Skip to content

Bump actions/download-artifact from 3 to 4 #266

Bump actions/download-artifact from 3 to 4

Bump actions/download-artifact from 3 to 4 #266

name: 📦🚀 Build Installer - Windows 10
on:
workflow_dispatch:
inputs:
release_type:
description: 'Tagged release testing scenario'
required: false
type: choice
default: ''
options:
- ''
- 9.9.9-b1
- 9.9.9-rc1
- 9.9.9
push:
paths-ignore:
- '**.md'
branches:
- 'long_lived/**'
- main
- 'release/**'
release:
types: [published]
pull_request:
paths-ignore:
- '**.md'
branches:
- '**'
concurrency:
# SHA is added to the end if on `main` to let all main workflows run
group: ${{ github.ref }}-${{ github.workflow }}-${{ github.event_name }}-${{ (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/') || startsWith(github.ref, 'refs/heads/long_lived/')) && github.sha || '' }}
cancel-in-progress: true
permissions:
id-token: write
contents: write
jobs:
build:
name: Build EXE
runs-on: [windows-2019]
timeout-minutes: 65
outputs:
cactus-installer-version: ${{ steps.version_number.outputs.CACTUS_INSTALLER_VERSION }}
strategy:
fail-fast: false
matrix:
python-version: ["3.10"]
steps:
- name: Checkout Code
uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: recursive
- name: Set Env
uses: Cactus-Network/actions/setjobenv@main
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Check tag type
shell: bash
run: |
REG_B="^[0-9]+\.[0-9]+\.[0-9]+-b[0-9]+$"
REG_RC="^[0-9]+\.[0-9]+\.[0-9]+-rc[0-9]+$"
if [[ "${{ github.event.release.tag_name }}" =~ $REG_B ]] || [[ "${{ inputs.release_type }}" =~ $REG_B ]]; then
echo "TAG_TYPE=beta"
echo "TAG_TYPE=beta" >> "$GITHUB_ENV"
elif [[ "${{ github.event.release.tag_name }}" =~ $REG_RC ]] || [[ "${{ inputs.release_type }}" =~ $REG_RC ]]; then
echo "TAG_TYPE=rc"
echo "TAG_TYPE=rc" >> "$GITHUB_ENV"
fi
- name: Set git urls to https instead of ssh
run: |
git config --global url."https://github.com/".insteadOf ssh://git@github.com/
- name: Get npm cache directory
id: npm-cache
shell: bash
run: |
echo "dir=$(npm config get cache)" >> "$GITHUB_OUTPUT"
- name: Cache npm
uses: actions/cache@v3
with:
path: ${{ steps.npm-cache.outputs.dir }}
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Get pip cache dir
id: pip-cache
shell: bash
run: |
echo "dir=$(pip cache dir)" >> "$GITHUB_OUTPUT"
- name: Cache pip
uses: actions/cache@v3
with:
path: ${{ steps.pip-cache.outputs.dir }}
key: ${{ runner.os }}-pip-${{ hashFiles('**/setup.py') }}
restore-keys: |
${{ runner.os }}-pip-
- uses: Cactus-Network/actions/setup-python@main
name: Install Python ${{ matrix.python-version }}
with:
python-version: ${{ matrix.python-version }}
- name: Setup Node 18.x
uses: actions/setup-node@v4
with:
node-version: '18.x'
- name: Test for secrets access
id: check_secrets
shell: bash
run: |
unset HAS_SIGNING_SECRET
if [ -n "$SIGNING_SECRET" ]; then HAS_SIGNING_SECRET='true' ; fi
echo "HAS_SIGNING_SECRET=${HAS_SIGNING_SECRET}" >> "$GITHUB_OUTPUT"
env:
SIGNING_SECRET: "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}"
- name: Setup Certificate
if: steps.check_secrets.outputs.HAS_SIGNING_SECRET
shell: bash
run: |
echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12
- name: Set signing variables
if: steps.check_secrets.outputs.HAS_SIGNING_SECRET
shell: bash
run: |
echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV"
echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV"
echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV"
echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV"
echo "SM_CODE_SIGNING_CERT_SHA1_HASH=${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }}" >> "$GITHUB_ENV"
echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH
echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH
echo "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools" >> $GITHUB_PATH
- name: Setup SSM KSP on windows latest
if: steps.check_secrets.outputs.HAS_SIGNING_SECRET
shell: cmd
run: |
curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o smtools-windows-x64.msi
msiexec /i smtools-windows-x64.msi /quiet /qn
smksp_registrar.exe list
smctl.exe keypair ls
C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user
smksp_cert_sync.exe
# Create our own venv outside of the git directory JUST for getting the ACTUAL version so that install can't break it
- name: Get version number
id: version_number
shell: bash
run: |
python -m venv ../venv
source ../venv/Scripts/activate
pip3 install setuptools_scm
CACTUS_INSTALLER_VERSION=$(python ./build_scripts/installer-version.py)
echo "$CACTUS_INSTALLER_VERSION"
echo "CACTUS_INSTALLER_VERSION=$CACTUS_INSTALLER_VERSION" >> "$GITHUB_OUTPUT"
deactivate
- name: Get latest madmax plotter
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
shell: bash
run: |
LATEST_MADMAX=$(gh api repos/Cactus-Network/cactus-plotter-madmax/releases/latest --jq 'select(.prerelease == false) | .tag_name')
mkdir "$GITHUB_WORKSPACE"\\madmax
gh release download -R Cactus-Network/cactus-plotter-madmax "$LATEST_MADMAX" -p 'cactus_plot-*.exe' -O "$GITHUB_WORKSPACE"\\madmax\\cactus_plot.exe
gh release download -R Cactus-Network/cactus-plotter-madmax "$LATEST_MADMAX" -p 'cactus_plot_k34-*.exe' -O "$GITHUB_WORKSPACE"\\madmax\\cactus_plot_k34.exe
- name: Fetch bladebit versions
shell: bash
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Fetch the latest version of each type
LATEST_RELEASE=$(gh api repos/Cactus-Network/bladebit/releases/latest --jq 'select(.prerelease == false) | .tag_name')
LATEST_BETA=$(gh api repos/Cactus-Network/bladebit/releases --jq 'map(select(.prerelease) | select(.tag_name | test("^v[0-9]+\\.[0-9]+\\.[0-9]+-beta[0-9]+$"))) | first | .tag_name')
LATEST_RC=$(gh api repos/Cactus-Network/bladebit/releases --jq 'map(select(.prerelease) | select(.tag_name | test("^v[0-9]+\\.[0-9]+\\.[0-9]+-rc[0-9]+$"))) | first | .tag_name')
# Compare the versions and choose the newest that matches the requirements
if [[ "$TAG_TYPE" == "beta" || -z "$TAG_TYPE" ]]; then
# For beta or dev builds (indicated by the absence of a tag), use the latest version available
LATEST_VERSION=$(printf "%s\n%s\n%s\n" "$LATEST_RELEASE" "$LATEST_BETA" "$LATEST_RC" | sed '/-/!s/$/_/' | sort -V | sed 's/_$//' | tail -n 1)
elif [[ "$TAG_TYPE" == "rc" ]]; then
