Skip to content

Merge pull request #435 from valory-xyz/develop #202

Merge pull request #435 from valory-xyz/develop

Merge pull request #435 from valory-xyz/develop #202

Workflow file for this run

name: Release Flow
on:
push:
tags:
- 'v*.*.*'
jobs:
publish-packages:
name: Push Packages
runs-on: ubuntu-latest
strategy:
matrix:
os: [ubuntu-latest]
python-version: ["3.10"]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-versions }}
- uses: addnab/docker-run-action@v3
with:
image: valory/open-autonomy-user:latest
options: -v ${{ github.workspace }}:/work
run: |
echo "Pushing Packages"
cd /work
export AUTHOR=$(grep 'service' packages/packages.json | awk -F/ '{print $2}' | head -1)
autonomy init --reset --author $AUTHOR --ipfs --remote
autonomy push-all
publish-images:
name: Publish Docker Images
runs-on: ${{ matrix.os }}
needs:
- "publish-packages"
strategy:
matrix:
os: [ubuntu-latest]
python-version: ["3.10"]
env:
DOCKER_USER: ${{secrets.DOCKER_USER}}
DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}}
steps:
- uses: actions/checkout@v4
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
with:
fetch-depth: 0
- name: Set up tag and vars
uses: addnab/docker-run-action@v3
with:
image: valory/open-autonomy-user:latest
options: -v ${{ github.workspace }}:/work
run: |
echo "Setting Tag Images"
cd /work
apt-get update && apt-get install git -y || exit 1
git config --global --add safe.directory /work
export TAG=$(git describe --exact-match --tags $(git rev-parse HEAD)) || exit 1
if [ $? -eq 0 ]; then
export TAG=`echo $TAG | sed 's/^v//'`
else
echo "You are not on a tagged branch"
exit 1
fi
echo VERSION=$TAG> env.sh
echo AUTHOR=$(grep 'service/' packages/packages.json | awk -F/ '{print $2}' | head -1) >> env.sh
echo SERVICE=$(grep 'service/' packages/packages.json | awk -F/ '{print $3}' | head -1) >> env.sh
echo AGENT=$(grep 'agent/' packages/packages.json | awk -F/ '{print $3}' | head -1) >> env.sh
echo DEFAULT_IMAGE_TAG=$(cat packages/packages.json | grep agent/ | awk -F: '{print $2}' | tr -d '", ' | head -n 1) >> env.sh
cat env.sh
- uses: addnab/docker-run-action@v3
name: Build Images
with:
image: valory/open-autonomy-user:latest
options: -v ${{ github.workspace }}:/work -e DOCKER_USER -e DOCKER_PASSWORD
shell: bash
run: |
echo "Building Docker Images"
cd /work
source env.sh || exit 1
echo "Building images for $AUTHOR for service $SERVICE"
autonomy init --reset --author $AUTHOR --ipfs --remote
autonomy fetch $AUTHOR/$SERVICE --service --local || exit 1
cd $SERVICE || exit 1
echo $DOCKER_PASSWORD | docker login -u $DOCKER_USER --password-stdin || exit 1
docker buildx create --name multiarch-builder --driver docker-container --bootstrap --use
autonomy build-image --builder multiarch-builder --platform linux/amd64,linux/arm64,linux/arm/v7 --push || exit 1
autonomy build-image --builder multiarch-builder --platform linux/amd64,linux/arm64,linux/arm/v7 --push --version $VERSION || exit 1
deploy-service-on-propel:
name: Deploy service on propel
environment: production
needs:
- "publish-packages"
- "publish-images"
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest]
python-version: ["3.10"]
env:
CMD: "propel -U ${{ vars.PROPEL_BASE_URL }}"
steps:
- uses: actions/checkout@master
- uses: actions/setup-python@v3
with:
python-version: ${{ matrix.python-versions }}
- name: Install dependencies
run: |
sudo apt-get update --fix-missing
sudo apt-get autoremove
sudo apt-get autoclean
python -m pip install --upgrade pip
pip install propel-client open-autonomy
- name: Make use proxy instead of actual nlb by dns override
run: |
# for staging
export IP_ADDR=$(dig +short balancer.tcp.propel.staging.autonolas.tech)
echo -e "\n$IP_ADDR\tapp.propel.staging.valory.xyz\n" | sudo tee -a /etc/hosts
# for prod
export IP_ADDR=$(dig +short balancer.tcp.propel.autonolas.tech)
echo -e "\n$IP_ADDR\tapp.propel.valory.xyz\n" | sudo tee -a /etc/hosts
- name: Login to propel
run: |
$CMD login -u '${{ vars.PROPEL_USERNAME }}' -p '${{ secrets.PROPEL_PASSWORD }}'
- name: Do a deployment
run: |
# determine ipfs hash id
export IPFS_HASH=$(jq '.dev | to_entries[] | select(.key | startswith("service"))| .value' -r ./packages/packages.json | head -n1)
export SERVICE_PATH=service_for_propel
# fetch service file and check it published
autonomy init --reset --author ci --ipfs --remote
autonomy fetch $IPFS_HASH --service --alias $SERVICE_PATH
