Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • parity/mirrors/polkadot-sdk
1 result
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 1434 additions and 256 deletions
.github/workflows/docs.yml 0 → 100644
View file @ 5093d8e1
name: Docs
on:
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/reusable-preflight.yml
test-doc:
runs-on: ${{ needs.preflight.outputs.RUNNER }}
timeout-minutes: 60
needs: [preflight]
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- uses: actions/checkout@v4
- run: forklift cargo test --doc --workspace
id: required
env:
RUSTFLAGS: "-Cdebug-assertions=y -Dwarnings"
- name: Stop all workflows if failed
if: ${{ failure() && steps.required.conclusion == 'failure' && !github.event.pull_request.head.repo.fork }}
uses: ./.github/actions/workflow-stopper
with:
app-id: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_ID }}
app-key: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_KEY }}
build-rustdoc:
runs-on: ${{ needs.preflight.outputs.RUNNER }}
timeout-minutes: 40
if: ${{ needs.preflight.outputs.changes_rust }}
needs: [preflight]
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- uses: actions/checkout@v4
- run: forklift cargo doc --all-features --workspace --no-deps
id: required
env:
SKIP_WASM_BUILD: 1
RUSTDOCFLAGS: "-Dwarnings --default-theme=ayu --html-in-header ./docs/sdk/assets/header.html --extend-css ./docs/sdk/assets/theme.css --html-after-content ./docs/sdk/assets/after-content.html"
- run: rm -f ./target/doc/.lock
- run: mv ./target/doc ./crate-docs
- name: Inject Simple Analytics script
run: |
script_content="<script async defer src=\"https://apisa.parity.io/latest.js\"></script><noscript><img src=\"https://apisa.parity.io/latest.js\" alt=\"\" referrerpolicy=\"no-referrer-when-downgrade\" /></noscript>"
docs_dir="./crate-docs"
inject_simple_analytics() {
find "$1" -name '*.html' | xargs -I {} -P "$(nproc)" bash -c 'file="{}"; echo "Adding Simple Analytics script to $file"; sed -i "s|</head>|'"$2"'</head>|" "$file";'
}
inject_simple_analytics "$docs_dir" "$script_content"
- run: echo "<meta http-equiv=refresh content=0;url=polkadot_sdk_docs/index.html>" > ./crate-docs/index.html
- uses: actions/upload-artifact@v4
with:
name: ${{ github.sha }}-doc
path: ./crate-docs/
retention-days: 1
if-no-files-found: error
- name: Stop all workflows if failed
if: ${{ failure() && steps.required.conclusion == 'failure' && !github.event.pull_request.head.repo.fork }}
uses: ./.github/actions/workflow-stopper
with:
app-id: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_ID }}
app-key: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_KEY }}
build-implementers-guide:
runs-on: ubuntu-latest
needs: isdraft
container:
image: paritytech/mdbook-utils:e14aae4a-20221123
options: --user root
steps:
- uses: actions/checkout@v4
- run: mdbook build ./polkadot/roadmap/implementers-guide
- run: mkdir -p artifacts
- run: mv polkadot/roadmap/implementers-guide/book artifacts/
- uses: actions/upload-artifact@v4
with:
name: ${{ github.sha }}-guide
path: ./artifacts/
retention-days: 1
if-no-files-found: error
confirm-required-jobs-passed:
runs-on: ubuntu-latest
name: All docs jobs passed
# If any new job gets added, be sure to add it to this array
needs: [test-doc, build-rustdoc, build-implementers-guide]
if: always() && !cancelled()
steps:
- run: |
tee resultfile <<< '${{ toJSON(needs) }}'
FAILURES=$(cat resultfile | grep '"result": "failure"' | wc -l)
if [ $FAILURES -gt 0 ]; then
echo "### At least one required job failed ❌" >> $GITHUB_STEP_SUMMARY
exit 1
else
echo '### Good job! All the required jobs passed 🚀' >> $GITHUB_STEP_SUMMARY
fi
publish-rustdoc:
if: github.ref == 'refs/heads/master'
runs-on: ubuntu-latest
environment: subsystem-benchmarks
needs: [build-rustdoc, build-implementers-guide]
steps:
- uses: actions/checkout@v4
with:
ref: gh-pages
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ secrets.POLKADOTSDK_GHPAGES_APP_ID }}
private-key: ${{ secrets.POLKADOTSDK_GHPAGES_APP_KEY }}
- name: Ensure destination dir does not exist
run: |
rm -rf book/
rm -rf ${REF_NAME}
env:
REF_NAME: ${{ github.head_ref || github.ref_name }}
- name: Download rustdocs
uses: actions/download-artifact@v4
with:
name: ${{ github.sha }}-doc
path: ${{ github.head_ref || github.ref_name }}
- name: Download guide
uses: actions/download-artifact@v4
with:
name: ${{ github.sha }}-guide
path: /tmp
- run: mkdir -p book
- name: Move book files
run: mv /tmp/book/html/* book/
- name: Push changes to gh-pages
env:
TOKEN: ${{ steps.app-token.outputs.token }}
APP_NAME: "paritytech-upd-ghpages-polkadotsdk"
REF_NAME: ${{ github.head_ref || github.ref_name }}
Green: "\e[32m"
NC: "\e[0m"
run: |
echo "${Green}Git add${NC}"
git add book/
git add ${REF_NAME}/
echo "${Green}git status | wc -l${NC}"
git status | wc -l
echo "${Green}Add new remote with gh app token${NC}"
git remote set-url origin $(git config remote.origin.url | sed "s/github.com/${APP_NAME}:${TOKEN}@github.com/g")
echo "${Green}Remove http section that causes issues with gh app auth token${NC}"
sed -i.bak '/\[http/d' ./.git/config
sed -i.bak '/extraheader/d' ./.git/config
echo "${Green}Git push${NC}"
git config user.email "ci@parity.io"
git config user.name "${APP_NAME}"
git commit --amend -m "___Updated docs" || echo "___Nothing to commit___"
git push origin gh-pages --force
.github/workflows/fork-sync-action.yml
View file @ 5093d8e1
# This Workflow is not supposed to run in the paritytech/polkadot-sdk repo.
# This Workflow is supposed to run only in the forks of the repo,
# This Workflow is supposed to run only in the forks of the repo,
# paritytech-release/polkadot-sdk specifically,
# to automatically maintain the critical fork synced with the upstream.
# This Workflow should be always disabled in the paritytech/polkadot-sdk repo.
......@@ -11,10 +11,10 @@ on:
workflow_dispatch:
jobs:
job_sync_branches:
uses: paritytech-release/sync-workflows/.github/workflows/sync-with-upstream.yml@latest
with:
fork_writer_app_id: ${{ vars.UPSTREAM_CONTENT_SYNC_APP_ID}}
fork_owner: ${{ vars.RELEASE_ORG}}
secrets:
fork_writer_app_key: ${{ secrets.UPSTREAM_CONTENT_SYNC_APP_KEY }}
job_sync_branches:
uses: paritytech-release/sync-workflows/.github/workflows/sync-with-upstream.yml@main
with:
fork_writer_app_id: ${{ vars.UPSTREAM_CONTENT_SYNC_APP_ID}}
fork_owner: ${{ vars.RELEASE_ORG}}
secrets:
fork_writer_app_key: ${{ secrets.UPSTREAM_CONTENT_SYNC_APP_KEY }}
.github/workflows/gitspiegel-trigger.yml
View file @ 5093d8e1
......@@ -28,8 +28,11 @@ on:
permissions: {}
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
sync:
runs-on: ubuntu-latest
needs: isdraft
steps:
- name: Do nothing
run: echo "let's go"
.github/workflows/misc-sync-templates.yml
View file @ 5093d8e1
......@@ -21,9 +21,76 @@ on:
stable_release_branch:
description: 'Stable release branch, e.g. stable2407'
required: true
debug:
description: Enable runner debug logging
required: false
default: false
patch:
description: 'Patch number of the stable release we want to sync with'
required: false
default: ""
jobs:
prepare-chain-spec-artifacts:
runs-on: ubuntu-latest
strategy:
matrix:
include:
- template: minimal
package_name: 'minimal-template-runtime'
runtime_path: './templates/minimal/runtime'
runtime_wasm_path: minimal-template-runtime/minimal_template_runtime.compact.compressed.wasm
relay_chain: 'dev'
- template: parachain
package_name: 'parachain-template-runtime'
runtime_path: './templates/parachain/runtime'
runtime_wasm_path: parachain-template-runtime/parachain_template_runtime.compact.compressed.wasm
relay_chain: 'rococo-local'
steps:
- uses: actions/checkout@v4
with:
ref: "${{ github.event.inputs.stable_release_branch }}"
- name: Setup build environment
run: |
sudo apt-get update
sudo apt-get install -y protobuf-compiler
cargo install --git https://github.com/chevdor/srtool-cli --locked
cargo install --path substrate/bin/utils/chain-spec-builder --locked
srtool pull
- name: Build runtime and generate chain spec
run: |
# Prepare directories
sudo mkdir -p ${{ matrix.runtime_path }}/target
sudo chmod -R 777 ${{ matrix.runtime_path }}/target
# Build runtime
srtool build --package ${{ matrix.package_name }} --runtime-dir ${{ matrix.runtime_path }} --root
# Generate chain spec
# Note that para-id is set to 1000 for both minimal/parachain templates.
# `parachain-runtime` is hardcoded to use this parachain id.
# `minimal` template isn't using it, but when started with Omni Node, this para id is required (any number can do it, so setting it to 1000 for convenience).
