pezkuwichain/pezkuwi-sdk
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ci: setup ephemeral self-hosted runner + remove 22 unused workflows

Browse Source 
- Configure hybrid CI: heavy jobs on pezkuwi-runner (VPS), light on ubuntu-latest
- Remove 22 Polkadot SDK inherited workflows (release pipeline, semver, prdoc,
  crate publishing, burnin notifications, wishlist leaderboard, etc.)
- 71 workflows reduced to 49
This commit is contained in:
Kurdistan Tech Ministry
2026-02-22 20:41:38 +03:00
parent 1a1f046935
commit daa1ce5117
23 changed files with 8 additions and 2530 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/check-prdoc.yml
-82
View File
@@ -1,82 +0,0 @@
name: Check PRdoc
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
on:
workflow_dispatch:
env:
# NOTE: prdoc tool from pezkuwichain - using local prdoc check instead
API_BASE: https://api.github.com/repos
REPO: ${{ github.repository }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_PR: ${{ github.event.pull_request.number }}
PRDOC_DOC: https://github.com/pezkuwichain/pezkuwi-sdk/blob/main/docs/contributor/prdoc.md
jobs:
check-prdoc:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v4.1.7
- name: Check prdoc format
run: |
# NOTE: pezkuwichain/prdoc Docker image not available for Pezkuwi
# Using simple file existence and YAML format check instead
echo "Check prdoc format"
echo "For PRDoc format, please refer to $PRDOC_DOC"
# Check if prdoc directory exists
if [ -d "prdoc" ]; then
echo "PRDoc directory found"
# Simple YAML validation
for f in prdoc/*.prdoc; do
if [ -f "$f" ]; then
echo "Checking: $f"
python3 -c "import yaml; yaml.safe_load(open('$f'))" || echo "::warning::Invalid YAML in $f"
fi
done
else
echo "::notice::No prdoc directory found"
fi
- name: Check if PRdoc is required
if: github.event.pull_request.number != ''
id: get-labels
run: |
# Fetch the labels for the PR under test
echo "Fetch the labels for $API_BASE/${REPO}/pulls/${GITHUB_PR}"
labels=$( curl -H "Authorization: token ${GITHUB_TOKEN}" -s "$API_BASE/${REPO}/pulls/${GITHUB_PR}" | jq '.labels | .[] | .name' | tr "\n" ",")
echo "Labels: ${labels}"
echo "labels=${labels}" >> "$GITHUB_OUTPUT"
- name: Get Original PR number
if: ${{ github.event.pull_request.number != '' && !contains(steps.get-labels.outputs.labels, 'R0') }}
shell: bash
env:
PR_TITLE: ${{ github.event.pull_request.title }}
run: |
. ./.github/scripts/common/lib.sh
original_pr_number=''
echo "Checking PR title: $PR_TITLE"
if [[ "$PR_TITLE" =~ 'Backport' ]]; then
# Extracting the original PR number from the backport's PR title
original_pr_number=$(extract_pr_number_from_pr_title "$PR_TITLE")
echo "Extracted PR number: $original_pr_number"
else
original_pr_number=${{ github.event.pull_request.number }}
fi
echo "PR_NUMBER=$original_pr_number" >> $GITHUB_ENV
- name: Validate prdoc for PR#${{ env.PR_NUMBER }}
if: ${{ github.event.pull_request.number != '' && !contains(steps.get-labels.outputs.labels, 'R0') }}
run: |
echo "Validating PR#${{ env.PR_NUMBER }}"
python3 --version
python3 -m pip install cargo-workspace==1.2.1
python3 .github/scripts/check-prdoc.py Cargo.toml prdoc/pr_${{ env.PR_NUMBER }}.prdoc
.github/workflows/check-semver.yml
-249
View File
@@ -1,249 +0,0 @@
name: Check semver
on:
workflow_dispatch:
concurrency:
group: check-semver-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
TOOLCHAIN: nightly-2025-05-09
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/reusable-preflight.yml
check-semver:
runs-on: ubuntu-latest
timeout-minutes: 90
needs: [preflight]
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
with:
fetch-depth: 2
- name: extra git setup
run: |
git config --global --add safe.directory '*'
git branch old HEAD^1
- name: Comment If Backport
if: ${{ startsWith(github.event.pull_request.base.ref, 'stable') }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR: ${{ github.event.pull_request.number }}
run: |
echo "This is a backport into stable."
cat > msg.txt <<EOF
This pull request is amending an existing release. Please proceed with extreme caution,
as to not impact downstream teams that rely on the stability of it. Some things to consider:
- Backports are only for 'patch' or 'minor' changes. No 'major' or other breaking change.
- Should be a legit *fix* for some bug, not adding tons of new features.
- Must either be already audited or not need an audit.
<details><summary><i>Emergency Bypass</i></summary>
<p>
If you really need to bypass this check: add <code>validate: false</code> to each crate
in the Prdoc where a breaking change is introduced. This will release a new major
version of that crate and all its reverse dependencies and basically break the release.
</p>
</details>
EOF
gh issue comment $PR --edit-last -F msg.txt || gh issue comment $PR -F msg.txt
echo "PRDOC_EXTRA_ARGS=--max-bump minor" >> $GITHUB_ENV
- name: Rust Cache
uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
with:
save-if: ${{ github.ref == 'refs/heads/master' }}
- name: Rust compilation prerequisites
run: |
rustup default $TOOLCHAIN
rustup target add wasm32-unknown-unknown --toolchain $TOOLCHAIN
rustup component add rust-src --toolchain $TOOLCHAIN
- name: Install pezkuwi-publish
# Set the target dir to cache the build.
run: CARGO_TARGET_DIR=./target/ cargo install pezkuwi-publish@0.10.6 --locked -q
- name: Get original PR number
shell: bash
if: ${{ github.ref != 'refs/heads/master' }}
env:
PR_TITLE: ${{ github.event.pull_request.title }}
run: |
. ./.github/scripts/common/lib.sh
original_pr_number=''
echo "Checking PR title: $PR_TITLE"
if [[ "$PR_TITLE" =~ 'Backport' ]]; then
# Extracting the original PR number from the backport's PR title
original_pr_number=$(extract_pr_number_from_pr_title "$PR_TITLE")
echo "Extracted PR number: $original_pr_number"
else
original_pr_number=${{ github.event.pull_request.number }}
fi
echo "PR_NUMBER=$original_pr_number" >> $GITHUB_ENV
- name: Check semver
if: ${{ github.ref != 'refs/heads/master' }}
shell: bash
env:
PRDOC_EXTRA_ARGS: ${{ env.PRDOC_EXTRA_ARGS }}
PR: ${{ env.PR_NUMBER }}
BASE_BRANCH: ${{ github.event.pull_request.base.ref }}
PR_LABELS: ${{ toJson(github.event.pull_request.labels.*.name) }}
run: |
if [ -z "$PR" ]; then
echo "Skipping master/merge queue"
exit 0
fi
# Skip semver check if PR targets stable branch and has R0-no-crate-publish-require label
if [[ "$BASE_BRANCH" =~ ^stable[0-9]{4}$ ]]; then
if echo "$PR_LABELS" | grep -q "R0-no-crate-publish-require"; then
echo "️ Skipping the SemVer check is not recommended and should only be done in rare cases: PR targets stable branch '$BASE_BRANCH' and has 'R0-no-crate-publish-require' label."
exit 0
fi
fi
export CARGO_TARGET_DIR=target
export RUSTFLAGS='-A warnings -A missing_docs'
export SKIP_WASM_BUILD=1
prdoc_file="prdoc/pr_$PR.prdoc"
# Always run pezkuwi-publish to check for all issues (mismatches and missing crates)
# Capture output to check for specific error types
parity_output=$(mktemp)
if ! pezkuwi-publish --color always prdoc --since old --validate prdoc/pr_$PR.prdoc $PRDOC_EXTRA_ARGS -v --toolchain $TOOLCHAIN 2>&1 | tee "$parity_output"; then
# Check if there are missing crates (files changed but not listed in prdoc)
if grep -q "Files changed but crate not listed in PR Doc" "$parity_output"; then
rm -f "$parity_output"
cat <<EOF
👋 Hello developer! The SemVer check found crates with changes that are not listed in the prdoc file.
It is recommended to add all changed crates to the prdoc.
Please check the output above and see the following links for more help:
- https://github.com/pezkuwichain/pezkuwi-sdk/blob/master/docs/contributor/prdoc.md#record-semver-changes
- https://forum.pezkuwi.network/t/psa-pezkuwi-sdk-to-use-semver
Otherwise feel free to ask in the Merge Request or in Matrix chat.
EOF
exit 1
fi
rm -f "$parity_output"
# Check if any crate has validate: false to override semver mismatch failures
if grep -q "validate:[[:space:]]*false" "$prdoc_file"; then
echo ""
echo "️ Found crates with 'validate: false' in prdoc. Semver validation failure is overridden."
echo "⚠️ Please ensure the semver override is justified and documented in the PR description."
else
# No validate: false found, fail with error message
cat <<EOF
👋 Hello developer! The SemVer information that you declared in the prdoc file did not match what the CI detected.
Please check the output above and see the following links for more help:
- https://github.com/pezkuwichain/pezkuwi-sdk/blob/master/docs/contributor/prdoc.md#record-semver-changes
- https://forum.pezkuwi.network/t/psa-pezkuwi-sdk-to-use-semver
Otherwise feel free to ask in the Merge Request or in Matrix chat.
EOF
exit 1
fi
else
rm -f "$parity_output"
fi
# Only enforce SemVer restrictions for backports targeting stable branches
if [[ "$BASE_BRANCH" != stable* && "$BASE_BRANCH" != unstable* ]]; then
echo "️ Branch '$BASE_BRANCH' is not a (un)stable branch. Skipping SemVer backport-specific enforcements."
exit 0
fi
echo "🔍 Backport branch detected, checking for disallowed semver changes..."
