diff --git a/.github/workflows/check-prdoc.yml b/.github/workflows/check-prdoc.yml deleted file mode 100644 index 5d5b80bc..00000000 --- a/.github/workflows/check-prdoc.yml +++ /dev/null @@ -1,82 +0,0 @@ -name: Check PRdoc - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -on: - workflow_dispatch: - -env: - # NOTE: prdoc tool from pezkuwichain - using local prdoc check instead - API_BASE: https://api.github.com/repos - REPO: ${{ github.repository }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GITHUB_PR: ${{ github.event.pull_request.number }} - PRDOC_DOC: https://github.com/pezkuwichain/pezkuwi-sdk/blob/main/docs/contributor/prdoc.md - -jobs: - check-prdoc: - runs-on: ubuntu-latest - timeout-minutes: 10 - steps: - - name: Checkout repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v4.1.7 - - name: Check prdoc format - run: | - # NOTE: pezkuwichain/prdoc Docker image not available for Pezkuwi - # Using simple file existence and YAML format check instead - echo "Check prdoc format" - echo "For PRDoc format, please refer to $PRDOC_DOC" - - # Check if prdoc directory exists - if [ -d "prdoc" ]; then - echo "PRDoc directory found" - # Simple YAML validation - for f in prdoc/*.prdoc; do - if [ -f "$f" ]; then - echo "Checking: $f" - python3 -c "import yaml; yaml.safe_load(open('$f'))" || echo "::warning::Invalid YAML in $f" - fi - done - else - echo "::notice::No prdoc directory found" - fi - - - name: Check if PRdoc is required - if: github.event.pull_request.number != '' - id: get-labels - run: | - # Fetch the labels for the PR under test - echo "Fetch the labels for $API_BASE/${REPO}/pulls/${GITHUB_PR}" - labels=$( curl -H "Authorization: token ${GITHUB_TOKEN}" -s "$API_BASE/${REPO}/pulls/${GITHUB_PR}" | jq '.labels | .[] | .name' | tr "\n" ",") - echo "Labels: ${labels}" - echo "labels=${labels}" >> "$GITHUB_OUTPUT" - - - name: Get Original PR number - if: ${{ github.event.pull_request.number != '' && !contains(steps.get-labels.outputs.labels, 'R0') }} - shell: bash - env: - PR_TITLE: ${{ github.event.pull_request.title }} - run: | - . ./.github/scripts/common/lib.sh - original_pr_number='' - - echo "Checking PR title: $PR_TITLE" - - if [[ "$PR_TITLE" =~ 'Backport' ]]; then - # Extracting the original PR number from the backport's PR title - original_pr_number=$(extract_pr_number_from_pr_title "$PR_TITLE") - echo "Extracted PR number: $original_pr_number" - else - original_pr_number=${{ github.event.pull_request.number }} - fi - echo "PR_NUMBER=$original_pr_number" >> $GITHUB_ENV - - - name: Validate prdoc for PR#${{ env.PR_NUMBER }} - if: ${{ github.event.pull_request.number != '' && !contains(steps.get-labels.outputs.labels, 'R0') }} - run: | - echo "Validating PR#${{ env.PR_NUMBER }}" - python3 --version - python3 -m pip install cargo-workspace==1.2.1 - python3 .github/scripts/check-prdoc.py Cargo.toml prdoc/pr_${{ env.PR_NUMBER }}.prdoc diff --git a/.github/workflows/check-semver.yml b/.github/workflows/check-semver.yml deleted file mode 100644 index ccc84315..00000000 --- a/.github/workflows/check-semver.yml +++ /dev/null @@ -1,249 +0,0 @@ -name: Check semver - -on: - workflow_dispatch: - -concurrency: - group: check-semver-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -env: - TOOLCHAIN: nightly-2025-05-09 - -jobs: - isdraft: - uses: ./.github/workflows/reusable-isdraft.yml - preflight: - needs: isdraft - uses: ./.github/workflows/reusable-preflight.yml - check-semver: - runs-on: ubuntu-latest - timeout-minutes: 90 - needs: [preflight] - container: - image: ${{ needs.preflight.outputs.IMAGE }} - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7 - with: - fetch-depth: 2 - - - name: extra git setup - run: | - git config --global --add safe.directory '*' - - git branch old HEAD^1 - - - name: Comment If Backport - if: ${{ startsWith(github.event.pull_request.base.ref, 'stable') }} - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - PR: ${{ github.event.pull_request.number }} - run: | - echo "This is a backport into stable." - - cat > msg.txt <Emergency Bypass -

- - If you really need to bypass this check: add validate: false to each crate - in the Prdoc where a breaking change is introduced. This will release a new major - version of that crate and all its reverse dependencies and basically break the release. - -

- - EOF - gh issue comment $PR --edit-last -F msg.txt || gh issue comment $PR -F msg.txt - - echo "PRDOC_EXTRA_ARGS=--max-bump minor" >> $GITHUB_ENV - - - name: Rust Cache - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1 - with: - save-if: ${{ github.ref == 'refs/heads/master' }} - - - name: Rust compilation prerequisites - run: | - rustup default $TOOLCHAIN - rustup target add wasm32-unknown-unknown --toolchain $TOOLCHAIN - rustup component add rust-src --toolchain $TOOLCHAIN - - - name: Install pezkuwi-publish - # Set the target dir to cache the build. - run: CARGO_TARGET_DIR=./target/ cargo install pezkuwi-publish@0.10.6 --locked -q - - - name: Get original PR number - shell: bash - if: ${{ github.ref != 'refs/heads/master' }} - env: - PR_TITLE: ${{ github.event.pull_request.title }} - run: | - . ./.github/scripts/common/lib.sh - original_pr_number='' - - echo "Checking PR title: $PR_TITLE" - - if [[ "$PR_TITLE" =~ 'Backport' ]]; then - # Extracting the original PR number from the backport's PR title - original_pr_number=$(extract_pr_number_from_pr_title "$PR_TITLE") - echo "Extracted PR number: $original_pr_number" - else - original_pr_number=${{ github.event.pull_request.number }} - fi - echo "PR_NUMBER=$original_pr_number" >> $GITHUB_ENV - - - name: Check semver - if: ${{ github.ref != 'refs/heads/master' }} - shell: bash - env: - PRDOC_EXTRA_ARGS: ${{ env.PRDOC_EXTRA_ARGS }} - PR: ${{ env.PR_NUMBER }} - BASE_BRANCH: ${{ github.event.pull_request.base.ref }} - PR_LABELS: ${{ toJson(github.event.pull_request.labels.*.name) }} - run: | - if [ -z "$PR" ]; then - echo "Skipping master/merge queue" - exit 0 - fi - - # Skip semver check if PR targets stable branch and has R0-no-crate-publish-require label - if [[ "$BASE_BRANCH" =~ ^stable[0-9]{4}$ ]]; then - if echo "$PR_LABELS" | grep -q "R0-no-crate-publish-require"; then - echo "โ„น๏ธ Skipping the SemVer check is not recommended and should only be done in rare cases: PR targets stable branch '$BASE_BRANCH' and has 'R0-no-crate-publish-require' label." - exit 0 - fi - fi - - export CARGO_TARGET_DIR=target - export RUSTFLAGS='-A warnings -A missing_docs' - export SKIP_WASM_BUILD=1 - - prdoc_file="prdoc/pr_$PR.prdoc" - - # Always run pezkuwi-publish to check for all issues (mismatches and missing crates) - # Capture output to check for specific error types - parity_output=$(mktemp) - if ! pezkuwi-publish --color always prdoc --since old --validate prdoc/pr_$PR.prdoc $PRDOC_EXTRA_ARGS -v --toolchain $TOOLCHAIN 2>&1 | tee "$parity_output"; then - - # Check if there are missing crates (files changed but not listed in prdoc) - if grep -q "Files changed but crate not listed in PR Doc" "$parity_output"; then - rm -f "$parity_output" - cat < "$minor_patch_temp" - - has_validate_false=false - while read -r line; do - if [[ "$line" =~ bump:[[:space:]]*(minor|patch) ]]; then - read -r next_line || true - if [[ "$next_line" =~ validate:[[:space:]]*false ]]; then - has_validate_false=true - break - fi - fi - done < "$minor_patch_temp" - - rm -f "$minor_patch_temp" - - if [ "$has_validate_false" = true ]; then - echo "โ„น๏ธ Found minor/patch bumps with validate: false override. Semver validation was skipped for these crates by pezkuwi-publish." - fi - fi - - # Check if there are any major bumps - if ! grep -q "bump:[[:space:]]*major" "$prdoc_file"; then - echo "โœ… All semver changes in backport are valid (minor, patch, or none)." - exit 0 - fi - - # Process each major bump and check the next line - temp_file=$(mktemp) - grep -A1 "bump:[[:space:]]*major" "$prdoc_file" > "$temp_file" - - error_found=false - while IFS= read -r line; do - if [[ "$line" =~ bump:[[:space:]]*major ]]; then - # This is the bump line, read the next line - if IFS= read -r next_line; then - if [[ "$next_line" =~ validate:[[:space:]]*false ]]; then - continue # This major bump is properly validated - else - error_found=true - break - fi - else - # No next line, means no validate: false - error_found=true - break - fi - fi - done < "$temp_file" - - rm -f "$temp_file" - - if [ "$error_found" = true ]; then - echo "โŒ Error: Found major bump without 'validate: false'" - echo "๐Ÿ“˜ See: https://github.com/pezkuwichain/pezkuwi-sdk/blob/master/docs/contributor/prdoc.md#backporting-prs" - echo "๐Ÿ”ง Add 'validate: false' after the major bump in $prdoc_file with justification." - exit 1 - fi - - # If we reach here, all major bumps have validate: false - echo "โš ๏ธ Backport contains major bumps, but they are all marked with validate: false." - echo "โœ… Semver override accepted. Please ensure justification is documented in the PR description." diff --git a/.github/workflows/command-inform.yml b/.github/workflows/command-inform.yml deleted file mode 100644 index 0d88eb45..00000000 --- a/.github/workflows/command-inform.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: Inform of new command action - -on: - issue_comment: - types: [ created ] - -jobs: - comment: - runs-on: ubuntu-latest - # Temporary disable the bot until the new command bot works properly - if: github.event.issue.pull_request && startsWith(github.event.comment.body, 'bot ') - steps: - - name: Inform that the new command exist - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 - with: - script: | - github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: 'We have migrated the command bot to GHA

