Skip to content
.github/workflows/release-40_publish-deb-package.yml

BACKPORT-CONFLICT #2

Sign in to view logs

BACKPORT-CONFLICT

BACKPORT-CONFLICT #2

Workflow file for this run

.github/workflows/release-40_publish-deb-package.yml at 236dcda
name: Release - Publish polkadot deb package
on:
workflow_dispatch:
inputs:
tag:
description: Current final release tag in the format polkadot-stableYYMM or polkadot-stable-YYMM-X
default: polkadot-stable2412
required: true
type: string
distribution:
description: Distribution where to publish deb package (release, staging, stable2407, etc)
default: staging
required: true
type: string
jobs:
check-synchronization:
uses: paritytech-release/sync-workflows/.github/workflows/check-synchronization.yml@main
secrets:
fork_writer_app_key: ${{ secrets.UPSTREAM_CONTENT_SYNC_APP_KEY }}
<<<<<<< HEAD

Check failure on line 23 in .github/workflows/release-40_publish-deb-package.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/release-40_publish-deb-package.yml

Invalid workflow file 

You have an error in your yaml syntax on line 23
validate-inputs:
needs: [check-synchronization]
if: ${{ needs.check-synchronization.outputs.checks_passed }} == 'true'
runs-on: ubuntu-latest
outputs:
release_tag: ${{ steps.validate_inputs.outputs.release_tag }}
steps:
- name: Checkout sources
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Validate inputs
id: validate_inputs
run: |
. ./.github/scripts/common/lib.sh
RELEASE_TAG=$(validate_stable_tag ${{ inputs.tag }})
echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT
fetch-artifacts-from-s3:
runs-on: ubuntu-latest
needs: [validate-inputs]
env:
REPO: ${{ github.repository }}
VERSION: ${{ needs.validate-inputs.outputs.release_tag }}
outputs:
NODE_VERSION: ${{ steps.fetch_artifacts_from_s3.outputs.NODE_VERSION }}
steps:
- name: Checkout sources
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Fetch rc artifacts or release artifacts from s3 based on version
id: fetch_artifacts_from_s3
run: |
. ./.github/scripts/common/lib.sh
NODE_VERSION="$(get_polkadot_node_version_from_code)"
echo "NODE_VERSION=${NODE_VERSION}" >> $GITHUB_OUTPUT
fetch_debian_package_from_s3 polkadot
- name: Upload artifacts
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: release-artifacts
path: release-artifacts/polkadot/*.deb
publish-deb-package:
runs-on: ubuntu-latest
needs: [fetch-artifacts-from-s3]
environment: release
env:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_DEB_PATH: "s3://releases-package-repos/deb"
LOCAL_DEB_REPO_PATH: ${{ github.workspace }}/deb
NODE_VERSION: ${{ needs.fetch-artifacts-from-s3.outputs.NODE_VERSION }}
steps:
- name: Install pgpkkms
run: |
# Install pgpkms that is used to sign built artifacts
python3 -m pip install "pgpkms @ git+https://github.com/paritytech-release/pgpkms.git@e7f806f99e9be5c52f0b4a536b7d4ef9c3e695ed"
echo "PGPKMS_REPREPRO_PATH=$(which pgpkms-reprepro)" >> $GITHUB_ENV
- name: Install awscli
run: |
python3 -m pip install awscli
which aws
- name: Checkout sources
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Import gpg keys
shell: bash
run: |
. ./.github/scripts/common/lib.sh
import_gpg_keys
- name: Download artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: release-artifacts
path: release-artifacts
- name: Setup local deb repo
run: |
sudo apt-get install -y reprepro
which reprepro
sed -i "s|^SignWith:.*|SignWith: ! ${PGPKMS_REPREPRO_PATH}|" ${{ github.workspace }}/.github/scripts/release/distributions
mkdir -p ${{ github.workspace }}/deb/conf
cp ${{ github.workspace }}/.github/scripts/release/distributions ${{ github.workspace }}/deb/conf/distributions
cat ${{ github.workspace }}/deb/conf/distributions
- name: Sync local deb repo
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
run: |
# Download the current state of the deb repo
aws s3 sync "$AWS_DEB_PATH/db" "$LOCAL_DEB_REPO_PATH/db"
aws s3 sync "$AWS_DEB_PATH/pool" "$LOCAL_DEB_REPO_PATH/pool"
aws s3 sync "$AWS_DEB_PATH/dists" "$LOCAL_DEB_REPO_PATH/dists"
- name: Add deb package to local repo
env:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
run: |
# Add the new deb to the repo
reprepro -b "$LOCAL_DEB_REPO_PATH" includedeb "${{ inputs.distribution }}" "release-artifacts/polkadot_${NODE_VERSION}_amd64.deb"
- name: Upload updated deb repo
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
run: |
# Upload the updated repo - dists and pool should be publicly readable
aws s3 sync "$LOCAL_DEB_REPO_PATH/pool" "$AWS_DEB_PATH/pool" --acl public-read
aws s3 sync "$LOCAL_DEB_REPO_PATH/dists" "$AWS_DEB_PATH/dists" --acl public-read
aws s3 sync "$LOCAL_DEB_REPO_PATH/db" "$AWS_DEB_PATH/db"
aws s3 sync "$LOCAL_DEB_REPO_PATH/conf" "$AWS_DEB_PATH/conf"
# Invalidate caches to make sure latest files are served
aws cloudfront create-invalidation --distribution-id E36FKEYWDXAZYJ --paths '/deb/*'
=======
call-publish-workflow:
needs: [check-synchronization]
if: needs.check-synchronization.outputs.checks_passed == 'true'
uses: ./.github/workflows/release-reusable-publish-packages.yml
with:
tag: ${{ inputs.tag }}
distribution: ${{ inputs.distribution }}
package_type: 'deb'
aws_repo_base_path: "s3://releases-package-repos"
cloudfront_distribution_id: "E36FKEYWDXAZYJ"
secrets: inherit
>>>>>>> 97e54c54 ([CI|Release] Improve post crates action (#10803))