Merge pull request #1406 from Concordium/plt-9.0.4 #335
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Concordium node release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| service: | |
| type: choice | |
| description: Choose which workflow should be ran | |
| options: | |
| - node-macos | |
| - node-windows | |
| - node-linux | |
| - docker | |
| - p2p-bootstrapper | |
| - database-exporter | |
| push: | |
| tags: | |
| - '*.*.*-*-rc' | |
| - '*.*.*-*-alpha' | |
| env: | |
| UBUNTU_VERSION: '20.04' | |
| STATIC_LIBRARIES_IMAGE_TAG: 'rust-1.82_ghc-9.6.6-0' | |
| RUST_VERSION: '1.82' | |
| STACK_VERSION: '3.1.1' | |
| FLATBUFFERS_VERSION: '23.5.26' | |
| GHC_VERSION: '9.6.6' | |
| PROTOC_VERSION: '28.3' | |
| STATIC_NODE_BINARY_IMAGE_NAME: 'static-node-binaries' | |
| ARTIFACT_FILE_NAME: 'image' | |
| AWS_ROLE_TO_ASSUME: 'arn:aws:iam::192549843005:role/github_concordium-node' | |
| S3_ARN_TEMPLATES: '{ | |
| \"database-exporter\": {\"bucket\": \"distribution.concordium.software\", \"dir\": \"tools/linux\", \"name\": \"database-exporter_${VERSION}.deb\"}, | |
| \"p2p-bootstrapper\": {\"bucket\": \"distribution.concordium.software\", \"dir\": \"tools/linux\", \"name\": \"p2p-bootstrapper_${VERSION}.deb\"}, | |
| \"node-stagenet-linux\": {\"bucket\": \"distribution.stagenet.concordium.com\", \"dir\": \"deb\", \"name\": \"concordium-stagenet-node_${VERSION}_amd64.deb\"}, | |
| \"node-flynet-linux\": {\"bucket\": \"distribution.flynet.concordium.com\", \"dir\": \"deb\", \"name\": \"concordium-flynet-node_${VERSION}_amd64.deb\"}, | |
| \"node-testnet-linux\": {\"bucket\": \"distribution.testnet.concordium.com\", \"dir\": \"deb\", \"name\": \"concordium-testnet-node_${VERSION}_amd64.deb\"}, | |
| \"node-mainnet-linux\": {\"bucket\": \"distribution.mainnet.concordium.software\", \"dir\": \"deb\", \"name\": \"concordium-mainnet-node_${VERSION}_amd64.deb\"}, | |
| \"node-macos\": {\"bucket\": \"distribution.concordium.software\", \"dir\": \"macos\", \"name\": \"concordium-node-${VERSION}.pkg\"}, | |
| \"node-windows\": {\"bucket\": \"distribution.concordium.software\", \"dir\": \"windows\", \"name\": \"Node-${VERSION}.msi\"} | |
| }' | |
| DOCKER_TAGS_TEMPLATES: '{ | |
| \"docker-stagenet\": \"concordium/stagenet-node:${VERSION}\", | |
| \"docker-testnet\": \"concordium/testnet-node:${VERSION}\", | |
| \"docker-mainnet\": \"concordium/mainnet-node:${VERSION}\" | |
| }' | |
| REGISTRY: docker.io | |
| SERVICE: "${{ inputs.service }}" | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| validate-preconditions: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| s3_arns: ${{ steps.render.outputs.s3_arns }} | |
| docker_tags: ${{ steps.render.outputs.docker_tags }} | |
| release_type: ${{ steps.versions_derivation.outputs.release_type }} | |
| base_version: ${{ steps.versions_derivation.outputs.base_version }} | |
| version: ${{ steps.versions_derivation.outputs.version }} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: Validate version | |
| id: versions_derivation | |
| run: | | |
| CARGO_VERSION=$(yq .package.version concordium-node/Cargo.toml) | |
| if [ -z "${{ env.SERVICE }}" ]; then | |
| IFS='-' read -r VERSION BUILD RELEASE_TYPE <<< "${{ github.ref_name }}" | |
| if [ ! "$VERSION" = "$CARGO_VERSION" ]; then | |
| echo "::error::${CARGO_VERSION} does not match ${VERSION}." | |
| exit 1 | |
| fi | |
| else | |
| RELEASE_TYPE="${{ env.SERVICE }}" | |
| BUILD=$(git rev-parse --short HEAD) | |
