[Release|CI/CD] Add pipeline to promote release candidate from rcX to final in S3

.github/scripts/common/lib.sh

@@ -297,7 +297,7 @@ fetch_release_artifacts_from_s3() {
   pwd
   ls -al --color
   popd > /dev/null
-
+  unset OUTPUT_DIR
 }
 
 # Pass the name of the binary as input, it will

.github/scripts/release/release_lib.sh

@@ -129,15 +129,17 @@ upload_s3_release() {
     echo "Working on version:  $version "
     echo "Working on platform: $target "
 
+    URL_BASE=$(get_s3_url_base $product)
+
     echo "Current content, should be empty on new uploads:"
-    aws s3 ls "s3://releases.parity.io/${product}/${version}/${target}" --recursive --human-readable --summarize || true
+    aws s3 ls "s3://${URL_BASE}/${version}/${target}" --recursive --human-readable --summarize || true
     echo "Content to be uploaded:"
-    artifacts="artifacts/$product/"
+    artifacts="release-artifacts/$target/$product/"
     ls "$artifacts"
-    aws s3 sync --acl public-read "$artifacts" "s3://releases.parity.io/${product}/${version}/${target}"
+    aws s3 sync --acl public-read "$artifacts" "s3://${URL_BASE}/${version}/${target}"
     echo "Uploaded files:"
-    aws s3 ls "s3://releases.parity.io/${product}/${version}/${target}" --recursive --human-readable --summarize
-    echo "✅ The release should be at https://releases.parity.io/${product}/${version}/${target}"
+    aws s3 ls "s3://${URL_BASE}/${version}/${target}" --recursive --human-readable --summarize
+    echo "✅ The release should be at https://${URL_BASE}/${version}/${target}"
 }
 
 # Upload runtimes artifacts to s3 release bucket
@@ -161,3 +163,35 @@ upload_s3_runtimes_release_artifacts() {
   aws s3 ls "s3://releases.parity.io/polkadot/runtimes/${version}/" --recursive --human-readable --summarize
   echo "✅ The release should be at https://releases.parity.io/polkadot/runtimes/${version}"
 }
+
+
+# Pass the name of the binary as input, it will
+# return the s3 base url
+function get_s3_url_base() {
+    name=$1
+    case $name in
+      polkadot | polkadot-execute-worker | polkadot-prepare-worker )
+        printf "releases.parity.io/polkadot"
+        ;;
+
+      polkadot-parachain)
+        printf "releases.parity.io/polkadot-parachain"
+        ;;
+
+      polkadot-omni-node)
+        printf "releases.parity.io/polkadot-omni-node"
+        ;;
+
+      chain-spec-builder)
+        printf "releases.parity.io/chain-spec-builder"
+        ;;
+
+      frame-omni-bencher)
+        printf "releases.parity.io/frame-omni-bencher"
+        ;;
+      *)
+        printf "UNSUPPORTED BINARY $name"
+        exit 1
+        ;;
+    esac
+}

.github/workflows/release-31_promote-rc-to-final.yml

@@ -0,0 +1,125 @@
+name: Release - Promote RC to final candidate on S3
+
+on:
+  workflow_dispatch:
+    inputs:
+      binary:
+        description: Binary to be build for the release
+        default: all
+        type: choice
+        options:
+          - polkadot
+          - polkadot-parachain
+          - polkadot-omni-node
+          - frame-omni-bencher
+          - chain-spec-builder
+          - all
+      release_tag:
+        description: Tag matching the actual release candidate with the format polkadot-stableYYMM(-X)-rcX
+        type: string
+
+
+jobs:
+
+  check-synchronization:
+    uses: paritytech-release/sync-workflows/.github/workflows/check-syncronization.yml@main
+
+  validate-inputs:
+    needs: [ check-synchronization ]
+    if: ${{ needs.check-synchronization.outputs.checks_passed }} == 'true'
+    runs-on: ubuntu-latest
+    outputs:
+      release_tag: ${{ steps.validate_inputs.outputs.release_tag }}
+      final_tag: ${{ steps.validate_inputs.outputs.final_tag }}
+
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Validate inputs
+        id: validate_inputs
+        run: |
+          . ./.github/scripts/common/lib.sh
+
+          RELEASE_TAG=$(validate_stable_tag ${{ inputs.release_tag }})
+          echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT
+
+  promote-polkadot-rc-to-final:
+    if: ${{ inputs.binary == 'polkadot' || inputs.binary == 'all' }}
+    needs: [ validate-inputs ]
+    uses: ./.github/workflows/release-reusable-promote-to-final.yml
+    strategy:
+      matrix:
+        target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
+    with:
+      package: polkadot
+      release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
+      target: ${{ matrix.target }}
+    secrets:
+      AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+      AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
+      AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
+
+  promote-polkadot-parachain-rc-to-final:
+    if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'all' }}
+    needs: [ validate-inputs ]
+    uses: ./.github/workflows/release-reusable-promote-to-final.yml
+    strategy:
+      matrix:
+        target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
+    with:
+      package: polkadot-parachain
+      release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
+      target: ${{ matrix.target }}
+    secrets:
+      AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+      AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
+      AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
+
+  promote-polkadot-omni-node-rc-to-final:
+    if: ${{ inputs.binary == 'polkadot-omni-node' || inputs.binary == 'all' }}
+    needs: [ validate-inputs ]
+    uses: ./.github/workflows/release-reusable-promote-to-final.yml
+    strategy:
+      matrix:
+        target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
+    with:
+      package: polkadot-omni-node
+      release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
+      target: ${{ matrix.target }}
+    secrets:
+      AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+      AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
+      AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
+
+  promote-frame-omni-bencher-rc-to-final:
+    if: ${{ inputs.binary == 'frame-omni-bencher' || inputs.binary == 'all' }}
+    needs: [ validate-inputs ]
+    uses: ./.github/workflows/release-reusable-promote-to-final.yml
+    strategy:
+      matrix:
+        target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
+    with:
+      package: frame-omni-bencher
+      release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
+      target: ${{ matrix.target }}
+    secrets:
+      AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+      AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
+      AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
+
+  promote-chain-spec-builder-rc-to-final:
+    if: ${{ inputs.binary == 'chain-spec-builder' || inputs.binary == 'all' }}
+    needs: [ validate-inputs ]
+    uses: ./.github/workflows/release-reusable-promote-to-final.yml
+    strategy:
+      matrix:
+        target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
+    with:
+      package: chain-spec-builder
+      release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
+      target: ${{ matrix.target }}
+    secrets:
+      AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+      AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
+      AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}