chain-spec-builder -c dev_chain_spec.json create \
--relay-chain "${{ matrix.relay_chain }}" \
--para-id 1000 \
--runtime "${{ matrix.runtime_path }}/target/srtool/release/wbuild/${{ matrix.runtime_wasm_path }}" \
named-preset development
- name: Prepare upload directory
run: |
mkdir -p artifacts-${{ matrix.template }}
cp dev_chain_spec.json artifacts-${{ matrix.template }}/dev_chain_spec.json
- name: Upload template directory
uses: actions/upload-artifact@v4
with:
name: artifacts-${{ matrix.template }}
path: artifacts-${{ matrix.template }}/dev_chain_spec.json
sync-templates:
needs: prepare-chain-spec-artifacts
runs-on: ubuntu-latest
environment: master
strategy:
......@@ -44,6 +111,12 @@ jobs:
with:
path: polkadot-sdk
ref: "${{ github.event.inputs.stable_release_branch }}"
- name: Download template artifacts
uses: actions/download-artifact@v4
with:
name: artifacts-${{ matrix.template }}
path: templates/${{ matrix.template }}/
if: matrix.template != 'solochain'
- name: Generate a token for the template repository
id: app_token
uses: actions/create-github-app-token@v1.9.3
......@@ -76,6 +149,10 @@ jobs:
working-directory: polkadot-sdk/templates/${{ matrix.template }}/
- name: Create a new workspace Cargo.toml
run: |
# This replaces the existing Cargo.toml for parachain-template,
# corresponding to the `parachain-template-docs` crate, so no need
# to delete that `Cargo.toml` after copying the `polkadot-sdk/templates/parachain/*`
# to the `polkadot-sdk-parachain-template` repo.
cat << EOF > Cargo.toml
[workspace.package]
license = "MIT-0"
......@@ -83,6 +160,12 @@ jobs:
homepage = "https://paritytech.github.io/polkadot-sdk/"
[workspace]
EOF
[ ${{ matrix.template }} != "solochain" ] && echo "# Leave out the node compilation from regular template usage." \
&& echo "default-members = [\"pallets/template\", \"runtime\"]" >> Cargo.toml
[ ${{ matrix.template }} == "solochain" ] && echo "# The node isn't yet replaceable by Omni Node."
cat << EOF >> Cargo.toml
members = [
"node",
"pallets/template",
......@@ -109,8 +192,9 @@ jobs:
toml set templates/${{ matrix.template }}/Cargo.toml 'workspace.package.edition' "$(toml get --raw Cargo.toml 'workspace.package.edition')" > Cargo.temp
mv Cargo.temp ./templates/${{ matrix.template }}/Cargo.toml
working-directory: polkadot-sdk
- name: Print the result Cargo.tomls for debugging
if: runner.debug == '1'
if: ${{ github.event.inputs.debug }}
run: find . -type f -name 'Cargo.toml' -exec cat {} \;
working-directory: polkadot-sdk/templates/${{ matrix.template }}/
......@@ -120,9 +204,21 @@ jobs:
- name: Copy over the new changes
run: |
cp -r polkadot-sdk/templates/${{ matrix.template }}/* "${{ env.template-path }}/"
- name: Remove unnecessary files from parachain template
if: ${{ matrix.template == 'parachain' }}
run: |
rm -f "${{ env.template-path }}/README.docify.md"
rm -f "${{ env.template-path }}/src/lib.rs"
- name: Run psvm on monorepo workspace dependencies
run: psvm -o -v ${{ github.event.inputs.stable_release_branch }} -p ./Cargo.toml
run: |
patch_input="${{ github.event.inputs.patch }}"
if [[ -n "$patch_input" ]]; then
patch="-$patch_input"
else
patch=""
fi
psvm -o -v "${{ github.event.inputs.stable_release_branch }}$patch" -p ./Cargo.toml
working-directory: polkadot-sdk/
- name: Copy over required workspace dependencies
run: |
......@@ -136,6 +232,12 @@ jobs:
done;
working-directory: "${{ env.template-path }}"
- name: Print the result Cargo.tomls for debugging after copying required workspace dependencies
if: ${{ github.event.inputs.debug }}
run: find . -type f -name 'Cargo.toml' -exec cat {} \;
working-directory: polkadot-sdk/templates/${{ matrix.template }}/
# 3. Verify the build. Push the changes or create a PR.
# We've run into out-of-disk error when compiling in the next step, so we free up some space this way.
......@@ -157,7 +259,7 @@ jobs:
timeout-minutes: 90
- name: Create PR on failure
if: failure() && steps.check-compilation.outcome == 'failure'
uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v5
uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v5
with:
path: "${{ env.template-path }}"
token: ${{ steps.app_token.outputs.token }}
......@@ -167,7 +269,7 @@ jobs:
body: "The template has NOT been successfully built and needs to be inspected."
branch: "update-template/${{ github.event.inputs.stable_release_branch }}"
- name: Create PR on success
uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v5
uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v5
with:
path: "${{ env.template-path }}"
token: ${{ steps.app_token.outputs.token }}
......
.github/workflows/misc-update-wishlist-leaderboard.yml
View file @ 5093d8e1
......@@ -11,6 +11,7 @@ permissions:
jobs:
update-wishlist-leaderboard:
if: github.repository == 'paritytech/polkadot-sdk'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
......
.github/workflows/publish-check-compile.yml 0 → 100644
View file @ 5093d8e1
name: Check publish build
on:
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/reusable-preflight.yml
check-publish-compile:
timeout-minutes: 90
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7
- name: Rust Cache
uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7
with:
cache-on-failure: true
- name: install parity-publish
run: |
rustup override set 1.82.0
cargo install parity-publish@0.10.4 --locked -q
- name: parity-publish update plan
run: parity-publish --color always plan --skip-check --prdoc prdoc/
- name: parity-publish apply plan
run: parity-publish --color always apply --registry
- name: parity-publish check compile
run: |
packages="$(parity-publish apply --print)"
if [ -n "$packages" ]; then
cargo --color always check $(printf -- '-p %s ' $packages)
fi
.github/workflows/publish-check-crates.yml
View file @ 5093d8e1
......@@ -8,19 +8,26 @@ on:
types: [opened, synchronize, reopened, ready_for_review]
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
check-publish:
runs-on: ubuntu-latest
needs: isdraft
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7
- name: Rust Cache
uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3
uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7
with:
cache-on-failure: true
- name: install parity-publish
run: cargo install parity-publish@0.8.0
run: cargo install parity-publish@0.10.4 --locked -q
- name: parity-publish check
run: parity-publish --color always check --allow-unpublished
.github/workflows/publish-claim-crates.yml
View file @ 5093d8e1
......@@ -10,15 +10,15 @@ jobs:
runs-on: ubuntu-latest
environment: master
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7
- name: Rust Cache
uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3
uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7
with:
cache-on-failure: true
- name: install parity-publish
run: cargo install parity-publish@0.8.0
run: cargo install parity-publish@0.10.4 --locked -q
- name: parity-publish claim
env:
......
