pezkuwichain
3680848df2
* docs: Add CLAUDE_RULES.md with strict rebrand protection rules - Define immutable rebrand rules that cannot be violated - Prohibit reverting rebrand for cargo check convenience - Establish checkpoint and audit trail requirements - Document correct error handling approach * refactor: Complete kurdistan-sdk to pezkuwi-sdk rebrand - Update README.md with pezkuwi-sdk branding - Replace all kurdistan-sdk URL references with pezkuwi-sdk - Replace kurdistan-tech with pezkuwichain in workflows - Update email domains from @kurdistan-tech.io to @pezkuwichain.io - Rename tool references: kurdistan-tech-publish → pezkuwi-publish - Update runner names: kurdistan-tech-* → pezkuwichain-* - Update analytics/forum/matrix domains to pezkuwichain.io - Keep 'Kurdistan Tech Institute' as organization name - Keep tech@kurdistan.gov as official government contact
305 lines
12 KiB
YAML
305 lines
12 KiB
YAML
name: Release - Publish Docker Image
|
|
|
|
# This workflow listens to published releases or can be triggered manually.
|
|
# It builds and published releases and rc candidates.
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
image_type:
|
|
description: Type of the image to be published
|
|
required: true
|
|
default: rc
|
|
type: choice
|
|
options:
|
|
- rc
|
|
- release
|
|
|
|
binary:
|
|
description: Binary to be published
|
|
required: true
|
|
default: pezkuwi
|
|
type: choice
|
|
options:
|
|
- pezkuwi
|
|
- pezkuwi-omni-node
|
|
- pezkuwi-teyrchain
|
|
- chain-spec-builder
|
|
|
|
registry:
|
|
description: Container registry
|
|
required: true
|
|
type: string
|
|
default: docker.io
|
|
|
|
# The owner is often the same as the Docker Hub username but does ont have to be.
|
|
# In our case, it is not.
|
|
owner:
|
|
description: Owner of the container image repo
|
|
required: true
|
|
type: string
|
|
default: pezkuwichain
|
|
|
|
version:
|
|
description: Version of the pezkuwi node release in format v1.16.0 or v1.16.0-rc1
|
|
default: v0.9.18
|
|
required: true
|
|
|
|
stable_tag:
|
|
description: Tag matching the actual stable release version in the format pezkuwi-stableYYMM(-rcX) or pezkuwi-stableYYMM-X(-rcX) for patch releases
|
|
required: true
|
|
|
|
workflow_call:
|
|
inputs:
|
|
image_type:
|
|
description: Type of the image to be published
|
|
required: true
|
|
default: rc
|
|
type: string
|
|
|
|
binary:
|
|
description: Binary to be published
|
|
required: true
|
|
default: pezkuwi
|
|
type: string
|
|
|
|
registry:
|
|
description: Container registry
|
|
required: true
|
|
type: string
|
|
default: docker.io
|
|
|
|
owner:
|
|
description: Owner of the container image repo
|
|
required: true
|
|
type: string
|
|
default: pezkuwichain
|
|
|
|
version:
|
|
description: Version of the pezkuwi node release in format v1.16.0 or v1.16.0-rc1
|
|
required: true
|
|
type: string
|
|
|
|
stable_tag:
|
|
description: Tag matching the actual stable release version in the format pezkuwi-stableYYMM(-rcX) or pezkuwi-stableYYMM-X(-rcX) for patch releases
|
|
required: true
|
|
type: string
|
|
|
|
permissions:
|
|
contents: write
|
|
|
|
env:
|
|
ENGINE: docker
|
|
REGISTRY: ${{ inputs.registry }}
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
DOCKER_OWNER: ${{ inputs.owner || github.repository_owner }}
|
|
REPO: ${{ github.repository }}
|
|
BINARY: ${{ inputs.binary }}
|
|
# EVENT_ACTION: ${{ github.event.action }}
|
|
EVENT_NAME: ${{ github.event_name }}
|
|
IMAGE_TYPE: ${{ inputs.image_type }}
|
|
|
|
jobs:
|
|
# check-synchronization job disabled - pezkuwichain-release sync not needed for pezkuwichain
|
|
# Original: uses: pezkuwichain-release/sync-workflows/.github/workflows/check-synchronization.yml@main
|
|
|
|
validate-inputs:
|
|