| fi | |
| echo "::notice::RELEASE_TYPE=${RELEASE_TYPE}" | |
| echo "release_type=${RELEASE_TYPE}" >> "$GITHUB_OUTPUT" | |
| echo "version=${CARGO_VERSION}-${BUILD}" >> "$GITHUB_OUTPUT" | |
| echo "base_version=${CARGO_VERSION}" >> "$GITHUB_OUTPUT" | |
| - name: Templates rendering | |
| id: render | |
| run: | | |
| export VERSION="${{ steps.versions_derivation.outputs.version }}" | |
| echo "s3_arns=${{ env.S3_ARN_TEMPLATES }}" >> $GITHUB_OUTPUT | |
| echo "docker_tags=${{ env.DOCKER_TAGS_TEMPLATES }}" >> $GITHUB_OUTPUT | |
| build-static-binaries: | |
| needs: [validate-preconditions] | |
| runs-on: ubuntu-latest-8core | |
| if: contains(fromJSON('["rc", "alpha", "docker", "node-linux", "p2p-bootstrapper"]'), needs.validate-preconditions.outputs.release_type) | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build Static Node Binary Image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| push: false | |
| file: scripts/static-binaries/static-binaries.Dockerfile | |
| tags: ${{ env.STATIC_NODE_BINARY_IMAGE_NAME }}:${{ github.run_id }} | |
| no-cache: true | |
| build-args: | | |
| ubuntu_version=${{ env.UBUNTU_VERSION }} | |
| static_libraries_image_tag=${{ env.STATIC_LIBRARIES_IMAGE_TAG }} | |
| ghc_version=${{ env.GHC_VERSION }} | |
| protoc_version=${{ env.PROTOC_VERSION }} | |
| flatbuffers_version=${{ env.FLATBUFFERS_VERSION }} | |
| rust_toolchain_version=${{ env.RUST_VERSION }} | |
| labels: | | |
| ubuntu_version=${{ env.UBUNTU_VERSION }} | |
| static_libraries_image_tag=${{ env.STATIC_LIBRARIES_IMAGE_TAG }} | |
| ghc_version=${{ env.GHC_VERSION }} | |
| outputs: type=docker,dest=/tmp/${{ env.STATIC_NODE_BINARY_IMAGE_NAME }}.tar | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.STATIC_NODE_BINARY_IMAGE_NAME }} | |
| path: /tmp/${{ env.STATIC_NODE_BINARY_IMAGE_NAME }}.tar | |
| database-exporter: | |
| needs: [validate-preconditions] | |
| runs-on: ubuntu-latest | |
| if: contains(fromJSON('["rc", "alpha", "database-exporter"]'), needs.validate-preconditions.outputs.release_type) | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Extrapolate artifact name | |
| run: | | |
| ARTIFACT_NAME=$(echo '${{ needs.validate-preconditions.outputs.s3_arns }}' | jq -r '.["${{ github.job }}"].name') | |
| echo "ARTIFACT_NAME=${ARTIFACT_NAME}" >> $GITHUB_ENV | |
| - name: Build Database Exporter | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| push: false | |
| tags: build-deb:${{ github.run_id }} | |
| file: scripts/db-exporter/Dockerfile | |
| build-args: | | |
| ubuntu_version=${{ env.UBUNTU_VERSION }} | |
| version=${{ needs.validate-preconditions.outputs.version }} | |
| ghc_version=${{ env.GHC_VERSION }} | |
| static_libraries_image_tag=${{ env.STATIC_LIBRARIES_IMAGE_TAG }} | |
| labels: | | |
| ubuntu_version=${{ env.UBUNTU_VERSION }} | |
| version=${{ needs.validate-preconditions.outputs.version }} | |
| ghc_version=${{ env.GHC_VERSION }} | |
| static_libraries_image_tag=${{ env.STATIC_LIBRARIES_IMAGE_TAG }} | |
| no-cache: true | |
| - name: Run Docker and Extract Artifacts | |
| run: | | |
| id=$(docker create build-deb:${{ github.run_id }}) | |
| docker cp $id:/build/${{ github.job }}_${{ needs.validate-preconditions.outputs.version }}.deb ./${{ env.ARTIFACT_NAME }} | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ github.job }} | |
| path: ./${{ env.ARTIFACT_NAME }} | |
| p2p-bootstrapper: | |
| runs-on: ubuntu-latest | |