.github/workflows/publish-subsystem-benchmarks.yml deleted 100644 → 0
View file @ c8ca6b6f
# The actions takes json file as input and runs github-action-benchmark for it.
on:
workflow_dispatch:
inputs:
benchmark-data-dir-path:
description: "Path to the benchmark data directory"
required: true
type: string
output-file-path:
description: "Path to the benchmark data file"
required: true
type: string
jobs:
subsystem-benchmarks:
runs-on: ubuntu-latest
environment: subsystem-benchmarks
steps:
- name: Validate inputs
run: |
echo "${{ github.event.inputs.benchmark-data-dir-path }}" | grep -P '^[a-z\-]'
echo "${{ github.event.inputs.output-file-path }}" | grep -P '^[a-z\-]+\.json'
- name: Checkout Sources
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: "gh-pages"
- name: Copy bench results
id: step_one
run: |
cp bench/gitlab/${{ github.event.inputs.output-file-path }} ${{ github.event.inputs.output-file-path }}
- name: Switch branch
id: step_two
run: |
git checkout master --
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ secrets.POLKADOTSDK_GHPAGES_APP_ID }}
private-key: ${{ secrets.POLKADOTSDK_GHPAGES_APP_KEY }}
- name: Store benchmark result
uses: benchmark-action/github-action-benchmark@v1
with:
tool: "customSmallerIsBetter"
name: ${{ github.event.inputs.benchmark-data-dir-path }}
output-file-path: ${{ github.event.inputs.output-file-path }}
benchmark-data-dir-path: "bench/${{ github.event.inputs.benchmark-data-dir-path }}"
github-token: ${{ steps.app-token.outputs.token }}
auto-push: true
.github/workflows/release-10_branchoff-stable.yml 0 → 100644
View file @ 5093d8e1
name: Release - Branch off stable branch
on:
workflow_dispatch:
inputs:
stable_version:
description: New stable version in the format stableYYMM
required: true
type: string
node_version:
description: Version of the polkadot node in the format X.XX.X (e.g. 1.15.0)
required: true
jobs:
prepare-tooling:
runs-on: ubuntu-latest
outputs:
node_version: ${{ steps.validate_inputs.outputs.node_version }}
stable_version: ${{ steps.validate_inputs.outputs.stable_version }}
steps:
- name: Checkout sources
uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7
- name: Validate inputs
id: validate_inputs
run: |
. ./.github/scripts/common/lib.sh
node_version=$(filter_version_from_input "${{ inputs.node_version }}")
echo "node_version=${node_version}" >> $GITHUB_OUTPUT
stable_version=$(validate_stable_tag ${{ inputs.stable_version }})
echo "stable_version=${stable_version}" >> $GITHUB_OUTPUT
create-stable-branch:
needs: [prepare-tooling]
runs-on: ubuntu-latest
environment: release
env:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_SIGN_COMMITS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
STABLE_BRANCH_NAME: ${{ needs.prepare-tooling.outputs.stable_version }}
steps:
- name: Install pgpkkms
run: |
# Install pgpkms that is used to sign commits
pip install git+https://github.com/paritytech-release/pgpkms.git@e7f806f99e9be5c52f0b4a536b7d4ef9c3e695ed
- name: Generate content write token for the release automation
id: generate_write_token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.RELEASE_AUTOMATION_APP_ID }}
private-key: ${{ secrets.RELEASE_AUTOMATION_APP_PRIVATE_KEY }}
owner: paritytech
- name: Checkout sources
uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7
with:
ref: master
token: ${{ steps.generate_write_token.outputs.token }}
- name: Import gpg keys
run: |
. ./.github/scripts/common/lib.sh
import_gpg_keys
- name: Config git
run: |
git config --global commit.gpgsign true
git config --global gpg.program /home/runner/.local/bin/pgpkms-git
git config --global user.name "ParityReleases"
git config --global user.email "release-team@parity.io"
git config --global user.signingKey "D8018FBB3F534D866A45998293C5FB5F6A367B51"
- name: Create stable branch
run: |
git checkout -b "$STABLE_BRANCH_NAME"
git show-ref "$STABLE_BRANCH_NAME"
- name: Bump versions, reorder prdocs and push stable branch
env:
GH_TOKEN: ${{ steps.generate_write_token.outputs.token }}
run: |
. ./.github/scripts/release/release_lib.sh
NODE_VERSION="${{ needs.prepare-tooling.outputs.node_version }}"
NODE_VERSION_PATTERN="\(NODE_VERSION[^=]*= \)\".*\""
set_version "$NODE_VERSION_PATTERN" $NODE_VERSION "polkadot/node/primitives/src/lib.rs"
commit_with_message "Bump node version to $NODE_VERSION in polkadot-cli"
set_version "$NODE_VERSION_PATTERN" $NODE_VERSION "cumulus/polkadot-omni-node/lib/src/nodes/mod.rs"
commit_with_message "Bump node version to $NODE_VERSION in polkadot-omni-node-lib"
SPEC_VERSION=$(get_spec_version $NODE_VERSION)
runtimes_list=$(get_filtered_runtimes_list)
set_spec_versions $SPEC_VERSION "${runtimes_list[@]}"
# TODO: clarify what to do with the polkadot-parachain binary
# Set new version for polkadot-parachain binary to match the polkadot node binary
# set_polkadot_parachain_binary_version $NODE_VERSION "cumulus/polkadot-parachain/Cargo.toml"
reorder_prdocs $STABLE_BRANCH_NAME
gh auth setup-git
git push origin "$STABLE_BRANCH_NAME"
.github/workflows/release-10_rc-automation.yml .github/workflows/release-11_rc-automation.yml
View file @ 5093d8e1
name: Release - RC automation
on:
# TODO: Activate it and delete old branches patterns, when the release process from stable is setteled
# TODO: Activate it and delete old branches patterns, when the release process from stable is settled
#push:
# branches:
# # Catches release-polkadot-v1.2.3, release-v1.2.3-rc1, etc
......@@ -12,7 +12,7 @@ on:
workflow_dispatch:
inputs:
version:
description: Current release/rc version in format vX.X.X
description: Current release/rc version in format polkadot-stableYYMM
jobs:
tag_rc:
......@@ -23,12 +23,46 @@ jobs:
- name: "RelEng: Polkadot Release Coordination"
room: '!cqAmzdIcbOFwrdrubV:parity.io'
environment: release
env:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_SIGN_COMMITS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
steps:
- name: Install pgpkkms
run: |
# Install pgpkms that is used to sign commits
pip install git+https://github.com/paritytech-release/pgpkms.git@e7f806f99e9be5c52f0b4a536b7d4ef9c3e695ed
- name: Generate content write token for the release automation
id: generate_write_token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.RELEASE_AUTOMATION_APP_ID }}
private-key: ${{ secrets.RELEASE_AUTOMATION_APP_PRIVATE_KEY }}
owner: paritytech
- name: Checkout sources
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7
with:
fetch-depth: 0
token: ${{ steps.generate_write_token.outputs.token }}
- name: Import gpg keys
run: |
. ./.github/scripts/common/lib.sh
import_gpg_keys
- name: Config git
run: |
git config --global commit.gpgsign true
git config --global gpg.program /home/runner/.local/bin/pgpkms-git
git config --global user.name "ParityReleases"
git config --global user.email "release-team@parity.io"
git config --global user.signingKey "D8018FBB3F534D866A45998293C5FB5F6A367B51"
- name: Compute next rc tag
# if: ${{ steps.get_rel_product.outputs.product == 'polkadot' }}
......@@ -41,7 +75,7 @@ jobs:
if [[ -z "${{ inputs.version }}" ]]; then
version=v$(get_polkadot_node_version_from_code)
else
version=$(filter_version_from_input ${{ inputs.version }})
version=$(validate_stable_tag ${{ inputs.version }})
fi
echo "$version"
echo "version=$version" >> $GITHUB_OUTPUT
......@@ -58,13 +92,12 @@ jobs:
fi
- name: Apply new tag
uses: tvdias/github-tagger@ed7350546e3e503b5e942dffd65bc8751a95e49d # v0.0.2
with:
# We can't use the normal GITHUB_TOKEN for the following reason:
# https://docs.github.com/en/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token
# RELEASE_BRANCH_TOKEN requires public_repo OAuth scope
repo-token: "${{ secrets.RELEASE_BRANCH_TOKEN }}"
tag: ${{ steps.compute_tag.outputs.new_tag }}
env:
GH_TOKEN: ${{ steps.generate_write_token.outputs.token }}
RC_TAG: ${{ steps.compute_tag.outputs.new_tag }}
run: |
git tag -s $RC_TAG -m "new rc tag $RC_TAG"
git push origin $RC_TAG
- name: Send Matrix message to ${{ matrix.channel.name }}
uses: s3krit/matrix-message-action@70ad3fb812ee0e45ff8999d6af11cafad11a6ecf # v0.0.3
......