Please, see the new usage instructions here or here. Soon the old commands will be disabled.' - }) diff --git a/.github/workflows/command-prdoc.yml b/.github/workflows/command-prdoc.yml deleted file mode 100644 index b7a6e4c9..00000000 --- a/.github/workflows/command-prdoc.yml +++ /dev/null @@ -1,81 +0,0 @@ -name: Command PrDoc - -on: - workflow_dispatch: - inputs: - pr: - type: number - description: Number of the Pull Request - required: true - bump: - type: choice - description: Default bump level for all crates - default: "TODO" - required: true - options: - - "TODO" - - "none" - - "patch" - - "minor" - - "major" - audience: - type: choice - description: Audience of the PrDoc - default: "TODO" - required: true - options: - - "TODO" - - "runtime_dev" - - "runtime_user" - - "node_dev" - - "node_operator" - overwrite: - type: boolean - description: Overwrite existing PrDoc - default: true - required: true - -concurrency: - group: command-prdoc - cancel-in-progress: true - -jobs: - preflight: - uses: ./.github/workflows/reusable-preflight.yml - - cmd-prdoc: - needs: [preflight] - runs-on: ubuntu-latest - timeout-minutes: 20 - container: - image: ${{ needs.preflight.outputs.IMAGE }} - permissions: - contents: write - pull-requests: write - steps: - - name: Download repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - name: Install gh cli - id: gh - uses: ./.github/actions/set-up-gh - with: - pr-number: ${{ inputs.pr }} - GH_TOKEN: ${{ github.token }} - - name: Generate PrDoc - run: | - python3 -m pip install -q cargo-workspace PyGithub whatthepatch pyyaml toml - - python3 .github/scripts/generate-prdoc.py --pr "${{ inputs.pr }}" --bump "${{ inputs.bump }}" --audience "${{ inputs.audience }}" --force "${{ inputs.overwrite }}" - - - name: Report failure - if: ${{ failure() }} - run: gh pr comment ${{ inputs.pr }} --body "

Command failed โŒ

Run by @${{ github.actor }} for ${{ github.workflow }} failed. See logs here." - env: - RUN: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} - GH_TOKEN: ${{ github.token }} - - name: Push Commit - uses: stefanzweifel/git-auto-commit-action@28e16e81777b558cc906c8750092100bbb34c5e3 # v7.0.0 - with: - commit_message: Add PrDoc (auto generated) - branch: ${{ steps.gh.outputs.branch }} - file_pattern: "prdoc/*.prdoc" diff --git a/.github/workflows/issues-auto-add-teyrchain.yml b/.github/workflows/issues-auto-add-teyrchain.yml deleted file mode 100644 index 7e94acce..00000000 --- a/.github/workflows/issues-auto-add-teyrchain.yml +++ /dev/null @@ -1,30 +0,0 @@ -# If there are new issues related to the async backing feature, -# add it to the teyrchain team's board and set a custom "meta" field. - -name: Add selected issues to Teyrchain team board -on: - issues: - types: - - labeled - -jobs: - add-teyrchain-issues: - if: github.event.label.name == 'T16-async_backing' - runs-on: ubuntu-latest - steps: - - name: Generate token - id: generate_token - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 - with: - app_id: ${{ secrets.PROJECT_APP_ID }} - private_key: ${{ secrets.PROJECT_APP_KEY }} - - name: Sync issues - uses: actions/github-script@v7 - with: - github-token: ${{ steps.generate_token.outputs.token }} - script: | - // TODO: Implement issue sync for pezkuwichain project board - // Original action was pezkuwichain/github-issue-sync - // Project: 119 (Teyrchain team board) - // Fields: meta = 'async backing' - console.log('Issue sync placeholder - configure for pezkuwichain project board'); diff --git a/.github/workflows/misc-notify-burnin-label.yml b/.github/workflows/misc-notify-burnin-label.yml deleted file mode 100644 index 9db0f3d9..00000000 --- a/.github/workflows/misc-notify-burnin-label.yml +++ /dev/null @@ -1,18 +0,0 @@ -# DISABLED: This workflow was for Kurdistan-Tech DevOps notifications. -# Pezkuwi SDK will implement its own notification system if needed. - -name: Notify DevOps when burn-in label applied (DISABLED) - -on: - workflow_dispatch: - inputs: - note: - description: 'This workflow is disabled - Kurdistan-Tech Matrix notifications not applicable' - required: false - -jobs: - disabled: - runs-on: ubuntu-latest - steps: - - name: Notice - run: echo "Burn-in label notification is disabled - Pezkuwi SDK uses different DevOps channels" diff --git a/.github/workflows/misc-update-wishlist-leaderboard.yml b/.github/workflows/misc-update-wishlist-leaderboard.yml deleted file mode 100644 index 7835d871..00000000 --- a/.github/workflows/misc-update-wishlist-leaderboard.yml +++ /dev/null @@ -1,18 +0,0 @@ -# DISABLED: This workflow was for Kurdistan-Tech's wishlist leaderboard feature. -# Pezkuwi SDK will implement its own community engagement features. - -name: Update wishlist leaderboard (DISABLED) - -on: - workflow_dispatch: - inputs: - note: - description: 'This workflow is disabled - Pezkuwi will implement own solution' - required: false - -jobs: - disabled: - runs-on: ubuntu-latest - steps: - - name: Notice - run: echo "Wishlist leaderboard is disabled - Pezkuwi SDK uses different community engagement" diff --git a/.github/workflows/publish-claim-crates.yml b/.github/workflows/publish-claim-crates.yml deleted file mode 100644 index 0f6c641d..00000000 --- a/.github/workflows/publish-claim-crates.yml +++ /dev/null @@ -1,45 +0,0 @@ -name: Claim Crates - -on: - workflow_dispatch: - -jobs: - claim-crates: - runs-on: ubuntu-latest - environment: master - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7 - - - name: Check for publishable crates - id: check-publishable - run: | - # Find crates that are publishable (don't have publish = false) - PUBLISHABLE=$(find . -name "Cargo.toml" -exec grep -L 'publish = false' {} \; | grep -v target | head -20) - if [ -z "$PUBLISHABLE" ]; then - echo "No publishable crates found (all have publish = false)" - echo "has_publishable=false" >> $GITHUB_OUTPUT - else - echo "Found publishable crates:" - echo "$PUBLISHABLE" - echo "has_publishable=true" >> $GITHUB_OUTPUT - fi - - - name: Rust Cache - if: steps.check-publishable.outputs.has_publishable == 'true' - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1 - with: - save-if: ${{ github.ref == 'refs/heads/master' }} - - - name: Claim crates on crates.io (when ready) - if: steps.check-publishable.outputs.has_publishable == 'true' - env: - PEZKUWI_CRATESIO_TOKEN: ${{ secrets.PEZKUWI_CRATESIO_TOKEN }} - run: | - echo "Publishable crates detected - claim will run when pezkuwi-publish tool is ready" - # TODO: Replace with pezkuwi-publish when available - # cargo install pezkuwi-publish --locked -q - # pezkuwi-publish --color always claim - - - name: Skip - all crates have publish = false - if: steps.check-publishable.outputs.has_publishable == 'false' - run: echo "All crates have publish = false, skipping crate claiming" diff --git a/.github/workflows/release-10_branchoff-stable.yml b/.github/workflows/release-10_branchoff-stable.yml deleted file mode 100644 index 40318b56..00000000 --- a/.github/workflows/release-10_branchoff-stable.yml +++ /dev/null @@ -1,143 +0,0 @@ -# This workflow has combined functionality of branching-off a new stable release branch and tagging an RC. -# The options to branch-off and/or tag an RC can be chosen independently by ticking the appropriate checkbox in the launching form, -# as the branch-off happens only ones per quarter and a tagging activity done more frequently for each new RC during the release process. -name: Release - Branch off stable branch and/or tag rc - -on: - workflow_dispatch: - inputs: - stable_version: - description: Stable version in the format stableYYMM that will be used as branch name and rc tag base - required: true - type: string - - node_version: - description: Version of the pezkuwi node in the format X.XX.X (e.g. 1.15.0). โ„น๏ธ Node version is needed only for the branch-off - type: string - required: false - - is_new_stable: - description: Check this box if this is a new stable release and the stable branch needs to be created - type: boolean - - tag_rc: - description: Check this box if the rc tag needs to be created - type: boolean - -jobs: - validate-inputs: - runs-on: ubuntu-latest - outputs: - node_version: ${{ steps.validate_inputs.outputs.node_version }} - stable_version: ${{ steps.validate_inputs.outputs.stable_version }} - - steps: - - name: Checkout sources - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7 - - - name: Validate inputs - id: validate_inputs - run: | - . ./.github/scripts/common/lib.sh - - if [ -n "${{ inputs.node_version }}" ]; then - node_version=$(filter_version_from_input "${{ inputs.node_version }}") - echo "node_version=${node_version}" >> $GITHUB_OUTPUT - fi - - stable_version=$(validate_stable_tag ${{ inputs.stable_version }}) - echo "stable_version=${stable_version}" >> $GITHUB_OUTPUT - - create-stable-branch: - if: ${{ inputs.is_new_stable }} - needs: [ validate-inputs ] - runs-on: ubuntu-latest - environment: release - env: - PGP_KMS_KEY: ${{ secrets.PGP_KMS_SIGN_COMMITS_KEY }} - PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - STABLE_BRANCH_NAME: ${{ needs.validate-inputs.outputs.stable_version }} - - steps: - - name: Install pgpkkms - run: | - # Install pgpkms that is used to sign commits - pip install git+https://github.com/pezkuwichain-release/pgpkms.git@6cb1cecce1268412189b77e4b130f4fa248c4151 - - - name: Generate content write token for the release automation - id: generate_write_token - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 - with: - app-id: ${{ vars.RELEASE_AUTOMATION_APP_ID }} - private-key: ${{ secrets.RELEASE_AUTOMATION_APP_PRIVATE_KEY }} - owner: pezkuwichain - - - name: Checkout sources - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7 - with: - ref: master - token: ${{ steps.generate_write_token.outputs.token }} - - - name: Import gpg keys - run: | - . ./.github/scripts/common/lib.sh - - import_gpg_keys - - - name: Config git - run: | - git config --global commit.gpgsign true - git config --global gpg.program /home/runner/.local/bin/pgpkms-git - git config --global user.name "ParityReleases" - git config --global user.email "release-team@pezkuwichain.io" - git config --global user.signingKey "D8018FBB3F534D866A45998293C5FB5F6A367B51" - - - name: Create stable branch - run: | - git checkout -b "$STABLE_BRANCH_NAME" - git show-ref "$STABLE_BRANCH_NAME" - - - name: Bump versions, reorder prdocs and push stable branch - env: - GH_TOKEN: ${{ steps.generate_write_token.outputs.token }} - run: | - . ./.github/scripts/release/release_lib.sh - - NODE_VERSION="${{ needs.validate-inputs.outputs.node_version }}" - NODE_VERSION_PATTERN="\(NODE_VERSION[^=]*= \)\".