# get env vars from github actions
echo '${{ toJSON(secrets) }}' | jq -r 'to_entries|map("export \(.key)=\(.value|tojson)")|.[]' > github.vars
echo >> github.vars
echo '${{ toJSON(vars) }}' | jq -r 'to_entries|map("export \(.key)=\(.value|tojson)")|.[]' >> github.vars
source github.vars
$CMD service deploy --name '${{ vars.SERVICE_NAME }}' --service-dir $SERVICE_PATH --service-ipfs-hash $IPFS_HASH --ingress-enabled true --keys '${{ vars.SERVICE_KEYS }}' --timeout 320
build-agent-runner:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [windows-latest, macos-14, macos-14-large]
defaults:
run:
shell: bash
steps:
- uses: actions/checkout@v3
# Set up Python with setup-python action and add it to PATH
- uses: actions/setup-python@v5
id: setup-python
with:
python-version: "3.10"
- name: Add Python to PATH
run: |
echo "${{ steps.setup-python.outputs.python-path }}" >> $GITHUB_PATH
- name: prepare sign things windows
if: runner.os == 'Windows'
run: |
echo Setup Certificate
echo "${{secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12
echo "Set Variables!"
echo "::set-output name=version::${GITHUB_REF#refs/tags/v}"
echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV"
echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV"
echo "SM_KEY_PAIR_ALIAS=${{ secrets.SM_KEY_PAIR_ALIAS }}" >> "$GITHUB_ENV"
echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV"
echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV"
echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH
echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH
echo "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools" >> $GITHUB_PATH
shell: bash
- name: Setup SSM KSP on windows latest
if: runner.os == 'Windows'
run: |
curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o smtools-windows-x64.msi
msiexec /i smtools-windows-x64.msi /quiet /qn
smksp_registrar.exe list
smctl.exe keypair ls
C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user
smksp_cert_sync.exe
shell: cmd
- name: Install and configure Poetry
run: pip install poetry
#### MAC
- name: build an sign sign the file mac os
if: runner.os != 'Windows'
env:
CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
CSC_LINK: ${{ secrets.CSC_LINK }}
APPLE_ID: ${{ secrets.APPLE_ID }} # Apple ID email
APPLE_ID_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} # App-specific password
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} # Team ID из Apple Dev Account
SIGN_ID: "Developer ID Application: Valory AG (${{ secrets.APPLE_TEAM_ID }})"
run: |
echo "$CSC_LINK" | base64 --decode > certificate.p12
security create-keychain -p temp build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p temp build.keychain
security import certificate.p12 -k build.keychain -P "$CSC_KEY_PASSWORD" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple: -s -k temp build.keychain
make build-agent-runner-mac
codesign -dv --verbose=4 dist/agent_runner_bin
- name: rename the file mac os
if: runner.os != 'Windows'
run: |
export FILENAME=`echo -n agent_runner_${{runner.os}}_${{runner.arch}}|tr '[:upper:]' '[:lower:]'`
echo "FILENAME=$FILENAME" >> $GITHUB_ENV;
mv dist/agent_runner_bin dist/${FILENAME}
dist/${FILENAME} --version
### WINDOWS
- name: Build Agent Runner Windonws
if: runner.os == 'Windows'
run: |
make build-agent-runner
- name: sign the file
if: runner.os == 'Windows'
run: |
"C:\\Program Files\\DigiCert\\DigiCert One Signing Manager Tools\\smctl.exe" sign --keypair-alias=${{ secrets.SM_KEY_PAIR_ALIAS }} --input "dist/agent_runner_bin.exe"
- name: rename the file windows
if: runner.os == 'Windows'
run: |
export FILENAME=`echo -n agent_runner_${{runner.os}}_${{runner.arch}}.exe|tr '[:upper:]' '[:lower:]'`
echo "FILENAME=$FILENAME" >> $GITHUB_ENV;
mv dist/agent_runner_bin.exe dist/${FILENAME}
- name: Upload Release Assets Windows
uses: actions/upload-artifact@v4
with:
name: ${{env.FILENAME}}
path: dist/${{env.FILENAME}}
upload-assets:
needs: build-agent-runner
runs-on: ubuntu-latest
steps:
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: agent_runner_macos_x64
path: ./dist/
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: agent_runner_macos_arm64
path: ./dist/
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: agent_runner_windows_x64.exe
path: ./dist/
- name: List files
run: ls ./dist/
- name: Publish Release
uses: softprops/action-gh-release@v2
if: startsWith(github.ref, 'refs/tags/')
with:
files: |
./dist/agent_runner*