Skip to content

Create release draft #165

Create release draft

Create release draft #165

name: Create release draft
on:
workflow_dispatch:
inputs:
release_client:
type: boolean
description: parachain-client
required: true
default: true
release_runtime:
type: boolean
description: parachain-runtime
required: true
default: true
release_worker:
type: boolean
description: tee-worker
required: true
default: true
release_enclave:
type: boolean
description: tee-enclave
required: true
default: true
release_tag:
description: an existing tag for creating release (e.g. v1.2.3)
required: true
diff_tag:
description: an existing tag to run diff against (e.g. v1.2.0)
default: ""
required: false
genesis_release:
type: choice
description: If any of the genesis artefacts should be released alongside
options:
- none
- litmus
- rococo
- litentry
env:
RELEASE_TAG: ${{ github.event.inputs.release_tag }}
DIFF_TAG: ${{ github.event.inputs.diff_tag }}
GENESIS_RELEASE: ${{ github.event.inputs.genesis_release }}
DOCKER_BUILDKIT: 1
REF_VERSION: ${{ github.head_ref || github.ref_name }}
jobs:
set-release-type:
runs-on: ubuntu-latest
steps:
- name: set release_type
id: vars
run: |
# use something similar to mask to store the release type
t=0000
[ "${{ github.event.inputs.release_client }}" = "true" ] && t="${t:0:0}1${t:1}"
[ "${{ github.event.inputs.release_runtime }}" = "true" ] && t="${t:0:1}1${t:2}"
[ "${{ github.event.inputs.release_worker }}" = "true" ] && t="${t:0:2}1${t:3}"
[ "${{ github.event.inputs.release_enclave }}" = "true" ] && t="${t:0:3}1${t:4}"
if [ $t = "0000"]; then
echo "::error::Please select at least one release type."
exit 1
fi
echo "::group::print release type"
echo "release_type: $t"
echo "::endgroup::"
echo "release_type=$t" >> $GITHUB_OUTPUT
outputs:
release_type: ${{ steps.vars.outputs.release_type }}
## build parachain runtime wasm ##
build-wasm:
if: ${{ github.event.inputs.release_runtime == 'true' }}
runs-on: ubuntu-latest
strategy:
matrix:
chain:
- litmus
- rococo
- litentry
steps:
- name: Checkout codes on ${{ env.RELEASE_TAG }}
uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_TAG }}
fetch-depth: 0
- name: Build with srtool
id: srtool_build
uses: chevdor/[email protected]
env:
# optional: will override the parachain pallet ID and authorize_upgrade call ID,
# which will result in a different parachain_authorize_upgrade_hash
PARACHAIN_PALLET_ID: "0x1e"
AUTHORIZE_UPGRADE_PREFIX: "0x02"
with:
chain: ${{ matrix.chain }}-parachain
runtime_dir: runtime/${{ matrix.chain }}
tag: "1.66.0"
- name: Summary
run: |
echo '${{ steps.srtool_build.outputs.json }}' | jq . > ${{ matrix.chain }}-parachain-srtool-digest.json
echo "==============================================="
cat ${{ matrix.chain }}-parachain-srtool-digest.json
cp ${{ steps.srtool_build.outputs.wasm_compressed }} ${{ matrix.chain }}-parachain-runtime.compact.compressed.wasm
- name: Upload wasm artefacts
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.chain }}-parachain-runtime
path: |
${{ matrix.chain }}-parachain-srtool-digest.json
${{ matrix.chain }}-parachain-runtime.compact.compressed.wasm
# build docker image of parachain binary ##
build-parachain-docker:
if: ${{ github.event.inputs.release_client == 'true' }}
runs-on: ubuntu-latest
steps:
- name: Checkout codes on ${{ env.RELEASE_TAG }}
uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_TAG }}
fetch-depth: 0
- name: Set env
run: |
DOCKER_TAG=$(echo ${{ env.RELEASE_TAG }} | cut -d'-' -f1 | sed 's/p/v/')
echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV
- name: Build docker image
run: |
./scripts/build-docker.sh production $DOCKER_TAG
echo "============================="
docker images
- name: Dockerhub login
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Push docker image
run: |
docker push litentry/litentry-parachain:$DOCKER_TAG
- name: Generate genesis artefacts if need
if: github.event.inputs.genesis_release != 'none'
run: |
docker run --rm litentry/litentry-parachain:$DOCKER_TAG export-genesis-state --chain=${{ env.GENESIS_RELEASE }} > ${{ env.GENESIS_RELEASE }}-genesis-state
docker run --rm litentry/litentry-parachain:$DOCKER_TAG export-genesis-wasm --chain=${{ env.GENESIS_RELEASE }} > ${{ env.GENESIS_RELEASE }}-genesis-wasm
- name: Copy client binary to disk
run: |
docker cp $(docker create --rm litentry/litentry-parachain:$DOCKER_TAG):/usr/local/bin/litentry-collator .
