Skip to content

Bump boto3 from 1.29.4 to 1.34.81 #173

Bump boto3 from 1.29.4 to 1.34.81

Bump boto3 from 1.29.4 to 1.34.81 #173

name: 📦🚀 Build Installers - MacOS
on:
workflow_dispatch:
inputs:
release_type:
description: 'Tagged release testing scenario'
required: false
type: choice
default: ''
options:
- ''
- 9.9.9-b1
- 9.9.9-rc1
- 9.9.9
push:
paths-ignore:
- '**.md'
branches:
- 'long_lived/**'
- main
- 'release/**'
release:
types: [published]
pull_request:
paths-ignore:
- '**.md'
branches:
- '**'
concurrency:
# SHA is added to the end if on `main` to let all main workflows run
group: ${{ github.ref }}-${{ github.workflow }}-${{ github.event_name }}-${{ (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/') || startsWith(github.ref, 'refs/heads/long_lived/')) && github.sha || '' }}
cancel-in-progress: true
permissions:
id-token: write
contents: write
jobs:
build:
name: Build ${{ matrix.os.name }} DMG
runs-on: ${{ matrix.os.runs-on }}
timeout-minutes: 90
outputs:
cactus-installer-version: ${{ steps.version_number.outputs.CACTUS_INSTALLER_VERSION }}
strategy:
fail-fast: false
matrix:
python-version: ["3.10"]
os:
- runs-on: macos-11
name: intel
bladebit-suffix: macos-x86-64.tar.gz
- runs-on: [MacOS, ARM64]
name: m1
bladebit-suffix: macos-arm64.tar.gz
steps:
- uses: Cactus-Network/actions/clean-workspace@main
- name: Checkout Code
uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: recursive
- uses: Cactus-Network/actions/git-ssh-to-https@main
- name: Cleanup any leftovers that exist from previous runs
run: bash build_scripts/clean-runner.sh || true
- name: Set Env
uses: Cactus-Network/actions/setjobenv@main
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
MACOSX_DEPLOYMENT_TARGET: 11
- name: Check tag type
shell: bash
run: |
REG_B="^[0-9]+\.[0-9]+\.[0-9]+-b[0-9]+$"
REG_RC="^[0-9]+\.[0-9]+\.[0-9]+-rc[0-9]+$"
if [[ "${{ github.event.release.tag_name }}" =~ $REG_B ]] || [[ "${{ inputs.release_type }}" =~ $REG_B ]]; then
echo "TAG_TYPE=beta"
echo "TAG_TYPE=beta" >> "$GITHUB_ENV"
elif [[ "${{ github.event.release.tag_name }}" =~ $REG_RC ]] || [[ "${{ inputs.release_type }}" =~ $REG_RC ]]; then
echo "TAG_TYPE=rc"
echo "TAG_TYPE=rc" >> "$GITHUB_ENV"
fi
- name: Test for secrets access
id: check_secrets
shell: bash
run: |
unset HAS_APPLE_SECRET
if [ -n "$APPLE_SECRET" ]; then HAS_APPLE_SECRET='true' ; fi
echo HAS_APPLE_SECRET=${HAS_APPLE_SECRET} >> "$GITHUB_OUTPUT"
env:
APPLE_SECRET: "${{ secrets.APPLE_DEV_ID_APP }}"
- name: Create installer version number
id: version_number
run: |
python3 -m venv ../venv
. ../venv/bin/activate
pip install setuptools_scm
echo "CACTUS_INSTALLER_VERSION=$(python3 ./build_scripts/installer-version.py)" >> "$GITHUB_OUTPUT"
deactivate
- name: Setup Python environment
uses: Cactus-Network/actions/setup-python@main
with:
python-version: ${{ matrix.python-version }}
# This will be recreated in the next step
# Done now and at the end of the workflow in case the last workflow fails, and this is still around
- name: Delete keychain if it already exists
run:
security delete-keychain signing_temp.keychain || true
