From 16a7a0f1b40c4b3c4fa40922ac2d1a8ec59e23cf Mon Sep 17 00:00:00 2001 From: kalid Date: Wed, 2 Mar 2022 11:37:06 +0100 Subject: [PATCH 1/2] add multiarch build and release --- .../build-docker-image-and-binaries.yaml | 97 ++++++++++++++----- 1 file changed, 71 insertions(+), 26 deletions(-) diff --git a/.github/workflows/build-docker-image-and-binaries.yaml b/.github/workflows/build-docker-image-and-binaries.yaml index f6ac8f3f..6706d486 100644 --- a/.github/workflows/build-docker-image-and-binaries.yaml +++ b/.github/workflows/build-docker-image-and-binaries.yaml @@ -7,14 +7,15 @@ on: description: Github tag to release binaries for (reusing same tag will overwrite previously released binaries) required: true default: latest - jobs: release: + runs-on: ${{ matrix.os }} strategy: matrix: - os: - - ubuntu-18.04 - runs-on: ${{ matrix.os }} + os: [ubuntu-18.04, macos-latest] + arch: [amd64, arm64, arm] + exclude: + - {os: "macos-latest", arch: "arm"} permissions: contents: write @@ -36,59 +37,102 @@ jobs: submodules: recursive - name: Install Cosign + if: matrix.os == 'ubuntu-18.04' && matrix.arch == 'amd64' uses: sigstore/cosign-installer@main - - name: Import GPG key - id: import_gpg - uses: crazy-max/ghaction-import-gpg@v4 - with: - gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} - passphrase: ${{ secrets.GPG_PASSPHRASE }} - - name: Install SSH key + if: matrix.os == 'ubuntu-18.04' && matrix.arch == 'amd64' uses: webfactory/ssh-agent@v0.4.1 with: ssh-private-key: ${{ secrets.CICD_RSA_KEY }} - name: Build docker image + if: matrix.os == 'ubuntu-18.04' && matrix.arch == 'amd64' run: | make docker-image - - name: Copy binary from docker image - env: - SEMVER: ${{ github.event.inputs.tag }} - run: | - make copy-binary-from-image - - - name: Sign Binaries - working-directory: ./bin - env: - SEMVER: ${{ github.event.inputs.tag }} - run: | - gpg --armor --detach-sign tofnd-linux-amd64-v${SEMVER} - - name: Login to DockerHub + if: matrix.os == 'ubuntu-18.04' && matrix.arch == 'amd64' uses: docker/login-action@v1 with: username: ${{ secrets.DOCKER_HUB_USERNAME }} password: ${{ secrets.DOCKER_HUB_TOKEN }} - name: Push to DockerHub (release) + if: matrix.os == 'ubuntu-18.04' && matrix.arch == 'amd64' run: | docker tag axelar/tofnd:latest axelarnet/tofnd:${{ github.event.inputs.tag }} docker push axelarnet/tofnd:${{ github.event.inputs.tag }} - name: Sign the images with GitHub OIDC + if: matrix.os == 'ubuntu-18.04' && matrix.arch == 'amd64' run: cosign sign --oidc-issuer https://token.actions.githubusercontent.com ${TAGS} env: TAGS: axelarnet/tofnd:${{ github.event.inputs.tag }} COSIGN_EXPERIMENTAL: 1 + - name: Install Rust + run: | + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y + + - name: build binaries for Linux/MacOS + env: + SEMVER: ${{ github.event.inputs.tag }} + run: | + if [ "$RUNNER_OS" == "Linux" ] + then + OS="linux" + TOFND_PATH="/home/runner/work/tofnd/tofnd/target/release" + else + OS="darwin" + TOFND_PATH="/Users/runner/work/tofnd/tofnd/target/release" + fi + ARCH="${{ matrix.arch }}" + cargo install --locked --path . + mkdir tofndbin + mv "$TOFND_PATH/tofnd" "./tofndbin/tofnd-$OS-$ARCH-$SEMVER" + + - name: Test tofnd version + working-directory: ./tofndbin + run: | + ./tofnd-* --version + + - name: Import GPG key + id: import_gpg + uses: crazy-max/ghaction-import-gpg@v4 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PASSPHRASE }} + + - name: Sign binaries + working-directory: ./tofndbin + env: + SEMVER: ${{ github.event.inputs.tag }} + run: | + if [ "$RUNNER_OS" == "Linux" ] + then + OS="linux" + else + OS="darwin" + fi + ARCH="${{ matrix.arch }}" + gpg --armor --detach-sign tofnd-"$OS"-"$ARCH"-"$SEMVER" + + - name: Create zip and sha256 files + working-directory: ./tofndbin + run: | + for i in `ls | grep -v .asc` + do + shasum -a 256 $i | awk '{print $1}' > $i.sha256 + zip $i.zip $i + shasum -a 256 $i.zip | awk '{print $1}' > $i.zip.sha256 + done + - name: Upload binaries to release uses: svenstaro/upload-release-action@v2 with: repo_token: ${{ secrets.GITHUB_TOKEN }} - file: ./bin/* + file: ./tofndbin/* tag: ${{ github.event.inputs.tag }} overwrite: true file_glob: true @@ -104,4 +148,5 @@ jobs: env: S3_PATH: s3://axelar-releases/tofnd/${{ github.event.inputs.tag }} run: | - make upload-binaries-to-s3 + aws s3 cp ./tofndbin ${S3_PATH}/ --recursive + From b9f541e9a8eb5aaa42d2e653dded9bb60b52474a Mon Sep 17 00:00:00 2001 From: kalid Date: Wed, 9 