- name: Upload the client binary
uses: actions/upload-artifact@v3
with:
name: litentry-collator
if-no-files-found: ignore
path: |
litentry-collator
${{ env.GENESIS_RELEASE }}-genesis-state
${{ env.GENESIS_RELEASE }}-genesis-wasm
build-worker-docker:
if: ${{ github.event.inputs.release_worker == 'true' }}
runs-on: ubuntu-latest
steps:
- name: Checkout codes on ${{ env.RELEASE_TAG }}
uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_TAG }}
fetch-depth: 0
- name: Set env
run: |
WORKER_TAG=$(echo ${{ env.RELEASE_TAG }} | cut -d'-' -f3- | sed 's/w/v/')
echo "$WORKER_TAG"
echo "WORKER_TAG=$WORKER_TAG" >> $GITHUB_ENV
# - name: Free up disk space
# if: startsWith(runner.name, 'GitHub Actions')
# uses: jlumbroso/free-disk-space@main
# with:
# tool-cache: true
# swap-storage: false
# large-packages: false
# - name: Set up Docker Buildx
# uses: docker/setup-buildx-action@v3
# with:
# # use the docker driver to access the local image
# # we don't need external caches or multi platforms here
# # see https://docs.docker.com/build/drivers/
# driver: docker
# - name: Cache worker-cache
# uses: actions/cache@v3
# with:
# path: |
# worker-cache
# key: worker-cache-${{ env.REF_VERSION }}-${{ hashFiles('tee-worker/**/Cargo.lock', 'tee-worker/**/Cargo.toml') }}
# restore-keys: |
# worker-cache-${{ env.REF_VERSION }}-
# worker-cache-
# - name: Create cache folder if not exist
# run: |
# for i in 'git/db' 'registry/cache' 'registry/index' 'sccache'; do
# [ ! -d "worker-cache/$i" ] && mkdir -p "worker-cache/$i" || true
# echo "hello" > worker-cache/$i/nix
# done
# echo "::group::List worker-cache size"
# du -sh worker-cache/*
# echo "::endgroup::"
# echo "::group::Show disk usage"
# df -h .
# echo "::endgroup::"
# - name: Build local builder
# uses: docker/build-push-action@v5
# with:
# context: .
# file: tee-worker/build.Dockerfile
# tags: local-builder:latest
# target: builder
# build-args: |
# WORKER_MODE_ARG=sidechain
# ADDITIONAL_FEATURES_ARG=
# - name: Copy caches from the built image
# run: |
# echo "::group::Show disk usage"
# df -h .
# echo "::endgroup::"
# echo "::group::docker images"
# docker images --all
# echo "::endgroup::"
# echo "::group::copy cache out"
# for i in 'git/db' 'registry/cache' 'registry/index'; do
# b="${i%/*}"
# rm -rf worker-cache/$i
# docker cp "$(docker create --rm local-builder:latest):/opt/rust/$i" worker-cache/$b
# done
# rm -rf worker-cache/sccache
# docker cp "$(docker create --rm local-builder:latest):/opt/rust/sccache" worker-cache
# du -sh worker-cache/*
# echo "::endgroup::"
# echo "::group::df -h ."
# df -h .
# echo "::endgroup::"
- name: Build worker
uses: docker/build-push-action@v5
with:
context: .