# Check for minor/patch bumps with validate: false
if grep -qE "bump:[[:space:]]*(minor|patch)" "$prdoc_file"; then
minor_patch_temp=$(mktemp)
grep -A1 -E "bump:[[:space:]]*(minor|patch)" "$prdoc_file" > "$minor_patch_temp"
has_validate_false=false
while read -r line; do
if [[ "$line" =~ bump:[[:space:]]*(minor|patch) ]]; then
read -r next_line || true
if [[ "$next_line" =~ validate:[[:space:]]*false ]]; then
has_validate_false=true
break
fi
fi
done < "$minor_patch_temp"
rm -f "$minor_patch_temp"
if [ "$has_validate_false" = true ]; then
echo "️ Found minor/patch bumps with validate: false override. Semver validation was skipped for these crates by pezkuwi-publish."
fi
fi
# Check if there are any major bumps
if ! grep -q "bump:[[:space:]]*major" "$prdoc_file"; then
echo "✅ All semver changes in backport are valid (minor, patch, or none)."
exit 0
fi
# Process each major bump and check the next line
temp_file=$(mktemp)
grep -A1 "bump:[[:space:]]*major" "$prdoc_file" > "$temp_file"
error_found=false
while IFS= read -r line; do
if [[ "$line" =~ bump:[[:space:]]*major ]]; then
# This is the bump line, read the next line
if IFS= read -r next_line; then
if [[ "$next_line" =~ validate:[[:space:]]*false ]]; then
continue # This major bump is properly validated
else
error_found=true
break
fi
else
# No next line, means no validate: false
error_found=true
break
fi
fi
done < "$temp_file"
rm -f "$temp_file"
if [ "$error_found" = true ]; then
echo "❌ Error: Found major bump without 'validate: false'"
echo "📘 See: https://github.com/pezkuwichain/pezkuwi-sdk/blob/master/docs/contributor/prdoc.md#backporting-prs"
echo "🔧 Add 'validate: false' after the major bump in $prdoc_file with justification."
exit 1
fi
# If we reach here, all major bumps have validate: false
echo "⚠️ Backport contains major bumps, but they are all marked with validate: false."
echo "✅ Semver override accepted. Please ensure justification is documented in the PR description."
.github/workflows/command-inform.yml
-22
View File
@@ -1,22 +0,0 @@
name: Inform of new command action
on:
issue_comment:
types: [ created ]
jobs:
comment:
runs-on: ubuntu-latest
# Temporary disable the bot until the new command bot works properly
if: github.event.issue.pull_request && startsWith(github.event.comment.body, 'bot ')
steps:
- name: Inform that the new command exist
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: 'We have migrated the command bot to GHA<br/><br/>Please, see the new usage instructions <a href="https://github.com/pezkuwichain/pezkuwi-sdk/blob/master/docs/contributor/commands-readme.md">here</a> or <a href="https://forum.pezkuwichain.io/t/streamlining-weight-generation-and-more-the-new-cmd-bot/2411">here</a>. Soon the old commands will be disabled.'
})
.github/workflows/command-prdoc.yml
-81
View File
@@ -1,81 +0,0 @@
name: Command PrDoc
on:
workflow_dispatch:
inputs:
pr:
type: number
description: Number of the Pull Request
required: true
bump:
type: choice
description: Default bump level for all crates
default: "TODO"
required: true
options:
- "TODO"
- "none"
- "patch"
- "minor"
- "major"
audience:
type: choice
description: Audience of the PrDoc
default: "TODO"
required: true
options:
- "TODO"
- "runtime_dev"
- "runtime_user"
- "node_dev"
- "node_operator"
overwrite:
type: boolean
description: Overwrite existing PrDoc
default: true
required: true
concurrency:
group: command-prdoc
cancel-in-progress: true
jobs:
preflight:
uses: ./.github/workflows/reusable-preflight.yml
cmd-prdoc:
needs: [preflight]
runs-on: ubuntu-latest
timeout-minutes: 20
container:
image: ${{ needs.preflight.outputs.IMAGE }}
permissions:
contents: write
pull-requests: write
steps:
- name: Download repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Install gh cli
id: gh
uses: ./.github/actions/set-up-gh
with:
pr-number: ${{ inputs.pr }}
GH_TOKEN: ${{ github.token }}
- name: Generate PrDoc
run: |
python3 -m pip install -q cargo-workspace PyGithub whatthepatch pyyaml toml
python3 .github/scripts/generate-prdoc.py --pr "${{ inputs.pr }}" --bump "${{ inputs.bump }}" --audience "${{ inputs.audience }}" --force "${{ inputs.overwrite }}"
- name: Report failure
if: ${{ failure() }}
run: gh pr comment ${{ inputs.pr }} --body "<h2>Command failed ❌</h2> Run by @${{ github.actor }} for <code>${{ github.workflow }}</code> failed. See logs <a href=\"$RUN\">here</a>."
env:
RUN: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
GH_TOKEN: ${{ github.token }}
- name: Push Commit
uses: stefanzweifel/git-auto-commit-action@28e16e81777b558cc906c8750092100bbb34c5e3 # v7.0.0
with:
commit_message: Add PrDoc (auto generated)
branch: ${{ steps.gh.outputs.branch }}
file_pattern: "prdoc/*.prdoc"
.github/workflows/issues-auto-add-teyrchain.yml
-30
View File
@@ -1,30 +0,0 @@
# If there are new issues related to the async backing feature,
# add it to the teyrchain team's board and set a custom "meta" field.
name: Add selected issues to Teyrchain team board
on:
issues:
types:
- labeled
jobs:
add-teyrchain-issues:
if: github.event.label.name == 'T16-async_backing'
runs-on: ubuntu-latest
steps:
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
with:
app_id: ${{ secrets.PROJECT_APP_ID }}
private_key: ${{ secrets.PROJECT_APP_KEY }}
- name: Sync issues
uses: actions/github-script@v7
with:
github-token: ${{ steps.generate_token.outputs.token }}
script: |
// TODO: Implement issue sync for pezkuwichain project board
// Original action was pezkuwichain/github-issue-sync
// Project: 119 (Teyrchain team board)
// Fields: meta = 'async backing'
console.log('Issue sync placeholder - configure for pezkuwichain project board');
.github/workflows/misc-notify-burnin-label.yml
-18
View File
@@ -1,18 +0,0 @@
# DISABLED: This workflow was for Kurdistan-Tech DevOps notifications.
# Pezkuwi SDK will implement its own notification system if needed.
name: Notify DevOps when burn-in label applied (DISABLED)
on:
workflow_dispatch:
inputs:
note:
description: 'This workflow is disabled - Kurdistan-Tech Matrix notifications not applicable'
required: false
jobs:
disabled:
runs-on: ubuntu-latest
steps:
- name: Notice
run: echo "Burn-in label notification is disabled - Pezkuwi SDK uses different DevOps channels"
.github/workflows/misc-update-wishlist-leaderboard.yml
-18
View File
@@ -1,18 +0,0 @@
# DISABLED: This workflow was for Kurdistan-Tech's wishlist leaderboard feature.
# Pezkuwi SDK will implement its own community engagement features.
name: Update wishlist leaderboard (DISABLED)
on:
workflow_dispatch:
inputs:
note:
description: 'This workflow is disabled - Pezkuwi will implement own solution'
required: false
jobs:
disabled:
runs-on: ubuntu-latest
steps:
- name: Notice
run: echo "Wishlist leaderboard is disabled - Pezkuwi SDK uses different community engagement"
.github/workflows/publish-claim-crates.yml
-45
View File
@@ -1,45 +0,0 @@
name: Claim Crates
on:
workflow_dispatch:
jobs:
claim-crates:
runs-on: ubuntu-latest
environment: master
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
- name: Check for publishable crates
id: check-publishable
run: |
# Find crates that are publishable (don't have publish = false)
PUBLISHABLE=$(find . -name "Cargo.toml" -exec grep -L 'publish = false' {} \; | grep -v target | head -20)
if [ -z "$PUBLISHABLE" ]; then
echo "No publishable crates found (all have publish = false)"
echo "has_publishable=false" >> $GITHUB_OUTPUT
else
echo "Found publishable crates:"
echo "$PUBLISHABLE"
echo "has_publishable=true" >> $GITHUB_OUTPUT
fi
- name: Rust Cache
if: steps.check-publishable.outputs.has_publishable == 'true'
uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
with:
save-if: ${{ github.ref == 'refs/heads/master' }}
- name: Claim crates on crates.io (when ready)
if: steps.check-publishable.outputs.has_publishable == 'true'
env:
PEZKUWI_CRATESIO_TOKEN: ${{ secrets.PEZKUWI_CRATESIO_TOKEN }}
run: |
echo "Publishable crates detected - claim will run when pezkuwi-publish tool is ready"
# TODO: Replace with pezkuwi-publish when available
# cargo install pezkuwi-publish --locked -q
# pezkuwi-publish --color always claim
- name: Skip - all crates have publish = false
if: steps.check-publishable.outputs.has_publishable == 'false'
run: echo "All crates have publish = false, skipping crate claiming"
.github/workflows/release-10_branchoff-stable.yml
-143
View File
@@ -1,143 +0,0 @@
# This workflow has combined functionality of branching-off a new stable release branch and tagging an RC.
# The options to branch-off and/or tag an RC can be chosen independently by ticking the appropriate checkbox in the launching form,
# as the branch-off happens only ones per quarter and a tagging activity done more frequently for each new RC during the release process.