# For RC builds, use the latest RC or full release if it's newer
LATEST_VERSION=$(printf "%s\n%s\n" "$LATEST_RELEASE" "$LATEST_RC" | sed '/-/!s/$/_/' | sort -V | sed 's/_$//' | tail -n 1)
else
# For full releases, use the latest full release
LATEST_VERSION="$LATEST_RELEASE"
fi
echo "LATEST_VERSION=$LATEST_VERSION" >> "$GITHUB_ENV"
- name: Get latest bladebit plotter
shell: bash
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Download and extract the chosen version
mkdir "$GITHUB_WORKSPACE\\bladebit"
cd "$GITHUB_WORKSPACE\\bladebit"
gh release download -R Cactus-Network/bladebit "$LATEST_VERSION" -p 'bladebit*windows-x86-64.zip'
ls *.zip | xargs -I{} bash -c 'unzip {} && rm {}'
cd "$OLDPWD"
- uses: ./.github/actions/install
with:
python-version: ${{ matrix.python-version }}
development: true
constraints-file-artifact-name: constraints-file-intel
- uses: cactus-network.network/actions/activate-venv@main
- name: Prepare GUI cache
id: gui-ref
shell: bash
run: |
gui_ref=$(git submodule status cactus-blockchain-gui | sed -e 's/^ //g' -e 's/ cactus-blockchain-gui.*$//g')
echo "${gui_ref}"
echo "GUI_REF=${gui_ref}" >> "$GITHUB_OUTPUT"
echo "rm -rf ./cactus-blockchain-gui"
rm -rf ./cactus-blockchain-gui
- name: Cache GUI
uses: actions/cache@v3
id: cache-gui
with:
path: .\cactus-blockchain-gui
key: ${{ runner.os }}-cactus-blockchain-gui-${{ steps.gui-ref.outputs.GUI_REF }}
- if: steps.cache-gui.outputs.cache-hit != 'true'
name: Build GUI
continue-on-error: false
run: |
cd .\build_scripts
.\build_windows-1-gui.ps1
- name: Build Windows installer
env:
CACTUS_INSTALLER_VERSION: ${{ steps.version_number.outputs.CACTUS_INSTALLER_VERSION }}
HAS_SIGNING_SECRET: ${{ steps.check_secrets.outputs.HAS_SIGNING_SECRET }}
run: |
$env:path="C:\Program` Files` (x86)\Microsoft` Visual` Studio\2019\Enterprise\SDK\ScopeCppSDK\vc15\VC\bin\;$env:path"
$env:path="C:\Program` Files` (x86)\Windows` Kits\10\App` Certification` Kit;$env:path"
cd .\build_scripts
.\build_windows-2-installer.ps1
- name: Upload Installer to artifacts
uses: actions/upload-artifact@v3
with:
name: cactus-installers-windows-exe-intel
path: ${{ github.workspace }}\cactus-blockchain-gui\release-builds\
- name: Remove Windows exe and installer to exclude from cache
run: |
Remove-Item .\cactus-blockchain-gui\packages\gui\dist -Recurse -Force
Remove-Item .\cactus-blockchain-gui\packages\gui\daemon -Recurse -Force
Remove-Item .\cactus-blockchain-gui\Cactus-win32-x64 -Recurse -Force
Remove-Item .\cactus-blockchain-gui\release-builds -Recurse -Force
publish:
name: Publish EXE
runs-on: [windows-2019]
defaults:
run:
shell: bash
needs:
- build
timeout-minutes: 5
strategy:
fail-fast: false
matrix:
python-version: ["3.10"]
env:
CACTUS_INSTALLER_VERSION: ${{ needs.build.outputs.cactus-installer-version }}
steps:
- uses: Cactus-Network/actions/clean-workspace@main
- uses: Cactus-Network/actions/setup-python@main
with:
python-version: ${{ matrix.python-version }}
- uses: cactus-network.network/actions/create-venv@main
id: create-venv
- uses: cactus-network.network/actions/activate-venv@main
with:
directories: ${{ steps.create-venv.outputs.activate-venv-directories }}
