fix: remote certifi, test default ca bundles #398

Workflow file for this run

.github/workflows/release.yml at c2c103f

	name: Release

	# Triggered on pushing a tag
	on:
	push:
	tags:
	- "v..*"

	jobs:
	# PyInstaller job for both x64 and arm64 binaries
	build-macos-pyinstaller:
	runs-on: ${{ matrix.os }}
	strategy:
	matrix:
	os: [macos-14, macos-14-large]

	steps:
	- uses: actions/checkout@v3

	# Install OpenSSL for Mac with Homebrew and set up the environment for Python to locate it
	- name: Install OpenSSL
	run: \|
	brew install openssl
	echo "Adding OpenSSL to PATH"
	echo "$(brew --prefix openssl)/bin" >> $GITHUB_PATH
	echo "SSL_CERT_FILE=$(brew --prefix openssl)/etc/openssl/cert.pem" >> $GITHUB_ENV
	echo "REQUESTS_CA_BUNDLE=$(brew --prefix openssl)/etc/openssl/cert.pem" >> $GITHUB_ENV

	# Setup Python
	- uses: actions/setup-python@v4
	with:
	python-version: "3.10"

	# Verify SSL by testing a simple HTTPS request
	- name: Test SSL with HTTPS Request
	run: \|
	python -c "import ssl; print(ssl.OPENSSL_VERSION)"
	python -c "import urllib.request; urllib.request.urlopen('https://pypi.org')"

	# Install Poetry and its dependencies
	- name: Install and configure Poetry
	uses: snok/install-poetry@v1
	with:
	version: "1.4.0"
	virtualenvs-create: true
	virtualenvs-in-project: false
	virtualenvs-path: ~/my-custom-path
	installer-parallel: true

	# Set architecture for macos-latest-large as x64 and arm64 for other versions
	- name: Set architecture environment variable
	run: \|
	if [ "${{ matrix.os }}" == "macos-14-large" ]; then
	echo "OS_ARCH=x64" >> $GITHUB_ENV;
	else
	echo "OS_ARCH=arm64" >> $GITHUB_ENV;
	fi

	# Cache Poetry dependencies with unique key for each environment and architecture
	- name: Cache Poetry dependencies
	uses: actions/cache@v3
	with:
	path: \|
	~/.cache/pypoetry
	~/.cache/pip
	~/.venv
	key: poetry-${{ env.OS_ARCH }}-${{ hashFiles('**/poetry.lock') }}
	restore-keys: \|
	poetry-${{ env.OS_ARCH }}-

	- name: Install dependencies
	run: poetry install

	# Download and build with PyInstaller
	- name: Get trader bin
	run: \|
	trader_version=$(poetry run python -c "import yaml; config = yaml.safe_load(open('templates/trader.yaml')); print(config['service_version'])")
	echo $trader_version
	mkdir dist && curl -L -o dist/aea_bin "https://github.com/valory-xyz/trader/releases/download/${trader_version}/trader_bin_${{ env.OS_ARCH }}"

	- name: Build with PyInstaller
	run: \|
	poetry run pyinstaller operate/services/utils/tendermint.py --onefile
	poetry run pyinstaller --collect-data eth_account --collect-all aea --collect-all autonomy --collect-all operate --collect-all aea_ledger_ethereum --collect-all aea_ledger_cosmos --collect-all aea_ledger_ethereum_flashbots --hidden-import aea_ledger_ethereum --hidden-import aea_ledger_cosmos --hidden-import aea_ledger_ethereum_flashbots operate/pearl.py --add-binary dist/aea_bin:. --add-binary dist/tendermint:. --onefile --name pearl_${{ env.OS_ARCH }}

	- name: Upload Release Assets
	uses: actions/upload-artifact@v4
	with:
	name: pearl_${{ env.OS_ARCH }}
	path: dist/pearl_${{ env.OS_ARCH }}

	# Jobs for production and development, running separately for x64 and arm64
	build-release:
	runs-on: macos-latest
	strategy:
	matrix:
	env: [production, development]
	arch: [arm64, x64]

	needs: build-macos-pyinstaller

	steps:
	- uses: actions/checkout@v3

	- uses: actions/setup-node@v4
	with:
	node-version: "20.x"
	registry-url: "https://registry.npmjs.org"

	# Configure Yarn network settings for timeout, retries, and reduced concurrency
	- name: Configure Yarn network settings
	run: \|
	yarn config set network-timeout 60000 # Set network timeout to 1 minute
	yarn config set network-retries 10 # Retry up to 10 times
	yarn config set network-concurrency 2 # Reduce concurrency to 2 connections


