Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • parity/mirrors/polkadot-sdk
1 result
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 1434 additions and 256 deletions
.github/workflows/docs.yml 0 → 100644
View file @ 5093d8e1
name: Docs
on:
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/reusable-preflight.yml
test-doc:
runs-on: ${{ needs.preflight.outputs.RUNNER }}
timeout-minutes: 60
needs: [preflight]
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- uses: actions/checkout@v4
- run: forklift cargo test --doc --workspace
id: required
env:
RUSTFLAGS: "-Cdebug-assertions=y -Dwarnings"
- name: Stop all workflows if failed
if: ${{ failure() && steps.required.conclusion == 'failure' && !github.event.pull_request.head.repo.fork }}
uses: ./.github/actions/workflow-stopper
with:
app-id: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_ID }}
app-key: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_KEY }}
build-rustdoc:
runs-on: ${{ needs.preflight.outputs.RUNNER }}
timeout-minutes: 40
if: ${{ needs.preflight.outputs.changes_rust }}
needs: [preflight]
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- uses: actions/checkout@v4
- run: forklift cargo doc --all-features --workspace --no-deps
id: required
env:
SKIP_WASM_BUILD: 1
RUSTDOCFLAGS: "-Dwarnings --default-theme=ayu --html-in-header ./docs/sdk/assets/header.html --extend-css ./docs/sdk/assets/theme.css --html-after-content ./docs/sdk/assets/after-content.html"
- run: rm -f ./target/doc/.lock
- run: mv ./target/doc ./crate-docs
- name: Inject Simple Analytics script
run: |
script_content="<script async defer src=\"https://apisa.parity.io/latest.js\"></script><noscript><img src=\"https://apisa.parity.io/latest.js\" alt=\"\" referrerpolicy=\"no-referrer-when-downgrade\" /></noscript>"
docs_dir="./crate-docs"
inject_simple_analytics() {
find "$1" -name '*.html' | xargs -I {} -P "$(nproc)" bash -c 'file="{}"; echo "Adding Simple Analytics script to $file"; sed -i "s|</head>|'"$2"'</head>|" "$file";'
}
inject_simple_analytics "$docs_dir" "$script_content"
- run: echo "<meta http-equiv=refresh content=0;url=polkadot_sdk_docs/index.html>" > ./crate-docs/index.html
- uses: actions/upload-artifact@v4
with:
name: ${{ github.sha }}-doc
path: ./crate-docs/
retention-days: 1
if-no-files-found: error
- name: Stop all workflows if failed
if: ${{ failure() && steps.required.conclusion == 'failure' && !github.event.pull_request.head.repo.fork }}
uses: ./.github/actions/workflow-stopper
with:
app-id: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_ID }}
app-key: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_KEY }}
build-implementers-guide:
runs-on: ubuntu-latest
needs: isdraft
container:
image: paritytech/mdbook-utils:e14aae4a-20221123
options: --user root
steps:
- uses: actions/checkout@v4
- run: mdbook build ./polkadot/roadmap/implementers-guide
- run: mkdir -p artifacts
- run: mv polkadot/roadmap/implementers-guide/book artifacts/
- uses: actions/upload-artifact@v4
with:
name: ${{ github.sha }}-guide
path: ./artifacts/
retention-days: 1
if-no-files-found: error
confirm-required-jobs-passed:
runs-on: ubuntu-latest
name: All docs jobs passed
# If any new job gets added, be sure to add it to this array
needs: [test-doc, build-rustdoc, build-implementers-guide]
if: always() && !cancelled()
steps:
- run: |
tee resultfile <<< '${{ toJSON(needs) }}'
FAILURES=$(cat resultfile | grep '"result": "failure"' | wc -l)
if [ $FAILURES -gt 0 ]; then
echo "### At least one required job failed ❌" >> $GITHUB_STEP_SUMMARY
exit 1
else
echo '### Good job! All the required jobs passed 🚀' >> $GITHUB_STEP_SUMMARY
fi
publish-rustdoc:
if: github.ref == 'refs/heads/master'
runs-on: ubuntu-latest
environment: subsystem-benchmarks
needs: [build-rustdoc, build-implementers-guide]
steps:
- uses: actions/checkout@v4
with:
ref: gh-pages
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ secrets.POLKADOTSDK_GHPAGES_APP_ID }}
private-key: ${{ secrets.POLKADOTSDK_GHPAGES_APP_KEY }}
- name: Ensure destination dir does not exist
run: |
rm -rf book/
rm -rf ${REF_NAME}
env:
REF_NAME: ${{ github.head_ref || github.ref_name }}
- name: Download rustdocs
uses: actions/download-artifact@v4
with:
name: ${{ github.sha }}-doc
path: ${{ github.head_ref || github.ref_name }}
- name: Download guide
uses: actions/download-artifact@v4
with:
name: ${{ github.sha }}-guide
path: /tmp
- run: mkdir -p book
- name: Move book files
run: mv /tmp/book/html/* book/
- name: Push changes to gh-pages
env:
TOKEN: ${{ steps.app-token.outputs.token }}
APP_NAME: "paritytech-upd-ghpages-polkadotsdk"
REF_NAME: ${{ github.head_ref || github.ref_name }}
Green: "\e[32m"
NC: "\e[0m"
run: |
echo "${Green}Git add${NC}"
git add book/
git add ${REF_NAME}/
echo "${Green}git status | wc -l${NC}"
git status | wc -l
echo "${Green}Add new remote with gh app token${NC}"
git remote set-url origin $(git config remote.origin.url | sed "s/github.com/${APP_NAME}:${TOKEN}@github.com/g")
echo "${Green}Remove http section that causes issues with gh app auth token${NC}"
sed -i.bak '/\[http/d' ./.git/config
sed -i.bak '/extraheader/d' ./.git/config
echo "${Green}Git push${NC}"
git config user.email "ci@parity.io"
git config user.name "${APP_NAME}"
git commit --amend -m "___Updated docs" || echo "___Nothing to commit___"
git push origin gh-pages --force
.github/workflows/fork-sync-action.yml
View file @ 5093d8e1
# This Workflow is not supposed to run in the paritytech/polkadot-sdk repo. # This Workflow is not supposed to run in the paritytech/polkadot-sdk repo.
# This Workflow is supposed to run only in the forks of the repo, # This Workflow is supposed to run only in the forks of the repo,
# paritytech-release/polkadot-sdk specifically, # paritytech-release/polkadot-sdk specifically,
# to automatically maintain the critical fork synced with the upstream. # to automatically maintain the critical fork synced with the upstream.
# This Workflow should be always disabled in the paritytech/polkadot-sdk repo. # This Workflow should be always disabled in the paritytech/polkadot-sdk repo.
...@@ -11,10 +11,10 @@ on: ...@@ -11,10 +11,10 @@ on:
workflow_dispatch: workflow_dispatch:
jobs: jobs:
job_sync_branches: job_sync_branches:
uses: paritytech-release/sync-workflows/.github/workflows/sync-with-upstream.yml@latest uses: paritytech-release/sync-workflows/.github/workflows/sync-with-upstream.yml@main
with: with:
fork_writer_app_id: ${{ vars.UPSTREAM_CONTENT_SYNC_APP_ID}} fork_writer_app_id: ${{ vars.UPSTREAM_CONTENT_SYNC_APP_ID}}
fork_owner: ${{ vars.RELEASE_ORG}} fork_owner: ${{ vars.RELEASE_ORG}}
secrets: secrets:
fork_writer_app_key: ${{ secrets.UPSTREAM_CONTENT_SYNC_APP_KEY }} fork_writer_app_key: ${{ secrets.UPSTREAM_CONTENT_SYNC_APP_KEY }}
.github/workflows/gitspiegel-trigger.yml
View file @ 5093d8e1
...@@ -28,8 +28,11 @@ on: ...@@ -28,8 +28,11 @@ on:
permissions: {} permissions: {}
jobs: jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
sync: sync:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: isdraft
steps: steps:
- name: Do nothing - name: Do nothing
run: echo "let's go" run: echo "let's go"
.github/workflows/misc-sync-templates.yml
View file @ 5093d8e1
...@@ -21,9 +21,76 @@ on: ...@@ -21,9 +21,76 @@ on:
stable_release_branch: stable_release_branch:
description: 'Stable release branch, e.g. stable2407' description: 'Stable release branch, e.g. stable2407'
required: true required: true
debug:
description: Enable runner debug logging
required: false
default: false
patch:
description: 'Patch number of the stable release we want to sync with'
required: false
default: ""
jobs: jobs:
prepare-chain-spec-artifacts:
runs-on: ubuntu-latest
strategy:
matrix:
include:
- template: minimal
package_name: 'minimal-template-runtime'
runtime_path: './templates/minimal/runtime'
runtime_wasm_path: minimal-template-runtime/minimal_template_runtime.compact.compressed.wasm
relay_chain: 'dev'
- template: parachain
package_name: 'parachain-template-runtime'
runtime_path: './templates/parachain/runtime'
runtime_wasm_path: parachain-template-runtime/parachain_template_runtime.compact.compressed.wasm
relay_chain: 'rococo-local'
steps:
- uses: actions/checkout@v4
with:
ref: "${{ github.event.inputs.stable_release_branch }}"
- name: Setup build environment
run: |
sudo apt-get update
sudo apt-get install -y protobuf-compiler
cargo install --git https://github.com/chevdor/srtool-cli --locked
cargo install --path substrate/bin/utils/chain-spec-builder --locked
srtool pull
- name: Build runtime and generate chain spec
run: |
# Prepare directories
sudo mkdir -p ${{ matrix.runtime_path }}/target
sudo chmod -R 777 ${{ matrix.runtime_path }}/target
# Build runtime
srtool build --package ${{ matrix.package_name }} --runtime-dir ${{ matrix.runtime_path }} --root
# Generate chain spec
# Note that para-id is set to 1000 for both minimal/parachain templates.
# `parachain-runtime` is hardcoded to use this parachain id.
# `minimal` template isn't using it, but when started with Omni Node, this para id is required (any number can do it, so setting it to 1000 for convenience).
