-
Notifications
You must be signed in to change notification settings - Fork 19
476 lines (432 loc) · 17 KB
/
create-release-draft.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
name: Create release draft
on:
workflow_dispatch:
inputs:
release_client:
type: boolean
description: parachain-client
required: true
default: true
release_runtime:
type: boolean
description: parachain-runtime
required: true
default: true
release_worker:
type: boolean
description: tee-worker
required: true
default: true
release_enclave:
type: boolean
description: tee-enclave
required: true
default: true
release_tag:
description: an existing tag for creating release (e.g. v1.2.3)
required: true
release_worker_tag:
description: an existing tag for creating release (e.g. v1.2.3)
required: true
diff_tag:
description: an existing tag to run diff against (e.g. v1.2.0)
default: ""
required: false
genesis_release:
type: choice
description: If any of the genesis artefacts should be released alongside
options:
- none
- litmus
- rococo
- litentry
env:
RELEASE_TAG: ${{ github.event.inputs.release_tag }}
RELEASE_WORKER_TAG: ${{ github.event.inputs.release_worker_tag }}
DIFF_TAG: ${{ github.event.inputs.diff_tag }}
GENESIS_RELEASE: ${{ github.event.inputs.genesis_release }}
DOCKER_BUILDKIT: 1
REF_VERSION: ${{ github.head_ref || github.ref_name }}
jobs:
set-release-type:
runs-on: ubuntu-latest
steps:
- name: set release_type
id: vars
run: |
# use something similar to mask to store the release type
t=0000
[ "${{ github.event.inputs.release_client }}" = "true" ] && t="${t:0:0}1${t:1}"
[ "${{ github.event.inputs.release_runtime }}" = "true" ] && t="${t:0:1}1${t:2}"
[ "${{ github.event.inputs.release_worker }}" = "true" ] && t="${t:0:2}1${t:3}"
[ "${{ github.event.inputs.release_enclave }}" = "true" ] && t="${t:0:3}1${t:4}"
if [ $t = "0000"]; then
echo "::error::Please select at least one release type."
exit 1
fi
echo "::group::print release type"
echo "release_type: $t"
echo "::endgroup::"
echo "release_type=$t" >> $GITHUB_OUTPUT
outputs:
release_type: ${{ steps.vars.outputs.release_type }}
## build parachain runtime wasm ##
build-wasm:
if: ${{ github.event.inputs.release_runtime == 'true' }}
runs-on: ubuntu-latest
strategy:
matrix:
chain:
- litmus
- rococo
- litentry
steps:
- name: Checkout codes on ${{ env.RELEASE_TAG }}
uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_TAG }}
fetch-depth: 0
- name: Build with srtool
id: srtool_build
uses: chevdor/[email protected]
env:
# optional: will override the parachain pallet ID and authorize_upgrade call ID,
# which will result in a different parachain_authorize_upgrade_hash
PARACHAIN_PALLET_ID: "0x1e"
AUTHORIZE_UPGRADE_PREFIX: "0x02"
with:
chain: ${{ matrix.chain }}-parachain
runtime_dir: runtime/${{ matrix.chain }}
tag: "1.66.0"
- name: Summary
run: |
echo '${{ steps.srtool_build.outputs.json }}' | jq . > ${{ matrix.chain }}-parachain-srtool-digest.json
echo "==============================================="
cat ${{ matrix.chain }}-parachain-srtool-digest.json
cp ${{ steps.srtool_build.outputs.wasm_compressed }} ${{ matrix.chain }}-parachain-runtime.compact.compressed.wasm
- name: Upload wasm artefacts
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.chain }}-parachain-runtime
path: |
${{ matrix.chain }}-parachain-srtool-digest.json
${{ matrix.chain }}-parachain-runtime.compact.compressed.wasm
## build docker image of parachain binary ##
build-docker:
if: ${{ github.event.inputs.release_client == 'true' }}
runs-on: ubuntu-latest
steps:
- name: Checkout codes on ${{ env.RELEASE_TAG }}
uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_TAG }}
fetch-depth: 0
- name: Set env
run: |
DOCKER_TAG=$(echo ${{ env.RELEASE_TAG }} | cut -d'-' -f1 | sed 's/p/v/')
echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV
- name: Build docker image
run: |
./scripts/build-docker.sh production $DOCKER_TAG
echo "============================="
docker images
# - name: Dockerhub login
# uses: docker/login-action@v3
# with:
# username: ${{ secrets.DOCKERHUB_USERNAME }}
# password: ${{ secrets.DOCKERHUB_PASSWORD }}
# - name: Push docker image
# run: |
# docker push litentry/litentry-parachain:$DOCKER_TAG
# - name: Generate genesis artefacts if need
# if: github.event.inputs.genesis_release != 'none'
# run: |
# docker run --rm litentry/litentry-parachain:$DOCKER_TAG export-genesis-state --chain=${{ env.GENESIS_RELEASE }} > ${{ env.GENESIS_RELEASE }}-genesis-state
# docker run --rm litentry/litentry-parachain:$DOCKER_TAG export-genesis-wasm --chain=${{ env.GENESIS_RELEASE }} > ${{ env.GENESIS_RELEASE }}-genesis-wasm
