7 Oct 2024 15:27:37 +0200 Subject: [PATCH 49/58] download only specific artifacts for s3 upload --- .github/workflows/release-reusable-s3-upload.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release-reusable-s3-upload.yml b/.github/workflows/release-reusable-s3-upload.yml index 4841392c278fc..49a3fbe549848 100644 --- a/.github/workflows/release-reusable-s3-upload.yml +++ b/.github/workflows/release-reusable-s3-upload.yml @@ -36,6 +36,7 @@ jobs: - name: Download artifacts uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: + name: ${{ inputs.package }} path: artifacts/${{ inputs.package }} - name: Configure AWS Credentials From e7c96cfb24d7aebb2933f76773c1e4d032df67ed Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Tue, 8 Oct 2024 10:06:14 +0200 Subject: [PATCH 50/58] cleanup --- .github/scripts/release/build-deb.sh | 3 +- .github/workflows/release-build-rc.yml | 2 -- .../workflows/release-reusable-rc-buid.yml | 35 ++----------------- 3 files changed, 4 insertions(+), 36 deletions(-) diff --git a/.github/scripts/release/build-deb.sh b/.github/scripts/release/build-deb.sh index 646ad3384a33f..204e8c315eb0e 100755 --- a/.github/scripts/release/build-deb.sh +++ b/.github/scripts/release/build-deb.sh @@ -2,13 +2,14 @@ set -e PRODUCT=$1 +VERSION=$2 PROFILE=${PROFILE:-production} cargo install cargo-deb echo "Using cargo-deb v$(cargo-deb --version)" echo "Building a Debian package for '$PRODUCT' in '$PROFILE' profile" -cargo deb --profile $PROFILE --no-strip --no-build -p $PRODUCT +cargo deb --profile $PROFILE --no-strip --no-build -p $PRODUCT --deb-version $VERSION deb=target/debian/$PRODUCT_*_amd64.deb diff --git a/.github/workflows/release-build-rc.yml b/.github/workflows/release-build-rc.yml index 68369a87c7a10..38aa9f89d106b 100644 --- a/.github/workflows/release-build-rc.yml +++ b/.github/workflows/release-build-rc.yml @@ -54,5 +54,3 @@ jobs: AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} - -# - name: Upload artifacts to github release diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index dccda8f5f94e1..acd458ec14bfe 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -74,7 +74,7 @@ jobs: steps: - name: Install pgpkkms run: | - # Install pgpkms that is used to sign build artifacts + # Install pgpkms that is used to sign built artifacts python3 -m pip install "pgpkms @ git+https://github.com/paritytech-release/pgpkms.git@5a8f82fbb607ea102d8c178e761659de54c7af69" which pgpkms @@ -93,13 +93,6 @@ jobs: - name: Build binary run: | - # ARTIFACTS=/artifacts/${{ matrix.binaries }} - # echo "Artifacts will be copied into $ARTIFACTS" - # mkdir -p "$ARTIFACTS" - # cd $ARTIFACTS - # echo "Test" >> ${{ matrix.binaries }}.txt - # sha256sum "${{ matrix.binaries }}.txt" | tee "${{ matrix.binaries }}.sha256" - git config --global --add safe.directory "${GITHUB_WORKSPACE}" #avoid "detected dubious ownership" error ./.github/scripts/release/build-linux-release.sh ${{ matrix.binaries }} ${{ inputs.package }} @@ -113,9 +106,6 @@ jobs: run: | python3 -m pgpkms sign --input ${{matrix.binaries }} -o ${{ matrix.binaries }}.asc - # python3 -m pgpkms sign --input ${{ matrix.binaries }}.txt -o ${{ matrix.binaries }}.asc - ls -la - - name: Check sha256 ${{ matrix.binaries }} working-directory: /artifacts/${{ matrix.binaries }} shell: bash @@ -133,13 +123,6 @@ jobs: check_gpg ${{ matrix.binaries }} - # - name: Build polkadot deb package - # if: ${{ matrix.binaries == 'polkadot' }} - # shell: bash - # run: | - # . "${GITHUB_WORKSPACE}"/.github/scripts/release/build-deb.sh ${{ matrix.binaries }} - - - name: Upload ${{ matrix.binaries }} artifacts uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: @@ -164,22 +147,10 @@ jobs: path: target/production merge-multiple: true - - name: Debug - working-directory: target/production - run: | - pwd - ls -la - - name: Build polkadot deb package shell: bash run: | - echo "What is in working directory: " - ls -la - - echo "What is in the target: " - ls -la target/production - pwd - . "${GITHUB_WORKSPACE}"/.github/scripts/release/build-deb.sh ${{ inputs.package }} + . "${GITHUB_WORKSPACE}"/.github/scripts/release/build-deb.sh ${{ inputs.package }} ${{ inputs.release_tag }} - name: Generate artifact attestation uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 @@ -217,5 +188,3 @@ jobs: AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} - -# - name: Upload artifacts to github release From 91bfeab9901437cf97e7b4a1e176be2751fa424b Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Tue, 8 Oct 2024 14:32:57 +0200 Subject: [PATCH 51/58] add input validation and environments --- .github/workflows/release-build-rc.yml | 28 ++++++++++++++++--- .../workflows/release-reusable-rc-buid.yml | 3 +- .../workflows/release-reusable-s3-upload.yml | 1 + 3 files changed, 27 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release-build-rc.yml b/.github/workflows/release-build-rc.yml index 38aa9f89d106b..2e287f036cc67 100644 --- a/.github/workflows/release-build-rc.yml +++ b/.github/workflows/release-build-rc.yml @@ -21,14 +21,33 @@ jobs: # check-workflow-can-run: # uses: paritytech-release/sync-workflows/.github/workflows/check-syncronization.yml@latest - build-polkadot-binary: + validate-inputs: # needs: [check-workflow-can-run] + runs-on: ubuntu-latest + outputs: + release_tag: ${{ steps.validate_inputs.outputs.release_tag }} + + steps: + - name: Checkout sources + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + + - name: Validate inputs + id: validate_inputs + run: | + . ./.github/scripts/common/lib.sh + + RELEASE_TAG=$(validate_stable_tag ${{ inputs.release_tag }}) + echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT + + build-polkadot-binary: + # needs: [check-workflow-can-run, validate-inputs] + needs: [validate-inputs] if: ${{ inputs.binary == 'polkadot' || inputs.binary == 'all' }} uses: "./.github/workflows/release-reusable-rc-buid.yml" with: binary: '["polkadot", "polkadot-prepare-worker", "polkadot-execute-worker"]' package: polkadot - release_tag: ${{ inputs.release_tag }} + release_tag: ${{ needs.validate-inputs.outputs.release_tag }} secrets: PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }} PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }} @@ -39,13 +58,14 @@ jobs: AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} build-polkadot-parachain-binary: - # needs: [check-workflow-can-run] + # needs: [check-workflow-can-run, validate-inputs] + needs: [validate-inputs] if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'all' }} uses: "./.github/workflows/release-reusable-rc-buid.yml" with: binary: '["polkadot-parachain"]' package: "polkadot-parachain-bin" - release_tag: ${{ inputs.release_tag }} + release_tag: ${{ needs.validate-inputs.outputs.release_tag }} secrets: PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }} PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }} diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index acd458ec14bfe..6916e98522710 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -59,6 +59,7 @@ jobs: build-rc: needs: [set-image] runs-on: ubuntu-latest + environment: release container: image: ${{ needs.set-image.outputs.IMAGE }} strategy: @@ -182,7 +183,7 @@ jobs: needs: [build-rc] uses: ./.github/workflows/release-reusable-s3-upload.yml with: - package: ${{ inputs.package }} + package: ${{ inputs.binary }} release_tag: ${{ inputs.release_tag }} secrets: AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} diff --git a/.github/workflows/release-reusable-s3-upload.yml b/.github/workflows/release-reusable-s3-upload.yml index 49a3fbe549848..6776b78da8e66 100644 --- a/.github/workflows/release-reusable-s3-upload.yml +++ b/.github/workflows/release-reusable-s3-upload.yml @@ -24,6 +24,7 @@ on: jobs: upload-artifacts-to-s3: runs-on: ubuntu-latest + environment: release env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} From f599fd27f3151e13ff08a1bcdc32ead3d9c418a0 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Tue, 8 Oct 2024 14:44:48 +0200 Subject: [PATCH 52/58] activate check-workflow-can-run --- .github/workflows/release-build-rc.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release-build-rc.yml b/.github/workflows/release-build-rc.yml index 2e287f036cc67..123e5be17f1ce 100644 --- a/.github/workflows/release-build-rc.yml +++ b/.github/workflows/release-build-rc.yml @@ -17,12 +17,11 @@ on: type: string jobs: - # TODO: Activate this job when the pipeline is moved to the fork in the `paritytech-release` org - # check-workflow-can-run: - # uses: paritytech-release/sync-workflows/.github/workflows/check-syncronization.yml@latest + check-workflow-can-run: + uses: paritytech-release/sync-workflows/.github/workflows/check-syncronization.yml@latest validate-inputs: - # needs: [check-workflow-can-run] + needs: [check-workflow-can-run] runs-on: ubuntu-latest outputs: release_tag: ${{ steps.validate_inputs.outputs.release_tag }} @@ -40,7 +39,6 @@ jobs: echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT build-polkadot-binary: - # needs: [check-workflow-can-run, validate-inputs] needs: [validate-inputs] if: ${{ inputs.binary == 'polkadot' || inputs.binary == 'all' }} uses: "./.github/workflows/release-reusable-rc-buid.yml" @@ -58,7 +56,6 @@ jobs: AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} build-polkadot-parachain-binary: - # needs: [check-workflow-can-run, validate-inputs] needs: [validate-inputs] if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'all' }} uses: "./.github/workflows/release-reusable-rc-buid.yml" From 91103f94203fe3b4ff2407042d368debafa1dac6 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Tue, 8 Oct 2024 15:07:40 +0200 Subject: [PATCH 53/58] fix check sync --- .github/workflows/release-build-rc.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-build-rc.yml b/.github/workflows/release-build-rc.yml index 123e5be17f1ce..2fb4d7d079b8d 100644 --- a/.github/workflows/release-build-rc.yml +++ b/.github/workflows/release-build-rc.yml @@ -17,11 +17,12 @@ on: type: string jobs: - check-workflow-can-run: + check-synchronization: uses: paritytech-release/sync-workflows/.github/workflows/check-syncronization.yml@latest validate-inputs: - needs: [check-workflow-can-run] + needs: [check-synchronization] + if: ${{ needs.check-synchronization.outputs.checks_passed }} == 'true' runs-on: ubuntu-latest outputs: release_tag: ${{ steps.validate_inputs.outputs.release_tag }} From 31f52de75666f571a265fdf33d8466beb10830d6 Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Tue, 8 Oct 2024 15:11:42 +0200 Subject: [PATCH 54/58] replace tag with branch --- .github/workflows/release-build-rc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-build-rc.yml b/.github/workflows/release-build-rc.yml index 2fb4d7d079b8d..5c25e3c749b8b 100644 --- a/.github/workflows/release-build-rc.yml +++ b/.github/workflows/release-build-rc.yml @@ -18,7 +18,7 @@ on: jobs: check-synchronization: - uses: paritytech-release/sync-workflows/.github/workflows/check-syncronization.yml@latest + uses: paritytech-release/sync-workflows/.github/workflows/check-syncronization.yml@main validate-inputs: needs: [check-synchronization] From 025c5a61710ac6110b078d33aa96731f7eb5d37c