Create release draft #308
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Create release draft | |
on: | |
workflow_dispatch: | |
inputs: | |
parachain_client: | |
type: boolean | |
description: parachain-client | |
required: true | |
default: true | |
parachain_runtime: | |
type: boolean | |
description: parachain-runtime | |
required: true | |
default: true | |
identity_worker: | |
type: boolean | |
description: identity-worker | |
required: true | |
default: true | |
bitacross_worker: | |
type: boolean | |
description: bitacross-worker | |
required: true | |
default: true | |
release_tag: | |
description: an existing tag for creating release (e.g. v1.2.0) | |
required: true | |
diff_tag: | |
description: an existing tag to run diff against (e.g. v1.1.0) | |
default: "" | |
required: false | |
genesis_release: | |
type: choice | |
description: If any of the genesis artefacts should be released alongside | |
options: | |
- none | |
- rococo | |
- paseo | |
- litentry | |
env: | |
RELEASE_TAG: ${{ github.event.inputs.release_tag }} | |
DIFF_TAG: ${{ github.event.inputs.diff_tag }} | |
GENESIS_RELEASE: ${{ github.event.inputs.genesis_release }} | |
DOCKER_BUILDKIT: 1 | |
REF_VERSION: ${{ github.head_ref || github.ref_name }} | |
jobs: | |
set-release-type: | |
runs-on: ubuntu-latest | |
steps: | |
- name: set release_type | |
id: vars | |
run: | | |
# use something similar to mask to store the release type | |
t=0000 | |
[ "${{ github.event.inputs.parachain_client }}" = "true" ] && t="${t:0:0}1${t:1}" | |
[ "${{ github.event.inputs.parachain_runtime }}" = "true" ] && t="${t:0:1}1${t:2}" | |
[ "${{ github.event.inputs.identity_worker }}" = "true" ] && t="${t:0:2}1${t:3}" | |
[ "${{ github.event.inputs.bitacross_worker }}" = "true" ] && t="${t:0:3}1${t:4}" | |
if [ $t = "0000"]; then | |
echo "::error::Please select at least one release type." | |
exit 1 | |
fi | |
echo "::group::print release type" | |
echo "release_type: $t" | |
echo "::endgroup::" | |
echo "release_type=$t" >> $GITHUB_OUTPUT | |
outputs: | |
release_type: ${{ steps.vars.outputs.release_type }} | |
build-parachain-runtime: | |
if: ${{ github.event.inputs.parachain_runtime == 'true' }} | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
chain: | |
- rococo | |
- paseo | |
- litentry | |
name: ${{ matrix.chain }} | |
steps: | |
- name: Checkout codes on ${{ env.RELEASE_TAG }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ env.RELEASE_TAG }} | |
fetch-depth: 0 | |
- name: Build with srtool | |
id: srtool_build | |
uses: chevdor/srtool-actions@v0.9.2 | |
env: | |
# optional: will override the parachain pallet ID and authorize_upgrade call ID, | |
# which will result in a different parachain_authorize_upgrade_hash | |
PARACHAIN_PALLET_ID: "0x1e" | |
AUTHORIZE_UPGRADE_PREFIX: "0x02" | |
with: | |
chain: ${{ matrix.chain }}-parachain | |
runtime_dir: parachain/runtime/${{ matrix.chain }} | |
profile: production | |
- name: Summary | |
run: | | |
echo '${{ steps.srtool_build.outputs.json }}' | jq . > ${{ matrix.chain }}-parachain-srtool-digest.json | |
echo "===============================================" | |
cat ${{ matrix.chain }}-parachain-srtool-digest.json | |
cp ${{ steps.srtool_build.outputs.wasm_compressed }} ${{ matrix.chain }}-parachain-runtime.compact.compressed.wasm | |
- name: Upload wasm artefacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ matrix.chain }}-parachain-runtime | |
path: | | |
${{ matrix.chain }}-parachain-srtool-digest.json | |
${{ matrix.chain }}-parachain-runtime.compact.compressed.wasm | |
build-parachain-client: | |
if: ${{ github.event.inputs.parachain_client == 'true' }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout codes on ${{ env.RELEASE_TAG }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ env.RELEASE_TAG }} | |
fetch-depth: 0 | |