| if: contains(fromJSON('["rc", "alpha", "p2p-bootstrapper"]'), needs.validate-preconditions.outputs.release_type) | |
| needs: [build-static-binaries, validate-preconditions] | |
| steps: | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ env.STATIC_NODE_BINARY_IMAGE_NAME }} | |
| path: /tmp | |
| - name: Extrapolate artifact name | |
| run: | | |
| ARTIFACT_NAME=$(echo '${{ needs.validate-preconditions.outputs.s3_arns }}' | jq -r '.["${{ github.job }}"].name') | |
| echo "ARTIFACT_NAME=${ARTIFACT_NAME}" >> $GITHUB_ENV | |
| - name: Load image | |
| run: docker load --input /tmp/${{ env.STATIC_NODE_BINARY_IMAGE_NAME }}.tar | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Build Docker Image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| push: false | |
| file: scripts/bootstrapper/Dockerfile | |
| tags: build-deb:${{ github.run_id }} | |
| no-cache: true | |
| build-args: | | |
| ubuntu_version=${{ env.UBUNTU_VERSION }} | |
| version=${{ needs.validate-preconditions.outputs.version }} | |
| static_binaries_image_tag=${{ github.run_id }} | |
| labels: | | |
| ubuntu_version=${{ env.UBUNTU_VERSION }} | |
| version=${{ needs.validate-preconditions.outputs.version }} | |
| static_binaries_image_tag=${{ github.run_id }} | |
| - name: Run Docker and Extract Artifacts | |
| run: | | |
| id=$(docker create build-deb:${{ github.run_id }}) | |
| docker cp $id:/build/${{ github.job }}_${{ needs.validate-preconditions.outputs.version }}.deb ./${{ env.ARTIFACT_NAME }} | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ github.job }} | |
| path: ${{ env.ARTIFACT_NAME }} | |
| node-windows: | |
| runs-on: windows-latest | |
| needs: [validate-preconditions] | |
| if: contains(fromJSON('["rc", "alpha", "node-windows"]'), needs.validate-preconditions.outputs.release_type) | |
| defaults: | |
| run: | |
| shell: pwsh | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Install dependencies | |
| run: | | |
| choco install yq jq -y | |
| shell: bash | |
| - name: Extrapolate artifact name | |
| run: | | |
| ARTIFACT_NAME=$(echo '${{ needs.validate-preconditions.outputs.s3_arns }}' | jq -r '.["${{ github.job }}"].name') | |
| echo "ARTIFACT_NAME=${ARTIFACT_NAME}" >> $GITHUB_ENV | |
| shell: bash | |
| - name: Install Rust | |
| uses: actions-rust-lang/setup-rust-toolchain@v1 | |
| with: | |
| toolchain: ${{ env.RUST_VERSION }}-x86_64-pc-windows-msvc | |
| - name: Install Rust | |
| uses: actions-rust-lang/setup-rust-toolchain@v1 | |
| with: | |
| toolchain: ${{ env.RUST_VERSION }}-x86_64-pc-windows-gnu | |
| - name: Setup node folder | |
| run: | | |
| mkdir -p "C:/Program Files/node/include" | |
| Add-Content -Path $env:GITHUB_PATH -Value "C:/Program Files/node" | |
| - name: Install flatbuffers | |
| run: | | |
| curl -L -O https://github.com/google/flatbuffers/releases/download/v${{ env.FLATBUFFERS_VERSION }}/Windows.flatc.binary.zip | |
| unzip Windows.flatc.binary.zip | |
| mv flatc.exe "C:/Program Files/node/" | |
| - name: Install protobuf (protoc) | |
| run: | | |
| curl -L -O https://github.com/protocolbuffers/protobuf/releases/download/v${{ env.PROTOC_VERSION }}/protoc-${{ env.PROTOC_VERSION }}-win64.zip | |
| unzip protoc-${{ env.PROTOC_VERSION }}-win64.zip | |
| mv bin/protoc.exe "C:/Program Files/node/" | |
| mv include/* "C:/Program Files/node/include" | |
| - name: Setup Haskell | |
| uses: haskell-actions/setup@v2 | |
| with: | |
| ghc-version: ${{ env.GHC_VERSION }} | |
| enable-stack: true | |