chain-spec-builder -c dev_chain_spec.json create \
--relay-chain "${{ matrix.relay_chain }}" \
--para-id 1000 \
--runtime "${{ matrix.runtime_path }}/target/srtool/release/wbuild/${{ matrix.runtime_wasm_path }}" \
named-preset development
- name: Prepare upload directory
run: |
mkdir -p artifacts-${{ matrix.template }}
cp dev_chain_spec.json artifacts-${{ matrix.template }}/dev_chain_spec.json
- name: Upload template directory
uses: actions/upload-artifact@v4
with:
name: artifacts-${{ matrix.template }}
path: artifacts-${{ matrix.template }}/dev_chain_spec.json
sync-templates: sync-templates:
needs: prepare-chain-spec-artifacts
runs-on: ubuntu-latest runs-on: ubuntu-latest
environment: master environment: master
strategy: strategy:
...@@ -44,6 +111,12 @@ jobs: ...@@ -44,6 +111,12 @@ jobs:
with: with:
path: polkadot-sdk path: polkadot-sdk
ref: "${{ github.event.inputs.stable_release_branch }}" ref: "${{ github.event.inputs.stable_release_branch }}"
- name: Download template artifacts
uses: actions/download-artifact@v4
with:
name: artifacts-${{ matrix.template }}
path: templates/${{ matrix.template }}/
if: matrix.template != 'solochain'
- name: Generate a token for the template repository - name: Generate a token for the template repository
id: app_token id: app_token
uses: actions/create-github-app-token@v1.9.3 uses: actions/create-github-app-token@v1.9.3
...@@ -76,6 +149,10 @@ jobs: ...@@ -76,6 +149,10 @@ jobs:
working-directory: polkadot-sdk/templates/${{ matrix.template }}/ working-directory: polkadot-sdk/templates/${{ matrix.template }}/
- name: Create a new workspace Cargo.toml - name: Create a new workspace Cargo.toml
run: | run: |
# This replaces the existing Cargo.toml for parachain-template,
# corresponding to the `parachain-template-docs` crate, so no need
# to delete that `Cargo.toml` after copying the `polkadot-sdk/templates/parachain/*`
# to the `polkadot-sdk-parachain-template` repo.
cat << EOF > Cargo.toml cat << EOF > Cargo.toml
[workspace.package] [workspace.package]
license = "MIT-0" license = "MIT-0"
...@@ -83,6 +160,12 @@ jobs: ...@@ -83,6 +160,12 @@ jobs:
homepage = "https://paritytech.github.io/polkadot-sdk/" homepage = "https://paritytech.github.io/polkadot-sdk/"
[workspace] [workspace]
EOF
[ ${{ matrix.template }} != "solochain" ] && echo "# Leave out the node compilation from regular template usage." \
&& echo "default-members = [\"pallets/template\", \"runtime\"]" >> Cargo.toml
[ ${{ matrix.template }} == "solochain" ] && echo "# The node isn't yet replaceable by Omni Node."
cat << EOF >> Cargo.toml
members = [ members = [
"node", "node",
"pallets/template", "pallets/template",
...@@ -109,8 +192,9 @@ jobs: ...@@ -109,8 +192,9 @@ jobs:
toml set templates/${{ matrix.template }}/Cargo.toml 'workspace.package.edition' "$(toml get --raw Cargo.toml 'workspace.package.edition')" > Cargo.temp toml set templates/${{ matrix.template }}/Cargo.toml 'workspace.package.edition' "$(toml get --raw Cargo.toml 'workspace.package.edition')" > Cargo.temp
mv Cargo.temp ./templates/${{ matrix.template }}/Cargo.toml mv Cargo.temp ./templates/${{ matrix.template }}/Cargo.toml
working-directory: polkadot-sdk working-directory: polkadot-sdk
- name: Print the result Cargo.tomls for debugging - name: Print the result Cargo.tomls for debugging
if: runner.debug == '1' if: ${{ github.event.inputs.debug }}
run: find . -type f -name 'Cargo.toml' -exec cat {} \; run: find . -type f -name 'Cargo.toml' -exec cat {} \;
working-directory: polkadot-sdk/templates/${{ matrix.template }}/ working-directory: polkadot-sdk/templates/${{ matrix.template }}/
...@@ -120,9 +204,21 @@ jobs: ...@@ -120,9 +204,21 @@ jobs:
- name: Copy over the new changes - name: Copy over the new changes
run: | run: |
cp -r polkadot-sdk/templates/${{ matrix.template }}/* "${{ env.template-path }}/" cp -r polkadot-sdk/templates/${{ matrix.template }}/* "${{ env.template-path }}/"
- name: Remove unnecessary files from parachain template
if: ${{ matrix.template == 'parachain' }}
run: |
rm -f "${{ env.template-path }}/README.docify.md"
rm -f "${{ env.template-path }}/src/lib.rs"
- name: Run psvm on monorepo workspace dependencies - name: Run psvm on monorepo workspace dependencies
run: psvm -o -v ${{ github.event.inputs.stable_release_branch }} -p ./Cargo.toml run: |
patch_input="${{ github.event.inputs.patch }}"
if [[ -n "$patch_input" ]]; then
patch="-$patch_input"
else
patch=""
fi
psvm -o -v "${{ github.event.inputs.stable_release_branch }}$patch" -p ./Cargo.toml
working-directory: polkadot-sdk/ working-directory: polkadot-sdk/
- name: Copy over required workspace dependencies - name: Copy over required workspace dependencies
run: | run: |
...@@ -136,6 +232,12 @@ jobs: ...@@ -136,6 +232,12 @@ jobs:
done; done;
working-directory: "${{ env.template-path }}" working-directory: "${{ env.template-path }}"
- name: Print the result Cargo.tomls for debugging after copying required workspace dependencies
if: ${{ github.event.inputs.debug }}
run: find . -type f -name 'Cargo.toml' -exec cat {} \;
working-directory: polkadot-sdk/templates/${{ matrix.template }}/
# 3. Verify the build. Push the changes or create a PR. # 3. Verify the build. Push the changes or create a PR.
# We've run into out-of-disk error when compiling in the next step, so we free up some space this way. # We've run into out-of-disk error when compiling in the next step, so we free up some space this way.
...@@ -157,7 +259,7 @@ jobs: ...@@ -157,7 +259,7 @@ jobs:
timeout-minutes: 90 timeout-minutes: 90
- name: Create PR on failure - name: Create PR on failure
if: failure() && steps.check-compilation.outcome == 'failure' if: failure() && steps.check-compilation.outcome == 'failure'
uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v5 uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v5
with: with:
path: "${{ env.template-path }}" path: "${{ env.template-path }}"
token: ${{ steps.app_token.outputs.token }} token: ${{ steps.app_token.outputs.token }}
...@@ -167,7 +269,7 @@ jobs: ...@@ -167,7 +269,7 @@ jobs:
body: "The template has NOT been successfully built and needs to be inspected." body: "The template has NOT been successfully built and needs to be inspected."
branch: "update-template/${{ github.event.inputs.stable_release_branch }}" branch: "update-template/${{ github.event.inputs.stable_release_branch }}"
- name: Create PR on success - name: Create PR on success
uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v5 uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v5
with: with:
path: "${{ env.template-path }}" path: "${{ env.template-path }}"
token: ${{ steps.app_token.outputs.token }} token: ${{ steps.app_token.outputs.token }}
......
.github/workflows/misc-update-wishlist-leaderboard.yml
View file @ 5093d8e1
...@@ -11,6 +11,7 @@ permissions: ...@@ -11,6 +11,7 @@ permissions:
jobs: jobs:
update-wishlist-leaderboard: update-wishlist-leaderboard:
if: github.repository == 'paritytech/polkadot-sdk'
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
......
.github/workflows/publish-check-compile.yml 0 → 100644
View file @ 5093d8e1
name: Check publish build
on:
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/reusable-preflight.yml
check-publish-compile:
timeout-minutes: 90
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7
- name: Rust Cache
uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7
with:
cache-on-failure: true
- name: install parity-publish
run: |
rustup override set 1.82.0
cargo install parity-publish@0.10.4 --locked -q
- name: parity-publish update plan
run: parity-publish --color always plan --skip-check --prdoc prdoc/
- name: parity-publish apply plan
run: parity-publish --color always apply --registry
- name: parity-publish check compile
run: |
packages="$(parity-publish apply --print)"
if [ -n "$packages" ]; then
cargo --color always check $(printf -- '-p %s ' $packages)
fi
.github/workflows/publish-check-crates.yml
View file @ 5093d8e1
...@@ -8,19 +8,26 @@ on: ...@@ -8,19 +8,26 @@ on:
types: [opened, synchronize, reopened, ready_for_review] types: [opened, synchronize, reopened, ready_for_review]
merge_group: merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs: jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
check-publish: check-publish:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: isdraft
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7
- name: Rust Cache - name: Rust Cache
uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3 uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7
with: with:
cache-on-failure: true cache-on-failure: true
- name: install parity-publish - name: install parity-publish
run: cargo install parity-publish@0.8.0 run: cargo install parity-publish@0.10.4 --locked -q
- name: parity-publish check - name: parity-publish check
run: parity-publish --color always check --allow-unpublished run: parity-publish --color always check --allow-unpublished
.github/workflows/publish-claim-crates.yml
View file @ 5093d8e1
...@@ -10,15 +10,15 @@ jobs: ...@@ -10,15 +10,15 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
environment: master environment: master
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7
- name: Rust Cache - name: Rust Cache
uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3 uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7
with: with:
cache-on-failure: true cache-on-failure: true
- name: install parity-publish - name: install parity-publish
run: cargo install parity-publish@0.8.0 run: cargo install parity-publish@0.10.4 --locked -q
- name: parity-publish claim - name: parity-publish claim
env: env:
......
