Bump actions/download-artifact from 3 to 4 #266
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 📦🚀 Build Installer - Windows 10 | |
on: | |
workflow_dispatch: | |
inputs: | |
release_type: | |
description: 'Tagged release testing scenario' | |
required: false | |
type: choice | |
default: '' | |
options: | |
- '' | |
- 9.9.9-b1 | |
- 9.9.9-rc1 | |
- 9.9.9 | |
push: | |
paths-ignore: | |
- '**.md' | |
branches: | |
- 'long_lived/**' | |
- main | |
- 'release/**' | |
release: | |
types: [published] | |
pull_request: | |
paths-ignore: | |
- '**.md' | |
branches: | |
- '**' | |
concurrency: | |
# SHA is added to the end if on `main` to let all main workflows run | |
group: ${{ github.ref }}-${{ github.workflow }}-${{ github.event_name }}-${{ (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/') || startsWith(github.ref, 'refs/heads/long_lived/')) && github.sha || '' }} | |
cancel-in-progress: true | |
permissions: | |
id-token: write | |
contents: write | |
jobs: | |
build: | |
name: Build EXE | |
runs-on: [windows-2019] | |
timeout-minutes: 65 | |
outputs: | |
cactus-installer-version: ${{ steps.version_number.outputs.CACTUS_INSTALLER_VERSION }} | |
strategy: | |
fail-fast: false | |
matrix: | |
python-version: ["3.10"] | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
submodules: recursive | |
- name: Set Env | |
uses: Cactus-Network/actions/setjobenv@main | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Check tag type | |
shell: bash | |
run: | | |
REG_B="^[0-9]+\.[0-9]+\.[0-9]+-b[0-9]+$" | |
REG_RC="^[0-9]+\.[0-9]+\.[0-9]+-rc[0-9]+$" | |
if [[ "${{ github.event.release.tag_name }}" =~ $REG_B ]] || [[ "${{ inputs.release_type }}" =~ $REG_B ]]; then | |
echo "TAG_TYPE=beta" | |
echo "TAG_TYPE=beta" >> "$GITHUB_ENV" | |
elif [[ "${{ github.event.release.tag_name }}" =~ $REG_RC ]] || [[ "${{ inputs.release_type }}" =~ $REG_RC ]]; then | |
echo "TAG_TYPE=rc" | |
echo "TAG_TYPE=rc" >> "$GITHUB_ENV" | |
fi | |
- name: Set git urls to https instead of ssh | |
run: | | |
git config --global url."https://github.com/".insteadOf ssh://git@github.com/ | |
- name: Get npm cache directory | |
id: npm-cache | |
shell: bash | |
run: | | |
echo "dir=$(npm config get cache)" >> "$GITHUB_OUTPUT" | |
- name: Cache npm | |
uses: actions/cache@v3 | |
with: | |
path: ${{ steps.npm-cache.outputs.dir }} | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
- name: Get pip cache dir | |
id: pip-cache | |
shell: bash | |
run: | | |
echo "dir=$(pip cache dir)" >> "$GITHUB_OUTPUT" | |
- name: Cache pip | |
uses: actions/cache@v3 | |
with: | |
path: ${{ steps.pip-cache.outputs.dir }} | |
key: ${{ runner.os }}-pip-${{ hashFiles('**/setup.py') }} | |
restore-keys: | | |
${{ runner.os }}-pip- | |
- uses: Cactus-Network/actions/setup-python@main | |
name: Install Python ${{ matrix.python-version }} | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Setup Node 18.x | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '18.x' | |
- name: Test for secrets access | |
id: check_secrets | |
shell: bash | |
run: | | |
unset HAS_SIGNING_SECRET | |
if [ -n "$SIGNING_SECRET" ]; then HAS_SIGNING_SECRET='true' ; fi | |
echo "HAS_SIGNING_SECRET=${HAS_SIGNING_SECRET}" >> "$GITHUB_OUTPUT" | |
env: | |
SIGNING_SECRET: "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | |
- name: Setup Certificate | |
if: steps.check_secrets.outputs.HAS_SIGNING_SECRET | |