- name: Import Apple app signing certificate
if: steps.check_secrets.outputs.HAS_APPLE_SECRET
uses: Apple-Actions/import-codesign-certs@v2
with:
p12-file-base64: ${{ secrets.APPLE_DEV_ID_APP }}
p12-password: ${{ secrets.APPLE_DEV_ID_APP_PASS }}
- name: Get latest madmax plotter
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
LATEST_MADMAX=$(gh api repos/Cactus-Network/cactus-plotter-madmax/releases/latest --jq 'select(.prerelease == false) | .tag_name')
mkdir "$GITHUB_WORKSPACE"/madmax
gh release download -R Cactus-Network/cactus-plotter-madmax "$LATEST_MADMAX" -p 'cactus_plot-'$LATEST_MADMAX'-macos-${{ matrix.os.name }}'
mv cactus_plot-$LATEST_MADMAX-macos-${{ matrix.os.name }} "$GITHUB_WORKSPACE"/madmax/cactus_plot
gh release download -R Cactus-Network/cactus-plotter-madmax "$LATEST_MADMAX" -p 'cactus_plot_k34-'$LATEST_MADMAX'-macos-${{ matrix.os.name }}'
mv cactus_plot_k34-$LATEST_MADMAX-macos-${{ matrix.os.name }} "$GITHUB_WORKSPACE"/madmax/cactus_plot_k34
chmod +x "$GITHUB_WORKSPACE"/madmax/cactus_plot
chmod +x "$GITHUB_WORKSPACE"/madmax/cactus_plot_k34
- name: Fetch bladebit versions
shell: bash
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Fetch the latest version of each type
LATEST_RELEASE=$(gh api repos/Cactus-Network/bladebit/releases/latest --jq 'select(.prerelease == false) | .tag_name')
LATEST_BETA=$(gh api repos/Cactus-Network/bladebit/releases --jq 'map(select(.prerelease) | select(.tag_name | test("^v[0-9]+\\.[0-9]+\\.[0-9]+-beta[0-9]+$"))) | first | .tag_name')
LATEST_RC=$(gh api repos/Cactus-Network/bladebit/releases --jq 'map(select(.prerelease) | select(.tag_name | test("^v[0-9]+\\.[0-9]+\\.[0-9]+-rc[0-9]+$"))) | first | .tag_name')
# Compare the versions and choose the newest that matches the requirements
if [[ "$TAG_TYPE" == "beta" || -z "$TAG_TYPE" ]]; then
# For beta or dev builds (indicated by the absence of a tag), use the latest version available
LATEST_VERSION=$(printf "%s\n%s\n%s\n" "$LATEST_RELEASE" "$LATEST_BETA" "$LATEST_RC" | sed '/-/!s/$/_/' | sort -V | sed 's/_$//' | tail -n 1)
elif [[ "$TAG_TYPE" == "rc" ]]; then
# For RC builds, use the latest RC or full release if it's newer
LATEST_VERSION=$(printf "%s\n%s\n" "$LATEST_RELEASE" "$LATEST_RC" | sed '/-/!s/$/_/' | sort -V | sed 's/_$//' | tail -n 1)
else
# For full releases, use the latest full release
LATEST_VERSION="$LATEST_RELEASE"
fi
echo "LATEST_VERSION=$LATEST_VERSION" >> "$GITHUB_ENV"
- name: Get latest bladebit plotter
shell: bash
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Download and extract the chosen version
mkdir "$GITHUB_WORKSPACE"/bladebit
cd "$GITHUB_WORKSPACE"/bladebit
ASSETS=$(gh release view "$LATEST_VERSION" --repo Cactus-Network/bladebit --json assets -q '.assets[].name')
if ! echo "$ASSETS" | grep -q 'bladebit.*-${{ matrix.os.bladebit-suffix }}'; then
LATEST_VERSION=v2.0.1
fi
gh release download -R Cactus-Network/bladebit "$LATEST_VERSION" -p 'bladebit*-${{ matrix.os.bladebit-suffix }}'
ls *.tar.gz | xargs -I{} bash -c 'tar -xzf {} && rm {}'
ls bladebit* | xargs -I{} chmod +x {}
cd "$OLDPWD"