Mon Sep 17 00:00:00 2001 From: Egor_P Date: Tue, 8 Oct 2024 15:36:54 +0200 Subject: [PATCH 55/58] use cargo-deb with particular version Co-authored-by: Oliver Tale-Yazdi --- .github/scripts/release/build-deb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/release/build-deb.sh b/.github/scripts/release/build-deb.sh index 204e8c315eb0e..8dce621bb4def 100755 --- a/.github/scripts/release/build-deb.sh +++ b/.github/scripts/release/build-deb.sh @@ -5,7 +5,7 @@ PRODUCT=$1 VERSION=$2 PROFILE=${PROFILE:-production} -cargo install cargo-deb +cargo install --version 2.7.0 cargo-deb --locked -q echo "Using cargo-deb v$(cargo-deb --version)" echo "Building a Debian package for '$PRODUCT' in '$PROFILE' profile" From eb34aecc99b38fe30960ce9ad959973f684cf72d Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Wed, 9 Oct 2024 10:19:35 +0200 Subject: [PATCH 56/58] address PR comments --- .github/scripts/release/build-linux-release.sh | 1 - .github/workflows/release-reusable-rc-buid.yml | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/scripts/release/build-linux-release.sh b/.github/scripts/release/build-linux-release.sh index 7ca62d90a65c5..a6bd658d292a6 100755 --- a/.github/scripts/release/build-linux-release.sh +++ b/.github/scripts/release/build-linux-release.sh @@ -9,7 +9,6 @@ BIN=$1 PACKAGE=${2:-$BIN} PROFILE=${PROFILE:-production} -RUST_TOOLCHAIN=stable ARTIFACTS=/artifacts/$BIN VERSION=$(git tag -l --contains HEAD | grep -E "^v.*") diff --git a/.github/workflows/release-reusable-rc-buid.yml b/.github/workflows/release-reusable-rc-buid.yml index 6916e98522710..2aee9dc995b18 100644 --- a/.github/workflows/release-reusable-rc-buid.yml +++ b/.github/workflows/release-reusable-rc-buid.yml @@ -114,7 +114,7 @@ jobs: . "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh echo "Checking binary ${{ matrix.binaries }}" - check_sha256 ${{ matrix.binaries }} && echo "OK" || echo "ERR" + check_sha256 ${{ matrix.binaries }} - name: Check GPG ${{ matrix.binaries }} working-directory: /artifacts/${{ matrix.binaries }} From 66a89c3cbe93e07fe171fff63445292cfdbff78e Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Wed, 9 Oct 2024 14:38:21 +0200 Subject: [PATCH 57/58] fix deb version --- .github/scripts/release/build-deb.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/scripts/release/build-deb.sh b/.github/scripts/release/build-deb.sh index 8dce621bb4def..6cb833f98a4e4 100755 --- a/.github/scripts/release/build-deb.sh +++ b/.github/scripts/release/build-deb.sh @@ -9,7 +9,8 @@ cargo install --version 2.7.0 cargo-deb --locked -q echo "Using cargo-deb v$(cargo-deb --version)" echo "Building a Debian package for '$PRODUCT' in '$PROFILE' profile" -cargo deb --profile $PROFILE --no-strip --no-build -p $PRODUCT --deb-version $VERSION +# we need to start the custom version with a didgit as requires it cargo-deb +cargo deb --profile $PROFILE --no-strip --no-build -p $PRODUCT --deb-version 1-$VERSION deb=target/debian/$PRODUCT_*_amd64.deb From 3c52c45681709c6cf366d7f696554bc3d8d47cde Mon Sep 17 00:00:00 2001 From: EgorPopelyaev Date: Wed, 9 Oct 2024 16:09:13 +0200 Subject: [PATCH 58/58] change if --- .github/workflows/release-build-rc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-build-rc.yml b/.github/workflows/release-build-rc.yml index 5c25e3c749b8b..0ba8de05bddaf 100644 --- a/.github/workflows/release-build-rc.yml +++ b/.github/workflows/release-build-rc.yml @@ -22,7 +22,7 @@ jobs: validate-inputs: needs: [check-synchronization] - if: ${{ needs.check-synchronization.outputs.checks_passed }} == 'true' + if: needs.check-synchronization.outputs.checks_passed == 'true' runs-on: ubuntu-latest outputs: release_tag: ${{ steps.validate_inputs.outputs.release_tag }}