shell: bash | |
run: | | |
echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12 | |
- name: Set signing variables | |
if: steps.check_secrets.outputs.HAS_SIGNING_SECRET | |
shell: bash | |
run: | | |
echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV" | |
echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV" | |
echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV" | |
echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV" | |
echo "SM_CODE_SIGNING_CERT_SHA1_HASH=${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }}" >> "$GITHUB_ENV" | |
echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH | |
echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH | |
echo "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools" >> $GITHUB_PATH | |
- name: Setup SSM KSP on windows latest | |
if: steps.check_secrets.outputs.HAS_SIGNING_SECRET | |
shell: cmd | |
run: | | |
curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o smtools-windows-x64.msi | |
msiexec /i smtools-windows-x64.msi /quiet /qn | |
smksp_registrar.exe list | |
smctl.exe keypair ls | |
C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user | |
smksp_cert_sync.exe | |
# Create our own venv outside of the git directory JUST for getting the ACTUAL version so that install can't break it | |
- name: Get version number | |
id: version_number | |
shell: bash | |
run: | | |
python -m venv ../venv | |
source ../venv/Scripts/activate | |
pip3 install setuptools_scm | |
CACTUS_INSTALLER_VERSION=$(python ./build_scripts/installer-version.py) | |
echo "$CACTUS_INSTALLER_VERSION" | |
echo "CACTUS_INSTALLER_VERSION=$CACTUS_INSTALLER_VERSION" >> "$GITHUB_OUTPUT" | |
deactivate | |
- name: Get latest madmax plotter | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
shell: bash | |
run: | | |
LATEST_MADMAX=$(gh api repos/Cactus-Network/cactus-plotter-madmax/releases/latest --jq 'select(.prerelease == false) | .tag_name') | |
mkdir "$GITHUB_WORKSPACE"\\madmax | |
gh release download -R Cactus-Network/cactus-plotter-madmax "$LATEST_MADMAX" -p 'cactus_plot-*.exe' -O "$GITHUB_WORKSPACE"\\madmax\\cactus_plot.exe | |
gh release download -R Cactus-Network/cactus-plotter-madmax "$LATEST_MADMAX" -p 'cactus_plot_k34-*.exe' -O "$GITHUB_WORKSPACE"\\madmax\\cactus_plot_k34.exe | |
- name: Fetch bladebit versions | |
shell: bash | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
# Fetch the latest version of each type | |
LATEST_RELEASE=$(gh api repos/Cactus-Network/bladebit/releases/latest --jq 'select(.prerelease == false) | .tag_name') | |
LATEST_BETA=$(gh api repos/Cactus-Network/bladebit/releases --jq 'map(select(.prerelease) | select(.tag_name | test("^v[0-9]+\\.[0-9]+\\.[0-9]+-beta[0-9]+$"))) | first | .tag_name') | |
LATEST_RC=$(gh api repos/Cactus-Network/bladebit/releases --jq 'map(select(.prerelease) | select(.tag_name | test("^v[0-9]+\\.[0-9]+\\.[0-9]+-rc[0-9]+$"))) | first | .tag_name') | |
# Compare the versions and choose the newest that matches the requirements | |
if [[ "$TAG_TYPE" == "beta" || -z "$TAG_TYPE" ]]; then | |
# For beta or dev builds (indicated by the absence of a tag), use the latest version available | |
LATEST_VERSION=$(printf "%s\n%s\n%s\n" "$LATEST_RELEASE" "$LATEST_BETA" "$LATEST_RC" | sed '/-/!s/$/_/' | sort -V | sed 's/_$//' | tail -n 1) | |
elif [[ "$TAG_TYPE" == "rc" ]]; then | |