.github/workflows/release-20_build-rc.yml 0 → 100644
View file @ 5093d8e1
name: Release - Build node release candidate
on:
workflow_dispatch:
inputs:
binary:
description: Binary to be build for the release
default: all
type: choice
options:
- polkadot
- polkadot-parachain
- polkadot-omni-node
- frame-omni-bencher
- chain-spec-builder
- all
release_tag:
description: Tag matching the actual release candidate with the format polkadot-stableYYMM(-X)-rcX or polkadot-stableYYMM(-X)
type: string
jobs:
check-synchronization:
uses: paritytech-release/sync-workflows/.github/workflows/check-syncronization.yml@main
validate-inputs:
needs: [check-synchronization]
if: ${{ needs.check-synchronization.outputs.checks_passed }} == 'true'
runs-on: ubuntu-latest
outputs:
release_tag: ${{ steps.validate_inputs.outputs.release_tag }}
steps:
- name: Checkout sources
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Validate inputs
id: validate_inputs
run: |
. ./.github/scripts/common/lib.sh
RELEASE_TAG=$(validate_stable_tag ${{ inputs.release_tag }})
echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT
build-polkadot-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'polkadot' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["polkadot", "polkadot-prepare-worker", "polkadot-execute-worker"]'
package: polkadot
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: x86_64-unknown-linux-gnu
secrets:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
permissions:
id-token: write
attestations: write
contents: read
build-polkadot-parachain-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["polkadot-parachain"]'
package: "polkadot-parachain-bin"
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: x86_64-unknown-linux-gnu
secrets:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
permissions:
id-token: write
attestations: write
contents: read
build-polkadot-omni-node-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'polkadot-omni-node' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["polkadot-omni-node"]'
package: "polkadot-omni-node"
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: x86_64-unknown-linux-gnu
secrets:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
permissions:
id-token: write
attestations: write
contents: read
build-frame-omni-bencher-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'frame-omni-bencher' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["frame-omni-bencher"]'
package: "frame-omni-bencher"
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: x86_64-unknown-linux-gnu
secrets:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
permissions:
id-token: write
attestations: write
contents: read
build-chain-spec-builder-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'chain-spec-builder' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["chain-spec-builder"]'
package: staging-chain-spec-builder
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: x86_64-unknown-linux-gnu
secrets:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
permissions:
id-token: write
attestations: write
contents: read
build-polkadot-macos-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'polkadot' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["polkadot", "polkadot-prepare-worker", "polkadot-execute-worker"]'
package: polkadot
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: aarch64-apple-darwin
secrets:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
permissions:
id-token: write
attestations: write
contents: read
build-polkadot-parachain-macos-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["polkadot-parachain"]'
package: polkadot-parachain-bin
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: aarch64-apple-darwin
secrets:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
permissions:
id-token: write
attestations: write
contents: read
build-polkadot-omni-node-macos-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'polkadot-omni-node' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["polkadot-omni-node"]'
package: polkadot-omni-node
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: aarch64-apple-darwin
secrets:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
permissions:
id-token: write
attestations: write
contents: read
build-frame-omni-bencher-macos-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'frame-omni-bencher' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["frame-omni-bencher"]'
package: frame-omni-bencher
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: aarch64-apple-darwin
secrets:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
permissions:
id-token: write
attestations: write
contents: read
build-chain-spec-builder-macos-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'chain-spec-builder' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["chain-spec-builder"]'
package: staging-chain-spec-builder
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: aarch64-apple-darwin
secrets:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
permissions:
id-token: write
attestations: write
contents: read
.github/workflows/release-30_publish_release_draft.yml
View file @ 5093d8e1
name: Release - Publish draft
on:
push:
tags:
# Catches v1.2.3 and v1.2.3-rc1
- v[0-9]+.[0-9]+.[0-9]+*
# This workflow runs in paritytech-release and creates full release draft with:
# - release notes
# - info about the runtimes
# - attached artifacts:
# - runtimes
# - binaries
# - signatures
on:
workflow_dispatch:
inputs:
version:
description: Current release/rc version
release_tag:
description: Tag matching the actual release candidate with the format polkadot-stableYYMM(-X)-rcX or polkadot-stableYYMM(-X)
required: true
type: string
jobs:
get-rust-versions:
check-synchronization:
uses: paritytech-release/sync-workflows/.github/workflows/check-syncronization.yml@main
validate-inputs:
needs: [ check-synchronization ]
if: ${{ needs.check-synchronization.outputs.checks_passed }} == 'true'
runs-on: ubuntu-latest
outputs:
rustc-stable: ${{ steps.get-rust-versions.outputs.stable }}
steps:
- id: get-rust-versions
run: |
RUST_STABLE_VERSION=$(curl -sS https://raw.githubusercontent.com/paritytech/scripts/master/dockerfiles/ci-unified/Dockerfile | grep -oP 'ARG RUST_STABLE_VERSION=\K[^ ]+')
echo "stable=$RUST_STABLE_VERSION" >> $GITHUB_OUTPUT
release_tag: ${{ steps.validate_inputs.outputs.release_tag }}
build-runtimes:
uses: "./.github/workflows/release-srtool.yml"
with:
excluded_runtimes: "substrate-test bp cumulus-test kitchensink minimal-template parachain-template penpal polkadot-test seedling shell frame-try sp solochain-template"
build-binaries:
runs-on: ubuntu-latest
strategy:
matrix:
# Tuples of [package, binary-name]
binary: [ [frame-omni-bencher, frame-omni-bencher], [staging-chain-spec-builder, chain-spec-builder] ]
steps:
- name: Checkout sources
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.0.0
- name: Install protobuf-compiler
run: |
sudo apt update
sudo apt install -y protobuf-compiler
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Build ${{ matrix.binary[1] }} binary
- name: Validate inputs
id: validate_inputs
run: |
cargo build --locked --profile=production -p ${{ matrix.binary[0] }} --bin ${{ matrix.binary[1] }}
target/production/${{ matrix.binary[1] }} --version
. ./.github/scripts/common/lib.sh
- name: Upload ${{ matrix.binary[1] }} binary
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: ${{ matrix.binary[1] }}
path: target/production/${{ matrix.binary[1] }}
RELEASE_TAG=$(validate_stable_tag ${{ inputs.release_tag }})
echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT
build-runtimes:
needs: [ validate-inputs ]
uses: "./.github/workflows/release-srtool.yml"
with:
excluded_runtimes: "asset-hub-rococo bridge-hub-rococo coretime-rococo people-rococo rococo rococo-parachain substrate-test bp cumulus-test kitchensink minimal-template parachain-template penpal polkadot-test seedling shell frame-try sp solochain-template polkadot-sdk-docs-first"
build_opts: "--features on-chain-release-build"
profile: production
permissions:
id-token: write
attestations: write
contents: read
publish-release-draft:
runs-on: ubuntu-latest
needs: [ get-rust-versions, build-runtimes ]
environment: release
needs: [ validate-inputs, build-runtimes ]
outputs:
release_url: ${{ steps.create-release.outputs.html_url }}