name: Release - Branch off stable branch and/or tag rc
on:
workflow_dispatch:
inputs:
stable_version:
description: Stable version in the format stableYYMM that will be used as branch name and rc tag base
required: true
type: string
node_version:
description: Version of the pezkuwi node in the format X.XX.X (e.g. 1.15.0). ️ Node version is needed only for the branch-off
type: string
required: false
is_new_stable:
description: Check this box if this is a new stable release and the stable branch needs to be created
type: boolean
tag_rc:
description: Check this box if the rc tag needs to be created
type: boolean
jobs:
validate-inputs:
runs-on: ubuntu-latest
outputs:
node_version: ${{ steps.validate_inputs.outputs.node_version }}
stable_version: ${{ steps.validate_inputs.outputs.stable_version }}
steps:
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
- name: Validate inputs
id: validate_inputs
run: |
. ./.github/scripts/common/lib.sh
if [ -n "${{ inputs.node_version }}" ]; then
node_version=$(filter_version_from_input "${{ inputs.node_version }}")
echo "node_version=${node_version}" >> $GITHUB_OUTPUT
fi
stable_version=$(validate_stable_tag ${{ inputs.stable_version }})
echo "stable_version=${stable_version}" >> $GITHUB_OUTPUT
create-stable-branch:
if: ${{ inputs.is_new_stable }}
needs: [ validate-inputs ]
runs-on: ubuntu-latest
environment: release
env:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_SIGN_COMMITS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
STABLE_BRANCH_NAME: ${{ needs.validate-inputs.outputs.stable_version }}
steps:
- name: Install pgpkkms
run: |
# Install pgpkms that is used to sign commits
pip install git+https://github.com/pezkuwichain-release/pgpkms.git@6cb1cecce1268412189b77e4b130f4fa248c4151
- name: Generate content write token for the release automation
id: generate_write_token
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
with:
app-id: ${{ vars.RELEASE_AUTOMATION_APP_ID }}
private-key: ${{ secrets.RELEASE_AUTOMATION_APP_PRIVATE_KEY }}
owner: pezkuwichain
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
with:
ref: master
token: ${{ steps.generate_write_token.outputs.token }}
- name: Import gpg keys
run: |
. ./.github/scripts/common/lib.sh
import_gpg_keys
- name: Config git
run: |
git config --global commit.gpgsign true
git config --global gpg.program /home/runner/.local/bin/pgpkms-git
git config --global user.name "ParityReleases"
git config --global user.email "release-team@pezkuwichain.io"
git config --global user.signingKey "D8018FBB3F534D866A45998293C5FB5F6A367B51"
- name: Create stable branch
run: |
git checkout -b "$STABLE_BRANCH_NAME"
git show-ref "$STABLE_BRANCH_NAME"
- name: Bump versions, reorder prdocs and push stable branch
env:
GH_TOKEN: ${{ steps.generate_write_token.outputs.token }}
run: |
. ./.github/scripts/release/release_lib.sh
NODE_VERSION="${{ needs.validate-inputs.outputs.node_version }}"
NODE_VERSION_PATTERN="\(NODE_VERSION[^=]*= \)\".*\""
set_version "$NODE_VERSION_PATTERN" $NODE_VERSION "pezkuwi/node/primitives/src/lib.rs"
commit_with_message "Bump node version to $NODE_VERSION in pezkuwi-cli"
set_version "$NODE_VERSION_PATTERN" $NODE_VERSION "pezcumulus/pezkuwi-omni-node/lib/src/nodes/mod.rs"
commit_with_message "Bump node version to $NODE_VERSION in pezkuwi-omni-node-lib"
SPEC_VERSION=$(get_spec_version $NODE_VERSION)
runtimes_list=$(get_filtered_runtimes_list)
set_spec_versions $SPEC_VERSION "${runtimes_list[@]}"
reorder_prdocs $STABLE_BRANCH_NAME
gh auth setup-git
git push origin "$STABLE_BRANCH_NAME"
- name: Tag RC after branch off
if: ${{ inputs.tag_rc }}
env:
GH_TOKEN: ${{ steps.generate_write_token.outputs.token }} # or use a PAT with workflow scope
run: |
stable_tag_base=pezkuwi-${{ needs.validate-inputs.outputs.stable_version }}
gh workflow run release-11_rc-automation.yml \
--repo ${{ github.repository }} \
--ref ${{ needs.validate-inputs.outputs.stable_version }} \
--field version=${stable_tag_base}
tag-rc-without-branchoff:
if: ${{ !inputs.is_new_stable && inputs.tag_rc }}
needs: [ validate-inputs ]
uses: ./.github/workflows/release-11_rc-automation.yml
with:
version: pezkuwi-${{ needs.validate-inputs.outputs.stable_version }}
secrets: inherit
.github/workflows/release-11_rc-automation.yml
-106
View File
@@ -1,106 +0,0 @@
name: Release - RC tagging automation
on:
workflow_dispatch:
inputs:
version:
description: Current release/rc version in format pezkuwi-stableYYMM
workflow_call:
inputs:
version:
description: Current release/rc version in format pezkuwi-stableYYMM
type: string
jobs:
tag_rc:
runs-on: ubuntu-latest
strategy:
matrix:
channel:
- name: "RelEng: Pezkuwi Release Coordination"
room: '!cqAmzdIcbOFwrdrubV:pezkuwichain.io'
environment: release
env:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_SIGN_COMMITS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
steps:
- name: Install pgpkkms
run: |
# Install pgpkms that is used to sign commits
pip install git+https://github.com/pezkuwichain-release/pgpkms.git@6cb1cecce1268412189b77e4b130f4fa248c4151
- name: Generate content write token for the release automation
id: generate_write_token
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
with:
app-id: ${{ vars.RELEASE_AUTOMATION_APP_ID }}
private-key: ${{ secrets.RELEASE_AUTOMATION_APP_PRIVATE_KEY }}
owner: pezkuwichain
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
with:
fetch-depth: 0
token: ${{ steps.generate_write_token.outputs.token }}
- name: Import gpg keys
run: |
. ./.github/scripts/common/lib.sh
import_gpg_keys
- name: Config git
run: |
git config --global commit.gpgsign true
git config --global gpg.program /home/runner/.local/bin/pgpkms-git
git config --global user.name "ParityReleases"
git config --global user.email "release-team@pezkuwichain.io"
git config --global user.signingKey "D8018FBB3F534D866A45998293C5FB5F6A367B51"
- name: Compute next rc tag
# if: ${{ steps.get_rel_product.outputs.product == 'pezkuwi' }}
id: compute_tag
shell: bash
run: |
. ./.github/scripts/common/lib.sh
# Get last rc tag if exists, else set it to {version}-rc1
if [[ -z "${{ inputs.version }}" ]]; then
version=v$(get_pezkuwi_node_version_from_code)
else
version=$(validate_stable_tag ${{ inputs.version }})
fi
echo "$version"
echo "version=$version" >> $GITHUB_OUTPUT
last_rc=$(get_latest_rc_tag $version pezkuwi)
if [ -n "$last_rc" ]; then
suffix=$(increment_rc_tag $last_rc)
echo "new_tag=$version-rc$suffix" >> $GITHUB_OUTPUT
echo "first_rc=false" >> $GITHUB_OUTPUT
else
echo "new_tag=$version-rc1" >> $GITHUB_OUTPUT
echo "first_rc=true" >> $GITHUB_OUTPUT
fi
- name: Apply new tag
env:
GH_TOKEN: ${{ steps.generate_write_token.outputs.token }}
RC_TAG: ${{ steps.compute_tag.outputs.new_tag }}
run: |
git tag -s $RC_TAG -m "new rc tag $RC_TAG"
git push origin $RC_TAG
- name: Send Matrix message to ${{ matrix.channel.name }}
uses: s3krit/matrix-message-action@70ad3fb812ee0e45ff8999d6af11cafad11a6ecf # v0.0.3
# if: steps.create-issue.outputs.url != ''
with:
room_id: ${{ matrix.channel.room }}
access_token: ${{ secrets.RELEASENOTES_MATRIX_V2_ACCESS_TOKEN }}
server: m.pezkuwichain.io
message: |
Release process for pezkuwi ${{ steps.compute_tag.outputs.new_tag }} has been started.<br/>
.github/workflows/release-30_publish_release_draft.yml
-306
View File
@@ -1,306 +0,0 @@
name: Release - Publish draft
# This workflow runs in pezkuwichain-release and creates full release draft with:
# - release notes
# - info about the runtimes
# - attached artifacts:
# - runtimes
# - binaries
# - signatures
on:
workflow_dispatch:
inputs:
release_tag:
description: Tag matching the actual release candidate with the format pezkuwi-stableYYMM(-X)-rcX or pezkuwi-stableYYMM(-X)
required: true
type: string
build_run_id:
description: Run ID of the current release workflow run to be used to download the artifacts
required: true
type: string
runtimes:
description: Runtimes to be published (⚠️ this needs to be provided in case of the complete release, for the crates only release or a patch release without runtimes it is not needed)
no_runtimes:
description: If true, release draft will be published without runtimes
required: true
type: boolean
default: false
crates_only:
description: If true, release draft will contain only release notes and no artifacts will be published (needed for stable releases that are crates only)
required: true
type: boolean
default: false
workflow_call:
inputs:
release_tag:
description: Tag matching the actual release candidate with the format pezkuwi-stableYYMM(-X)-rcY or pezkuwi-stableYYMM(-X)
required: true
type: string
build_run_id:
description: Run ID of the current release workflow run to be used to download the artifacts
required: true
type: string
runtimes:
description: Runtimes to be published
type: string
no_runtimes:
description: If true, release draft will be published without runtimes
required: true
type: boolean
default: false
crates_only:
description: If true, release draft will contain only release notes and no artifacts will be published (needed for stable releases that are crates only)
required: true
type: boolean
default: false
jobs:
# DISABLED: Workflow synchronization check
# check-synchronization:
# uses: pezkuwichain-release/sync-workflows/.github/workflows/check-synchronization.yml@main
# secrets:
# fork_writer_app_key: ${{ secrets.UPSTREAM_CONTENT_SYNC_APP_KEY }}
validate-inputs:
runs-on: ubuntu-latest
outputs:
release_tag: ${{ steps.validate_inputs.outputs.release_tag }}
steps:
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Validate inputs
id: validate_inputs
run: |
. ./.github/scripts/common/lib.sh
RELEASE_TAG=$(validate_stable_tag ${{ inputs.release_tag }})
echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT
publish-release-draft:
runs-on: ubuntu-latest
environment: release
needs: [ validate-inputs ]
outputs:
release_url: ${{ steps.create-release.outputs.html_url }}
asset_upload_url: ${{ steps.create-release.outputs.upload_url }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Generate content write token for the release automation
id: generate_write_token
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
with:
app-id: ${{ vars.PEZKUWI_SDK_RELEASE_RW_APP_ID }}
private-key: ${{ secrets.PEZKUWI_SDK_RELEASE_RW_APP_KEY }}
owner: pezkuwichain
repositories: pezkuwi-sdk
- name: Download runtimes artifacts
if: ${{ inputs.no_runtimes == false && inputs.crates_only == false }}
env:
GITHUB_TOKEN: ${{ steps.generate_write_token.outputs.token }}
run: |
mkdir -p ${{ github.workspace}}/runtimes/
