Skip to content
release

release #1837

Sign in to view logs

release

release #1837

Workflow file for this run

.github/workflows/release.yml at 689792d
# Will automatically generate relases for version bumped code.
# Can optionally be run as workflow action to generate a soft release (no publish steps, just s3 and github release)
name: release
# prevent concurrent version bumps + releases from running at the same time
concurrency:
group: "version-bump-release-${{ github.ref }}"
on:
push:
branches:
- stable*
- alpha*
- beta*
- rc*
workflow_dispatch:
inputs:
network_version_mode:
description: "Set NETWORK_VERSION_MODE if desired. (This restricts the network from contacting any other network mode. If left empty, the default protocol is used)"
required: false
default: ""
# During the build step, the env variable has to be manually sent to the containers for cross platform builds.
# Update the Justfile as well.
env:
RELEASE_PLZ_BIN_URL: https://github.com/MarcoIeni/release-plz/releases/download/release-plz-v0.3.43/release-plz-x86_64-unknown-linux-gnu.tar.gz
JUST_BIN_URL: https://github.com/casey/just/releases/download/1.25.2/just-1.25.2-x86_64-unknown-linux-musl.tar.gz
WORKFLOW_URL: https://github.com/maidsafe/safe_network/actions/runs
GENESIS_PK: ${{ secrets.STABLE_GENESIS_PK }}
GENESIS_SK: ${{ secrets.STABLE_GENESIS_SK }}
FOUNDATION_PK: ${{ secrets.STABLE_FOUNDATION_PK }}
NETWORK_ROYALTIES_PK: ${{ secrets.STABLE_NETWORK_ROYALTIES_PK }}
PAYMENT_FORWARD_PK: ${{ secrets.STABLE_REWARD_FORWARDING_PK }}
jobs:
build:
if: |
github.repository_owner == 'maidsafe' &&
startsWith(github.event.head_commit.message, 'chore(release):') ||
github.event_name == 'workflow_dispatch'
name: build
runs-on: ${{ matrix.os }}
strategy:
matrix:
include:
- os: windows-latest
target: x86_64-pc-windows-msvc
- os: macos-latest
target: x86_64-apple-darwin
- os: ubuntu-latest
target: x86_64-unknown-linux-musl
- os: ubuntu-latest
target: arm-unknown-linux-musleabi
- os: ubuntu-latest
target: armv7-unknown-linux-musleabihf
- os: ubuntu-latest
target: aarch64-unknown-linux-musl
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
# cargo-binstall will try and use pre-built binaries if they are available and also speeds up
# installing `cross`
- uses: cargo-bins/cargo-binstall@main
- shell: bash
run: cargo binstall --no-confirm just
# Set the network versioning based on our branch or workflow input
- name: provide network versioning
shell: bash
run: |
echo "NETWORK_VERSION_MODE=${{ github.event.inputs.network_version_mode || '' }}" >> $GITHUB_ENV
- name: build release artifacts
shell: bash
run: |
just build-release-artifacts "${{ matrix.target }}"
- uses: actions/upload-artifact@main
with:
name: safe_network-${{ matrix.target }}
path: |
artifacts
!artifacts/.cargo-lock
- name: post notification to slack on failure
if: ${{ failure() }}
uses: bryannice/[email protected]
env:
SLACK_INCOMING_WEBHOOK: ${{ secrets.SLACK_GH_ACTIONS_WEBHOOK_URL }}
SLACK_MESSAGE: "Please check the logs for the run at ${{ env.WORKFLOW_URL }}/${{ github.run_id }}"
SLACK_TITLE: "Release Failed"
release:
if: |
github.repository_owner == 'maidsafe' &&
startsWith(github.event.head_commit.message, 'chore(release):') ||
github.event_name == 'workflow_dispatch'
name: publish flows and release creation
runs-on: ubuntu-latest
needs: [ build ]
env:
AWS_ACCESS_KEY_ID: ${{ secrets.S3_DEPLOY_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.S3_DEPLOY_AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: eu-west-2
GH_TOKEN: ${{ secrets.VERSION_BUMP_COMMIT_PAT }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: "0"
token: ${{ secrets.VERSION_BUMP_COMMIT_PAT }}
- uses: actions/download-artifact@master
with:
name: safe_network-x86_64-pc-windows-msvc
path: artifacts/x86_64-pc-windows-msvc/release
- uses: actions/download-artifact@master
with:
name: safe_network-x86_64-unknown-linux-musl
path: artifacts/x86_64-unknown-linux-musl/release
- uses: actions/download-artifact@master
with:
name: safe_network-x86_64-apple-darwin
path: artifacts/x86_64-apple-darwin/release
- uses: actions/download-artifact@master
with:
name: safe_network-aarch64-apple-darwin
path: artifacts/aarch64-apple-darwin/release
- uses: actions/download-artifact@master
with:
name: safe_network-arm-unknown-linux-musleabi
path: artifacts/arm-unknown-linux-musleabi/release
- uses: actions/download-artifact@master
with:
name: safe_network-armv7-unknown-linux-musleabihf
path: artifacts/armv7-unknown-linux-musleabihf/release
- uses: actions/download-artifact@master
with:
name: safe_network-aarch64-unknown-linux-musl
path: artifacts/aarch64-unknown-linux-musl/release
- shell: bash
run: |
git config --local user.email "[email protected]"
git config --local user.name "GitHub Action"
# It's possible to `cargo install` these tools, but it's very slow to compile on GHA infra.
# Therefore we just pull some binaries from the Github Releases.
- name: install tools
