feature/kip-87 -> release/v0.4.49 #871
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build, Release & Publish | |
on: | |
push: | |
branches: [ release/v*.*.*, feature/*, master, dev, latest, testnet-*, mainnet-*, kira-* ] | |
pull_request: | |
branches: [ release/v*.*.*, bugfix/*, master, dev, latest, testnet-*, mainnet-*, kira-* ] | |
jobs: | |
build: | |
name: Repo Build | |
runs-on: ubuntu-20.04 | |
permissions: | |
contents: read | |
packages: write | |
id-token: write | |
pull-requests: write | |
container: | |
image: ghcr.io/kiracore/docker/base-image:v0.13.5 | |
steps: | |
# Work around https://github.com/actions/checkout/issues/760 | |
- name: Add safe.directory | |
run: | | |
git config --global --add safe.directory /github/workspace | |
git config --global --add safe.directory $PWD | |
# ref.: https://github.com/actions/checkout, v3.0.0 | |
- name: Checkout repository | |
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 | |
- name: Extract branch name on push | |
if: github.event_name == 'push' | |
shell: bash | |
run: | | |
echo "SOURCE_BRANCH=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV | |
echo "DESTINATION_BRANCH=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV | |
- name: Extract branch name on pull request | |
if: github.event_name == 'pull_request' | |
env: | |
REF_BRANCH: ${{ github.event.pull_request.head.ref }} | |
BASE_REF_BRANCH: ${{ github.base_ref }} | |
shell: bash | |
run: | | |
echo "SOURCE_BRANCH=$(echo ${{ env.REF_BRANCH }})" >> $GITHUB_ENV | |
echo "DESTINATION_BRANCH=$(echo ${{ env.BASE_REF_BRANCH }})" >> $GITHUB_ENV | |
- name: Organizing environment variables & archiving source code | |
run: | | |
WORK_DIR=$PWD | |
BASE_DIR=$(basename "$WORK_DIR") | |
cd ../ && tar -czvf src.tar.gz -C ./$BASE_DIR . && cp ./src.tar.gz ./$BASE_DIR/src.tar.gz && cd ./$BASE_DIR | |
echo "(current dir): $PWD" && ls -l ./ | |
chmod -Rv 555 ./scripts | |
RELEASE_VER="$(./scripts/version.sh)" && echo "RELEASE_VER=$RELEASE_VER" >> $GITHUB_ENV | |
RELEASE_BRANCH="release/$RELEASE_VER" && echo "RELEASE_BRANCH=$RELEASE_BRANCH" >> $GITHUB_ENV | |
REPOSITORY_NAME="${{ github.event.repository.name }}" && echo "REPOSITORY_NAME=$REPOSITORY_NAME" >> $GITHUB_ENV | |
git ls-remote https://github.com/kiracore/$REPOSITORY_NAME | egrep -q "refs/tags/${RELEASE_VER}$" && echo "RELEASE_EXISTS=true" >> $GITHUB_ENV || echo "RELEASE_EXISTS=false" >> $GITHUB_ENV | |
if [[ "$RELEASE_VER" =~ $VERSION_REGEX ]] && [[ "$SOURCE_BRANCH" =~ $VERSION_REGEX ]] && [ "$SOURCE_BRANCH" != "$RELEASE_VER" ] ; then | |
echo "ERROR: Version branch name MUST be the same as the app version, run scripts/version.sh to check app version!" | |
exit 1 | |
else | |
echo "INFO: Variables setup succeeded" | |
fi | |
- name: Print debug data before testing | |
run: | | |
. /etc/profile | |
go version | |
echo "Bash Utils Version: $(bashUtilsVersion)" | |
echo " Source branch: ${{ env.SOURCE_BRANCH }}" | |
echo "Destination branch: ${{ env.DESTINATION_BRANCH }}" | |
echo " Release branch: ${{ env.RELEASE_BRANCH }}" | |
echo " Event name: ${{ github.event_name }}" | |
echo " Repository name: ${{ env.REPOSITORY_NAME }}" | |
echo " Release version: ${{ env.RELEASE_VER }}" | |
echo " Release exists: ${{ env.RELEASE_EXISTS }}" | |
- name: Installing INTERX | |
run: | | |
echo "(current dir): $PWD" && ls -l ./ | |
chmod -Rv 555 ./scripts | |
make install | |
interxd version | |
- name: Launching tests... | |
run: | | |
echo "(current dir): $PWD" && ls -l ./ | |
chmod -Rv 555 ./scripts | |
make test | |
- name: Launching integration tests... | |
run: | | |
echo "(current dir): $PWD" && ls -l ./ | |
chmod -Rv 555 ./scripts | |
make test-local | |
- name: Publishing INTERX binaries | |
shell: bash | |
run: | | |
make publish | |
touch ./RELEASE.md | |
