Skip to content

Commit

Permalink
wip
Browse files Browse the repository at this point in the history
  • Loading branch information
@sdaveas
sdaveas committed Jun 4, 2024
1 parent 34a6d7a commit e752944
Showing 1 changed file with 118 additions and 114 deletions.
232 changes: 118 additions & 114 deletions .github/workflows/build-docker-image-and-binaries.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,12 +32,12 @@ jobs:
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2

- name: Validate tag for binaries build
env:
SEMVER: ${{ github.event.inputs.tag }}
run: |
if [[ $SEMVER =~ v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} ]]; then echo "Tag is okay" && exit 0; else echo "invalid tag" && exit 1; fi
aws s3 ls s3://axelar-releases/tofnd/"$SEMVER" && echo "tag already exists, use a new one" && exit 1
# - name: Validate tag for binaries build
# env:
# SEMVER: ${{ github.event.inputs.tag }}
# run: |
# if [[ $SEMVER =~ v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} ]]; then echo "Tag is okay" && exit 0; else echo "invalid tag" && exit 1; fi
# aws s3 ls s3://axelar-releases/tofnd/"$SEMVER" && echo "tag already exists, use a new one" && exit 1

- name: Checkout code
uses: actions/checkout@v2
Expand Down Expand Up @@ -72,6 +72,8 @@ jobs:
ARCH="${{ matrix.arch }}"
if [ "$ARCH" == "arm64" ]
then
export LIBRARY_PATH=/opt/homebrew/lib:$LIBRARY_PATH
export LD_LIBRARY_PATH=/opt/homebrew/lib:$LD_LIBRARY_PATH
export HOMEBREW_NO_INSTALL_CLEANUP=TRUE
brew uninstall --ignore-dependencies gmp
ARM_DEPENDENCY=$(brew fetch --force --bottle-tag=arm64_sonoma gmp | grep Downloaded | awk '{print $3}')
Expand All @@ -81,6 +83,8 @@ jobs:
mkdir -p tofndbin
mv /Users/runner/work/tofnd/tofnd/target/aarch64-apple-darwin/release/tofnd "./tofndbin/tofnd-$OS-$ARCH-$SEMVER"
else
export LIBRARY_PATH=/opt/homebrew/lib:$LIBRARY_PATH
export LD_LIBRARY_PATH=/opt/homebrew/lib:$LD_LIBRARY_PATH
export HOMEBREW_NO_INSTALL_CLEANUP=TRUE
brew uninstall --ignore-dependencies gmp
ARM_DEPENDENCY=$(brew fetch --force --bottle-tag=x86_64_sonoma gmp | grep Downloaded | awk '{print $3}')
Expand All @@ -100,111 +104,111 @@ jobs:
mkdir -p tofndbin
mv "/home/runner/.cargo/bin/tofnd" "./tofndbin/tofnd-$OS-$ARCH-$SEMVER"
- name: Test tofnd version
working-directory: ./tofndbin
run: |
./tofnd-* --version
- name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v4
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}

- name: Sign binaries
working-directory: ./tofndbin
env:
SEMVER: ${{ github.event.inputs.tag }}
run: |
if [ "$RUNNER_OS" == "Linux" ]
then
OS="linux"
else
OS="darwin"
fi
ARCH="${{ matrix.arch }}"
gpg --armor --detach-sign tofnd-"$OS"-"$ARCH"-"$SEMVER"
- name: Create zip and sha256 files
working-directory: ./tofndbin
run: |
for i in `ls | grep -v .asc`
do
shasum -a 256 $i | awk '{print $1}' > $i.sha256
zip $i.zip $i
shasum -a 256 $i.zip | awk '{print $1}' > $i.zip.sha256
done
- name: Upload binaries to release
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: ./tofndbin/*
tag: ${{ github.event.inputs.tag }}
overwrite: true
file_glob: true

- name: Upload binaries to S3
env:
S3_PATH: s3://axelar-releases/tofnd/${{ github.event.inputs.tag }}
run: |
aws s3 cp ./tofndbin ${S3_PATH}/ --recursive
release-docker:

runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest]

permissions:
contents: write
packages: write
id-token: write

steps:

- name: Checkout code for docker image build
uses: actions/checkout@v2
with:
fetch-depth: '0'
ref: ${{ github.event.inputs.tag }}
submodules: recursive

- name: Install Cosign
if: matrix.os == 'ubuntu-latest'
uses: sigstore/cosign-installer@v3.3.0
with:
cosign-release: 'v2.2.2'

