-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #63 from KiraCore/v0.4.3-rc.2
v0.4.3-rc.2 -> master
- Loading branch information
Showing
7 changed files
with
118 additions
and
90 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,38 +2,11 @@ name: Build, Release & Publish | |
|
|
||
| on: | ||
| push: | ||
| branches: [ v*.*.*, feature/*, master, dev, latest, testnet-*, mainnet-*, kira-* ] | ||
| branches: [ v*.*.*, feature/*, bugfix/*, master, dev, latest ] | ||
| pull_request: | ||
| branches: [ v*.*.*, bugfix/*, master, dev, latest, testnet-*, mainnet-*, kira-* ] | ||
| branches: [ v*.*.*, feature/*, bugfix/*, master, dev, latest ] | ||
|
|
||
| jobs: | ||
| # isolate signing & repo cloning from docker image | ||
| setup: | ||
| name: Repo Setup | ||
| runs-on: ubuntu-20.04 | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
| id-token: write | ||
| pull-requests: write | ||
| steps: | ||
| # ref.: https://github.com/sigstore/cosign-installer, v2.1.0 | ||
| - name: Install cosign | ||
| uses: sigstore/cosign-installer@581838fbedd492d2350a9ecd427a95d6de1e5d01 | ||
| with: | ||
| cosign-release: 'v1.6.0' | ||
| # ref.: https://github.com/actions/checkout, v3.0.0 | ||
| - name: Checkout repository | ||
| uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 | ||
| - name: Verify repo content | ||
| run: | | ||
| echo "(current dir): $PWD" && ls -l ./ | ||
| cd ../ && tar -czvf src.tar.gz -C ./interx . && cp ./src.tar.gz ./interx/src.tar.gz | ||
| - name: Uploading artifacts | ||
| uses: actions/[email protected] | ||
| with: | ||
| name: interx-src | ||
| path: ./src.tar.gz | ||
| build: | ||
| name: Repo Build | ||
| runs-on: ubuntu-20.04 | ||
|
|
@@ -42,21 +15,29 @@ jobs: | |
| packages: write | ||
| id-token: write | ||
| pull-requests: write | ||
| needs: [setup] | ||
| container: | ||
| image: ghcr.io/kiracore/docker/base-image:v0.5.0.0 | ||
| image: ghcr.io/kiracore/docker/base-image:v0.9.1.1 | ||
| steps: | ||
| # Work around https://github.com/actions/checkout/issues/760 | ||
| - name: Add safe.directory | ||
| run: | | ||
| git config --global --add safe.directory /github/workspace | ||
| git config --global --add safe.directory $PWD | ||
| # ref.: https://github.com/actions/checkout, v3.0.0 | ||
| - name: Checkout repository | ||
| uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 | ||
| - name: Checking dependency versions | ||
| run: | | ||
| echo "(current dir): $PWD" && ls -l ./ | ||
| . /etc/profile && echo "Utils Version: $(utilsVersion)" | ||
| WORK_DIR=$PWD | ||
| BASE_DIR=$(basename "$WORK_DIR") | ||
| cd ../ && tar -czvf src.tar.gz -C ./$BASE_DIR . && cp ./src.tar.gz ./$BASE_DIR/src.tar.gz && cd ./$BASE_DIR | ||
| echo "(current dir): $PWD" && ls -l ./ | ||
| go version | ||
| echo "ENVS: $(env)" | ||
| echo "HOME: $HOME" | ||
| echo " PWD: $PWD" | ||
| - name: Download artifacts | ||
| uses: actions/[email protected] | ||
| with: | ||
| name: interx-src | ||
| - name: Extract branch name on push | ||
| if: github.event_name == 'push' | ||
| shell: bash | ||
|
|
@@ -75,24 +56,29 @@ jobs: | |
| - name: Inspecting & organizing artifacts | ||
| run: | | ||
| echo "(current dir): $PWD" && ls -l ./ | ||
