From e75294482b5da28b88acda8353d0207a97d9362b Mon Sep 17 00:00:00 2001 From: Stelios Daveas Date: Tue, 4 Jun 2024 13:31:37 +0200 Subject: [PATCH] wip --- .../build-docker-image-and-binaries.yaml | 232 +++++++++--------- 1 file changed, 118 insertions(+), 114 deletions(-) diff --git a/.github/workflows/build-docker-image-and-binaries.yaml b/.github/workflows/build-docker-image-and-binaries.yaml index f87c0727..3ab91465 100644 --- a/.github/workflows/build-docker-image-and-binaries.yaml +++ b/.github/workflows/build-docker-image-and-binaries.yaml @@ -32,12 +32,12 @@ jobs: aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: us-east-2 - - name: Validate tag for binaries build - env: - SEMVER: ${{ github.event.inputs.tag }} - run: | - if [[ $SEMVER =~ v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} ]]; then echo "Tag is okay" && exit 0; else echo "invalid tag" && exit 1; fi - aws s3 ls s3://axelar-releases/tofnd/"$SEMVER" && echo "tag already exists, use a new one" && exit 1 + # - name: Validate tag for binaries build + # env: + # SEMVER: ${{ github.event.inputs.tag }} + # run: | + # if [[ $SEMVER =~ v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} ]]; then echo "Tag is okay" && exit 0; else echo "invalid tag" && exit 1; fi + # aws s3 ls s3://axelar-releases/tofnd/"$SEMVER" && echo "tag already exists, use a new one" && exit 1 - name: Checkout code uses: actions/checkout@v2 @@ -72,6 +72,8 @@ jobs: ARCH="${{ matrix.arch }}" if [ "$ARCH" == "arm64" ] then + export LIBRARY_PATH=/opt/homebrew/lib:$LIBRARY_PATH + export LD_LIBRARY_PATH=/opt/homebrew/lib:$LD_LIBRARY_PATH export HOMEBREW_NO_INSTALL_CLEANUP=TRUE brew uninstall --ignore-dependencies gmp ARM_DEPENDENCY=$(brew fetch --force --bottle-tag=arm64_sonoma gmp | grep Downloaded | awk '{print $3}') @@ -81,6 +83,8 @@ jobs: mkdir -p tofndbin mv /Users/runner/work/tofnd/tofnd/target/aarch64-apple-darwin/release/tofnd "./tofndbin/tofnd-$OS-$ARCH-$SEMVER" else + export LIBRARY_PATH=/opt/homebrew/lib:$LIBRARY_PATH + export LD_LIBRARY_PATH=/opt/homebrew/lib:$LD_LIBRARY_PATH export HOMEBREW_NO_INSTALL_CLEANUP=TRUE brew uninstall --ignore-dependencies gmp ARM_DEPENDENCY=$(brew fetch --force --bottle-tag=x86_64_sonoma gmp | grep Downloaded | awk '{print $3}') @@ -100,111 +104,111 @@ jobs: mkdir -p tofndbin mv "/home/runner/.cargo/bin/tofnd" "./tofndbin/tofnd-$OS-$ARCH-$SEMVER" - - name: Test tofnd version - working-directory: ./tofndbin - run: | - ./tofnd-* --version - - - name: Import GPG key - id: import_gpg - uses: crazy-max/ghaction-import-gpg@v4 - with: - gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} - passphrase: ${{ secrets.GPG_PASSPHRASE }} - - - name: Sign binaries - working-directory: ./tofndbin - env: - SEMVER: ${{ github.event.inputs.tag }} - run: | - if [ "$RUNNER_OS" == "Linux" ] - then - OS="linux" - else - OS="darwin" - fi - ARCH="${{ matrix.arch }}" - gpg --armor --detach-sign tofnd-"$OS"-"$ARCH"-"$SEMVER" - - - name: Create zip and sha256 files - working-directory: ./tofndbin - run: | - for i in `ls | grep -v .asc` - do - shasum -a 256 $i | awk '{print $1}' > $i.sha256 - zip $i.zip $i - shasum -a 256 $i.zip | awk '{print $1}' > $i.zip.sha256 - done - - - name: Upload binaries to release - uses: svenstaro/upload-release-action@v2 - with: - repo_token: ${{ secrets.GITHUB_TOKEN }} - file: ./tofndbin/* - tag: ${{ github.event.inputs.tag }} - overwrite: true - file_glob: true - - - name: Upload binaries to S3 - env: - S3_PATH: s3://axelar-releases/tofnd/${{ github.event.inputs.tag }} - run: | - aws s3 cp ./tofndbin ${S3_PATH}/ --recursive - - release-docker: - - runs-on: ${{ matrix.os }} - strategy: - matrix: - os: [ubuntu-latest] - - permissions: - contents: write - packages: write - id-token: write - - steps: - - - name: Checkout code for docker image build - uses: actions/checkout@v2 - with: - fetch-depth: '0' - ref: ${{ github.event.inputs.tag }} - submodules: recursive - - - name: Install Cosign - if: matrix.os == 'ubuntu-latest' - uses: sigstore/cosign-installer@v3.3.0 - with: - cosign-release: 'v2.2.2' - - - name: Install SSH key - if: matrix.os == 'ubuntu-latest' - uses: webfactory/ssh-agent@v0.4.1 - with: - ssh-private-key: ${{ secrets.CICD_RSA_KEY }} - - - name: Build docker image - if: matrix.os == 'ubuntu-latest' - run: | - make docker-image - - - name: Login to DockerHub - if: matrix.os == 'ubuntu-latest' - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_TOKEN }} - - - name: Push to DockerHub (release) - if: matrix.os == 'ubuntu-latest' - run: | - docker tag axelar/tofnd:latest axelarnet/tofnd:${{ github.event.inputs.tag }} - docker push axelarnet/tofnd:${{ github.event.inputs.tag }} - - - name: Sign the images with GitHub OIDC - if: matrix.os == 'ubuntu-latest' - run: cosign sign -y --oidc-issuer https://token.actions.githubusercontent.com ${TAGS} - env: - TAGS: axelarnet/tofnd:${{ github.event.inputs.tag }} - COSIGN_EXPERIMENTAL: 1 + # - name: Test tofnd version + # working-directory: ./tofndbin + # run: | + # ./tofnd-* --version + + # - name: Import GPG key + # id: import_gpg + # uses: crazy-max/ghaction-import-gpg@v4 + # with: + # gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + # passphrase: ${{ secrets.GPG_PASSPHRASE }} + + # - name: Sign binaries + # working-directory: ./tofndbin + # env: + # SEMVER: ${{ github.event.inputs.tag }} + # run: | + # if [ "$RUNNER_OS" == "Linux" ] + # then + # OS="linux" + # else + # OS="darwin" + # fi + # ARCH="${{ matrix.arch }}" + # gpg --armor --detach-sign tofnd-"$OS"-"$ARCH"-"$SEMVER" + + # - name: Create zip and sha256 files + # working-directory: ./tofndbin + # run: | + # for i in `ls | grep -v .asc` + # do + # shasum -a 256 $i | awk '{print $1}' > $i.sha256 + # zip $i.zip $i + # shasum -a 256 $i.zip | awk '{print $1}' > $i.zip.sha256 + # done + + # - name: Upload binaries to release + # uses: svenstaro/upload-release-action@v2 + # with: + # repo_token: ${{ secrets.GITHUB_TOKEN }} + # file: ./tofndbin/* + # tag: ${{ github.event.inputs.tag }} + # overwrite: true + # file_glob: true + + # - name: Upload binaries to S3 + # env: + # S3_PATH: s3://axelar-releases/tofnd/${{ github.event.inputs.tag }} + # run: | + # aws s3 cp ./tofndbin ${S3_PATH}/ --recursive + + # release-docker: + + # runs-on: ${{ matrix.os }} + # strategy: + # matrix: + # os: [ubuntu-latest] + + # permissions: + # contents: write + # packages: write + # id-token: write + + # steps: + + # - name: Checkout code for docker image build + # uses: actions/checkout@v2 + # with: + # fetch-depth: '0' + # ref: ${{ github.event.inputs.tag }} + # submodules: recursive + + # - name: Install Cosign + # if: matrix.os == 'ubuntu-latest' + # uses: sigstore/cosign-installer@v3.3.0 + # with: + # cosign-release: 'v2.2.2' + + # - name: Install SSH key + # if: matrix.os == 'ubuntu-latest' + # uses: webfactory/ssh-agent@v0.4.1 + # with: + # ssh-private-key: ${{ secrets.CICD_RSA_KEY }} + + # - name: Build docker image + # if: matrix.os == 'ubuntu-latest' + # run: | + # make docker-image + + # - name: Login to DockerHub + # if: matrix.os == 'ubuntu-latest' + # uses: docker/login-action@v1 + # with: + # username: ${{ secrets.DOCKER_HUB_USERNAME }} + # password: ${{ secrets.DOCKER_HUB_TOKEN }} + + # - name: Push to DockerHub (release) + # if: matrix.os == 'ubuntu-latest' + # run: | + # docker tag axelar/tofnd:latest axelarnet/tofnd:${{ github.event.inputs.tag }} + # docker push axelarnet/tofnd:${{ github.event.inputs.tag }} + + # - name: Sign the images with GitHub OIDC + # if: matrix.os == 'ubuntu-latest' + # run: cosign sign -y --oidc-issuer https://token.actions.githubusercontent.com ${TAGS} + # env: + # TAGS: axelarnet/tofnd:${{ github.event.inputs.tag }} + # COSIGN_EXPERIMENTAL: 1