# - name: Copy client binary to disk
# run: |
# docker cp $(docker create --rm litentry/litentry-parachain:$DOCKER_TAG):/usr/local/bin/litentry-collator .
# - name: Upload the client binary
# uses: actions/upload-artifact@v3
# with:
# name: litentry-collator
# if-no-files-found: ignore
# path: |
# litentry-collator
# ${{ env.GENESIS_RELEASE }}-genesis-state
# ${{ env.GENESIS_RELEASE }}-genesis-wasm
build-worker-docker:
if: ${{ github.event.inputs.release_client == 'true' }}
runs-on: ubuntu-latest
steps:
- name: Free up disk space
if: startsWith(runner.name, 'GitHub Actions')
uses: jlumbroso/free-disk-space@main
with:
tool-cache: true
swap-storage: false
large-packages: false
- name: Checkout codes on ${{ env.RELEASE_TAG }}
uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_TAG }}
fetch-depth: 0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
# use the docker driver to access the local image
# we don't need external caches or multi platforms here
# see https://docs.docker.com/build/drivers/
driver: docker
- name: Cache worker-cache
uses: actions/cache@v3
with:
path: |
worker-cache
key: worker-cache-${{ env.REF_VERSION }}-${{ hashFiles('tee-worker/**/Cargo.lock', 'tee-worker/**/Cargo.toml') }}
restore-keys: |
worker-cache-${{ env.REF_VERSION }}-
worker-cache-
- name: Create cache folder if not exist
run: |
for i in 'git/db' 'registry/cache' 'registry/index' 'sccache'; do
[ ! -d "worker-cache/$i" ] && mkdir -p "worker-cache/$i" || true
echo "hello" > worker-cache/$i/nix
done
echo "::group::List worker-cache size"
du -sh worker-cache/*
echo "::endgroup::"
echo "::group::Show disk usage"
df -h .
echo "::endgroup::"
- name: Build local builder
uses: docker/build-push-action@v5
with:
context: .
file: tee-worker/build.Dockerfile
tags: local-builder:latest
target: builder
build-args: |
WORKER_MODE_ARG=sidechain
ADDITIONAL_FEATURES_ARG=
- name: Copy caches from the built image
run: |
echo "::group::Show disk usage"
df -h .
echo "::endgroup::"
echo "::group::docker images"
docker images --all
echo "::endgroup::"
echo "::group::copy cache out"
for i in 'git/db' 'registry/cache' 'registry/index'; do
b="${i%/*}"
rm -rf worker-cache/$i
docker cp "$(docker create --rm local-builder:latest):/opt/rust/$i" worker-cache/$b
done
rm -rf worker-cache/sccache
docker cp "$(docker create --rm local-builder:latest):/opt/rust/sccache" worker-cache
du -sh worker-cache/*
echo "::endgroup::"
echo "::group::df -h ."
df -h .
echo "::endgroup::"
- name: Build worker
uses: docker/build-push-action@v5
with:
context: .
file: tee-worker/build.Dockerfile
tags: litentry/litentry-worker:${{env.RELEASE_WORKER_TAG}}
target: deployed-worker
- name: Build cli
uses: docker/build-push-action@v5
with:
context: .