| tar xvf ./src.tar.gz | ||
| chmod -Rv 555 ./scripts | ||
| RELEASE_VER="$(./scripts/version.sh)" && echo "RELEASE_VER=$RELEASE_VER" >> $GITHUB_ENV | ||
| REPOSITORY_NAME="${{ github.event.repository.name }}" && echo "REPOSITORY_NAME=$REPOSITORY_NAME" >> $GITHUB_ENV | ||
| RELEASE_VER=$(./scripts/version.sh) && echo "RELEASE_VER=$RELEASE_VER" >> $GITHUB_ENV | ||
| echo "RELEASE_VER=$RELEASE_VER" >> $GITHUB_ENV | ||
| git ls-remote https://github.com/kiracore/$REPOSITORY_NAME | egrep -q "refs/tags/${RELEASE_VER}$" && echo "RELEASE_EXISTS=true" >> $GITHUB_ENV || echo "RELEASE_EXISTS=false" >> $GITHUB_ENV | ||
| if [[ "$RELEASE_VER" =~ $VERSION_REGEX ]] && [[ "$SOURCE_BRANCH" =~ $VERSION_REGEX ]] && [ "$SOURCE_BRANCH" != "$RELEASE_VER" ] ; then | ||
| echo "ERROR: Version branch name MUST be the same as the app version, run scripts/version.sh to check app version!" | ||
| exit 1 | ||
| else | ||
| echo "INFO: Variables setup succeeded" | ||
| fi | ||
| - name: Print debug data before testing | ||
| run: | | ||
| . /etc/profile | ||
| go version | ||
| echo " Source branch: ${{ env.SOURCE_BRANCH }}" | ||
| echo "Destination branch: ${{ env.DESTINATION_BRANCH }}" | ||
| echo " Event name: ${{ github.event_name }}" | ||
| echo " Repository name: ${{ env.REPOSITORY_NAME }}" | ||
| echo " Release version: ${{ env.RELEASE_VER }}" | ||
| echo " Release exists: ${{ env.RELEASE_EXISTS }}" | ||
| echo " Event name: ${{ github.event_name }}" | ||
| echo " Repository name: ${{ env.REPOSITORY_NAME }}" | ||
| echo " Release version: ${{ env.RELEASE_VER }}" | ||
| echo " Release exists: ${{ env.RELEASE_EXISTS }}" | ||
| - name: Testing INTERX | ||
| run: | | ||
| echo "(current dir): $PWD" && ls -l ./ | ||
| tar xvf ./src.tar.gz | ||
| chmod -Rv 555 ./scripts | ||
| make install | ||
| interxd version | ||
|
|
@@ -102,15 +88,18 @@ jobs: | |
| make publish | ||
| touch ./RELEASE.md | ||
| cp -fv ./RELEASE.md ./bin/RELEASE.md | ||
| cp -fv ./src.tar.gz ./bin/src.tar.gz | ||
| chmod -Rv 777 ./bin | ||
| echo -e "\n\r\n\r\`\`\`" >> ./bin/RELEASE.md | ||
| echo -e " Release Versions: $RELEASE_VER\n\r" >> ./bin/RELEASE.md | ||
| echo -e " Release Versions: $RELEASE_VER" >> ./bin/RELEASE.md | ||
| echo -e " Release Date Time: $(date --rfc-2822)" >> ./bin/RELEASE.md | ||
| echo " interx-darwin-amd64.deb: sha256:$(sha256sum ./bin/interx-darwin-amd64.deb | awk '{ print $1 }')" >> ./bin/RELEASE.md | ||
| echo " interx-darwin-arm64.deb: sha256:$(sha256sum ./bin/interx-darwin-arm64.deb | awk '{ print $1 }')" >> ./bin/RELEASE.md | ||
| echo " interx-linux-amd64.deb: sha256:$(sha256sum ./bin/interx-linux-amd64.deb | awk '{ print $1 }')" >> ./bin/RELEASE.md | ||
| echo " interx-linux-arm64.deb: sha256:$(sha256sum ./bin/interx-linux-arm64.deb | awk '{ print $1 }')" >> ./bin/RELEASE.md | ||
| echo "interx-windows-amd64.exe: sha256:$(sha256sum ./bin/interx-windows-amd64.exe | awk '{ print $1 }')" >> ./bin/RELEASE.md | ||
| echo "interx-windows-arm64.exe: sha256:$(sha256sum ./bin/interx-windows-arm64.exe | awk '{ print $1 }')" >> ./bin/RELEASE.md | ||
| echo " src.tar.gz: sha256:$(sha256sum ./bin/src.tar.gz | awk '{ print $1 }')" >> ./bin/RELEASE.md | ||