asset_upload_url: ${{ steps.create-release.outputs.upload_url }}
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.0.0
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Download artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
- name: Prepare tooling
run: |
URL=https://github.com/chevdor/tera-cli/releases/download/v0.2.4/tera-cli_linux_amd64.deb
URL=https://github.com/chevdor/tera-cli/releases/download/v0.4.0/tera-cli_linux_amd64.deb
wget $URL -O tera.deb
sudo dpkg -i tera.deb
- name: Prepare draft
id: draft
env:
RUSTC_STABLE: ${{ needs.get-rust-versions.outputs.rustc-stable }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ASSET_HUB_ROCOCO_DIGEST: ${{ github.workspace}}/asset-hub-rococo-runtime/asset-hub-rococo-srtool-digest.json
ASSET_HUB_WESTEND_DIGEST: ${{ github.workspace}}/asset-hub-westend-runtime/asset-hub-westend-srtool-digest.json
BRIDGE_HUB_ROCOCO_DIGEST: ${{ github.workspace}}/bridge-hub-rococo-runtime/bridge-hub-rococo-srtool-digest.json
BRIDGE_HUB_WESTEND_DIGEST: ${{ github.workspace}}/bridge-hub-westend-runtime/bridge-hub-westend-srtool-digest.json
COLLECTIVES_WESTEND_DIGEST: ${{ github.workspace}}/collectives-westend-runtime/collectives-westend-srtool-digest.json
CONTRACTS_ROCOCO_DIGEST: ${{ github.workspace}}/contracts-rococo-runtime/contracts-rococo-srtool-digest.json
CORETIME_ROCOCO_DIGEST: ${{ github.workspace}}/coretime-rococo-runtime/coretime-rococo-srtool-digest.json
CORETIME_WESTEND_DIGEST: ${{ github.workspace}}/coretime-westend-runtime/coretime-westend-srtool-digest.json
GLUTTON_WESTEND_DIGEST: ${{ github.workspace}}/glutton-westend-runtime/glutton-westend-srtool-digest.json
PEOPLE_ROCOCO_DIGEST: ${{ github.workspace}}/people-rococo-runtime/people-rococo-srtool-digest.json
PEOPLE_WESTEND_DIGEST: ${{ github.workspace}}/people-westend-runtime/people-westend-srtool-digest.json
ROCOCO_DIGEST: ${{ github.workspace}}/rococo-runtime/rococo-srtool-digest.json
WESTEND_DIGEST: ${{ github.workspace}}/westend-runtime/westend-srtool-digest.json
RELEASE_TAG: ${{ needs.validate-inputs.outputs.release_tag }}
shell: bash
run: |
. ./.github/scripts/common/lib.sh
export RUSTC_STABLE=$(grep -oP '(?<=-)[0-9]+\.[0-9]+\.[0-9]+(?=-)' .github/env)
export REF1=$(get_latest_release_tag)
if [[ -z "${{ inputs.version }}" ]]; then
if [[ -z "$RELEASE_TAG" ]]; then
export REF2="${{ github.ref_name }}"
echo "REF2: ${REF2}"
else
export REF2="${{ inputs.version }}"
export REF2="$RELEASE_TAG"
echo "REF2: ${REF2}"
fi
echo "REL_TAG=$REF2" >> $GITHUB_ENV
export VERSION=$(echo "$REF2" | sed -E 's/^v([0-9]+\.[0-9]+\.[0-9]+).*$/\1/')
export VERSION=$(echo "$REF2" | sed -E 's/.*(stable[0-9]{4}(-[0-9]+)?).*$/\1/')
./scripts/release/build-changelogs.sh
......@@ -113,19 +111,29 @@ jobs:
scripts/release/context.json
**/*-srtool-digest.json
- name: Generate content write token for the release automation
id: generate_write_token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.POLKADOT_SDK_RELEASE_RW_APP_ID }}
private-key: ${{ secrets.POLKADOT_SDK_RELEASE_RW_APP_KEY }}
owner: paritytech
repositories: polkadot-sdk
- name: Create draft release
id: create-release
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1.1.4
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ env.REL_TAG }}
release_name: Polkadot ${{ env.REL_TAG }}
body_path: ${{ github.workspace}}/scripts/release/RELEASE_DRAFT.md
draft: true
GITHUB_TOKEN: ${{ steps.generate_write_token.outputs.token }}
run: |
gh release create ${{ env.REL_TAG }} \
--repo paritytech/polkadot-sdk \
--draft \
--title "Polkadot ${{ env.REL_TAG }}" \
--notes-file ${{ github.workspace}}/scripts/release/RELEASE_DRAFT.md
publish-runtimes:
needs: [ build-runtimes, publish-release-draft ]
needs: [ validate-inputs, build-runtimes, publish-release-draft ]
environment: release
continue-on-error: true
runs-on: ubuntu-latest
strategy:
......@@ -133,7 +141,7 @@ jobs:
steps:
- name: Checkout sources
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.0.0
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Download artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
......@@ -145,44 +153,85 @@ jobs:
>>$GITHUB_ENV echo ASSET=$(find ${{ matrix.chain }}-runtime -name '*.compact.compressed.wasm')
>>$GITHUB_ENV echo SPEC=$(<${JSON} jq -r .runtimes.compact.subwasm.core_version.specVersion)
- name: Generate content write token for the release automation
id: generate_write_token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.POLKADOT_SDK_RELEASE_RW_APP_ID }}
private-key: ${{ secrets.POLKADOT_SDK_RELEASE_RW_APP_KEY }}
owner: paritytech
repositories: polkadot-sdk
- name: Upload compressed ${{ matrix.chain }} v${{ env.SPEC }} wasm
if: ${{ matrix.chain != 'rococo-parachain' }}
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 #v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.publish-release-draft.outputs.asset_upload_url }}
asset_path: ${{ env.ASSET }}
asset_name: ${{ matrix.chain }}_runtime-v${{ env.SPEC }}.compact.compressed.wasm
asset_content_type: application/wasm
GITHUB_TOKEN: ${{ steps.generate_write_token.outputs.token }}
run: |
VERSIONED_ASSET="${{ matrix.chain }}_runtime-v${{ env.SPEC }}.compact.compressed.wasm"
mv "${{ env.ASSET }}" "$VERSIONED_ASSET"
gh release upload ${{ needs.validate-inputs.outputs.release_tag }} \
--repo paritytech/polkadot-sdk "$VERSIONED_ASSET"
publish-binaries:
needs: [ publish-release-draft, build-binaries ]
publish-release-artifacts:
needs: [ validate-inputs, publish-release-draft ]
environment: release
continue-on-error: true
runs-on: ubuntu-latest
strategy:
matrix:
binary: [frame-omni-bencher, chain-spec-builder]
binary: [ polkadot, polkadot-execute-worker, polkadot-prepare-worker, polkadot-parachain, polkadot-omni-node, frame-omni-bencher, chain-spec-builder ]
target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
steps:
- name: Download artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
- name: Checkout sources
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Fetch binaries from s3 based on version
run: |
. ./.github/scripts/common/lib.sh
VERSION="${{ needs.validate-inputs.outputs.release_tag }}"
fetch_release_artifacts_from_s3 ${{ matrix.binary }} ${{ matrix.target }}
- name: Rename aarch64-apple-darwin binaries
if: ${{ matrix.target == 'aarch64-apple-darwin' }}
working-directory: ${{ github.workspace}}/release-artifacts/${{ matrix.target }}/${{ matrix.binary }}
run: |
mv ${{ matrix.binary }} ${{ matrix.binary }}-aarch64-apple-darwin
mv ${{ matrix.binary }}.asc ${{ matrix.binary }}-aarch64-apple-darwin.asc
mv ${{ matrix.binary }}.sha256 ${{ matrix.binary }}-aarch64-apple-darwin.sha256
- name: Generate content write token for the release automation
id: generate_write_token
uses: actions/create-github-app-token@v1
with:
name: ${{ matrix.binary }}
app-id: ${{ vars.POLKADOT_SDK_RELEASE_RW_APP_ID }}
private-key: ${{ secrets.POLKADOT_SDK_RELEASE_RW_APP_KEY }}
owner: paritytech
repositories: polkadot-sdk
- name: Upload ${{ matrix.binary }} binary
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 #v1.0.2
- name: Upload ${{ matrix.binary }} binary to release draft
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.publish-release-draft.outputs.asset_upload_url }}
asset_path: ${{ github.workspace}}/${{ matrix.binary }}
asset_name: ${{ matrix.binary }}
asset_content_type: application/octet-stream
GITHUB_TOKEN: ${{ steps.generate_write_token.outputs.token }}
working-directory: ${{ github.workspace}}/release-artifacts/${{ matrix.target }}/${{ matrix.binary }}
run: |
if [[ ${{ matrix.target }} == "aarch64-apple-darwin" ]]; then
gh release upload ${{ needs.validate-inputs.outputs.release_tag }} \
--repo paritytech/polkadot-sdk \
${{ matrix.binary }}-aarch64-apple-darwin \
${{ matrix.binary }}-aarch64-apple-darwin.asc \
${{ matrix.binary }}-aarch64-apple-darwin.sha256
else
gh release upload ${{ needs.validate-inputs.outputs.release_tag }} \
--repo paritytech/polkadot-sdk \
${{ matrix.binary }} \
${{ matrix.binary }}.asc \
${{ matrix.binary }}.sha256
fi
post_to_matrix:
runs-on: ubuntu-latest
needs: publish-release-draft
needs: [ validate-inputs, publish-release-draft ]
environment: release
strategy:
matrix:
......@@ -198,5 +247,5 @@ jobs:
access_token: ${{ secrets.RELEASENOTES_MATRIX_V2_ACCESS_TOKEN }}
server: m.parity.io
message: |
**New version of polkadot tagged**: ${{ github.ref_name }}<br/>
Draft release created: ${{ needs.publish-release-draft.outputs.release_url }}
