Create release draft #171
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Create release draft | |
on: | |
workflow_dispatch: | |
inputs: | |
release_client: | |
type: boolean | |
description: parachain-client | |
required: true | |
default: true | |
release_runtime: | |
type: boolean | |
description: parachain-runtime | |
required: true | |
default: true | |
release_worker: | |
type: boolean | |
description: tee-worker | |
required: true | |
default: true | |
release_enclave: | |
type: boolean | |
description: tee-enclave | |
required: true | |
default: true | |
release_tag: | |
description: an existing tag for creating release (e.g. v1.2.3) | |
required: true | |
diff_tag: | |
description: an existing tag to run diff against (e.g. v1.2.0) | |
default: "" | |
required: false | |
genesis_release: | |
type: choice | |
description: If any of the genesis artefacts should be released alongside | |
options: | |
- none | |
- litmus | |
- rococo | |
- litentry | |
env: | |
RELEASE_TAG: ${{ github.event.inputs.release_tag }} | |
DIFF_TAG: ${{ github.event.inputs.diff_tag }} | |
GENESIS_RELEASE: ${{ github.event.inputs.genesis_release }} | |
DOCKER_BUILDKIT: 1 | |
REF_VERSION: ${{ github.head_ref || github.ref_name }} | |
jobs: | |
set-release-type: | |
runs-on: ubuntu-latest | |
steps: | |
- name: set release_type | |
id: vars | |
run: | | |
# use something similar to mask to store the release type | |
t=0000 | |
[ "${{ github.event.inputs.release_client }}" = "true" ] && t="${t:0:0}1${t:1}" | |
[ "${{ github.event.inputs.release_runtime }}" = "true" ] && t="${t:0:1}1${t:2}" | |
[ "${{ github.event.inputs.release_worker }}" = "true" ] && t="${t:0:2}1${t:3}" | |
[ "${{ github.event.inputs.release_enclave }}" = "true" ] && t="${t:0:3}1${t:4}" | |
if [ $t = "0000"]; then | |
echo "::error::Please select at least one release type." | |
exit 1 | |
fi | |
echo "::group::print release type" | |
echo "release_type: $t" | |
echo "::endgroup::" | |
echo "release_type=$t" >> $GITHUB_OUTPUT | |
outputs: | |
release_type: ${{ steps.vars.outputs.release_type }} | |
## build parachain runtime wasm ## | |
build-wasm: | |
if: ${{ github.event.inputs.release_runtime == 'true' }} | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
chain: | |
- litmus | |
- rococo | |
- litentry | |
steps: | |
- name: Checkout codes on ${{ env.RELEASE_TAG }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ env.RELEASE_TAG }} | |
fetch-depth: 0 | |
- name: Build with srtool | |
id: srtool_build | |
uses: chevdor/[email protected] | |
env: | |
# optional: will override the parachain pallet ID and authorize_upgrade call ID, | |
# which will result in a different parachain_authorize_upgrade_hash | |
PARACHAIN_PALLET_ID: "0x1e" | |
AUTHORIZE_UPGRADE_PREFIX: "0x02" | |
with: | |
chain: ${{ matrix.chain }}-parachain | |
runtime_dir: runtime/${{ matrix.chain }} | |
tag: "1.66.0" | |
- name: Summary | |
run: | | |
echo '${{ steps.srtool_build.outputs.json }}' | jq . > ${{ matrix.chain }}-parachain-srtool-digest.json | |
echo "===============================================" | |
cat ${{ matrix.chain }}-parachain-srtool-digest.json | |
cp ${{ steps.srtool_build.outputs.wasm_compressed }} ${{ matrix.chain }}-parachain-runtime.compact.compressed.wasm | |
- name: Upload wasm artefacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ matrix.chain }}-parachain-runtime | |
path: | | |
${{ matrix.chain }}-parachain-srtool-digest.json | |
${{ matrix.chain }}-parachain-runtime.compact.compressed.wasm | |
# build docker image of parachain binary ## | |
build-parachain-docker: | |
if: ${{ github.event.inputs.release_client == 'true' }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout codes on ${{ env.RELEASE_TAG }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ env.RELEASE_TAG }} | |