| echo -e "\`\`\`" >> ./bin/RELEASE.md | ||
| tar -czvf deb.tar.gz -C ./bin . | ||
| - name: Uploading artifacts | ||
|
|
@@ -128,6 +117,12 @@ jobs: | |
| id-token: write | ||
| pull-requests: write | ||
| steps: | ||
| # Install the cosign tool | ||
| # ref.: https://github.com/sigstore/cosign-installer, v2.2.0 | ||
| - name: Install cosign | ||
| uses: sigstore/cosign-installer@d6a3abf1bdea83574e28d40543793018b6035605 | ||
| with: | ||
| cosign-release: 'v1.7.2' | ||
| - name: Download artifacts | ||
| uses: actions/[email protected] | ||
| with: | ||
|
|
@@ -142,6 +137,7 @@ jobs: | |
| REPOSITORY_NAME="${{ github.event.repository.name }}" | ||
| echo "REPOSITORY_NAME=$REPOSITORY_NAME" >> $GITHUB_ENV | ||
| git ls-remote https://github.com/kiracore/$REPOSITORY_NAME | egrep -q "refs/tags/${RELEASE_VER}$" && echo "RELEASE_EXISTS=true" >> $GITHUB_ENV || echo "RELEASE_EXISTS=false" >> $GITHUB_ENV | ||
| [[ "$RELEASE_VER" == *"-rc"* ]] && echo "PRE_RELEASE=true" >> $GITHUB_ENV || echo "PRE_RELEASE=false" >> $GITHUB_ENV | ||
| # Branch name is also a version of the release | ||
| # ref: https://stackoverflow.com/questions/58033366/how-to-get-the-current-branch-within-github-actions | ||
| - name: Extract branch name on push | ||
|
|
@@ -167,6 +163,7 @@ jobs: | |
| echo " Event name: ${{ github.event_name }}" | ||
| echo " Release ver.: ${{ env.RELEASE_VER }}" | ||
| echo "Release exists: ${{ env.RELEASE_EXISTS }}" | ||
| echo " Pre-release: ${{ env.PRE_RELEASE }}" | ||
| - name: Reject on error | ||
| # ref.: https://github.com/andrewslotin/rummelsnuff, v1.1.0 | ||
| uses: andrewslotin/rummelsnuff@a0c9c1929f44eefff922aced1ee4dd64eddf12d6 | ||
|
|
@@ -177,69 +174,75 @@ jobs: | |
| access_token: ${{ secrets.GITHUB_TOKEN }} | ||
| # ref: https://github.com/softprops/action-gh-release, v0.1.14 | ||
| # Release on merge only (push action) - this should run only once | ||
| - name: Publish release | ||
| - name: Signing release files | ||
| if: | | ||
| github.event_name == 'push' && | ||
| ( startsWith(env.SOURCE_BRANCH, 'v') && contains(env.SOURCE_BRANCH, '.') && !contains(env.SOURCE_BRANCH, 'rc') && !contains(env.SOURCE_BRANCH, '-') ) | ||
| uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5 | ||
| with: | ||
| body_path: RELEASE.md | ||
| tag_name: ${{ env.SOURCE_BRANCH }} | ||
| name: ${{ env.SOURCE_BRANCH }} | ||
| prerelease: false | ||
| draft: false | ||
| fail_on_unmatched_files: true | ||
| files: | | ||
| ./interx-linux-amd64.deb | ||
| ./interx-linux-arm64.deb | ||
| ./interx-darwin-amd64.deb | ||
| ./interx-darwin-arm64.deb | ||
| ./interx-windows-amd64.exe | ||
| ./interx-windows-arm64.exe | ||
| # ref: https://github.com/softprops/action-gh-release, v0.1.14 | ||
| # Release on merge only (push action) - this should run only once | ||
| - name: Publish pre-release | ||
| ( env.RELEASE_EXISTS == false || env.RELEASE_EXISTS == 'false' ) && | ||
| ( startsWith(env.SOURCE_BRANCH, 'v') && contains(env.SOURCE_BRANCH, '.') ) | ||
| shell: bash | ||
| env: | ||
| KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} | ||
| COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | ||
| run: | | ||
| echo "$KEY" > ../cosign.key | ||
