Upload Binaries and Docker Image #118

Workflow file for this run

.github/workflows/build-docker-image-and-binaries.yaml at b8e3b99

	name: Upload Binaries and Docker Image

	on:
	workflow_dispatch:
	inputs:
	tag:
	description: Github tag to release binaries for (reusing an existing tag will make the pipeline fail)
	required: true
	default: latest
	jobs:

	release-binaries:
	runs-on: ${{ matrix.os }}
	strategy:
	matrix:
	os: [ubuntu-latest, macos-latest]
	arch: [amd64, arm64]
	exclude:
	- {os: "ubuntu-latest", arch: "arm64"}

	permissions:
	contents: write
	packages: write
	id-token: write

	steps:

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v1
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws-region: us-east-2

	- name: Validate tag for binaries build
	env:
	SEMVER: ${{ github.event.inputs.tag }}
	run: \|
	if [[ $SEMVER =~ v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} ]]; then echo "Tag is okay" && exit 0; else echo "invalid tag" && exit 1; fi
	aws s3 ls s3://axelar-releases/tofnd/"$SEMVER" && echo "tag already exists, use a new one" && exit 1

	- name: Checkout code
	uses: actions/checkout@v2
	with:
	fetch-depth: '0'
	ref: ${{ github.event.inputs.tag }}
	submodules: recursive

	- name: Install Rust
	run: \|
	curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs \| sh -s -- -y

	- name: build binaries
	env:
	SEMVER: ${{ github.event.inputs.tag }}
	run: \|
	if [ "$RUNNER_OS" == "Linux" ]
	then
	OS="linux"
	TOFND_PATH="/home/runner/work/tofnd/tofnd/target/release"
	else
	OS="darwin"
	TOFND_PATH="/Users/runner/work/tofnd/tofnd/target/release"
	fi

	- name: build darwin binaries
	env:
	SEMVER: ${{ github.event.inputs.tag }}
	if: matrix.os == 'macos-latest'
	run: \|
	OS="darwin"
	ARCH="${{ matrix.arch }}"
	if [ "$ARCH" == "arm64" ]
	then
	export HOMEBREW_NO_INSTALL_CLEANUP=TRUE
	brew uninstall --ignore-dependencies gmp
	ARM_DEPENDENCY=$(brew fetch --force --bottle-tag=arm64_sonoma gmp \| grep Downloaded \| awk '{print $3}')
	brew install "$ARM_DEPENDENCY"
	rustup target add aarch64-apple-darwin
	cargo build --release --target aarch64-apple-darwin
	mkdir -p tofndbin
	mv /Users/runner/work/tofnd/tofnd/target/aarch64-apple-darwin/release/tofnd "./tofndbin/tofnd-$OS-$ARCH-$SEMVER"
	else
	cargo install --locked --path .
	mkdir -p tofndbin
	mv "/Users/runner/work/tofnd/tofnd/target/release/tofnd" "./tofndbin/tofnd-$OS-$ARCH-$SEMVER"
	fi
	- name: build linux binaries
	env:
	SEMVER: ${{ github.event.inputs.tag }}
	if: matrix.os == 'ubuntu-latest'
	run: \|
	OS="linux"
	ARCH="${{ matrix.arch }}"
	cargo install --locked --path .
	mkdir -p tofndbin
	mv "/Users/runner/work/tofnd/tofnd/target/release/tofnd" "./tofndbin/tofnd-$OS-$ARCH-$SEMVER"

	- name: Test tofnd version
	working-directory: ./tofndbin
	run: \|
	./tofnd-* --version

	- name: Import GPG key
	id: import_gpg
	uses: crazy-max/ghaction-import-gpg@v4
	with:
	gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
	passphrase: ${{ secrets.GPG_PASSPHRASE }}

	- name: Sign binaries
	working-directory: ./tofndbin
	env:
	SEMVER: ${{ github.event.inputs.tag }}
	run: \|
	if [ "$RUNNER_OS" == "Linux" ]
	then
	OS="linux"
	else
	OS="darwin"
	fi
	ARCH="${{ matrix.arch }}"
	gpg --armor --detach-sign tofnd-"$OS"-"$ARCH"-"$SEMVER"

	- name: Create zip and sha256 files
	working-directory: ./tofndbin
	run: \|
	for i in `ls \| grep -v .asc`
	do
	shasum -a 256 $i \| awk '{print $1}' > $i.sha256
	zip $i.zip $i
	shasum -a 256 $i.zip \| awk '{print $1}' > $i.zip.sha256
	done

	- name: Upload binaries to release
	uses: svenstaro/upload-release-action@v2
	with:
	repo_token: ${{ secrets.GITHUB_TOKEN }}
	file: ./tofndbin/*
	tag: ${{ github.event.inputs.tag }}
	overwrite: true
	file_glob: true

	- name: Upload binaries to S3
	env:
	S3_PATH: s3://axelar-releases/tofnd/${{ github.event.inputs.tag }}
	run: \|
	aws s3 cp ./tofndbin ${S3_PATH}/ --recursive

	release-docker:

	runs-on: ${{ matrix.os }}
	strategy:
	matrix:
	os: [ubuntu-latest]

	permissions:
	contents: write
	packages: write
	id-token: write

	steps:

	- name: Checkout code for docker image build
	uses: actions/checkout@v2
	with:
	fetch-depth: '0'
	ref: ${{ github.event.inputs.tag }}
	submodules: recursive

	- name: Install Cosign
	if: matrix.os == 'ubuntu-latest'
	uses: sigstore/cosign-installer@v3.3.0
	with:
	cosign-release: 'v2.2.2'

	- name: Install SSH key
	if: matrix.os == 'ubuntu-latest'
	uses: webfactory/ssh-agent@v0.4.1
	with:
	ssh-private-key: ${{ secrets.CICD_RSA_KEY }}

	- name: Build docker image
	if: matrix.os == 'ubuntu-latest'
	run: \|
	make docker-image

	- name: Login to DockerHub
	if: matrix.os == 'ubuntu-latest'
	uses: docker/login-action@v1
	with:
	username: ${{ secrets.DOCKER_HUB_USERNAME }}
	password: ${{ secrets.DOCKER_HUB_TOKEN }}

	- name: Push to DockerHub (release)
	if: matrix.os == 'ubuntu-latest'
	run: \|
	docker tag axelar/tofnd:latest axelarnet/tofnd:${{ github.event.inputs.tag }}
	docker push axelarnet/tofnd:${{ github.event.inputs.tag }}

	- name: Sign the images with GitHub OIDC
	if: matrix.os == 'ubuntu-latest'
	run: cosign sign -y --oidc-issuer https://token.actions.githubusercontent.com ${TAGS}
	env:
	TAGS: axelarnet/tofnd:${{ github.event.inputs.tag }}
	COSIGN_EXPERIMENTAL: 1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Upload Binaries and Docker Image #118

Workflow file

Upload Binaries and Docker Image #118

Jobs

Run details

Workflow file for this run