Release Platform #931
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release Platform | |
on: | |
release: | |
types: | |
- published | |
workflow_dispatch: | |
inputs: | |
tag: | |
description: "Version (i.e. v0.22.3-pre.2)" | |
required: true | |
only_drive: | |
type: boolean | |
description: Only build Drive image | |
default: false | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
release-npm: | |
name: Release NPM packages | |
runs-on: ["self-hosted", "linux", "arm64", "ubuntu-platform"] | |
timeout-minutes: 15 | |
if: github.event_name != 'workflow_dispatch' | |
steps: | |
- name: Check out repo | |
uses: actions/checkout@v4 | |
- name: Check package version matches tag | |
uses: geritol/[email protected] | |
env: | |
TAG_PREFIX: v | |
- name: Configure AWS credentials and bucket region | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
- name: Retrieve JS build artifacts | |
uses: strophy/actions-cache@opendal-update | |
id: cache | |
with: | |
bucket: multi-runner-cache-x1xibo9c | |
root: actions-cache | |
path: build-js-artifacts-${{ github.sha }}.tar | |
key: build-js-artifacts/${{ github.sha }} | |
- name: Unpack JS build artifacts archive | |
run: tar -xf build-js-artifacts-${{ github.sha }}.tar | |
if: ${{ steps.cache.outputs.cache-hit == 'true' }} | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Setup Rust | |
uses: ./.github/actions/rust | |
with: | |
target: wasm32-unknown-unknown | |
if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
- name: Setup Node.JS | |
uses: ./.github/actions/nodejs | |
- name: Build packages | |
run: yarn build | |
env: | |
CARGO_BUILD_PROFILE: release | |
RUSTC_WRAPPER: sccache | |
SCCACHE_BUCKET: multi-runner-cache-x1xibo9c | |
SCCACHE_REGION: ${{ secrets.AWS_REGION }} | |
SCCACHE_S3_KEY_PREFIX: ${{ runner.os }}/sccache/wasm/wasm32 | |
if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
- name: Set suffix | |
uses: actions/github-script@v6 | |
id: suffix | |
with: | |
result-encoding: string | |
script: | | |
const fullTag = "${{ inputs.tag }}" || context.payload.release.tag_name; | |
if (fullTag.includes('-')) { | |
const [, fullSuffix] = fullTag.split('-'); | |
const [suffix] = fullSuffix.split('.'); | |
return suffix; | |
} else { | |
return ''; | |
} | |
- name: Set NPM release tag | |
uses: actions/github-script@v6 | |
id: tag | |
with: | |
result-encoding: string | |
script: | | |
const tag = "${{ inputs.tag }}" || context.payload.release.tag_name; | |
const [, major, minor] = tag.match(/^v([0-9]+)\.([0-9]+)/); | |
return (tag.includes('-') ? `${major}.${minor}-${{steps.suffix.outputs.result}}` : 'latest'); | |
- name: Show NPM release tag | |
run: | | |
echo "NPM suffix: ${{ steps.suffix.outputs.result }}" | |
echo "NPM release tag: ${{ steps.tag.outputs.result }}" | |
- name: Configure NPM auth token | |
run: yarn config set npmAuthToken ${{ secrets.NPM_TOKEN }} | |
- name: Publish NPM packages | |
run: yarn workspaces foreach --all --no-private --parallel npm publish --access public --tag ${{ steps.tag.outputs.result }} | |
- name: Ignore only already cached artifacts | |
run: | | |
find . -name '.gitignore' -exec rm -f {} + | |
echo ".yarn" >> .gitignore | |
echo "target" >> .gitignore | |
echo "node_modules" >> .gitignore | |
echo ".nyc_output" >> .gitignore | |
echo ".idea" >> .gitignore | |
echo ".ultra.cache.json" >> .gitignore | |
echo "db/*" >> .gitignore | |
if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
- name: Get modified files | |
id: diff | |
run: git ls-files --others --exclude-standard >> artifacts_list.txt | |
if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
- name: Create an archive of built files | |
run: xargs -a artifacts_list.txt tar cvf build-js-artifacts-${{ github.sha }}.tar | |
if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
release-drive-image: | |
name: Release Drive image | |
secrets: inherit | |
uses: ./.github/workflows/release-docker-image.yml | |
with: | |
name: Drive | |
image_org: dashpay | |
image_name: drive | |
target: drive-abci | |
tag: ${{ inputs.tag || github.event.release.tag_name }} | |
release-drive-image-debug: | |
name: Release Drive debug image | |
secrets: inherit | |
uses: ./.github/workflows/release-docker-image.yml | |
with: | |