**New version of polkadot tagged**: ${{ needs.validate-inputs.outputs.release_tag }}<br/>
And release draft is release created in [polkadot-sdk repo](https://github.com/paritytech/polkadot-sdk/releases)
.github/workflows/release-31_promote-rc-to-final.yml 0 → 100644
View file @ 5093d8e1
name: Release - Promote RC to final candidate on S3
on:
workflow_dispatch:
inputs:
binary:
description: Binary to be build for the release
default: all
type: choice
options:
- polkadot
- polkadot-parachain
- polkadot-omni-node
- frame-omni-bencher
- chain-spec-builder
- all
release_tag:
description: Tag matching the actual release candidate with the format polkadot-stableYYMM(-X)-rcX
type: string
jobs:
check-synchronization:
uses: paritytech-release/sync-workflows/.github/workflows/check-syncronization.yml@main
validate-inputs:
needs: [ check-synchronization ]
if: ${{ needs.check-synchronization.outputs.checks_passed }} == 'true'
runs-on: ubuntu-latest
outputs:
release_tag: ${{ steps.validate_inputs.outputs.release_tag }}
final_tag: ${{ steps.validate_inputs.outputs.final_tag }}
steps:
- name: Checkout sources
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Validate inputs
id: validate_inputs
run: |
. ./.github/scripts/common/lib.sh
RELEASE_TAG=$(validate_stable_tag ${{ inputs.release_tag }})
echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT
promote-polkadot-rc-to-final:
if: ${{ inputs.binary == 'polkadot' || inputs.binary == 'all' }}
needs: [ validate-inputs ]
uses: ./.github/workflows/release-reusable-promote-to-final.yml
strategy:
matrix:
target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
with:
package: polkadot
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: ${{ matrix.target }}
secrets:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
promote-polkadot-parachain-rc-to-final:
if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'all' }}
needs: [ validate-inputs ]
uses: ./.github/workflows/release-reusable-promote-to-final.yml
strategy:
matrix:
target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
with:
package: polkadot-parachain
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: ${{ matrix.target }}
secrets:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
promote-polkadot-omni-node-rc-to-final:
if: ${{ inputs.binary == 'polkadot-omni-node' || inputs.binary == 'all' }}
needs: [ validate-inputs ]
uses: ./.github/workflows/release-reusable-promote-to-final.yml
strategy:
matrix:
target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
with:
package: polkadot-omni-node
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: ${{ matrix.target }}
secrets:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
promote-frame-omni-bencher-rc-to-final:
if: ${{ inputs.binary == 'frame-omni-bencher' || inputs.binary == 'all' }}
needs: [ validate-inputs ]
uses: ./.github/workflows/release-reusable-promote-to-final.yml
strategy:
matrix:
target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
with:
package: frame-omni-bencher
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: ${{ matrix.target }}
secrets:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
promote-chain-spec-builder-rc-to-final:
if: ${{ inputs.binary == 'chain-spec-builder' || inputs.binary == 'all' }}
needs: [ validate-inputs ]
uses: ./.github/workflows/release-reusable-promote-to-final.yml
strategy:
matrix:
target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
with:
package: chain-spec-builder
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: ${{ matrix.target }}
secrets:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
.github/workflows/release-40_publish-deb-package.yml 0 → 100644
View file @ 5093d8e1
name: Release - Publish polkadot deb package
on:
workflow_dispatch:
inputs:
tag:
description: Current final release tag in the format polkadot-stableYYMM or polkadot-stable-YYMM-X
default: polkadot-stable2412
required: true
type: string
distribution:
description: Distribution where to publish deb package (release, staging, stable2407, etc)
default: staging
required: true
type: string
jobs:
check-synchronization:
uses: paritytech-release/sync-workflows/.github/workflows/check-syncronization.yml@main
validate-inputs:
needs: [check-synchronization]
if: ${{ needs.check-synchronization.outputs.checks_passed }} == 'true'
runs-on: ubuntu-latest
outputs:
release_tag: ${{ steps.validate_inputs.outputs.release_tag }}
steps:
- name: Checkout sources
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Validate inputs
id: validate_inputs
run: |
. ./.github/scripts/common/lib.sh
RELEASE_TAG=$(validate_stable_tag ${{ inputs.tag }})
echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT
fetch-artifacts-from-s3:
runs-on: ubuntu-latest
needs: [validate-inputs]
env:
REPO: ${{ github.repository }}
VERSION: ${{ needs.validate-inputs.outputs.release_tag }}
outputs:
NODE_VERSION: ${{ steps.fetch_artifacts_from_s3.outputs.NODE_VERSION }}
steps:
- name: Checkout sources
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Fetch rc artifacts or release artifacts from s3 based on version
id: fetch_artifacts_from_s3
run: |
. ./.github/scripts/common/lib.sh
NODE_VERSION="$(get_polkadot_node_version_from_code)"
echo "NODE_VERSION=${NODE_VERSION}" >> $GITHUB_OUTPUT
fetch_debian_package_from_s3 polkadot
- name: Upload artifacts
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: release-artifacts
path: release-artifacts/polkadot/*.deb
publish-deb-package:
runs-on: ubuntu-latest
needs: [fetch-artifacts-from-s3]
environment: release
env:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_DEB_PATH: "s3://releases-package-repos/deb"
LOCAL_DEB_REPO_PATH: ${{ github.workspace }}/deb
NODE_VERSION: ${{ needs.fetch-artifacts-from-s3.outputs.NODE_VERSION }}
steps:
- name: Install pgpkkms
run: |
# Install pgpkms that is used to sign built artifacts
python3 -m pip install "pgpkms @ git+https://github.com/paritytech-release/pgpkms.git@e7f806f99e9be5c52f0b4a536b7d4ef9c3e695ed"
echo "PGPKMS_REPREPRO_PATH=$(which pgpkms-reprepro)" >> $GITHUB_ENV
- name: Install awscli
run: |
python3 -m pip install awscli
which aws
- name: Checkout sources
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Import gpg keys
shell: bash
run: |
. ./.github/scripts/common/lib.sh
import_gpg_keys
- name: Download artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: release-artifacts
path: release-artifacts
- name: Setup local deb repo
run: |
sudo apt-get install -y reprepro
which reprepro
sed -i "s|^SignWith:.*|SignWith: ! ${PGPKMS_REPREPRO_PATH}|" ${{ github.workspace }}/.github/scripts/release/distributions
mkdir -p ${{ github.workspace }}/deb/conf
cp ${{ github.workspace }}/.github/scripts/release/distributions ${{ github.workspace }}/deb/conf/distributions
cat ${{ github.workspace }}/deb/conf/distributions
- name: Sync local deb repo
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
run: |
# Download the current state of the deb repo
aws s3 sync "$AWS_DEB_PATH/db" "$LOCAL_DEB_REPO_PATH/db"
aws s3 sync "$AWS_DEB_PATH/pool" "$LOCAL_DEB_REPO_PATH/pool"
aws s3 sync "$AWS_DEB_PATH/dists" "$LOCAL_DEB_REPO_PATH/dists"
- name: Add deb package to local repo
env:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
run: |
# Add the new deb to the repo
reprepro -b "$LOCAL_DEB_REPO_PATH" includedeb "${{ inputs.distribution }}" "release-artifacts/polkadot_${NODE_VERSION}_amd64.deb"
- name: Upload updated deb repo
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
run: |
# Upload the updated repo - dists and pool should be publicly readable
aws s3 sync "$LOCAL_DEB_REPO_PATH/pool" "$AWS_DEB_PATH/pool" --acl public-read
aws s3 sync "$LOCAL_DEB_REPO_PATH/dists" "$AWS_DEB_PATH/dists" --acl public-read
aws s3 sync "$LOCAL_DEB_REPO_PATH/db" "$AWS_DEB_PATH/db"
aws s3 sync "$LOCAL_DEB_REPO_PATH/conf" "$AWS_DEB_PATH/conf"
# Invalidate caches to make sure latest files are served
aws cloudfront create-invalidation --distribution-id E36FKEYWDXAZYJ --paths '/deb/*'
.github/workflows/release-50_publish-docker.yml
View file @ 5093d8e1
......@@ -4,10 +4,6 @@ name: Release - Publish Docker Image
# It builds and published releases and rc candidates.
on:
#TODO: activate automated run later
# release:
# types:
# - published
workflow_dispatch:
inputs:
image_type:
......@@ -26,19 +22,10 @@ on:
type: choice
options:
- polkadot
- polkadot-omni-node
- polkadot-parachain
- chain-spec-builder
release_id:
description: |
Release ID.