file: tee-worker/build.Dockerfile
tags: litentry/litentry-worker:$WORKER_TAG
target: deployed-worker
- run: echo $WORKER_TAG
- name: Build cli
uses: docker/build-push-action@v5
with:
context: .
file: tee-worker/build.Dockerfile
tags: litentry/litentry-cli:$WORKER_TAG
target: deployed-client
- run: echo $WORKER_TAG
- run: docker images --all
- name: Dockerhub login
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Push worker image
run: |
docker push litentry/litentry-worker:$WORKER_TAG
docker push litentry/litentry-cli:$WORKER_TAG
## Build the enclave and package config files
build-tee:
if: ${{ github.event.inputs.release_worker == 'true' }} || ${{ github.event.inputs.release_enclave == 'true' }}
runs-on: tee-prod-builder
outputs:
mrenclave: ${{ steps.mrenclave.outputs.mrenclave }}
enclave_sha1sum: ${{ steps.shasum.outputs.enclave_sha1sum }}
worker_sha1sum: ${{ steps.shasum.outputs.worker_sha1sum }}
steps:
- name: Checkout codes on ${{ env.RELEASE_TAG }}
uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_TAG }}
fetch-depth: 0
- name: Build release artefacts
run: |
source /opt/intel/sgxsdk/environment
./tee-worker/scripts/litentry/release/build.sh ${{ github.event.inputs.release_worker }} ${{ github.event.inputs.release_enclave }}
- name: Set MRENCLAVE
id: mrenclave
run: |
MRENCLAVE=
f="tee-worker/enclave_release/mrenclave.txt"
[ -f "$f" ] && MRENCLAVE=$(cat "$f")
echo "mrenclave=$MRENCLAVE" >> $GITHUB_OUTPUT
- name: Set shasum
id: shasum
run: |
ENCLAVE_SHA1SUM=
WORKER_SHA1SUM=
cd tee-worker/enclave_release
[ -f "enclave.signed.so" ] && ENCLAVE_SHA1SUM=$(shasum enclave.signed.so | awk '{print $1}')
[ -f "litentry-worker" ] && WORKER_SHA1SUM=$(shasum litentry-worker | awk '{print $1}')
echo "enclave_sha1sum=$ENCLAVE_SHA1SUM" >> $GITHUB_OUTPUT
echo "worker_sha1sum=$WORKER_SHA1SUM" >> $GITHUB_OUTPUT
- name: Upload artefacts
uses: actions/upload-artifact@v3
with:
name: litentry-tee
path: ./tee-worker/enclave_release/*
- name: Fail early
if: failure()
uses: andymckay/[email protected]
## test again the built docker image ##
run-ts-tests:
runs-on: ubuntu-latest
needs: build-parachain-docker
strategy:
matrix:
chain:
- litmus
- litentry
steps:
- name: Checkout codes
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Enable corepack and pnpm
run: corepack enable && corepack enable pnpm
- name: Download and tag docker image
run: |
export DOCKER_TAG=$(echo ${{ env.RELEASE_TAG }} | cut -d'-' -f1 | sed 's/p/v/')
docker pull litentry/litentry-parachain:$DOCKER_TAG
docker tag litentry/litentry-parachain:$DOCKER_TAG litentry/litentry-parachain:latest
- name: Run ts tests for ${{ matrix.chain }}
timeout-minutes: 20
run: |
make test-ts-docker-${{ matrix.chain }}
- name: Archive logs if test fails
uses: actions/upload-artifact@v3
if: ${{ failure() }}
with:
name: ${{ matrix.chain }}-ts-tests-artifacts
path: /tmp/parachain_dev/
retention-days: 3
- name: Clean up for ${{ matrix.chain }}
if: ${{ always() }}
run: |
make clean-docker-${{ matrix.chain }}
## check extrinsic ##
extrinsic-ordering-check-from-bin:
runs-on: ubuntu-latest
needs: build-parachain-docker
strategy:
matrix:
chain: [rococo, litmus, litentry]
include:
- chain: rococo
ref_url: wss://rpc.rococo-parachain-sg.litentry.io
- chain: litmus
ref_url: wss://rpc.litmus-parachain.litentry.io
- chain: litentry
ref_url: wss://rpc.litentry-parachain.litentry.io