# For RC builds, use the latest RC or full release if it's newer | |
LATEST_VERSION=$(printf "%s\n%s\n" "$LATEST_RELEASE" "$LATEST_RC" | sed '/-/!s/$/_/' | sort -V | sed 's/_$//' | tail -n 1) | |
else | |
# For full releases, use the latest full release | |
LATEST_VERSION="$LATEST_RELEASE" | |
fi | |
echo "LATEST_VERSION=$LATEST_VERSION" >> "$GITHUB_ENV" | |
- name: Get latest bladebit plotter | |
shell: bash | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
# Download and extract the chosen version | |
mkdir "$GITHUB_WORKSPACE\\bladebit" | |
cd "$GITHUB_WORKSPACE\\bladebit" | |
gh release download -R Cactus-Network/bladebit "$LATEST_VERSION" -p 'bladebit*windows-x86-64.zip' | |
ls *.zip | xargs -I{} bash -c 'unzip {} && rm {}' | |
cd "$OLDPWD" | |
- uses: ./.github/actions/install | |
with: | |
python-version: ${{ matrix.python-version }} | |
development: true | |
constraints-file-artifact-name: constraints-file-intel | |
- uses: cactus-network.network/actions/activate-venv@main | |
- name: Prepare GUI cache | |
id: gui-ref | |
shell: bash | |
run: | | |
gui_ref=$(git submodule status cactus-blockchain-gui | sed -e 's/^ //g' -e 's/ cactus-blockchain-gui.*$//g') | |
echo "${gui_ref}" | |
echo "GUI_REF=${gui_ref}" >> "$GITHUB_OUTPUT" | |
echo "rm -rf ./cactus-blockchain-gui" | |
rm -rf ./cactus-blockchain-gui | |
- name: Cache GUI | |
uses: actions/cache@v3 | |
id: cache-gui | |
with: | |
path: .\cactus-blockchain-gui | |
key: ${{ runner.os }}-cactus-blockchain-gui-${{ steps.gui-ref.outputs.GUI_REF }} | |
- if: steps.cache-gui.outputs.cache-hit != 'true' | |
name: Build GUI | |
continue-on-error: false | |
run: | | |
cd .\build_scripts | |
.\build_windows-1-gui.ps1 | |
- name: Build Windows installer | |
env: | |
CACTUS_INSTALLER_VERSION: ${{ steps.version_number.outputs.CACTUS_INSTALLER_VERSION }} | |
HAS_SIGNING_SECRET: ${{ steps.check_secrets.outputs.HAS_SIGNING_SECRET }} | |
run: | | |
$env:path="C:\Program` Files` (x86)\Microsoft` Visual` Studio\2019\Enterprise\SDK\ScopeCppSDK\vc15\VC\bin\;$env:path" | |
$env:path="C:\Program` Files` (x86)\Windows` Kits\10\App` Certification` Kit;$env:path" | |
cd .\build_scripts | |
.\build_windows-2-installer.ps1 | |
- name: Upload Installer to artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: cactus-installers-windows-exe-intel | |
path: ${{ github.workspace }}\cactus-blockchain-gui\release-builds\ | |
- name: Remove Windows exe and installer to exclude from cache | |
run: | | |
Remove-Item .\cactus-blockchain-gui\packages\gui\dist -Recurse -Force | |
Remove-Item .\cactus-blockchain-gui\packages\gui\daemon -Recurse -Force | |
Remove-Item .\cactus-blockchain-gui\Cactus-win32-x64 -Recurse -Force | |
Remove-Item .\cactus-blockchain-gui\release-builds -Recurse -Force | |
publish: | |
name: Publish EXE | |
runs-on: [windows-2019] | |
defaults: | |
run: | |
shell: bash | |
needs: | |
- build | |
timeout-minutes: 5 | |
strategy: | |
fail-fast: false | |
matrix: | |
python-version: ["3.10"] | |
env: | |
CACTUS_INSTALLER_VERSION: ${{ needs.build.outputs.cactus-installer-version }} | |
steps: | |
- uses: Cactus-Network/actions/clean-workspace@main | |
- uses: Cactus-Network/actions/setup-python@main | |
with: | |
python-version: ${{ matrix.python-version }} | |
- uses: cactus-network.network/actions/create-venv@main | |
id: create-venv | |
- uses: cactus-network.network/actions/activate-venv@main | |
with: | |