You can find it using the command:
curl -s \
-H "Authorization: Bearer ${GITHUB_TOKEN}" https://api.github.com/repos/$OWNER/$REPO/releases | \
jq '.[] | { name: .name, id: .id }'
required: true
type: number
registry:
description: Container registry
required: true
......@@ -54,12 +41,12 @@ on:
default: parity
version:
description: version to build/release
description: Version of the polkadot node release in format v1.16.0 or v1.16.0-rc1
default: v0.9.18
required: true
stable_tag:
description: Tag matching the actual stable release version in the format stableYYMM or stableYYMM-X for patch releases
description: Tag matching the actual stable release version in the format polkadpt-stableYYMM(-rcX) or plkadot-stableYYMM-X(-rcX) for patch releases
required: true
permissions:
......@@ -75,17 +62,22 @@ env:
# EVENT_ACTION: ${{ github.event.action }}
EVENT_NAME: ${{ github.event_name }}
IMAGE_TYPE: ${{ inputs.image_type }}
VERSION: ${{ inputs.version }}
jobs:
check-synchronization:
uses: paritytech-release/sync-workflows/.github/workflows/check-syncronization.yml@main
validate-inputs:
needs: [check-synchronization]
if: ${{ needs.check-synchronization.outputs.checks_passed }} == 'true'
runs-on: ubuntu-latest
outputs:
stable_tag: ${{ steps.validate_inputs.outputs.stable_tag }}
version: ${{ steps.validate_inputs.outputs.VERSION }}
stable_tag: ${{ steps.validate_inputs.outputs.stable_tag }}
steps:
- name: Checkout sources
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Validate inputs
id: validate_inputs
......@@ -93,73 +85,56 @@ jobs:
. ./.github/scripts/common/lib.sh
VERSION=$(filter_version_from_input "${{ inputs.version }}")
echo "VERSION=${VERSION}" >> $GITHUB_ENV
RELEASE_ID=$(check_release_id "${{ inputs.release_id }}")
echo "RELEASE_ID=${RELEASE_ID}" >> $GITHUB_ENV
echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
STABLE_TAG=$(validate_stable_tag ${{ inputs.stable_tag }})
echo "stable_tag=${STABLE_TAG}" >> $GITHUB_OUTPUT
fetch-artifacts: # this job will be triggered for the polkadot-parachain rc and release or polkadot rc image build
if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }}
if: ${{ inputs.binary == 'polkadot-omni-node' || inputs.binary == 'polkadot-parachain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }}
runs-on: ubuntu-latest
needs: [ validate-inputs ]
steps:
- name: Checkout sources
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
#TODO: this step will be needed when automated triggering will work
#this step runs only if the workflow is triggered automatically when new release is published
# if: ${{ env.EVENT_NAME == 'release' && env.EVENT_ACTION != '' && env.EVENT_ACTION == 'published' }}
# run: |
# mkdir -p release-artifacts && cd release-artifacts
# for f in $BINARY $BINARY.asc $BINARY.sha256; do
# URL="https://github.com/${{ github.event.repository.full_name }}/releases/download/${{ github.event.release.tag_name }}/$f"
# echo " - Fetching $f from $URL"
# wget "$URL" -O "$f"
# done
# chmod a+x $BINARY
# ls -al
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Fetch rc artifacts or release artifacts from s3 based on version
#this step runs only if the workflow is triggered manually
if: ${{ env.EVENT_NAME == 'workflow_dispatch' && inputs.binary != 'chain-spec-builder'}}
run: |
. ./.github/scripts/common/lib.sh
fetch_release_artifacts_from_s3
- name: Fetch chain-spec-builder rc artifacts or release artifacts based on release id
#this step runs only if the workflow is triggered manually and only for chain-spec-builder
if: ${{ env.EVENT_NAME == 'workflow_dispatch' && inputs.binary == 'chain-spec-builder' }}
# if: ${{ env.EVENT_NAME == 'workflow_dispatch' && inputs.binary != 'polkadot-omni-node' && inputs.binary != 'chain-spec-builder'}}
run: |
. ./.github/scripts/common/lib.sh
fetch_release_artifacts
VERSION="${{ needs.validate-inputs.outputs.stable_tag }}"
if [[ ${{ inputs.binary }} == 'polkadot' ]]; then
bins=(polkadot polkadot-prepare-worker polkadot-execute-worker)
for bin in "${bins[@]}"; do
fetch_release_artifacts_from_s3 $bin x86_64-unknown-linux-gnu
done
else
fetch_release_artifacts_from_s3 $BINARY x86_64-unknown-linux-gnu
fi
- name: Upload artifacts
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: release-artifacts
path: release-artifacts/${{ env.BINARY }}/**/*
path: release-artifacts/x86_64-unknown-linux-gnu/${{ env.BINARY }}/**/*
build-container: # this job will be triggered for the polkadot-parachain rc and release or polkadot rc image build
if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }}
if: ${{ inputs.binary == 'polkadot-omni-node' || inputs.binary == 'polkadot-parachain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }}
runs-on: ubuntu-latest
needs: [fetch-artifacts, validate-inputs]
needs: [ fetch-artifacts, validate-inputs ]
environment: release
steps:
- name: Checkout sources
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Download artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
- name: Check sha256 ${{ env.BINARY }}
if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'polkadot' }}
# if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'polkadot' }}
working-directory: release-artifacts
run: |
. ../.github/scripts/common/lib.sh
......@@ -168,7 +143,7 @@ jobs:
check_sha256 $BINARY && echo "OK" || echo "ERR"
- name: Check GPG ${{ env.BINARY }}
if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'polkadot' }}
# if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'polkadot' }}
working-directory: release-artifacts
run: |
. ../.github/scripts/common/lib.sh
......@@ -176,37 +151,44 @@ jobs:
check_gpg $BINARY
- name: Fetch rc commit and tag
working-directory: release-artifacts
if: ${{ env.IMAGE_TYPE == 'rc' }}
id: fetch_rc_refs
shell: bash
run: |
. ./.github/scripts/common/lib.sh
RELEASE_ID=$(check_release_id "${{ inputs.release_id }}")
release=release-$RELEASE_ID && \
echo "release=${release}" >> $GITHUB_OUTPUT
. ../.github/scripts/common/lib.sh
commit=$(git rev-parse --short HEAD) && \
echo "commit=${commit}" >> $GITHUB_OUTPUT
tag=$(git name-rev --tags --name-only $(git rev-parse HEAD)) && \
[ "${tag}" != "undefined" ] && echo "tag=${tag}" >> $GITHUB_OUTPUT || \
echo "No tag, doing without"
echo "release=$(echo ${{ needs.validate-inputs.outputs.version }})" >> $GITHUB_OUTPUT
echo "tag=$(prepare_docker_stable_tag ${{ needs.validate-inputs.outputs.stable_tag }})" >> $GITHUB_OUTPUT
- name: Fetch release tags
working-directory: release-artifacts
if: ${{ env.IMAGE_TYPE == 'release'}}
id: fetch_release_refs
shell: bash
run: |
chmod a+rx $BINARY
[[ $BINARY != 'chain-spec-builder' ]] && VERSION=$(./$BINARY --version | awk '{ print $2 }' )
. ../.github/scripts/common/lib.sh
release=$( echo $VERSION | cut -f1 -d- )
echo "tag=latest" >> $GITHUB_OUTPUT
echo "release=${release}" >> $GITHUB_OUTPUT
echo "stable=${{ needs.validate-inputs.outputs.stable_tag }}" >> $GITHUB_OUTPUT
echo "release=$(echo ${{ needs.validate-inputs.outputs.version }})" >> $GITHUB_OUTPUT
echo "stable=$(prepare_docker_stable_tag ${{ needs.validate-inputs.outputs.stable_tag }})" >> $GITHUB_OUTPUT
- name: Build Injected Container image for polkadot rc or chain-spec-builder
if: ${{ env.BINARY == 'polkadot' || env.BINARY == 'chain-spec-builder' }}
- name: Build Injected Container image for polkadot rc
if: ${{ env.BINARY == 'polkadot' }}
env:
ARTIFACTS_FOLDER: release-artifacts
IMAGE_NAME: ${{ env.BINARY }}
OWNER: ${{ env.DOCKER_OWNER }}
TAGS: ${{ join(steps.fetch_rc_refs.outputs.*, ',') || join(steps.fetch_release_refs.outputs.*, ',') }}
run: |
ls -al
echo "Building container for $BINARY"
./docker/scripts/polkadot/build-injected.sh $ARTIFACTS_FOLDER