name: Drive | |
image_org: dashpay | |
image_name: drive | |
target: drive-abci | |
cargo_profile: dev | |
tag: ${{ inputs.tag || github.event.release.tag_name }}-debug | |
release-dapi-image: | |
name: Release DAPI image | |
if: ${{ !inputs.only_drive }} | |
secrets: inherit | |
uses: ./.github/workflows/release-docker-image.yml | |
with: | |
name: DAPI | |
image_org: dashpay | |
image_name: dapi | |
target: dapi | |
tag: ${{ inputs.tag || github.event.release.tag_name }} | |
release-test-suite-image: | |
name: Release Test Suite image | |
if: ${{ !inputs.only_drive }} | |
secrets: inherit | |
uses: ./.github/workflows/release-docker-image.yml | |
with: | |
name: Test Suite | |
image_org: dashpay | |
image_name: platform-test-suite | |
target: test-suite | |
tag: ${{ inputs.tag || github.event.release.tag_name }} | |
release-dashmate-helper-image: | |
name: Release Dashmate Helper image | |
secrets: inherit | |
if: ${{ !inputs.only_drive }} | |
uses: ./.github/workflows/release-docker-image.yml | |
with: | |
name: Dashmate Helper | |
image_org: dashpay | |
image_name: dashmate-helper | |
target: dashmate-helper | |
tag: ${{ inputs.tag || github.event.release.tag_name }} | |
release-dashmate-packages: | |
name: Release Dashmate packages | |
runs-on: ${{ matrix.os }} | |
if: ${{ !inputs.only_drive }} | |
needs: release-npm | |
permissions: | |
id-token: write # s3 cache | |
contents: write # update release artifacts | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- package_type: tarballs | |
os: ubuntu-22.04 | |
- package_type: win | |
os: ubuntu-22.04 | |
- package_type: deb | |
os: ubuntu-22.04 | |
- package_type: macos | |
os: macos-14 | |
steps: | |
- name: Check out repo | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Configure AWS credentials and bucket region | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: ${{ secrets.AWS_REGION }} | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
- name: Retrieve JS build artifacts | |
uses: strophy/actions-cache@opendal-update | |
with: | |
bucket: multi-runner-cache-x1xibo9c | |
root: actions-cache | |
path: build-js-artifacts-${{ github.sha }}.tar | |
key: build-js-artifacts/${{ github.sha }} | |
- name: Unpack JS build artifacts archive | |
run: tar -xf build-js-artifacts-${{ github.sha }}.tar | |
- name: Install macOS build deps | |
if: runner.os == 'macOS' | |
run: | | |
brew install llvm coreutils | |
- name: Set up Docker for macOS | |
if: runner.os == 'macOS' | |
uses: docker-practice/actions-setup-docker@master | |
- name: Install the Apple certificate | |
if: runner.os == 'macOS' | |
env: | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.MACOS_BUILD_CERTIFICATE_BASE64 }} | |
P12_PASSWORD: ${{ secrets.MACOS_P12_PASSWORD }} | |
KEYCHAIN_PASSWORD: ${{ secrets.MACOS_KEYCHAIN_PASSWORD }} | |
run: | | |
# create variables | |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
# import certificate and provisioning profile from secrets | |
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH | |
# create temporary keychain | |
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# import certificate to keychain | |
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security list-keychain -d user -s $KEYCHAIN_PATH | |
- name: Install Linux build deps | |
if: runner.os == 'Linux' | |
run: sudo apt-get install -y nsis | |
- name: Setup Node.JS | |
uses: ./.github/actions/nodejs | |
- name: Create package | |
env: | |
OSX_KEYCHAIN: ${{ runner.temp }}/app-signing.keychain-db | |
run: "${GITHUB_WORKSPACE}/scripts/pack_dashmate.sh ${{ matrix.package_type }}" | |
- name: Upload artifacts to action summary | |
uses: actions/upload-artifact@v3 | |
if: github.event_name != 'release' | |
with: | |
name: dashmate | |
path: packages/dashmate/dist/** | |
- name: Notarize MacOS Release Build | |
if: runner.os == 'macOS' | |
run: | | |
find packages/dashmate/dist/ -name '*.pkg' -exec sh -c 'xcrun notarytool submit "{}" --apple-id "${{ secrets.MACOS_APPLE_ID }}" --team-id "${{ secrets.MACOS_TEAM_ID }}" --password "${{ secrets.MACOS_NOTARIZING_PASSWORD }}" --wait;' \; | |
- name: Upload artifacts to release | |
uses: softprops/[email protected] | |
if: github.event_name == 'release' | |
with: | |
files: packages/dashmate/dist/** |