release #1906
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| chunk-size: | |
| description: Specify the chunk size in bytes. If not used, the current default is 1048576. | |
| type: number | |
| required: false | |
| # The key variables also need to be passed to `cross`, which runs in a container and does not | |
| # inherit variables from the parent environment. The `cross` tool is used in the `build` | |
| # job. If any keys are added, the `build-release-artifacts` target in the Justfile must | |
| # also be updated. | |
| env: | |
| WORKFLOW_URL: https://github.com/maidsafe/safe_network/actions/runs | |
| jobs: | |
| build: | |
| if: ${{ | |
| github.repository_owner == 'maidsafe' && | |
| (github.ref == 'refs/heads/stable' || startsWith(github.ref, 'refs/heads/rc')) | |
| }} | |
| name: build | |
| environment: ${{ github.ref == 'refs/heads/stable' && 'stable' || 'release-candidate' }} | |
| env: | |
| FOUNDATION_PK: ${{ vars.FOUNDATION_PK }} | |
| GENESIS_PK: ${{ vars.GENESIS_PK }} | |
| GENESIS_SK: ${{ secrets.GENESIS_SK }} | |
| NETWORK_ROYALTIES_PK: ${{ vars.NETWORK_ROYALTIES_PK }} | |
| PAYMENT_FORWARD_PK: ${{ vars.PAYMENT_FORWARD_PK }} | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| include: | |
| - os: windows-latest | |
| target: x86_64-pc-windows-msvc | |
| - os: macos-latest | |
| target: x86_64-apple-darwin | |
| - os: macos-latest | |
| target: aarch64-apple-darwin | |
| - os: ubuntu-latest | |
| target: x86_64-unknown-linux-musl | |
| - os: ubuntu-latest | |
| target: arm-unknown-linux-musleabi | |
| - os: ubuntu-latest | |
| target: armv7-unknown-linux-musleabihf | |
| - os: ubuntu-latest | |
| target: aarch64-unknown-linux-musl | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: cargo-bins/cargo-binstall@main | |
| - shell: bash | |
| run: cargo binstall --no-confirm just | |
| - name: Set chunk size if applicable | |
| if: ${{ inputs.chunk-size != '' }} | |
| shell: bash | |
| run: | | |
| echo "MAX_CHUNK_SIZE=${{ inputs.chunk-size }}" >> $GITHUB_ENV | |
| - name: build release artifacts | |
| shell: bash | |
| run: | | |
| just build-release-artifacts "${{ matrix.target }}" | |
| - uses: actions/upload-artifact@main | |
| with: | |
| name: safe_network-${{ matrix.target }} | |
| path: | | |
| artifacts | |
| !artifacts/.cargo-lock | |
| - name: post notification to slack on failure | |
| if: ${{ failure() }} | |
| uses: bryannice/[email protected] | |
| env: | |
| SLACK_INCOMING_WEBHOOK: ${{ secrets.SLACK_GH_ACTIONS_WEBHOOK_URL }} | |
| SLACK_MESSAGE: "Please check the logs for the run at ${{ env.WORKFLOW_URL }}/${{ github.run_id }}" | |
| SLACK_TITLE: "Release Failed" | |
| s3-release: | |
| if: ${{ | |
| github.repository_owner == 'maidsafe' && | |
| (github.ref == 'refs/heads/stable' || startsWith(github.ref, 'refs/heads/rc')) | |
| }} | |
| name: s3 release | |
| runs-on: ubuntu-latest | |
| needs: [ build ] | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.S3_DEPLOY_AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.S3_DEPLOY_AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: eu-west-2 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/download-artifact@master | |
| with: | |
| name: safe_network-x86_64-pc-windows-msvc | |
| path: artifacts/x86_64-pc-windows-msvc/release | |
| - uses: actions/download-artifact@master | |
| with: | |
| name: safe_network-x86_64-unknown-linux-musl | |
| path: artifacts/x86_64-unknown-linux-musl/release | |