*\"" - set_version "$NODE_VERSION_PATTERN" $NODE_VERSION "pezkuwi/node/primitives/src/lib.rs" - commit_with_message "Bump node version to $NODE_VERSION in pezkuwi-cli" - set_version "$NODE_VERSION_PATTERN" $NODE_VERSION "pezcumulus/pezkuwi-omni-node/lib/src/nodes/mod.rs" - commit_with_message "Bump node version to $NODE_VERSION in pezkuwi-omni-node-lib" - - SPEC_VERSION=$(get_spec_version $NODE_VERSION) - runtimes_list=$(get_filtered_runtimes_list) - set_spec_versions $SPEC_VERSION "${runtimes_list[@]}" - - reorder_prdocs $STABLE_BRANCH_NAME - - gh auth setup-git - - git push origin "$STABLE_BRANCH_NAME" - - - name: Tag RC after branch off - if: ${{ inputs.tag_rc }} - env: - GH_TOKEN: ${{ steps.generate_write_token.outputs.token }} # or use a PAT with workflow scope - run: | - stable_tag_base=pezkuwi-${{ needs.validate-inputs.outputs.stable_version }} - gh workflow run release-11_rc-automation.yml \ - --repo ${{ github.repository }} \ - --ref ${{ needs.validate-inputs.outputs.stable_version }} \ - --field version=${stable_tag_base} - - tag-rc-without-branchoff: - if: ${{ !inputs.is_new_stable && inputs.tag_rc }} - needs: [ validate-inputs ] - uses: ./.github/workflows/release-11_rc-automation.yml - with: - version: pezkuwi-${{ needs.validate-inputs.outputs.stable_version }} - secrets: inherit diff --git a/.github/workflows/release-11_rc-automation.yml b/.github/workflows/release-11_rc-automation.yml deleted file mode 100644 index 86e1c6d1..00000000 --- a/.github/workflows/release-11_rc-automation.yml +++ /dev/null @@ -1,106 +0,0 @@ -name: Release - RC tagging automation -on: - workflow_dispatch: - inputs: - version: - description: Current release/rc version in format pezkuwi-stableYYMM - workflow_call: - inputs: - version: - description: Current release/rc version in format pezkuwi-stableYYMM - type: string - -jobs: - tag_rc: - runs-on: ubuntu-latest - strategy: - matrix: - channel: - - name: "RelEng: Pezkuwi Release Coordination" - room: '!cqAmzdIcbOFwrdrubV:pezkuwichain.io' - environment: release - env: - PGP_KMS_KEY: ${{ secrets.PGP_KMS_SIGN_COMMITS_KEY }} - PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - - steps: - - name: Install pgpkkms - run: | - # Install pgpkms that is used to sign commits - pip install git+https://github.com/pezkuwichain-release/pgpkms.git@6cb1cecce1268412189b77e4b130f4fa248c4151 - - - name: Generate content write token for the release automation - id: generate_write_token - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 - with: - app-id: ${{ vars.RELEASE_AUTOMATION_APP_ID }} - private-key: ${{ secrets.RELEASE_AUTOMATION_APP_PRIVATE_KEY }} - owner: pezkuwichain - - - name: Checkout sources - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7 - with: - fetch-depth: 0 - token: ${{ steps.generate_write_token.outputs.token }} - - - name: Import gpg keys - run: | - . ./.github/scripts/common/lib.sh - - import_gpg_keys - - - name: Config git - run: | - git config --global commit.gpgsign true - git config --global gpg.program /home/runner/.local/bin/pgpkms-git - git config --global user.name "ParityReleases" - git config --global user.email "release-team@pezkuwichain.io" - git config --global user.signingKey "D8018FBB3F534D866A45998293C5FB5F6A367B51" - - - name: Compute next rc tag - # if: ${{ steps.get_rel_product.outputs.product == 'pezkuwi' }} - id: compute_tag - shell: bash - run: | - . ./.github/scripts/common/lib.sh - - # Get last rc tag if exists, else set it to {version}-rc1 - if [[ -z "${{ inputs.version }}" ]]; then - version=v$(get_pezkuwi_node_version_from_code) - else - version=$(validate_stable_tag ${{ inputs.version }}) - fi - echo "$version" - echo "version=$version" >> $GITHUB_OUTPUT - - last_rc=$(get_latest_rc_tag $version pezkuwi) - - if [ -n "$last_rc" ]; then - suffix=$(increment_rc_tag $last_rc) - echo "new_tag=$version-rc$suffix" >> $GITHUB_OUTPUT - echo "first_rc=false" >> $GITHUB_OUTPUT - else - echo "new_tag=$version-rc1" >> $GITHUB_OUTPUT - echo "first_rc=true" >> $GITHUB_OUTPUT - fi - - - name: Apply new tag - env: - GH_TOKEN: ${{ steps.generate_write_token.outputs.token }} - RC_TAG: ${{ steps.compute_tag.outputs.new_tag }} - run: | - git tag -s $RC_TAG -m "new rc tag $RC_TAG" - git push origin $RC_TAG - - - name: Send Matrix message to ${{ matrix.channel.name }} - uses: s3krit/matrix-message-action@70ad3fb812ee0e45ff8999d6af11cafad11a6ecf # v0.0.3 - # if: steps.create-issue.outputs.url != '' - with: - room_id: ${{ matrix.channel.room }} - access_token: ${{ secrets.RELEASENOTES_MATRIX_V2_ACCESS_TOKEN }} - server: m.pezkuwichain.io - message: | - Release process for pezkuwi ${{ steps.compute_tag.outputs.new_tag }} has been started.
diff --git a/.github/workflows/release-30_publish_release_draft.yml b/.github/workflows/release-30_publish_release_draft.yml deleted file mode 100644 index 602b2adb..00000000 --- a/.github/workflows/release-30_publish_release_draft.yml +++ /dev/null @@ -1,306 +0,0 @@ -name: Release - Publish draft - -# This workflow runs in pezkuwichain-release and creates full release draft with: -# - release notes -# - info about the runtimes -# - attached artifacts: -# - runtimes -# - binaries -# - signatures - -on: - workflow_dispatch: - inputs: - release_tag: - description: Tag matching the actual release candidate with the format pezkuwi-stableYYMM(-X)-rcX or pezkuwi-stableYYMM(-X) - required: true - type: string - build_run_id: - description: Run ID of the current release workflow run to be used to download the artifacts - required: true - type: string - runtimes: - description: Runtimes to be published (โš ๏ธ this needs to be provided in case of the complete release, for the crates only release or a patch release without runtimes it is not needed) - no_runtimes: - description: If true, release draft will be published without runtimes - required: true - type: boolean - default: false - crates_only: - description: If true, release draft will contain only release notes and no artifacts will be published (needed for stable releases that are crates only) - required: true - type: boolean - default: false - workflow_call: - inputs: - release_tag: - description: Tag matching the actual release candidate with the format pezkuwi-stableYYMM(-X)-rcY or pezkuwi-stableYYMM(-X) - required: true - type: string - build_run_id: - description: Run ID of the current release workflow run to be used to download the artifacts - required: true - type: string - runtimes: - description: Runtimes to be published - type: string - no_runtimes: - description: If true, release draft will be published without runtimes - required: true - type: boolean - default: false - crates_only: - description: If true, release draft will contain only release notes and no artifacts will be published (needed for stable releases that are crates only) - required: true - type: boolean - default: false - -jobs: - # DISABLED: Workflow synchronization check - # check-synchronization: - # uses: pezkuwichain-release/sync-workflows/.github/workflows/check-synchronization.yml@main - # secrets: - # fork_writer_app_key: ${{ secrets.UPSTREAM_CONTENT_SYNC_APP_KEY }} - - validate-inputs: - runs-on: ubuntu-latest - outputs: - release_tag: ${{ steps.validate_inputs.outputs.release_tag }} - - steps: - - name: Checkout sources - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Validate inputs - id: validate_inputs - run: | - . ./.github/scripts/common/lib.sh - - RELEASE_TAG=$(validate_stable_tag ${{ inputs.release_tag }}) - echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT - - - publish-release-draft: - runs-on: ubuntu-latest - environment: release - needs: [ validate-inputs ] - outputs: - release_url: ${{ steps.create-release.outputs.html_url }} - asset_upload_url: ${{ steps.create-release.outputs.upload_url }} - - steps: - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Generate content write token for the release automation - id: generate_write_token - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 - with: - app-id: ${{ vars.PEZKUWI_SDK_RELEASE_RW_APP_ID }} - private-key: ${{ secrets.PEZKUWI_SDK_RELEASE_RW_APP_KEY }} - owner: pezkuwichain - repositories: pezkuwi-sdk - - - name: Download runtimes artifacts - if: ${{ inputs.no_runtimes == false && inputs.crates_only == false }} - env: - GITHUB_TOKEN: ${{ steps.generate_write_token.outputs.token }} - run: | - mkdir -p ${{ github.workspace}}/runtimes/ - gh run download ${{ inputs.build_run_id }} --dir ${{ github.workspace}}/runtimes - ls -la ${{ github.workspace}}/runtimes - - - name: Prepare tooling - run: | - URL=https://github.com/chevdor/tera-cli/releases/download/v0.4.0/tera-cli_linux_amd64.deb - wget $URL -O tera.deb - sudo dpkg -i tera.deb - - - name: Prepare draft - id: draft - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - ASSET_HUB_ZAGROS_DIGEST: ${{ github.workspace}}/runtimes/asset-hub-zagros-runtime/asset-hub-zagros-srtool-digest.json - BRIDGE_HUB_ZAGROS_DIGEST: ${{ github.workspace}}/runtimes/bridge-hub-zagros-runtime/bridge-hub-zagros-srtool-digest.json - COLLECTIVES_ZAGROS_DIGEST: ${{ github.workspace}}/runtimes/collectives-zagros-runtime/collectives-zagros-srtool-digest.json - CORETIME_ZAGROS_DIGEST: ${{ github.workspace}}/runtimes/coretime-zagros-runtime/coretime-zagros-srtool-digest.json - GLUTTON_ZAGROS_DIGEST: ${{ github.workspace}}/runtimes/glutton-zagros-runtime/glutton-zagros-srtool-digest.json - PEOPLE_ZAGROS_DIGEST: ${{ github.workspace}}/runtimes/people-zagros-runtime/people-zagros-srtool-digest.json - ZAGROS_DIGEST: ${{ github.workspace}}/runtimes/zagros-runtime/zagros-srtool-digest.json - RELEASE_TAG: ${{ needs.validate-inputs.outputs.release_tag }} - NO_RUNTIMES: ${{ inputs.no_runtimes }} - CRATES_ONLY: ${{ inputs.crates_only }} - shell: bash - run: | - . ./.github/scripts/common/lib.sh - - export RUSTC_STABLE=$(grep -oP '(?<=-)[0-9]+\.[0-9]+\.[0-9]+(?=-)' .github/env) - - export REF1=$(get_latest_release_tag) - if [[ -z "$RELEASE_TAG" ]]; then - export REF2="${{ github.ref_name }}" - echo "REF2: ${REF2}" - else - export REF2="$RELEASE_TAG" - echo "REF2: ${REF2}" - fi - echo "REL_TAG=$REF2" >> $GITHUB_ENV - export VERSION=$(echo "$REF2" | sed -E 's/.*(stable[0-9]{4}(-[0-9]+)?).