fetch-depth: 0 | |
- name: Set env | |
run: | | |
DOCKER_TAG=$(echo ${{ env.RELEASE_TAG }} | cut -d'-' -f1 | sed 's/p/v/') | |
echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV | |
- name: Build docker image | |
run: | | |
./scripts/build-docker.sh production $DOCKER_TAG | |
echo "=============================" | |
docker images | |
- name: Dockerhub login | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- name: Push docker image | |
run: | | |
docker push litentry/litentry-parachain:$DOCKER_TAG | |
- name: Generate genesis artefacts if need | |
if: github.event.inputs.genesis_release != 'none' | |
run: | | |
docker run --rm litentry/litentry-parachain:$DOCKER_TAG export-genesis-state --chain=${{ env.GENESIS_RELEASE }} > ${{ env.GENESIS_RELEASE }}-genesis-state | |
docker run --rm litentry/litentry-parachain:$DOCKER_TAG export-genesis-wasm --chain=${{ env.GENESIS_RELEASE }} > ${{ env.GENESIS_RELEASE }}-genesis-wasm | |
- name: Copy client binary to disk | |
run: | | |
docker cp $(docker create --rm litentry/litentry-parachain:$DOCKER_TAG):/usr/local/bin/litentry-collator . | |
- name: Upload the client binary | |
uses: actions/upload-artifact@v3 | |
with: | |
name: litentry-collator | |
if-no-files-found: ignore | |
path: | | |
litentry-collator | |
${{ env.GENESIS_RELEASE }}-genesis-state | |
${{ env.GENESIS_RELEASE }}-genesis-wasm | |
build-worker-docker: | |
if: ${{ github.event.inputs.release_worker == 'true' }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout codes on ${{ env.RELEASE_TAG }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ env.RELEASE_TAG }} | |
fetch-depth: 0 | |
- name: Set env | |
run: | | |
WORKER_TAG=$(echo ${{ env.RELEASE_TAG }} | cut -d'-' -f3- | sed 's/w/v/') | |
echo "WORKER_TAG=$WORKER_TAG" >> $GITHUB_ENV | |
- name: Free up disk space | |
if: startsWith(runner.name, 'GitHub Actions') | |
uses: jlumbroso/free-disk-space@main | |
with: | |
tool-cache: true | |
swap-storage: false | |
large-packages: false | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
# use the docker driver to access the local image | |
# we don't need external caches or multi platforms here | |
# see https://docs.docker.com/build/drivers/ | |
driver: docker | |
- name: Cache worker-cache | |
uses: actions/cache@v3 | |
with: | |
path: | | |
worker-cache | |
key: worker-cache-${{ env.REF_VERSION }}-${{ hashFiles('tee-worker/**/Cargo.lock', 'tee-worker/**/Cargo.toml') }} | |
restore-keys: | | |
worker-cache-${{ env.REF_VERSION }}- | |
worker-cache- | |
- name: Create cache folder if not exist | |
run: | | |
for i in 'git/db' 'registry/cache' 'registry/index' 'sccache'; do | |
[ ! -d "worker-cache/$i" ] && mkdir -p "worker-cache/$i" || true | |
echo "hello" > worker-cache/$i/nix | |
done | |
echo "::group::List worker-cache size" | |
du -sh worker-cache/* | |
echo "::endgroup::" | |
echo "::group::Show disk usage" | |
df -h . | |
echo "::endgroup::" | |
- name: Build local builder | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: tee-worker/build.Dockerfile | |
tags: local-builder:latest | |
target: builder | |
build-args: | | |
WORKER_MODE_ARG=sidechain | |
ADDITIONAL_FEATURES_ARG= | |
- name: Copy caches from the built image | |
run: | | |
echo "::group::Show disk usage" | |
df -h . | |
echo "::endgroup::" | |
echo "::group::docker images" | |
docker images --all | |
echo "::endgroup::" | |
echo "::group::copy cache out" | |
for i in 'git/db' 'registry/cache' 'registry/index'; do | |
b="${i%/*}" | |
rm -rf worker-cache/$i | |
docker cp "$(docker create --rm local-builder:latest):/opt/rust/$i" worker-cache/$b | |
done | |
rm -rf worker-cache/sccache | |
docker cp "$(docker create --rm local-builder:latest):/opt/rust/sccache" worker-cache | |
du -sh worker-cache/* | |