| stack-version: ${{ env.STACK_VERSION }} | |
| - uses: milliewalky/setup-7-zip@v1 | |
| - name: Install GCC | |
| run: | | |
| curl -L -O https://github.com/brechtsanders/winlibs_mingw/releases/download/14.2.0posix-19.1.1-12.0.0-msvcrt-r2/winlibs-x86_64-posix-seh-gcc-14.2.0-llvm-19.1.1-mingw-w64msvcrt-12.0.0-r2.7z | |
| 7z x winlibs-x86_64-posix-seh-gcc-14.2.0-llvm-19.1.1-mingw-w64msvcrt-12.0.0-r2.7z -oC:/gcc | |
| Add-Content -Path $env:GITHUB_PATH -Value "C:/gcc/mingw64/bin" | |
| - name: Install LMDB | |
| run: stack exec -- pacman -S --noconfirm mingw-w64-x86_64-lmdb | |
| - name: Build Windows Node | |
| run: | | |
| ./scripts/distribution/windows/build-all.ps1 -nodeVersion ${{ needs.validate-preconditions.outputs.version }} -rustVersion ${{ env.RUST_VERSION }} | |
| cp ./service/windows/installer/Node.msi ./${{ env.ARTIFACT_NAME }} | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ github.job }} | |
| path: ${{ env.ARTIFACT_NAME }} | |
| node-macos: | |
| runs-on: macos-latest-large | |
| needs: [validate-preconditions] | |
| if: contains(fromJSON('["rc", "alpha", "node-macos"]'), needs.validate-preconditions.outputs.release_type) | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Extrapolate artifact name | |
| run: | | |
| ARTIFACT_NAME=$(echo '${{ needs.validate-preconditions.outputs.s3_arns }}' | jq -r '.["${{ github.job }}"].name') | |
| echo "ARTIFACT_NAME=${ARTIFACT_NAME}" >> $GITHUB_ENV | |
| - uses: actions-rust-lang/setup-rust-toolchain@v1 | |
| with: | |
| toolchain: ${{ env.RUST_VERSION }} | |
| - uses: haskell-actions/setup@v2 | |
| with: | |
| ghc-version: ${{ env.GHC_VERSION }} | |
| enable-stack: true | |
| stack-version: ${{ env.STACK_VERSION }} | |
| - name: Install flatbuffers | |
| run: | | |
| wget https://github.com/google/flatbuffers/releases/download/v${{ env.FLATBUFFERS_VERSION }}/MacIntel.flatc.binary.zip -O MacIntel.flatc.binary.zip | |
| unzip MacIntel.flatc.binary.zip -d flatbuffers | |
| sudo mv flatbuffers/flatc /usr/local/bin/ | |
| - name: Install protobuf | |
| run: | | |
| curl -L -o protoc.zip https://github.com/protocolbuffers/protobuf/releases/download/v${{ env.PROTOC_VERSION }}/protoc-${{ env.PROTOC_VERSION }}-osx-x86_64.zip | |
| unzip protoc.zip | |
| sudo mv bin/protoc /usr/local/bin/ | |
| sudo mv include/* /usr/local/include/ | |
| - name: Install Homebrew Packages | |
| run: | | |
| brew install lmdb llvm | |
| - name: Build macOS Package | |
| run: | | |
| printf "N\n" | ./scripts/distribution/macOS-package/build.sh ${{ needs.validate-preconditions.outputs.version }} | |
| cp ./scripts/distribution/macOS-package/build/packages/concordium-node-${{ needs.validate-preconditions.outputs.version }}-unsigned.pkg ./${{ env.ARTIFACT_NAME }} | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ github.job }} | |
| path: ${{ env.ARTIFACT_NAME }} | |
| generate-node-matrix: | |
| runs-on: ubuntu-latest | |
| needs: [validate-preconditions] | |
| outputs: | |
| matrix: ${{ steps.set-matrix.outputs.matrix }} | |
| steps: | |
| - name: Initialize Matrix with alpha environments | |
| run: | | |
| MATRIX_JSON=$(echo '[ | |
| { | |
| "env": "stagenet", | |
| "tld": "com", | |
| "genesis_path": "stagenet/2024-09-12/genesis_data", | |
| "grpc_port": 20500, | |
| "listen_port": 9500 | |
| }, | |
| { | |
| "env": "flynet", | |
| "tld": "com", | |
| "genesis_path": "flynet/2023-02-01/genesis_data", | |
| "grpc_port": 20002, | |
| "listen_port": 8890 | |
| } | |
