Cardinal-Cryptography · Marcin-Radecki · Mar 27, 2025 · Mar 27, 2025 · Mar 27, 2025 · Mar 27, 2025
diff --git a/...actions/store-node-and-runtime/action.yml → .../actions/store-artifacts-in-s3/action.yml b/...actions/store-node-and-runtime/action.yml → .../actions/store-artifacts-in-s3/action.yml
@@ -1,17 +1,16 @@
 ---
-name: Store node and runtime
-description: This workflow stores test or release version of aleph-node and aleph-runtime in S3, in
-             a given bucket
+name: Store build artifacts in S3
+description: This workflow stores production version of CI build artifacts in S3
 inputs:
   aleph-node-artifact-name:
     required: true
     description: 'Name of artifact aleph-node binary'
   aleph-runtime-artifact-name:
     required: true
     description: 'Name of artifact aleph-runtime'
-  profile:
+  chain-bootstrapper-artifact-name:
     required: true
-    description: 'test or production'
+    description: 'Name of artifact chain-bootstrapper'
   aws-access-key-id:
     required: true
     description: 'AWS Access Key ID to be used when storing artifacts'
@@ -25,14 +24,6 @@ inputs:
 runs:
   using: "composite"
   steps:
-    - name: Validate workflow inputs
-      shell: bash
-      run: |
-        if [[ '${{ inputs.profile }}' != 'test' && '${{ inputs.profile }}' != 'production' ]]; then
-          echo 'Error: inputs.profile should be either test or production!'
-          exit 1
-        fi
-
     - name: Checkout aleph-node source code
       uses: actions/checkout@v4
 
@@ -52,6 +43,12 @@ runs:
         name: ${{ inputs.aleph-runtime-artifact-name }}
         path: target
 
+    - name: Download chain-bootstrapper from GH artifacts
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ inputs.chain-bootstrapper-artifact-name }}
+        path: target
+
     - name: Configure AWS credentials for S3 AWS
       uses: aws-actions/configure-aws-credentials@v4
       env:
@@ -72,19 +69,31 @@ runs:
         source-filename: aleph-node
         s3-bucket-path:
           # yamllint disable-line rule:line-length
-          builds/aleph-node/commits/${{ steps.get-ref-properties.outputs.sha }}/aleph-${{ inputs.profile }}-node
+          builds/aleph-node/commits/${{ steps.get-ref-properties.outputs.sha }}/aleph-production-node
         s3-bucket-filename:
-          aleph-${{ inputs.profile }}-node-${{ steps.get-ref-properties.outputs.sha }}.tar.gz
+          aleph-production-node-${{ steps.get-ref-properties.outputs.sha }}.tar.gz
         s3-bucket-name: ${{ inputs.aws-bucket }}
 
     - name: Copy runtime to S3 AWS bucket
-      uses: Cardinal-Cryptography/github-actions/copy-file-to-s3@v1
+      uses: Cardinal-Cryptography/github-actions/copy-file-to-s3@v7
       with:
         source-path: target
         source-filename: aleph_runtime.compact.compressed.wasm
         s3-bucket-path:
           # yamllint disable-line rule:line-length
-          builds/aleph-node/commits/${{ steps.get-ref-properties.outputs.sha }}/aleph-${{ inputs.profile }}-runtime
+          builds/aleph-node/commits/${{ steps.get-ref-properties.outputs.sha }}/aleph-production-runtime
+        s3-bucket-filename:
+          aleph-production-runtime-${{ steps.get-ref-properties.outputs.sha }}.tar.gz
+        s3-bucket-name: ${{ inputs.aws-bucket }}
+
+    - name: Copy chain-bootstrapper to S3 AWS bucket
+      uses: Cardinal-Cryptography/github-actions/copy-file-to-s3@v7
+      with:
+        source-path: target
+        source-filename: chain-bootstrapper
+        s3-bucket-path:
+          # yamllint disable-line rule:line-length
+          builds/aleph-node/commits/${{ steps.get-ref-properties.outputs.sha }}/chain-bootstrapper-production
         s3-bucket-filename:
-          aleph-${{ inputs.profile }}-runtime-${{ steps.get-ref-properties.outputs.sha }}.tar.gz
+          chain-bootstrapper-production-${{ steps.get-ref-properties.outputs.sha }}.tar.gz
         s3-bucket-name: ${{ inputs.aws-bucket }}
diff --git a/.github/workflows/on-main-or-release-branch-commit.yml b/.github/workflows/on-main-or-release-branch-commit.yml
@@ -39,7 +39,7 @@ jobs:
           ecr-chain-bootstrapper-repo: ${{ vars.ECR_CHAIN_BOOTSTRAPPER_REPO }}
           test-binary: 'false'
 