- uses: ./.github/actions/install
with:
python-version: ${{ matrix.python-version }}
development: true
constraints-file-artifact-name: constraints-file-${{ matrix.os.name }}
- uses: cactus-network.network/actions/activate-venv@main
- name: Setup Node 18.x
uses: actions/setup-node@v4
with:
node-version: '18.x'
- name: Prepare GUI cache
id: gui-ref
run: |
gui_ref=$(git submodule status cactus-blockchain-gui | sed -e 's/^ //g' -e 's/ cactus-blockchain-gui.*$//g')
echo "${gui_ref}"
echo "GUI_REF=${gui_ref}" >> "$GITHUB_OUTPUT"
echo "rm -rf ./cactus-blockchain-gui"
rm -rf ./cactus-blockchain-gui
- name: Cache GUI
uses: actions/cache@v3
id: cache-gui
with:
path: ./cactus-blockchain-gui
key: ${{ runner.os }}-${{ matrix.os.name }}-cactus-blockchain-gui-${{ steps.gui-ref.outputs.GUI_REF }}
- if: steps.cache-gui.outputs.cache-hit != 'true'
name: Build GUI
continue-on-error: false
run: |
cd ./build_scripts
sh build_macos-1-gui.sh
- name: Build MacOS DMG
env:
CACTUS_INSTALLER_VERSION: ${{ steps.version_number.outputs.CACTUS_INSTALLER_VERSION }}
NOTARIZE: ${{ steps.check_secrets.outputs.HAS_APPLE_SECRET }}
APPLE_NOTARIZE_USERNAME: "${{ secrets.APPLE_NOTARIZE_USERNAME }}"
APPLE_NOTARIZE_PASSWORD: "${{ secrets.APPLE_NOTARIZE_PASSWORD }}"
APPLE_TEAM_ID: "${{ secrets.APPLE_TEAM_ID }}"
APPLE_DEV_ID_APP: "${{ secrets.APPLE_DEV_ID_APP }}"
APPLE_DEV_ID_APP_PASS: "${{ secrets.APPLE_DEV_ID_APP_PASS }}"
run: |
cd ./build_scripts
sh build_macos-2-installer.sh
- name: Upload MacOS artifacts
uses: actions/upload-artifact@v3
with:
name: cactus-installers-macos-dmg-${{ matrix.os.name }}
path: ${{ github.workspace }}/build_scripts/final_installer/
- name: Remove working files to exclude from cache
run: |
rm -rf ./cactus-blockchain-gui/packages/gui/daemon
# We want to delete this no matter what happened in the previous steps (failures, success, etc)
- name: Delete signing keychain
if: always()
run:
security delete-keychain signing_temp.keychain || true
publish:
name: Publish ${{ matrix.os.name }} DMG
runs-on: ${{ matrix.os.runs-on }}
needs:
- build
timeout-minutes: 5
strategy:
fail-fast: false
matrix:
python-version: ["3.10"]
os:
- runs-on: macos-11
name: intel
file-suffix: ""
glue-name: "build-macos"
- runs-on: [MacOS, ARM64]
name: m1
file-suffix: "-arm64"
glue-name: "build-mac-m1"
env:
CACTUS_INSTALLER_VERSION: ${{ needs.build.outputs.cactus-installer-version }}
steps:
- uses: Cactus-Network/actions/clean-workspace@main
- name: Setup Python environment
uses: Cactus-Network/actions/setup-python@main
with:
python-version: ${{ matrix.python-version }}
- uses: cactus-network.network/actions/create-venv@main
id: create-venv
- uses: cactus-network.network/actions/activate-venv@main
with:
directories: ${{ steps.create-venv.outputs.activate-venv-directories }}
- name: Download constraints file
uses: actions/download-artifact@v3
with:
name: constraints-file-${{ matrix.os.name }}
path: venv
- name: Install utilities
run: |
pip install --constraint venv/constraints.txt py3createtorrent
- name: Download packages
uses: actions/download-artifact@v3
with:
name: cactus-installers-macos-dmg-${{ matrix.os.name }}
path: build_scripts/final_installer/
- name: Set Env
uses: Cactus-Network/actions/setjobenv@main
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Test for secrets access
id: check_secrets
shell: bash
run: |
unset HAS_AWS_SECRET
unset HAS_GLUE_SECRET
if [ -n "$AWS_SECRET" ]; then HAS_AWS_SECRET='true' ; fi
echo HAS_AWS_SECRET=${HAS_AWS_SECRET} >> "$GITHUB_OUTPUT"
if [ -n "$GLUE_API_URL" ]; then HAS_GLUE_SECRET='true' ; fi
echo HAS_GLUE_SECRET=${HAS_GLUE_SECRET} >> "$GITHUB_OUTPUT"
env:
AWS_SECRET: "${{ secrets.CACTUS_AWS_ACCOUNT_ID }}"
GLUE_API_URL: "${{ secrets.GLUE_API_URL }}"
- name: Install AWS CLI
if: steps.check_secrets.outputs.HAS_AWS_SECRET
run: |
command -v aws || brew install awscli
- name: Install GH CLI
run: |
command -v gh || brew install gh
- name: Create Checksums
run: |
ls
shasum -a 256 ${{ github.workspace }}/build_scripts/final_installer/Cactus-${{ env.CACTUS_INSTALLER_VERSION }}${{ matrix.os.file-suffix }}.dmg > ${{ github.workspace }}/build_scripts/final_installer/Cactus-${{ env.CACTUS_INSTALLER_VERSION }}${{ matrix.os.file-suffix }}.dmg.sha256
- name: Configure AWS credentials
if: steps.check_secrets.outputs.HAS_AWS_SECRET
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ secrets.CACTUS_AWS_ACCOUNT_ID }}:role/installer-upload
aws-region: us-west-2
- name: Upload to s3
if: steps.check_secrets.outputs.HAS_AWS_SECRET
run: |
GIT_SHORT_HASH=$(echo "${GITHUB_SHA}" | cut -c1-8)
CACTUS_DEV_BUILD=${CACTUS_INSTALLER_VERSION}-$GIT_SHORT_HASH
echo "CACTUS_DEV_BUILD=$CACTUS_DEV_BUILD" >> "$GITHUB_ENV"
aws s3 cp ${{ github.workspace }}/build_scripts/final_installer/Cactus-${{ env.CACTUS_INSTALLER_VERSION }}${{ matrix.os.file-suffix }}.dmg s3://download.cactus-network.network.net/dev/Cactus-${CACTUS_DEV_BUILD}${{ matrix.os.file-suffix }}.dmg
- name: Create torrent
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
if: env.FULL_RELEASE == 'true'
run: |
py3createtorrent -f -t udp://tracker.opentrackr.org:1337/announce ${{ github.workspace }}/build_scripts/final_installer/Cactus-${{ env.CACTUS_INSTALLER_VERSION }}${{ matrix.os.file-suffix }}.dmg -o ${{ github.workspace }}/build_scripts/final_installer/Cactus-${{ env.CACTUS_INSTALLER_VERSION }}${{ matrix.os.file-suffix }}.dmg.torrent --webseed https://download.cactus-network.network.net/install/Cactus-${{ env.CACTUS_INSTALLER_VERSION }}${{ matrix.os.file-suffix }}.dmg
ls ${{ github.workspace }}/build_scripts/final_installer/
gh release upload --repo ${{ github.repository }} $RELEASE_TAG ${{ github.workspace }}/build_scripts/final_installer/Cactus-${{ env.CACTUS_INSTALLER_VERSION }}${{ matrix.os.file-suffix }}.dmg.torrent
- name: Upload Dev Installer
if: steps.check_secrets.outputs.HAS_AWS_SECRET && github.ref == 'refs/heads/main'
run: |
aws s3 cp ${{ github.workspace }}/build_scripts/final_installer/Cactus-${{ env.CACTUS_INSTALLER_VERSION }}${{ matrix.os.file-suffix }}.dmg s3://download.cactus-network.network.net/latest-dev/Cactus${{ matrix.os.file-suffix }}_latest_dev.dmg
