Skip to content

feat: Nimbus integration #764

feat: Nimbus integration

feat: Nimbus integration #764

Workflow file for this run

name: Release
on:
push:
branches:
- main
pull_request:
branches:
- "*"
concurrency:
group: compile-${{ github.ref }}
cancel-in-progress: true
permissions:
id-token: write
pull-requests: write
contents: write
env:
CARGO_INCREMENTAL: 0
CARGO_NET_RETRY: 10
RUST_BACKTRACE: short
RUSTUP_MAX_RETRIES: 10
MACOSX_DEPLOYMENT_TARGET: 10.7
jobs:
# Update release PR
release_please:
name: Release Please
runs-on: ubuntu-latest
if: github.repository == 'lukso-network/tools-lukso-cli'
outputs:
release_created: ${{ steps.release.outputs.release_created }}
tag_name: ${{ steps.release.outputs.tag_name }}
version_name: ${{ steps.calc.outputs.version }}
folder: ${{ steps.calc.outputs.folder }}
steps:
- name: Validate | Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: google-github-actions/release-please-action@v3
if: ${{ github.ref_name == 'main' && github.ref_type == 'branch' }}
id: release
with:
token: ${{ secrets.GITHUB_TOKEN }}
release-type: go
- id: calc
name: Detect final version name
run: |
FOLDER=''
if [ "${{ steps.release.outputs.release_created }}" != "true" ]
then
SHA="${{ github.sha }}"
# For the extension we cannot use - but must use . for the PR number.
VERSION="v$(node -pe 'require("./.release-please-manifest.json")["."]')"
if [ -n "${{ github.event.number }}" ]
then
VERSION="${VERSION}+${SHA:0:7}+pr-${{ github.event.number }}"
FOLDER="/${{ github.event.number }}"
fi
else
VERSION="${{ steps.release.outputs.tag_name }}"
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "folder=$FOLDER" >> $GITHUB_OUTPUT
check_test:
name: Lint Test
uses: ./.github/workflows/test-lint.yml
secrets: inherit
# Build sources for every OS
github_build:
name: Build release binaries
needs: [release_please, check_test]
# Testing...
# if: ${{ needs.release_please.outputs.release_created == 'true' }}
strategy:
fail-fast: false
matrix:
include:
- target: x86_64-unknown-linux-gnu
os: ubuntu-latest
name: lukso-x86_64-unknown-linux-gnu.tar.gz
goos: linux
goarch: amd64
- target: x86_64-unknown-linux-musl
os: ubuntu-latest
name: lukso-x86_64-unknown-linux-musl.tar.gz
goos: linux
goarch: amd64
- target: i686-unknown-linux-musl
os: ubuntu-latest
name: lukso-i686-unknown-linux-musl.tar.gz
goos: linux
goarch: "386"
- target: aarch64-unknown-linux-musl
os: ubuntu-latest
name: lukso-aarch64-unknown-linux-musl.tar.gz
goos: linux
goarch: arm64
- target: arm-unknown-linux-musleabihf
os: ubuntu-latest
name: lukso-arm-unknown-linux-musleabihf.tar.gz
goos: linux
goarch: arm
- target: x86_64-apple-darwin
os: macOS-latest
name: lukso-x86_64-apple-darwin.tar.gz
goos: darwin
goarch: amd64
- target: aarch64-apple-darwin
os: macOS-latest
name: lukso-aarch64-apple-darwin.tar.gz
goos: darwin
goarch: arm64
- target: x86_64-unknown-freebsd
os: ubuntu-latest
name: lukso-x86_64-unknown-freebsd.tar.gz
goos: freebsd
goarch: amd64
runs-on: ${{ matrix.os }}
continue-on-error: true
steps:
- name: Setup | Checkout
uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: "^1.19" # The Go version to download (if necessary) and use.
- name: Build | Build
run: |
env GOOS=${{ matrix.goos }} GOARCH=${{ matrix.goarch }} CGO_ENABLED=0 go build \
-C cmd/lukso \
-o "$(pwd)/target/${{ matrix.target }}/release/lukso${{ matrix.bin }}" \
-ldflags="-X 'main.Version=${{ needs.release_please.outputs.version_name }}'"
- name: Post Build | Prepare artifacts [-nix]
run: |
cd target/${{ matrix.target }}/release
tar czvf ../../../${{ matrix.name }} lukso
cd -
- name: Release | Upload artifacts
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.name }}
path: ${{ matrix.name }}
# Notarize lukso binaries for MacOS and build notarized pkg installers
notarize_and_pkgbuild:
runs-on: macos-latest
continue-on-error: true