| for FILE in *; do FILE_NAME=$(basename $FILE); cosign sign-blob --key=../cosign.key --output-signature=./${FILE_NAME}.sig ./$FILE_NAME; done | ||
| rm -fv ../cosign.key | ||
| - name: Publish release | ||
| if: | | ||
| github.event_name == 'push' && | ||
| ( startsWith(env.SOURCE_BRANCH, 'v') && contains(env.SOURCE_BRANCH, '.') && contains(env.SOURCE_BRANCH, '-') ) | ||
| ( env.RELEASE_EXISTS == false || env.RELEASE_EXISTS == 'false' ) && | ||
| ( startsWith(env.SOURCE_BRANCH, 'v') && contains(env.SOURCE_BRANCH, '.') ) | ||
| uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5 | ||
| with: | ||
| body_path: RELEASE.md | ||
| tag_name: ${{ env.SOURCE_BRANCH }} | ||
| name: ${{ env.SOURCE_BRANCH }} | ||
| prerelease: true | ||
| prerelease: ${{ env.PRE_RELEASE }} | ||
| draft: false | ||
| fail_on_unmatched_files: true | ||
| files: | | ||
| ./interx-linux-amd64.deb | ||
| ./interx-linux-amd64.deb.sig | ||
| ./interx-linux-arm64.deb | ||
| ./interx-linux-arm64.deb.sig | ||
| ./interx-darwin-amd64.deb | ||
| ./interx-darwin-amd64.deb.sig | ||
| ./interx-darwin-arm64.deb | ||
| ./interx-darwin-arm64.deb.sig | ||
| ./interx-windows-amd64.exe | ||
| ./interx-windows-amd64.exe.sig | ||
| ./interx-windows-arm64.exe | ||
| ./interx-windows-arm64.exe.sig | ||
| - name: Cleanup all resources | ||
| if: always() | ||
| shell: bash | ||
| run: | | ||
| shred -vzn 3 ../cosign.key || echo "WARNING: Failed to shred key file" | ||
| rm -fv ../cosign.key | ||
| rm -rfv ./* | ||
| echo "(current dir): $PWD" && ls -l ./ | ||
| # ref.: https://github.com/hmarr/auto-approve-action, v2.1.0 | ||
| - name: Approve pull request on success | ||
| uses: hmarr/auto-approve-action@5d04a5ca6da9aeb8ca9f31a5239b96fc3e003029 | ||
| if: | | ||
| ( github.event_name == 'pull_request' ) && | ||
| (( env.RELEASE_EXISTS == false || env.RELEASE_EXISTS == 'false' ) || env.SOURCE_BRANCH == env.RELEASE_VER) && | ||
| ( env.SOURCE_BRANCH == env.RELEASE_VER || env.DESTINATION_BRANCH == env.RELEASE_VER ) | ||
| with: | ||
| github-token: "${{ secrets.GITHUB_TOKEN }}" | ||
| - name: Cleanup all resources | ||
| shell: bash | ||
| # Work around https://github.com/actions/checkout/issues/760 | ||
| - name: Add safe.directory | ||
| run: | | ||
| rm -rfv ./* | ||
| echo "(current dir): $PWD" && ls -l ./ | ||
| git config --global --add safe.directory /github/workspace | ||
| git config --global --add safe.directory $PWD | ||
| # ref.: https://github.com/actions/checkout, v3.0.0 | ||
| - name: Checkout repository | ||
| uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 | ||
| - name: Create PR from a version branch to latest | ||
| # ref: https://github.com/repo-sync/pull-request | ||
| # ref. repo-sync/pull-request is broken, using cea2aj/pull-request instead | ||
| uses: cea2aj/pull-request@84eb0c3478f13651e5649367941b867ca02d7926 | ||
| if: | | ||
| github.event_name == 'push' && | ||
| ( startsWith(env.SOURCE_BRANCH, 'v') && contains(env.SOURCE_BRANCH, '.') ) | ||
| uses: repo-sync/pull-request@5ba2c80b97c87b9174c1548141b7acd80f6376e1 | ||
| with: | ||
| github_token: ${{ secrets.REPO_ACCESS }} | ||
| source_branch: ${{ env.SOURCE_BRANCH }} | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.