.github/workflows/publish-subsystem-benchmarks.yml deleted 100644 → 0
View file @ c8ca6b6f
# The actions takes json file as input and runs github-action-benchmark for it.
on:
workflow_dispatch:
inputs:
benchmark-data-dir-path:
description: "Path to the benchmark data directory"
required: true
type: string
output-file-path:
description: "Path to the benchmark data file"
required: true
type: string
jobs:
subsystem-benchmarks:
runs-on: ubuntu-latest
environment: subsystem-benchmarks
steps:
- name: Validate inputs
run: |
echo "${{ github.event.inputs.benchmark-data-dir-path }}" | grep -P '^[a-z\-]'
echo "${{ github.event.inputs.output-file-path }}" | grep -P '^[a-z\-]+\.json'
- name: Checkout Sources
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: "gh-pages"
- name: Copy bench results
id: step_one
run: |
cp bench/gitlab/${{ github.event.inputs.output-file-path }} ${{ github.event.inputs.output-file-path }}
- name: Switch branch
id: step_two
run: |
git checkout master --
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ secrets.POLKADOTSDK_GHPAGES_APP_ID }}
private-key: ${{ secrets.POLKADOTSDK_GHPAGES_APP_KEY }}
- name: Store benchmark result
uses: benchmark-action/github-action-benchmark@v1
with:
tool: "customSmallerIsBetter"
name: ${{ github.event.inputs.benchmark-data-dir-path }}
output-file-path: ${{ github.event.inputs.output-file-path }}
benchmark-data-dir-path: "bench/${{ github.event.inputs.benchmark-data-dir-path }}"
github-token: ${{ steps.app-token.outputs.token }}
auto-push: true
.github/workflows/release-10_branchoff-stable.yml 0 → 100644
View file @ 5093d8e1
name: Release - Branch off stable branch
on:
workflow_dispatch:
inputs:
stable_version:
description: New stable version in the format stableYYMM
required: true
type: string
node_version:
description: Version of the polkadot node in the format X.XX.X (e.g. 1.15.0)
required: true
jobs:
prepare-tooling:
runs-on: ubuntu-latest
outputs:
node_version: ${{ steps.validate_inputs.outputs.node_version }}
stable_version: ${{ steps.validate_inputs.outputs.stable_version }}
steps:
- name: Checkout sources
uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7
- name: Validate inputs
id: validate_inputs
run: |
. ./.github/scripts/common/lib.sh
node_version=$(filter_version_from_input "${{ inputs.node_version }}")
echo "node_version=${node_version}" >> $GITHUB_OUTPUT
stable_version=$(validate_stable_tag ${{ inputs.stable_version }})
echo "stable_version=${stable_version}" >> $GITHUB_OUTPUT
create-stable-branch:
needs: [prepare-tooling]
runs-on: ubuntu-latest
environment: release
env:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_SIGN_COMMITS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
STABLE_BRANCH_NAME: ${{ needs.prepare-tooling.outputs.stable_version }}
steps:
- name: Install pgpkkms
run: |
# Install pgpkms that is used to sign commits
pip install git+https://github.com/paritytech-release/pgpkms.git@e7f806f99e9be5c52f0b4a536b7d4ef9c3e695ed
- name: Generate content write token for the release automation
id: generate_write_token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.RELEASE_AUTOMATION_APP_ID }}
private-key: ${{ secrets.RELEASE_AUTOMATION_APP_PRIVATE_KEY }}
owner: paritytech
- name: Checkout sources
uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7
with:
ref: master
token: ${{ steps.generate_write_token.outputs.token }}
- name: Import gpg keys
run: |
. ./.github/scripts/common/lib.sh
import_gpg_keys
- name: Config git
run: |
git config --global commit.gpgsign true
git config --global gpg.program /home/runner/.local/bin/pgpkms-git
git config --global user.name "ParityReleases"
git config --global user.email "release-team@parity.io"
git config --global user.signingKey "D8018FBB3F534D866A45998293C5FB5F6A367B51"
- name: Create stable branch
run: |
git checkout -b "$STABLE_BRANCH_NAME"
git show-ref "$STABLE_BRANCH_NAME"
- name: Bump versions, reorder prdocs and push stable branch
env:
GH_TOKEN: ${{ steps.generate_write_token.outputs.token }}
run: |
. ./.github/scripts/release/release_lib.sh
NODE_VERSION="${{ needs.prepare-tooling.outputs.node_version }}"
NODE_VERSION_PATTERN="\(NODE_VERSION[^=]*= \)\".*\""
set_version "$NODE_VERSION_PATTERN" $NODE_VERSION "polkadot/node/primitives/src/lib.rs"
commit_with_message "Bump node version to $NODE_VERSION in polkadot-cli"
set_version "$NODE_VERSION_PATTERN" $NODE_VERSION "cumulus/polkadot-omni-node/lib/src/nodes/mod.rs"
commit_with_message "Bump node version to $NODE_VERSION in polkadot-omni-node-lib"
SPEC_VERSION=$(get_spec_version $NODE_VERSION)
runtimes_list=$(get_filtered_runtimes_list)
set_spec_versions $SPEC_VERSION "${runtimes_list[@]}"
# TODO: clarify what to do with the polkadot-parachain binary
# Set new version for polkadot-parachain binary to match the polkadot node binary
# set_polkadot_parachain_binary_version $NODE_VERSION "cumulus/polkadot-parachain/Cargo.toml"
reorder_prdocs $STABLE_BRANCH_NAME
gh auth setup-git
git push origin "$STABLE_BRANCH_NAME"
.github/workflows/release-10_rc-automation.yml .github/workflows/release-11_rc-automation.yml
View file @ 5093d8e1
name: Release - RC automation name: Release - RC automation
on: on:
# TODO: Activate it and delete old branches patterns, when the release process from stable is setteled # TODO: Activate it and delete old branches patterns, when the release process from stable is settled
#push: #push:
# branches: # branches:
# # Catches release-polkadot-v1.2.3, release-v1.2.3-rc1, etc # # Catches release-polkadot-v1.2.3, release-v1.2.3-rc1, etc
...@@ -12,7 +12,7 @@ on: ...@@ -12,7 +12,7 @@ on:
workflow_dispatch: workflow_dispatch:
inputs: inputs:
version: version:
description: Current release/rc version in format vX.X.X description: Current release/rc version in format polkadot-stableYYMM
jobs: jobs:
tag_rc: tag_rc:
...@@ -23,12 +23,46 @@ jobs: ...@@ -23,12 +23,46 @@ jobs:
- name: "RelEng: Polkadot Release Coordination" - name: "RelEng: Polkadot Release Coordination"
room: '!cqAmzdIcbOFwrdrubV:parity.io' room: '!cqAmzdIcbOFwrdrubV:parity.io'
environment: release environment: release
env:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_SIGN_COMMITS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
steps: steps:
- name: Install pgpkkms
run: |
# Install pgpkms that is used to sign commits
pip install git+https://github.com/paritytech-release/pgpkms.git@e7f806f99e9be5c52f0b4a536b7d4ef9c3e695ed
- name: Generate content write token for the release automation
id: generate_write_token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.RELEASE_AUTOMATION_APP_ID }}
private-key: ${{ secrets.RELEASE_AUTOMATION_APP_PRIVATE_KEY }}
owner: paritytech
- name: Checkout sources - name: Checkout sources
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7
with: with:
fetch-depth: 0 fetch-depth: 0
token: ${{ steps.generate_write_token.outputs.token }}
- name: Import gpg keys
run: |
. ./.github/scripts/common/lib.sh
import_gpg_keys
- name: Config git
run: |
git config --global commit.gpgsign true
git config --global gpg.program /home/runner/.local/bin/pgpkms-git
git config --global user.name "ParityReleases"
git config --global user.email "release-team@parity.io"
git config --global user.signingKey "D8018FBB3F534D866A45998293C5FB5F6A367B51"
- name: Compute next rc tag - name: Compute next rc tag
# if: ${{ steps.get_rel_product.outputs.product == 'polkadot' }} # if: ${{ steps.get_rel_product.outputs.product == 'polkadot' }}
...@@ -41,7 +75,7 @@ jobs: ...@@ -41,7 +75,7 @@ jobs:
if [[ -z "${{ inputs.version }}" ]]; then if [[ -z "${{ inputs.version }}" ]]; then
version=v$(get_polkadot_node_version_from_code) version=v$(get_polkadot_node_version_from_code)
else else
version=$(filter_version_from_input ${{ inputs.version }}) version=$(validate_stable_tag ${{ inputs.version }})
fi fi
echo "$version" echo "$version"
echo "version=$version" >> $GITHUB_OUTPUT echo "version=$version" >> $GITHUB_OUTPUT
...@@ -58,13 +92,12 @@ jobs: ...@@ -58,13 +92,12 @@ jobs:
fi fi
- name: Apply new tag - name: Apply new tag
uses: tvdias/github-tagger@ed7350546e3e503b5e942dffd65bc8751a95e49d # v0.0.2 env:
with: GH_TOKEN: ${{ steps.generate_write_token.outputs.token }}
# We can't use the normal GITHUB_TOKEN for the following reason: RC_TAG: ${{ steps.compute_tag.outputs.new_tag }}
# https://docs.github.com/en/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token run: |
# RELEASE_BRANCH_TOKEN requires public_repo OAuth scope git tag -s $RC_TAG -m "new rc tag $RC_TAG"
repo-token: "${{ secrets.RELEASE_BRANCH_TOKEN }}" git push origin $RC_TAG
tag: ${{ steps.compute_tag.outputs.new_tag }}
- name: Send Matrix message to ${{ matrix.channel.name }} - name: Send Matrix message to ${{ matrix.channel.name }}
uses: s3krit/matrix-message-action@70ad3fb812ee0e45ff8999d6af11cafad11a6ecf # v0.0.3 uses: s3krit/matrix-message-action@70ad3fb812ee0e45ff8999d6af11cafad11a6ecf # v0.0.3
......