| - uses: actions/download-artifact@master | |
| with: | |
| name: safe_network-x86_64-apple-darwin | |
| path: artifacts/x86_64-apple-darwin/release | |
| - uses: actions/download-artifact@master | |
| with: | |
| name: safe_network-aarch64-apple-darwin | |
| path: artifacts/aarch64-apple-darwin/release | |
| - uses: actions/download-artifact@master | |
| with: | |
| name: safe_network-arm-unknown-linux-musleabi | |
| path: artifacts/arm-unknown-linux-musleabi/release | |
| - uses: actions/download-artifact@master | |
| with: | |
| name: safe_network-armv7-unknown-linux-musleabihf | |
| path: artifacts/armv7-unknown-linux-musleabihf/release | |
| - uses: actions/download-artifact@master | |
| with: | |
| name: safe_network-aarch64-unknown-linux-musl | |
| path: artifacts/aarch64-unknown-linux-musl/release | |
| - uses: cargo-bins/cargo-binstall@main | |
| - name: install just | |
| shell: bash | |
| run: cargo binstall --no-confirm just | |
| - name: upload binaries to S3 | |
| shell: bash | |
| run: | | |
| # Package versioned assets as tar.gz and zip archives, and upload them to S3. | |
| # | |
| # This is done before publishing because the node manager relies on these binaries | |
| # existing after the new version of the `sn_node` crate is published. If these binaries | |
| # were uploaded after the publishing process, there could be a significant gap between the | |
| # new version of `sn_node` being published and the new binaries being available for | |
| # download. This could cause errors if node manager users ran the `upgrade` command, | |
| # because the process gets the latest version from `crates.io` then downloads the binaries | |
| # from S3, using that version number. Uploading the binaries to S3 before publishing | |
| # ensures that they will exist after the new crate has been published. | |
| just package-all-bins | |
| just upload-all-packaged-bins-to-s3 | |
| github-release: | |
| if: ${{ | |
| github.repository_owner == 'maidsafe' && | |
| (github.ref == 'refs/heads/stable' || startsWith(github.ref, 'refs/heads/rc')) | |
| }} | |
| name: github release | |
| runs-on: ubuntu-latest | |
| needs: [ build ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/download-artifact@master | |
| with: | |
| name: safe_network-x86_64-pc-windows-msvc | |
| path: artifacts/x86_64-pc-windows-msvc/release | |
| - uses: actions/download-artifact@master | |
| with: | |
| name: safe_network-x86_64-unknown-linux-musl | |
| path: artifacts/x86_64-unknown-linux-musl/release | |
| - uses: actions/download-artifact@master | |
| with: | |
| name: safe_network-x86_64-apple-darwin | |
| path: artifacts/x86_64-apple-darwin/release | |
| - uses: actions/download-artifact@master | |
| with: | |
| name: safe_network-aarch64-apple-darwin | |
| path: artifacts/aarch64-apple-darwin/release | |
| - uses: actions/download-artifact@master | |
| with: | |
| name: safe_network-arm-unknown-linux-musleabi | |
| path: artifacts/arm-unknown-linux-musleabi/release | |
| - uses: actions/download-artifact@master | |
| with: | |
| name: safe_network-armv7-unknown-linux-musleabihf | |
| path: artifacts/armv7-unknown-linux-musleabihf/release | |
| - uses: actions/download-artifact@master | |
| with: | |
| name: safe_network-aarch64-unknown-linux-musl | |
| path: artifacts/aarch64-unknown-linux-musl/release | |
| - uses: cargo-bins/cargo-binstall@main | |
| - name: install just | |