-  build-chain-bootstrapper:
+  build-production-chain-bootstrapper:
     needs: [check-vars-and-secrets]
     name: Build chain-bootstrapper
     uses: ./.github/workflows/_build-chain-bootstrapper.yml
@@ -49,17 +49,17 @@ jobs:
 
   push-chain-bootstrapper-image-to-ecr:
     needs:
-      - build-chain-bootstrapper
+      - build-production-chain-bootstrapper
       - get-full-docker-image-path
     name: Push chain-bootstrapper docker image to ECR
     uses: ./.github/workflows/_push-image-to-ecr.yml
     secrets: inherit
     with:
-      binary-artifact-name: ${{ needs.build-chain-bootstrapper.outputs.artifact-name-binary }}
-      # yamllint disable-line rule:line-length
+      # yamllint disable rule:line-length
+      binary-artifact-name: ${{ needs.build-production-chain-bootstrapper.outputs.artifact-name-binary }}
       docker-image-name: ${{ needs.get-full-docker-image-path.outputs.chain-bootstrapper-fqdn-image }}
-      # yamllint disable-line rule:line-length
       docker-image-name-latest: ${{ needs.get-full-docker-image-path.outputs.chain-bootstrapper-fqdn-image-latest }}
+      # yamllint enable rule:line-length
       binary-name: chain-bootstrapper
       docker-file-path: ./bin/chain-bootstrapper/Dockerfile
 
@@ -90,24 +90,25 @@ jobs:
     needs: [build-production-runtime]
     uses: ./.github/workflows/_check-runtime-determimism.yml
 
-  store-production-node-and-runtime-in-mainnet-s3:
-    name: Store production node and runtime in Mainnet bucket
+  store-ci-artifacts-in-mainnet-s3:
+    name: Store CI artifacts in Mainnet bucket
     runs-on: ubuntu-20.04
     needs:
       - build-production-aleph-node
       - build-production-runtime
+      - build-production-chain-bootstrapper
     steps:
       - name: Checkout aleph-node source code
         uses: actions/checkout@v4
 
       - name: Store production node and runtime
-        uses: ./.github/actions/store-node-and-runtime
+        uses: ./.github/actions/store-artifacts-in-s3
         with:
-          profile: production
-          # yamllint disable-line rule:line-length
+          # yamllint disable rule:line-length
           aleph-node-artifact-name: ${{ needs.build-production-aleph-node.outputs.artifact-name-binary }}
-          # yamllint disable-line rule:line-length
           aleph-runtime-artifact-name: ${{ needs.build-production-runtime.outputs.aleph-runtime-artifact-name }}
+          chain-bootstrapper-artifact-name: ${{ needs.build-production-chain-bootstrapper.outputs.artifact-name-binary }}
+          # yamllint enable rule:line-length
           aws-access-key-id: ${{ secrets.AWS_MAINNET_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_MAINNET_SECRET_ACCESS_KEY }}
           aws-bucket: ${{ secrets.CI_MAINNET_S3BUCKET_NAME }}

diff --git a/.github/workflows/on-release.yml b/.github/workflows/on-release.yml
@@ -1,5 +1,5 @@
 ---
-name: Upload runtime and binary to GitHub Release
+name: Upload CI artifacts to GitHub Release
 
 on:
   release:
@@ -17,9 +17,9 @@ jobs:
     uses: ./.github/workflows/_check-vars-and-secrets.yml
     secrets: inherit
 
-  add-runtime-and-binary-to-release:
+  add-ci-artifacts-to-release:
     needs: [check-vars-and-secrets]
-    name: Add runtime and binary to release
+    name: Add CI artifacts to the release
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout source code
@@ -58,6 +58,17 @@ jobs:
           aws s3 cp '${{ env.S3BUCKET_URL }}/${{ env.S3BUCKET_FILE }}' \
              'aleph-node-${{ steps.get-ref-properties.outputs.sha }}-linux-amd64.tar.gz'
 
+      - name: Download chain-bootstrapper binary from S3 bucket
+        shell: bash
+        env:
+          # yamllint disable-line rule:line-length
+          S3BUCKET_URL: s3://${{ secrets.CI_MAINNET_S3BUCKET_NAME }}/builds/aleph-node/commits/${{ steps.get-ref-properties.outputs.sha }}/chain-bootstrapper-production
+          # yamllint disable-line rule:line-length
+          S3BUCKET_FILE: chain-bootstrapper-production-${{ steps.get-ref-properties.outputs.sha }}.tar.gz
+        run: |
+          aws s3 cp '${{ env.S3BUCKET_URL }}/${{ env.S3BUCKET_FILE }}' \
+             'chain-bootstrapper-${{ steps.get-ref-properties.outputs.sha }}-linux-amd64.tar.gz'
+
       - name: Generate release artifacts checksum (SHA256)
         uses: jmgilman/actions-generate-checksum@v1
         with:
@@ -66,18 +77,19 @@ jobs:
           patterns: |
             *.tar.gz
 
-      - name: Add runtime and binary to the release
+      - name: Add CI artifacts to the release
         uses: softprops/action-gh-release@v2
         with:
           files: |
             checksums-${{ steps.get-ref-properties.outputs.sha }}-linux-amd64.tar.gz.SHA256.txt
             aleph-runtime-${{ steps.get-ref-properties.outputs.sha }}.tar.gz
             aleph-node-${{ steps.get-ref-properties.outputs.sha }}-linux-amd64.tar.gz
+            chain-bootstrapper-${{ steps.get-ref-properties.outputs.sha }}-linux-amd64.tar.gz
 
   slack:
     name: Slack notification
     runs-on: ubuntu-20.04
-    needs: [add-runtime-and-binary-to-release]
+    needs: [add-ci-artifacts-to-release]
     if: always()
     steps:
       - name: Send Slack message