.github/workflows/release-20_build-rc.yml 0 → 100644
View file @ 5093d8e1
name: Release - Build node release candidate
on:
workflow_dispatch:
inputs:
binary:
description: Binary to be build for the release
default: all
type: choice
options:
- polkadot
- polkadot-parachain
- polkadot-omni-node
- frame-omni-bencher
- chain-spec-builder
- all
release_tag:
description: Tag matching the actual release candidate with the format polkadot-stableYYMM(-X)-rcX or polkadot-stableYYMM(-X)
type: string
jobs:
check-synchronization:
uses: paritytech-release/sync-workflows/.github/workflows/check-syncronization.yml@main
validate-inputs:
needs: [check-synchronization]
if: ${{ needs.check-synchronization.outputs.checks_passed }} == 'true'
runs-on: ubuntu-latest
outputs:
release_tag: ${{ steps.validate_inputs.outputs.release_tag }}
steps:
- name: Checkout sources
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Validate inputs
id: validate_inputs
run: |
. ./.github/scripts/common/lib.sh
RELEASE_TAG=$(validate_stable_tag ${{ inputs.release_tag }})
echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT
build-polkadot-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'polkadot' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["polkadot", "polkadot-prepare-worker", "polkadot-execute-worker"]'
package: polkadot
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: x86_64-unknown-linux-gnu
secrets:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
permissions:
id-token: write
attestations: write
contents: read
build-polkadot-parachain-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["polkadot-parachain"]'
package: "polkadot-parachain-bin"
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: x86_64-unknown-linux-gnu
secrets:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
permissions:
id-token: write
attestations: write
contents: read
build-polkadot-omni-node-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'polkadot-omni-node' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["polkadot-omni-node"]'
package: "polkadot-omni-node"
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: x86_64-unknown-linux-gnu
secrets:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
permissions:
id-token: write
attestations: write
contents: read
build-frame-omni-bencher-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'frame-omni-bencher' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["frame-omni-bencher"]'
package: "frame-omni-bencher"
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: x86_64-unknown-linux-gnu
secrets:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
permissions:
id-token: write
attestations: write
contents: read
build-chain-spec-builder-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'chain-spec-builder' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["chain-spec-builder"]'
package: staging-chain-spec-builder
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: x86_64-unknown-linux-gnu
secrets:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
permissions:
id-token: write
attestations: write
contents: read
build-polkadot-macos-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'polkadot' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["polkadot", "polkadot-prepare-worker", "polkadot-execute-worker"]'
package: polkadot
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: aarch64-apple-darwin
secrets:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
permissions:
id-token: write
attestations: write
contents: read
build-polkadot-parachain-macos-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["polkadot-parachain"]'
package: polkadot-parachain-bin
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: aarch64-apple-darwin
secrets:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
permissions:
id-token: write
attestations: write
contents: read
build-polkadot-omni-node-macos-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'polkadot-omni-node' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["polkadot-omni-node"]'
package: polkadot-omni-node
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: aarch64-apple-darwin
secrets:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
permissions:
id-token: write
attestations: write
contents: read
build-frame-omni-bencher-macos-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'frame-omni-bencher' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["frame-omni-bencher"]'
package: frame-omni-bencher
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: aarch64-apple-darwin
secrets:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
permissions:
id-token: write
attestations: write
contents: read
build-chain-spec-builder-macos-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'chain-spec-builder' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["chain-spec-builder"]'
package: staging-chain-spec-builder
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: aarch64-apple-darwin
secrets:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
permissions:
id-token: write
attestations: write
contents: read
.github/workflows/release-30_publish_release_draft.yml
View file @ 5093d8e1
name: Release - Publish draft name: Release - Publish draft
on: # This workflow runs in paritytech-release and creates full release draft with:
push: # - release notes
tags: # - info about the runtimes
# Catches v1.2.3 and v1.2.3-rc1 # - attached artifacts:
- v[0-9]+.[0-9]+.[0-9]+* # - runtimes
# - binaries
# - signatures
on:
workflow_dispatch: workflow_dispatch:
inputs: inputs:
version: release_tag:
description: Current release/rc version description: Tag matching the actual release candidate with the format polkadot-stableYYMM(-X)-rcX or polkadot-stableYYMM(-X)
required: true
type: string
jobs: jobs:
get-rust-versions: check-synchronization:
uses: paritytech-release/sync-workflows/.github/workflows/check-syncronization.yml@main
validate-inputs:
needs: [ check-synchronization ]
if: ${{ needs.check-synchronization.outputs.checks_passed }} == 'true'
runs-on: ubuntu-latest runs-on: ubuntu-latest
outputs: outputs:
rustc-stable: ${{ steps.get-rust-versions.outputs.stable }} release_tag: ${{ steps.validate_inputs.outputs.release_tag }}
steps:
- id: get-rust-versions
run: |
RUST_STABLE_VERSION=$(curl -sS https://raw.githubusercontent.com/paritytech/scripts/master/dockerfiles/ci-unified/Dockerfile | grep -oP 'ARG RUST_STABLE_VERSION=\K[^ ]+')
echo "stable=$RUST_STABLE_VERSION" >> $GITHUB_OUTPUT
build-runtimes:
uses: "./.github/workflows/release-srtool.yml"
with:
excluded_runtimes: "substrate-test bp cumulus-test kitchensink minimal-template parachain-template penpal polkadot-test seedling shell frame-try sp solochain-template"
build-binaries:
runs-on: ubuntu-latest
strategy:
matrix:
# Tuples of [package, binary-name]
binary: [ [frame-omni-bencher, frame-omni-bencher], [staging-chain-spec-builder, chain-spec-builder] ]
steps: steps:
- name: Checkout sources - name: Checkout sources
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.0.0 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install protobuf-compiler
run: |
sudo apt update
sudo apt install -y protobuf-compiler
- name: Build ${{ matrix.binary[1] }} binary - name: Validate inputs
id: validate_inputs
run: | run: |
cargo build --locked --profile=production -p ${{ matrix.binary[0] }} --bin ${{ matrix.binary[1] }} . ./.github/scripts/common/lib.sh
target/production/${{ matrix.binary[1] }} --version
- name: Upload ${{ matrix.binary[1] }} binary RELEASE_TAG=$(validate_stable_tag ${{ inputs.release_tag }})
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT
with:
name: ${{ matrix.binary[1] }}
path: target/production/${{ matrix.binary[1] }}
build-runtimes:
needs: [ validate-inputs ]
uses: "./.github/workflows/release-srtool.yml"
with:
excluded_runtimes: "asset-hub-rococo bridge-hub-rococo coretime-rococo people-rococo rococo rococo-parachain substrate-test bp cumulus-test kitchensink minimal-template parachain-template penpal polkadot-test seedling shell frame-try sp solochain-template polkadot-sdk-docs-first"
build_opts: "--features on-chain-release-build"
profile: production
permissions:
id-token: write
attestations: write
contents: read
publish-release-draft: publish-release-draft:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: [ get-rust-versions, build-runtimes ] environment: release
needs: [ validate-inputs, build-runtimes ]
outputs: outputs:
release_url: ${{ steps.create-release.outputs.html_url }} release_url: ${{ steps.create-release.outputs.html_url }}
asset_upload_url: ${{ steps.create-release.outputs.upload_url }} asset_upload_url: ${{ steps.create-release.outputs.upload_url }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.0.0 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Download artifacts - name: Download artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
- name: Prepare tooling - name: Prepare tooling
run: | run: |
URL=https://github.com/chevdor/tera-cli/releases/download/v0.2.4/tera-cli_linux_amd64.deb URL=https://github.com/chevdor/tera-cli/releases/download/v0.4.0/tera-cli_linux_amd64.deb
wget $URL -O tera.deb wget $URL -O tera.deb
