-
Notifications
You must be signed in to change notification settings - Fork 20
445 lines (400 loc) · 15.5 KB
/
create-release-draft.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
name: Create release draft
on:
workflow_dispatch:
inputs:
release_client:
type: boolean
description: parachain-client
required: true
default: true
release_runtime:
type: boolean
description: parachain-runtime
required: true
default: true
release_worker:
type: boolean
description: tee-worker
required: true
default: true
release_enclave:
type: boolean
description: tee-enclave
required: true
default: true
release_tag:
description: an existing tag for creating release (e.g. p1.2.0-w0.0.1-101)
required: true
diff_tag:
description: an existing tag to run diff against (e.g. p1.1.0-w0.0.1-100)
default: ""
required: false
genesis_release:
type: choice
description: If any of the genesis artefacts should be released alongside
options:
- none
- litmus
- rococo
- litentry
env:
RELEASE_TAG: ${{ github.event.inputs.release_tag }}
DIFF_TAG: ${{ github.event.inputs.diff_tag }}
GENESIS_RELEASE: ${{ github.event.inputs.genesis_release }}
DOCKER_BUILDKIT: 1
REF_VERSION: ${{ github.head_ref || github.ref_name }}
jobs:
set-release-type:
runs-on: ubuntu-latest
steps:
- name: set release_type
id: vars
run: |
# use something similar to mask to store the release type
t=0000
[ "${{ github.event.inputs.release_client }}" = "true" ] && t="${t:0:0}1${t:1}"
[ "${{ github.event.inputs.release_runtime }}" = "true" ] && t="${t:0:1}1${t:2}"
[ "${{ github.event.inputs.release_worker }}" = "true" ] && t="${t:0:2}1${t:3}"
[ "${{ github.event.inputs.release_enclave }}" = "true" ] && t="${t:0:3}1${t:4}"
if [ $t = "0000"]; then
echo "::error::Please select at least one release type."
exit 1
fi
echo "::group::print release type"
echo "release_type: $t"
echo "::endgroup::"
echo "release_type=$t" >> $GITHUB_OUTPUT
outputs:
release_type: ${{ steps.vars.outputs.release_type }}
## build parachain runtime wasm ##
build-wasm:
if: ${{ github.event.inputs.release_runtime == 'true' }}
runs-on: ubuntu-latest
strategy:
matrix:
chain:
- litmus
- rococo
- litentry
steps:
- name: Checkout codes on ${{ env.RELEASE_TAG }}
uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_TAG }}
fetch-depth: 0
- name: Build with srtool
id: srtool_build
uses: chevdor/[email protected]
env:
# optional: will override the parachain pallet ID and authorize_upgrade call ID,
# which will result in a different parachain_authorize_upgrade_hash
PARACHAIN_PALLET_ID: "0x1e"
AUTHORIZE_UPGRADE_PREFIX: "0x02"
with:
chain: ${{ matrix.chain }}-parachain
runtime_dir: runtime/${{ matrix.chain }}
tag: "1.66.0"
- name: Summary
run: |
echo '${{ steps.srtool_build.outputs.json }}' | jq . > ${{ matrix.chain }}-parachain-srtool-digest.json
echo "==============================================="
cat ${{ matrix.chain }}-parachain-srtool-digest.json
cp ${{ steps.srtool_build.outputs.wasm_compressed }} ${{ matrix.chain }}-parachain-runtime.compact.compressed.wasm
- name: Upload wasm artefacts
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.chain }}-parachain-runtime
path: |
${{ matrix.chain }}-parachain-srtool-digest.json
${{ matrix.chain }}-parachain-runtime.compact.compressed.wasm
## build docker image of parachain binary ##
build-parachain-docker:
if: ${{ github.event.inputs.release_client == 'true' }}
runs-on: ubuntu-latest
steps:
- name: Checkout codes on ${{ env.RELEASE_TAG }}
uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_TAG }}
fetch-depth: 0
- name: Set env
run: |
PARACHAIN_DOCKER_TAG=$(echo ${{ env.RELEASE_TAG }} | sed 's/p/v/;s/\(.*\)-w.*/\1/')
echo "PARACHAIN_DOCKER_TAG=$PARACHAIN_DOCKER_TAG" >> $GITHUB_ENV
- name: Build docker image
run: |
./scripts/build-docker.sh production $PARACHAIN_DOCKER_TAG
echo "============================="
docker images
- name: Dockerhub login
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Push docker image
run: |
docker push litentry/litentry-parachain:$PARACHAIN_DOCKER_TAG
- name: Generate genesis artefacts if need
if: github.event.inputs.genesis_release != 'none'
run: |
docker run --rm litentry/litentry-parachain:$PARACHAIN_DOCKER_TAG export-genesis-state --chain=${{ env.GENESIS_RELEASE }} > ${{ env.GENESIS_RELEASE }}-genesis-state
docker run --rm litentry/litentry-parachain:$PARACHAIN_DOCKER_TAG export-genesis-wasm --chain=${{ env.GENESIS_RELEASE }} > ${{ env.GENESIS_RELEASE }}-genesis-wasm
- name: Copy client binary to disk
run: |
docker cp $(docker create --rm litentry/litentry-parachain:$PARACHAIN_DOCKER_TAG):/usr/local/bin/litentry-collator .
