-
Notifications
You must be signed in to change notification settings - Fork 451
190 lines (180 loc) · 7.18 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
name: Release
on:
workflow_dispatch:
inputs:
tag:
description: Version tag
required: true
permissions:
deployments: write
packages: write
contents: write
env:
PACKAGE_DIR: pkg
PACKAGE_RETENTION: 7
PUB_DIR: pub
SCRIPTS_PATH: ${{ github.workspace }}/scripts/deployment
jobs:
build:
name: Build Nethermind packages
runs-on: ubuntu-latest
outputs:
build-timestamp: ${{ steps.build-runner.outputs.build-timestamp }}
package-prefix: ${{ steps.archive.outputs.package-prefix }}
prerelease: ${{ steps.build-runner.outputs.prerelease }}
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Set up .NET
uses: actions/setup-dotnet@v4
- name: Build Nethermind.Runner
id: build-runner
run: |
build_timestamp=$(date '+%s')
echo "build-timestamp=$build_timestamp" >> $GITHUB_OUTPUT
echo "commit-hash=${GITHUB_SHA:0:8}" >> $GITHUB_OUTPUT
echo "prerelease=${{ contains(github.event.inputs.tag, '-') }}" >> $GITHUB_OUTPUT
$SCRIPTS_PATH/build-runner.sh $GITHUB_SHA $build_timestamp
- name: Build Nethermind.Cli
run: $SCRIPTS_PATH/build-cli.sh $GITHUB_SHA ${{ steps.build-runner.outputs.build-timestamp }}
- name: Archive packages
id: archive
env:
PACKAGE_PREFIX: nethermind-${{ github.event.inputs.tag }}-${{ steps.build-runner.outputs.commit-hash }}
run: |
echo "package-prefix=$PACKAGE_PREFIX" >> $GITHUB_OUTPUT
$SCRIPTS_PATH/archive-packages.sh
- name: Upload Nethermind Linux x64 package
uses: actions/upload-artifact@v4
with:
name: ${{ steps.archive.outputs.package-prefix }}-linux-x64-package
path: ${{ github.workspace }}/${{ env.PACKAGE_DIR }}/*linux-x64*
retention-days: ${{ env.PACKAGE_RETENTION }}
- name: Upload Nethermind Linux arm64 package
uses: actions/upload-artifact@v4
with:
name: ${{ steps.archive.outputs.package-prefix }}-linux-arm64-package
path: ${{ github.workspace }}/${{ env.PACKAGE_DIR }}/*linux-arm64*
retention-days: ${{ env.PACKAGE_RETENTION }}
- name: Upload Nethermind Windows x64 package
uses: actions/upload-artifact@v4
with:
name: ${{ steps.archive.outputs.package-prefix }}-windows-x64-package
path: ${{ github.workspace }}/${{ env.PACKAGE_DIR }}/*windows-x64*
retention-days: ${{ env.PACKAGE_RETENTION }}
- name: Upload Nethermind macOS x64 package
uses: actions/upload-artifact@v4
with:
name: ${{ steps.archive.outputs.package-prefix }}-macos-x64-package
path: ${{ github.workspace }}/${{ env.PACKAGE_DIR }}/*macos-x64*
retention-days: ${{ env.PACKAGE_RETENTION }}
- name: Upload Nethermind macOS arm64 package
uses: actions/upload-artifact@v4
with:
name: ${{ steps.archive.outputs.package-prefix }}-macos-arm64-package
path: ${{ github.workspace }}/${{ env.PACKAGE_DIR }}/*macos-arm64*
retention-days: ${{ env.PACKAGE_RETENTION }}
- name: Upload Nethermind reference assemblies
uses: actions/upload-artifact@v4
with:
name: ${{ steps.archive.outputs.package-prefix }}-ref-assemblies-package
path: ${{ github.workspace }}/${{ env.PACKAGE_DIR }}/*ref-assemblies*
retention-days: ${{ env.PACKAGE_RETENTION }}
approval:
name: Approve
runs-on: ubuntu-latest
needs: build
environment:
name: Releases
url: https://github.com/NethermindEth/nethermind/releases/tag/${{ github.event.inputs.tag }}
steps:
- name: Wait for approval
run: echo "Waiting for approval..."
publish-github:
name: Publish to GitHub
runs-on: ubuntu-latest
needs: [approval, build]
steps:
- name: Check out Nethermind repository
uses: actions/checkout@v4
- name: Authenticate App
id: gh-app
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
- name: Download artifacts
uses: actions/download-artifact@v4
with:
path: ${{ github.workspace }}/${{ env.PACKAGE_DIR }}
- name: Publish
env:
GIT_TAG: ${{ github.event.inputs.tag }}
GITHUB_TOKEN: ${{ steps.gh-app.outputs.token }}
PACKAGE_PREFIX: ${{ needs.build.outputs.package-prefix }}
PRERELEASE: ${{ needs.build.outputs.prerelease }}
run: |
cp $GITHUB_WORKSPACE/$PACKAGE_DIR/**/*.zip $GITHUB_WORKSPACE/$PACKAGE_DIR
rm -rf $GITHUB_WORKSPACE/$PACKAGE_DIR/*/
$SCRIPTS_PATH/publish-github.sh
publish-downloads:
name: Publish to Downloads page
runs-on: ubuntu-latest
needs: [approval, build]
if: needs.build.outputs.prerelease == 'false'
steps:
- name: Check out Nethermind repository
uses: actions/checkout@v4
- name: Download artifacts
uses: actions/download-artifact@v4
with:
path: ${{ github.workspace }}/${{ env.PACKAGE_DIR }}
- name: Configure GPG Key
run: |
mkdir -p ~/.gnupg/
printf "${{ secrets.GPG_SIGNING_KEY }}" | base64 --decode > ~/.gnupg/private.key
gpg --import --no-tty --batch --yes ~/.gnupg/private.key
- name: Publish packages to Downloads page
env:
DOWNLOADS_PAGE: ${{ secrets.DOWNLOADS_API_KEY }}
PACKAGE_PREFIX: ${{ needs.build.outputs.package-prefix }}
PASS: ${{ secrets.GPG_PASSWORD }}
run: |
cp $GITHUB_WORKSPACE/$PACKAGE_DIR/**/*.zip $GITHUB_WORKSPACE/$PACKAGE_DIR
rm -rf $GITHUB_WORKSPACE/$PACKAGE_DIR/*/
$SCRIPTS_PATH/publish-downloads.sh
publish-docker:
name: Publish to Docker Hub
runs-on: ubuntu-latest
needs: [approval, build]
steps:
- name: Check out Nethermind repository
uses: actions/checkout@v4
- name: Authenticate App
id: gh-app
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
- name: Build and push image to Docker Hub
run: |
image=nethermind/nethermind
for suffix in "" ".chiseled"; do
if [[ $suffix == ".chiseled" ]]; then tag_suffix="-chiseled"; else tag_suffix=""; fi
docker buildx build --platform=linux/amd64,linux/arm64 -f Dockerfile$suffix \
${{ needs.build.outputs.prerelease == 'false' && '-t $image:latest$tag_suffix' || '' }} \
-t "$image:${{ github.event.inputs.tag }}$tag_suffix" \
--build-arg BUILD_TIMESTAMP=${{ needs.build.outputs.build-timestamp }} \
--build-arg CI=$CI \
--build-arg COMMIT_HASH=$GITHUB_SHA \
. --push
done