shell: bash
run: |
curl -L -O $RELEASE_PLZ_BIN_URL
tar xvf release-plz-x86_64-unknown-linux-gnu.tar.gz
rm release-plz-x86_64-unknown-linux-gnu.tar.gz
sudo mv release-plz /usr/local/bin
curl -L -O $JUST_BIN_URL
mkdir just
tar xvf just-1.25.2-x86_64-unknown-linux-musl.tar.gz -C just
rm just-1.25.2-x86_64-unknown-linux-musl.tar.gz
sudo mv just/just /usr/local/bin
rm -rf just
# only publish if we're on the stable branch
- name: Conditionally remove 'publish = false' from workspace in release-plz.toml on stable branch
if: startsWith(github.ref_name, 'stable')
run: |
ls -la
sed -i '/^\[workspace\]/,/^\[/ {/^publish = false$/d;}' ./release-plz.toml
sed -i '/^\[workspace\]/,/^\[/ {/^git_release_draft = true$/d;}' ./release-plz.toml
sed -i '/^\[workspace\]/,/^\[/ {/^git_tag_enable = false$/d;}' ./release-plz.toml
# only publish if we're on the stable branch
- name: Conditionally remove 'git_release_draft = true' from workspace in release-plz.toml on stable branch
if: startsWith(github.ref_name, 'stable')
run: |
- name: upload to s3
shell: bash
run: |
# Package versioned assets as tar.gz and zip archives, and upload them to S3.
#
# This is done before publishing because the node manager relies on these binaries
# existing after the new version of the `sn_node` crate is published. If these binaries
# were uploaded after the publishing process, there could be a significant gap between the
# new version of `sn_node` being published and the new binaries being available for
# download. This could cause errors if node manager users ran the `upgrade` command,
# because the process gets the latest version from `crates.io` then downloads the binaries
# from S3, using that version number. Uploading the binaries to S3 before publishing
# ensures that they will exist after the new crate has been published.
just package-release-assets "faucet"
just package-release-assets "nat-detection"
just package-release-assets "node-launchpad"
just package-release-assets "safe"
just package-release-assets "safenode"
just package-release-assets "safenode_rpc_client"
just package-release-assets "safenode-manager"
just package-release-assets "safenodemand"
just package-release-assets "sn_auditor"
just upload-release-assets-to-s3 "faucet"
just upload-release-assets-to-s3 "nat-detection"
just upload-release-assets-to-s3 "node-launchpad"
just upload-release-assets-to-s3 "safe"
just upload-release-assets-to-s3 "safenode"
just upload-release-assets-to-s3 "safenode-manager"
just upload-release-assets-to-s3 "safenodemand"
just upload-release-assets-to-s3 "safenode_rpc_client"
just upload-release-assets-to-s3 "sn_auditor"
# unless release plz toml is changed (as above removing certain limits)
# github releases are drafts, and we do not publish to crates.io
- name: publish and release
shell: bash
run: |
# The `release-plz` command publishes crates which had their versions bumped, and also
# creates Github releases. The binaries are then attached to the releases in the
# `upload-github-release-assets` target.
cargo login "${{ secrets.CRATES_IO_TOKEN }}"
# The use of 'awk' suppresses the annoying instrumentation output
# that makes the log difficult to read.
release-plz release --git-token ${{ secrets.VERSION_BUMP_COMMIT_PAT }} | \
awk '{ if (!/^\s*in release with input/ && !/^\s{4}/) print }'
- name: create github release assets
shell: bash
run: just upload-github-release-assets
- name: upload as latest release
shell: bash
if: github.event_name != 'workflow_dispatch'
run: |
# Now upload the 'latest' versions to S3. This can be done later because the node manager
# does not depend on these existing.
just package-release-assets "faucet" "latest"
just package-release-assets "nat-detection" "latest"
just package-release-assets "node-launchpad" "latest"
just package-release-assets "safe" "latest"
just package-release-assets "safenode" "latest"
just package-release-assets "safenode_rpc_client" "latest"
just package-release-assets "safenode-manager" "latest"
just package-release-assets "safenodemand" "latest"
just package-release-assets "sn_auditor" "latest"
just upload-release-assets-to-s3 "faucet"
just upload-release-assets-to-s3 "nat-detection"
just upload-release-assets-to-s3 "node-launchpad"
just upload-release-assets-to-s3 "safe"
just upload-release-assets-to-s3 "safenode"
just upload-release-assets-to-s3 "safenode-manager"
just upload-release-assets-to-s3 "safenodemand"
just upload-release-assets-to-s3 "safenode_rpc_client"
just upload-release-assets-to-s3 "sn_auditor"
- name: post notification to slack on failure
if: ${{ failure() }}
uses: bryannice/[email protected]
env:
SLACK_INCOMING_WEBHOOK: ${{ secrets.SLACK_GH_ACTIONS_WEBHOOK_URL }}
SLACK_MESSAGE: "Please check the logs for the run at ${{ env.WORKFLOW_URL }}/${{ github.run_id }}"
SLACK_TITLE: "Release Failed"