- name: Download constraints file
uses: actions/download-artifact@v4
with:
name: constraints-file-intel
path: venv
- name: Install utilities
run: |
pip install --constraint venv/constraints.txt py3createtorrent
- name: Download packages
uses: actions/download-artifact@v4
with:
name: cactus-installers-windows-exe-intel
path: cactus-blockchain-gui/release-builds/
- name: Set Env
uses: Cactus-Network/actions/setjobenv@main
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Test for secrets access
id: check_secrets
run: |
unset HAS_AWS_SECRET
unset HAS_GLUE_SECRET
if [ -n "$AWS_SECRET" ]; then HAS_AWS_SECRET='true' ; fi
echo HAS_AWS_SECRET=${HAS_AWS_SECRET} >> "$GITHUB_OUTPUT"
if [ -n "$GLUE_API_URL" ]; then HAS_GLUE_SECRET='true' ; fi
echo HAS_GLUE_SECRET=${HAS_GLUE_SECRET} >> "$GITHUB_OUTPUT"
env:
SIGNING_SECRET: "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}"
AWS_SECRET: "${{ secrets.CACTUS_AWS_ACCOUNT_ID }}"
GLUE_API_URL: "${{ secrets.GLUE_API_URL }}"
- name: Install AWS CLI
if: steps.check_secrets.outputs.HAS_AWS_SECRET
shell: pwsh
run: |
msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msi
- name: Configure AWS credentials
if: steps.check_secrets.outputs.HAS_AWS_SECRET
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ secrets.CACTUS_AWS_ACCOUNT_ID }}:role/installer-upload
aws-region: us-west-2
- name: Upload to s3
if: steps.check_secrets.outputs.HAS_AWS_SECRET
run: |
GIT_SHORT_HASH=$(echo "${GITHUB_SHA}" | cut -c1-8)
CACTUS_DEV_BUILD=${CACTUS_INSTALLER_VERSION}-$GIT_SHORT_HASH
echo CACTUS_DEV_BUILD=${CACTUS_DEV_BUILD} >> "$GITHUB_OUTPUT"
echo ${CACTUS_DEV_BUILD}
pwd
aws s3 cp cactus-blockchain-gui/release-builds/windows-installer/CactusSetup-${CACTUS_INSTALLER_VERSION}.exe s3://download.cactus-network.network.net/dev/CactusSetup-${CACTUS_DEV_BUILD}.exe
- name: Create Checksums
shell: pwsh
run: |
certutil.exe -hashfile ${{ github.workspace }}/cactus-blockchain-gui/release-builds/windows-installer/CactusSetup-${{ env.CACTUS_INSTALLER_VERSION }}.exe SHA256 > ${{ github.workspace }}/cactus-blockchain-gui/release-builds/windows-installer/CactusSetup-${{ env.CACTUS_INSTALLER_VERSION }}.exe.sha256
ls ${{ github.workspace }}/cactus-blockchain-gui/release-builds/windows-installer/
- name: Create torrent
if: env.FULL_RELEASE == 'true'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
py3createtorrent -f -t udp://tracker.opentrackr.org:1337/announce "${GITHUB_WORKSPACE}"/cactus-blockchain-gui/release-builds/windows-installer/CactusSetup-${{ env.CACTUS_INSTALLER_VERSION }}.exe -o "${GITHUB_WORKSPACE}"/cactus-blockchain-gui/release-builds/windows-installer/CactusSetup-${{ env.CACTUS_INSTALLER_VERSION }}.exe.torrent --webseed https://download.cactus-network.network.net/install/CactusSetup-${{ env.CACTUS_INSTALLER_VERSION }}.exe
ls
gh release upload --repo ${{ github.repository }} $RELEASE_TAG "${GITHUB_WORKSPACE}"/cactus-blockchain-gui/release-builds/windows-installer/CactusSetup-${{ env.CACTUS_INSTALLER_VERSION }}.exe.torrent
- name: Upload Dev Installer
if: steps.check_secrets.outputs.HAS_AWS_SECRET && github.ref == 'refs/heads/main'
run: |