sudo dpkg -i tera.deb sudo dpkg -i tera.deb
- name: Prepare draft - name: Prepare draft
id: draft id: draft
env: env:
RUSTC_STABLE: ${{ needs.get-rust-versions.outputs.rustc-stable }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ASSET_HUB_ROCOCO_DIGEST: ${{ github.workspace}}/asset-hub-rococo-runtime/asset-hub-rococo-srtool-digest.json
ASSET_HUB_WESTEND_DIGEST: ${{ github.workspace}}/asset-hub-westend-runtime/asset-hub-westend-srtool-digest.json ASSET_HUB_WESTEND_DIGEST: ${{ github.workspace}}/asset-hub-westend-runtime/asset-hub-westend-srtool-digest.json
BRIDGE_HUB_ROCOCO_DIGEST: ${{ github.workspace}}/bridge-hub-rococo-runtime/bridge-hub-rococo-srtool-digest.json
BRIDGE_HUB_WESTEND_DIGEST: ${{ github.workspace}}/bridge-hub-westend-runtime/bridge-hub-westend-srtool-digest.json BRIDGE_HUB_WESTEND_DIGEST: ${{ github.workspace}}/bridge-hub-westend-runtime/bridge-hub-westend-srtool-digest.json
COLLECTIVES_WESTEND_DIGEST: ${{ github.workspace}}/collectives-westend-runtime/collectives-westend-srtool-digest.json COLLECTIVES_WESTEND_DIGEST: ${{ github.workspace}}/collectives-westend-runtime/collectives-westend-srtool-digest.json
CONTRACTS_ROCOCO_DIGEST: ${{ github.workspace}}/contracts-rococo-runtime/contracts-rococo-srtool-digest.json
CORETIME_ROCOCO_DIGEST: ${{ github.workspace}}/coretime-rococo-runtime/coretime-rococo-srtool-digest.json
CORETIME_WESTEND_DIGEST: ${{ github.workspace}}/coretime-westend-runtime/coretime-westend-srtool-digest.json CORETIME_WESTEND_DIGEST: ${{ github.workspace}}/coretime-westend-runtime/coretime-westend-srtool-digest.json
GLUTTON_WESTEND_DIGEST: ${{ github.workspace}}/glutton-westend-runtime/glutton-westend-srtool-digest.json GLUTTON_WESTEND_DIGEST: ${{ github.workspace}}/glutton-westend-runtime/glutton-westend-srtool-digest.json
PEOPLE_ROCOCO_DIGEST: ${{ github.workspace}}/people-rococo-runtime/people-rococo-srtool-digest.json
PEOPLE_WESTEND_DIGEST: ${{ github.workspace}}/people-westend-runtime/people-westend-srtool-digest.json PEOPLE_WESTEND_DIGEST: ${{ github.workspace}}/people-westend-runtime/people-westend-srtool-digest.json
ROCOCO_DIGEST: ${{ github.workspace}}/rococo-runtime/rococo-srtool-digest.json
WESTEND_DIGEST: ${{ github.workspace}}/westend-runtime/westend-srtool-digest.json WESTEND_DIGEST: ${{ github.workspace}}/westend-runtime/westend-srtool-digest.json
RELEASE_TAG: ${{ needs.validate-inputs.outputs.release_tag }}
shell: bash
run: | run: |
. ./.github/scripts/common/lib.sh . ./.github/scripts/common/lib.sh
export RUSTC_STABLE=$(grep -oP '(?<=-)[0-9]+\.[0-9]+\.[0-9]+(?=-)' .github/env)
export REF1=$(get_latest_release_tag) export REF1=$(get_latest_release_tag)
if [[ -z "${{ inputs.version }}" ]]; then if [[ -z "$RELEASE_TAG" ]]; then
export REF2="${{ github.ref_name }}" export REF2="${{ github.ref_name }}"
echo "REF2: ${REF2}"
else else
export REF2="${{ inputs.version }}" export REF2="$RELEASE_TAG"
echo "REF2: ${REF2}"
fi fi
echo "REL_TAG=$REF2" >> $GITHUB_ENV echo "REL_TAG=$REF2" >> $GITHUB_ENV
export VERSION=$(echo "$REF2" | sed -E 's/^v([0-9]+\.[0-9]+\.[0-9]+).*$/\1/') export VERSION=$(echo "$REF2" | sed -E 's/.*(stable[0-9]{4}(-[0-9]+)?).*$/\1/')
./scripts/release/build-changelogs.sh ./scripts/release/build-changelogs.sh
...@@ -113,19 +111,29 @@ jobs: ...@@ -113,19 +111,29 @@ jobs:
scripts/release/context.json scripts/release/context.json
**/*-srtool-digest.json **/*-srtool-digest.json
- name: Generate content write token for the release automation
id: generate_write_token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.POLKADOT_SDK_RELEASE_RW_APP_ID }}
private-key: ${{ secrets.POLKADOT_SDK_RELEASE_RW_APP_KEY }}
owner: paritytech
repositories: polkadot-sdk
- name: Create draft release - name: Create draft release
id: create-release id: create-release
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1.1.4
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ steps.generate_write_token.outputs.token }}
with: run: |
tag_name: ${{ env.REL_TAG }} gh release create ${{ env.REL_TAG }} \
release_name: Polkadot ${{ env.REL_TAG }} --repo paritytech/polkadot-sdk \
body_path: ${{ github.workspace}}/scripts/release/RELEASE_DRAFT.md --draft \
draft: true --title "Polkadot ${{ env.REL_TAG }}" \
--notes-file ${{ github.workspace}}/scripts/release/RELEASE_DRAFT.md
publish-runtimes: publish-runtimes:
needs: [ build-runtimes, publish-release-draft ] needs: [ validate-inputs, build-runtimes, publish-release-draft ]
environment: release
continue-on-error: true continue-on-error: true
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy: strategy:
...@@ -133,7 +141,7 @@ jobs: ...@@ -133,7 +141,7 @@ jobs:
steps: steps:
- name: Checkout sources - name: Checkout sources
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.0.0 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Download artifacts - name: Download artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
...@@ -145,44 +153,85 @@ jobs: ...@@ -145,44 +153,85 @@ jobs:
>>$GITHUB_ENV echo ASSET=$(find ${{ matrix.chain }}-runtime -name '*.compact.compressed.wasm') >>$GITHUB_ENV echo ASSET=$(find ${{ matrix.chain }}-runtime -name '*.compact.compressed.wasm')
>>$GITHUB_ENV echo SPEC=$(<${JSON} jq -r .runtimes.compact.subwasm.core_version.specVersion) >>$GITHUB_ENV echo SPEC=$(<${JSON} jq -r .runtimes.compact.subwasm.core_version.specVersion)
- name: Generate content write token for the release automation
id: generate_write_token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.POLKADOT_SDK_RELEASE_RW_APP_ID }}
private-key: ${{ secrets.POLKADOT_SDK_RELEASE_RW_APP_KEY }}
owner: paritytech
repositories: polkadot-sdk
- name: Upload compressed ${{ matrix.chain }} v${{ env.SPEC }} wasm - name: Upload compressed ${{ matrix.chain }} v${{ env.SPEC }} wasm
if: ${{ matrix.chain != 'rococo-parachain' }}
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 #v1.0.2
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ steps.generate_write_token.outputs.token }}
with: run: |
upload_url: ${{ needs.publish-release-draft.outputs.asset_upload_url }} VERSIONED_ASSET="${{ matrix.chain }}_runtime-v${{ env.SPEC }}.compact.compressed.wasm"
asset_path: ${{ env.ASSET }} mv "${{ env.ASSET }}" "$VERSIONED_ASSET"
asset_name: ${{ matrix.chain }}_runtime-v${{ env.SPEC }}.compact.compressed.wasm
asset_content_type: application/wasm gh release upload ${{ needs.validate-inputs.outputs.release_tag }} \
--repo paritytech/polkadot-sdk "$VERSIONED_ASSET"
publish-binaries: publish-release-artifacts:
needs: [ publish-release-draft, build-binaries ] needs: [ validate-inputs, publish-release-draft ]
environment: release
continue-on-error: true continue-on-error: true
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy: strategy:
matrix: matrix:
binary: [frame-omni-bencher, chain-spec-builder] binary: [ polkadot, polkadot-execute-worker, polkadot-prepare-worker, polkadot-parachain, polkadot-omni-node, frame-omni-bencher, chain-spec-builder ]
target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
steps: steps:
- name: Download artifacts - name: Checkout sources
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Fetch binaries from s3 based on version
run: |
. ./.github/scripts/common/lib.sh
VERSION="${{ needs.validate-inputs.outputs.release_tag }}"
fetch_release_artifacts_from_s3 ${{ matrix.binary }} ${{ matrix.target }}
- name: Rename aarch64-apple-darwin binaries
if: ${{ matrix.target == 'aarch64-apple-darwin' }}
working-directory: ${{ github.workspace}}/release-artifacts/${{ matrix.target }}/${{ matrix.binary }}
run: |
mv ${{ matrix.binary }} ${{ matrix.binary }}-aarch64-apple-darwin
mv ${{ matrix.binary }}.asc ${{ matrix.binary }}-aarch64-apple-darwin.asc
mv ${{ matrix.binary }}.sha256 ${{ matrix.binary }}-aarch64-apple-darwin.sha256
- name: Generate content write token for the release automation
id: generate_write_token
uses: actions/create-github-app-token@v1
with: with:
name: ${{ matrix.binary }} app-id: ${{ vars.POLKADOT_SDK_RELEASE_RW_APP_ID }}
private-key: ${{ secrets.POLKADOT_SDK_RELEASE_RW_APP_KEY }}
owner: paritytech
repositories: polkadot-sdk
- name: Upload ${{ matrix.binary }} binary - name: Upload ${{ matrix.binary }} binary to release draft
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 #v1.0.2
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ steps.generate_write_token.outputs.token }}
with: working-directory: ${{ github.workspace}}/release-artifacts/${{ matrix.target }}/${{ matrix.binary }}
upload_url: ${{ needs.publish-release-draft.outputs.asset_upload_url }} run: |
asset_path: ${{ github.workspace}}/${{ matrix.binary }} if [[ ${{ matrix.target }} == "aarch64-apple-darwin" ]]; then
asset_name: ${{ matrix.binary }} gh release upload ${{ needs.validate-inputs.outputs.release_tag }} \
asset_content_type: application/octet-stream --repo paritytech/polkadot-sdk \
${{ matrix.binary }}-aarch64-apple-darwin \
${{ matrix.binary }}-aarch64-apple-darwin.asc \
${{ matrix.binary }}-aarch64-apple-darwin.sha256
else
gh release upload ${{ needs.validate-inputs.outputs.release_tag }} \
--repo paritytech/polkadot-sdk \
${{ matrix.binary }} \
${{ matrix.binary }}.asc \
${{ matrix.binary }}.sha256
fi
post_to_matrix: post_to_matrix:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: publish-release-draft needs: [ validate-inputs, publish-release-draft ]