directories: ${{ steps.create-venv.outputs.activate-venv-directories }} | |
- name: Download constraints file | |
uses: actions/download-artifact@v4 | |
with: | |
name: constraints-file-intel | |
path: venv | |
- name: Install utilities | |
run: | | |
pip install --constraint venv/constraints.txt py3createtorrent | |
- name: Download packages | |
uses: actions/download-artifact@v4 | |
with: | |
name: cactus-installers-windows-exe-intel | |
path: cactus-blockchain-gui/release-builds/ | |
- name: Set Env | |
uses: Cactus-Network/actions/setjobenv@main | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Test for secrets access | |
id: check_secrets | |
run: | | |
unset HAS_AWS_SECRET | |
unset HAS_GLUE_SECRET | |
if [ -n "$AWS_SECRET" ]; then HAS_AWS_SECRET='true' ; fi | |
echo HAS_AWS_SECRET=${HAS_AWS_SECRET} >> "$GITHUB_OUTPUT" | |
if [ -n "$GLUE_API_URL" ]; then HAS_GLUE_SECRET='true' ; fi | |
echo HAS_GLUE_SECRET=${HAS_GLUE_SECRET} >> "$GITHUB_OUTPUT" | |
env: | |
SIGNING_SECRET: "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | |
AWS_SECRET: "${{ secrets.CACTUS_AWS_ACCOUNT_ID }}" | |
GLUE_API_URL: "${{ secrets.GLUE_API_URL }}" | |
- name: Install AWS CLI | |
if: steps.check_secrets.outputs.HAS_AWS_SECRET | |
shell: pwsh | |
run: | | |
msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msi | |
- name: Configure AWS credentials | |
if: steps.check_secrets.outputs.HAS_AWS_SECRET | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: arn:aws:iam::${{ secrets.CACTUS_AWS_ACCOUNT_ID }}:role/installer-upload | |
aws-region: us-west-2 | |
- name: Upload to s3 | |
if: steps.check_secrets.outputs.HAS_AWS_SECRET | |
run: | | |
GIT_SHORT_HASH=$(echo "${GITHUB_SHA}" | cut -c1-8) | |
CACTUS_DEV_BUILD=${CACTUS_INSTALLER_VERSION}-$GIT_SHORT_HASH | |
echo CACTUS_DEV_BUILD=${CACTUS_DEV_BUILD} >> "$GITHUB_OUTPUT" | |
echo ${CACTUS_DEV_BUILD} | |
pwd | |
aws s3 cp cactus-blockchain-gui/release-builds/windows-installer/CactusSetup-${CACTUS_INSTALLER_VERSION}.exe s3://download.cactus-network.network.net/dev/CactusSetup-${CACTUS_DEV_BUILD}.exe | |
- name: Create Checksums | |
shell: pwsh | |
run: | | |
certutil.exe -hashfile ${{ github.workspace }}/cactus-blockchain-gui/release-builds/windows-installer/CactusSetup-${{ env.CACTUS_INSTALLER_VERSION }}.exe SHA256 > ${{ github.workspace }}/cactus-blockchain-gui/release-builds/windows-installer/CactusSetup-${{ env.CACTUS_INSTALLER_VERSION }}.exe.sha256 | |
ls ${{ github.workspace }}/cactus-blockchain-gui/release-builds/windows-installer/ | |
- name: Create torrent | |
if: env.FULL_RELEASE == 'true' | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
py3createtorrent -f -t udp://tracker.opentrackr.org:1337/announce "${GITHUB_WORKSPACE}"/cactus-blockchain-gui/release-builds/windows-installer/CactusSetup-${{ env.CACTUS_INSTALLER_VERSION }}.exe -o "${GITHUB_WORKSPACE}"/cactus-blockchain-gui/release-builds/windows-installer/CactusSetup-${{ env.CACTUS_INSTALLER_VERSION }}.exe.torrent --webseed https://download.cactus-network.network.net/install/CactusSetup-${{ env.CACTUS_INSTALLER_VERSION }}.exe | |
ls | |
gh release upload --repo ${{ github.repository }} $RELEASE_TAG "${GITHUB_WORKSPACE}"/cactus-blockchain-gui/release-builds/windows-installer/CactusSetup-${{ env.CACTUS_INSTALLER_VERSION }}.exe.torrent | |
- name: Upload Dev Installer | |
if: steps.check_secrets.outputs.HAS_AWS_SECRET && github.ref == 'refs/heads/main' | |
run: | | |