	# Download the appropriate architecture artifact
	- name: Download Pearl binary for architecture
	uses: actions/download-artifact@v4
	with:
	name: pearl_${{ matrix.arch }}
	path: electron/bins/

	# Add execution permissions to the binaries
	- name: Add exec permissions
	run: chmod +x electron/bins/pearl_${{ matrix.arch }}

	# Cache electron node_modules with unique key for each environment and architecture
	- name: Restore electron node_modules cache
	id: cache-electron-node-modules
	uses: actions/cache@v3
	with:
	path: node_modules
	key: electron-node-modules-${{ runner.os }}-${{ matrix.arch }}-${{ matrix.env }}-${{ hashFiles('yarn.lock') }}

	# Install electron dependencies if cache miss
	- name: Install electron dependencies
	if: steps.cache-electron-node-modules.outputs.cache-hit != 'true'
	run: yarn install

	# Cache frontend node_modules with unique key for each environment and architecture
	- name: Restore frontend node_modules cache
	id: cache-frontend-node-modules
	uses: actions/cache@v3
	with:
	path: frontend/node_modules
	key: frontend-node-modules-${{ runner.os }}-${{ matrix.arch }}-${{ matrix.env }}-${{ hashFiles('frontend/yarn.lock') }}

	# Install frontend dependencies if cache miss
	- name: Install frontend dependencies
	if: steps.cache-frontend-node-modules.outputs.cache-hit != 'true'
	run: yarn install:frontend

	# Build frontend for production
	- name: Build frontend for production
	if: matrix.env == 'production'
	run: yarn build:frontend
	env:
	NODE_ENV: ${{ matrix.env }}
	DEV_RPC: https://rpc-gate.autonolas.tech/gnosis-rpc/
	IS_STAGING: ${{ github.ref != 'refs/heads/main' && 'true' \|\| 'false' }}
	FORK_URL: https://rpc-gate.autonolas.tech/gnosis-rpc/

	# Build frontend for development
	- name: Build frontend for development
	if: matrix.env == 'development'
	run: yarn build:frontend
	env:
	NODE_ENV: ${{ matrix.env }}
	DEV_RPC: https://virtual.gnosis.rpc.tenderly.co/80ff70d1-71fd-4c9e-9402-913f0c4c58b0
	IS_STAGING: ${{ github.ref != 'refs/heads/main' && 'true' \|\| 'false' }}
	FORK_URL: https://virtual.gnosis.rpc.tenderly.co/80ff70d1-71fd-4c9e-9402-913f0c4c58b0

	# Run the build and notarization process for production
	- name: Build, notarize, and publish (Production)
	if: matrix.env == 'production'
	env:
	APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLEIDPASS }}
	APPLE_ID: ${{ secrets.APPLEID }}
	APPLETEAMID: ${{ secrets.APPLETEAMID }}
	CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
	CSC_LINK: ${{ secrets.CSC_LINK }}
	GH_TOKEN: ${{ secrets.github_token }}
	NODE_ENV: ${{ matrix.env }}
	ARCH: ${{ matrix.arch }}
	DEV_RPC: https://rpc-gate.autonolas.tech/gnosis-rpc/
	FORK_URL: https://rpc-gate.autonolas.tech/gnosis-rpc/
	run: node build.js

	# Run the build and notarization process for development
	- name: Build, notarize, and publish (Development)
	if: matrix.env == 'development'
	env:
	APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLEIDPASS }}
	APPLE_ID: ${{ secrets.APPLEID }}
	APPLETEAMID: ${{ secrets.APPLETEAMID }}
	CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
	CSC_LINK: ${{ secrets.CSC_LINK }}
	GH_TOKEN: ${{ secrets.github_token }}
	NODE_ENV: ${{ matrix.env }}
	ARCH: ${{ matrix.arch }}
	DEV_RPC: https://virtual.gnosis.rpc.tenderly.co/80ff70d1-71fd-4c9e-9402-913f0c4c58b0
	FORK_URL: https://virtual.gnosis.rpc.tenderly.co/80ff70d1-71fd-4c9e-9402-913f0c4c58b0
	run: \|
	echo "DEV_RPC=https://virtual.gnosis.rpc.tenderly.co/80ff70d1-71fd-4c9e-9402-913f0c4c58b0" >> .env
	echo "FORK_URL=https://virtual.gnosis.rpc.tenderly.co/80ff70d1-71fd-4c9e-9402-913f0c4c58b0" >> .env
	node build.js

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: remote certifi, test default ca bundles #398

Workflow file

fix: remote certifi, test default ca bundles #398

Jobs

Run details

Workflow file for this run