environment: release environment: release
strategy: strategy:
matrix: matrix:
...@@ -198,5 +247,5 @@ jobs: ...@@ -198,5 +247,5 @@ jobs:
access_token: ${{ secrets.RELEASENOTES_MATRIX_V2_ACCESS_TOKEN }} access_token: ${{ secrets.RELEASENOTES_MATRIX_V2_ACCESS_TOKEN }}
server: m.parity.io server: m.parity.io
message: | message: |
**New version of polkadot tagged**: ${{ github.ref_name }}<br/> **New version of polkadot tagged**: ${{ needs.validate-inputs.outputs.release_tag }}<br/>
Draft release created: ${{ needs.publish-release-draft.outputs.release_url }} And release draft is release created in [polkadot-sdk repo](https://github.com/paritytech/polkadot-sdk/releases)
.github/workflows/release-31_promote-rc-to-final.yml 0 → 100644
View file @ 5093d8e1
name: Release - Promote RC to final candidate on S3
on:
workflow_dispatch:
inputs:
binary:
description: Binary to be build for the release
default: all
type: choice
options:
- polkadot
- polkadot-parachain
- polkadot-omni-node
- frame-omni-bencher
- chain-spec-builder
- all
release_tag:
description: Tag matching the actual release candidate with the format polkadot-stableYYMM(-X)-rcX
type: string
jobs:
check-synchronization:
uses: paritytech-release/sync-workflows/.github/workflows/check-syncronization.yml@main
validate-inputs:
needs: [ check-synchronization ]
if: ${{ needs.check-synchronization.outputs.checks_passed }} == 'true'
runs-on: ubuntu-latest
outputs:
release_tag: ${{ steps.validate_inputs.outputs.release_tag }}
final_tag: ${{ steps.validate_inputs.outputs.final_tag }}
steps:
- name: Checkout sources
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Validate inputs
id: validate_inputs
run: |
. ./.github/scripts/common/lib.sh
RELEASE_TAG=$(validate_stable_tag ${{ inputs.release_tag }})
echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT
promote-polkadot-rc-to-final:
if: ${{ inputs.binary == 'polkadot' || inputs.binary == 'all' }}
needs: [ validate-inputs ]
uses: ./.github/workflows/release-reusable-promote-to-final.yml
strategy:
matrix:
target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
with:
package: polkadot
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: ${{ matrix.target }}
secrets:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
promote-polkadot-parachain-rc-to-final:
if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'all' }}
needs: [ validate-inputs ]
uses: ./.github/workflows/release-reusable-promote-to-final.yml
strategy:
matrix:
target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
with:
package: polkadot-parachain
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: ${{ matrix.target }}
secrets:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
promote-polkadot-omni-node-rc-to-final:
if: ${{ inputs.binary == 'polkadot-omni-node' || inputs.binary == 'all' }}
needs: [ validate-inputs ]
uses: ./.github/workflows/release-reusable-promote-to-final.yml
strategy:
matrix:
target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
with:
package: polkadot-omni-node
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: ${{ matrix.target }}
secrets:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
promote-frame-omni-bencher-rc-to-final:
if: ${{ inputs.binary == 'frame-omni-bencher' || inputs.binary == 'all' }}
needs: [ validate-inputs ]
uses: ./.github/workflows/release-reusable-promote-to-final.yml
strategy:
matrix:
target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
with:
package: frame-omni-bencher
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: ${{ matrix.target }}
secrets:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
promote-chain-spec-builder-rc-to-final:
if: ${{ inputs.binary == 'chain-spec-builder' || inputs.binary == 'all' }}
needs: [ validate-inputs ]
uses: ./.github/workflows/release-reusable-promote-to-final.yml
strategy:
matrix:
target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
with:
package: chain-spec-builder
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: ${{ matrix.target }}
secrets:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
.github/workflows/release-40_publish-deb-package.yml 0 → 100644
View file @ 5093d8e1
name: Release - Publish polkadot deb package
on:
workflow_dispatch:
inputs:
tag:
description: Current final release tag in the format polkadot-stableYYMM or polkadot-stable-YYMM-X
default: polkadot-stable2412
required: true
type: string
distribution:
description: Distribution where to publish deb package (release, staging, stable2407, etc)
default: staging
required: true
type: string
jobs:
check-synchronization:
uses: paritytech-release/sync-workflows/.github/workflows/check-syncronization.yml@main
validate-inputs:
needs: [check-synchronization]
if: ${{ needs.check-synchronization.outputs.checks_passed }} == 'true'
runs-on: ubuntu-latest
outputs:
release_tag: ${{ steps.validate_inputs.outputs.release_tag }}
steps:
- name: Checkout sources
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Validate inputs
id: validate_inputs
run: |
. ./.github/scripts/common/lib.sh
RELEASE_TAG=$(validate_stable_tag ${{ inputs.tag }})
echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT
fetch-artifacts-from-s3:
runs-on: ubuntu-latest
needs: [validate-inputs]
env:
REPO: ${{ github.repository }}
VERSION: ${{ needs.validate-inputs.outputs.release_tag }}
outputs:
NODE_VERSION: ${{ steps.fetch_artifacts_from_s3.outputs.NODE_VERSION }}
steps:
- name: Checkout sources
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Fetch rc artifacts or release artifacts from s3 based on version
id: fetch_artifacts_from_s3
run: |
. ./.github/scripts/common/lib.sh
NODE_VERSION="$(get_polkadot_node_version_from_code)"
echo "NODE_VERSION=${NODE_VERSION}" >> $GITHUB_OUTPUT
fetch_debian_package_from_s3 polkadot
- name: Upload artifacts
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: release-artifacts
path: release-artifacts/polkadot/*.deb
publish-deb-package:
runs-on: ubuntu-latest
needs: [fetch-artifacts-from-s3]
environment: release
env:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_DEB_PATH: "s3://releases-package-repos/deb"
LOCAL_DEB_REPO_PATH: ${{ github.workspace }}/deb
NODE_VERSION: ${{ needs.fetch-artifacts-from-s3.outputs.NODE_VERSION }}
steps:
- name: Install pgpkkms
run: |
# Install pgpkms that is used to sign built artifacts
python3 -m pip install "pgpkms @ git+https://github.com/paritytech-release/pgpkms.git@e7f806f99e9be5c52f0b4a536b7d4ef9c3e695ed"
echo "PGPKMS_REPREPRO_PATH=$(which pgpkms-reprepro)" >> $GITHUB_ENV
- name: Install awscli
run: |
python3 -m pip install awscli
which aws
- name: Checkout sources
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Import gpg keys
shell: bash
run: |
. ./.github/scripts/common/lib.sh
import_gpg_keys
- name: Download artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: release-artifacts
path: release-artifacts
- name: Setup local deb repo
run: |
sudo apt-get install -y reprepro
which reprepro
sed -i "s|^SignWith:.*|SignWith: ! ${PGPKMS_REPREPRO_PATH}|" ${{ github.workspace }}/.github/scripts/release/distributions
mkdir -p ${{ github.workspace }}/deb/conf
cp ${{ github.workspace }}/.github/scripts/release/distributions ${{ github.workspace }}/deb/conf/distributions
cat ${{ github.workspace }}/deb/conf/distributions
- name: Sync local deb repo
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
run: |
# Download the current state of the deb repo
aws s3 sync "$AWS_DEB_PATH/db" "$LOCAL_DEB_REPO_PATH/db"
aws s3 sync "$AWS_DEB_PATH/pool" "$LOCAL_DEB_REPO_PATH/pool"
aws s3 sync "$AWS_DEB_PATH/dists" "$LOCAL_DEB_REPO_PATH/dists"
- name: Add deb package to local repo
env:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
run: |
# Add the new deb to the repo
reprepro -b "$LOCAL_DEB_REPO_PATH" includedeb "${{ inputs.distribution }}" "release-artifacts/polkadot_${NODE_VERSION}_amd64.deb"
- name: Upload updated deb repo
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
run: |
# Upload the updated repo - dists and pool should be publicly readable
aws s3 sync "$LOCAL_DEB_REPO_PATH/pool" "$AWS_DEB_PATH/pool" --acl public-read
aws s3 sync "$LOCAL_DEB_REPO_PATH/dists" "$AWS_DEB_PATH/dists" --acl public-read
aws s3 sync "$LOCAL_DEB_REPO_PATH/db" "$AWS_DEB_PATH/db"
aws s3 sync "$LOCAL_DEB_REPO_PATH/conf" "$AWS_DEB_PATH/conf"
# Invalidate caches to make sure latest files are served
aws cloudfront create-invalidation --distribution-id E36FKEYWDXAZYJ --paths '/deb/*'
.github/workflows/release-50_publish-docker.yml
View file @ 5093d8e1
...@@ -4,10 +4,6 @@ name: Release - Publish Docker Image ...@@ -4,10 +4,6 @@ name: Release - Publish Docker Image
# It builds and published releases and rc candidates. # It builds and published releases and rc candidates.
on: on:
#TODO: activate automated run later
# release:
# types:
# - published
workflow_dispatch: workflow_dispatch:
inputs: inputs:
image_type: image_type:
...@@ -26,19 +22,10 @@ on: ...@@ -26,19 +22,10 @@ on:
type: choice type: choice
options: options:
- polkadot - polkadot
- polkadot-omni-node
- polkadot-parachain - polkadot-parachain
- chain-spec-builder - chain-spec-builder
release_id:
description: |
Release ID.