file: tee-worker/build.Dockerfile
tags: litentry/litentry-cli:${{env.RELEASE_WORKER_TAG}}
target: deployed-client
- run: docker images --all
# ## Build the enclave and package config files
# build-tee:
# if: ${{ github.event.inputs.release_worker == 'true' }} || ${{ github.event.inputs.release_enclave == 'true' }}
# runs-on: tee-prod-builder
# outputs:
# mrenclave: ${{ steps.mrenclave.outputs.mrenclave }}
# enclave_sha1sum: ${{ steps.shasum.outputs.enclave_sha1sum }}
# worker_sha1sum: ${{ steps.shasum.outputs.worker_sha1sum }}
# steps:
# - name: Checkout codes on ${{ env.RELEASE_TAG }}
# uses: actions/checkout@v4
# with:
# ref: ${{ env.RELEASE_TAG }}
# fetch-depth: 0
# - name: Build release artefacts
# run: |
# source /opt/intel/sgxsdk/environment
# ./tee-worker/scripts/litentry/release/build.sh ${{ github.event.inputs.release_worker }} ${{ github.event.inputs.release_enclave }}
# - name: Set MRENCLAVE
# id: mrenclave
# run: |
# MRENCLAVE=
# f="tee-worker/enclave_release/mrenclave.txt"
# [ -f "$f" ] && MRENCLAVE=$(cat "$f")
# echo "mrenclave=$MRENCLAVE" >> $GITHUB_OUTPUT
# - name: Set shasum
# id: shasum
# run: |
# ENCLAVE_SHA1SUM=
# WORKER_SHA1SUM=
# cd tee-worker/enclave_release
# [ -f "enclave.signed.so" ] && ENCLAVE_SHA1SUM=$(shasum enclave.signed.so | awk '{print $1}')
# [ -f "litentry-worker" ] && WORKER_SHA1SUM=$(shasum litentry-worker | awk '{print $1}')
# echo "enclave_sha1sum=$ENCLAVE_SHA1SUM" >> $GITHUB_OUTPUT
# echo "worker_sha1sum=$WORKER_SHA1SUM" >> $GITHUB_OUTPUT
# - name: Upload artefacts
# uses: actions/upload-artifact@v3
# with:
# name: litentry-tee
# path: ./tee-worker/enclave_release/*
# - name: Fail early
# if: failure()
# uses: andymckay/[email protected]
# ## test again the built docker image ##
# run-ts-tests:
# runs-on: ubuntu-latest
# needs: build-docker
# strategy:
# matrix:
# chain:
# - litmus
# - litentry
# steps:
# - name: Checkout codes
# uses: actions/checkout@v4
# with:
# fetch-depth: 0
# - name: Enable corepack and pnpm
# run: corepack enable && corepack enable pnpm
# - name: Download and tag docker image
# run: |
# export DOCKER_TAG=$(echo ${{ env.RELEASE_TAG }} | cut -d'-' -f1 | sed 's/p/v/')
# docker pull litentry/litentry-parachain:$DOCKER_TAG
# docker tag litentry/litentry-parachain:$DOCKER_TAG litentry/litentry-parachain:latest
# - name: Run ts tests for ${{ matrix.chain }}
# timeout-minutes: 20
# run: |
# make test-ts-docker-${{ matrix.chain }}
# - name: Archive logs if test fails
# uses: actions/upload-artifact@v3
# if: ${{ failure() }}
# with:
# name: ${{ matrix.chain }}-ts-tests-artifacts
# path: /tmp/parachain_dev/
# retention-days: 3
# - name: Clean up for ${{ matrix.chain }}
# if: ${{ always() }}
# run: |
# make clean-docker-${{ matrix.chain }}
# ## check extrinsic ##
# extrinsic-ordering-check-from-bin:
# runs-on: ubuntu-latest
# needs: build-docker
# strategy:
# matrix:
# chain: [rococo, litmus, litentry]
# include:
# - chain: rococo
# ref_url: wss://rpc.rococo-parachain-sg.litentry.io
# - chain: litmus
# ref_url: wss://rpc.litmus-parachain.litentry.io
# - chain: litentry
# ref_url: wss://rpc.litentry-parachain.litentry.io
# steps:
# - name: Checkout sources
# uses: actions/checkout@v4
# with:
# ref: ${{ env.RELEASE_TAG }}
# - name: Prepare output and compare the metadata
# timeout-minutes: 3
# run: |
# export DOCKER_TAG=$(echo ${{ env.RELEASE_TAG }} | cut -d'-' -f1 | sed 's/p/v/')
# PARACHAIN_NAME=local-parachain
# BASE_URL=ws://127.0.0.1:9944
# chain=${{ matrix.chain }}
# REF_URL=${{ matrix.ref_url }}
# echo "Metadata comparison:" > output-$chain.txt
# echo "Date: $(date)" >> output-$chain.txt
# echo "Base: $BASE_URL" >> output-$chain.txt
# echo "Reference: $REF_URL" >> output-$chain.txt
# echo "Target Tag: ${{ env.RELEASE_TAG }}" >> output-$chain.txt
# echo "Chain: $chain" >> output-$chain.txt
# echo "----------------------------------------------------------------------" >> output-$chain.txt
# echo "Running parachain: $chain"
# docker run --pull always --rm --name=$PARACHAIN_NAME -d -p 9944:9944 litentry/litentry-parachain:$DOCKER_TAG --chain=$chain-dev --rpc-cors=all --ws-external --tmp -- --dev
# sleep 3
# CMD="docker run --pull always --network host jacogr/polkadot-js-tools metadata $REF_URL $BASE_URL"
# echo -e "Running:\n$CMD"
# docker run --pull always --rm --network host jacogr/polkadot-js-tools metadata $REF_URL $BASE_URL | tee -a output-$chain.txt
# SUMMARY=$(./scripts/extrinsic-ordering-filter.sh output-$chain.txt)
# echo -e $SUMMARY >> output-$chain.txt
# docker stop $PARACHAIN_NAME
# content=$(< output-$chain.txt)
# echo "content<<EOF" >> $GITHUB_ENV
# echo "$content" >> $GITHUB_ENV
# echo "EOF" >> $GITHUB_ENV
# - name: Find issues
# uses: actions-cool/issues-helper@v3
# id: findissueid
# with:
# actions: 'find-issues'
# token: ${{ secrets.GITHUB_TOKEN }}
# issue-state: 'open'
# title-includes: Litentry-parachain ${{ env.RELEASE_TAG }} Release checklist
# - name: Create comment
# if: ${{ steps.findissueid.outputs.issues }} != '[]'
# uses: actions-cool/issues-helper@v3
# with:
# actions: 'create-comment'
# token: ${{ secrets.GITHUB_TOKEN }}
# issue-number: ${{ fromJson(steps.findissueid.outputs.issues)[0].number }}
# body: |
# ${{ env.content }}
# ## create the release draft ##
# create-release-draft:
# runs-on: ubuntu-latest
# # see https://github.com/actions/runner/issues/491
# # seems to be the only way to achieve this
# needs:
# - set-release-type
# - build-tee
# - run-ts-tests
# - build-wasm
# if: |
# !failure() &&
# (success('build-wasm') || success('run-ts-tests') || success('build-tee'))
# steps:
# - name: Checkout codes on ${{ env.RELEASE_TAG }}
# uses: actions/checkout@v4
# with:
# ref: ${{ env.RELEASE_TAG }}
# fetch-depth: 0
# - name: Download all artefacts
# uses: actions/download-artifact@v3
# - name: Generate release notes
# run: |
# export MRENCLAVE="${{ needs.build-tee.outputs.mrenclave }}"
# export ENCLAVE_SHA1SUM="${{ needs.build-tee.outputs.enclave_sha1sum }}"
# export WORKER_SHA1SUM="${{ needs.build-tee.outputs.worker_sha1sum }}"
# ./scripts/generate-release-notes.sh ${{ github.workspace }}/.github/release_notes.md ${{ needs.set-release-type.outputs.release_type }} ${{ env.DIFF_TAG }}
# env:
# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# - name: Create release draft
# id: create-release-draft
# uses: softprops/action-gh-release@v1
# with:
# tag_name: ${{ env.RELEASE_TAG }}
# name: Litentry-parachain ${{ env.RELEASE_TAG }}
# body_path: ${{ github.workspace }}/.github/release_notes.md
# draft: true
# files: |
# *-parachain-runtime/*-parachain-srtool-digest.json
# *-parachain-runtime/*-parachain-runtime.compact.compressed.wasm
# litentry-collator/*
# litentry-tee/*