| ]' | jq -c) | |
| echo "MATRIX_JSON=${MATRIX_JSON}" >> $GITHUB_ENV | |
| - name: Release candidate environments | |
| if: needs.validate-preconditions.outputs.release_type == 'rc' | |
| run: | | |
| MATRIX_JSON=$(echo "$MATRIX_JSON" | jq -c '. + [ | |
| { | |
| "env": "testnet", | |
| "tld": "com", | |
| "genesis_path": "testnet/2022-06-13/genesis_data", | |
| "grpc_port": 20001, | |
| "listen_port": 8889 | |
| }, | |
| { | |
| "env": "mainnet", | |
| "tld": "software", | |
| "genesis_path": "mainnet/2021-06-09", | |
| "grpc_port": 20000, | |
| "listen_port": 8888 | |
| } | |
| ]') | |
| echo "MATRIX_JSON=${MATRIX_JSON}" >> $GITHUB_ENV | |
| - name: Output Matrix JSON | |
| id: set-matrix | |
| run: echo "matrix=$MATRIX_JSON" >> $GITHUB_OUTPUT | |
| node-linux: | |
| runs-on: ubuntu-latest | |
| if: contains(fromJSON('["rc", "alpha", "node-linux"]'), needs.validate-preconditions.outputs.release_type) | |
| needs: [ build-static-binaries, validate-preconditions, generate-node-matrix ] | |
| env: | |
| DATA_DIR: './scripts/distribution/ubuntu-packages/template/data' | |
| strategy: | |
| matrix: | |
| node: ${{ fromJSON(needs.generate-node-matrix.outputs.matrix) }} | |
| steps: | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ env.STATIC_NODE_BINARY_IMAGE_NAME }} | |
| path: /tmp | |
| - name: Extrapolate artifact name | |
| run: | | |
| ARTIFACT_NAME=$(echo '${{ needs.validate-preconditions.outputs.s3_arns }}' | jq -r '.["node-${{ matrix.node.env }}-linux"].name') | |
| echo "ARTIFACT_NAME=${ARTIFACT_NAME}" >> $GITHUB_ENV | |
| - name: Load image | |
| run: | | |
| docker load --input /tmp/${{ env.STATIC_NODE_BINARY_IMAGE_NAME }}.tar | |
| rm /tmp/${{ env.STATIC_NODE_BINARY_IMAGE_NAME }}.tar | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Checkout Genesis Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: 'Concordium/concordium-infra-genesis-data' | |
| path: 'genesis' | |
| ssh-key: ${{ secrets.GENESIS_DATA_KEY }} | |
| ref: 'main' | |
| - name: Define domain | |
| run: echo "DOMAIN=${{ matrix.node.env }}.concordium.${{ matrix.node.tld }}" >> $GITHUB_ENV | |
| - name: Define project name | |
| run: echo "PROJECT_NAME=node-${{ matrix.node.env }}-linux" >> $GITHUB_ENV | |
| - name: Copy Genesis Data | |
| run: | | |
| mkdir -p ${{ env.DATA_DIR }} | |
| cp genesis/${{ matrix.node.genesis_path }}/genesis.dat ${{ env.DATA_DIR }}/${{ matrix.node.env }}-genesis.dat | |
| - name: Set environment variables | |
| run: | | |
| echo "BUILD_ENV_NAME=$(echo "${{ matrix.node.env }}" | awk '{ $1=toupper(substr($1,1,1)) substr($1,2); print }')" >> $GITHUB_ENV | |
| echo "BUILD_GENESIS_HASH=$(cat genesis/${{ matrix.node.genesis_path }}/genesis_hash | tr -cd "[:alnum:]")" >> $GITHUB_ENV | |
| - name: Build Docker Image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: ./scripts/distribution/ubuntu-packages/ | |
| push: false | |
| file: ./scripts/distribution/ubuntu-packages/deb.Dockerfile | |
| tags: ${{ matrix.node.env }}-deb | |
| no-cache: true | |
| build-args: | | |
| ubuntu_version=${{ env.UBUNTU_VERSION }} | |
| version=${{ needs.validate-preconditions.outputs.version }} | |
| static_binaries_image_tag=${{ github.run_id }} | |
| build_env_name=${{ env.BUILD_ENV_NAME }} | |
| build_env_name_lower=${{ matrix.node.env }} | |
| build_catchup_url=https://${{ env.DOMAIN }}/blocks.idx | |
| build_genesis_hash=${{ env.BUILD_GENESIS_HASH }} | |
| build_collector_backend_url=https://dashboard.${{ env.DOMAIN }}/nodes/post | |