- name: Upload the client binary
uses: actions/upload-artifact@v4
with:
name: litentry-collator
if-no-files-found: ignore
path: |
litentry-collator
${{ env.GENESIS_RELEASE }}-genesis-state
${{ env.GENESIS_RELEASE }}-genesis-wasm
build-worker-docker:
if: ${{ github.event.inputs.release_worker == 'true' }}
runs-on: ubuntu-latest
steps:
- name: Checkout codes on ${{ env.RELEASE_TAG }}
uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_TAG }}
fetch-depth: 0
- name: Free up disk space
if: startsWith(runner.name, 'GitHub Actions')
uses: jlumbroso/free-disk-space@main
with:
tool-cache: true
swap-storage: false
large-packages: false
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
# use the docker driver to access the local image
# we don't need external caches or multi platforms here
# see https://docs.docker.com/build/drivers/
driver: docker
- name: Set env
run: |
WORKER_DOCKER_TAG=$(echo ${{ env.RELEASE_TAG }} | sed 's/.*\(w.*\)/\1/;s/w/v/')
echo "WORKER_DOCKER_TAG=$WORKER_DOCKER_TAG" >> $GITHUB_ENV
- name: Build local builder
uses: docker/build-push-action@v5
with:
context: .
file: tee-worker/build.Dockerfile
tags: local-builder:latest
target: builder
build-args: |
WORKER_MODE_ARG=sidechain
ADDITIONAL_FEATURES_ARG=
IMAGE_FOR_RELEASE=true
- name: Build worker
uses: docker/build-push-action@v5
with:
context: .
file: tee-worker/build.Dockerfile
tags: litentry/litentry-worker:${{ env.WORKER_DOCKER_TAG }}
target: deployed-worker
- name: Build cli
uses: docker/build-push-action@v5
with:
context: .
file: tee-worker/build.Dockerfile
tags: litentry/litentry-cli:${{ env.WORKER_DOCKER_TAG }}
target: deployed-client
- run: docker images --all
- name: Dockerhub login
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Push worker image
run: |
docker push litentry/litentry-worker:$WORKER_DOCKER_TAG
docker push litentry/litentry-cli:$WORKER_DOCKER_TAG
## Build the enclave and package config files
build-tee:
if: ${{ github.event.inputs.release_worker == 'true' }} || ${{ github.event.inputs.release_enclave == 'true' }}
runs-on: tee-prod-builder
outputs:
mrenclave: ${{ steps.mrenclave.outputs.mrenclave }}
enclave_sha1sum: ${{ steps.shasum.outputs.enclave_sha1sum }}
worker_sha1sum: ${{ steps.shasum.outputs.worker_sha1sum }}
steps:
- name: Checkout codes on ${{ env.RELEASE_TAG }}
uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_TAG }}
fetch-depth: 0
- name: Build release artefacts
run: |
source /opt/intel/sgxsdk/environment
./tee-worker/scripts/litentry/release/build.sh ${{ github.event.inputs.release_worker }} ${{ github.event.inputs.release_enclave }}
- name: Set MRENCLAVE
id: mrenclave
run: |
MRENCLAVE=
f="tee-worker/enclave_release/mrenclave.txt"
[ -f "$f" ] && MRENCLAVE=$(cat "$f")
echo "mrenclave=$MRENCLAVE" >> $GITHUB_OUTPUT
- name: Set shasum
id: shasum
run: |
ENCLAVE_SHA1SUM=
WORKER_SHA1SUM=
cd tee-worker/enclave_release
[ -f "enclave.signed.so" ] && ENCLAVE_SHA1SUM=$(shasum enclave.signed.so | awk '{print $1}')
[ -f "litentry-worker" ] && WORKER_SHA1SUM=$(shasum litentry-worker | awk '{print $1}')
echo "enclave_sha1sum=$ENCLAVE_SHA1SUM" >> $GITHUB_OUTPUT
echo "worker_sha1sum=$WORKER_SHA1SUM" >> $GITHUB_OUTPUT
- name: Upload artefacts
uses: actions/upload-artifact@v4
with:
name: litentry-tee
path: ./tee-worker/enclave_release/*
- name: Fail early
if: failure()
uses: andymckay/[email protected]
## test again the built docker image ##
run-ts-tests:
runs-on: ubuntu-latest
needs: build-parachain-docker
strategy:
matrix:
chain:
- litmus
- litentry
steps:
- name: Checkout codes
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Enable corepack and pnpm
run: corepack enable && corepack enable pnpm
- name: Download and tag docker image
run: |
export DOCKER_TAG=$(echo ${{ env.RELEASE_TAG }} | sed 's/p/v/;s/\(.*\)-w.*/\1/')
docker pull litentry/litentry-parachain:$DOCKER_TAG
docker tag litentry/litentry-parachain:$DOCKER_TAG litentry/litentry-parachain:latest
- name: Run ts tests for ${{ matrix.chain }}
timeout-minutes: 20
run: |