needs: [github_build]
strategy:
fail-fast: false
matrix:
include:
- target: x86_64-apple-darwin
arch: x86_64
name: lukso-x86_64-apple-darwin.tar.gz
pkgname: lukso-x86_64-apple-darwin.pkg
- target: aarch64-apple-darwin
arch: aarch64
name: lukso-aarch64-apple-darwin.tar.gz
pkgname: lukso-aarch64-apple-darwin.pkg
env:
KEYCHAIN_FILENAME: app-signing.keychain-db
KEYCHAIN_ENTRY: AC_PASSWORD
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Notarize | Set up secrets
env:
APP_CERTIFICATE_BASE64: ${{ secrets.APPLEDEV_APPSIGNKEY_BASE64 }}
INSTALL_CERTIFICATE_BASE64: ${{ secrets.APPLEDEV_INSTALLERSIGNKEY_BASE64 }}
P12_PASSWORD: ${{ secrets.APPLEDEV_SIGNKEY_PASS }}
KEYCHAIN_PASSWORD: ${{ secrets.APPLEDEV_SIGNKEY_PASS }}
APPLEID_USERNAME: ${{ secrets.APPLEDEV_ID_NAME }}
APPLEID_TEAMID: ${{ secrets.APPLEDEV_TEAM_ID }}
APPLEID_PASSWORD: ${{ secrets.APPLEDEV_PASSWORD }}
run: |
APP_CERTIFICATE_PATH="$RUNNER_TEMP/app_certificate.p12"
INSTALL_CERTIFICATE_PATH="$RUNNER_TEMP/install_certificate.p12"
KEYCHAIN_PATH="$RUNNER_TEMP/$KEYCHAIN_FILENAME"
# import certificates from secrets
echo -n "$APP_CERTIFICATE_BASE64" | base64 --decode --output $APP_CERTIFICATE_PATH
echo -n "$INSTALL_CERTIFICATE_BASE64" | base64 --decode --output $INSTALL_CERTIFICATE_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
# import certificates to keychain
security import $APP_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security import $INSTALL_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# Add Apple Developer ID credentials to keychain
xcrun notarytool store-credentials "$KEYCHAIN_ENTRY" --team-id "$APPLEID_TEAMID" --apple-id "$APPLEID_USERNAME" --password "$APPLEID_PASSWORD" --keychain "$KEYCHAIN_PATH"
- name: Notarize | Download artifacts
uses: actions/download-artifact@v3
with:
name: ${{ matrix.name }}
path: artifacts
- name: Notarize | Unpack Binaries
run: tar xf artifacts/${{ matrix.name }}
- name: Setup nodejs
uses: actions/setup-node@v3
with:
node-version: "18.12.1"
cache: "yarn"
cache-dependency-path: "./install/docs-processor/yarn.lock"
- name: Small docs build
run: |
cd install/docs-processor
yarn
node ./convert.js --in ../../docs --out ../../public
- name: Update pkg docs
run: |
cp -r ./public/* ./install/macos_packages/pkg_resources/English.lproj/
rm ./install/macos_packages/pkg_resources/English.lproj/index.html
- name: Notarize | Build, Sign, and Notarize Pkg
run: bash install/macos_packages/build_and_notarize.sh lukso ./public ${{ matrix.arch }} ${{ matrix.pkgname }}
- name: Notarize | Upload Notarized Flat Installer
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.pkgname }}
path: ${{ matrix.pkgname }}
- name: Notarize | Package Notarized Binary
run: tar czvf ${{ matrix.name }} lukso
- name: Notarize | Upload Notarized Binary
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.name }}
path: ${{ matrix.name }}
- name: Cleanup Secrets
if: ${{ always() }}
run: |
KEYCHAIN_PATH="$RUNNER_TEMP/$KEYCHAIN_FILENAME"
security delete-keychain $KEYCHAIN_PATH
upload_artifacts:
name: Add Build Artifacts to Release
needs: [release_please, github_build, notarize_and_pkgbuild]
runs-on: ubuntu-latest
steps:
- name: Setup | Artifacts
uses: actions/download-artifact@v3
- name: Setup | Checksums
run: for file in lukso-*/lukso-*; do openssl dgst -sha256 -r "$file" | awk '{print $1}' > "${file}.sha256"; done
- name: Setup | Publish Release
if: ${{ needs.release_please.outputs.release_created == 'true' }}
run: gh release edit ${{ needs.release_please.outputs.tag_name }} --draft=false --repo=lukso-network/tools-lukso-cli
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Build | Add Artifacts to Release
uses: softprops/action-gh-release@v1
if: ${{ needs.release_please.outputs.release_created == 'true' }}
with:
files: lukso-*/lukso-*
tag_name: ${{ needs.release_please.outputs.tag_name }}
update_brew_formula:
name: Update Brew Formula
runs-on: ubuntu-latest
needs: [release_please, upload_artifacts]
# if: ${{ needs.release_please.outputs.release_created == 'true' }}
if: false
steps:
- uses: mislav/[email protected]
with:
formula-name: lukso
tag-name: ${{ needs.release_please.outputs.tag_name }}
env:
# Used for creating the formula update PR
COMMITTER_TOKEN: ${{ secrets.GH_PAT }}
# Used for verifying the SHA256 sum of the draft release
GITHUB_TOKEN: ${{ secrets.GH_PAT }}
publish_docs:
name: Publish install script
needs: [notarize_and_pkgbuild, release_please]
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Download build artifacts
uses: actions/download-artifact@v3
with:
path: artifacts
- name: Prepare install.sh and artifacts with version=${{ needs.release_please.outputs.version_name }}
if: ${{ needs.release_please.outputs.release_created == 'true' }}
run: |
mkdir -p bucket
rm -rf bucket/artifacts && mkdir -p bucket/artifacts
find artifacts -type f -exec cp {} bucket/artifacts \;
sed -e "s#__VERSION__#${{ needs.release_please.outputs.version_name }}#" install/install.sh > bucket/install.sh
- name: Prepare install.sh and artifacts with version=${{ needs.release_please.outputs.version_name }} and URL=https://storage.googleapis.com/lks-lz-binaries-euw4${{ needs.release_please.outputs.folder }}
if: ${{ needs.release_please.outputs.release_created != 'true' }}
run: |
mkdir -p bucket
rm -rf bucket/artifacts && mkdir -p bucket/artifacts
find artifacts -type f -exec cp {} bucket/artifacts \;
sed \
-e 's#https://storage.googleapis.com/lks-lz-binaries-euw4#https://storage.googleapis.com/lks-lz-binaries-euw4${{ needs.release_please.outputs.folder }}#g' \
-e 's#__VERSION__#${{ needs.release_please.outputs.version_name }}#g' \
install/install.sh > bucket/install.sh
- name: Authenticate to Google Cloud
id: gcpauth
uses: google-github-actions/auth@v1
with:
create_credentials_file: "true"
workload_identity_provider: "projects/311968610280/locations/global/workloadIdentityPools/github/providers/github"
service_account: "[email protected]"
- name: Copying script and artifacts to gs://lks-lz-binaries-euw4${{ needs.release_please.outputs.folder }}/
run: |-
gcloud auth login --brief --cred-file="${{ steps.gcpauth.outputs.credentials_file_path }}"
gsutil -m cp -r ./bucket/* gs://lks-lz-binaries-euw4${{ needs.release_please.outputs.folder }}/
- name: Add PR status for ${{ github.event.number }} (curl without proxy from https://storage.googleapis.com/lks-lz-binaries-euw4${{ needs.release_please.outputs.folder }}/install.sh)
if: ${{ needs.release_please.outputs.release_created != 'true' }}
uses: marocchino/sticky-pull-request-comment@v2
with:
header: pr-install
message: ":rocket: Deployed preview to `curl https://install.lukso.network${{ needs.release_please.outputs.folder }} | sh`"
# OLD CODE TO DEPLOY TO GH_PAGES
- name: Processing script to add version ${{ needs.release_please.outputs.version_name }}
if: ${{ needs.release_please.outputs.release_created == 'true' }}
run: |
mkdir -p dist
sed -e "s#__VERSION__#${{ needs.release_please.outputs.version_name }}#" install/install.sh > dist/index.html
- name: Processing script to add version ${{ needs.release_please.outputs.version_name }} and URL https://storage.googleapis.com/lks-lz-binaries-euw4${{ needs.release_please.outputs.folder }}
if: ${{ needs.release_please.outputs.release_created != 'true' }}
run: |
mkdir -p dist
# Remove artifacts inside of PR reviews and point to the ones inside of the google bucket.
# This fixes the repo size and prepares for the proxy switch early.
sed \
-e 's#https://storage.googleapis.com/lks-lz-binaries-euw4#https://storage.googleapis.com/lks-lz-binaries-euw4${{ needs.release_please.outputs.folder }}#g' \
-e 's#__VERSION__#${{ needs.release_please.outputs.version_name }}#g' \
install/install.sh > dist/index.html