gh run download ${{ inputs.build_run_id }} --dir ${{ github.workspace}}/runtimes
ls -la ${{ github.workspace}}/runtimes
- name: Prepare tooling
run: |
URL=https://github.com/chevdor/tera-cli/releases/download/v0.4.0/tera-cli_linux_amd64.deb
wget $URL -O tera.deb
sudo dpkg -i tera.deb
- name: Prepare draft
id: draft
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ASSET_HUB_ZAGROS_DIGEST: ${{ github.workspace}}/runtimes/asset-hub-zagros-runtime/asset-hub-zagros-srtool-digest.json
BRIDGE_HUB_ZAGROS_DIGEST: ${{ github.workspace}}/runtimes/bridge-hub-zagros-runtime/bridge-hub-zagros-srtool-digest.json
COLLECTIVES_ZAGROS_DIGEST: ${{ github.workspace}}/runtimes/collectives-zagros-runtime/collectives-zagros-srtool-digest.json
CORETIME_ZAGROS_DIGEST: ${{ github.workspace}}/runtimes/coretime-zagros-runtime/coretime-zagros-srtool-digest.json
GLUTTON_ZAGROS_DIGEST: ${{ github.workspace}}/runtimes/glutton-zagros-runtime/glutton-zagros-srtool-digest.json
PEOPLE_ZAGROS_DIGEST: ${{ github.workspace}}/runtimes/people-zagros-runtime/people-zagros-srtool-digest.json
ZAGROS_DIGEST: ${{ github.workspace}}/runtimes/zagros-runtime/zagros-srtool-digest.json
RELEASE_TAG: ${{ needs.validate-inputs.outputs.release_tag }}
NO_RUNTIMES: ${{ inputs.no_runtimes }}
CRATES_ONLY: ${{ inputs.crates_only }}
shell: bash
run: |
. ./.github/scripts/common/lib.sh
export RUSTC_STABLE=$(grep -oP '(?<=-)[0-9]+\.[0-9]+\.[0-9]+(?=-)' .github/env)
export REF1=$(get_latest_release_tag)
if [[ -z "$RELEASE_TAG" ]]; then
export REF2="${{ github.ref_name }}"
echo "REF2: ${REF2}"
else
export REF2="$RELEASE_TAG"
echo "REF2: ${REF2}"
fi
echo "REL_TAG=$REF2" >> $GITHUB_ENV
export VERSION=$(echo "$REF2" | sed -E 's/.*(stable[0-9]{4}(-[0-9]+)?).*$/\1/')
echo "Version: $VERSION"
./scripts/release/build-changelogs.sh
- name: Archive artifact context.json
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: release-notes-context
path: |
scripts/release/context.json
**/*-srtool-digest.json
- name: Create draft release
id: create-release
env:
GITHUB_TOKEN: ${{ steps.generate_write_token.outputs.token }}
run: |
gh release create ${{ env.REL_TAG }} \
--repo pezkuwichain/pezkuwi-sdk \
--draft \
--title "Pezkuwi ${{ env.REL_TAG }}" \
--notes-file ${{ github.workspace}}/scripts/release/RELEASE_DRAFT.md
publish-runtimes:
if: ${{ inputs.crates_only == false && inputs.no_runtimes == false }}
needs: [ validate-inputs, publish-release-draft ]
environment: release
continue-on-error: true
runs-on: ubuntu-latest
strategy:
matrix: ${{ fromJSON(inputs.runtimes) }}
steps:
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Download artifacts
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
- name: Generate content write token for the release automation
id: generate_write_token
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
with:
app-id: ${{ vars.PEZKUWI_SDK_RELEASE_RW_APP_ID }}
private-key: ${{ secrets.PEZKUWI_SDK_RELEASE_RW_APP_KEY }}
owner: pezkuwichain
repositories: pezkuwi-sdk
- name: Download runtimes
env:
GITHUB_TOKEN: ${{ steps.generate_write_token.outputs.token }}
run: |
mkdir -p ${{ github.workspace}}/runtimes/
gh run download ${{ inputs.build_run_id }} --dir ${{ github.workspace}}/runtimes
ls -la ${{ github.workspace}}/runtimes
- name: Get runtime info
env:
JSON: ${{ github.workspace}}/release-notes-context/runtimes/${{ matrix.chain }}-runtime/${{ matrix.chain }}-srtool-digest.json
run: |
cd ${{ github.workspace}}/runtimes
>>$GITHUB_ENV echo ASSET=$(find ${{ matrix.chain }}-runtime -name '*.compact.compressed.wasm')
>>$GITHUB_ENV echo SPEC=$(<${JSON} jq -r .runtimes.compact.subwasm.core_version.specVersion)
- name: Upload compressed ${{ matrix.chain }} v${{ env.SPEC }} wasm
working-directory: ${{ github.workspace}}/runtimes
env:
GITHUB_TOKEN: ${{ steps.generate_write_token.outputs.token }}
run: |
VERSIONED_ASSET="${{ matrix.chain }}_runtime-v${{ env.SPEC }}.compact.compressed.wasm"
mv "${{ env.ASSET }}" "$VERSIONED_ASSET"
gh release upload ${{ needs.validate-inputs.outputs.release_tag }} \
--repo pezkuwichain/pezkuwi-sdk "$VERSIONED_ASSET"
publish-release-artifacts:
if: ${{ inputs.crates_only == false }}
needs: [ validate-inputs, publish-release-draft ]
environment: release
continue-on-error: true
runs-on: ubuntu-latest
strategy:
matrix:
binary: [ pezkuwi, pezkuwi-execute-worker, pezkuwi-prepare-worker, pezkuwi-teyrchain, pezkuwi-omni-node, pezframe-omni-bencher, chain-spec-builder ]
target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
steps:
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Fetch binaries from s3 based on version
run: |
. ./.github/scripts/common/lib.sh
VERSION="${{ needs.validate-inputs.outputs.release_tag }}"
fetch_release_artifacts_from_s3 ${{ matrix.binary }} ${{ matrix.target }}
- name: Rename aarch64-apple-darwin binaries
if: ${{ matrix.target == 'aarch64-apple-darwin' }}
working-directory: ${{ github.workspace}}/release-artifacts/${{ matrix.target }}/${{ matrix.binary }}
run: |
. ../../../.github/scripts/common/lib.sh
mv ${{ matrix.binary }} ${{ matrix.binary }}-aarch64-apple-darwin
mv ${{ matrix.binary }}.asc ${{ matrix.binary }}-aarch64-apple-darwin.asc
sha256sum "${{ matrix.binary }}-aarch64-apple-darwin" | tee "${{ matrix.binary }}-aarch64-apple-darwin.sha256"
check_sha256 "${{ matrix.binary }}-aarch64-apple-darwin" && echo "OK" || echo "ERR"
- name: Generate content write token for the release automation
id: generate_write_token
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
with:
app-id: ${{ vars.PEZKUWI_SDK_RELEASE_RW_APP_ID }}
private-key: ${{ secrets.PEZKUWI_SDK_RELEASE_RW_APP_KEY }}
owner: pezkuwichain
repositories: pezkuwi-sdk
- name: Upload ${{ matrix.binary }} binary to release draft
env:
GITHUB_TOKEN: ${{ steps.generate_write_token.outputs.token }}
working-directory: ${{ github.workspace}}/release-artifacts/${{ matrix.target }}/${{ matrix.binary }}
run: |
if [[ ${{ matrix.target }} == "aarch64-apple-darwin" ]]; then
gh release upload ${{ needs.validate-inputs.outputs.release_tag }} \
--repo pezkuwichain/pezkuwi-sdk \
${{ matrix.binary }}-aarch64-apple-darwin \
${{ matrix.binary }}-aarch64-apple-darwin.asc \
${{ matrix.binary }}-aarch64-apple-darwin.sha256
else
gh release upload ${{ needs.validate-inputs.outputs.release_tag }} \
--repo pezkuwichain/pezkuwi-sdk \
${{ matrix.binary }} \
${{ matrix.binary }}.asc \
${{ matrix.binary }}.sha256
fi
post_to_matrix:
runs-on: ubuntu-latest
needs: [ validate-inputs, publish-release-draft ]
environment: release
strategy:
matrix:
channel:
- name: "Team: RelEng Internal"
room: '!GvAyzgCDgaVrvibaAF:pezkuwichain.io'
steps:
- name: Send Matrix message to ${{ matrix.channel.name }}
uses: s3krit/matrix-message-action@70ad3fb812ee0e45ff8999d6af11cafad11a6ecf # v0.0.3
with:
room_id: ${{ matrix.channel.room }}
access_token: ${{ secrets.RELEASENOTES_MATRIX_V2_ACCESS_TOKEN }}
server: m.pezkuwichain.io
message: |
**New version of pezkuwi tagged**: ${{ needs.validate-inputs.outputs.release_tag }}<br/>
And release draft is release created in [pezkuwi-sdk repo](https://github.com/pezkuwichain/pezkuwi-sdk/releases)
.github/workflows/release-31_promote-rc-to-final.yml
-136
View File
@@ -1,136 +0,0 @@
name: Release - Promote RC to final candidate on S3
on:
workflow_dispatch:
inputs:
binary:
description: Binary to be build for the release
default: all
type: choice
options:
- pezkuwi
- pezkuwi-teyrchain
- pezkuwi-omni-node
- pezframe-omni-bencher
- chain-spec-builder
- all
release_tag:
description: Tag matching the actual release candidate with the format pezkuwi-stableYYMM(-X)-rcX
type: string
workflow_call:
inputs:
binary:
description: Binary to be build for the release
default: all
type: string
release_tag:
description: Tag matching the actual release candidate with the format pezkuwi-stableYYMM(-X)-rcX
type: string
required: true
jobs:
# DISABLED: Workflow synchronization check
# check-synchronization:
# uses: pezkuwichain-release/sync-workflows/.github/workflows/check-synchronization.yml@main
# secrets:
# fork_writer_app_key: ${{ secrets.UPSTREAM_CONTENT_SYNC_APP_KEY }}
validate-inputs:
runs-on: ubuntu-latest
outputs:
release_tag: ${{ steps.validate_inputs.outputs.release_tag }}
final_tag: ${{ steps.validate_inputs.outputs.final_tag }}
steps:
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Validate inputs
id: validate_inputs
run: |
. ./.github/scripts/common/lib.sh
RELEASE_TAG=$(validate_stable_tag ${{ inputs.release_tag }})
echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT
promote-pezkuwi-rc-to-final:
if: ${{ inputs.binary == 'pezkuwi' || inputs.binary == 'all' }}
needs: [ validate-inputs ]
uses: ./.github/workflows/release-reusable-promote-to-final.yml
strategy:
matrix:
target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
with:
package: pezkuwi
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: ${{ matrix.target }}
secrets:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
promote-pezkuwi-teyrchain-rc-to-final:
if: ${{ inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'all' }}
needs: [ validate-inputs ]
uses: ./.github/workflows/release-reusable-promote-to-final.yml
strategy:
matrix:
target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
with:
package: pezkuwi-teyrchain
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: ${{ matrix.target }}
secrets:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
promote-pezkuwi-omni-node-rc-to-final:
if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'all' }}
needs: [ validate-inputs ]
uses: ./.github/workflows/release-reusable-promote-to-final.yml
strategy:
matrix:
target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
with:
package: pezkuwi-omni-node
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: ${{ matrix.target }}
secrets:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
promote-pezframe-omni-bencher-rc-to-final:
if: ${{ inputs.binary == 'pezframe-omni-bencher' || inputs.binary == 'all' }}
needs: [ validate-inputs ]
uses: ./.github/workflows/release-reusable-promote-to-final.yml
strategy:
matrix:
target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
with:
package: pezframe-omni-bencher
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: ${{ matrix.target }}
secrets:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
promote-chain-spec-builder-rc-to-final:
if: ${{ inputs.binary == 'chain-spec-builder' || inputs.binary == 'all' }}
needs: [ validate-inputs ]
uses: ./.github/workflows/release-reusable-promote-to-final.yml
strategy:
matrix:
target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
with:
package: chain-spec-builder
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: ${{ matrix.target }}
secrets:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
.github/workflows/release-40_publish-deb-package.yml
-40
View File
@@ -1,40 +0,0 @@
name: Release - Publish pezkuwi deb package
# This workflow publishes the pezkuwi Debian package by calling a reusable workflow.
on:
workflow_dispatch:
inputs:
tag:
description: Current final release tag in the format pezkuwi-stableYYMM or pezkuwi-stable-YYMM-X
default: pezkuwi-stable2412
required: true
type: string
distribution:
description: Distribution where to publish deb package (release, staging, stable2407, etc)
default: staging
required: true
type: string
workflow_call:
inputs:
tag:
description: Current final release tag in the format pezkuwi-stableYYMM or pezkuwi-stable-YYMM-X
required: true
type: string
distribution:
description: Distribution where to publish deb package (release, staging, stable2407, etc)
default: staging
required: true
type: string
jobs:
call-publish-workflow:
uses: ./.github/workflows/release-reusable-publish-packages.yml
with:
tag: ${{ inputs.tag }}
distribution: ${{ inputs.distribution }}
package_type: 'deb'
aws_repo_base_path: "s3://releases-package-repos"
cloudfront_distribution_id: "E36FKEYWDXAZYJ"
secrets: inherit
.github/workflows/release-41_publish-rpm-package.yml
-29
View File
@@ -1,29 +0,0 @@
name: Release - Publish pezkuwi RPM package
# This workflow publishes the pezkuwi RPM package by calling a reusable workflow.
on:
workflow_dispatch:
inputs:
tag:
description: Current final release tag in the format pezkuwi-stableYYMM or pezkuwi-stable-YYMM-X
default: pezkuwi-stable2412
required: true
type: string
workflow_call:
inputs:
tag:
description: Current final release tag in the format pezkuwi-stableYYMM or pezkuwi-stable-YYMM-X
required: true
type: string
jobs:
call-publish-workflow:
uses: ./.github/workflows/release-reusable-publish-packages.yml
with:
tag: ${{ inputs.tag }}
distribution: ${{ inputs.distribution }}
package_type: 'rpm'
aws_repo_base_path: "s3://releases-package-repos"
cloudfront_distribution_id: "E36FKEYWDXAZYJ"
secrets: inherit
.github/workflows/release-50_publish-docker.yml
-304
View File
@@ -1,304 +0,0 @@
name: Release - Publish Docker Image
# This workflow listens to published releases or can be triggered manually.
# It builds and published releases and rc candidates.
on:
workflow_dispatch:
inputs:
image_type:
description: Type of the image to be published
required: true
default: rc
type: choice
options:
- rc
- release
binary:
description: Binary to be published
required: true
default: pezkuwi
type: choice
options:
- pezkuwi
- pezkuwi-omni-node
- pezkuwi-teyrchain
- chain-spec-builder
registry:
description: Container registry
required: true
type: string
default: docker.io
# The owner is often the same as the Docker Hub username but does ont have to be.
# In our case, it is not.
owner:
description: Owner of the container image repo
required: true
type: string
default: pezkuwichain
version:
description: Version of the pezkuwi node release in format v1.16.0 or v1.16.0-rc1
default: v0.9.18
required: true
stable_tag:
description: Tag matching the actual stable release version in the format pezkuwi-stableYYMM(-rcX) or pezkuwi-stableYYMM-X(-rcX) for patch releases
required: true
workflow_call:
inputs:
image_type:
description: Type of the image to be published
required: true
default: rc
type: string
binary:
description: Binary to be published
required: true
default: pezkuwi
type: string
registry:
description: Container registry
required: true
type: string
default: docker.io
owner:
description: Owner of the container image repo
required: true
type: string
default: pezkuwichain
version:
description: Version of the pezkuwi node release in format v1.16.0 or v1.16.0-rc1
required: true
type: string
stable_tag:
description: Tag matching the actual stable release version in the format pezkuwi-stableYYMM(-rcX) or pezkuwi-stableYYMM-X(-rcX) for patch releases
required: true
type: string
permissions:
contents: write
env:
ENGINE: docker
REGISTRY: ${{ inputs.registry }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DOCKER_OWNER: ${{ inputs.owner || github.repository_owner }}
REPO: ${{ github.repository }}
BINARY: ${{ inputs.binary }}
# EVENT_ACTION: ${{ github.event.action }}
EVENT_NAME: ${{ github.event_name }}
IMAGE_TYPE: ${{ inputs.image_type }}
jobs:
# check-synchronization job disabled - pezkuwichain-release sync not needed for pezkuwichain
# Original: uses: pezkuwichain-release/sync-workflows/.github/workflows/check-synchronization.yml@main
validate-inputs:
# Removed dependency on check-synchronization (disabled)
runs-on: ubuntu-latest
outputs:
version: ${{ steps.validate_inputs.outputs.VERSION }}
stable_tag: ${{ steps.validate_inputs.outputs.stable_tag }}
steps:
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Validate inputs
id: validate_inputs
run: |
. ./.github/scripts/common/lib.sh
VERSION=$(filter_version_from_input "${{ inputs.version }}")
echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
STABLE_TAG=$(validate_stable_tag ${{ inputs.stable_tag }})
echo "stable_tag=${STABLE_TAG}" >> $GITHUB_OUTPUT
fetch-artifacts: # this job will be triggered for the pezkuwi-teyrchain rc and release or pezkuwi rc image build
runs-on: ubuntu-latest
needs: [ validate-inputs ]
steps:
- name: Checkout sources
if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }}
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Fetch rc artifacts or release artifacts from s3 based on version
if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }}
run: |
. ./.github/scripts/common/lib.sh
VERSION="${{ needs.validate-inputs.outputs.stable_tag }}"
if [[ ${{ inputs.binary }} == 'pezkuwi' ]]; then
bins=(pezkuwi pezkuwi-prepare-worker pezkuwi-execute-worker)
for bin in "${bins[@]}"; do
fetch_release_artifacts_from_s3 $bin x86_64-unknown-linux-gnu
done
else
fetch_release_artifacts_from_s3 $BINARY x86_64-unknown-linux-gnu
fi
- name: Upload artifacts
if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }}
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: release-artifacts-${{ env.BINARY }}
path: release-artifacts/x86_64-unknown-linux-gnu/${{ env.BINARY }}/**/*
build-container: # this job will be triggered for the pezkuwi-teyrchain rc and release or pezkuwi rc image build
runs-on: ubuntu-latest
needs: [ fetch-artifacts, validate-inputs ]
environment: release
steps:
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Download artifacts
if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }}
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: release-artifacts-${{ env.BINARY }}
path: release-artifacts
- name: Check sha256 ${{ env.BINARY }}
if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }}
working-directory: release-artifacts
run: |
. ../.github/scripts/common/lib.sh
echo "Checking binary $BINARY"
check_sha256 $BINARY && echo "OK" || echo "ERR"
- name: Check GPG ${{ env.BINARY }}
if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }}
working-directory: release-artifacts
run: |
. ../.github/scripts/common/lib.sh
import_gpg_keys
check_gpg $BINARY
- name: Fetch rc commit and tag
working-directory: release-artifacts
if: ${{ env.IMAGE_TYPE == 'rc' }}
id: fetch_rc_refs
shell: bash
run: |
. ../.github/scripts/common/lib.sh
commit=$(git rev-parse --short HEAD) && \
echo "commit=${commit}" >> $GITHUB_OUTPUT
echo "release=$(echo ${{ needs.validate-inputs.outputs.version }})" >> $GITHUB_OUTPUT
echo "tag=$(prepare_docker_stable_tag ${{ needs.validate-inputs.outputs.stable_tag }})" >> $GITHUB_OUTPUT
- name: Fetch release tags
if: ${{ env.IMAGE_TYPE == 'release'}}
id: fetch_release_refs
shell: bash
run: |
. .github/scripts/common/lib.sh
echo "tag=latest" >> $GITHUB_OUTPUT
echo "release=$(echo ${{ needs.validate-inputs.outputs.version }})" >> $GITHUB_OUTPUT
echo "stable=$(prepare_docker_stable_tag ${{ needs.validate-inputs.outputs.stable_tag }})" >> $GITHUB_OUTPUT
- name: Build Injected Container image for pezkuwi
if: ${{ env.BINARY == 'pezkuwi' }}
env:
ARTIFACTS_FOLDER: release-artifacts
IMAGE_NAME: ${{ env.BINARY }}
OWNER: ${{ env.DOCKER_OWNER }}
TAGS: ${{ join(steps.fetch_rc_refs.outputs.*, ',') || join(steps.fetch_release_refs.outputs.*, ',') }}
shell: bash
run: |
ls -al
echo "Building container for $BINARY"
echo "IMAGE_TYPE: ${{ inputs.image_type }}"
if [[ "${{ inputs.image_type }}" == "rc" ]]; then
echo "Building RC container for pezkuwi"
export DOCKERFILE="docker/dockerfiles/pezkuwi/pezkuwi_injected.Dockerfile"
export BINARY="pezkuwi,pezkuwi-execute-worker,pezkuwi-prepare-worker"
./docker/scripts/build-injected.sh
else
echo "Building release container for pezkuwi"
export DOCKERFILE="docker/dockerfiles/pezkuwi/pezkuwi_injected_debian.Dockerfile"
export BINARY="pezkuwi,pezkuwi-execute-worker,pezkuwi-prepare-worker"
export PEZKUWI_DEB=true
export VERSION=${{ needs.validate-inputs.outputs.version }}
./docker/scripts/build-injected.sh
fi
- name: Build Injected Container image for pezkuwi-omni-node/chain-spec-builder
if: ${{ env.BINARY == 'pezkuwi-omni-node' || env.BINARY == 'chain-spec-builder' }}
shell: bash
env:
ARTIFACTS_FOLDER: release-artifacts
IMAGE_NAME: ${{ env.BINARY }}
OWNER: ${{ env.DOCKER_OWNER }}
TAGS: ${{ join(steps.fetch_rc_refs.outputs.*, ',') || join(steps.fetch_release_refs.outputs.*, ',') }}
VERSION: ${{ needs.validate-inputs.outputs.version }}
run: |
ls -al
echo "Building container for $BINARY"
./docker/scripts/build-injected.sh
- name: Build Injected Container image for pezkuwi-teyrchain
if: ${{ env.BINARY == 'pezkuwi-teyrchain' }}
shell: bash
env:
ARTIFACTS_FOLDER: release-artifacts
IMAGE_NAME: ${{ env.BINARY }}
OWNER: ${{ env.DOCKER_OWNER }}
DOCKERFILE: docker/dockerfiles/pezkuwi-teyrchain/pezkuwi-teyrchain_injected.Dockerfile
TAGS: ${{ join(steps.fetch_rc_refs.outputs.*, ',') || join(steps.fetch_release_refs.outputs.*, ',') }}
VERSION: ${{ needs.validate-inputs.outputs.version }}
run: |
ls -al
mkdir -p $ARTIFACTS_FOLDER/specs
cp pezcumulus/teyrchains/chain-specs/*.json $ARTIFACTS_FOLDER/specs
echo "Building container for $BINARY"
./docker/scripts/build-injected.sh
- name: Login to Dockerhub to publish pezkuwi
if: ${{ env.BINARY == 'pezkuwi' }}
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
with:
username: ${{ secrets.PEZKUWI_DOCKERHUB_USERNAME }}
password: ${{ secrets.PEZKUWI_DOCKERHUB_TOKEN }}
- name: Login to Dockerhub to publish pezkuwi-omni-node/pezkuwi-teyrchain/chain-spec-builder
if: ${{ env.BINARY == 'pezkuwi-omni-node' || env.BINARY == 'pezkuwi-teyrchain' || env.BINARY == 'chain-spec-builder' }}
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
with:
username: ${{ secrets.CUMULUS_DOCKERHUB_USERNAME }}
password: ${{ secrets.CUMULUS_DOCKERHUB_TOKEN }}
- name: Push Container image for ${{ env.BINARY }}
id: docker_push
run: |
$ENGINE images | grep ${BINARY}
$ENGINE push --all-tags ${REGISTRY}/${DOCKER_OWNER}/${BINARY}
- name: Check version for the published image for ${{ env.BINARY }}
env:
RELEASE_TAG: ${{ steps.fetch_rc_refs.outputs.release || steps.fetch_release_refs.outputs.release }}
run: |
echo "Checking tag ${RELEASE_TAG} for image ${REGISTRY}/${DOCKER_OWNER}/${BINARY}"
