-
Notifications
You must be signed in to change notification settings - Fork 20
398 lines (353 loc) · 12.9 KB
/
create-release-draft.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
name: Create release draft
on:
workflow_dispatch:
inputs:
parachain_client:
type: boolean
description: parachain-client
required: true
default: true
parachain_runtime:
type: boolean
description: parachain-runtime
required: true
default: true
identity_worker:
type: boolean
description: identity-worker
required: true
default: true
bitacross_worker:
type: boolean
description: bitacross-worker
required: true
default: true
release_tag:
description: an existing tag for creating release (e.g. v1.2.0)
required: true
diff_tag:
description: an existing tag to run diff against (e.g. v1.1.0)
default: ""
required: false
genesis_release:
type: choice
description: If any of the genesis artefacts should be released alongside
options:
- none
- paseo
- litentry
env:
RELEASE_TAG: ${{ github.event.inputs.release_tag }}
DIFF_TAG: ${{ github.event.inputs.diff_tag }}
GENESIS_RELEASE: ${{ github.event.inputs.genesis_release }}
DOCKER_BUILDKIT: 1
REF_VERSION: ${{ github.head_ref || github.ref_name }}
jobs:
set-release-type:
runs-on: ubuntu-latest
steps:
- name: set release_type
id: vars
run: |
# use something similar to mask to store the release type
t=0000
[ "${{ github.event.inputs.parachain_client }}" = "true" ] && t="${t:0:0}1${t:1}"
[ "${{ github.event.inputs.parachain_runtime }}" = "true" ] && t="${t:0:1}1${t:2}"
[ "${{ github.event.inputs.identity_worker }}" = "true" ] && t="${t:0:2}1${t:3}"
[ "${{ github.event.inputs.bitacross_worker }}" = "true" ] && t="${t:0:3}1${t:4}"
if [ $t = "0000"]; then
echo "::error::Please select at least one release type."
exit 1
fi
echo "::group::print release type"
echo "release_type: $t"
echo "::endgroup::"
echo "release_type=$t" >> $GITHUB_OUTPUT
outputs:
release_type: ${{ steps.vars.outputs.release_type }}
build-parachain-runtime:
if: ${{ github.event.inputs.parachain_runtime == 'true' }}
runs-on: ubuntu-latest
strategy:
matrix:
chain:
- paseo
- litentry
name: ${{ matrix.chain }}
steps:
- name: Checkout codes on ${{ env.RELEASE_TAG }}
uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_TAG }}
fetch-depth: 0
- name: Build with srtool
id: srtool_build
uses: chevdor/[email protected]
env:
# optional: will override the parachain pallet ID and authorize_upgrade call ID,
# which will result in a different parachain_authorize_upgrade_hash
PARACHAIN_PALLET_ID: "0x1e"
AUTHORIZE_UPGRADE_PREFIX: "0x02"
with:
chain: ${{ matrix.chain }}-parachain
runtime_dir: parachain/runtime/${{ matrix.chain }}
profile: production
- name: Summary
run: |
echo '${{ steps.srtool_build.outputs.json }}' | jq . > ${{ matrix.chain }}-parachain-srtool-digest.json
echo "==============================================="
cat ${{ matrix.chain }}-parachain-srtool-digest.json
cp ${{ steps.srtool_build.outputs.wasm_compressed }} ${{ matrix.chain }}-parachain-runtime.compact.compressed.wasm
- name: Upload wasm artefacts
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.chain }}-parachain-runtime
path: |
${{ matrix.chain }}-parachain-srtool-digest.json
${{ matrix.chain }}-parachain-runtime.compact.compressed.wasm
build-parachain-client:
if: ${{ github.event.inputs.parachain_client == 'true' }}
runs-on: ubuntu-latest
steps:
- name: Checkout codes on ${{ env.RELEASE_TAG }}
uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_TAG }}
fetch-depth: 0
- name: Free up disk space
if: startsWith(runner.name, 'GitHub Actions')
uses: ./.github/actions/disk-cleanup
- name: Build docker image
run: |
./parachain/scripts/build-docker.sh production ${{ env.RELEASE_TAG }}
echo "============================="
docker images
- name: Generate genesis artefacts if need
if: github.event.inputs.genesis_release != 'none'
run: |
docker run --rm litentry/litentry-parachain:${{ env.RELEASE_TAG }} export-genesis-state --chain=${{ env.GENESIS_RELEASE }} > ${{ env.GENESIS_RELEASE }}-genesis-state
docker run --rm litentry/litentry-parachain:${{ env.RELEASE_TAG }} export-genesis-wasm --chain=${{ env.GENESIS_RELEASE }} > ${{ env.GENESIS_RELEASE }}-genesis-wasm
- name: Copy client binary to disk
run: |
docker cp $(docker create --rm litentry/litentry-parachain:${{ env.RELEASE_TAG }}):/usr/local/bin/litentry-collator .