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_TAG }}
- name: Prepare output and compare the metadata
timeout-minutes: 3
run: |
export DOCKER_TAG=$(echo ${{ env.RELEASE_TAG }} | cut -d'-' -f1 | sed 's/p/v/')
PARACHAIN_NAME=local-parachain
BASE_URL=ws://127.0.0.1:9944
chain=${{ matrix.chain }}
REF_URL=${{ matrix.ref_url }}
echo "Metadata comparison:" > output-$chain.txt
echo "Date: $(date)" >> output-$chain.txt
echo "Base: $BASE_URL" >> output-$chain.txt
echo "Reference: $REF_URL" >> output-$chain.txt
echo "Target Tag: ${{ env.RELEASE_TAG }}" >> output-$chain.txt
echo "Chain: $chain" >> output-$chain.txt
echo "----------------------------------------------------------------------" >> output-$chain.txt
echo "Running parachain: $chain"
docker run --pull always --rm --name=$PARACHAIN_NAME -d -p 9944:9944 litentry/litentry-parachain:$DOCKER_TAG --chain=$chain-dev --rpc-cors=all --ws-external --tmp -- --dev
sleep 3
CMD="docker run --pull always --network host jacogr/polkadot-js-tools metadata $REF_URL $BASE_URL"
echo -e "Running:\n$CMD"
docker run --pull always --rm --network host jacogr/polkadot-js-tools metadata $REF_URL $BASE_URL | tee -a output-$chain.txt
SUMMARY=$(./scripts/extrinsic-ordering-filter.sh output-$chain.txt)
echo -e $SUMMARY >> output-$chain.txt
docker stop $PARACHAIN_NAME
content=$(< output-$chain.txt)
echo "content<<EOF" >> $GITHUB_ENV
echo "$content" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
- name: Find issues
uses: actions-cool/issues-helper@v3
id: findissueid
with:
actions: 'find-issues'
token: ${{ secrets.GITHUB_TOKEN }}
issue-state: 'open'
title-includes: Litentry-parachain ${{ env.RELEASE_TAG }} Release checklist
- name: Create comment
if: ${{ steps.findissueid.outputs.issues }} != '[]'
uses: actions-cool/issues-helper@v3
with:
actions: 'create-comment'
token: ${{ secrets.GITHUB_TOKEN }}
issue-number: ${{ fromJson(steps.findissueid.outputs.issues)[0].number }}
body: |
${{ env.content }}
## create the release draft ##
create-release-draft:
runs-on: ubuntu-latest
# see https://github.com/actions/runner/issues/491
# seems to be the only way to achieve this
needs:
- set-release-type
- build-tee
- run-ts-tests
- build-wasm
if: |
!failure() &&
(success('build-wasm') || success('run-ts-tests') || success('build-tee'))
steps:
- name: Checkout codes on ${{ env.RELEASE_TAG }}
uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_TAG }}
fetch-depth: 0
- name: Download all artefacts
uses: actions/download-artifact@v3
- name: Generate release notes
run: |
export MRENCLAVE="${{ needs.build-tee.outputs.mrenclave }}"
export ENCLAVE_SHA1SUM="${{ needs.build-tee.outputs.enclave_sha1sum }}"
export WORKER_SHA1SUM="${{ needs.build-tee.outputs.worker_sha1sum }}"
./scripts/generate-release-notes.sh ${{ github.workspace }}/.github/release_notes.md ${{ needs.set-release-type.outputs.release_type }} ${{ env.DIFF_TAG }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Create release draft
id: create-release-draft
uses: softprops/action-gh-release@v1
with:
tag_name: ${{ env.RELEASE_TAG }}
name: Litentry-parachain ${{ env.RELEASE_TAG }}
body_path: ${{ github.workspace }}/.github/release_notes.md
draft: true
files: |
*-parachain-runtime/*-parachain-srtool-digest.json
*-parachain-runtime/*-parachain-runtime.compact.compressed.wasm
litentry-collator/*
litentry-tee/*