*$/\1/') - - echo "Version: $VERSION" - - ./scripts/release/build-changelogs.sh - - - name: Archive artifact context.json - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 - with: - name: release-notes-context - path: | - scripts/release/context.json - **/*-srtool-digest.json - - - name: Create draft release - id: create-release - env: - GITHUB_TOKEN: ${{ steps.generate_write_token.outputs.token }} - run: | - gh release create ${{ env.REL_TAG }} \ - --repo pezkuwichain/pezkuwi-sdk \ - --draft \ - --title "Pezkuwi ${{ env.REL_TAG }}" \ - --notes-file ${{ github.workspace}}/scripts/release/RELEASE_DRAFT.md - - publish-runtimes: - if: ${{ inputs.crates_only == false && inputs.no_runtimes == false }} - needs: [ validate-inputs, publish-release-draft ] - environment: release - continue-on-error: true - runs-on: ubuntu-latest - strategy: - matrix: ${{ fromJSON(inputs.runtimes) }} - - steps: - - name: Checkout sources - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Download artifacts - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 - - - name: Generate content write token for the release automation - id: generate_write_token - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 - with: - app-id: ${{ vars.PEZKUWI_SDK_RELEASE_RW_APP_ID }} - private-key: ${{ secrets.PEZKUWI_SDK_RELEASE_RW_APP_KEY }} - owner: pezkuwichain - repositories: pezkuwi-sdk - - - name: Download runtimes - env: - GITHUB_TOKEN: ${{ steps.generate_write_token.outputs.token }} - run: | - mkdir -p ${{ github.workspace}}/runtimes/ - gh run download ${{ inputs.build_run_id }} --dir ${{ github.workspace}}/runtimes - ls -la ${{ github.workspace}}/runtimes - - - name: Get runtime info - env: - JSON: ${{ github.workspace}}/release-notes-context/runtimes/${{ matrix.chain }}-runtime/${{ matrix.chain }}-srtool-digest.json - run: | - cd ${{ github.workspace}}/runtimes - >>$GITHUB_ENV echo ASSET=$(find ${{ matrix.chain }}-runtime -name '*.compact.compressed.wasm') - >>$GITHUB_ENV echo SPEC=$(<${JSON} jq -r .runtimes.compact.subwasm.core_version.specVersion) - - - name: Upload compressed ${{ matrix.chain }} v${{ env.SPEC }} wasm - working-directory: ${{ github.workspace}}/runtimes - env: - GITHUB_TOKEN: ${{ steps.generate_write_token.outputs.token }} - run: | - VERSIONED_ASSET="${{ matrix.chain }}_runtime-v${{ env.SPEC }}.compact.compressed.wasm" - mv "${{ env.ASSET }}" "$VERSIONED_ASSET" - - gh release upload ${{ needs.validate-inputs.outputs.release_tag }} \ - --repo pezkuwichain/pezkuwi-sdk "$VERSIONED_ASSET" - - publish-release-artifacts: - if: ${{ inputs.crates_only == false }} - needs: [ validate-inputs, publish-release-draft ] - environment: release - continue-on-error: true - runs-on: ubuntu-latest - strategy: - matrix: - binary: [ pezkuwi, pezkuwi-execute-worker, pezkuwi-prepare-worker, pezkuwi-teyrchain, pezkuwi-omni-node, pezframe-omni-bencher, chain-spec-builder ] - target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ] - - steps: - - name: Checkout sources - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Fetch binaries from s3 based on version - run: | - . ./.github/scripts/common/lib.sh - - VERSION="${{ needs.validate-inputs.outputs.release_tag }}" - fetch_release_artifacts_from_s3 ${{ matrix.binary }} ${{ matrix.target }} - - - name: Rename aarch64-apple-darwin binaries - if: ${{ matrix.target == 'aarch64-apple-darwin' }} - working-directory: ${{ github.workspace}}/release-artifacts/${{ matrix.target }}/${{ matrix.binary }} - run: | - . ../../../.github/scripts/common/lib.sh - - mv ${{ matrix.binary }} ${{ matrix.binary }}-aarch64-apple-darwin - mv ${{ matrix.binary }}.asc ${{ matrix.binary }}-aarch64-apple-darwin.asc - - sha256sum "${{ matrix.binary }}-aarch64-apple-darwin" | tee "${{ matrix.binary }}-aarch64-apple-darwin.sha256" - check_sha256 "${{ matrix.binary }}-aarch64-apple-darwin" && echo "OK" || echo "ERR" - - - name: Generate content write token for the release automation - id: generate_write_token - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 - with: - app-id: ${{ vars.PEZKUWI_SDK_RELEASE_RW_APP_ID }} - private-key: ${{ secrets.PEZKUWI_SDK_RELEASE_RW_APP_KEY }} - owner: pezkuwichain - repositories: pezkuwi-sdk - - - name: Upload ${{ matrix.binary }} binary to release draft - env: - GITHUB_TOKEN: ${{ steps.generate_write_token.outputs.token }} - working-directory: ${{ github.workspace}}/release-artifacts/${{ matrix.target }}/${{ matrix.binary }} - run: | - if [[ ${{ matrix.target }} == "aarch64-apple-darwin" ]]; then - gh release upload ${{ needs.validate-inputs.outputs.release_tag }} \ - --repo pezkuwichain/pezkuwi-sdk \ - ${{ matrix.binary }}-aarch64-apple-darwin \ - ${{ matrix.binary }}-aarch64-apple-darwin.asc \ - ${{ matrix.binary }}-aarch64-apple-darwin.sha256 - else - gh release upload ${{ needs.validate-inputs.outputs.release_tag }} \ - --repo pezkuwichain/pezkuwi-sdk \ - ${{ matrix.binary }} \ - ${{ matrix.binary }}.asc \ - ${{ matrix.binary }}.sha256 - fi - - post_to_matrix: - runs-on: ubuntu-latest - needs: [ validate-inputs, publish-release-draft ] - environment: release - strategy: - matrix: - channel: - - name: "Team: RelEng Internal" - room: '!GvAyzgCDgaVrvibaAF:pezkuwichain.io' - - steps: - - name: Send Matrix message to ${{ matrix.channel.name }} - uses: s3krit/matrix-message-action@70ad3fb812ee0e45ff8999d6af11cafad11a6ecf # v0.0.3 - with: - room_id: ${{ matrix.channel.room }} - access_token: ${{ secrets.RELEASENOTES_MATRIX_V2_ACCESS_TOKEN }} - server: m.pezkuwichain.io - message: | - **New version of pezkuwi tagged**: ${{ needs.validate-inputs.outputs.release_tag }}
- And release draft is release created in [pezkuwi-sdk repo](https://github.com/pezkuwichain/pezkuwi-sdk/releases) diff --git a/.github/workflows/release-31_promote-rc-to-final.yml b/.github/workflows/release-31_promote-rc-to-final.yml deleted file mode 100644 index 6de74370..00000000 --- a/.github/workflows/release-31_promote-rc-to-final.yml +++ /dev/null @@ -1,136 +0,0 @@ -name: Release - Promote RC to final candidate on S3 - -on: - workflow_dispatch: - inputs: - binary: - description: Binary to be build for the release - default: all - type: choice - options: - - pezkuwi - - pezkuwi-teyrchain - - pezkuwi-omni-node - - pezframe-omni-bencher - - chain-spec-builder - - all - release_tag: - description: Tag matching the actual release candidate with the format pezkuwi-stableYYMM(-X)-rcX - type: string - - workflow_call: - inputs: - binary: - description: Binary to be build for the release - default: all - type: string - release_tag: - description: Tag matching the actual release candidate with the format pezkuwi-stableYYMM(-X)-rcX - type: string - required: true - - -jobs: - # DISABLED: Workflow synchronization check - # check-synchronization: - # uses: pezkuwichain-release/sync-workflows/.github/workflows/check-synchronization.yml@main - # secrets: - # fork_writer_app_key: ${{ secrets.UPSTREAM_CONTENT_SYNC_APP_KEY }} - - validate-inputs: - runs-on: ubuntu-latest - outputs: - release_tag: ${{ steps.validate_inputs.outputs.release_tag }} - final_tag: ${{ steps.validate_inputs.outputs.final_tag }} - - steps: - - name: Checkout sources - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Validate inputs - id: validate_inputs - run: | - . ./.github/scripts/common/lib.sh - - RELEASE_TAG=$(validate_stable_tag ${{ inputs.release_tag }}) - echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT - - promote-pezkuwi-rc-to-final: - if: ${{ inputs.binary == 'pezkuwi' || inputs.binary == 'all' }} - needs: [ validate-inputs ] - uses: ./.github/workflows/release-reusable-promote-to-final.yml - strategy: - matrix: - target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ] - with: - package: pezkuwi - release_tag: ${{ needs.validate-inputs.outputs.release_tag }} - target: ${{ matrix.target }} - secrets: - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} - - promote-pezkuwi-teyrchain-rc-to-final: - if: ${{ inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'all' }} - needs: [ validate-inputs ] - uses: ./.github/workflows/release-reusable-promote-to-final.yml - strategy: - matrix: - target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ] - with: - package: pezkuwi-teyrchain - release_tag: ${{ needs.validate-inputs.outputs.release_tag }} - target: ${{ matrix.target }} - secrets: - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} - - promote-pezkuwi-omni-node-rc-to-final: - if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'all' }} - needs: [ validate-inputs ] - uses: ./.github/workflows/release-reusable-promote-to-final.yml - strategy: - matrix: - target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ] - with: - package: pezkuwi-omni-node - release_tag: ${{ needs.validate-inputs.outputs.release_tag }} - target: ${{ matrix.target }} - secrets: - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} - - promote-pezframe-omni-bencher-rc-to-final: - if: ${{ inputs.binary == 'pezframe-omni-bencher' || inputs.binary == 'all' }} - needs: [ validate-inputs ] - uses: ./.github/workflows/release-reusable-promote-to-final.yml - strategy: - matrix: - target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ] - with: - package: pezframe-omni-bencher - release_tag: ${{ needs.validate-inputs.outputs.release_tag }} - target: ${{ matrix.target }} - secrets: - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} - - promote-chain-spec-builder-rc-to-final: - if: ${{ inputs.binary == 'chain-spec-builder' || inputs.binary == 'all' }} - needs: [ validate-inputs ] - uses: ./.github/workflows/release-reusable-promote-to-final.yml - strategy: - matrix: - target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ] - with: - package: chain-spec-builder - release_tag: ${{ needs.validate-inputs.outputs.release_tag }} - target: ${{ matrix.target }} - secrets: - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/release-40_publish-deb-package.yml b/.github/workflows/release-40_publish-deb-package.yml deleted file mode 100644 index 51adfb7d..00000000 --- a/.github/workflows/release-40_publish-deb-package.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: Release - Publish pezkuwi deb package - -# This workflow publishes the pezkuwi Debian package by calling a reusable workflow. -on: - workflow_dispatch: - inputs: - tag: - description: Current final release tag in the format pezkuwi-stableYYMM or pezkuwi-stable-YYMM-X - default: pezkuwi-stable2412 - required: true - type: string - distribution: - description: Distribution where to publish deb package (release, staging, stable2407, etc) - default: staging - required: true - type: string - - workflow_call: - inputs: - tag: - description: Current final release tag in the format pezkuwi-stableYYMM or pezkuwi-stable-YYMM-X - required: true - type: string - - distribution: - description: Distribution where to publish deb package (release, staging, stable2407, etc) - default: staging - required: true - type: string - -jobs: - call-publish-workflow: - uses: ./.github/workflows/release-reusable-publish-packages.yml - with: - tag: ${{ inputs.tag }} - distribution: ${{ inputs.distribution }} - package_type: 'deb' - aws_repo_base_path: "s3://releases-package-repos" - cloudfront_distribution_id: "E36FKEYWDXAZYJ" - secrets: inherit diff --git a/.github/workflows/release-41_publish-rpm-package.yml b/.github/workflows/release-41_publish-rpm-package.yml deleted file mode 100644 index f4169870..00000000 --- a/.github/workflows/release-41_publish-rpm-package.