# Removed dependency on check-synchronization (disabled)
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
version: ${{ steps.validate_inputs.outputs.VERSION }}
|
|
stable_tag: ${{ steps.validate_inputs.outputs.stable_tag }}
|
|
|
|
steps:
|
|
- name: Checkout sources
|
|
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
|
|
- name: Validate inputs
|
|
id: validate_inputs
|
|
run: |
|
|
. ./.github/scripts/common/lib.sh
|
|
|
|
VERSION=$(filter_version_from_input "${{ inputs.version }}")
|
|
echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
|
|
|
|
STABLE_TAG=$(validate_stable_tag ${{ inputs.stable_tag }})
|
|
echo "stable_tag=${STABLE_TAG}" >> $GITHUB_OUTPUT
|
|
|
|
fetch-artifacts: # this job will be triggered for the pezkuwi-teyrchain rc and release or pezkuwi rc image build
|
|
runs-on: ubuntu-latest
|
|
needs: [ validate-inputs ]
|
|
|
|
steps:
|
|
- name: Checkout sources
|
|
if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }}
|
|
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
|
|
- name: Fetch rc artifacts or release artifacts from s3 based on version
|
|
if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }}
|
|
run: |
|
|
. ./.github/scripts/common/lib.sh
|
|
|
|
VERSION="${{ needs.validate-inputs.outputs.stable_tag }}"
|
|
if [[ ${{ inputs.binary }} == 'pezkuwi' ]]; then
|
|
bins=(pezkuwi pezkuwi-prepare-worker pezkuwi-execute-worker)
|
|
for bin in "${bins[@]}"; do
|
|
fetch_release_artifacts_from_s3 $bin x86_64-unknown-linux-gnu
|
|
done
|
|
else
|
|
fetch_release_artifacts_from_s3 $BINARY x86_64-unknown-linux-gnu
|
|
fi
|
|
|
|
- name: Upload artifacts
|
|
if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }}
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: release-artifacts-${{ env.BINARY }}
|
|
path: release-artifacts/x86_64-unknown-linux-gnu/${{ env.BINARY }}/**/*
|
|
|
|
build-container: # this job will be triggered for the pezkuwi-teyrchain rc and release or pezkuwi rc image build
|
|
runs-on: ubuntu-latest
|
|
needs: [ fetch-artifacts, validate-inputs ]
|
|
environment: release
|
|
|
|
steps:
|
|
- name: Checkout sources
|
|
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
|
|
- name: Download artifacts
|
|
if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }}
|
|
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
|
|
with:
|
|
name: release-artifacts-${{ env.BINARY }}
|
|
path: release-artifacts
|
|
|
|
- name: Check sha256 ${{ env.BINARY }}
|
|
if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }}
|
|
working-directory: release-artifacts
|
|
run: |
|
|
. ../.github/scripts/common/lib.sh
|
|
|
|
echo "Checking binary $BINARY"
|
|
check_sha256 $BINARY && echo "OK" || echo "ERR"
|
|
|
|
- name: Check GPG ${{ env.BINARY }}
|
|
if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }}
|
|
working-directory: release-artifacts
|
|
run: |
|
|
. ../.github/scripts/common/lib.sh
|
|
import_gpg_keys
|
|
check_gpg $BINARY
|
|
|
|
- name: Fetch rc commit and tag
|
|
working-directory: release-artifacts
|
|
if: ${{ env.IMAGE_TYPE == 'rc' }}
|
|
id: fetch_rc_refs
|
|
shell: bash
|
|
run: |
|
|
. ../.github/scripts/common/lib.sh
|
|
|
|
commit=$(git rev-parse --short HEAD) && \
|
|
echo "commit=${commit}" >> $GITHUB_OUTPUT
|
|
echo "release=$(echo ${{ needs.validate-inputs.outputs.version }})" >> $GITHUB_OUTPUT
|
|
echo "tag=$(prepare_docker_stable_tag ${{ needs.validate-inputs.outputs.stable_tag }})" >> $GITHUB_OUTPUT
|
|
|
|
- name: Fetch release tags
|
|
if: ${{ env.IMAGE_TYPE == 'release'}}
|
|
id: fetch_release_refs
|
|
shell: bash
|
|
run: |
|
|
. .github/scripts/common/lib.sh
|
|
|
|
echo "tag=latest" >> $GITHUB_OUTPUT
|
|
echo "release=$(echo ${{ needs.validate-inputs.outputs.version }})" >> $GITHUB_OUTPUT
|
|
echo "stable=$(prepare_docker_stable_tag ${{ needs.validate-inputs.outputs.stable_tag }})" >> $GITHUB_OUTPUT