| shell: bash | |
| run: cargo binstall --no-confirm just | |
| - name: set stable release prefix | |
| if: ${{ github.ref == 'refs/heads/stable' }} | |
| run: | | |
| echo "RELEASE_PREFIX=stable" >> $GITHUB_ENV | |
| - name: set rc release prefix | |
| if: ${{ startsWith(github.ref, 'refs/heads/rc') }} | |
| run: | | |
| echo "RELEASE_PREFIX=rc" >> $GITHUB_ENV | |
| - name: set package version | |
| shell: bash | |
| run: | | |
| release_year=$(grep 'release-year:' release-cycle-info | awk '{print $2}') | |
| release_month=$(grep 'release-month:' release-cycle-info | awk '{print $2}') | |
| release_cycle=$(grep 'release-cycle:' release-cycle-info | awk '{print $2}') | |
| release_cycle_counter=$(grep 'release-cycle-counter:' release-cycle-info | awk '{print $2}') | |
| version="$release_year.$release_month.$release_cycle.$release_cycle_counter" | |
| echo "PACKAGE_VERSION=$version" >> $GITHUB_ENV | |
| - name: package release artifacts | |
| shell: bash | |
| run: just package-all-architectures | |
| # For the next two steps, it seems to be necessary to set `GITHUB_TOKEN` on the step rather | |
| # than the job level. | |
| - name: create release | |
| uses: actions/create-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.VERSION_BUMP_COMMIT_PAT }} | |
| with: | |
| tag_name: ${{ env.RELEASE_PREFIX }}-${{ env.PACKAGE_VERSION }} | |
| release_name: ${{ env.PACKAGE_VERSION }} | |
| draft: false | |
| prerelease: ${{ startsWith(github.ref, 'refs/heads/rc') && true || false }} | |
| - name: upload artifacts as assets | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.VERSION_BUMP_COMMIT_PAT }} | |
| shell: bash | |
| run: | | |
| ( | |
| cd packaged_architectures | |
| ls | xargs gh release upload ${{ env.RELEASE_PREFIX }}-${{ env.PACKAGE_VERSION }} | |
| ) | |
| - name: post notification to slack on failure | |
| if: ${{ failure() }} | |
| uses: bryannice/[email protected] | |
| env: | |
| SLACK_INCOMING_WEBHOOK: ${{ secrets.SLACK_GH_ACTIONS_WEBHOOK_URL }} | |
| SLACK_MESSAGE: "Please check the logs for the run at ${{ env.WORKFLOW_URL }}/${{ github.run_id }}" | |
| SLACK_TITLE: "Release Failed" | |
| publish-crates: | |
| if: ${{ github.repository_owner == 'maidsafe' && github.ref == 'refs/heads/stable' }} | |
| needs: [ build, s3-release ] | |
| runs-on: self-hosted | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: "0" | |
| token: ${{ secrets.VERSION_BUMP_COMMIT_PAT }} | |
| # Required for the creation of tags | |
| - shell: bash | |
| run: | | |
| git config --local user.email "[email protected]" | |
| git config --local user.name "GitHub Action" | |
| - uses: cargo-bins/cargo-binstall@main | |
| - shell: bash | |
| run: cargo binstall --no-confirm release-plz | |
| - name: publish crates | |
| shell: bash | |
| run: | | |
| cargo login "${{ secrets.CRATES_IO_TOKEN }}" | |
| # The use of 'awk' suppresses the annoying instrumentation output that makes the log | |
| # difficult to read. | |
| release-plz release --git-token ${{ secrets.VERSION_BUMP_COMMIT_PAT }} | \ | |
| awk '{ if (!/^\s*in release with input/ && !/^\s{4}/) print }' | |
| - name: post notification to slack on failure | |
| if: ${{ failure() }} | |
| uses: bryannice/[email protected] | |
| env: | |
| SLACK_INCOMING_WEBHOOK: ${{ secrets.SLACK_GH_ACTIONS_WEBHOOK_URL }} | |
| SLACK_MESSAGE: "Please check the logs for the run at ${{ env.WORKFLOW_URL }}/${{ github.run_id }}" | |
| SLACK_TITLE: "Release Failed" |