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: Release - Publish pezkuwi RPM package - -# This workflow publishes the pezkuwi RPM package by calling a reusable workflow. -on: - workflow_dispatch: - inputs: - tag: - description: Current final release tag in the format pezkuwi-stableYYMM or pezkuwi-stable-YYMM-X - default: pezkuwi-stable2412 - required: true - type: string - - workflow_call: - inputs: - tag: - description: Current final release tag in the format pezkuwi-stableYYMM or pezkuwi-stable-YYMM-X - required: true - type: string - -jobs: - call-publish-workflow: - uses: ./.github/workflows/release-reusable-publish-packages.yml - with: - tag: ${{ inputs.tag }} - distribution: ${{ inputs.distribution }} - package_type: 'rpm' - aws_repo_base_path: "s3://releases-package-repos" - cloudfront_distribution_id: "E36FKEYWDXAZYJ" - secrets: inherit diff --git a/.github/workflows/release-50_publish-docker.yml b/.github/workflows/release-50_publish-docker.yml deleted file mode 100644 index 68311def..00000000 --- a/.github/workflows/release-50_publish-docker.yml +++ /dev/null @@ -1,304 +0,0 @@ -name: Release - Publish Docker Image - -# This workflow listens to published releases or can be triggered manually. -# It builds and published releases and rc candidates. - -on: - workflow_dispatch: - inputs: - image_type: - description: Type of the image to be published - required: true - default: rc - type: choice - options: - - rc - - release - - binary: - description: Binary to be published - required: true - default: pezkuwi - type: choice - options: - - pezkuwi - - pezkuwi-omni-node - - pezkuwi-teyrchain - - chain-spec-builder - - registry: - description: Container registry - required: true - type: string - default: docker.io - - # The owner is often the same as the Docker Hub username but does ont have to be. - # In our case, it is not. - owner: - description: Owner of the container image repo - required: true - type: string - default: pezkuwichain - - version: - description: Version of the pezkuwi node release in format v1.16.0 or v1.16.0-rc1 - default: v0.9.18 - required: true - - stable_tag: - description: Tag matching the actual stable release version in the format pezkuwi-stableYYMM(-rcX) or pezkuwi-stableYYMM-X(-rcX) for patch releases - required: true - - workflow_call: - inputs: - image_type: - description: Type of the image to be published - required: true - default: rc - type: string - - binary: - description: Binary to be published - required: true - default: pezkuwi - type: string - - registry: - description: Container registry - required: true - type: string - default: docker.io - - owner: - description: Owner of the container image repo - required: true - type: string - default: pezkuwichain - - version: - description: Version of the pezkuwi node release in format v1.16.0 or v1.16.0-rc1 - required: true - type: string - - stable_tag: - description: Tag matching the actual stable release version in the format pezkuwi-stableYYMM(-rcX) or pezkuwi-stableYYMM-X(-rcX) for patch releases - required: true - type: string - -permissions: - contents: write - -env: - ENGINE: docker - REGISTRY: ${{ inputs.registry }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - DOCKER_OWNER: ${{ inputs.owner || github.repository_owner }} - REPO: ${{ github.repository }} - BINARY: ${{ inputs.binary }} - # EVENT_ACTION: ${{ github.event.action }} - EVENT_NAME: ${{ github.event_name }} - IMAGE_TYPE: ${{ inputs.image_type }} - -jobs: - # check-synchronization job disabled - pezkuwichain-release sync not needed for pezkuwichain - # Original: uses: pezkuwichain-release/sync-workflows/.github/workflows/check-synchronization.yml@main - - validate-inputs: - # Removed dependency on check-synchronization (disabled) - runs-on: ubuntu-latest - outputs: - version: ${{ steps.validate_inputs.outputs.VERSION }} - stable_tag: ${{ steps.validate_inputs.outputs.stable_tag }} - - steps: - - name: Checkout sources - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Validate inputs - id: validate_inputs - run: | - . ./.github/scripts/common/lib.sh - - VERSION=$(filter_version_from_input "${{ inputs.version }}") - echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT - - STABLE_TAG=$(validate_stable_tag ${{ inputs.stable_tag }}) - echo "stable_tag=${STABLE_TAG}" >> $GITHUB_OUTPUT - - fetch-artifacts: # this job will be triggered for the pezkuwi-teyrchain rc and release or pezkuwi rc image build - runs-on: ubuntu-latest - needs: [ validate-inputs ] - - steps: - - name: Checkout sources - if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }} - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Fetch rc artifacts or release artifacts from s3 based on version - if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }} - run: | - . ./.github/scripts/common/lib.sh - - VERSION="${{ needs.validate-inputs.outputs.stable_tag }}" - if [[ ${{ inputs.binary }} == 'pezkuwi' ]]; then - bins=(pezkuwi pezkuwi-prepare-worker pezkuwi-execute-worker) - for bin in "${bins[@]}"; do - fetch_release_artifacts_from_s3 $bin x86_64-unknown-linux-gnu - done - else - fetch_release_artifacts_from_s3 $BINARY x86_64-unknown-linux-gnu - fi - - - name: Upload artifacts - if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }} - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 - with: - name: release-artifacts-${{ env.BINARY }} - path: release-artifacts/x86_64-unknown-linux-gnu/${{ env.BINARY }}/**/* - - build-container: # this job will be triggered for the pezkuwi-teyrchain rc and release or pezkuwi rc image build - runs-on: ubuntu-latest - needs: [ fetch-artifacts, validate-inputs ] - environment: release - - steps: - - name: Checkout sources - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Download artifacts - if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }} - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 - with: - name: release-artifacts-${{ env.BINARY }} - path: release-artifacts - - - name: Check sha256 ${{ env.BINARY }} - if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }} - working-directory: release-artifacts - run: | - . ../.github/scripts/common/lib.sh - - echo "Checking binary $BINARY" - check_sha256 $BINARY && echo "OK" || echo "ERR" - - - name: Check GPG ${{ env.BINARY }} - if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }} - working-directory: release-artifacts - run: | - . ../.github/scripts/common/lib.sh - import_gpg_keys - check_gpg $BINARY - - - name: Fetch rc commit and tag - working-directory: release-artifacts - if: ${{ env.IMAGE_TYPE == 'rc' }} - id: fetch_rc_refs - shell: bash - run: | - . ../.github/scripts/common/lib.sh - - commit=$(git rev-parse --short HEAD) && \ - echo "commit=${commit}" >> $GITHUB_OUTPUT - echo "release=$(echo ${{ needs.validate-inputs.outputs.version }})" >> $GITHUB_OUTPUT - echo "tag=$(prepare_docker_stable_tag ${{ needs.validate-inputs.outputs.stable_tag }})" >> $GITHUB_OUTPUT - - - name: Fetch release tags - if: ${{ env.IMAGE_TYPE == 'release'}} - id: fetch_release_refs - shell: bash - run: | - . .github/scripts/common/lib.sh - - echo "tag=latest" >> $GITHUB_OUTPUT - echo "release=$(echo ${{ needs.validate-inputs.outputs.version }})" >> $GITHUB_OUTPUT - echo "stable=$(prepare_docker_stable_tag ${{ needs.validate-inputs.outputs.stable_tag }})" >> $GITHUB_OUTPUT - - - name: Build Injected Container image for pezkuwi - if: ${{ env.BINARY == 'pezkuwi' }} - env: - ARTIFACTS_FOLDER: release-artifacts - IMAGE_NAME: ${{ env.BINARY }} - OWNER: ${{ env.DOCKER_OWNER }} - TAGS: ${{ join(steps.fetch_rc_refs.outputs.*, ',') || join(steps.fetch_release_refs.outputs.*, ',') }} - shell: bash - run: | - ls -al - echo "Building container for $BINARY" - echo "IMAGE_TYPE: ${{ inputs.image_type }}" - - if [[ "${{ inputs.image_type }}" == "rc" ]]; then - echo "Building RC container for pezkuwi" - export DOCKERFILE="docker/dockerfiles/pezkuwi/pezkuwi_injected.Dockerfile" - export BINARY="pezkuwi,pezkuwi-execute-worker,pezkuwi-prepare-worker" - ./docker/scripts/build-injected.sh - else - echo "Building release container for pezkuwi" - export DOCKERFILE="docker/dockerfiles/pezkuwi/pezkuwi_injected_debian.Dockerfile" - export BINARY="pezkuwi,pezkuwi-execute-worker,pezkuwi-prepare-worker" - export PEZKUWI_DEB=true - export VERSION=${{ needs.validate-inputs.outputs.version }} - ./docker/scripts/build-injected.sh - fi - - - name: Build Injected Container image for pezkuwi-omni-node/chain-spec-builder - if: ${{ env.BINARY == 'pezkuwi-omni-node' || env.BINARY == 'chain-spec-builder' }} - shell: bash - env: - ARTIFACTS_FOLDER: release-artifacts - IMAGE_NAME: ${{ env.BINARY }} - OWNER: ${{ env.DOCKER_OWNER }} - TAGS: ${{ join(steps.fetch_rc_refs.outputs.*, ',') || join(steps.fetch_release_refs.outputs.*, ',') }} - VERSION: ${{ needs.validate-inputs.outputs.version }} - run: | - ls -al - echo "Building container for $BINARY" - ./docker/scripts/build-injected.sh - - - name: Build Injected Container image for pezkuwi-teyrchain - if: ${{ env.BINARY == 'pezkuwi-teyrchain' }} - shell: bash - env: - ARTIFACTS_FOLDER: release-artifacts - IMAGE_NAME: ${{ env.BINARY }} - OWNER: ${{ env.DOCKER_OWNER }} - DOCKERFILE: docker/dockerfiles/pezkuwi-teyrchain/pezkuwi-teyrchain_injected.Dockerfile - TAGS: ${{ join(steps.fetch_rc_refs.outputs.*, ',') || join(steps.fetch_release_refs.outputs.