echo "::endgroup::" | |
echo "::group::df -h ." | |
df -h . | |
echo "::endgroup::" | |
- name: Build worker | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: tee-worker/build.Dockerfile | |
tags: litentry/litentry-worker:${{ env.WORKER_TAG }} | |
target: deployed-worker | |
- name: Build cli | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: tee-worker/build.Dockerfile | |
tags: litentry/litentry-cli:${{ env.WORKER_TAG }} | |
target: deployed-client | |
- run: docker images --all | |
- name: Dockerhub login | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- name: Push worker image | |
run: | | |
docker push litentry/litentry-worker:$WORKER_TAG | |
docker push litentry/litentry-cli:$WORKER_TAG | |
## Build the enclave and package config files | |
build-tee: | |
if: ${{ github.event.inputs.release_worker == 'true' }} || ${{ github.event.inputs.release_enclave == 'true' }} | |
runs-on: tee-prod-builder | |
outputs: | |
mrenclave: ${{ steps.mrenclave.outputs.mrenclave }} | |
enclave_sha1sum: ${{ steps.shasum.outputs.enclave_sha1sum }} | |
worker_sha1sum: ${{ steps.shasum.outputs.worker_sha1sum }} | |
steps: | |
- name: Checkout codes on ${{ env.RELEASE_TAG }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ env.RELEASE_TAG }} | |
fetch-depth: 0 | |
- name: Build release artefacts | |
run: | | |
source /opt/intel/sgxsdk/environment | |
./tee-worker/scripts/litentry/release/build.sh ${{ github.event.inputs.release_worker }} ${{ github.event.inputs.release_enclave }} | |
- name: Set MRENCLAVE | |
id: mrenclave | |
run: | | |
MRENCLAVE= | |
f="tee-worker/enclave_release/mrenclave.txt" | |
[ -f "$f" ] && MRENCLAVE=$(cat "$f") | |
echo "mrenclave=$MRENCLAVE" >> $GITHUB_OUTPUT | |
- name: Set shasum | |
id: shasum | |
run: | | |
ENCLAVE_SHA1SUM= | |
WORKER_SHA1SUM= | |
cd tee-worker/enclave_release | |
[ -f "enclave.signed.so" ] && ENCLAVE_SHA1SUM=$(shasum enclave.signed.so | awk '{print $1}') | |
[ -f "litentry-worker" ] && WORKER_SHA1SUM=$(shasum litentry-worker | awk '{print $1}') | |
echo "enclave_sha1sum=$ENCLAVE_SHA1SUM" >> $GITHUB_OUTPUT | |
echo "worker_sha1sum=$WORKER_SHA1SUM" >> $GITHUB_OUTPUT | |
- name: Upload artefacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: litentry-tee | |
path: ./tee-worker/enclave_release/* | |
- name: Fail early | |
if: failure() | |
uses: andymckay/[email protected] | |
## test again the built docker image ## | |
run-ts-tests: | |
runs-on: ubuntu-latest | |
needs: build-parachain-docker | |
strategy: | |
matrix: | |
chain: | |
- litmus | |
- litentry | |
steps: | |
- name: Checkout codes | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Enable corepack and pnpm | |
run: corepack enable && corepack enable pnpm | |
- name: Download and tag docker image | |
run: | | |
export DOCKER_TAG=$(echo ${{ env.RELEASE_TAG }} | cut -d'-' -f1 | sed 's/p/v/') | |
docker pull litentry/litentry-parachain:$DOCKER_TAG | |
docker tag litentry/litentry-parachain:$DOCKER_TAG litentry/litentry-parachain:latest | |
- name: Run ts tests for ${{ matrix.chain }} | |
timeout-minutes: 20 | |
run: | | |
make test-ts-docker-${{ matrix.chain }} | |
- name: Archive logs if test fails | |
uses: actions/upload-artifact@v3 | |
if: ${{ failure() }} | |
with: | |
name: ${{ matrix.chain }}-ts-tests-artifacts | |
path: /tmp/parachain_dev/ | |
retention-days: 3 | |
- name: Clean up for ${{ matrix.chain }} | |
if: ${{ always() }} | |
run: | | |
make clean-docker-${{ matrix.chain }} | |
## check extrinsic ## | |
extrinsic-ordering-check-from-bin: | |
runs-on: ubuntu-latest | |
needs: build-parachain-docker | |
strategy: | |
matrix: | |
chain: [rococo, litmus, litentry] | |
include: | |
- chain: rococo | |
ref_url: wss://rpc.rococo-parachain-sg.litentry.io | |
- chain: litmus | |