You can find it using the command:
curl -s \
-H "Authorization: Bearer ${GITHUB_TOKEN}" https://api.github.com/repos/$OWNER/$REPO/releases | \
jq '.[] | { name: .name, id: .id }'
required: true
type: number
registry: registry:
description: Container registry description: Container registry
required: true required: true
...@@ -54,12 +41,12 @@ on: ...@@ -54,12 +41,12 @@ on:
default: parity default: parity
version: version:
description: version to build/release description: Version of the polkadot node release in format v1.16.0 or v1.16.0-rc1
default: v0.9.18 default: v0.9.18
required: true required: true
stable_tag: stable_tag:
description: Tag matching the actual stable release version in the format stableYYMM or stableYYMM-X for patch releases description: Tag matching the actual stable release version in the format polkadpt-stableYYMM(-rcX) or plkadot-stableYYMM-X(-rcX) for patch releases
required: true required: true
permissions: permissions:
...@@ -75,17 +62,22 @@ env: ...@@ -75,17 +62,22 @@ env:
# EVENT_ACTION: ${{ github.event.action }} # EVENT_ACTION: ${{ github.event.action }}
EVENT_NAME: ${{ github.event_name }} EVENT_NAME: ${{ github.event_name }}
IMAGE_TYPE: ${{ inputs.image_type }} IMAGE_TYPE: ${{ inputs.image_type }}
VERSION: ${{ inputs.version }}
jobs: jobs:
check-synchronization:
uses: paritytech-release/sync-workflows/.github/workflows/check-syncronization.yml@main
validate-inputs: validate-inputs:
needs: [check-synchronization]
if: ${{ needs.check-synchronization.outputs.checks_passed }} == 'true'
runs-on: ubuntu-latest runs-on: ubuntu-latest
outputs: outputs:
stable_tag: ${{ steps.validate_inputs.outputs.stable_tag }} version: ${{ steps.validate_inputs.outputs.VERSION }}
stable_tag: ${{ steps.validate_inputs.outputs.stable_tag }}
steps: steps:
- name: Checkout sources - name: Checkout sources
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Validate inputs - name: Validate inputs
id: validate_inputs id: validate_inputs
...@@ -93,73 +85,56 @@ jobs: ...@@ -93,73 +85,56 @@ jobs:
. ./.github/scripts/common/lib.sh . ./.github/scripts/common/lib.sh
VERSION=$(filter_version_from_input "${{ inputs.version }}") VERSION=$(filter_version_from_input "${{ inputs.version }}")
echo "VERSION=${VERSION}" >> $GITHUB_ENV echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
RELEASE_ID=$(check_release_id "${{ inputs.release_id }}")
echo "RELEASE_ID=${RELEASE_ID}" >> $GITHUB_ENV
STABLE_TAG=$(validate_stable_tag ${{ inputs.stable_tag }}) STABLE_TAG=$(validate_stable_tag ${{ inputs.stable_tag }})
echo "stable_tag=${STABLE_TAG}" >> $GITHUB_OUTPUT echo "stable_tag=${STABLE_TAG}" >> $GITHUB_OUTPUT
fetch-artifacts: # this job will be triggered for the polkadot-parachain rc and release or polkadot rc image build fetch-artifacts: # this job will be triggered for the polkadot-parachain rc and release or polkadot rc image build
if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }} if: ${{ inputs.binary == 'polkadot-omni-node' || inputs.binary == 'polkadot-parachain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: [ validate-inputs ]
steps: steps:
- name: Checkout sources - name: Checkout sources
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
#TODO: this step will be needed when automated triggering will work
#this step runs only if the workflow is triggered automatically when new release is published
# if: ${{ env.EVENT_NAME == 'release' && env.EVENT_ACTION != '' && env.EVENT_ACTION == 'published' }}
# run: |
# mkdir -p release-artifacts && cd release-artifacts
# for f in $BINARY $BINARY.asc $BINARY.sha256; do
# URL="https://github.com/${{ github.event.repository.full_name }}/releases/download/${{ github.event.release.tag_name }}/$f"
# echo " - Fetching $f from $URL"
# wget "$URL" -O "$f"
# done
# chmod a+x $BINARY
# ls -al
- name: Fetch rc artifacts or release artifacts from s3 based on version - name: Fetch rc artifacts or release artifacts from s3 based on version
#this step runs only if the workflow is triggered manually # if: ${{ env.EVENT_NAME == 'workflow_dispatch' && inputs.binary != 'polkadot-omni-node' && inputs.binary != 'chain-spec-builder'}}
if: ${{ env.EVENT_NAME == 'workflow_dispatch' && inputs.binary != 'chain-spec-builder'}}
run: |
. ./.github/scripts/common/lib.sh
fetch_release_artifacts_from_s3
- name: Fetch chain-spec-builder rc artifacts or release artifacts based on release id
#this step runs only if the workflow is triggered manually and only for chain-spec-builder
if: ${{ env.EVENT_NAME == 'workflow_dispatch' && inputs.binary == 'chain-spec-builder' }}
run: | run: |
. ./.github/scripts/common/lib.sh . ./.github/scripts/common/lib.sh
fetch_release_artifacts VERSION="${{ needs.validate-inputs.outputs.stable_tag }}"
if [[ ${{ inputs.binary }} == 'polkadot' ]]; then
bins=(polkadot polkadot-prepare-worker polkadot-execute-worker)
for bin in "${bins[@]}"; do
fetch_release_artifacts_from_s3 $bin x86_64-unknown-linux-gnu
done
else
fetch_release_artifacts_from_s3 $BINARY x86_64-unknown-linux-gnu
fi
- name: Upload artifacts - name: Upload artifacts
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with: with:
name: release-artifacts name: release-artifacts
path: release-artifacts/${{ env.BINARY }}/**/* path: release-artifacts/x86_64-unknown-linux-gnu/${{ env.BINARY }}/**/*
build-container: # this job will be triggered for the polkadot-parachain rc and release or polkadot rc image build build-container: # this job will be triggered for the polkadot-parachain rc and release or polkadot rc image build
if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }} if: ${{ inputs.binary == 'polkadot-omni-node' || inputs.binary == 'polkadot-parachain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: [fetch-artifacts, validate-inputs] needs: [ fetch-artifacts, validate-inputs ]
environment: release environment: release
steps: steps:
- name: Checkout sources - name: Checkout sources
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Download artifacts - name: Download artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
- name: Check sha256 ${{ env.BINARY }} - name: Check sha256 ${{ env.BINARY }}
if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'polkadot' }} # if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'polkadot' }}
working-directory: release-artifacts working-directory: release-artifacts
run: | run: |
. ../.github/scripts/common/lib.sh . ../.github/scripts/common/lib.sh
...@@ -168,7 +143,7 @@ jobs: ...@@ -168,7 +143,7 @@ jobs:
check_sha256 $BINARY && echo "OK" || echo "ERR" check_sha256 $BINARY && echo "OK" || echo "ERR"
- name: Check GPG ${{ env.BINARY }} - name: Check GPG ${{ env.BINARY }}
if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'polkadot' }} # if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'polkadot' }}
working-directory: release-artifacts working-directory: release-artifacts
run: | run: |
. ../.github/scripts/common/lib.sh . ../.github/scripts/common/lib.sh
...@@ -176,37 +151,44 @@ jobs: ...@@ -176,37 +151,44 @@ jobs:
check_gpg $BINARY check_gpg $BINARY
- name: Fetch rc commit and tag - name: Fetch rc commit and tag
working-directory: release-artifacts
if: ${{ env.IMAGE_TYPE == 'rc' }} if: ${{ env.IMAGE_TYPE == 'rc' }}
id: fetch_rc_refs id: fetch_rc_refs
shell: bash
run: | run: |
. ./.github/scripts/common/lib.sh . ../.github/scripts/common/lib.sh
RELEASE_ID=$(check_release_id "${{ inputs.release_id }}")
release=release-$RELEASE_ID && \
echo "release=${release}" >> $GITHUB_OUTPUT
commit=$(git rev-parse --short HEAD) && \ commit=$(git rev-parse --short HEAD) && \
echo "commit=${commit}" >> $GITHUB_OUTPUT echo "commit=${commit}" >> $GITHUB_OUTPUT
echo "release=$(echo ${{ needs.validate-inputs.outputs.version }})" >> $GITHUB_OUTPUT
tag=$(git name-rev --tags --name-only $(git rev-parse HEAD)) && \ echo "tag=$(prepare_docker_stable_tag ${{ needs.validate-inputs.outputs.stable_tag }})" >> $GITHUB_OUTPUT
[ "${tag}" != "undefined" ] && echo "tag=${tag}" >> $GITHUB_OUTPUT || \
echo "No tag, doing without"
- name: Fetch release tags - name: Fetch release tags
working-directory: release-artifacts working-directory: release-artifacts
if: ${{ env.IMAGE_TYPE == 'release'}} if: ${{ env.IMAGE_TYPE == 'release'}}
id: fetch_release_refs id: fetch_release_refs
shell: bash
run: | run: |
chmod a+rx $BINARY . ../.github/scripts/common/lib.sh
[[ $BINARY != 'chain-spec-builder' ]] && VERSION=$(./$BINARY --version | awk '{ print $2 }' )
release=$( echo $VERSION | cut -f1 -d- )
echo "tag=latest" >> $GITHUB_OUTPUT echo "tag=latest" >> $GITHUB_OUTPUT
echo "release=${release}" >> $GITHUB_OUTPUT echo "release=$(echo ${{ needs.validate-inputs.outputs.version }})" >> $GITHUB_OUTPUT
echo "stable=${{ needs.validate-inputs.outputs.stable_tag }}" >> $GITHUB_OUTPUT echo "stable=$(prepare_docker_stable_tag ${{ needs.validate-inputs.outputs.stable_tag }})" >> $GITHUB_OUTPUT
- name: Build Injected Container image for polkadot rc or chain-spec-builder - name: Build Injected Container image for polkadot rc
if: ${{ env.BINARY == 'polkadot' || env.BINARY == 'chain-spec-builder' }} if: ${{ env.BINARY == 'polkadot' }}
env:
ARTIFACTS_FOLDER: release-artifacts
IMAGE_NAME: ${{ env.BINARY }}
OWNER: ${{ env.DOCKER_OWNER }}
TAGS: ${{ join(steps.fetch_rc_refs.outputs.*, ',') || join(steps.fetch_release_refs.outputs.*, ',') }}
run: |
ls -al