- name: Save docker image
run: |
docker save litentry/litentry-parachain:${{ env.RELEASE_TAG }} | gzip > litentry-parachain-dev.tar.gz
- name: Upload the client binary
uses: actions/upload-artifact@v4
with:
name: litentry-collator
if-no-files-found: ignore
path: |
litentry-collator
litentry-parachain-dev.tar.gz
${{ env.GENESIS_RELEASE }}-genesis-state
${{ env.GENESIS_RELEASE }}-genesis-wasm
build-identity-worker:
if: ${{ github.event.inputs.identity_worker == 'true' }}
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout codes on ${{ env.RELEASE_TAG }}
uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_TAG }}
fetch-depth: 0
- name: Free up disk space
if: startsWith(runner.name, 'GitHub Actions')
uses: ./.github/actions/disk-cleanup
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
# use the docker driver to access the local image
# we don't need external caches or multi platforms here
# see https://docs.docker.com/build/drivers/
driver: docker
# the key for identity worker enclave shall be renewed when switching to sdk-v2.0.0
- name: Write enclave signing key
run: |
cat << EOF > tee-worker/identity/enclave_key.pem
${{ secrets.IDENTITY_ENCLAVE_STAGING_SIGNING_KEY }}
EOF
- name: Build local builder
uses: docker/build-push-action@v6
env:
DOCKER_BUILD_RECORD_UPLOAD: false
with:
context: .
file: tee-worker/identity/build.Dockerfile
tags: local-builder:latest
target: builder
build-args: |
WORKER_MODE_ARG=sidechain
ADDITIONAL_FEATURES_ARG=
SGX_PRODUCTION=1
SGX_MODE=HW
IMAGE_FOR_RELEASE=true
SGX_COMMERCIAL_KEY=enclave_key.pem
- name: Build worker
uses: docker/build-push-action@v6
env:
DOCKER_BUILD_RECORD_UPLOAD: false
with:
context: .
file: tee-worker/identity/build.Dockerfile
tags: litentry/identity-worker:${{ env.RELEASE_TAG }}
target: worker-release
- run: docker images --all
- name: Dockerhub login
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Push worker image
run: |
docker push litentry/identity-worker:${{ env.RELEASE_TAG }}
build-bitacross-worker:
if: ${{ github.event.inputs.bitacross_worker == 'true' }}
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout codes on ${{ env.RELEASE_TAG }}
uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_TAG }}
fetch-depth: 0
- name: Free up disk space
if: startsWith(runner.name, 'GitHub Actions')
uses: ./.github/actions/disk-cleanup
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
# use the docker driver to access the local image
# we don't need external caches or multi platforms here
# see https://docs.docker.com/build/drivers/
driver: docker
- name: Write enclave signing key
run: |
cat << EOF > tee-worker/bitacross/enclave_key.pem
${{ secrets.BITACROSS_ENCLAVE_PROD_SIGNING_KEY }}
EOF
- name: Build local builder
uses: docker/build-push-action@v6
env:
DOCKER_BUILD_RECORD_UPLOAD: false
with:
context: .
file: tee-worker/bitacross/build.Dockerfile
tags: local-builder:latest
target: builder
build-args: |
WORKER_MODE_ARG=offchain-worker
ADDITIONAL_FEATURES_ARG=
SGX_PRODUCTION=1
SGX_MODE=HW
IMAGE_FOR_RELEASE=true
SGX_COMMERCIAL_KEY=enclave_key.pem
- name: Build worker
uses: docker/build-push-action@v6
env:
DOCKER_BUILD_RECORD_UPLOAD: false
with:
context: .
file: tee-worker/bitacross/build.Dockerfile
tags: litentry/bitacross-worker:${{ env.RELEASE_TAG }}
target: worker-release
- run: docker images --all
- name: Dockerhub login
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Push worker image
run: |
docker push litentry/bitacross-worker:${{ env.RELEASE_TAG }}
parachain-ts-tests:
runs-on: ubuntu-latest
needs: build-parachain-client
strategy:
matrix:
chain:
- litentry
name: ${{ matrix.chain }}
steps:
- name: Checkout codes
uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/download-artifact@v4
with:
name: litentry-collator
- name: Load docker image
run: |
docker load < litentry-parachain-dev.tar.gz
docker tag litentry/litentry-parachain:${{ env.RELEASE_TAG }} litentry/litentry-parachain:latest
docker images
- name: Enable corepack and pnpm
run: corepack enable && corepack enable pnpm
- name: Run ts tests for ${{ matrix.chain }}
timeout-minutes: 30
env:
NODE_ENV: prod
run: |
make test-ts-${{ matrix.chain }}
- name: Archive logs if test fails
uses: actions/upload-artifact@v4
if: ${{ failure() }}
with:
name: ${{ matrix.chain }}-ts-tests-artifacts
path: /tmp/parachain_dev/
retention-days: 3
- name: Dockerhub login
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Push docker image
run: |
docker push litentry/litentry-parachain:${{ env.RELEASE_TAG }}
- name: Clean up for ${{ matrix.chain }}
if: ${{ always() }}
run: |
make clean-network
## create the release draft ##
create-release-draft:
runs-on: ubuntu-latest
# see https://github.com/actions/runner/issues/491
# seems to be the only way to achieve this
needs:
- set-release-type
- build-parachain-runtime
- build-identity-worker
- build-bitacross-worker
- parachain-ts-tests
if: |
!failure() &&
(success('build-parachain-runtime') || success('parachain-ts-tests') || success('build-identity-worker') || success('build-bitacross-worker'))
steps:
- name: Checkout codes on ${{ env.RELEASE_TAG }}
uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_TAG }}
fetch-depth: 0
- name: Download all artefacts
uses: actions/download-artifact@v4
- name: Generate release notes
run: |
./parachain/scripts/generate-release-notes.sh ${{ github.workspace }}/.github/release_notes.md ${{ needs.set-release-type.outputs.release_type }} ${{ env.DIFF_TAG }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Create release draft
id: create-release-draft
uses: softprops/action-gh-release@v2
with:
tag_name: ${{ env.RELEASE_TAG }}
name: Release ${{ env.RELEASE_TAG }}
body_path: ${{ github.workspace }}/.github/release_notes.md
draft: true
files: |
*-parachain-runtime/*-parachain-srtool-digest.json
*-parachain-runtime/*-parachain-runtime.compact.compressed.wasm
litentry-collator/litentry-collator
litentry-collator/*-genesis-state
litentry-collator/*-genesis-wasm