| build_grpc2_listen_port=${{ matrix.node.grpc_port }} | |
| build_listen_port=${{ matrix.node.listen_port }} | |
| build_bootstrap=bootstrap.${{ env.DOMAIN }}:8888 | |
| - name: Run Docker and Extract Artifacts | |
| run: | | |
| id=$(docker create ${{ matrix.node.env }}-deb) | |
| docker cp $id:/out/concordium-${{ matrix.node.env }}-node_${{ needs.validate-preconditions.outputs.base_version }}_amd64.deb ${{ env.ARTIFACT_NAME }} | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: node-${{ matrix.node.env }}-linux | |
| path: ${{ env.ARTIFACT_NAME }} | |
| generate-release-matrixes: | |
| runs-on: ubuntu-latest | |
| needs: [ node-linux, node-macos, node-windows, p2p-bootstrapper, database-exporter, validate-preconditions ] | |
| outputs: | |
| s3_names: ${{ steps.s3-matrix.outputs.intersection }} | |
| docker_names: ${{ steps.docker-matrix.outputs.intersection }} | |
| steps: | |
| - name: Find list of potential s3 releases | |
| run: | | |
| echo "S3_CANDIDATES=$(echo '${{ needs.validate-preconditions.outputs.s3_arns }}' | jq -r -c 'keys')" >> $GITHUB_ENV | |
| - name: Find list of potential docker releases | |
| run: | | |
| echo "DOCKER_CANDIDATES=$(echo '${{ needs.validate-preconditions.outputs.docker_tags }}' | jq -r -c 'keys')" >> $GITHUB_ENV | |
| - name: Find released artifacts | |
| run: | | |
| ARTIFACTS=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
| "https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/artifacts" | jq -r -c '.artifacts | map(.name) | @json') | |
| echo "ARTIFACT_NAMES=$ARTIFACTS" >> $GITHUB_ENV | |
| - name: s3-matrix | |
| id: s3-matrix | |
| run: | | |
| intersection=$(jq -n -c \ | |
| --argjson s3 '${{ env.S3_CANDIDATES }}' \ | |
| --argjson artifacts '${{ env.ARTIFACT_NAMES }}' \ | |
| '$s3 - ($s3 - $artifacts)') | |
| echo "intersection=$intersection" >> $GITHUB_OUTPUT | |
| - name: docker-matrix | |
| id: docker-matrix | |
| run: | | |
| intersection=$(jq -n -c \ | |
| --argjson docker '${{ env.DOCKER_CANDIDATES }}' \ | |
| --argjson artifacts '${{ env.ARTIFACT_NAMES }}' \ | |
| '$docker - ($docker - $artifacts)') | |
| echo "intersection=$intersection" >> $GITHUB_OUTPUT | |
| docker-build: | |
| runs-on: ubuntu-latest | |
| if: contains(fromJSON('["rc", "alpha", "docker"]'), needs.validate-preconditions.outputs.release_type) | |
| needs: [ build-static-binaries, validate-preconditions, generate-node-matrix ] | |
| strategy: | |
| matrix: | |
| node: ${{ fromJSON(needs.generate-node-matrix.outputs.matrix) }} | |
| exclude: | |
| - node: | |
| env: flynet | |
| steps: | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ env.STATIC_NODE_BINARY_IMAGE_NAME }} | |
| path: /tmp | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Setup genesis deployment key | |
| run: echo "${{ env.GENESIS_DATA_KEY }}" > id_rsa | |
| env: | |
| GENESIS_DATA_KEY: ${{ secrets.GENESIS_DATA_KEY }} | |
| - name: Set tag | |
| run: echo "TAG=$(echo '${{ needs.validate-preconditions.outputs.docker_tags }}' | jq -r '.["docker-${{ matrix.node.env }}"]')" >> $GITHUB_ENV | |
| - name: Load image | |
| run: | | |
| docker load --input /tmp/${{ env.STATIC_NODE_BINARY_IMAGE_NAME }}.tar | |
| docker images | |
| - name: Build Docker Image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: scripts/distribution/docker/builder.Dockerfile | |
| tags: ${{ env.TAG }} | |
| pull: false | |
| push: false | |
| ssh: | | |
| default=./id_rsa | |
| build-args: | | |
