Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add multiarch build and release #278

Merged
merged 2 commits into from
Mar 22, 2022
Merged

feat: add multiarch build and release #278

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
16a7a0f
add multiarch build and release
Mar 2, 2022
b9f541e
add parallel build
Mar 9, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
155 changes: 110 additions & 45 deletions .github/workflows/build-docker-image-and-binaries.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,39 +4,70 @@ on:
workflow_dispatch:
inputs:
tag:
description: Github tag to release binaries for (reusing same tag will overwrite previously released binaries)
description: Github tag to release binaries for (reusing an existing tag will make the pipeline fail)
required: true
default: latest

jobs:
release:

release-binaries:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os:
- ubuntu-18.04
runs-on: ${{ matrix.os }}
os: [ubuntu-18.04, macos-latest]

permissions:
contents: write
packages: write
id-token: write

steps:
- name: Validate tag

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2

- name: Validate tag for binaries build
env:
SEMVER: ${{ github.event.inputs.tag }}
run: |
if [[ $SEMVER =~ v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} ]]; then echo "Tag is okay" && exit 0; else echo "invalid tag" && exit 1; fi
aws s3 ls s3://axelar-releases/tofnd/"$SEMVER" && echo "tag already exists, use a new one" && exit 1

- name: Checkout code
- name: Checkout code
uses: actions/checkout@v2
with:
fetch-depth: '0'
ref: ${{ github.event.inputs.tag }}
submodules: recursive

- name: Install Cosign
uses: sigstore/cosign-installer@main
- name: Install Rust
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y

- name: build binaries
env:
SEMVER: ${{ github.event.inputs.tag }}
run: |
if [ "$RUNNER_OS" == "Linux" ]
then
OS="linux"
TOFND_PATH="/home/runner/work/tofnd/tofnd/target/release"
else
OS="darwin"
TOFND_PATH="/Users/runner/work/tofnd/tofnd/target/release"
fi
ARCH="${{ matrix.arch }}"
cargo install --locked --path .
mkdir tofndbin
mv "$TOFND_PATH/tofnd" "./tofndbin/tofnd-$OS-$ARCH-$SEMVER"

- name: Test tofnd version
working-directory: ./tofndbin
run: |
./tofnd-* --version

- name: Import GPG key
id: import_gpg
Expand All @@ -45,63 +76,97 @@ jobs:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}

- name: Sign binaries
working-directory: ./tofndbin
env:
SEMVER: ${{ github.event.inputs.tag }}
run: |
if [ "$RUNNER_OS" == "Linux" ]
then
OS="linux"
else
OS="darwin"
fi
ARCH="${{ matrix.arch }}"
gpg --armor --detach-sign tofnd-"$OS"-"$ARCH"-"$SEMVER"

- name: Create zip and sha256 files
working-directory: ./tofndbin
run: |
for i in `ls | grep -v .asc`
do
shasum -a 256 $i | awk '{print $1}' > $i.sha256
zip $i.zip $i
shasum -a 256 $i.zip | awk '{print $1}' > $i.zip.sha256
done

- name: Upload binaries to release
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: ./tofndbin/*
tag: ${{ github.event.inputs.tag }}
overwrite: true
file_glob: true

- name: Upload binaries to S3
env:
S3_PATH: s3://axelar-releases/tofnd/${{ github.event.inputs.tag }}
run: |
aws s3 cp ./tofndbin ${S3_PATH}/ --recursive

release-docker:

runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-18.04]

permissions:
contents: write
packages: write
id-token: write

steps:

- name: Checkout code for docker image build
uses: actions/checkout@v2
with:
fetch-depth: '0'
ref: ${{ github.event.inputs.tag }}
submodules: recursive

- name: Install Cosign
if: matrix.os == 'ubuntu-18.04'
uses: sigstore/cosign-installer@main

- name: Install SSH key
if: matrix.os == 'ubuntu-18.04'
uses: webfactory/ssh-agent@v0.4.1
with:
ssh-private-key: ${{ secrets.CICD_RSA_KEY }}

- name: Build docker image
if: matrix.os == 'ubuntu-18.04'
run: |
make docker-image

- name: Copy binary from docker image
env:
SEMVER: ${{ github.event.inputs.tag }}
run: |
make copy-binary-from-image

- name: Sign Binaries
working-directory: ./bin
env:
SEMVER: ${{ github.event.inputs.tag }}
run: |
gpg --armor --detach-sign tofnd-linux-amd64-v${SEMVER}

- name: Login to DockerHub
if: matrix.os == 'ubuntu-18.04'
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}

- name: Push to DockerHub (release)
if: matrix.os == 'ubuntu-18.04'
run: |
docker tag axelar/tofnd:latest axelarnet/tofnd:${{ github.event.inputs.tag }}
docker push axelarnet/tofnd:${{ github.event.inputs.tag }}

- name: Sign the images with GitHub OIDC
if: matrix.os == 'ubuntu-18.04'
run: cosign sign --oidc-issuer https://token.actions.githubusercontent.com ${TAGS}
env:
TAGS: axelarnet/tofnd:${{ github.event.inputs.tag }}
COSIGN_EXPERIMENTAL: 1

- name: Upload binaries to release
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: ./bin/*
tag: ${{ github.event.inputs.tag }}
overwrite: true
file_glob: true

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2

- name: Upload binaries to S3
env:
S3_PATH: s3://axelar-releases/tofnd/${{ github.event.inputs.tag }}
run: |
make upload-binaries-to-s3