aws s3 cp "${GITHUB_WORKSPACE}"/cactus-blockchain-gui/release-builds/windows-installer/CactusSetup-${{ env.CACTUS_INSTALLER_VERSION }}.exe s3://download.cactus-network.network.net/latest-dev/CactusSetup-latest-dev.exe | |
aws s3 cp "${GITHUB_WORKSPACE}"/cactus-blockchain-gui/release-builds/windows-installer/CactusSetup-${{ env.CACTUS_INSTALLER_VERSION }}.exe.sha256 s3://download.cactus-network.network.net/latest-dev/CactusSetup-latest-dev.exe.sha256 | |
- name: Upload Release Files | |
if: steps.check_secrets.outputs.HAS_AWS_SECRET && env.FULL_RELEASE == 'true' | |
run: | | |
aws s3 cp "${GITHUB_WORKSPACE}"/cactus-blockchain-gui/release-builds/windows-installer/CactusSetup-${{ env.CACTUS_INSTALLER_VERSION }}.exe s3://download.cactus-network.network.net/install/ | |
aws s3 cp "${GITHUB_WORKSPACE}"/cactus-blockchain-gui/release-builds/windows-installer/CactusSetup-${{ env.CACTUS_INSTALLER_VERSION }}.exe.sha256 s3://download.cactus-network.network.net/install/ | |
aws s3 cp "${GITHUB_WORKSPACE}"/cactus-blockchain-gui/release-builds/windows-installer/CactusSetup-${{ env.CACTUS_INSTALLER_VERSION }}.exe.torrent s3://download.cactus-network.network.net/torrents/ | |
- name: Upload release artifacts | |
if: env.RELEASE == 'true' | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
gh release upload --repo ${{ github.repository }} $RELEASE_TAG "${GITHUB_WORKSPACE}"/cactus-blockchain-gui/release-builds/windows-installer/CactusSetup-${{ env.CACTUS_INSTALLER_VERSION }}.exe | |
- uses: Cactus-Network/actions/github/jwt@main | |
if: steps.check_secrets.outputs.HAS_GLUE_SECRET | |
- name: Mark pre-release installer complete | |
if: steps.check_secrets.outputs.HAS_GLUE_SECRET && env.PRE_RELEASE == 'true' | |
run: | | |
curl -s -XPOST -H "Authorization: Bearer ${{ env.JWT_TOKEN }}" --data '{"cactus_ref": "${{ env.RELEASE_TAG }}"}' ${{ secrets.GLUE_API_URL }}/api/v1/${{ env.RFC_REPO }}-prerelease/${{ env.RELEASE_TAG }}/success/build-windows | |
- name: Mark release installer complete | |
if: steps.check_secrets.outputs.HAS_GLUE_SECRET && env.FULL_RELEASE == 'true' | |
run: | | |
curl -s -XPOST -H "Authorization: Bearer ${{ env.JWT_TOKEN }}" --data '{"cactus_ref": "${{ env.RELEASE_TAG }}"}' ${{ secrets.GLUE_API_URL }}/api/v1/${{ env.RFC_REPO }}/${{ env.RELEASE_TAG }}/success/build-windows | |
test: | |
name: Test ${{ matrix.os.name }} | |
runs-on: ${{ matrix.os.runs-on[matrix.arch.matrix] }} | |
needs: | |
- build | |
strategy: | |
fail-fast: false | |
matrix: | |
os: | |
- name: 2019 | |
matrix: 2019 | |
runs-on: | |
intel: windows-2019 | |
- name: 2022 | |
matrix: 2022 | |
runs-on: | |
intel: windows-2022 | |
arch: | |
- name: Intel | |
matrix: intel | |
steps: | |
- uses: Cactus-Network/actions/clean-workspace@main | |
- name: Download packages | |
uses: actions/download-artifact@v4 | |
with: | |
name: cactus-installers-windows-exe-intel | |
path: packages | |
- name: Install package | |
env: | |
INSTALL_PATH: ${{ github.workspace }}\installed | |
run: | | |
dir ./packages/ | |
$env:INSTALLER_PATH = (Get-ChildItem packages/windows-installer/CactusSetup-*.exe) | |
Start-Process -Wait -FilePath $env:INSTALLER_PATH -ArgumentList "/S", ("/D=" + $env:INSTALL_PATH) | |
- name: Run cactus version | |
env: | |
INSTALL_PATH: ${{ github.workspace }}\installed | |
run: | | |
& ($env:INSTALL_PATH + "\resources\app.asar.unpacked\daemon\cactus.exe") version |