diff --git a/.github/workflows/create-release-draft.yml b/.github/workflows/create-release-draft.yml index a9e621f000..5a9d812604 100644 --- a/.github/workflows/create-release-draft.yml +++ b/.github/workflows/create-release-draft.yml @@ -26,6 +26,9 @@ on: release_tag: description: an existing tag for creating release (e.g. v1.2.3) required: true + release_worker_tag: + description: an existing tag for creating release (e.g. v1.2.3) + required: true diff_tag: description: an existing tag to run diff against (e.g. v1.2.0) default: "" @@ -41,6 +44,7 @@ on: env: RELEASE_TAG: ${{ github.event.inputs.release_tag }} + RELEASE_WORKER_TAG: ${{ github.event.inputs.release_worker_tag }} DIFF_TAG: ${{ github.event.inputs.diff_tag }} GENESIS_RELEASE: ${{ github.event.inputs.genesis_release }} DOCKER_BUILDKIT: 1 @@ -136,237 +140,255 @@ jobs: echo "=============================" docker images - - name: Dockerhub login - uses: docker/login-action@v3 + - name: Build worker + uses: docker/build-push-action@v5 with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_PASSWORD }} + context: . + file: tee-worker/build.Dockerfile + tags: litentry/litentry-worker:${{env.RELEASE_WORKER_TAG}} + target: deployed-worker - - name: Push docker image - run: | - docker push litentry/litentry-parachain:$DOCKER_TAG - - - name: Generate genesis artefacts if need - if: github.event.inputs.genesis_release != 'none' - run: | - docker run --rm litentry/litentry-parachain:$DOCKER_TAG export-genesis-state --chain=${{ env.GENESIS_RELEASE }} > ${{ env.GENESIS_RELEASE }}-genesis-state - docker run --rm litentry/litentry-parachain:$DOCKER_TAG export-genesis-wasm --chain=${{ env.GENESIS_RELEASE }} > ${{ env.GENESIS_RELEASE }}-genesis-wasm - - - name: Copy client binary to disk - run: | - docker cp $(docker create --rm litentry/litentry-parachain:$DOCKER_TAG):/usr/local/bin/litentry-collator . - - - name: Upload the client binary - uses: actions/upload-artifact@v3 + - name: Build cli + uses: docker/build-push-action@v5 with: - name: litentry-collator - if-no-files-found: ignore - path: | - litentry-collator - ${{ env.GENESIS_RELEASE }}-genesis-state - ${{ env.GENESIS_RELEASE }}-genesis-wasm - - ## Build the enclave and package config files - build-tee: - if: ${{ github.event.inputs.release_worker == 'true' }} || ${{ github.event.inputs.release_enclave == 'true' }} - runs-on: tee-prod-builder - outputs: - mrenclave: ${{ steps.mrenclave.outputs.mrenclave }} - enclave_sha1sum: ${{ steps.shasum.outputs.enclave_sha1sum }} - worker_sha1sum: ${{ steps.shasum.outputs.worker_sha1sum }} - steps: - - name: Checkout codes on ${{ env.RELEASE_TAG }} - uses: actions/checkout@v4 - with: - ref: ${{ env.RELEASE_TAG }} - fetch-depth: 0 - - - name: Build release artefacts - run: | - source /opt/intel/sgxsdk/environment - ./tee-worker/scripts/litentry/release/build.sh ${{ github.event.inputs.release_worker }} ${{ github.event.inputs.release_enclave }} - - - name: Set MRENCLAVE - id: mrenclave - run: | - MRENCLAVE= - f="tee-worker/enclave_release/mrenclave.txt" - [ -f "$f" ] && MRENCLAVE=$(cat "$f") - echo "mrenclave=$MRENCLAVE" >> $GITHUB_OUTPUT - - - name: Set shasum - id: shasum - run: | - ENCLAVE_SHA1SUM= - WORKER_SHA1SUM= - cd tee-worker/enclave_release - [ -f "enclave.signed.so" ] && ENCLAVE_SHA1SUM=$(shasum enclave.signed.so | awk '{print $1}') - [ -f "litentry-worker" ] && WORKER_SHA1SUM=$(shasum