- name: Install SSH key
if: matrix.os == 'ubuntu-latest'
uses: webfactory/ssh-agent@v0.4.1
with:
ssh-private-key: ${{ secrets.CICD_RSA_KEY }}

- name: Build docker image
if: matrix.os == 'ubuntu-latest'
run: |
make docker-image
- name: Login to DockerHub
if: matrix.os == 'ubuntu-latest'
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}

- name: Push to DockerHub (release)
if: matrix.os == 'ubuntu-latest'
run: |
docker tag axelar/tofnd:latest axelarnet/tofnd:${{ github.event.inputs.tag }}
docker push axelarnet/tofnd:${{ github.event.inputs.tag }}
- name: Sign the images with GitHub OIDC
if: matrix.os == 'ubuntu-latest'
run: cosign sign -y --oidc-issuer https://token.actions.githubusercontent.com ${TAGS}
env:
TAGS: axelarnet/tofnd:${{ github.event.inputs.tag }}
COSIGN_EXPERIMENTAL: 1
# - name: Test tofnd version
# working-directory: ./tofndbin
# run: |
# ./tofnd-* --version

# - name: Import GPG key
# id: import_gpg
# uses: crazy-max/ghaction-import-gpg@v4
# with:
# gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
# passphrase: ${{ secrets.GPG_PASSPHRASE }}

# - name: Sign binaries
# working-directory: ./tofndbin
# env:
# SEMVER: ${{ github.event.inputs.tag }}
# run: |
# if [ "$RUNNER_OS" == "Linux" ]
# then
# OS="linux"
# else
# OS="darwin"
# fi
# ARCH="${{ matrix.arch }}"
# gpg --armor --detach-sign tofnd-"$OS"-"$ARCH"-"$SEMVER"

# - name: Create zip and sha256 files
# working-directory: ./tofndbin
# run: |
# for i in `ls | grep -v .asc`
# do
# shasum -a 256 $i | awk '{print $1}' > $i.sha256
# zip $i.zip $i
# shasum -a 256 $i.zip | awk '{print $1}' > $i.zip.sha256
# done

# - name: Upload binaries to release
# uses: svenstaro/upload-release-action@v2
# with:
# repo_token: ${{ secrets.GITHUB_TOKEN }}
# file: ./tofndbin/*
# tag: ${{ github.event.inputs.tag }}
# overwrite: true
# file_glob: true

# - name: Upload binaries to S3
# env:
# S3_PATH: s3://axelar-releases/tofnd/${{ github.event.inputs.tag }}
# run: |
# aws s3 cp ./tofndbin ${S3_PATH}/ --recursive

# release-docker:

# runs-on: ${{ matrix.os }}
# strategy:
# matrix:
# os: [ubuntu-latest]

# permissions:
# contents: write
# packages: write
# id-token: write

# steps:

# - name: Checkout code for docker image build
# uses: actions/checkout@v2
# with:
# fetch-depth: '0'
# ref: ${{ github.event.inputs.tag }}
# submodules: recursive

# - name: Install Cosign
# if: matrix.os == 'ubuntu-latest'
# uses: sigstore/cosign-installer@v3.3.0
# with:
# cosign-release: 'v2.2.2'

# - name: Install SSH key
# if: matrix.os == 'ubuntu-latest'
# uses: webfactory/ssh-agent@v0.4.1
# with:
# ssh-private-key: ${{ secrets.CICD_RSA_KEY }}

# - name: Build docker image
# if: matrix.os == 'ubuntu-latest'
# run: |
# make docker-image

# - name: Login to DockerHub
# if: matrix.os == 'ubuntu-latest'
# uses: docker/login-action@v1
# with:
# username: ${{ secrets.DOCKER_HUB_USERNAME }}
# password: ${{ secrets.DOCKER_HUB_TOKEN }}

# - name: Push to DockerHub (release)
# if: matrix.os == 'ubuntu-latest'
# run: |
# docker tag axelar/tofnd:latest axelarnet/tofnd:${{ github.event.inputs.tag }}
# docker push axelarnet/tofnd:${{ github.event.inputs.tag }}

# - name: Sign the images with GitHub OIDC
# if: matrix.os == 'ubuntu-latest'
# run: cosign sign -y --oidc-issuer https://token.actions.githubusercontent.com ${TAGS}
# env:
# TAGS: axelarnet/tofnd:${{ github.event.inputs.tag }}
# COSIGN_EXPERIMENTAL: 1

0 comments on commit e752944

Please sign in to comment.