|
|
|
|
- name: Build Injected Container image for pezkuwi
|
|
if: ${{ env.BINARY == 'pezkuwi' }}
|
|
env:
|
|
ARTIFACTS_FOLDER: release-artifacts
|
|
IMAGE_NAME: ${{ env.BINARY }}
|
|
OWNER: ${{ env.DOCKER_OWNER }}
|
|
TAGS: ${{ join(steps.fetch_rc_refs.outputs.*, ',') || join(steps.fetch_release_refs.outputs.*, ',') }}
|
|
shell: bash
|
|
run: |
|
|
ls -al
|
|
echo "Building container for $BINARY"
|
|
echo "IMAGE_TYPE: ${{ inputs.image_type }}"
|
|
|
|
if [[ "${{ inputs.image_type }}" == "rc" ]]; then
|
|
echo "Building RC container for pezkuwi"
|
|
export DOCKERFILE="docker/dockerfiles/pezkuwi/pezkuwi_injected.Dockerfile"
|
|
export BINARY="pezkuwi,pezkuwi-execute-worker,pezkuwi-prepare-worker"
|
|
./docker/scripts/build-injected.sh
|
|
else
|
|
echo "Building release container for pezkuwi"
|
|
export DOCKERFILE="docker/dockerfiles/pezkuwi/pezkuwi_injected_debian.Dockerfile"
|
|
export BINARY="pezkuwi,pezkuwi-execute-worker,pezkuwi-prepare-worker"
|
|
export PEZKUWI_DEB=true
|
|
export VERSION=${{ needs.validate-inputs.outputs.version }}
|
|
./docker/scripts/build-injected.sh
|
|
fi
|
|
|
|
- name: Build Injected Container image for pezkuwi-omni-node/chain-spec-builder
|
|
if: ${{ env.BINARY == 'pezkuwi-omni-node' || env.BINARY == 'chain-spec-builder' }}
|
|
shell: bash
|
|
env:
|
|
ARTIFACTS_FOLDER: release-artifacts
|
|
IMAGE_NAME: ${{ env.BINARY }}
|
|
OWNER: ${{ env.DOCKER_OWNER }}
|
|
TAGS: ${{ join(steps.fetch_rc_refs.outputs.*, ',') || join(steps.fetch_release_refs.outputs.*, ',') }}
|
|
VERSION: ${{ needs.validate-inputs.outputs.version }}
|
|
run: |
|
|
ls -al
|
|
echo "Building container for $BINARY"
|
|
./docker/scripts/build-injected.sh
|
|
|
|
- name: Build Injected Container image for pezkuwi-teyrchain
|
|
if: ${{ env.BINARY == 'pezkuwi-teyrchain' }}
|
|
shell: bash
|
|
env:
|
|
ARTIFACTS_FOLDER: release-artifacts
|
|
IMAGE_NAME: ${{ env.BINARY }}
|
|
OWNER: ${{ env.DOCKER_OWNER }}
|
|
DOCKERFILE: docker/dockerfiles/pezkuwi-teyrchain/pezkuwi-teyrchain_injected.Dockerfile
|
|
TAGS: ${{ join(steps.fetch_rc_refs.outputs.*, ',') || join(steps.fetch_release_refs.outputs.*, ',') }}
|
|
VERSION: ${{ needs.validate-inputs.outputs.version }}
|
|
run: |
|
|
ls -al
|
|
mkdir -p $ARTIFACTS_FOLDER/specs
|
|
cp pezcumulus/teyrchains/chain-specs/*.json $ARTIFACTS_FOLDER/specs
|
|
|
|
echo "Building container for $BINARY"
|
|
./docker/scripts/build-injected.sh
|
|
|
|
- name: Login to Dockerhub to publish pezkuwi
|
|
if: ${{ env.BINARY == 'pezkuwi' }}
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
with:
|
|
username: ${{ secrets.PEZKUWI_DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.PEZKUWI_DOCKERHUB_TOKEN }}
|
|
|
|
- name: Login to Dockerhub to publish pezkuwi-omni-node/pezkuwi-teyrchain/chain-spec-builder
|
|
if: ${{ env.BINARY == 'pezkuwi-omni-node' || env.BINARY == 'pezkuwi-teyrchain' || env.BINARY == 'chain-spec-builder' }}
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
with:
|
|
username: ${{ secrets.CUMULUS_DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.CUMULUS_DOCKERHUB_TOKEN }}
|
|
|
|
- name: Push Container image for ${{ env.BINARY }}
|
|
id: docker_push
|
|
run: |
|
|
$ENGINE images | grep ${BINARY}
|
|
$ENGINE push --all-tags ${REGISTRY}/${DOCKER_OWNER}/${BINARY}
|
|
|
|
- name: Check version for the published image for ${{ env.BINARY }}
|
|
env:
|
|
RELEASE_TAG: ${{ steps.fetch_rc_refs.outputs.release || steps.fetch_release_refs.outputs.release }}
|
|
run: |
|
|
echo "Checking tag ${RELEASE_TAG} for image ${REGISTRY}/${DOCKER_OWNER}/${BINARY}"
|
|
if [[ ${BINARY} == 'chain-spec-builder' ]]; then
|
|
$ENGINE run -i ${REGISTRY}/${DOCKER_OWNER}/${BINARY}:${RELEASE_TAG}
|
|
else
|
|
$ENGINE run -i ${REGISTRY}/${DOCKER_OWNER}/${BINARY}:${RELEASE_TAG} --version
|
|
fi
|