make test-ts-docker-${{ matrix.chain }}
- name: Archive logs if test fails
uses: actions/upload-artifact@v4
if: ${{ failure() }}
with:
name: ${{ matrix.chain }}-ts-tests-artifacts
path: /tmp/parachain_dev/
retention-days: 3
- name: Clean up for ${{ matrix.chain }}
if: ${{ always() }}
run: |
make clean-docker-${{ matrix.chain }}
## check extrinsic ##
extrinsic-ordering-check-from-bin:
runs-on: ubuntu-latest
needs: build-parachain-docker
strategy:
matrix:
chain: [rococo, litmus, litentry]
include:
- chain: rococo
ref_url: wss://rpc.rococo-parachain.litentry.io
- chain: litmus
ref_url: wss://rpc.litmus-parachain.litentry.io
- chain: litentry
ref_url: wss://rpc.litentry-parachain.litentry.io
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_TAG }}
- name: Prepare output and compare the metadata
timeout-minutes: 3
run: |
export DOCKER_TAG=$(echo ${{ env.RELEASE_TAG }} | sed 's/p/v/;s/\(.*\)-w.*/\1/')
PARACHAIN_NAME=local-parachain
BASE_URL=ws://127.0.0.1:9944
chain=${{ matrix.chain }}
REF_URL=${{ matrix.ref_url }}
echo "Metadata comparison:" > output-$chain.txt
echo "Date: $(date)" >> output-$chain.txt
echo "Base: $BASE_URL" >> output-$chain.txt
echo "Reference: $REF_URL" >> output-$chain.txt
echo "Target Tag: ${{ env.RELEASE_TAG }}" >> output-$chain.txt
echo "Chain: $chain" >> output-$chain.txt
echo "----------------------------------------------------------------------" >> output-$chain.txt
echo "Running parachain: $chain"
docker run --pull always --rm --name=$PARACHAIN_NAME -d -p 9944:9944 litentry/litentry-parachain:$DOCKER_TAG --chain=$chain-dev --rpc-cors=all --ws-external --tmp -- --dev
sleep 3
CMD="docker run --pull always --network host jacogr/polkadot-js-tools metadata $REF_URL $BASE_URL"
echo -e "Running:\n$CMD"
docker run --pull always --rm --network host jacogr/polkadot-js-tools metadata $REF_URL $BASE_URL | tee -a output-$chain.txt
SUMMARY=$(./scripts/extrinsic-ordering-filter.sh output-$chain.txt)
echo -e $SUMMARY >> output-$chain.txt
docker stop $PARACHAIN_NAME
content=$(< output-$chain.txt)
echo "content<<EOF" >> $GITHUB_ENV
echo "$content" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
- name: Find issues
uses: actions-cool/issues-helper@v3
id: findissueid
with:
actions: "find-issues"
token: ${{ secrets.GITHUB_TOKEN }}
issue-state: "open"
title-includes: Litentry-parachain ${{ env.RELEASE_TAG }} Release checklist
- name: Create comment
if: ${{ steps.findissueid.outputs.issues }} != '[]'
uses: actions-cool/issues-helper@v3
with:
actions: "create-comment"
token: ${{ secrets.GITHUB_TOKEN }}
issue-number: ${{ fromJson(steps.findissueid.outputs.issues)[0].number }}
body: |
${{ env.content }}
## create the release draft ##
create-release-draft:
runs-on: ubuntu-latest
# see https://github.com/actions/runner/issues/491
# seems to be the only way to achieve this
needs:
- set-release-type
- build-tee
- run-ts-tests
- build-wasm
if: |
!failure() &&
(success('build-wasm') || success('run-ts-tests') || success('build-tee'))
steps:
- name: Checkout codes on ${{ env.RELEASE_TAG }}
uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_TAG }}
fetch-depth: 0
- name: Download all artefacts
uses: actions/download-artifact@v4
- name: Generate release notes
run: |
export MRENCLAVE="${{ needs.build-tee.outputs.mrenclave }}"
export ENCLAVE_SHA1SUM="${{ needs.build-tee.outputs.enclave_sha1sum }}"
export WORKER_SHA1SUM="${{ needs.build-tee.outputs.worker_sha1sum }}"
./scripts/generate-release-notes.sh ${{ github.workspace }}/.github/release_notes.md ${{ needs.set-release-type.outputs.release_type }} ${{ env.DIFF_TAG }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Create release draft
id: create-release-draft
uses: softprops/action-gh-release@v1
with:
tag_name: ${{ env.RELEASE_TAG }}
name: Litentry-parachain ${{ env.RELEASE_TAG }}
body_path: ${{ github.workspace }}/.github/release_notes.md
draft: true
files: |
*-parachain-runtime/*-parachain-srtool-digest.json
*-parachain-runtime/*-parachain-runtime.compact.compressed.wasm
litentry-collator/*
litentry-tee/*