ref_url: wss://rpc.litmus-parachain.litentry.io | |
- chain: litentry | |
ref_url: wss://rpc.litentry-parachain.litentry.io | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ env.RELEASE_TAG }} | |
- name: Prepare output and compare the metadata | |
timeout-minutes: 3 | |
run: | | |
export DOCKER_TAG=$(echo ${{ env.RELEASE_TAG }} | cut -d'-' -f1 | sed 's/p/v/') | |
PARACHAIN_NAME=local-parachain | |
BASE_URL=ws://127.0.0.1:9944 | |
chain=${{ matrix.chain }} | |
REF_URL=${{ matrix.ref_url }} | |
echo "Metadata comparison:" > output-$chain.txt | |
echo "Date: $(date)" >> output-$chain.txt | |
echo "Base: $BASE_URL" >> output-$chain.txt | |
echo "Reference: $REF_URL" >> output-$chain.txt | |
echo "Target Tag: ${{ env.RELEASE_TAG }}" >> output-$chain.txt | |
echo "Chain: $chain" >> output-$chain.txt | |
echo "----------------------------------------------------------------------" >> output-$chain.txt | |
echo "Running parachain: $chain" | |
docker run --pull always --rm --name=$PARACHAIN_NAME -d -p 9944:9944 litentry/litentry-parachain:$DOCKER_TAG --chain=$chain-dev --rpc-cors=all --ws-external --tmp -- --dev | |
sleep 3 | |
CMD="docker run --pull always --network host jacogr/polkadot-js-tools metadata $REF_URL $BASE_URL" | |
echo -e "Running:\n$CMD" | |
docker run --pull always --rm --network host jacogr/polkadot-js-tools metadata $REF_URL $BASE_URL | tee -a output-$chain.txt | |
SUMMARY=$(./scripts/extrinsic-ordering-filter.sh output-$chain.txt) | |
echo -e $SUMMARY >> output-$chain.txt | |
docker stop $PARACHAIN_NAME | |
content=$(< output-$chain.txt) | |
echo "content<<EOF" >> $GITHUB_ENV | |
echo "$content" >> $GITHUB_ENV | |
echo "EOF" >> $GITHUB_ENV | |
- name: Find issues | |
uses: actions-cool/issues-helper@v3 | |
id: findissueid | |
with: | |
actions: 'find-issues' | |
token: ${{ secrets.GITHUB_TOKEN }} | |
issue-state: 'open' | |
title-includes: Litentry-parachain ${{ env.RELEASE_TAG }} Release checklist | |
- name: Create comment | |
if: ${{ steps.findissueid.outputs.issues }} != '[]' | |
uses: actions-cool/issues-helper@v3 | |
with: | |
actions: 'create-comment' | |
token: ${{ secrets.GITHUB_TOKEN }} | |
issue-number: ${{ fromJson(steps.findissueid.outputs.issues)[0].number }} | |
body: | | |
${{ env.content }} | |
## create the release draft ## | |
create-release-draft: | |
runs-on: ubuntu-latest | |
# see https://github.com/actions/runner/issues/491 | |
# seems to be the only way to achieve this | |
needs: | |
- set-release-type | |
- build-tee | |
- run-ts-tests | |
- build-wasm | |
if: | | |
!failure() && | |
(success('build-wasm') || success('run-ts-tests') || success('build-tee')) | |
steps: | |
- name: Checkout codes on ${{ env.RELEASE_TAG }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ env.RELEASE_TAG }} | |
fetch-depth: 0 | |
- name: Download all artefacts | |
uses: actions/download-artifact@v3 | |
- name: Generate release notes | |
run: | | |
export MRENCLAVE="${{ needs.build-tee.outputs.mrenclave }}" | |
export ENCLAVE_SHA1SUM="${{ needs.build-tee.outputs.enclave_sha1sum }}" | |
export WORKER_SHA1SUM="${{ needs.build-tee.outputs.worker_sha1sum }}" | |
./scripts/generate-release-notes.sh ${{ github.workspace }}/.github/release_notes.md ${{ needs.set-release-type.outputs.release_type }} ${{ env.DIFF_TAG }} | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create release draft | |
id: create-release-draft | |
uses: softprops/action-gh-release@v1 | |
with: | |
tag_name: ${{ env.RELEASE_TAG }} | |
name: Litentry-parachain ${{ env.RELEASE_TAG }} | |
body_path: ${{ github.workspace }}/.github/release_notes.md | |
draft: true | |
files: | | |
*-parachain-runtime/*-parachain-srtool-digest.json | |
*-parachain-runtime/*-parachain-runtime.compact.compressed.wasm | |
litentry-collator/* | |
litentry-tee/* |