if [[ ${BINARY} == 'chain-spec-builder' ]]; then
$ENGINE run -i ${REGISTRY}/${DOCKER_OWNER}/${BINARY}:${RELEASE_TAG}
else
$ENGINE run -i ${REGISTRY}/${DOCKER_OWNER}/${BINARY}:${RELEASE_TAG} --version
fi
.github/workflows/release-60_create-old-release-tag.yml
-63
View File
@@ -1,63 +0,0 @@
name: Release - Create pezkuwi-vX.YY.Z tag
# This workflow creates a final release tag in the old format (e.g. pezkuwi-v1.20.0) for a published release.
on:
release:
types: published
jobs:
create-old-release-tag:
runs-on: ubuntu-latest
environment: release
env:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_SIGN_COMMITS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
steps:
- name: Install pgpkkms
run: |
# Install pgpkms that is used to sign commits
pip install git+https://github.com/pezkuwichain-release/pgpkms.git@6cb1cecce1268412189b77e4b130f4fa248c4151
- name: Generate content write token for the release automation
id: generate_write_token
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
with:
app-id: ${{ vars.RELEASE_AUTOMATION_APP_ID }}
private-key: ${{ secrets.RELEASE_AUTOMATION_APP_PRIVATE_KEY }}
owner: pezkuwichain
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ github.event.release.tag_name }}
token: ${{ steps.generate_write_token.outputs.token }}
- name: Import gpg keys
run: |
. ./.github/scripts/common/lib.sh
import_gpg_keys
- name: Config git
run: |
git config --global commit.gpgsign true
git config --global gpg.program /home/runner/.local/bin/pgpkms-git
git config --global user.name "ParityReleases"
git config --global user.email "release-team@pezkuwichain.io"
git config --global user.signingKey "D8018FBB3F534D866A45998293C5FB5F6A367B51"
- name: Create old release tag
env:
GH_TOKEN: ${{ steps.generate_write_token.outputs.token }}
run: |
. ./.github/scripts/common/lib.sh
version=$(get_pezkuwi_node_version_from_code)
echo "Extracted node version: $version"
git tag -s "pezkuwi-v${version}" -m "Old release tag pezkuwi-v${version}"
git push origin "pezkuwi-v${version}"
.github/workflows/release-60_post-crates-release-activities.yml
-294
View File
@@ -1,294 +0,0 @@
name: Release - Post Crates Release Activities
on:
push:
branches:
- 'post-crates-release-*'
permissions:
contents: write
pull-requests: write
jobs:
set-image:
runs-on: ubuntu-latest
outputs:
IMAGE: ${{ steps.set_image.outputs.IMAGE }}
steps:
- name: Checkout
uses: actions/checkout@v4
- id: set_image
run: cat .github/env >> $GITHUB_OUTPUT
post-crates-activities:
needs: set-image
runs-on: ubuntu-latest
environment: release
env:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_SIGN_COMMITS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
container:
image: ${{ needs.set-image.outputs.IMAGE }}
steps:
- name: Install pgpkms
run: |
# Install pgpkms that is used to sign commits
pip install git+https://github.com/pezkuwichain-release/pgpkms.git@6cb1cecce1268412189b77e4b130f4fa248c4151
# Find and display where pgpkms-git is installed
echo "pgpkms-git location: $(which pgpkms-git)"
ls -la $(which pgpkms-git)
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Import GPG keys
shell: bash
run: |
. ./.github/scripts/common/lib.sh
import_gpg_keys
- name: Configure git
shell: bash
run: |
git config --global --add safe.directory "${GITHUB_WORKSPACE}"
git config --global commit.gpgsign true
# Dynamically find pgpkms-git path
PGPKMS_PATH=$(which pgpkms-git)
echo "Using pgpkms-git at: $PGPKMS_PATH"
git config --global gpg.program "$PGPKMS_PATH"
git config --global user.name "ParityReleases"
git config --global user.email "release-team@pezkuwichain.io"
git config --global user.signingKey "D8018FBB3F534D866A45998293C5FB5F6A367B51"
- name: Bump NODE_VERSION for pezkuwi
run: |
echo "Bumping NODE_VERSION in pezkuwi..."
FILE="pezkuwi/node/primitives/src/lib.rs"
# Extract current NODE_VERSION
current_version=$(grep 'pub const NODE_VERSION' "$FILE" | grep -oE '"[0-9]+\.[0-9]+\.[0-9]+"' | tr -d '"')
echo "Current version: $current_version"
# Bump patch version
new_version=$(echo "$current_version" | awk -F. '{print $1"."$2"."$3+1}')
echo "New version: $new_version"
# Update the file
sed -i.bak "s/NODE_VERSION: &'static str = \"$current_version\"/NODE_VERSION: \&'static str = \"$new_version\"/" "$FILE"
rm -f "$FILE.bak"
echo "Successfully bumped NODE_VERSION from $current_version to $new_version"
- name: Bump NODE_VERSION for pezkuwi-teyrchain and pezkuwi-omni-node
run: |
echo "Bumping NODE_VERSION in pezcumulus..."
FILE="pezcumulus/pezkuwi-omni-node/lib/src/nodes/mod.rs"
# Extract current NODE_VERSION
current_version=$(grep 'pub const NODE_VERSION' "$FILE" | grep -oE '"[0-9]+\.[0-9]+\.[0-9]+"' | tr -d '"')
echo "Current version: $current_version"
# Bump patch version
new_version=$(echo "$current_version" | awk -F. '{print $1"."$2"."$3+1}')
echo "New version: $new_version"
# Update the file
sed -i.bak "s/NODE_VERSION: &'static str = \"$current_version\"/NODE_VERSION: \&'static str = \"$new_version\"/" "$FILE"
rm -f "$FILE.bak"
echo "Successfully bumped NODE_VERSION from $current_version to $new_version"
- name: Commit NODE_VERSION bumps
shell: bash
run: |
. ./.github/scripts/release/release_lib.sh
# Extract the bumped NODE_VERSION
FILE="pezkuwi/node/primitives/src/lib.rs"
NODE_VERSION=$(grep 'pub const NODE_VERSION' "$FILE" | grep -oE '"[0-9]+\.[0-9]+\.[0-9]+"' | tr -d '"')
echo "Committing NODE_VERSION bump to $NODE_VERSION"
commit_with_message "Bump NODE_VERSION to $NODE_VERSION"
echo "✅ Successfully committed NODE_VERSION bump"
- name: Move prdocs to release folder
shell: bash
run: |
. ./.github/scripts/release/release_lib.sh
# Extract release name from branch name (everything after "post-crates-release-")
BRANCH_NAME="${{ github.ref_name }}"
echo "Branch name: $BRANCH_NAME"
if [[ "$BRANCH_NAME" =~ post-crates-release-(.+)$ ]]; then
RELEASE_FOLDER="${BASH_REMATCH[1]}"
echo "Release folder name: $RELEASE_FOLDER"
# Use the reorder_prdocs helper function
reorder_prdocs "$RELEASE_FOLDER"
else
echo "WARNING: Could not extract release name from branch name: $BRANCH_NAME"
echo "Expected format: post-crates-release-<release-name>"
exit 1
fi
- name: Replace path dependencies
run: |
echo "Running replace-all-path-deps.sh..."
bash scripts/release/replace-all-path-deps.sh
# Show git diff to see what changed
git diff --stat
- name: Remove versions where path deps are present
run: |
echo "Running delete-versions-if-path-is-present.sh..."
bash scripts/release/delete-versions-if-path-is-present.sh
# Show git diff to see what changed
git diff --stat
- name: Remove version from umbrella/Cargo.toml
run: |
echo "Running delete-version-from-umbrella.sh..."
bash scripts/release/delete-version-from-umbrella.sh
# Show git diff to see what changed
git diff --stat
- name: Run Zepter - check issues
run: |
echo "Running zepter run check to identify issues..."
zepter run check || echo "Zepter found issues that need to be fixed"
- name: Run Zepter - fix issues
run: |
echo "Running zepter to fix issues..."
zepter || echo "Zepter fix completed"
# Show git diff to see what changed
git diff --stat
- name: Run Zepter - verify fixes
run: |
echo "Running zepter run check again to verify fixes..."
zepter run check || echo "There are still issues to fix manually"
- name: Run taplo - check formatting
run: |
echo "Running taplo format check..."
taplo format --check --config .config/taplo.toml || echo "Taplo found formatting issues"
- name: Run taplo - format
run: |
echo "Running taplo format..."
taplo format --config .config/taplo.toml
# Show git diff to see what changed
git diff --stat
- name: Run taplo - verify formatting
run: |
echo "Running taplo format check again..."
taplo format --check --config .config/taplo.toml || echo "There are still formatting issues"
- name: Install Python dependencies
run: |
echo "Installing Python dependencies..."
pip3 install toml "cargo-workspace>=1.2.6"
- name: Run workspace check
run: |
echo "Running workspace check..."
python3 .github/scripts/check-workspace.py . --exclude \
"bizinikiwi/pezframe/contracts/fixtures/build" \
"bizinikiwi/pezframe/contracts/fixtures/contracts/common"
- name: Deny git dependencies
run: |
echo "Checking for git dependencies..."
python3 .github/scripts/deny-git-deps.py .
