diff --git a/.github/workflows/snapshot-build.yml b/.github/workflows/snapshot-build.yml index 78075fc542..16497f53e2 100644 --- a/.github/workflows/snapshot-build.yml +++ b/.github/workflows/snapshot-build.yml @@ -17,101 +17,10 @@ env: CARGO_INCREMENTAL: 0 jobs: - container-linux: - runs-on: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "ubuntu-20.04-x86-64"]' || 'ubuntu-22.04') }} - permissions: - contents: write - packages: write - strategy: - matrix: - image: - - farmer - - node - - bootstrap-node - platform: - - arch: linux/amd64 - dockerfile-suffix: "" - suffix: ubuntu-x86_64-${{ github.ref_name }} - image-suffix: "" - rustflags: "-C target-cpu=skylake" - # We build AArch64 - - arch: linux/amd64 - dockerfile-suffix: ".aarch64" - suffix: ubuntu-aarch64-${{ github.ref_name }} - image-suffix: "-aarch64" - - steps: - - name: Set up QEMU - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # @v2.2.0 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # @v2.2.1 - - - name: Log into registry - uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # @v2.2.0 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ github.token }} - - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@57396166ad8aefe6098280995947635806a0e6ea # @v4.1.1 - with: - images: | - ghcr.io/${{ github.repository_owner }}/${{ matrix.image }} - tags: | - type=ref,event=tag - type=ref,event=branch - type=sha,format=long - flavor: | - latest=false - suffix=${{ matrix.platform.image-suffix }} - - - name: Build and push ${{ matrix.image }} image - uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # @v3.2.0 - with: - file: Dockerfile-${{ matrix.image }}${{ matrix.platform.dockerfile-suffix }} - platforms: ${{ matrix.platform.arch }} - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - build-args: | - SUBSTRATE_CLI_GIT_COMMIT_HASH=${{ github.sha }} - RUSTFLAGS=${{ matrix.platform.rustflags }} - executables: strategy: matrix: build: - - os: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "ubuntu-20.04-x86-64"]' || 'ubuntu-20.04') }} - target: x86_64-unknown-linux-gnu - suffix: ubuntu-x86_64-v2-${{ github.ref_name }} - rustflags: "-C target-cpu=x86-64-v2" - - os: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "ubuntu-20.04-x86-64"]' || 'ubuntu-20.04') }} - target: x86_64-unknown-linux-gnu - suffix: ubuntu-x86_64-skylake-${{ github.ref_name }} - rustflags: "-C target-cpu=skylake" - - os: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "ubuntu-20.04-x86-64"]' || 'ubuntu-20.04') }} - target: aarch64-unknown-linux-gnu - suffix: ubuntu-aarch64-${{ github.ref_name }} - # TODO: AES flag is such that we have decent performance on ARMv8, remove once `aes` crate bumps MSRV to - # at least 1.61: https://github.com/RustCrypto/block-ciphers/issues/373 - rustflags: "-C linker=aarch64-linux-gnu-gcc --cfg aes_armv8" - - os: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "macos-12-arm64"]' || 'macos-12') }} - target: x86_64-apple-darwin - suffix: macos-x86_64-${{ github.ref_name }} - rustflags: "" - - os: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "macos-12-arm64"]' || 'macos-12') }} - target: aarch64-apple-darwin - suffix: macos-aarch64-${{ github.ref_name }} - # TODO: AES flag is such that we have decent performance on ARMv8, remove once `aes` crate bumps MSRV to - # at least 1.61: https://github.com/RustCrypto/block-ciphers/issues/373 - rustflags: "--cfg aes_armv8" - - os: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "windows-server-2022-x86-64"]' || 'windows-2022') }} - target: x86_64-pc-windows-msvc - suffix: windows-x86_64-v2-${{ github.ref_name }} - rustflags: "-C target-cpu=x86-64-v2" - os: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "windows-server-2022-x86-64"]' || 'windows-2022') }} target: x86_64-pc-windows-msvc suffix: windows-x86_64-skylake-${{ github.ref_name }} @@ -159,94 +68,22 @@ jobs: run: sudo apt-get update && sudo apt-get install -y --no-install-recommends g++-aarch64-linux-gnu gcc-aarch64-linux-gnu libc6-dev-arm64-cross if: matrix.build.target == 'aarch64-unknown-linux-gnu' - - name: Build farmer - uses: actions-rs/cargo@ae10961054e4aa8b4aa7dffede299aaf087aa33b # @v1.0.1 - with: - command: build - args: --locked -Z build-std --target ${{ matrix.build.target }} --profile production --bin subspace-farmer - - name: Build node uses: actions-rs/cargo@ae10961054e4aa8b4aa7dffede299aaf087aa33b # @v1.0.1 with: command: build args: --locked -Z build-std --target ${{ matrix.build.target }} --profile production --bin subspace-node - - name: Sign Application (macOS) - run: | - echo "Importing certificate" - echo "${{ secrets.MACOS_CERTIFICATE }}" | base64 --decode > certificate.p12 - security create-keychain -p "${{ secrets.MACOS_CERTIFICATE_PW }}" build.keychain - security default-keychain -s build.keychain - security unlock-keychain -p "${{ secrets.MACOS_CERTIFICATE_PW }}" build.keychain - security import certificate.p12 -k build.keychain -P "${{ secrets.MACOS_CERTIFICATE_PW }}" -T /usr/bin/codesign - security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${{ secrets.MACOS_CERTIFICATE_PW }}" build.keychain - echo "Signing farmer" - codesign --force --options=runtime --entitlements .github/workflows/Entitlements.plist -s "${{ secrets.MACOS_IDENTITY }}" --timestamp ${{ env.PRODUCTION_TARGET }}/subspace-farmer - echo "Signing node" - codesign --force --options=runtime --entitlements .github/workflows/Entitlements.plist -s "${{ secrets.MACOS_IDENTITY }}" --timestamp ${{ env.PRODUCTION_TARGET }}/subspace-node - echo "Creating an archive" - mkdir ${{ env.PRODUCTION_TARGET }}/macos-binaries - cp ${{ env.PRODUCTION_TARGET }}/subspace-farmer ${{ env.PRODUCTION_TARGET }}/subspace-node ${{ env.PRODUCTION_TARGET }}/macos-binaries - ditto -c -k --rsrc ${{ env.PRODUCTION_TARGET }}/macos-binaries subspace-binaries.zip - echo "Notarizing" - brew update - brew install mitchellh/gon/gon - cat << EOF > gon.hcl - source = ["subspace-binaries.zip"] - bundle_id = "${{ secrets.MACOS_BUNDLE_ID }}" - sign { - application_identity = "${{ secrets.MACOS_IDENTITY }}" - } - apple_id { - username = "${{ secrets.MACOS_APPLE_ID }}" - password = "${{ secrets.MACOS_APP_PW }}" - } - EOF - gon -log-level=info -log-json gon.hcl - - # Notarize the ZIP using notarytool - xcrun notarytool submit subspace-binaries.zip --apple-id "${{ secrets.MACOS_APPLE_ID }}" --password "${{ secrets.MACOS_APP_PW }}" --team-id "${{ secrets.MACOS_TEAM_ID }}" --wait - - # // todo stapling for macOS artifacts - # Staple the zip package - # xcrun stapler staple subspace-binaries.zip - - echo "Done!" - # Allow code signing to fail on non-release builds and in non-subspace repos (forks) - continue-on-error: ${{ github.repository_owner != 'subspace' || github.event_name != 'push' || github.ref_type != 'tag' }} - if: runner.os == 'macOS' - - name: Sign Application (Windows) run: | - AzureSignTool sign --azure-key-vault-url "${{ secrets.AZURE_KEY_VAULT_URI }}" --azure-key-vault-client-id "${{ secrets.AZURE_CLIENT_ID }}" --azure-key-vault-client-secret "${{ secrets.AZURE_CLIENT_SECRET }}" --azure-key-vault-tenant-id "${{ secrets.AZURE_TENANT_ID }}" --azure-key-vault-certificate "${{ secrets.AZURE_CERT_NAME }}" --file-digest sha512 --timestamp-rfc3161 http://timestamp.digicert.com -v "${{ env.PRODUCTION_TARGET }}/subspace-farmer.exe" AzureSignTool sign --azure-key-vault-url "${{ secrets.AZURE_KEY_VAULT_URI }}" --azure-key-vault-client-id "${{ secrets.AZURE_CLIENT_ID }}" --azure-key-vault-client-secret "${{ secrets.AZURE_CLIENT_SECRET }}" --azure-key-vault-tenant-id "${{ secrets.AZURE_TENANT_ID }}" --azure-key-vault-certificate "${{ secrets.AZURE_CERT_NAME }}" --file-digest sha512 --timestamp-rfc3161 http://timestamp.digicert.com -v "${{ env.PRODUCTION_TARGET }}/subspace-node.exe" # Allow code signing to fail on non-release builds and in non-subspace repos (forks) continue-on-error: ${{ github.repository_owner != 'subspace' || github.event_name != 'push' || github.ref_type != 'tag' }} if: runner.os == 'Windows' - - name: Prepare executables for uploading (Ubuntu) - run: | - mkdir executables - mv ${{ env.PRODUCTION_TARGET }}/subspace-farmer executables/subspace-farmer-${{ matrix.build.suffix }} - mv ${{ env.PRODUCTION_TARGET }}/subspace-node executables/subspace-node-${{ matrix.build.suffix }} - if: runner.os == 'Linux' - - - name: Prepare executables for uploading (macOS) - run: | - mkdir executables - mv ${{ env.PRODUCTION_TARGET }}/subspace-farmer executables/subspace-farmer-${{ matrix.build.suffix }} - mv ${{ env.PRODUCTION_TARGET }}/subspace-node executables/subspace-node-${{ matrix.build.suffix }} - # Zip it so that signature is not lost - ditto -c -k --rsrc executables/subspace-farmer-${{ matrix.build.suffix }} executables/subspace-farmer-${{ matrix.build.suffix }}.zip - ditto -c -k --rsrc executables/subspace-node-${{ matrix.build.suffix }} executables/subspace-node-${{ matrix.build.suffix }}.zip - rm executables/subspace-farmer-${{ matrix.build.suffix }} - rm executables/subspace-node-${{ matrix.build.suffix }} - if: runner.os == 'macOS' - - name: Prepare executables for uploading (Windows) run: | mkdir executables - move ${{ env.PRODUCTION_TARGET }}/subspace-farmer.exe executables/subspace-farmer-${{ matrix.build.suffix }}.exe move ${{ env.PRODUCTION_TARGET }}/subspace-node.exe executables/subspace-node-${{ matrix.build.suffix }}.exe if: runner.os == 'Windows' diff --git a/Cargo.lock b/Cargo.lock index 0832864924..4fdfc35e19 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -7662,8 +7662,7 @@ dependencies = [ [[package]] name = "parity-db" version = "0.4.11" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ab512a34b3c2c5e465731cc7668edf79208bbe520be03484eeb05e63ed221735" +source = "git+https://github.com/subspace/parity-db?rev=a05cd7875d72191aced85fe3b7f2710c9b36213b#a05cd7875d72191aced85fe3b7f2710c9b36213b" dependencies = [ "blake2", "crc32fast", @@ -12899,7 +12898,7 @@ checksum = "97fee6b57c6a41524a810daee9286c02d7752c4253064d0b05472833a438f675" dependencies = [ "cfg-if", "digest 0.10.7", - "rand 0.8.5", + "rand 0.7.3", "static_assertions", ] diff --git a/Cargo.toml b/Cargo.toml index 545ec985c4..ce96a89710 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -90,6 +90,9 @@ inherits = "release" lto = "fat" codegen-units = 1 +[patch.crates-io] +parity-db = { git = "https://github.com/subspace/parity-db", rev = "a05cd7875d72191aced85fe3b7f2710c9b36213b" } + # Reason: We need to patch substrate dependency of frontier to our fork # TODO: Remove if/when we are using upstream substrate instead of fork [patch."https://github.com/paritytech/polkadot-sdk.git"]