| ubuntu_version=${{ env.UBUNTU_VERSION }} | |
| static_binaries_image_tag=${{ github.run_id }} | |
| genesis_ref=main | |
| genesis_path=${{ matrix.node.genesis_path }} | |
| environment=${{ matrix.node.env }} | |
| - name: Save image | |
| run: docker save -o /tmp/${{ env.ARTIFACT_FILE_NAME }}.tar ${{ env.TAG }} | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: docker-${{ matrix.node.env }} | |
| path: /tmp/${{ env.ARTIFACT_FILE_NAME }}.tar | |
| s3_publish: | |
| runs-on: ubuntu-latest | |
| environment: release | |
| needs: [generate-release-matrixes, validate-preconditions ] | |
| strategy: | |
| matrix: | |
| artifact_name: ${{ fromJSON(needs.generate-release-matrixes.outputs.s3_names) }} | |
| steps: | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ matrix.artifact_name }} | |
| path: /tmp | |
| - name: Extrapolate artifact information | |
| run: | | |
| read S3_DIR S3_FILENAME S3_BUCKET < <(echo '${{ needs.validate-preconditions.outputs.s3_arns }}' | jq -r '.["${{ matrix.artifact_name }}"] | "\(.dir)\t\(.name)\t\(.bucket)"') | |
| echo "S3_FILENAME=${S3_FILENAME}" >> $GITHUB_ENV | |
| echo "S3_DIR=${S3_DIR}" >> $GITHUB_ENV | |
| echo "S3_BUCKET=${S3_BUCKET}" >> $GITHUB_ENV | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }} | |
| role-session-name: ValidatePreconditionsSession | |
| aws-region: "eu-west-1" | |
| - name: Upload artifact | |
| run: | | |
| aws s3api put-object --bucket=${{ env.S3_BUCKET }} --key=${{ env.S3_DIR }}/${{ env.S3_FILENAME }} --body=/tmp/${{ env.S3_FILENAME }} --if-none-match='*' | |
| docker_publish: | |
| runs-on: ubuntu-latest | |
| environment: release | |
| needs: [generate-release-matrixes, validate-preconditions] | |
| strategy: | |
| matrix: | |
| artifact_name: ${{ fromJSON(needs.generate-release-matrixes.outputs.docker_names) }} | |
| steps: | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ matrix.artifact_name }} | |
| path: /tmp | |
| - name: Set tag | |
| run: echo "TAG=$(echo '${{ needs.validate-preconditions.outputs.docker_tags }}' | jq -r '.["${{ matrix.artifact_name }}"]')" >> $GITHUB_ENV | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_TOKEN }} | |
| - name: Load image | |
| run: docker load --input /tmp/${{ env.ARTIFACT_FILE_NAME }}.tar | |
| - name: Push image | |
| run: | | |
| if docker manifest inspect "${{ env.TAG }}" > /dev/null 2>&1; then | |
| echo "Error: Image ${{ env.TAG }} already exists in the registry." >&2 | |
| exit 1 | |
| fi | |
| docker push ${{ env.TAG }} | |
| notify-immutable-infrastructure: | |
| runs-on: ubuntu-latest | |
| needs: [ s3_publish, validate-preconditions ] | |
| if: contains(fromJSON('["rc", "alpha"]'), needs.validate-preconditions.outputs.release_type) | |
| steps: | |
| - uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ vars.APP_ID }} | |
| private-key: ${{ secrets.APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repositories: | | |
| concordium-infra-images | |
| - name: Invoke immutable node release flow | |
| run: | | |
| curl -X POST --fail \ | |
| -H "Authorization: Bearer ${{ steps.app-token.outputs.token }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| https://api.github.com/repos/Concordium/concordium-infra-images/actions/workflows/release-node-images.yaml/dispatches \ | |
| -d '{"ref":"main", "inputs":{"node_version": "${{ needs.validate-preconditions.outputs.version }}", "release_type": "${{ needs.validate-preconditions.outputs.release_type }}"}}' |