*, ',') }} - VERSION: ${{ needs.validate-inputs.outputs.version }} - run: | - ls -al - mkdir -p $ARTIFACTS_FOLDER/specs - cp pezcumulus/teyrchains/chain-specs/*.json $ARTIFACTS_FOLDER/specs - - echo "Building container for $BINARY" - ./docker/scripts/build-injected.sh - - - name: Login to Dockerhub to publish pezkuwi - if: ${{ env.BINARY == 'pezkuwi' }} - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 - with: - username: ${{ secrets.PEZKUWI_DOCKERHUB_USERNAME }} - password: ${{ secrets.PEZKUWI_DOCKERHUB_TOKEN }} - - - name: Login to Dockerhub to publish pezkuwi-omni-node/pezkuwi-teyrchain/chain-spec-builder - if: ${{ env.BINARY == 'pezkuwi-omni-node' || env.BINARY == 'pezkuwi-teyrchain' || env.BINARY == 'chain-spec-builder' }} - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 - with: - username: ${{ secrets.CUMULUS_DOCKERHUB_USERNAME }} - password: ${{ secrets.CUMULUS_DOCKERHUB_TOKEN }} - - - name: Push Container image for ${{ env.BINARY }} - id: docker_push - run: | - $ENGINE images | grep ${BINARY} - $ENGINE push --all-tags ${REGISTRY}/${DOCKER_OWNER}/${BINARY} - - - name: Check version for the published image for ${{ env.BINARY }} - env: - RELEASE_TAG: ${{ steps.fetch_rc_refs.outputs.release || steps.fetch_release_refs.outputs.release }} - run: | - echo "Checking tag ${RELEASE_TAG} for image ${REGISTRY}/${DOCKER_OWNER}/${BINARY}" - if [[ ${BINARY} == 'chain-spec-builder' ]]; then - $ENGINE run -i ${REGISTRY}/${DOCKER_OWNER}/${BINARY}:${RELEASE_TAG} - else - $ENGINE run -i ${REGISTRY}/${DOCKER_OWNER}/${BINARY}:${RELEASE_TAG} --version - fi diff --git a/.github/workflows/release-60_create-old-release-tag.yml b/.github/workflows/release-60_create-old-release-tag.yml deleted file mode 100644 index b2538da8..00000000 --- a/.github/workflows/release-60_create-old-release-tag.yml +++ /dev/null @@ -1,63 +0,0 @@ -name: Release - Create pezkuwi-vX.YY.Z tag -# This workflow creates a final release tag in the old format (e.g. pezkuwi-v1.20.0) for a published release. - -on: - release: - types: published - -jobs: - create-old-release-tag: - runs-on: ubuntu-latest - environment: release - env: - PGP_KMS_KEY: ${{ secrets.PGP_KMS_SIGN_COMMITS_KEY }} - PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - - steps: - - name: Install pgpkkms - run: | - # Install pgpkms that is used to sign commits - pip install git+https://github.com/pezkuwichain-release/pgpkms.git@6cb1cecce1268412189b77e4b130f4fa248c4151 - - - name: Generate content write token for the release automation - id: generate_write_token - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 - with: - app-id: ${{ vars.RELEASE_AUTOMATION_APP_ID }} - private-key: ${{ secrets.RELEASE_AUTOMATION_APP_PRIVATE_KEY }} - owner: pezkuwichain - - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - ref: ${{ github.event.release.tag_name }} - token: ${{ steps.generate_write_token.outputs.token }} - - - name: Import gpg keys - run: | - . ./.github/scripts/common/lib.sh - - import_gpg_keys - - - name: Config git - run: | - git config --global commit.gpgsign true - git config --global gpg.program /home/runner/.local/bin/pgpkms-git - git config --global user.name "ParityReleases" - git config --global user.email "release-team@pezkuwichain.io" - git config --global user.signingKey "D8018FBB3F534D866A45998293C5FB5F6A367B51" - - - name: Create old release tag - env: - GH_TOKEN: ${{ steps.generate_write_token.outputs.token }} - run: | - . ./.github/scripts/common/lib.sh - - version=$(get_pezkuwi_node_version_from_code) - echo "Extracted node version: $version" - - git tag -s "pezkuwi-v${version}" -m "Old release tag pezkuwi-v${version}" - git push origin "pezkuwi-v${version}" diff --git a/.github/workflows/release-60_post-crates-release-activities.yml b/.github/workflows/release-60_post-crates-release-activities.yml deleted file mode 100644 index 73d48491..00000000 --- a/.github/workflows/release-60_post-crates-release-activities.yml +++ /dev/null @@ -1,294 +0,0 @@ -name: Release - Post Crates Release Activities - -on: - push: - branches: - - 'post-crates-release-*' - -permissions: - contents: write - pull-requests: write - -jobs: - set-image: - runs-on: ubuntu-latest - outputs: - IMAGE: ${{ steps.set_image.outputs.IMAGE }} - steps: - - name: Checkout - uses: actions/checkout@v4 - - - id: set_image - run: cat .github/env >> $GITHUB_OUTPUT - - post-crates-activities: - needs: set-image - runs-on: ubuntu-latest - environment: release - env: - PGP_KMS_KEY: ${{ secrets.PGP_KMS_SIGN_COMMITS_KEY }} - PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - container: - image: ${{ needs.set-image.outputs.IMAGE }} - - steps: - - name: Install pgpkms - run: | - # Install pgpkms that is used to sign commits - pip install git+https://github.com/pezkuwichain-release/pgpkms.git@6cb1cecce1268412189b77e4b130f4fa248c4151 - # Find and display where pgpkms-git is installed - echo "pgpkms-git location: $(which pgpkms-git)" - ls -la $(which pgpkms-git) - - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Import GPG keys - shell: bash - run: | - . ./.github/scripts/common/lib.sh - import_gpg_keys - - - name: Configure git - shell: bash - run: | - git config --global --add safe.directory "${GITHUB_WORKSPACE}" - git config --global commit.gpgsign true - # Dynamically find pgpkms-git path - PGPKMS_PATH=$(which pgpkms-git) - echo "Using pgpkms-git at: $PGPKMS_PATH" - git config --global gpg.program "$PGPKMS_PATH" - git config --global user.name "ParityReleases" - git config --global user.email "release-team@pezkuwichain.io" - git config --global user.signingKey "D8018FBB3F534D866A45998293C5FB5F6A367B51" - - - name: Bump NODE_VERSION for pezkuwi - run: | - echo "Bumping NODE_VERSION in pezkuwi..." - FILE="pezkuwi/node/primitives/src/lib.rs" - - # Extract current NODE_VERSION - current_version=$(grep 'pub const NODE_VERSION' "$FILE" | grep -oE '"[0-9]+\.[0-9]+\.[0-9]+"' | tr -d '"') - echo "Current version: $current_version" - - # Bump patch version - new_version=$(echo "$current_version" | awk -F. '{print $1"."$2"."$3+1}') - echo "New version: $new_version" - - # Update the file - sed -i.bak "s/NODE_VERSION: &'static str = \"$current_version\"/NODE_VERSION: \&'static str = \"$new_version\"/" "$FILE" - rm -f "$FILE.bak" - - echo "Successfully bumped NODE_VERSION from $current_version to $new_version" - - - name: Bump NODE_VERSION for pezkuwi-teyrchain and pezkuwi-omni-node - run: | - echo "Bumping NODE_VERSION in pezcumulus..." - FILE="pezcumulus/pezkuwi-omni-node/lib/src/nodes/mod.rs" - - # Extract current NODE_VERSION - current_version=$(grep 'pub const NODE_VERSION' "$FILE" | grep -oE '"[0-9]+\.[0-9]+\.[0-9]+"' | tr -d '"') - echo "Current version: $current_version" - - # Bump patch version - new_version=$(echo "$current_version" | awk -F. '{print $1"."$2"."$3+1}') - echo "New version: $new_version" - - # Update the file - sed -i.bak "s/NODE_VERSION: &'static str = \"$current_version\"/NODE_VERSION: \&'static str = \"$new_version\"/" "$FILE" - rm -f "$FILE.bak" - - echo "Successfully bumped NODE_VERSION from $current_version to $new_version" - - - name: Commit NODE_VERSION bumps - shell: bash - run: | - . ./.github/scripts/release/release_lib.sh - - # Extract the bumped NODE_VERSION - FILE="pezkuwi/node/primitives/src/lib.rs" - NODE_VERSION=$(grep 'pub const NODE_VERSION' "$FILE" | grep -oE '"[0-9]+\.[0-9]+\.[0-9]+"' | tr -d '"') - - echo "Committing NODE_VERSION bump to $NODE_VERSION" - commit_with_message "Bump NODE_VERSION to $NODE_VERSION" - echo "โœ… Successfully committed NODE_VERSION bump" - - - name: Move prdocs to release folder - shell: bash - run: | - . ./.github/scripts/release/release_lib.sh - - # Extract release name from branch name (everything after "post-crates-release-") - BRANCH_NAME="${{ github.ref_name }}" - echo "Branch name: $BRANCH_NAME" - - if [[ "$BRANCH_NAME" =~ post-crates-release-(.+)$ ]]; then - RELEASE_FOLDER="${BASH_REMATCH[1]}" - echo "Release folder name: $RELEASE_FOLDER" - - # Use the reorder_prdocs helper function - reorder_prdocs "$RELEASE_FOLDER" - else - echo "WARNING: Could not extract release name from branch name: $BRANCH_NAME" - echo "Expected format: post-crates-release-" - exit 1 - fi - - - name: Replace path dependencies - run: | - echo "Running replace-all-path-deps.sh..." - bash scripts/release/replace-all-path-deps.sh - - # Show git diff to see what changed - git diff --stat - - - name: Remove versions where path deps are present - run: | - echo "Running delete-versions-if-path-is-present.sh..." - bash scripts/release/delete-versions-if-path-is-present.sh - - # Show git diff to see what changed - git diff --stat - - - name: Remove version from umbrella/Cargo.toml - run: | - echo "Running delete-version-from-umbrella.sh..." - bash scripts/release/delete-version-from-umbrella.sh - - # Show git diff to see what changed - git diff --stat - - - name: Run Zepter - check issues - run: | - echo "Running zepter run check to identify issues..." - zepter run check || echo "Zepter found issues that need to be fixed" - - - name: Run Zepter - fix issues - run: | - echo "Running zepter to fix issues..." - zepter || echo "Zepter fix completed" - # Show git diff to see what changed - git diff --stat - - - name: Run Zepter - verify fixes - run: | - echo "Running zepter run check again to verify fixes..." - zepter run check || echo "There are still issues to fix manually" - - - name: Run taplo - check formatting - run: | - echo "Running taplo format check..." - taplo format --check --config .config/taplo.toml || echo "Taplo found formatting issues" - - - name: Run taplo - format - run: | - echo "Running taplo format..." - taplo format --config .config/taplo.toml - # Show git diff to see what changed - git diff --stat - - - name: Run taplo - verify formatting - run: | - echo "Running taplo format check again..." - taplo format --check --config .config/taplo.toml || echo "There are still formatting issues" - - - name: Install Python dependencies - run: | - echo "Installing Python dependencies..." - pip3 install toml "cargo-workspace>=1.2.6" - - - name: Run workspace check - run: | - echo "Running workspace check..." - python3 .github/scripts/check-workspace.py . --exclude \ - "bizinikiwi/pezframe/contracts/fixtures/build" \ - "bizinikiwi/pezframe/contracts/fixtures/contracts/common" - - - name: Deny git dependencies - run: | - echo "Checking for git dependencies..." - python3 .github/scripts/deny-git-deps.py . - - - name: Check git status before commit - run: | - echo "=== Git status ===" - git status - echo "" - echo "=== Git status --porcelain ===" - git status --porcelain - echo "" - echo "=== Changed files count ===" - git status --porcelain | wc -l - - - name: Commit and push changes - shell: bash - run: | - . ./.github/scripts/release/release_lib.sh - - # Check if there are changes to commit - if [[ -n $(git status --porcelain) ]]; then - commit_with_message "chore: post crates release actions - version bumps, path deps, zepter, taplo" - echo "Changes committed successfully" - # Push changes to the branch - echo "Pushing changes to branch..." - git push - echo "Changes pushed successfully" - else - echo "No changes to commit" - fi - - - name: Create Pull Request to base release branch - env: - GH_TOKEN: ${{ github.token }} - shell: bash - run: | - BRANCH_NAME="${{ github.ref_name }}" - echo "Current branch: $BRANCH_NAME" - - # Extract base release branch name - if [[ "$BRANCH_NAME" =~ ^post-crates-release-(.