cp -fv ./RELEASE.md ./bin/RELEASE.md | |
cp -fv ./src.tar.gz ./bin/source-code.tar.gz | |
chmod -Rv 777 ./bin | |
echo -e "\n\r\n\r\`\`\`" >> ./bin/RELEASE.md | |
echo -e " Release Versions: $RELEASE_VER" >> ./bin/RELEASE.md | |
echo -e " Release Date Time: $(date --rfc-2822)" >> ./bin/RELEASE.md | |
echo " interx-darwin-amd64.deb: sha256:$(sha256sum ./bin/interx-darwin-amd64.deb | awk '{ print $1 }')" >> ./bin/RELEASE.md | |
echo " interx-darwin-arm64.deb: sha256:$(sha256sum ./bin/interx-darwin-arm64.deb | awk '{ print $1 }')" >> ./bin/RELEASE.md | |
echo " interx-linux-amd64.deb: sha256:$(sha256sum ./bin/interx-linux-amd64.deb | awk '{ print $1 }')" >> ./bin/RELEASE.md | |
echo " interx-linux-arm64.deb: sha256:$(sha256sum ./bin/interx-linux-arm64.deb | awk '{ print $1 }')" >> ./bin/RELEASE.md | |
echo " source-code.tar.gz: sha256:$(sha256sum ./bin/source-code.tar.gz | awk '{ print $1 }')" >> ./bin/RELEASE.md | |
echo -e "\`\`\`" >> ./bin/RELEASE.md | |
tar -czvf deb.tar.gz -C ./bin . | |
- name: Uploading artifacts | |
uses: actions/[email protected] | |
with: | |
name: interx-bin-deb | |
path: ./deb.tar.gz | |
release: | |
name: Create Release | |
runs-on: ubuntu-20.04 | |
needs: [build] | |
permissions: | |
contents: write | |
packages: write | |
id-token: write | |
pull-requests: write | |
steps: | |
# Install the cosign tool | |
# ref.: https://github.com/sigstore/cosign-installer, v3.2.0 | |
- name: Install cosign | |
uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 | |
with: | |
cosign-release: 'v2.0.0' | |
- name: Confirm installation! | |
run: cosign version | |
- name: Download artifacts | |
uses: actions/[email protected] | |
with: | |
name: interx-bin-deb | |
- name: Inspecting & organizing artifacts | |
run: | | |
echo "(current dir): $PWD" && ls -l ./ | |
tar xvf ./deb.tar.gz | |
chmod -Rv 777 ./ | |
RELEASE_VER=$(cat ./RELEASE.md | tac | grep -Fn -m 1 'Release Versions: ' | rev | cut -d ":" -f1 | rev | xargs | tr -dc '[:alnum:]\-\.' || echo '') | |
echo "RELEASE_VER=$RELEASE_VER" >> $GITHUB_ENV | |
RELEASE_BRANCH="release/$RELEASE_VER" && echo "RELEASE_BRANCH=$RELEASE_BRANCH" >> $GITHUB_ENV | |
REPOSITORY_NAME="${{ github.event.repository.name }}" | |
echo "REPOSITORY_NAME=$REPOSITORY_NAME" >> $GITHUB_ENV | |
git ls-remote https://github.com/kiracore/$REPOSITORY_NAME | egrep -q "refs/tags/${RELEASE_VER}$" && echo "RELEASE_EXISTS=true" >> $GITHUB_ENV || echo "RELEASE_EXISTS=false" >> $GITHUB_ENV | |
[[ "$RELEASE_VER" == *"-rc"* ]] && echo "PRE_RELEASE=true" >> $GITHUB_ENV || echo "PRE_RELEASE=false" >> $GITHUB_ENV | |
# Branch name is also a version of the release | |
# ref: https://stackoverflow.com/questions/58033366/how-to-get-the-current-branch-within-github-actions | |
- name: Extract branch name on push | |
if: github.event_name == 'push' | |
shell: bash | |
run: | | |
echo "SOURCE_BRANCH=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV | |
echo "DESTINATION_BRANCH=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV | |
- name: Extract branch name on pull request | |
if: github.event_name == 'pull_request' | |
env: | |
REF_BRANCH: ${{ github.event.pull_request.head.ref }} | |
BASE_REF_BRANCH: ${{ github.base_ref }} | |
shell: bash | |
run: | | |
echo "SOURCE_BRANCH=$(echo ${{ env.REF_BRANCH }})" >> $GITHUB_ENV | |
echo "DESTINATION_BRANCH=$(echo ${{ env.BASE_REF_BRANCH }})" >> $GITHUB_ENV | |
- name: Print debug data before publishing | |
run: | | |
echo " Source branch: ${{ env.SOURCE_BRANCH }}" | |
echo " Dest. branch: ${{ env.DESTINATION_BRANCH }}" | |
echo "Release branch: ${{ env.RELEASE_BRANCH }}" | |
echo " Repo Name: ${{ env.REPOSITORY_NAME }}" | |
echo " Event name: ${{ github.event_name }}" | |
echo " Release ver.: ${{ env.RELEASE_VER }}" | |
echo "Release exists: ${{ env.RELEASE_EXISTS }}" | |