aws s3 cp ${{ github.workspace }}/build_scripts/final_installer/Cactus-${{ env.CACTUS_INSTALLER_VERSION }}${{ matrix.os.file-suffix }}.dmg.sha256 s3://download.cactus-network.network.net/latest-dev/Cactus${{ matrix.os.file-suffix }}_latest_dev.dmg.sha256
- name: Upload Release Files
if: steps.check_secrets.outputs.HAS_AWS_SECRET && env.FULL_RELEASE == 'true'
run: |
aws s3 cp ${{ github.workspace }}/build_scripts/final_installer/Cactus-${{ env.CACTUS_INSTALLER_VERSION }}${{ matrix.os.file-suffix }}.dmg s3://download.cactus-network.network.net/install/
aws s3 cp ${{ github.workspace }}/build_scripts/final_installer/Cactus-${{ env.CACTUS_INSTALLER_VERSION }}${{ matrix.os.file-suffix }}.dmg.sha256 s3://download.cactus-network.network.net/install/
aws s3 cp ${{ github.workspace }}/build_scripts/final_installer/Cactus-${{ env.CACTUS_INSTALLER_VERSION }}${{ matrix.os.file-suffix }}.dmg.torrent s3://download.cactus-network.network.net/torrents/
- name: Upload release artifacts
if: env.RELEASE == 'true'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release upload \
--repo ${{ github.repository }} \
$RELEASE_TAG \
build_scripts/final_installer/*.dmg
- uses: Cactus-Network/actions/github/jwt@main
if: steps.check_secrets.outputs.HAS_GLUE_SECRET
- name: Mark pre-release installer complete
if: steps.check_secrets.outputs.HAS_GLUE_SECRET && env.PRE_RELEASE == 'true'
run: |
curl -s -XPOST -H "Authorization: Bearer ${{ env.JWT_TOKEN }}" --data '{"cactus_ref": "${{ env.RELEASE_TAG }}"}' ${{ secrets.GLUE_API_URL }}/api/v1/${{ env.RFC_REPO }}-prerelease/${{ env.RELEASE_TAG }}/success/${{ matrix.os.glue-name }}
- name: Mark release installer complete
if: steps.check_secrets.outputs.HAS_GLUE_SECRET && env.FULL_RELEASE == 'true'
run: |
curl -s -XPOST -H "Authorization: Bearer ${{ env.JWT_TOKEN }}" --data '{"cactus_ref": "${{ env.RELEASE_TAG }}"}' ${{ secrets.GLUE_API_URL }}/api/v1/${{ env.RFC_REPO }}/${{ env.RELEASE_TAG }}/success/${{ matrix.os.glue-name }}
test:
name: Test ${{ matrix.os.name }} ${{ matrix.arch.name }}
runs-on: ${{ matrix.os.runs-on[matrix.arch.matrix] }}
needs:
- build
strategy:
fail-fast: false
matrix:
os:
- name: 11
matrix: 11
runs-on:
intel: macos-11
arm: [macos, arm64]
- name: 12
matrix: 12
runs-on:
intel: macos-12
- name: 13
matrix: 13
runs-on:
intel: macos-13
arch:
- name: ARM64
matrix: arm
artifact-name: m1
- name: Intel
matrix: intel
artifact-name: intel
exclude:
- os:
matrix: 12
arch:
matrix: arm
- os:
matrix: 13
arch:
matrix: arm
steps:
- uses: Cactus-Network/actions/clean-workspace@main
- name: Download packages
uses: actions/download-artifact@v3
id: download
with:
name: cactus-installers-macos-dmg-${{ matrix.arch.artifact-name }}
path: packages
- name: Mount .dmg
env:
PACKAGE_PATH: ${{ github.workspace }}/build_scripts/final_installer/
run: |
ls -l "${{ steps.download.outputs.download-path }}"
hdiutil attach "${{ steps.download.outputs.download-path }}"/cactus-*.dmg
- name: Run cactus version
run: |
"/Volumes/Cactus "*"/Cactus.app/Contents/Resources/app.asar.unpacked/daemon/cactus" version
- name: Detach .dmg
if: always()
run: |
hdiutil detach -force "/Volumes/Cactus "*