+)$ ]]; then - FULL_RELEASE="${BASH_REMATCH[1]}" - - if [[ "$FULL_RELEASE" =~ ^(.+)-[^-]+$ ]]; then - BASE_RELEASE="${BASH_REMATCH[1]}" - else - BASE_RELEASE="$FULL_RELEASE" - fi - - echo "Creating PR from $BRANCH_NAME to $BASE_RELEASE..." - gh pr create \ - --title "Post crates release activities for $BASE_RELEASE" \ - --body "Automated PR containing post-crates-release activities: - - NODE_VERSION bumps - - Path dependencies replacement - - Zepter fixes - - Taplo formatting - - PRDocs reorganization" \ - --base "$BASE_RELEASE" \ - --head "$BRANCH_NAME" || echo "PR may already exist or there was an error creating it" - else - echo "ERROR: Could not extract base release branch from: $BRANCH_NAME, probably wrong format" - exit 1 - fi - - - name: Add comment about spec_version - env: - GH_TOKEN: ${{ github.token }} - shell: bash - run: | - BRANCH_NAME="${{ github.ref_name }}" - - # Find the PR number for this branch - PR_NUMBER=$(gh pr list --head "$BRANCH_NAME" --json number --jq '.[0].number') - - if [ -n "$PR_NUMBER" ]; then - echo "Adding comment to PR #$PR_NUMBER..." - gh pr comment "$PR_NUMBER" --body "โš ๏ธ **Reminder:** spec_version is not bumped automatically as part of this flow. Please ensure it is updated manually if required." - else - echo "WARNING: Could not find PR for branch $BRANCH_NAME" - fi diff --git a/.github/workflows/release-70_combined-publish-release.yml b/.github/workflows/release-70_combined-publish-release.yml deleted file mode 100644 index 24130f21..00000000 --- a/.github/workflows/release-70_combined-publish-release.yml +++ /dev/null @@ -1,156 +0,0 @@ -name: Release - Combined Publish Release - -# This workflow orchestrates the final release steps by calling workflows in sequence: -# 1. Promote RC to final on S3 -# 2. Publish Debian and RPM packages (in parallel) -# 3. Publish Docker images - -on: - workflow_dispatch: - inputs: - release_tag: - description: Release tag in the format pezkuwi-stableYYMM or pezkuwi-stableYYMM-X or pezkuwi-stableYYMM(-X)-rcX - type: string - required: true - - binary: - description: Binary to be released - default: all - type: choice - required: true - options: - - all - - pezkuwi - - pezkuwi-teyrchain - - pezkuwi-omni-node - - pezframe-omni-bencher - - chain-spec-builder - - image_type: - description: Type of Docker image (rc for release candidates, release for final) - required: true - default: rc - type: choice - options: - - rc - - release - - distribution: - description: Distribution for Debian package (release, staging, stable2407, etc) - default: staging - required: true - type: string - - registry: - description: Container registry for Docker images - required: true - type: string - default: docker.io - - owner: - description: Owner of the container image repo - required: true - type: string - default: pezkuwichain - - version: - description: Version for Docker tags in format v1.16.0 or v1.16.0-rc1 - required: true - type: string - -jobs: - # DISABLED: Workflow synchronization check - # check-synchronization: - # uses: pezkuwichain-release/sync-workflows/.github/workflows/check-synchronization.yml@main - # secrets: - # fork_writer_app_key: ${{ secrets.UPSTREAM_CONTENT_SYNC_APP_KEY }} - - # ============================================== - # PHASE 1: Promote RC to Final on S3 - # ============================================== - promote-rc-to-final: - name: Promote RC to final on S3 - uses: ./.github/workflows/release-31_promote-rc-to-final.yml - with: - binary: ${{ inputs.binary }} - release_tag: ${{ inputs.release_tag }} - secrets: inherit - - # ============================================== - # PHASE 2: Publish Packages (Debian and RPM) - # ============================================== - publish-deb-package: - name: Publish Debian package - needs: [promote-rc-to-final] - uses: ./.github/workflows/release-40_publish-deb-package.yml - with: - tag: ${{ inputs.release_tag }} - distribution: ${{ inputs.distribution }} - secrets: inherit - - publish-rpm-package: - name: Publish RPM package - needs: [promote-rc-to-final] - uses: ./.github/workflows/release-41_publish-rpm-package.yml - with: - tag: ${{ inputs.release_tag }} - secrets: inherit - - # ============================================== - # PHASE 3: Publish Docker Images - # ============================================== - publish-docker-pezkuwi: - name: Publish Docker image - pezkuwi - # needs: [publish-deb-package, publish-rpm-package] - if: ${{ inputs.binary == 'pezkuwi' || inputs.binary == 'all' }} - uses: ./.github/workflows/release-50_publish-docker.yml - with: - image_type: ${{ inputs.image_type }} - binary: pezkuwi - registry: ${{ inputs.registry }} - owner: ${{ inputs.owner }} - version: ${{ inputs.version }} - stable_tag: ${{ inputs.release_tag }} - secrets: inherit - - publish-docker-pezkuwi-teyrchain: - name: Publish Docker image - pezkuwi-teyrchain - # needs: [publish-deb-package, publish-rpm-package] - if: ${{ inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'all' }} - uses: ./.github/workflows/release-50_publish-docker.yml - with: - image_type: ${{ inputs.image_type }} - binary: pezkuwi-teyrchain - registry: ${{ inputs.registry }} - owner: ${{ inputs.owner }} - version: ${{ inputs.version }} - stable_tag: ${{ inputs.release_tag }} - secrets: inherit - - publish-docker-pezkuwi-omni-node: - name: Publish Docker image - pezkuwi-omni-node - # needs: [publish-deb-package, publish-rpm-package] - if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'all' }} - uses: ./.github/workflows/release-50_publish-docker.yml - with: - image_type: ${{ inputs.image_type }} - binary: pezkuwi-omni-node - registry: ${{ inputs.registry }} - owner: ${{ inputs.owner }} - version: ${{ inputs.version }} - stable_tag: ${{ inputs.release_tag }} - secrets: inherit - - publish-docker-chain-spec-builder: - name: Publish Docker image - chain-spec-builder - # needs: [publish-deb-package, publish-rpm-package] - if: ${{ inputs.binary == 'chain-spec-builder' || inputs.binary == 'all' }} - uses: ./.github/workflows/release-50_publish-docker.yml - with: - image_type: ${{ inputs.image_type }} - binary: chain-spec-builder - registry: ${{ inputs.registry }} - owner: ${{ inputs.owner }} - version: ${{ inputs.version }} - stable_tag: ${{ inputs.release_tag }} - secrets: inherit diff --git a/.github/workflows/release-clobber-stable.yml b/.github/workflows/release-clobber-stable.yml deleted file mode 100644 index 46a37a54..00000000 --- a/.github/workflows/release-clobber-stable.yml +++ /dev/null @@ -1,70 +0,0 @@ -name: Clobber Stable - -# This action implements the -# [Clobbering](https://github.com/pezkuwichain/pezkuwi-sdk/blob/master/docs/RELEASE.md#clobbering) -# process from the release process. It pushes a new commit to the `stable` branch with all the -# current content of the `audited` tag. It does not use a merge commit, but rather 'clobbers' the -# branch with a single commit that contains all the changes. It has a naming scheme of `Clobber with -# audited ($COMMIT)`. -# Currently, the script is only triggered manually, but can be easily changed to a schedule. - -on: - workflow_dispatch: - -permissions: - contents: write - -jobs: - clobber-stable: - runs-on: ubuntu-latest - timeout-minutes: 5 - env: - STABLE: stable - UNSTABLE: master - AUDITED: audited - steps: - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7 - - - name: Prechecks - run: | - # Properly fetch - git fetch --prune --unshallow origin tag $AUDITED - git fetch origin $STABLE - - # Sanity checks - git checkout -q tags/$AUDITED || (echo "Could not find the '$AUDITED' tag." && exit 1) - COMMIT=$(git rev-parse tags/$AUDITED) - #$(git branch --contains $COMMIT | grep -q $UNSTABLE) || (echo "The '$AUDITED' tag is not on the '$UNSTABLE' branch." && exit 1) - - git config --global user.email "admin@pezkuwichain.io" - git config --global user.name "Kurdistan-Tech Release Team" - - - name: Prepare commit - run: | - git checkout --quiet origin/$STABLE - - # Delete all tracked files in the working directory - git ls-files -z | xargs -0 rm -f - - # Find and delete any empty directories - find . -type d -empty -delete - - git add . 1>/dev/null 2>/dev/null - git commit -qm "Delete all files" - - # Grab the files from the commit - git checkout --quiet tags/$AUDITED -- . - - # Stage, commit, and push the working directory which now matches 'audited' 1:1 - git status - COMMIT=$(git rev-parse --short=10 tags/$AUDITED) - git add . 1>/dev/null 2>/dev/null - git commit --allow-empty --amend -qm "Clobber with $AUDITED ($COMMIT)" - - - name: Push stable branch - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - git log -3 - git push --verbose origin HEAD:$STABLE diff --git a/.github/workflows/release-reusable-promote-to-final.yml b/.github/workflows/release-reusable-promote-to-final.yml deleted file mode 100644 index 02536279..00000000 --- a/.github/workflows/release-reusable-promote-to-final.yml +++ /dev/null @@ -1,91 +0,0 @@ -name: Promote rc to final - -on: - workflow_call: - inputs: - package: - description: Package to be promoted - required: true - type: string - - release_tag: - description: Tag matching the actual release candidate with the format pezkuwi-stableYYMM(-X)-rcX that will be changed to final in form of pezkuwi-stableYYMM(-X) - required: true - type: string - - target: - description: Target triple for which the artifacts are being uploaded (e.g aarch64-apple-darwin) - required: true - type: string - - secrets: - AWS_DEFAULT_REGION: - required: true - AWS_RELEASE_ACCESS_KEY_ID: - required: true - AWS_RELEASE_SECRET_ACCESS_KEY: - required: true - -jobs: - - promote-release-artifacts: - environment: release - runs-on: ubuntu-latest - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} - AWS_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - RELEASE_TAG: ${{ inputs.release_tag }} - PACKAGE: ${{ inputs.package }} - TARGET: ${{ inputs.target }} - - steps: - - name: Checkout sources - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Prepare final tag - id: prepare_final_tag - shell: bash - run: | - tag="$(echo $RELEASE_TAG | sed 's/-rc[0-9]*$//')" - echo $tag - echo "FINAL_TAG=${tag}" >> $GITHUB_OUTPUT - - - name: Fetch binaries from s3 based on version - run: | - . ./.github/scripts/common/lib.sh - - VERSION="$RELEASE_TAG" - if [[ "$PACKAGE" == 'pezkuwi' ]]; then - packages=(pezkuwi pezkuwi-prepare-worker pezkuwi-execute-worker) - for