echo "Building container for $BINARY"
./docker/scripts/polkadot/build-injected.sh $ARTIFACTS_FOLDER
- name: Build Injected Container image for polkadot-omni-node/chain-spec-builder
if: ${{ env.BINARY == 'polkadot-omni-node' || env.BINARY == 'chain-spec-builder' }}
env: env:
ARTIFACTS_FOLDER: release-artifacts ARTIFACTS_FOLDER: release-artifacts
IMAGE_NAME: ${{ env.BINARY }} IMAGE_NAME: ${{ env.BINARY }}
...@@ -233,7 +215,15 @@ jobs: ...@@ -233,7 +215,15 @@ jobs:
echo "Building container for $BINARY" echo "Building container for $BINARY"
./docker/scripts/build-injected.sh ./docker/scripts/build-injected.sh
- name: Login to Dockerhub - name: Login to Dockerhub to publish polkadot
if: ${{ env.BINARY == 'polkadot' }}
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
username: ${{ secrets.POLKADOT_DOCKERHUB_USERNAME }}
password: ${{ secrets.POLKADOT_DOCKERHUB_TOKEN }}
- name: Login to Dockerhub to publish polkadot-omni-node/polkadot-parachain/chain-spec-builder
if: ${{ env.BINARY == 'polkadot-omni-node' || env.BINARY == 'polkadot-parachain' || env.BINARY == 'chain-spec-builder' }}
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with: with:
username: ${{ secrets.CUMULUS_DOCKERHUB_USERNAME }} username: ${{ secrets.CUMULUS_DOCKERHUB_USERNAME }}
...@@ -281,22 +271,22 @@ jobs: ...@@ -281,22 +271,22 @@ jobs:
build-polkadot-release-container: # this job will be triggered for polkadot release build build-polkadot-release-container: # this job will be triggered for polkadot release build
if: ${{ inputs.binary == 'polkadot' && inputs.image_type == 'release' }} if: ${{ inputs.binary == 'polkadot' && inputs.image_type == 'release' }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: [fetch-latest-debian-package-version, validate-inputs] needs: [ fetch-latest-debian-package-version, validate-inputs ]
environment: release environment: release
steps: steps:
- name: Checkout sources - name: Checkout sources
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27 # v3.5.0 uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
- name: Cache Docker layers - name: Cache Docker layers
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
with: with:
path: /tmp/.buildx-cache path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }} key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: | restore-keys: |
${{ runner.os }}-buildx- ${{ runner.os }}-buildx-
- name: Login to Docker Hub - name: Login to Docker Hub
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
...@@ -307,19 +297,21 @@ jobs: ...@@ -307,19 +297,21 @@ jobs:
- name: Fetch values - name: Fetch values
id: fetch-data id: fetch-data
run: | run: |
. ./.github/scripts/common/lib.sh
date=$(date -u '+%Y-%m-%dT%H:%M:%SZ') date=$(date -u '+%Y-%m-%dT%H:%M:%SZ')
echo "date=$date" >> $GITHUB_OUTPUT echo "date=$date" >> $GITHUB_OUTPUT
echo "stable=$(prepare_docker_stable_tag ${{ needs.validate-inputs.outputs.stable_tag }})" >> $GITHUB_OUTPUT
- name: Build and push - name: Build and push
id: docker_build id: docker_build
uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0 uses: docker/build-push-action@5e99dacf67635c4f273e532b9266ddb609b3025a # v6.9.0
with: with:
push: true push: true
file: docker/dockerfiles/polkadot/polkadot_injected_debian.Dockerfile file: docker/dockerfiles/polkadot/polkadot_injected_debian.Dockerfile
# TODO: The owner should be used below but buildx does not resolve the VARs # TODO: The owner should be used below but buildx does not resolve the VARs
# TODO: It would be good to get rid of this GHA that we don't really need. # TODO: It would be good to get rid of this GHA that we don't really need.
tags: | tags: |
parity/polkadot:${{ needs.validate-inputs.outputs.stable_tag }} parity/polkadot:${{ steps.fetch-data.outputs.stable }}
parity/polkadot:latest parity/polkadot:latest
parity/polkadot:${{ needs.fetch-latest-debian-package-version.outputs.polkadot_container_tag }} parity/polkadot:${{ needs.fetch-latest-debian-package-version.outputs.polkadot_container_tag }}
build-args: | build-args: |
......
.github/workflows/release-build-binary.yml 0 → 100644
View file @ 5093d8e1
name: Binary Build
# This workflow can be used to build a binary like polkadot + workers, omninode or polkadot-parachain
# from any branch with release or profuction profile to be later used for testing.
# ⚠️ IT should not be used for release purposes!
on:
workflow_dispatch:
inputs:
binary:
required: true
default: "polkadot"
description: "The binary to build"
package:
description: Package to be built, can be polkadot, polkadot-parachain-bin, polkadot-omni-node etc.
required: true
type: string
profile:
required: true
default: "release"
description: "The profile to use for the binary build"
jobs:
setup:
# GitHub Actions allows using 'env' in a container context.
# However, env variables don't work for forks: https://github.com/orgs/community/discussions/44322
# This workaround sets the container image for each job using 'set-image' job output.
runs-on: ubuntu-latest
outputs:
IMAGE: ${{ steps.set_image.outputs.IMAGE }}
RUNNER: ${{ steps.set_runner.outputs.RUNNER }}
steps:
- name: Checkout
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Set image
id: set_image
run: cat .github/env >> $GITHUB_OUTPUT
- name: Set runner
id: set_runner
shell: bash
run: |
if [[ "${{ inputs.binary }}" == "polkadot-parachain" ]]; then
echo "RUNNER=parity-large" >> $GITHUB_OUTPUT
else
echo "RUNNER=ubuntu-latest" >> $GITHUB_OUTPUT
fi
build:
needs: [setup]
runs-on: ${{ needs.setup.outputs.RUNNER }}
container:
image: ${{ needs.setup.outputs.IMAGE }}
steps:
- name: Checkout
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Build binary
run: |
git config --global --add safe.directory "${GITHUB_WORKSPACE}" #avoid "detected dubious ownership" error
PROFILE=${{ inputs.profile }}
if [ "${{ inputs.binary }}" = "polkadot" ]; then
for binary in polkadot polkadot-prepare-worker polkadot-execute-worker; do
echo "Building $binary..."
./.github/scripts/release/build-linux-release.sh $binary ${{ inputs.package }} "${PROFILE}"
done
else
./.github/scripts/release/build-linux-release.sh ${{ inputs.binary }} ${{ inputs.package }} "${PROFILE}"
fi
- name: Upload ${{ inputs.binary }} artifacts
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: ${{ inputs.binary }}
path: /artifacts/**
.github/workflows/release-check-runtimes.yml
View file @ 5093d8e1
...@@ -35,7 +35,7 @@ jobs: ...@@ -35,7 +35,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout the repo - name: Checkout the repo
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7
- name: Get list - name: Get list
id: get-list id: get-list
...@@ -56,7 +56,7 @@ jobs: ...@@ -56,7 +56,7 @@ jobs:
steps: steps:
- name: Checkout the repo - name: Checkout the repo
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7
- name: Fetch release artifacts based on release id - name: Fetch release artifacts based on release id
env: env:
......
.github/workflows/release-clobber-stable.yml
View file @ 5093d8e1
...@@ -24,7 +24,7 @@ jobs: ...@@ -24,7 +24,7 @@ jobs:
AUDITED: audited AUDITED: audited
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7
- name: Prechecks - name: Prechecks
run: | run: |
......
.github/workflows/release-reusable-promote-to-final.yml 0 → 100644
View file @ 5093d8e1
name: Promote rc to final
on:
workflow_call:
inputs:
package:
description: Package to be promoted
required: true
type: string
release_tag:
description: Tag matching the actual release candidate with the format polkadot-stableYYMM(-X)-rcX taht will be changed to final in form of polkadot-stableYYMM(-X)
required: true
type: string
target:
description: Target triple for which the artifacts are being uploaded (e.g aarch64-apple-darwin)
required: true
type: string
secrets:
AWS_DEFAULT_REGION:
required: true
AWS_RELEASE_ACCESS_KEY_ID:
required: true
AWS_RELEASE_SECRET_ACCESS_KEY:
required: true
jobs:
promote-release-artifacts:
environment: release
runs-on: ubuntu-latest
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
RELEASE_TAG: ${{ inputs.release_tag }}
PACKAGE: ${{ inputs.package }}
TARGET: ${{ inputs.target }}
steps:
- name: Checkout sources
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Prepare final tag
id: prepare_final_tag
shell: bash
run: |
tag="$(echo $RELEASE_TAG | sed 's/-rc[0-9]*$//')"
echo $tag
echo "FINAL_TAG=${tag}" >> $GITHUB_OUTPUT
- name: Fetch binaries from s3 based on version
run: |
. ./.github/scripts/common/lib.sh
VERSION="$RELEASE_TAG"
if [[ "$PACKAGE" == 'polkadot' ]]; then
packages=(polkadot polkadot-prepare-worker polkadot-execute-worker)
for package in "${packages[@]}"; do
OUTPUT_DIR="./release-artifacts/$TARGET/${package}"
fetch_release_artifacts_from_s3 "$package" "$TARGET"
done
NODE_VERSION="$(get_polkadot_node_version_from_code)"
fetch_debian_package_from_s3 polkadot
else
fetch_release_artifacts_from_s3 "$PACKAGE" "$TARGET"
fi
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Upload ${{ inputs.package }} ${{ inputs.target }} artifacts to s3
run: |
. ./.github/scripts/release/release_lib.sh
if [[ "$PACKAGE" == 'polkadot' ]]; then
packages=(polkadot polkadot-prepare-worker polkadot-execute-worker)
for package in "${packages[@]}"; do
upload_s3_release $package ${{ steps.prepare_final_tag.outputs.final_tag }} ${{ inputs.target }}
done
else
upload_s3_release "$PACKAGE" ${{ steps.prepare_final_tag.outputs.final_tag }} "$TARGET"
fi