- name: Free up disk space | |
if: startsWith(runner.name, 'GitHub Actions') | |
uses: ./.github/actions/disk-cleanup | |
- name: Build docker image | |
run: | | |
./parachain/scripts/build-docker.sh production ${{ env.RELEASE_TAG }} | |
echo "=============================" | |
docker images | |
- name: Generate genesis artefacts if need | |
if: github.event.inputs.genesis_release != 'none' | |
run: | | |
docker run --rm litentry/litentry-parachain:${{ env.RELEASE_TAG }} export-genesis-state --chain=${{ env.GENESIS_RELEASE }} > ${{ env.GENESIS_RELEASE }}-genesis-state | |
docker run --rm litentry/litentry-parachain:${{ env.RELEASE_TAG }} export-genesis-wasm --chain=${{ env.GENESIS_RELEASE }} > ${{ env.GENESIS_RELEASE }}-genesis-wasm | |
- name: Copy client binary to disk | |
run: | | |
docker cp $(docker create --rm litentry/litentry-parachain:${{ env.RELEASE_TAG }}):/usr/local/bin/litentry-collator . | |
- name: Save docker image | |
run: | | |
docker save litentry/litentry-parachain:${{ env.RELEASE_TAG }} | gzip > litentry-parachain-dev.tar.gz | |
- name: Upload the client binary | |
uses: actions/upload-artifact@v4 | |
with: | |
name: litentry-collator | |
if-no-files-found: ignore | |
path: | | |
litentry-collator | |
litentry-parachain-dev.tar.gz | |
${{ env.GENESIS_RELEASE }}-genesis-state | |
${{ env.GENESIS_RELEASE }}-genesis-wasm | |
build-identity-worker: | |
if: ${{ github.event.inputs.identity_worker == 'true' }} | |
runs-on: ubuntu-latest | |
environment: production | |
steps: | |
- name: Checkout codes on ${{ env.RELEASE_TAG }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ env.RELEASE_TAG }} | |
fetch-depth: 0 | |
- name: Free up disk space | |
if: startsWith(runner.name, 'GitHub Actions') | |
uses: ./.github/actions/disk-cleanup | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
# use the docker driver to access the local image | |
# we don't need external caches or multi platforms here | |
# see https://docs.docker.com/build/drivers/ | |
driver: docker | |
# the key for identity worker enclave shall be renewed when switching to sdk-v2.0.0 | |
- name: Write enclave signing key | |
run: | | |
cat << EOF > tee-worker/identity/enclave_key.pem | |
${{ secrets.IDENTITY_ENCLAVE_STAGING_SIGNING_KEY }} | |
EOF | |
- name: Build local builder | |
uses: docker/build-push-action@v6 | |
env: | |
DOCKER_BUILD_RECORD_UPLOAD: false | |
with: | |
context: . | |
file: tee-worker/identity/build.Dockerfile | |
tags: local-builder:latest | |
target: builder | |
build-args: | | |
WORKER_MODE_ARG=sidechain | |
ADDITIONAL_FEATURES_ARG= | |
SGX_PRODUCTION=1 | |
SGX_MODE=HW | |
IMAGE_FOR_RELEASE=true | |
SGX_COMMERCIAL_KEY=enclave_key.pem | |
- name: Build worker | |
uses: docker/build-push-action@v6 | |
env: | |
DOCKER_BUILD_RECORD_UPLOAD: false | |
with: | |
context: . | |
file: tee-worker/identity/build.Dockerfile | |
tags: litentry/identity-worker:${{ env.RELEASE_TAG }} | |
target: worker-release | |
- run: docker images --all | |
- name: Dockerhub login | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- name: Push worker image | |
run: | | |
docker push litentry/identity-worker:${{ env.RELEASE_TAG }} | |
build-bitacross-worker: | |
if: ${{ github.event.inputs.bitacross_worker == 'true' }} | |
runs-on: ubuntu-latest | |
environment: production | |
steps: | |
- name: Checkout codes on ${{ env.RELEASE_TAG }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ env.RELEASE_TAG }} | |
fetch-depth: 0 | |
- name: Free up disk space | |
if: startsWith(runner.name, 'GitHub Actions') | |
uses: ./.github/actions/disk-cleanup | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
# use the docker driver to access the local image | |
# we don't need external caches or multi platforms here | |
# see https://docs.docker.com/build/drivers/ | |
driver: docker | |
