Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Release/CI] Github flow to build polkadot/polkadot-parachain rc binaries and deb package #5963

Merged
merged 64 commits into from
Oct 9, 2024
Merged

[Release/CI] Github flow to build polkadot/polkadot-parachain rc binaries and deb package #5963

merged 64 commits into from
Oct 9, 2024

Conversation

EgorPopelyaev
Copy link
Contributor

@EgorPopelyaev EgorPopelyaev commented Oct 8, 2024
edited
Loading

This PR introduces a GitHub flow, that should replace a semi manual part of the release process to build rc binaries for polkadot and polkadot-parachain + the polkadot deb package.

Right now, this part of the release is done on the cleanroom machine by the release engineers via triggering bash scripts directly on the server. These GitHub flows should replace it and move everything to the CI.

The whole flow is meant to be run in the new paritytech-release where the automated release is going to be moved.

The flow includes the following steps:

  • Build polkadot, polakdot-prepare-worker, polkadot-execute-worker and polkadopt-parachain binaries
  • Sign those artefacts using gpg and generate a sha256 checksum
  • Build deb package for polakdot
  • Make a GitHub attestation
  • Upload artefacts to the S3 buckets

Closes: https://github.com/paritytech/release-engineering/issues/223

@EgorPopelyaev
add build release binary pipeline
668a114
@EgorPopelyaev
test checkout
b9621b1
@EgorPopelyaev
set bash as a shell for import gpg
ea371fa
@EgorPopelyaev
use pgpkms directly
5c216b2
@EgorPopelyaev
debug signing
b7b56c6
@EgorPopelyaev
test signing
b05fc6f
@EgorPopelyaev
fix typos
20b5dbf
@EgorPopelyaev
fix typo
73874df
@EgorPopelyaev
add upload artifacts
41b2b37
@EgorPopelyaev
test binary build
6c81ed7
@EgorPopelyaev
fix signature
af20353
@EgorPopelyaev
add steps to build polkadot-parachain and upload to s3
b80d242
@EgorPopelyaev
change github.workspace to "${GITHUB_WORKSPACE}" due to the bug in git
19afe85
@EgorPopelyaev
setting shell as bash explicitly for some steps
9d6b12b
@EgorPopelyaev
fix aws region
fca6718
@EgorPopelyaev
fix script name
dbbb141
@EgorPopelyaev
add artifacts download path
80fe8f2
@EgorPopelyaev
chnage download path
e104d72
@EgorPopelyaev
test with real binaries
ebab693
@EgorPopelyaev
Merge branch 'master' of https://github.com/paritytech/polkadot-sdk i…
026f4af 
…nto ep-add-binaries-build-pipeline
@EgorPopelyaev
fix package name
63843cb
@EgorPopelyaev
test without polkadot-parachain
85b0691
@EgorPopelyaev
move common parts to a reusable workflow
83fd636
@EgorPopelyaev
use fromJson
7f5cb2c
@EgorPopelyaev
add package as parameter
43c918c
@EgorPopelyaev
fix
73f40bb
@EgorPopelyaev
fix quots
8f42d25
@EgorPopelyaev
move envs inside a build job
f94a04f
@EgorPopelyaev
define secrets
0ae01e9
@EgorPopelyaev
use one bucket
a96bf6f
@EgorPopelyaev EgorPopelyaev added the R0-silent Changes should not be mentioned in any release notes label Oct 8, 2024
@EgorPopelyaev EgorPopelyaev requested review from a team as code owners October 8, 2024 08:19
@paritytech-review-bot paritytech-review-bot bot requested a review from a team October 8, 2024 10:47
@alvicsam alvicsam self-requested a review October 8, 2024 11:13
ggwpez
ggwpez reviewed Oct 8, 2024
View reviewed changes
.github/scripts/release/build-deb.sh Outdated Show resolved Hide resolved
.github/scripts/release/build-linux-release.sh Outdated
PACKAGE=${2:-$BIN}

PROFILE=${PROFILE:-production}
RUST_TOOLCHAIN=stable
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we get this from the global CI env file? Otherwise older releases will stop building when newer rust versions come out.

Generally it is good to have all the versions fixed in files on the release branch, so that they continue to work in the future even when dependencies update.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It should always be the same version that we use in the CI to run tests, as only that version is guaranteed to work.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm, I think this is an old variable which is not used anywhere. Build is done in the ci-unifide container, so that rust version is matching the one we are generally using.
I'll delete it.

.github/workflows/release-reusable-rc-buid.yml Outdated
. "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh
echo "Checking binary ${{ matrix.binaries }}"
check_sha256 ${{ matrix.binaries }} && echo "OK" || echo "ERR"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This just ignores the error, or?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Double-checked it, so the function will return the error but, I guess pipeline won't fail in this case due to echo, but just show the "ERR" message. I'll delete those echoes.

EgorPopelyaev and others added 3 commits October 8, 2024 15:36
@EgorPopelyaev @ggwpez
use cargo-deb with particular version
025c5a6 
Co-authored-by: Oliver Tale-Yazdi <oliver.tale-yazdi@parity.io>
@EgorPopelyaev
address PR comments
eb34aec
@EgorPopelyaev
Merge branch 'master' of https://github.com/paritytech/polkadot-sdk i…
4789c53 
…nto ep-add-binaries-build-pipeline
@paritytech-review-bot paritytech-review-bot bot requested a review from a team October 9, 2024 11:52
mordamax
mordamax approved these changes Oct 9, 2024
View reviewed changes
.github/workflows/release-build-rc.yml
name: Release - Build node release candidate

on:
workflow_dispatch:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is it safe/ok that anyone in org (even accidentally) can run this?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This won't be the case, cause the setup is going so that it will be possible to trigger it only from the new paritytech-release org

@EgorPopelyaev EgorPopelyaev added this pull request to the merge queue Oct 9, 2024
Merged via the queue into paritytech:master with commit c477076 Oct 9, 2024
168 of 211 checks passed
@EgorPopelyaev EgorPopelyaev deleted the ep-add-binaries-build-pipeline branch October 9, 2024 14:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ggwpez ggwpez ggwpez left review comments

@mordamax mordamax mordamax approved these changes

@AndWeHaveAPlan AndWeHaveAPlan AndWeHaveAPlan approved these changes

@alvicsam alvicsam alvicsam approved these changes

@pavelsupr pavelsupr Awaiting requested review from pavelsupr

Assignees
No one assigned
Labels
R0-silent Changes should not be mentioned in any release notes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@EgorPopelyaev @mordamax @AndWeHaveAPlan @ggwpez @alvicsam