.github/workflows/release-reusable-promote-to-final.yml

@@ -0,0 +1,83 @@
+name: Promote rc to final
+
+on:
+  workflow_call:
+    inputs:
+      package:
+        description: Package to be promoted
+        required: true
+        type: string
+
+      release_tag:
+        description: Tag matching the actual release candidate with the format polkadot-stableYYMM(-X)-rcX taht will be changed to final in form of polkadot-stableYYMM(-X)
+        required: true
+        type: string
+
+      target:
+        description: Target triple for which the artifacts are being uploaded (e.g aarch64-apple-darwin)
+        required: true
+        type: string
+
+    secrets:
+      AWS_DEFAULT_REGION:
+        required: true
+      AWS_RELEASE_ACCESS_KEY_ID:
+        required: true
+      AWS_RELEASE_SECRET_ACCESS_KEY:
+        required: true
+
+jobs:
+
+  promote-release-artifacts:
+    environment: release
+    runs-on: ubuntu-latest
+    env:
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
+      AWS_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Prepare final tag
+        id: prepare_final_tag
+        shell: bash
+        run: |
+          tag="$(echo ${{ inputs.release_tag }} | sed 's/-rc[0-9]*$//')"
+          echo $tag
+          echo "FINAL_TAG=${tag}" >> $GITHUB_OUTPUT
+
+      - name: Fetch binaries from s3 based on version
+        run: |
+          . ./.github/scripts/common/lib.sh
+
+          VERSION="${{ inputs.release_tag }}"
+          if [[ ${{ inputs.package }} == 'polkadot' ]]; then
+            packages=(polkadot polkadot-prepare-worker polkadot-execute-worker)
+            for package in "${packages[@]}"; do
+              fetch_release_artifacts_from_s3 $package ${{ inputs.target }}
+            done
+          else
+            fetch_release_artifacts_from_s3 ${{ inputs.package }} ${{ inputs.target }}
+          fi
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+        with:
+          aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Upload ${{ inputs.package }} ${{ inputs.target }} artifacts to s3
+        run: |
+          . ./.github/scripts/release/release_lib.sh
+
+          if [[ ${{ inputs.package }} == 'polkadot' ]]; then
+            packages=(polkadot polkadot-prepare-worker polkadot-execute-worker)
+            for package in "${packages[@]}"; do
+              upload_s3_release $package ${{ steps.prepare_final_tag.outputs.final_tag }} ${{ inputs.target }}
+            done
+          else
+            upload_s3_release ${{ inputs.package }} ${{ steps.prepare_final_tag.outputs.final_tag }} ${{ inputs.target }}
+          fi

.github/workflows/release-reusable-rc-buid.yml

@@ -133,7 +133,7 @@ jobs:
       - name: Upload ${{ matrix.binaries }} artifacts
         uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
         with:
-          name: ${{ matrix.binaries }}
+          name: ${{ matrix.binaries }}_${{ inputs.target }}
           path: /artifacts/${{ matrix.binaries }}
 
   build-macos-rc:
@@ -285,7 +285,7 @@ jobs:
     - name: Upload ${{inputs.package }} artifacts
       uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
       with:
-        name: ${{ inputs.package }}
+        name: ${{ inputs.package }}_${{ inputs.target }}
         path: target/production
         overwrite: true
 

.github/workflows/release-reusable-s3-upload.yml

@@ -9,7 +9,7 @@ on:
         type: string
 
       release_tag:
-        description: Tag matching the actual release candidate with the format stableYYMM-rcX or stableYYMM-rcX
+        description: Tag matching the actual release candidate with the format polkadot-stableYYMM(-X)-rcX or polkadot-stableYYMM-rcX
         required: true
         type: string
 
@@ -40,18 +40,10 @@ jobs:
           uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
         - name: Download amd64 artifacts
-          if: ${{ inputs.target == 'x86_64-unknown-linux-gnu' }}
           uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
           with:
-            name: ${{ inputs.package }}
-            path: artifacts/${{ inputs.package }}
-
-        - name: Download arm artifacts
-          if: ${{ inputs.target == 'aarch64-apple-darwin' }}
-          uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
-          with:
-            name: ${{ inputs.package }}_aarch64-apple-darwin
-            path: artifacts/${{ inputs.package }}
+            name: ${{ inputs.package }}_${{ inputs.target }}
+            path: release-artifacts/${{ inputs.target }}/${{ inputs.package }}
 
         - name: Configure AWS Credentials
           uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2