- name: Check git status before commit
run: |
echo "=== Git status ==="
git status
echo ""
echo "=== Git status --porcelain ==="
git status --porcelain
echo ""
echo "=== Changed files count ==="
git status --porcelain | wc -l
- name: Commit and push changes
shell: bash
run: |
. ./.github/scripts/release/release_lib.sh
# Check if there are changes to commit
if [[ -n $(git status --porcelain) ]]; then
commit_with_message "chore: post crates release actions - version bumps, path deps, zepter, taplo"
echo "Changes committed successfully"
# Push changes to the branch
echo "Pushing changes to branch..."
git push
echo "Changes pushed successfully"
else
echo "No changes to commit"
fi
- name: Create Pull Request to base release branch
env:
GH_TOKEN: ${{ github.token }}
shell: bash
run: |
BRANCH_NAME="${{ github.ref_name }}"
echo "Current branch: $BRANCH_NAME"
# Extract base release branch name
if [[ "$BRANCH_NAME" =~ ^post-crates-release-(.+)$ ]]; then
FULL_RELEASE="${BASH_REMATCH[1]}"
if [[ "$FULL_RELEASE" =~ ^(.+)-[^-]+$ ]]; then
BASE_RELEASE="${BASH_REMATCH[1]}"
else
BASE_RELEASE="$FULL_RELEASE"
fi
echo "Creating PR from $BRANCH_NAME to $BASE_RELEASE..."
gh pr create \
--title "Post crates release activities for $BASE_RELEASE" \
--body "Automated PR containing post-crates-release activities:
- NODE_VERSION bumps
- Path dependencies replacement
- Zepter fixes
- Taplo formatting
- PRDocs reorganization" \
--base "$BASE_RELEASE" \
--head "$BRANCH_NAME" || echo "PR may already exist or there was an error creating it"
else
echo "ERROR: Could not extract base release branch from: $BRANCH_NAME, probably wrong format"
exit 1
fi
- name: Add comment about spec_version
env:
GH_TOKEN: ${{ github.token }}
shell: bash
run: |
BRANCH_NAME="${{ github.ref_name }}"
# Find the PR number for this branch
PR_NUMBER=$(gh pr list --head "$BRANCH_NAME" --json number --jq '.[0].number')
if [ -n "$PR_NUMBER" ]; then
echo "Adding comment to PR #$PR_NUMBER..."
gh pr comment "$PR_NUMBER" --body "⚠️ **Reminder:** spec_version is not bumped automatically as part of this flow. Please ensure it is updated manually if required."
else
echo "WARNING: Could not find PR for branch $BRANCH_NAME"
fi
.github/workflows/release-70_combined-publish-release.yml
-156
View File
@@ -1,156 +0,0 @@
name: Release - Combined Publish Release
# This workflow orchestrates the final release steps by calling workflows in sequence:
# 1. Promote RC to final on S3
# 2. Publish Debian and RPM packages (in parallel)
# 3. Publish Docker images
on:
workflow_dispatch:
inputs:
release_tag:
description: Release tag in the format pezkuwi-stableYYMM or pezkuwi-stableYYMM-X or pezkuwi-stableYYMM(-X)-rcX
type: string
required: true
binary:
description: Binary to be released
default: all
type: choice
required: true
options:
- all
- pezkuwi
- pezkuwi-teyrchain
- pezkuwi-omni-node
- pezframe-omni-bencher
- chain-spec-builder
image_type:
description: Type of Docker image (rc for release candidates, release for final)
required: true
default: rc
type: choice
options:
- rc
- release
distribution:
description: Distribution for Debian package (release, staging, stable2407, etc)
default: staging
required: true
type: string
registry:
description: Container registry for Docker images
required: true
type: string
default: docker.io
owner:
description: Owner of the container image repo
required: true
type: string
default: pezkuwichain
version:
description: Version for Docker tags in format v1.16.0 or v1.16.0-rc1
required: true
type: string
jobs:
# DISABLED: Workflow synchronization check
# check-synchronization:
# uses: pezkuwichain-release/sync-workflows/.github/workflows/check-synchronization.yml@main
# secrets:
# fork_writer_app_key: ${{ secrets.UPSTREAM_CONTENT_SYNC_APP_KEY }}
# ==============================================
# PHASE 1: Promote RC to Final on S3
# ==============================================
promote-rc-to-final:
name: Promote RC to final on S3
uses: ./.github/workflows/release-31_promote-rc-to-final.yml
with:
binary: ${{ inputs.binary }}
release_tag: ${{ inputs.release_tag }}
secrets: inherit
# ==============================================
# PHASE 2: Publish Packages (Debian and RPM)
# ==============================================
publish-deb-package:
name: Publish Debian package
needs: [promote-rc-to-final]
uses: ./.github/workflows/release-40_publish-deb-package.yml
with:
tag: ${{ inputs.release_tag }}
distribution: ${{ inputs.distribution }}
secrets: inherit
publish-rpm-package:
name: Publish RPM package
needs: [promote-rc-to-final]
uses: ./.github/workflows/release-41_publish-rpm-package.yml
with:
tag: ${{ inputs.release_tag }}
secrets: inherit
# ==============================================
# PHASE 3: Publish Docker Images
# ==============================================
publish-docker-pezkuwi:
name: Publish Docker image - pezkuwi
# needs: [publish-deb-package, publish-rpm-package]
if: ${{ inputs.binary == 'pezkuwi' || inputs.binary == 'all' }}
uses: ./.github/workflows/release-50_publish-docker.yml
with:
image_type: ${{ inputs.image_type }}
binary: pezkuwi
registry: ${{ inputs.registry }}
owner: ${{ inputs.owner }}
version: ${{ inputs.version }}
stable_tag: ${{ inputs.release_tag }}
secrets: inherit
publish-docker-pezkuwi-teyrchain:
name: Publish Docker image - pezkuwi-teyrchain
# needs: [publish-deb-package, publish-rpm-package]
if: ${{ inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'all' }}
uses: ./.github/workflows/release-50_publish-docker.yml
with:
image_type: ${{ inputs.image_type }}
binary: pezkuwi-teyrchain
registry: ${{ inputs.registry }}
owner: ${{ inputs.owner }}
version: ${{ inputs.version }}
stable_tag: ${{ inputs.release_tag }}
secrets: inherit
publish-docker-pezkuwi-omni-node:
name: Publish Docker image - pezkuwi-omni-node
# needs: [publish-deb-package, publish-rpm-package]
if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'all' }}
uses: ./.github/workflows/release-50_publish-docker.yml
with:
image_type: ${{ inputs.image_type }}
binary: pezkuwi-omni-node
registry: ${{ inputs.registry }}
owner: ${{ inputs.owner }}
version: ${{ inputs.version }}
stable_tag: ${{ inputs.release_tag }}
secrets: inherit
publish-docker-chain-spec-builder:
name: Publish Docker image - chain-spec-builder
# needs: [publish-deb-package, publish-rpm-package]
if: ${{ inputs.binary == 'chain-spec-builder' || inputs.binary == 'all' }}
uses: ./.github/workflows/release-50_publish-docker.yml
with:
image_type: ${{ inputs.image_type }}
binary: chain-spec-builder
registry: ${{ inputs.registry }}
owner: ${{ inputs.owner }}
version: ${{ inputs.version }}
stable_tag: ${{ inputs.release_tag }}
secrets: inherit
.github/workflows/release-clobber-stable.yml
-70
View File
@@ -1,70 +0,0 @@
name: Clobber Stable
# This action implements the
# [Clobbering](https://github.com/pezkuwichain/pezkuwi-sdk/blob/master/docs/RELEASE.md#clobbering)
# process from the release process. It pushes a new commit to the `stable` branch with all the
# current content of the `audited` tag. It does not use a merge commit, but rather 'clobbers' the
# branch with a single commit that contains all the changes. It has a naming scheme of `Clobber with
# audited ($COMMIT)`.
# Currently, the script is only triggered manually, but can be easily changed to a schedule.
on:
workflow_dispatch:
permissions:
contents: write
jobs:
clobber-stable:
runs-on: ubuntu-latest
timeout-minutes: 5
env:
STABLE: stable
UNSTABLE: master
AUDITED: audited
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
- name: Prechecks
run: |
# Properly fetch
git fetch --prune --unshallow origin tag $AUDITED
git fetch origin $STABLE
# Sanity checks
git checkout -q tags/$AUDITED || (echo "Could not find the '$AUDITED' tag." && exit 1)
COMMIT=$(git rev-parse tags/$AUDITED)
#$(git branch --contains $COMMIT | grep -q $UNSTABLE) || (echo "The '$AUDITED' tag is not on the '$UNSTABLE' branch." && exit 1)
git config --global user.email "admin@pezkuwichain.io"
git config --global user.name "Kurdistan-Tech Release Team"
- name: Prepare commit
run: |
git checkout --quiet origin/$STABLE
# Delete all tracked files in the working directory
git ls-files -z | xargs -0 rm -f
# Find and delete any empty directories
find . -type d -empty -delete
git add . 1>/dev/null 2>/dev/null
git commit -qm "Delete all files"
# Grab the files from the commit
git checkout --quiet tags/$AUDITED -- .