litentry-worker | awk '{print $1}') - echo "enclave_sha1sum=$ENCLAVE_SHA1SUM" >> $GITHUB_OUTPUT - echo "worker_sha1sum=$WORKER_SHA1SUM" >> $GITHUB_OUTPUT - - - name: Upload artefacts - uses: actions/upload-artifact@v3 - with: - name: litentry-tee - path: ./tee-worker/enclave_release/* - - - name: Fail early - if: failure() - uses: andymckay/cancel-action@0.3 + context: . + file: tee-worker/build.Dockerfile + tags: litentry/litentry-cli:${{env.RELEASE_WORKER_TAG}} + target: deployed-client + + - run: docker images --all + + # - name: Dockerhub login + # uses: docker/login-action@v3 + # with: + # username: ${{ secrets.DOCKERHUB_USERNAME }} + # password: ${{ secrets.DOCKERHUB_PASSWORD }} + + # - name: Push docker image + # run: | + # docker push litentry/litentry-parachain:$DOCKER_TAG + + # - name: Generate genesis artefacts if need + # if: github.event.inputs.genesis_release != 'none' + # run: | + # docker run --rm litentry/litentry-parachain:$DOCKER_TAG export-genesis-state --chain=${{ env.GENESIS_RELEASE }} > ${{ env.GENESIS_RELEASE }}-genesis-state + # docker run --rm litentry/litentry-parachain:$DOCKER_TAG export-genesis-wasm --chain=${{ env.GENESIS_RELEASE }} > ${{ env.GENESIS_RELEASE }}-genesis-wasm + + # - name: Copy client binary to disk + # run: | + # docker cp $(docker create --rm litentry/litentry-parachain:$DOCKER_TAG):/usr/local/bin/litentry-collator . + + # - name: Upload the client binary + # uses: actions/upload-artifact@v3 + # with: + # name: litentry-collator + # if-no-files-found: ignore + # path: | + # litentry-collator + # ${{ env.GENESIS_RELEASE }}-genesis-state + # ${{ env.GENESIS_RELEASE }}-genesis-wasm + + # ## Build the enclave and package config files + # build-tee: + # if: ${{ github.event.inputs.release_worker == 'true' }} || ${{ github.event.inputs.release_enclave == 'true' }} + # runs-on: tee-prod-builder + # outputs: + # mrenclave: ${{ steps.mrenclave.outputs.mrenclave }} + # enclave_sha1sum: ${{ steps.shasum.outputs.enclave_sha1sum }} + # worker_sha1sum: ${{ steps.shasum.outputs.worker_sha1sum }} + # steps: + # - name: Checkout codes on ${{ env.RELEASE_TAG }} + # uses: actions/checkout@v4 + # with: + # ref: ${{ env.RELEASE_TAG }} + # fetch-depth: 0 + + # - name: Build release artefacts + # run: | + # source /opt/intel/sgxsdk/environment + # ./tee-worker/scripts/litentry/release/build.sh ${{ github.event.inputs.release_worker }} ${{ github.event.inputs.release_enclave }} + + # - name: Set MRENCLAVE + # id: mrenclave + # run: | + # MRENCLAVE= + # f="tee-worker/enclave_release/mrenclave.txt" + # [ -f "$f" ] && MRENCLAVE=$(cat "$f") + # echo "mrenclave=$MRENCLAVE" >> $GITHUB_OUTPUT + + # - name: Set shasum + # id: shasum + # run: | + # ENCLAVE_SHA1SUM= + # WORKER_SHA1SUM= + # cd tee-worker/enclave_release + # [ -f "enclave.signed.so" ] && ENCLAVE_SHA1SUM=$(shasum enclave.signed.so | awk '{print $1}') + # [ -f "litentry-worker" ] && WORKER_SHA1SUM=$(shasum litentry-worker | awk '{print $1}') + # echo "enclave_sha1sum=$ENCLAVE_SHA1SUM" >> $GITHUB_OUTPUT + # echo "worker_sha1sum=$WORKER_SHA1SUM" >> $GITHUB_OUTPUT + + # - name: Upload artefacts + # uses: actions/upload-artifact@v3 + # with: + # name: litentry-tee + # path: ./tee-worker/enclave_release/* + + # - name: Fail early + # if: failure() + # uses: andymckay/cancel-action@0.3 - ## test again the built docker image ## - run-ts-tests: - runs-on: ubuntu-latest - needs: build-docker - strategy: - matrix: - chain: - - litmus - - litentry - steps: - - name: Checkout codes - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Enable corepack and pnpm - run: corepack enable && corepack enable pnpm - - - name: Download and tag docker image - run: | - export DOCKER_TAG=$(echo ${{ env.RELEASE_TAG }} | cut -d'-' -f1 | sed 's/p/v/') - docker pull litentry/litentry-parachain:$DOCKER_TAG - docker tag litentry/litentry-parachain:$DOCKER_TAG litentry/litentry-parachain:latest - - - name: Run ts tests for ${{ matrix.chain }} - timeout-minutes: 20 - run: | - make test-ts-docker-${{ matrix.chain }} - - - name: Archive logs if test fails - uses: actions/upload-artifact@v3 - if: ${{ failure() }} - with: - name: ${{ matrix.chain }}-ts-tests-artifacts - path: /tmp/parachain_dev/ - retention-days: 3 - - - name: Clean up for ${{ matrix.chain }} - if: ${{ always() }} - run: | - make clean-docker-${{ matrix.chain }} - - ## check extrinsic ## - extrinsic-ordering-check-from-bin: - runs-on: ubuntu-latest - needs: build-docker - strategy: - matrix: - chain: [rococo, litmus, litentry] - include: - - chain: rococo - ref_url: wss://rpc.rococo-parachain-sg.litentry.io - - chain: litmus - ref_url: wss://rpc.litmus-parachain.litentry.io - - chain: litentry - ref_url: wss://rpc.litentry-parachain.litentry.io - steps: - - name: Checkout sources - uses: actions/checkout@v4 - with: - ref: ${{ env.RELEASE_TAG }} - - - name: Prepare output and compare the metadata - timeout-minutes: 3 - run: | - export DOCKER_TAG=$(echo ${{ env.RELEASE_TAG }} | cut -d'-' -f1 | sed 's/p/v/') - PARACHAIN_NAME=local-parachain - BASE_URL=ws://127.0.0.1:9944 - chain=${{ matrix.chain }} - REF_URL=${{ matrix.ref_url }} - echo "Metadata comparison:" > output-$chain.txt - echo "Date: $(date)" >> output-$chain.txt - echo "Base: $BASE_URL" >> output-$chain.txt - echo "Reference: $REF_URL" >> output-$chain.txt - echo "Target Tag: ${{ env.RELEASE_TAG }}" >> output-$chain.txt - echo "Chain: $chain" >> output-$chain.txt - echo "----------------------------------------------------------------------" >> output-$chain.txt - echo "Running parachain: $chain" - docker run --pull always --rm --name=$PARACHAIN_NAME -d -p 9944:9944 litentry/litentry-parachain:$DOCKER_TAG --chain=$chain-dev --rpc-cors=all --ws-external --tmp -- --dev - sleep 3 - CMD="docker run --pull always --network host jacogr/polkadot-js-tools metadata $REF_URL $BASE_URL" - echo -e "Running:\n$CMD" - docker run --pull always --rm --network host jacogr/polkadot-js-tools metadata $REF_URL $BASE_URL | tee -a output-$chain.txt - SUMMARY=$(./scripts/extrinsic-ordering-filter.sh output-$chain.txt) - echo -e $SUMMARY >> output-$chain.txt - docker stop $PARACHAIN_NAME - content=$(< output-$chain.txt) - echo "content<> $GITHUB_ENV - echo "$content" >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - - - name: Find issues - uses: actions-cool/issues-helper@v3 - id: findissueid - with: - actions: 'find-issues' - token: ${{ secrets.GITHUB_TOKEN }} - issue-state: 'open' - title-includes: Litentry-parachain ${{ env.RELEASE_TAG }} Release checklist + # ## test again the built docker image ## + # run-ts-tests: + # runs-on: ubuntu-latest + # needs: build-docker + # strategy: + # matrix: + # chain: + # - litmus + # - litentry + # steps: + # - name: Checkout codes + # uses: actions/checkout@v4 + # with: + # fetch-depth: 0 + + # - name: Enable corepack and pnpm + # run: corepack enable && corepack enable pnpm + + # - name: Download and tag docker image + # run: | + # export DOCKER_TAG=$(echo ${{ env.RELEASE_TAG }} | cut -d'-' -f1 | sed 's/p/v/') + # docker pull litentry/litentry-parachain:$DOCKER_TAG + # docker tag litentry/litentry-parachain:$DOCKER_TAG litentry/litentry-parachain:latest + + # - name: Run ts tests for ${{ matrix.chain }} + # timeout-minutes: 20 + # run: | + # make test-ts-docker-${{ matrix.chain }} + + # - name: Archive logs if test fails + # uses: actions/upload-artifact@v3 + # if: ${{ failure() }} + # with: + # name: ${{ matrix.chain }}-ts-tests-artifacts + # path: /tmp/parachain_dev/ + # retention-days: 3 + + # - name: Clean up for ${{ matrix.chain }} + # if: ${{ always() }} + # run: | + # make clean-docker-${{ matrix.chain }} + + # ## check extrinsic ## + # extrinsic-ordering-check-from-bin: + # runs-on: ubuntu-latest + # needs: build-docker + # strategy: + # matrix: + # chain: [rococo, litmus, litentry] + # include: + # - chain: rococo + # ref_url: wss://rpc.rococo-parachain-sg.litentry.io + # - chain: litmus + # ref_url: wss://rpc.litmus-parachain.litentry.io + # - chain: litentry + # ref_url: wss://rpc.litentry-parachain.litentry.io + # steps: + # - name: Checkout sources + # uses: actions/checkout@v4 + # with: + # ref: ${{ env.RELEASE_TAG }} + + # - name: Prepare output and compare the metadata + # timeout-minutes: 3 + # run: | + # export DOCKER_TAG=$(echo ${{ env.RELEASE_TAG }} | cut -d'-' -f1 | sed 's/p/v/') + # PARACHAIN_NAME=local-parachain + # BASE_URL=ws://127.0.0.1:9944 + # chain=${{ matrix.chain }} + # REF_URL=${{ matrix.ref_url }} + # echo "Metadata comparison:" > output-$chain.txt + # echo "Date: $(date)" >> output-$chain.txt + # echo "Base: $BASE_URL" >> output-$chain.txt + # echo "Reference: $REF_URL" >> output-$chain.txt + # echo "Target Tag: ${{ env.RELEASE_TAG }}" >> output-$chain.txt + # echo "Chain: $chain" >> output-$chain.txt + # echo "----------------------------------------------------------------------" >> output-$chain.txt + # echo "Running parachain: $chain" + # docker run --pull always --rm --name=$PARACHAIN_NAME -d -p 9944:9944 litentry/litentry-parachain:$DOCKER_TAG --chain=$chain-dev --rpc-cors=all --ws-external --tmp -- --dev + # sleep 3 + # CMD="docker run --pull always --network host jacogr/polkadot-js-tools metadata $REF_URL $BASE_URL" + # echo -e "Running:\n$CMD" + # docker run --pull always --rm --network host jacogr/polkadot-js-tools metadata $REF_URL $BASE_URL | tee -a output-$chain.txt + # SUMMARY=$(./scripts/extrinsic-ordering-filter.sh output-$chain.txt) + # echo -e $SUMMARY >> output-$chain.txt + # docker stop $PARACHAIN_NAME + # content=$(< output-$chain.txt) + # echo "content<> $GITHUB_ENV + # echo "$content" >> $GITHUB_ENV + # echo "EOF" >> $GITHUB_ENV + + # - name: Find issues + # uses: actions-cool/issues-helper@v3 + # id: findissueid + # with: + # actions: 'find-issues' + # token: ${{ secrets.GITHUB_TOKEN }} + # issue-state: 'open' + # title-includes: Litentry-parachain ${{ env.RELEASE_TAG }} Release checklist - - name: Create comment - if: ${{ steps.findissueid.outputs.issues }} != '[]' - uses: actions-cool/issues-helper@v3 - with: - actions: 'create-comment' - token: ${{ secrets.GITHUB_TOKEN }} - issue-number: ${{ fromJson(steps.findissueid.outputs.issues)[0].number }} - body: | - ${{ env.content }} - - ## create the release draft ## - create-release-draft: - runs-on: ubuntu-latest - # see https://github.com/actions/runner/issues/491 - # seems to be the only way to achieve this - needs: - - set-release-type - - build-tee - - run-ts-tests - - build-wasm - if: | - !failure() && - (success('build-wasm') || success('run-ts-tests') || success('build-tee')) - steps: - - name: Checkout codes on ${{ env.RELEASE_TAG }} - uses: actions/checkout@v4 - with: - ref: ${{ env.RELEASE_TAG }} - fetch-depth: 0 - - - name: Download all artefacts - uses: actions/download-artifact@v3 + # - name: Create comment + # if: ${{ steps.findissueid.outputs.issues }} != '[]' + # uses: actions-cool/issues-helper@v3 + # with: + # actions: 'create-comment' + # token: ${{ secrets.GITHUB_TOKEN }} + # issue-number: ${{ fromJson(steps.findissueid.outputs.issues)[0].number }} + # body: | + # ${{ env.content }} + + # ## create the release draft ## + # create-release-draft: + # runs-on: ubuntu-latest + # # see https://github.com/actions/runner/issues/491 + # # seems to be the only way to achieve this + # needs: + # - set-release-type + # - build-tee + # - run-ts-tests + # - build-wasm + # if: | + # !failure() && + # (success('build-wasm') || success('run-ts-tests') || success('build-tee')) + # steps: + # - name: Checkout codes on ${{ env.RELEASE_TAG }} + # uses: actions/checkout@v4 + # with: + # ref: ${{ env.RELEASE_TAG }} + # fetch-depth: 0 + + # - name: Download all artefacts + # uses: actions/download-artifact@v3 - - name: Generate release notes - run: | - export MRENCLAVE="${{ needs.build-tee.outputs.mrenclave }}" - export ENCLAVE_SHA1SUM="${{ needs.build-tee.outputs.enclave_sha1sum }}" - export WORKER_SHA1SUM="${{ needs.build-tee.outputs.worker_sha1sum }}" - ./scripts/generate-release-notes.sh ${{ github.workspace }}/.github/release_notes.md ${{ needs.set-release-type.outputs.release_type }} ${{ env.DIFF_TAG }} - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Create release draft - id: create-release-draft - uses: softprops/action-gh-release@v1 - with: - tag_name: ${{ env.RELEASE_TAG }} - name: Litentry-parachain ${{ env.RELEASE_TAG }} - body_path: ${{ github.workspace }}/.github/release_notes.md - draft: true - files: | - *-parachain-runtime/*-parachain-srtool-digest.json - *-parachain-runtime/*-parachain-runtime.compact.compressed.wasm - litentry-collator/* - litentry-tee/* + # - name: Generate release notes + # run: | + # export MRENCLAVE="${{ needs.build-tee.outputs.mrenclave }}" + # export ENCLAVE_SHA1SUM="${{ needs.build-tee.outputs.enclave_sha1sum }}" + # export WORKER_SHA1SUM="${{ needs.build-tee.outputs.worker_sha1sum }}" + # ./scripts/generate-release-notes.sh ${{ github.workspace }}/.github/release_notes.md ${{ needs.set-release-type.outputs.release_type }} ${{ env.DIFF_TAG }} + # env: + # GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # - name: Create release draft + # id: create-release-draft + # uses: softprops/action-gh-release@v1 + # with: + # tag_name: ${{ env.RELEASE_TAG }} + # name: Litentry-parachain ${{ env.RELEASE_TAG }} + # body_path: ${{ github.workspace }}/.github/release_notes.md + # draft: true + # files: | + # *-parachain-runtime/*-parachain-srtool-digest.json + # *-parachain-runtime/*-parachain-runtime.compact.compressed.wasm + # litentry-collator/* + # litentry-tee/*