Mar 2022 12:11:12 +0100 Subject: [PATCH 2/2] add parallel build --- .../build-docker-image-and-binaries.yaml | 120 ++++++++++-------- 1 file changed, 70 insertions(+), 50 deletions(-) diff --git a/.github/workflows/build-docker-image-and-binaries.yaml b/.github/workflows/build-docker-image-and-binaries.yaml index 6706d486..9849660e 100644 --- a/.github/workflows/build-docker-image-and-binaries.yaml +++ b/.github/workflows/build-docker-image-and-binaries.yaml @@ -4,18 +4,16 @@ on: workflow_dispatch: inputs: tag: - description: Github tag to release binaries for (reusing same tag will overwrite previously released binaries) + description: Github tag to release binaries for (reusing an existing tag will make the pipeline fail) required: true default: latest jobs: - release: + + release-binaries: runs-on: ${{ matrix.os }} strategy: matrix: os: [ubuntu-18.04, macos-latest] - arch: [amd64, arm64, arm] - exclude: - - {os: "macos-latest", arch: "arm"} permissions: contents: write @@ -23,59 +21,33 @@ jobs: id-token: write steps: - - name: Validate tag + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-2 + + - name: Validate tag for binaries build env: SEMVER: ${{ github.event.inputs.tag }} run: | if [[ $SEMVER =~ v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} ]]; then echo "Tag is okay" && exit 0; else echo "invalid tag" && exit 1; fi + aws s3 ls s3://axelar-releases/tofnd/"$SEMVER" && echo "tag already exists, use a new one" && exit 1 - - name: Checkout code + - name: Checkout code uses: actions/checkout@v2 with: fetch-depth: '0' ref: ${{ github.event.inputs.tag }} submodules: recursive - - name: Install Cosign - if: matrix.os == 'ubuntu-18.04' && matrix.arch == 'amd64' - uses: sigstore/cosign-installer@main - - - name: Install SSH key - if: matrix.os == 'ubuntu-18.04' && matrix.arch == 'amd64' - uses: webfactory/ssh-agent@v0.4.1 - with: - ssh-private-key: ${{ secrets.CICD_RSA_KEY }} - - - name: Build docker image - if: matrix.os == 'ubuntu-18.04' && matrix.arch == 'amd64' - run: | - make docker-image - - - name: Login to DockerHub - if: matrix.os == 'ubuntu-18.04' && matrix.arch == 'amd64' - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_TOKEN }} - - - name: Push to DockerHub (release) - if: matrix.os == 'ubuntu-18.04' && matrix.arch == 'amd64' - run: | - docker tag axelar/tofnd:latest axelarnet/tofnd:${{ github.event.inputs.tag }} - docker push axelarnet/tofnd:${{ github.event.inputs.tag }} - - - name: Sign the images with GitHub OIDC - if: matrix.os == 'ubuntu-18.04' && matrix.arch == 'amd64' - run: cosign sign --oidc-issuer https://token.actions.githubusercontent.com ${TAGS} - env: - TAGS: axelarnet/tofnd:${{ github.event.inputs.tag }} - COSIGN_EXPERIMENTAL: 1 - - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y - - name: build binaries for Linux/MacOS + - name: build binaries env: SEMVER: ${{ github.event.inputs.tag }} run: | @@ -137,16 +109,64 @@ jobs: overwrite: true file_glob: true - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-2 - - name: Upload binaries to S3 env: S3_PATH: s3://axelar-releases/tofnd/${{ github.event.inputs.tag }} run: | aws s3 cp ./tofndbin ${S3_PATH}/ --recursive + release-docker: + + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [ubuntu-18.04] + + permissions: + contents: write + packages: write + id-token: write + + steps: + + - name: Checkout code for docker image build + uses: actions/checkout@v2 + with: + fetch-depth: '0' + ref: ${{ github.event.inputs.tag }} + submodules: recursive + + - name: Install Cosign + if: matrix.os == 'ubuntu-18.04' + uses: sigstore/cosign-installer@main + + - name: Install SSH key + if: matrix.os == 'ubuntu-18.04' + uses: webfactory/ssh-agent@v0.4.1 + with: + ssh-private-key: ${{ secrets.CICD_RSA_KEY }} + + - name: Build docker image + if: matrix.os == 'ubuntu-18.04' + run: | + make docker-image + + - name: Login to DockerHub + if: matrix.os == 'ubuntu-18.04' + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_TOKEN }} + + - name: Push to DockerHub (release) + if: matrix.os == 'ubuntu-18.04' + run: | + docker tag axelar/tofnd:latest axelarnet/tofnd:${{ github.event.inputs.tag }} + docker push axelarnet/tofnd:${{ github.event.inputs.tag }} + + - name: Sign the images with GitHub OIDC + if: matrix.os == 'ubuntu-18.04' + run: cosign sign --oidc-issuer https://token.actions.githubusercontent.com ${TAGS} + env: + TAGS: axelarnet/tofnd:${{ github.event.inputs.tag }} + COSIGN_EXPERIMENTAL: 1