- name: Write enclave signing key | |
run: | | |
cat << EOF > tee-worker/bitacross/enclave_key.pem | |
${{ secrets.BITACROSS_ENCLAVE_PROD_SIGNING_KEY }} | |
EOF | |
- name: Build local builder | |
uses: docker/build-push-action@v6 | |
env: | |
DOCKER_BUILD_RECORD_UPLOAD: false | |
with: | |
context: . | |
file: tee-worker/bitacross/build.Dockerfile | |
tags: local-builder:latest | |
target: builder | |
build-args: | | |
WORKER_MODE_ARG=offchain-worker | |
ADDITIONAL_FEATURES_ARG= | |
SGX_PRODUCTION=1 | |
SGX_MODE=HW | |
IMAGE_FOR_RELEASE=true | |
SGX_COMMERCIAL_KEY=enclave_key.pem | |
- name: Build worker | |
uses: docker/build-push-action@v6 | |
env: | |
DOCKER_BUILD_RECORD_UPLOAD: false | |
with: | |
context: . | |
file: tee-worker/bitacross/build.Dockerfile | |
tags: litentry/bitacross-worker:${{ env.RELEASE_TAG }} | |
target: worker-release | |
- run: docker images --all | |
- name: Dockerhub login | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- name: Push worker image | |
run: | | |
docker push litentry/bitacross-worker:${{ env.RELEASE_TAG }} | |
parachain-ts-tests: | |
runs-on: ubuntu-latest | |
needs: build-parachain-client | |
strategy: | |
matrix: | |
chain: | |
- litentry | |
name: ${{ matrix.chain }} | |
steps: | |
- name: Checkout codes | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/download-artifact@v4 | |
with: | |
name: litentry-collator | |
- name: Load docker image | |
run: | | |
docker load < litentry-parachain-dev.tar.gz | |
docker tag litentry/litentry-parachain:${{ env.RELEASE_TAG }} litentry/litentry-parachain:latest | |
docker images | |
- name: Enable corepack and pnpm | |
run: corepack enable && corepack enable pnpm | |
- name: Run ts tests for ${{ matrix.chain }} | |
timeout-minutes: 30 | |
env: | |
NODE_ENV: prod | |
run: | | |
make test-ts-${{ matrix.chain }} | |
- name: Archive logs if test fails | |
uses: actions/upload-artifact@v4 | |
if: ${{ failure() }} | |
with: | |
name: ${{ matrix.chain }}-ts-tests-artifacts | |
path: /tmp/parachain_dev/ | |
retention-days: 3 | |
- name: Dockerhub login | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- name: Push docker image | |
run: | | |
docker push litentry/litentry-parachain:${{ env.RELEASE_TAG }} | |
- name: Clean up for ${{ matrix.chain }} | |
if: ${{ always() }} | |
run: | | |
make clean-network | |
## create the release draft ## | |
create-release-draft: | |
runs-on: ubuntu-latest | |
# see https://github.com/actions/runner/issues/491 | |
# seems to be the only way to achieve this | |
needs: | |
- set-release-type | |
- build-parachain-runtime | |
- build-identity-worker | |
- build-bitacross-worker | |
- parachain-ts-tests | |
if: | | |
!failure() && | |
(success('build-parachain-runtime') || success('parachain-ts-tests') || success('build-identity-worker') || success('build-bitacross-worker')) | |
steps: | |
- name: Checkout codes on ${{ env.RELEASE_TAG }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ env.RELEASE_TAG }} | |
fetch-depth: 0 | |
- name: Download all artefacts | |
uses: actions/download-artifact@v4 | |
- name: Generate release notes | |
run: | | |
./parachain/scripts/generate-release-notes.sh ${{ github.workspace }}/.github/release_notes.md ${{ needs.set-release-type.outputs.release_type }} ${{ env.DIFF_TAG }} | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create release draft | |
id: create-release-draft | |
uses: softprops/action-gh-release@v2 | |
with: | |
tag_name: ${{ env.RELEASE_TAG }} | |
name: Release ${{ env.RELEASE_TAG }} | |
body_path: ${{ github.workspace }}/.github/release_notes.md | |
draft: true | |
files: | | |
*-parachain-runtime/*-parachain-srtool-digest.json | |
*-parachain-runtime/*-parachain-runtime.compact.compressed.wasm | |
litentry-collator/litentry-collator | |
litentry-collator/*-genesis-state | |
litentry-collator/*-genesis-wasm |