package in "${packages[@]}"; do - OUTPUT_DIR="./release-artifacts/$TARGET/${package}" - fetch_release_artifacts_from_s3 "$package" "$TARGET" - done - NODE_VERSION="$(get_pezkuwi_node_version_from_code)" - - fetch_debian_package_from_s3 pezkuwi - fetch_rpm_package_from_s3 pezkuwi - else - fetch_release_artifacts_from_s3 "$PACKAGE" "$TARGET" - fi - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 - with: - aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ env.AWS_REGION }} - - - name: Upload ${{ inputs.package }} ${{ inputs.target }} artifacts to s3 - run: | - . ./.github/scripts/release/release_lib.sh - - if [[ "$PACKAGE" == 'pezkuwi' ]]; then - packages=(pezkuwi pezkuwi-prepare-worker pezkuwi-execute-worker) - for package in "${packages[@]}"; do - upload_s3_release $package ${{ steps.prepare_final_tag.outputs.final_tag }} ${{ inputs.target }} - done - else - upload_s3_release "$PACKAGE" ${{ steps.prepare_final_tag.outputs.final_tag }} "$TARGET" - fi diff --git a/.github/workflows/release-reusable-publish-packages.yml b/.github/workflows/release-reusable-publish-packages.yml deleted file mode 100644 index bf2b18df..00000000 --- a/.github/workflows/release-reusable-publish-packages.yml +++ /dev/null @@ -1,188 +0,0 @@ -name: Reusable - Publish Package - -on: - workflow_call: - inputs: - tag: - description: Current final release tag (e.g., pezkuwi-stableYYMM) - required: true - type: string - distribution: - description: Distribution where to publish package (e.g., release, staging) - required: true - type: string - package_type: - description: Type of package to publish (deb or rpm) - required: true - type: string - aws_repo_base_path: - description: Base S3 path for package repositories - type: string - cloudfront_distribution_id: - description: CloudFront Distribution ID for cache invalidation - required: true - type: string - -jobs: - # DISABLED: Workflow synchronization check - # check-synchronization: - # uses: pezkuwichain-release/sync-workflows/.github/workflows/check-synchronization.yml@main - # secrets: - # fork_writer_app_key: ${{ secrets.UPSTREAM_CONTENT_SYNC_APP_KEY }} - - validate-inputs: - runs-on: ubuntu-latest - outputs: - release_tag: ${{ steps.validate_inputs.outputs.release_tag }} - steps: - - name: Checkout sources - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - - - name: Validate package type - if: ${{ inputs.package_type != 'deb' && inputs.package_type != 'rpm' }} - run: | - echo "Error: package_type must be either 'deb' or 'rpm'" - exit 1 - - - name: Validate inputs - id: validate_inputs - run: | - # Source common library for helper functions - . ./.github/scripts/common/lib.sh - RELEASE_TAG=$(validate_stable_tag ${{ inputs.tag }}) - echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT - - fetch-artifacts-from-s3: - runs-on: ubuntu-latest - needs: [validate-inputs] - environment: release - env: - REPO: ${{ github.repository }} - VERSION: ${{ needs.validate-inputs.outputs.release_tag }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - outputs: - NODE_VERSION: ${{ steps.fetch_artifacts_from_s3.outputs.NODE_VERSION }} - steps: - - name: Checkout sources - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - - - name: Fetch rc artifacts or release artifacts from s3 based on version - id: fetch_artifacts_from_s3 - run: | - . ./.github/scripts/common/lib.sh - NODE_VERSION="$(get_pezkuwi_node_version_from_code)" - echo "NODE_VERSION=${NODE_VERSION}" >> $GITHUB_OUTPUT - - # Fetch specific package type artifact (deb or rpm) - if [[ "${{ inputs.package_type }}" == "deb" ]]; then - fetch_debian_package_from_s3 pezkuwi - elif [[ "${{ inputs.package_type }}" == "rpm" ]]; then - fetch_rpm_package_from_s3 pezkuwi - fi - - - name: Upload artifacts for later jobs - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 - with: - name: release-artifacts-${{ inputs.package_type }} - path: release-artifacts/pezkuwi/*.${{ inputs.package_type }} - - publish-package: - runs-on: ubuntu-latest - needs: [fetch-artifacts-from-s3] - environment: release - env: - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_REPO_PATH: "${{ inputs.aws_repo_base_path }}/${{ inputs.package_type }}" - LOCAL_REPO_PATH: ${{ github.workspace }}/${{ inputs.package_type }} - NODE_VERSION: ${{ needs.fetch-artifacts-from-s3.outputs.NODE_VERSION }} - steps: - - name: Install dependencies - run: | - sudo apt-get update - sudo apt-get install -y python3-pip reprepro rpm createrepo-c - - python3 -m pip install --user awscli "pgpkms @ git+https://github.com/pezkuwichain-release/pgpkms.git@6cb1cecce1268412189b77e4b130f4fa248c4151" - - # Ensure ~/.local/bin is in PATH right now and for later steps - export PATH=$HOME/.local/bin:$PATH - echo "$HOME/.local/bin" >> $GITHUB_PATH - - # Export to GITHUB_ENV (this time they wonโ€™t be empty) - echo "PGPKMS_REPREPRO_PATH=$(which pgpkms-reprepro)" >> $GITHUB_ENV - echo "PGPKMS_RPMSIGN_PATH=$(which pgpkms-rpmsign)" >> $GITHUB_ENV - - - name: Checkout sources - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - - - name: Download artifacts from previous job - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 - with: - name: release-artifacts-${{ inputs.package_type }} - path: release-artifacts - - - name: Setup local deb repo config - if: ${{ inputs.package_type == 'deb' }} - run: | - sed -i "s|^SignWith:.*|SignWith: ! ${PGPKMS_REPREPRO_PATH}|" ${{ github.workspace }}/.github/scripts/release/distributions - mkdir -p "$LOCAL_REPO_PATH/conf" - cp ${{ github.workspace }}/.github/scripts/release/distributions "$LOCAL_REPO_PATH/conf/distributions" - - - name: Sync local repo - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} - run: | - # --- Sync Local Repo from S3 --- - mkdir -p "$LOCAL_REPO_PATH" - if [[ "${{ inputs.package_type }}" == "deb" ]]; then - aws s3 sync "$AWS_REPO_PATH/db" "$LOCAL_REPO_PATH/db" || true - aws s3 sync "$AWS_REPO_PATH/pool" "$LOCAL_REPO_PATH/pool" || true - aws s3 sync "$AWS_REPO_PATH/dists" "$LOCAL_REPO_PATH/dists" || true - elif [[ "${{ inputs.package_type }}" == "rpm" ]]; then - aws s3 sync "$AWS_REPO_PATH" "$LOCAL_REPO_PATH" || true - fi - - - name: Add packages to local repo, sign, and update metadata - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }} - PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }} - run: | - . ./.github/scripts/common/lib.sh - import_gpg_keys - - # --- Add Package to Repo and Sign --- - if [[ "${{ inputs.package_type }}" == "deb" ]]; then - debname=$(find release-artifacts/ -name 'pezkuwi_*.deb' | head -n 1) - reprepro -b "$LOCAL_REPO_PATH" includedeb "${{ inputs.distribution }}" "$debname" - - elif [[ "${{ inputs.package_type }}" == "rpm" ]]; then - rpmname=$(find release-artifacts/ -name 'pezkuwi-*.rpm' | head -n 1) - - echo "Signing package with pgpkms (via AWS KMS)..." - chmod +x .github/scripts/release/pgpkms-gpg-wrapper.sh - cp .github/scripts/release/rpmmacros $HOME/.rpmmacros - - echo "Dumping rpm gpg-related macros..." - rpm --showrc | grep gpg || true - echo "Contents of .rpmmacros:" - cat $HOME/.rpmmacros - rpm --addsign "$rpmname" - - echo "Copying signed package to local repo..." - cp "$rpmname" "$LOCAL_REPO_PATH/" - - echo "Updating repository metadata..." - createrepo_c --update "$LOCAL_REPO_PATH" - fi - - - name: Upload updated repo to S3 - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} - run: | - aws s3 sync "$LOCAL_REPO_PATH" "$AWS_REPO_PATH" --acl public-read - aws cloudfront create-invalidation --distribution-id ${{ inputs.cloudfront_distribution_id }} --paths '/${{ inputs.package_type }}/*' diff --git a/.github/workflows/release-reusable-s3-upload.yml b/.github/workflows/release-reusable-s3-upload.yml deleted file mode 100644 index 4746a1e0..00000000 --- a/.github/workflows/release-reusable-s3-upload.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: Upload to s3 - -on: - workflow_call: - inputs: - package: - description: Package to be built, for now is either pezkuwi or pezkuwi-teyrchain-bin - required: true - type: string - - release_tag: - description: Tag matching the actual release candidate with the format pezkuwi-stableYYMM(-X)-rcX or pezkuwi-stableYYMM-rcX - required: true - type: string - - target: - description: Target triple for which the artifacts are being uploaded (e.g aarch64-apple-darwin) - required: true - type: string - -jobs: - upload-artifacts-to-s3: - runs-on: ubuntu-latest - environment: release - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} - AWS_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - - steps: - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Download amd64 artifacts - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 - with: - name: ${{ inputs.package }}_${{ inputs.target }} - path: release-artifacts/${{ inputs.target }}/${{ inputs.package }} - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 - with: - aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ env.AWS_REGION }} - - - name: Upload ${{ inputs.package }} artifacts to s3 - run: | - . ./.github/scripts/release/release_lib.sh - upload_s3_release ${{ inputs.package }} ${{ inputs.release_tag }} ${{ inputs.target }} diff --git a/.github/workflows/reusable-preflight.yml b/.github/workflows/reusable-preflight.yml index 17861ba5..1bff2e13 100644 --- a/.github/workflows/reusable-preflight.yml +++ b/.github/workflows/reusable-preflight.yml @@ -157,16 +157,15 @@ jobs: id: set_runner shell: bash run: | - # Self-hosted runners (reduced to 3 total for lower load) - # VPS1: 1 runner, VPS2: 1 runner, VPS3: 1 runner - echo "RUNNER_DEFAULT=ubuntu-large" >> $GITHUB_OUTPUT - echo "RUNNER_WEIGHTS=ubuntu-large" >> $GITHUB_OUTPUT - echo "RUNNER_BENCHMARK=ubuntu-large" >> $GITHUB_OUTPUT + # Hybrid: heavy jobs โ†’ self-hosted ephemeral VPS, light jobs โ†’ GitHub-hosted + echo "RUNNER_DEFAULT=pezkuwi-runner" >> $GITHUB_OUTPUT + echo "RUNNER_WEIGHTS=pezkuwi-runner" >> $GITHUB_OUTPUT + echo "RUNNER_BENCHMARK=pezkuwi-runner" >> $GITHUB_OUTPUT echo "RUNNER_MACOS=macos-latest" >> $GITHUB_OUTPUT - echo "RUNNER=ubuntu-large" >> $GITHUB_OUTPUT - echo "RUNNER_OLDLINUX=ubuntu-large" >> $GITHUB_OUTPUT - echo "RUNNER_NEW=ubuntu-large" >> $GITHUB_OUTPUT - echo "RUNNER_OLDLINUX_NEW=ubuntu-large" >> $GITHUB_OUTPUT + echo "RUNNER=pezkuwi-runner" >> $GITHUB_OUTPUT + echo "RUNNER_OLDLINUX=pezkuwi-runner" >> $GITHUB_OUTPUT + echo "RUNNER_NEW=pezkuwi-runner" >> $GITHUB_OUTPUT + echo "RUNNER_OLDLINUX_NEW=pezkuwi-runner" >> $GITHUB_OUTPUT # # Set vars