- name: Build Injected Container image for polkadot-omni-node/chain-spec-builder
if: ${{ env.BINARY == 'polkadot-omni-node' || env.BINARY == 'chain-spec-builder' }}
env:
ARTIFACTS_FOLDER: release-artifacts
IMAGE_NAME: ${{ env.BINARY }}
......@@ -233,7 +215,15 @@ jobs:
echo "Building container for $BINARY"
./docker/scripts/build-injected.sh
- name: Login to Dockerhub
- name: Login to Dockerhub to publish polkadot
if: ${{ env.BINARY == 'polkadot' }}
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
username: ${{ secrets.POLKADOT_DOCKERHUB_USERNAME }}
password: ${{ secrets.POLKADOT_DOCKERHUB_TOKEN }}
- name: Login to Dockerhub to publish polkadot-omni-node/polkadot-parachain/chain-spec-builder
if: ${{ env.BINARY == 'polkadot-omni-node' || env.BINARY == 'polkadot-parachain' || env.BINARY == 'chain-spec-builder' }}
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
username: ${{ secrets.CUMULUS_DOCKERHUB_USERNAME }}
......@@ -281,22 +271,22 @@ jobs:
build-polkadot-release-container: # this job will be triggered for polkadot release build
if: ${{ inputs.binary == 'polkadot' && inputs.image_type == 'release' }}
runs-on: ubuntu-latest
needs: [fetch-latest-debian-package-version, validate-inputs]
needs: [ fetch-latest-debian-package-version, validate-inputs ]
environment: release
steps:
- name: Checkout sources
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27 # v3.5.0
uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
- name: Cache Docker layers
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Login to Docker Hub
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
......@@ -307,19 +297,21 @@ jobs:
- name: Fetch values
id: fetch-data
run: |
. ./.github/scripts/common/lib.sh
date=$(date -u '+%Y-%m-%dT%H:%M:%SZ')
echo "date=$date" >> $GITHUB_OUTPUT
echo "stable=$(prepare_docker_stable_tag ${{ needs.validate-inputs.outputs.stable_tag }})" >> $GITHUB_OUTPUT
- name: Build and push
id: docker_build
uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0
uses: docker/build-push-action@5e99dacf67635c4f273e532b9266ddb609b3025a # v6.9.0
with:
push: true
file: docker/dockerfiles/polkadot/polkadot_injected_debian.Dockerfile
# TODO: The owner should be used below but buildx does not resolve the VARs
# TODO: It would be good to get rid of this GHA that we don't really need.
tags: |
parity/polkadot:${{ needs.validate-inputs.outputs.stable_tag }}
parity/polkadot:${{ steps.fetch-data.outputs.stable }}
parity/polkadot:latest
parity/polkadot:${{ needs.fetch-latest-debian-package-version.outputs.polkadot_container_tag }}
build-args: |
......
.github/workflows/release-build-binary.yml 0 → 100644
View file @ 5093d8e1
name: Binary Build
# This workflow can be used to build a binary like polkadot + workers, omninode or polkadot-parachain
# from any branch with release or profuction profile to be later used for testing.
# ⚠️ IT should not be used for release purposes!
on:
workflow_dispatch:
inputs:
binary:
required: true
default: "polkadot"
description: "The binary to build"
package:
description: Package to be built, can be polkadot, polkadot-parachain-bin, polkadot-omni-node etc.
required: true
type: string
profile:
required: true
default: "release"
description: "The profile to use for the binary build"
jobs:
setup:
# GitHub Actions allows using 'env' in a container context.
# However, env variables don't work for forks: https://github.com/orgs/community/discussions/44322
# This workaround sets the container image for each job using 'set-image' job output.
runs-on: ubuntu-latest
outputs:
IMAGE: ${{ steps.set_image.outputs.IMAGE }}
RUNNER: ${{ steps.set_runner.outputs.RUNNER }}
steps:
- name: Checkout
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Set image
id: set_image
run: cat .github/env >> $GITHUB_OUTPUT
- name: Set runner
id: set_runner
shell: bash
run: |
if [[ "${{ inputs.binary }}" == "polkadot-parachain" ]]; then
echo "RUNNER=parity-large" >> $GITHUB_OUTPUT
else
echo "RUNNER=ubuntu-latest" >> $GITHUB_OUTPUT
fi
build:
needs: [setup]
runs-on: ${{ needs.setup.outputs.RUNNER }}
container:
image: ${{ needs.setup.outputs.IMAGE }}
steps:
- name: Checkout
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Build binary
run: |
git config --global --add safe.directory "${GITHUB_WORKSPACE}" #avoid "detected dubious ownership" error
PROFILE=${{ inputs.profile }}
if [ "${{ inputs.binary }}" = "polkadot" ]; then
for binary in polkadot polkadot-prepare-worker polkadot-execute-worker; do
echo "Building $binary..."
./.github/scripts/release/build-linux-release.sh $binary ${{ inputs.package }} "${PROFILE}"
done
else
./.github/scripts/release/build-linux-release.sh ${{ inputs.binary }} ${{ inputs.package }} "${PROFILE}"
fi
- name: Upload ${{ inputs.binary }} artifacts
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: ${{ inputs.binary }}
path: /artifacts/**
.github/workflows/release-check-runtimes.yml
View file @ 5093d8e1
......@@ -35,7 +35,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout the repo
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7
- name: Get list
id: get-list
......@@ -56,7 +56,7 @@ jobs:
steps:
- name: Checkout the repo
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7
- name: Fetch release artifacts based on release id
env:
......
.github/workflows/release-clobber-stable.yml
View file @ 5093d8e1
......@@ -24,7 +24,7 @@ jobs:
AUDITED: audited
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7
- name: Prechecks
run: |
......
.github/workflows/release-reusable-promote-to-final.yml 0 → 100644
View file @ 5093d8e1
name: Promote rc to final
on:
workflow_call:
inputs:
package:
description: Package to be promoted
required: true
type: string
release_tag:
description: Tag matching the actual release candidate with the format polkadot-stableYYMM(-X)-rcX taht will be changed to final in form of polkadot-stableYYMM(-X)
required: true
type: string
target:
description: Target triple for which the artifacts are being uploaded (e.g aarch64-apple-darwin)
required: true
type: string
secrets:
AWS_DEFAULT_REGION:
required: true
AWS_RELEASE_ACCESS_KEY_ID:
required: true
AWS_RELEASE_SECRET_ACCESS_KEY:
required: true
jobs:
promote-release-artifacts:
environment: release
runs-on: ubuntu-latest
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
RELEASE_TAG: ${{ inputs.release_tag }}
PACKAGE: ${{ inputs.package }}
TARGET: ${{ inputs.target }}
steps:
- name: Checkout sources
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Prepare final tag
id: prepare_final_tag
shell: bash
run: |
tag="$(echo $RELEASE_TAG | sed 's/-rc[0-9]*$//')"
echo $tag
echo "FINAL_TAG=${tag}" >> $GITHUB_OUTPUT
- name: Fetch binaries from s3 based on version
run: |
. ./.github/scripts/common/lib.sh
VERSION="$RELEASE_TAG"
if [[ "$PACKAGE" == 'polkadot' ]]; then
packages=(polkadot polkadot-prepare-worker polkadot-execute-worker)
for package in "${packages[@]}"; do
OUTPUT_DIR="./release-artifacts/$TARGET/${package}"
fetch_release_artifacts_from_s3 "$package" "$TARGET"
done
NODE_VERSION="$(get_polkadot_node_version_from_code)"
fetch_debian_package_from_s3 polkadot
else
fetch_release_artifacts_from_s3 "$PACKAGE" "$TARGET"
fi
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Upload ${{ inputs.package }} ${{ inputs.target }} artifacts to s3
run: |
. ./.github/scripts/release/release_lib.sh
if [[ "$PACKAGE" == 'polkadot' ]]; then
packages=(polkadot polkadot-prepare-worker polkadot-execute-worker)
for package in "${packages[@]}"; do
upload_s3_release $package ${{ steps.prepare_final_tag.outputs.final_tag }} ${{ inputs.target }}
done
else
upload_s3_release "$PACKAGE" ${{ steps.prepare_final_tag.outputs.final_tag }} "$TARGET"
fi