# Stage, commit, and push the working directory which now matches 'audited' 1:1
git status
COMMIT=$(git rev-parse --short=10 tags/$AUDITED)
git add . 1>/dev/null 2>/dev/null
git commit --allow-empty --amend -qm "Clobber with $AUDITED ($COMMIT)"
- name: Push stable branch
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
git log -3
git push --verbose origin HEAD:$STABLE
.github/workflows/release-reusable-promote-to-final.yml
-91
View File
@@ -1,91 +0,0 @@
name: Promote rc to final
on:
workflow_call:
inputs:
package:
description: Package to be promoted
required: true
type: string
release_tag:
description: Tag matching the actual release candidate with the format pezkuwi-stableYYMM(-X)-rcX that will be changed to final in form of pezkuwi-stableYYMM(-X)
required: true
type: string
target:
description: Target triple for which the artifacts are being uploaded (e.g aarch64-apple-darwin)
required: true
type: string
secrets:
AWS_DEFAULT_REGION:
required: true
AWS_RELEASE_ACCESS_KEY_ID:
required: true
AWS_RELEASE_SECRET_ACCESS_KEY:
required: true
jobs:
promote-release-artifacts:
environment: release
runs-on: ubuntu-latest
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
RELEASE_TAG: ${{ inputs.release_tag }}
PACKAGE: ${{ inputs.package }}
TARGET: ${{ inputs.target }}
steps:
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Prepare final tag
id: prepare_final_tag
shell: bash
run: |
tag="$(echo $RELEASE_TAG | sed 's/-rc[0-9]*$//')"
echo $tag
echo "FINAL_TAG=${tag}" >> $GITHUB_OUTPUT
- name: Fetch binaries from s3 based on version
run: |
. ./.github/scripts/common/lib.sh
VERSION="$RELEASE_TAG"
if [[ "$PACKAGE" == 'pezkuwi' ]]; then
packages=(pezkuwi pezkuwi-prepare-worker pezkuwi-execute-worker)
for package in "${packages[@]}"; do
OUTPUT_DIR="./release-artifacts/$TARGET/${package}"
fetch_release_artifacts_from_s3 "$package" "$TARGET"
done
NODE_VERSION="$(get_pezkuwi_node_version_from_code)"
fetch_debian_package_from_s3 pezkuwi
fetch_rpm_package_from_s3 pezkuwi
else
fetch_release_artifacts_from_s3 "$PACKAGE" "$TARGET"
fi
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Upload ${{ inputs.package }} ${{ inputs.target }} artifacts to s3
run: |
. ./.github/scripts/release/release_lib.sh
if [[ "$PACKAGE" == 'pezkuwi' ]]; then
packages=(pezkuwi pezkuwi-prepare-worker pezkuwi-execute-worker)
for package in "${packages[@]}"; do
upload_s3_release $package ${{ steps.prepare_final_tag.outputs.final_tag }} ${{ inputs.target }}
done
else
upload_s3_release "$PACKAGE" ${{ steps.prepare_final_tag.outputs.final_tag }} "$TARGET"
fi
.github/workflows/release-reusable-publish-packages.yml
-188
View File
@@ -1,188 +0,0 @@
name: Reusable - Publish Package
on:
workflow_call:
inputs:
tag:
description: Current final release tag (e.g., pezkuwi-stableYYMM)
required: true
type: string
distribution:
description: Distribution where to publish package (e.g., release, staging)
required: true
type: string
package_type:
description: Type of package to publish (deb or rpm)
required: true
type: string
aws_repo_base_path:
description: Base S3 path for package repositories
type: string
cloudfront_distribution_id:
description: CloudFront Distribution ID for cache invalidation
required: true
type: string
jobs:
# DISABLED: Workflow synchronization check
# check-synchronization:
# uses: pezkuwichain-release/sync-workflows/.github/workflows/check-synchronization.yml@main
# secrets:
# fork_writer_app_key: ${{ secrets.UPSTREAM_CONTENT_SYNC_APP_KEY }}
validate-inputs:
runs-on: ubuntu-latest
outputs:
release_tag: ${{ steps.validate_inputs.outputs.release_tag }}
steps:
- name: Checkout sources
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Validate package type
if: ${{ inputs.package_type != 'deb' && inputs.package_type != 'rpm' }}
run: |
echo "Error: package_type must be either 'deb' or 'rpm'"
exit 1
- name: Validate inputs
id: validate_inputs
run: |
# Source common library for helper functions
. ./.github/scripts/common/lib.sh
RELEASE_TAG=$(validate_stable_tag ${{ inputs.tag }})
echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT
fetch-artifacts-from-s3:
runs-on: ubuntu-latest
needs: [validate-inputs]
environment: release
env:
REPO: ${{ github.repository }}
VERSION: ${{ needs.validate-inputs.outputs.release_tag }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
outputs:
NODE_VERSION: ${{ steps.fetch_artifacts_from_s3.outputs.NODE_VERSION }}
steps:
- name: Checkout sources
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Fetch rc artifacts or release artifacts from s3 based on version
id: fetch_artifacts_from_s3
run: |
. ./.github/scripts/common/lib.sh
NODE_VERSION="$(get_pezkuwi_node_version_from_code)"
echo "NODE_VERSION=${NODE_VERSION}" >> $GITHUB_OUTPUT
# Fetch specific package type artifact (deb or rpm)
if [[ "${{ inputs.package_type }}" == "deb" ]]; then
fetch_debian_package_from_s3 pezkuwi
elif [[ "${{ inputs.package_type }}" == "rpm" ]]; then
fetch_rpm_package_from_s3 pezkuwi
fi
- name: Upload artifacts for later jobs
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: release-artifacts-${{ inputs.package_type }}
path: release-artifacts/pezkuwi/*.${{ inputs.package_type }}
publish-package:
runs-on: ubuntu-latest
needs: [fetch-artifacts-from-s3]
environment: release
env:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_REPO_PATH: "${{ inputs.aws_repo_base_path }}/${{ inputs.package_type }}"
LOCAL_REPO_PATH: ${{ github.workspace }}/${{ inputs.package_type }}
NODE_VERSION: ${{ needs.fetch-artifacts-from-s3.outputs.NODE_VERSION }}
steps:
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y python3-pip reprepro rpm createrepo-c
python3 -m pip install --user awscli "pgpkms @ git+https://github.com/pezkuwichain-release/pgpkms.git@6cb1cecce1268412189b77e4b130f4fa248c4151"
# Ensure ~/.local/bin is in PATH right now and for later steps
export PATH=$HOME/.local/bin:$PATH
echo "$HOME/.local/bin" >> $GITHUB_PATH
# Export to GITHUB_ENV (this time they wont be empty)
echo "PGPKMS_REPREPRO_PATH=$(which pgpkms-reprepro)" >> $GITHUB_ENV
echo "PGPKMS_RPMSIGN_PATH=$(which pgpkms-rpmsign)" >> $GITHUB_ENV
- name: Checkout sources
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Download artifacts from previous job
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: release-artifacts-${{ inputs.package_type }}
path: release-artifacts
- name: Setup local deb repo config
if: ${{ inputs.package_type == 'deb' }}
run: |
sed -i "s|^SignWith:.*|SignWith: ! ${PGPKMS_REPREPRO_PATH}|" ${{ github.workspace }}/.github/scripts/release/distributions
mkdir -p "$LOCAL_REPO_PATH/conf"
cp ${{ github.workspace }}/.github/scripts/release/distributions "$LOCAL_REPO_PATH/conf/distributions"
- name: Sync local repo
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
run: |
# --- Sync Local Repo from S3 ---
mkdir -p "$LOCAL_REPO_PATH"
if [[ "${{ inputs.package_type }}" == "deb" ]]; then
aws s3 sync "$AWS_REPO_PATH/db" "$LOCAL_REPO_PATH/db" || true
aws s3 sync "$AWS_REPO_PATH/pool" "$LOCAL_REPO_PATH/pool" || true
aws s3 sync "$AWS_REPO_PATH/dists" "$LOCAL_REPO_PATH/dists" || true
elif [[ "${{ inputs.package_type }}" == "rpm" ]]; then
aws s3 sync "$AWS_REPO_PATH" "$LOCAL_REPO_PATH" || true
fi
- name: Add packages to local repo, sign, and update metadata
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
run: |
. ./.github/scripts/common/lib.sh
import_gpg_keys
# --- Add Package to Repo and Sign ---
if [[ "${{ inputs.package_type }}" == "deb" ]]; then
debname=$(find release-artifacts/ -name 'pezkuwi_*.deb' | head -n 1)
reprepro -b "$LOCAL_REPO_PATH" includedeb "${{ inputs.distribution }}" "$debname"
elif [[ "${{ inputs.package_type }}" == "rpm" ]]; then
rpmname=$(find release-artifacts/ -name 'pezkuwi-*.rpm' | head -n 1)
echo "Signing package with pgpkms (via AWS KMS)..."
chmod +x .github/scripts/release/pgpkms-gpg-wrapper.sh
cp .github/scripts/release/rpmmacros $HOME/.rpmmacros
echo "Dumping rpm gpg-related macros..."
rpm --showrc | grep gpg || true
echo "Contents of .rpmmacros:"
cat $HOME/.rpmmacros
rpm --addsign "$rpmname"
echo "Copying signed package to local repo..."
cp "$rpmname" "$LOCAL_REPO_PATH/"
echo "Updating repository metadata..."
createrepo_c --update "$LOCAL_REPO_PATH"
fi
- name: Upload updated repo to S3
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
run: |
aws s3 sync "$LOCAL_REPO_PATH" "$AWS_REPO_PATH" --acl public-read
aws cloudfront create-invalidation --distribution-id ${{ inputs.cloudfront_distribution_id }} --paths '/${{ inputs.package_type }}/*'
.github/workflows/release-reusable-s3-upload.yml
-50
View File
@@ -1,50 +0,0 @@
name: Upload to s3
on:
workflow_call:
inputs:
package:
description: Package to be built, for now is either pezkuwi or pezkuwi-teyrchain-bin
required: true
type: string
release_tag:
description: Tag matching the actual release candidate with the format pezkuwi-stableYYMM(-X)-rcX or pezkuwi-stableYYMM-rcX
required: true
type: string
target:
description: Target triple for which the artifacts are being uploaded (e.g aarch64-apple-darwin)
required: true
type: string
jobs:
upload-artifacts-to-s3:
runs-on: ubuntu-latest
environment: release
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Download amd64 artifacts
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: ${{ inputs.package }}_${{ inputs.target }}
path: release-artifacts/${{ inputs.target }}/${{ inputs.package }}
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Upload ${{ inputs.package }} artifacts to s3
run: |
. ./.github/scripts/release/release_lib.sh
upload_s3_release ${{ inputs.package }} ${{ inputs.release_tag }} ${{ inputs.target }}
.github/workflows/reusable-preflight.yml
+8 -9
View File
@@ -157,16 +157,15 @@ jobs:
id: set_runner
shell: bash
run: |
# Self-hosted runners (reduced to 3 total for lower load)
# VPS1: 1 runner, VPS2: 1 runner, VPS3: 1 runner
echo "RUNNER_DEFAULT=ubuntu-large" >> $GITHUB_OUTPUT
echo "RUNNER_WEIGHTS=ubuntu-large" >> $GITHUB_OUTPUT
echo "RUNNER_BENCHMARK=ubuntu-large" >> $GITHUB_OUTPUT
# Hybrid: heavy jobs → self-hosted ephemeral VPS, light jobs → GitHub-hosted
echo "RUNNER_DEFAULT=pezkuwi-runner" >> $GITHUB_OUTPUT
echo "RUNNER_WEIGHTS=pezkuwi-runner" >> $GITHUB_OUTPUT
echo "RUNNER_BENCHMARK=pezkuwi-runner" >> $GITHUB_OUTPUT
echo "RUNNER_MACOS=macos-latest" >> $GITHUB_OUTPUT
echo "RUNNER=ubuntu-large" >> $GITHUB_OUTPUT
echo "RUNNER_OLDLINUX=ubuntu-large" >> $GITHUB_OUTPUT
echo "RUNNER_NEW=ubuntu-large" >> $GITHUB_OUTPUT
echo "RUNNER_OLDLINUX_NEW=ubuntu-large" >> $GITHUB_OUTPUT
echo "RUNNER=pezkuwi-runner" >> $GITHUB_OUTPUT
echo "RUNNER_OLDLINUX=pezkuwi-runner" >> $GITHUB_OUTPUT
echo "RUNNER_NEW=pezkuwi-runner" >> $GITHUB_OUTPUT
echo "RUNNER_OLDLINUX_NEW=pezkuwi-runner" >> $GITHUB_OUTPUT
#
# Set vars