Merge pull request #948 from ipfs/feat/ci-build-on-self-hosted-runner #648
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
branches: | |
- master | |
workflow_dispatch: | |
inputs: | |
dist_root: | |
description: 'DIST_ROOT' | |
required: true | |
default: '/ipns/dist.ipfs.tech' | |
env: | |
DIST_ROOT: ${{ github.event.inputs.custom_dist_root || '/ipns/dist.ipfs.tech' }} # content root used for calculating diff to build | |
KUBO_VER: 'v0.21.0' # kubo daemon used for chunking and applying diff | |
CLUSTER_CTL_VER: 'v1.0.4' # ipfs-cluster-ctl used for pinning | |
jobs: | |
build: | |
runs-on: ${{ fromJSON(vars.CI_BUILD_RUNS_ON || '"ubuntu-latest"') }} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '16' | |
- env: | |
CLUSTER_USER: ${{ secrets.CLUSTER_USER }} | |
CLUSTER_PASSWORD: ${{ secrets.CLUSTER_PASSWORD }} | |
uses: ./.github/actions/setup-ipfs | |
timeout-minutes: 30 | |
- name: Build any new ./releases | |
run: ./dockerized make all_dists | |
- name: Inspect git status and contents of ./releases | |
run: git status && ls -Rhl ./releases | |
- name: Temporarily save ./releases artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: releases-unsigned-diff | |
path: releases | |
retention-days: 3 | |
lint: | |
runs-on: "ubuntu-latest" | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '16' | |
- run: npm ci --no-audit --progress=false | |
- run: npm run lint | |
sign-macos: | |
runs-on: "macos-latest" | |
needs: build | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Retrieve unsigned artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: releases-unsigned-diff | |
path: releases | |
continue-on-error: true # skip if no releases | |
- name: List ./releases before | |
run: ls -Rhl ./releases || echo "No ./releases" | |
- name: Install gon via HomeBrew for code signing and app notarization | |
run: | | |
brew tap mitchellh/gon | |
brew install ipfs coreutils gawk gnu-sed jq mitchellh/gon/gon | |
ipfs init --profile test # needed for calculating NEW_CID later | |
- name: Import Keychain Certs | |
uses: apple-actions/import-codesign-certs@8f3fb608891dd2244cdab3d69cd68c0d37a7fe93 # v2 | |
with: | |
p12-file-base64: ${{ secrets.APPLE_CERTS_P12 }} | |
p12-password: ${{ secrets.APPLE_CERTS_PASS }} | |
- name: Verify identity used for signing | |
run: security find-identity -v | |
- name: Sign any new releases | |
run: ./scripts/ci/sign-new-macos-releases.sh | |
env: | |
WORK_DIR: ${{ github.workspace }} | |
AC_USERNAME: ${{ secrets.APPLE_AC_USERNAME }} # implicitly read from env by gon | |
AC_PASSWORD: ${{ secrets.APPLE_AC_PASSWORD }} | |
- name: List ./releases after | |
run: ls -Rhl ./releases || echo "No ./releases" | |
- name: Temporarily save notarized artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: releases-signed-macos-diff | |
path: releases | |
retention-days: 3 | |
continue-on-error: true # skip if no releases | |
persist: | |
runs-on: ${{ fromJSON(vars.CI_BUILD_RUNS_ON || '"ubuntu-latest"') }} | |
needs: sign-macos | |
environment: Deploy | |
steps: | |
- name: Setup node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: '16' | |
- uses: actions/checkout@v3 | |
- name: Retrieve signed artifacts | |
uses: actions/download-artifact@v3 | |
continue-on-error: true # skip if no releases | |
with: | |
name: releases-signed-macos-diff | |
path: releases | |
- name: List ./releases | |
run: ls -Rhl ./releases || echo "No ./releases" | |
- env: | |
CLUSTER_USER: ${{ secrets.CLUSTER_USER }} | |
CLUSTER_PASSWORD: ${{ secrets.CLUSTER_PASSWORD }} | |
uses: ./.github/actions/setup-ipfs | |
timeout-minutes: 30 | |
- run: ./dockerized make publish | |
- run: git status | |
- name: Read CID of updated DAG | |
id: cid-reader | |
run: echo "CID=$(tail -1 ./versions)" >> $GITHUB_OUTPUT | |
- name: Pin new website to ipfs-websites.collab.ipfscluster.io | |
run: ./scripts/ci/pin-to-cluster.sh | |
env: | |
PIN_CID: ${{ steps.cid-reader.outputs.CID }} | |
PIN_NAME: "https://github.com/ipfs/distributions/commits/${{ github.sha }}" | |
PIN_ADD_EXTRA_ARGS: "" | |
CLUSTER_USER: ${{ secrets.CLUSTER_USER }} | |
CLUSTER_PASSWORD: ${{ secrets.CLUSTER_PASSWORD }} | |
timeout-minutes: 60 | |
- name: Update PR status with preview link | |
run: ./scripts/ci/github-preview-link.sh | |
env: | |
CONTENT_PATH: "/ipfs/${{ steps.cid-reader.outputs.CID }}/" | |
GIT_REVISION: ${{ github.sha }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- run: ./dockerized make diff | |
if: github.event_name == 'pull_request' | |
- uses: actions/upload-artifact@v3 | |
if: github.event_name == 'pull_request' | |
with: | |
name: diff | |
path: diff | |
- name: Update .tech DNSLink (if on the main branch) | |
run: npx dnslink-dnsimple --domain dist.ipfs.tech --link /ipfs/${{ steps.cid-reader.outputs.CID }} | |
if: github.ref == 'refs/heads/master' | |
env: | |
DNSIMPLE_TOKEN: ${{ secrets.DNSIMPLE_TOKEN }} | |
- name: Update legacy .io DNSLink (if on the main branch) | |
run: npx dnslink-dnsimple --domain dist.ipfs.io --link /ipfs/${{ steps.cid-reader.outputs.CID }} | |
if: github.ref == 'refs/heads/master' | |
env: | |
DNSIMPLE_TOKEN: ${{ secrets.DNSIMPLE_TOKEN }} | |
diff: | |
needs: persist | |
if: github.event_name == 'pull_request' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/download-artifact@v3 | |
with: | |
name: diff | |
- name: Create comment with the diff | |
uses: actions/github-script@v6 | |
with: | |
script: | | |
const fs = require('fs').promises | |
const diff = await fs.readFile('diff', 'utf8') | |
await github.rest.issues.createComment({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
issue_number: ${{ github.event.number }}, | |
body: diff | |
}) |