echo " Pre-release: ${{ env.PRE_RELEASE }}" | |
- name: Reject on error | |
# ref.: https://github.com/andrewslotin/rummelsnuff, v1.1.0 | |
uses: andrewslotin/rummelsnuff@a0c9c1929f44eefff922aced1ee4dd64eddf12d6 | |
if: ${{ failure() }} | |
with: | |
spam_label: "Build Errors" | |
close_spam_prs: "yes" | |
access_token: ${{ secrets.GITHUB_TOKEN }} | |
# ref: https://github.com/softprops/action-gh-release, v0.1.14 | |
# Release on merge only (push action) - this should run only once | |
- name: Signing release files | |
if: | | |
github.event_name == 'push' && | |
( env.RELEASE_EXISTS == false || env.RELEASE_EXISTS == 'false' ) && | |
( startsWith(env.SOURCE_BRANCH, 'release/v') && contains(env.SOURCE_BRANCH, '.') ) | |
shell: bash | |
env: | |
KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
run: | | |
echo "$KEY" > ../cosign.key | |
for FILE in *; do FILE_NAME=$(basename $FILE); cosign sign-blob --yes --key=../cosign.key --output-signature=./${FILE_NAME}.sig ./$FILE_NAME; done | |
rm -fv ../cosign.key | |
- name: Publish release | |
if: | | |
github.event_name == 'push' && | |
( env.RELEASE_EXISTS == false || env.RELEASE_EXISTS == 'false' ) && | |
( startsWith(env.SOURCE_BRANCH, 'release/v') && contains(env.SOURCE_BRANCH, '.') ) | |
uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5 | |
with: | |
body_path: RELEASE.md | |
tag_name: ${{ env.RELEASE_VER }} | |
name: ${{ env.RELEASE_VER }} | |
prerelease: ${{ env.PRE_RELEASE }} | |
draft: false | |
fail_on_unmatched_files: true | |
files: | | |
./interx-linux-amd64.deb | |
./interx-linux-amd64.deb.sig | |
./interx-linux-arm64.deb | |
./interx-linux-arm64.deb.sig | |
./interx-darwin-amd64.deb | |
./interx-darwin-amd64.deb.sig | |
./interx-darwin-arm64.deb | |
./interx-darwin-arm64.deb.sig | |
./source-code.tar.gz | |
- name: Cleanup all resources | |
if: always() | |
shell: bash | |
run: | | |
shred -vzn 3 ../cosign.key || echo "WARNING: Failed to shred key file" | |
rm -fv ../cosign.key | |
rm -rfv ./* | |
echo "(current dir): $PWD" && ls -l ./ | |
# ref.: https://github.com/hmarr/auto-approve-action, v2.1.0 | |
- name: Approve pull request on success | |
uses: hmarr/auto-approve-action@5d04a5ca6da9aeb8ca9f31a5239b96fc3e003029 | |
if: | | |
( github.event_name == 'pull_request' ) && | |
( env.SOURCE_BRANCH == env.RELEASE_BRANCH || env.DESTINATION_BRANCH == env.RELEASE_BRANCH ) | |
with: | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
# Work around https://github.com/actions/checkout/issues/760 | |
- name: Add safe.directory | |
run: | | |
git config --global --add safe.directory /github/workspace | |
git config --global --add safe.directory $PWD | |
# ref.: https://github.com/actions/checkout, v3.0.0 | |
- name: Checkout repository | |
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 | |
- name: Create PR from a version branch to latest | |
# ref. repo-sync/pull-request is broken, using cea2aj/pull-request instead | |
uses: cea2aj/pull-request@84eb0c3478f13651e5649367941b867ca02d7926 | |
if: | | |
github.event_name == 'push' && | |
( startsWith(env.SOURCE_BRANCH, 'release/v') && contains(env.SOURCE_BRANCH, '.') ) | |
with: | |
github_token: ${{ secrets.REPO_ACCESS }} | |
source_branch: ${{ env.SOURCE_BRANCH }} | |
destination_branch: 'latest' | |
pr_title: "${{ env.SOURCE_BRANCH }} -> latest" | |
pr_label: "kira-automation,automerge" | |
pr_allow_empty: true | |
- name: Auto-merge version branch to latest branch | |
uses: pascalgn/automerge-action@04dfc9eae2586d19b7362d4f6413c48135d9c25a | |
if: github.event_name == 'pull_request' && env.DESTINATION_BRANCH == 'latest' && | |
( startsWith(env.SOURCE_BRANCH, 'release/v') && contains(env.SOURCE_BRANCH, '.') ) | |
env: | |
MERGE_LABELS: "automerge" | |
GITHUB_TOKEN: "${{ secrets.REPO_ACCESS }}" | |
LOG: "TRACE" |