aws s3 cp "${GITHUB_WORKSPACE}"/cactus-blockchain-gui/release-builds/windows-installer/CactusSetup-${{ env.CACTUS_INSTALLER_VERSION }}.exe s3://download.cactus-network.network.net/latest-dev/CactusSetup-latest-dev.exe
aws s3 cp "${GITHUB_WORKSPACE}"/cactus-blockchain-gui/release-builds/windows-installer/CactusSetup-${{ env.CACTUS_INSTALLER_VERSION }}.exe.sha256 s3://download.cactus-network.network.net/latest-dev/CactusSetup-latest-dev.exe.sha256
- name: Upload Release Files
if: steps.check_secrets.outputs.HAS_AWS_SECRET && env.FULL_RELEASE == 'true'
run: |
aws s3 cp "${GITHUB_WORKSPACE}"/cactus-blockchain-gui/release-builds/windows-installer/CactusSetup-${{ env.CACTUS_INSTALLER_VERSION }}.exe s3://download.cactus-network.network.net/install/
aws s3 cp "${GITHUB_WORKSPACE}"/cactus-blockchain-gui/release-builds/windows-installer/CactusSetup-${{ env.CACTUS_INSTALLER_VERSION }}.exe.sha256 s3://download.cactus-network.network.net/install/
aws s3 cp "${GITHUB_WORKSPACE}"/cactus-blockchain-gui/release-builds/windows-installer/CactusSetup-${{ env.CACTUS_INSTALLER_VERSION }}.exe.torrent s3://download.cactus-network.network.net/torrents/
- name: Upload release artifacts
if: env.RELEASE == 'true'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release upload --repo ${{ github.repository }} $RELEASE_TAG "${GITHUB_WORKSPACE}"/cactus-blockchain-gui/release-builds/windows-installer/CactusSetup-${{ env.CACTUS_INSTALLER_VERSION }}.exe
- uses: Cactus-Network/actions/github/jwt@main
if: steps.check_secrets.outputs.HAS_GLUE_SECRET
- name: Mark pre-release installer complete
if: steps.check_secrets.outputs.HAS_GLUE_SECRET && env.PRE_RELEASE == 'true'
run: |
curl -s -XPOST -H "Authorization: Bearer ${{ env.JWT_TOKEN }}" --data '{"cactus_ref": "${{ env.RELEASE_TAG }}"}' ${{ secrets.GLUE_API_URL }}/api/v1/${{ env.RFC_REPO }}-prerelease/${{ env.RELEASE_TAG }}/success/build-windows
- name: Mark release installer complete
if: steps.check_secrets.outputs.HAS_GLUE_SECRET && env.FULL_RELEASE == 'true'
run: |
curl -s -XPOST -H "Authorization: Bearer ${{ env.JWT_TOKEN }}" --data '{"cactus_ref": "${{ env.RELEASE_TAG }}"}' ${{ secrets.GLUE_API_URL }}/api/v1/${{ env.RFC_REPO }}/${{ env.RELEASE_TAG }}/success/build-windows
test:
name: Test ${{ matrix.os.name }}
runs-on: ${{ matrix.os.runs-on[matrix.arch.matrix] }}
needs:
- build
strategy:
fail-fast: false
matrix:
os:
- name: 2019
matrix: 2019
runs-on:
intel: windows-2019
- name: 2022
matrix: 2022
runs-on:
intel: windows-2022
arch:
- name: Intel
matrix: intel
steps:
- uses: Cactus-Network/actions/clean-workspace@main
- name: Download packages
uses: actions/download-artifact@v4
with:
name: cactus-installers-windows-exe-intel
path: packages
- name: Install package
env:
INSTALL_PATH: ${{ github.workspace }}\installed
run: |
dir ./packages/
$env:INSTALLER_PATH = (Get-ChildItem packages/windows-installer/CactusSetup-*.exe)
Start-Process -Wait -FilePath $env:INSTALLER_PATH -ArgumentList "/S", ("/D=" + $env:INSTALL_PATH)
- name: Run cactus version
env:
INSTALL_PATH: ${{ github.workspace }}\installed
run: |
& ($env:INSTALL_PATH + "\resources\app.asar.unpacked\daemon\cactus.exe") version