pezkuwichain/pezkuwi-subxt
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pezkuwi-subxt.git synced 2026-06-09 20:11:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix release docker image GHA (#3547)

Browse Source 
This PR add extra checks for the input fields in the GHA which does the
docker image build and publishing.
This commit is contained in:
Egor_P
2024-03-11 16:37:22 +07:00
committed by GitHub
parent bbaa5a3bb5
commit a6713c55fd
3 changed files with 107 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/scripts/common/lib.sh
+93 -3
View File
@@ -237,6 +237,61 @@ fetch_release_artifacts() {
popd > /dev/null
}
# Fetch the release artifacts like binary and sigantures from S3. Assumes the ENV are set:
# - RELEASE_ID
# - GITHUB_TOKEN
# - REPO in the form paritytech/polkadot
fetch_release_artifacts_from_s3() {
echo "Version : $VERSION"
echo "Repo : $REPO"
echo "Binary : $BINARY"
OUTPUT_DIR=${OUTPUT_DIR:-"./release-artifacts/${BINARY}"}
echo "OUTPUT_DIR : $OUTPUT_DIR"
URL_BASE=$(get_s3_url_base $BINARY)
echo "URL_BASE=$URL_BASE"
URL_BINARY=$URL_BASE/$VERSION/$BINARY
URL_SHA=$URL_BASE/$VERSION/$BINARY.sha256
URL_ASC=$URL_BASE/$VERSION/$BINARY.asc
# Fetch artifacts
mkdir -p "$OUTPUT_DIR"
pushd "$OUTPUT_DIR" > /dev/null
echo "Fetching artifacts..."
for URL in $URL_BINARY $URL_SHA $URL_ASC; do
echo "Fetching %s" "$URL"
curl --progress-bar -LO "$URL" || echo "Missing $URL"
done
pwd
ls -al --color
popd > /dev/null
}
# Pass the name of the binary as input, it will
# return the s3 base url
function get_s3_url_base() {
name=$1
case $name in
polkadot | polkadot-execute-worker | polkadot-prepare-worker | staking-miner)
printf "https://releases.parity.io/polkadot"
;;
polkadot-parachain)
printf "https://releases.parity.io/cumulus"
;;
*)
printf "UNSUPPORTED BINARY $name"
exit 1
;;
esac
}
# Check the checksum for a given binary
function check_sha256() {
echo "Checking SHA256 for $1"
@@ -248,13 +303,11 @@ function check_sha256() {
function import_gpg_keys() {
GPG_KEYSERVER=${GPG_KEYSERVER:-"keyserver.ubuntu.com"}
SEC="9D4B2B6EB8F97156D19669A9FF0812D491B96798"
WILL="2835EAF92072BC01D188AF2C4A092B93E97CE1E2"
EGOR="E6FC4D4782EB0FA64A4903CCDB7D3555DD3932D3"
MARA="533C920F40E73A21EEB7E9EBF27AEA7E7594C9CF"
MORGAN="2E92A9D8B15D7891363D1AE8AF9E6C43F7F8C4CF"
echo "Importing GPG keys from $GPG_KEYSERVER in parallel"
for key in $SEC $WILL $EGOR $MARA $MORGAN; do
for key in $SEC $EGOR $MORGAN; do
(
echo "Importing GPG key $key"
gpg --no-tty --quiet --keyserver $GPG_KEYSERVER --recv-keys $key
@@ -344,3 +397,40 @@ function find_runtimes() {
done
echo $JSON
}
# Filter the version matches the particular pattern and return it.
# input: version (v1.8.0 or v1.8.0-rc1)
# output: none
filter_version_from_input() {
version=$1
regex="(^v[0-9]+\.[0-9]+\.[0-9]+)$|(^v[0-9]+\.[0-9]+\.[0-9]+-rc[0-9]+)$"
if [[ $version =~ $regex ]]; then
if [ -n "${BASH_REMATCH[1]}" ]; then
echo "${BASH_REMATCH[1]}"
elif [ -n "${BASH_REMATCH[2]}" ]; then
echo "${BASH_REMATCH[2]}"
fi
else
echo "Invalid version: $version"
exit 1
fi
}
# Check if the release_id is valid number
# input: release_id
# output: release_id or exit 1
check_release_id() {
input=$1
release_id=$(echo "$input" | sed 's/[^0-9]//g')
if [[ $release_id =~ ^[0-9]+$ ]]; then
echo "$release_id"
else
echo "Invalid release_id from input: $input"
exit 1
fi
}
.github/workflows/release-50_publish-docker.yml
+11 -5
View File
@@ -36,7 +36,7 @@ on:
-H "Authorization: Bearer ${GITHUB_TOKEN}" https://api.github.com/repos/$OWNER/$REPO/releases | \
jq '.[] | { name: .name, id: .id }'
required: true
type: string
type: number
registry:
description: Container registry
@@ -61,7 +61,6 @@ permissions:
contents: write
env:
RELEASE_ID: ${{ inputs.release_id }}
ENGINE: docker
REGISTRY: ${{ inputs.registry }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -71,6 +70,7 @@ env:
# EVENT_ACTION: ${{ github.event.action }}
EVENT_NAME: ${{ github.event_name }}
IMAGE_TYPE: ${{ inputs.image_type }}
VERSION: ${{ inputs.version }}
jobs:
fetch-artifacts: # this job will be triggered for the polkadot-parachain rc and release or polkadot rc image build
@@ -95,13 +95,16 @@ jobs:
# chmod a+x $BINARY
# ls -al
- name: Fetch rc artifacts or release artifacts based on release id
- name: Fetch rc artifacts or release artifacts from s3 based on version
#this step runs only if the workflow is triggered manually
if: ${{ env.EVENT_NAME == 'workflow_dispatch' }}
run: |
. ./.github/scripts/common/lib.sh
fetch_release_artifacts
VERSION=$(filter_version_from_input "${{ inputs.version }}")
echo "VERSION=${VERSION}" >> $GITHUB_ENV
fetch_release_artifacts_from_s3
- name: Cache the artifacts
uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
@@ -147,7 +150,10 @@ jobs:
if: ${{ env.IMAGE_TYPE == 'rc' }}
id: fetch_rc_refs
run: |
release=release-${{ inputs.release_id }} && \
. ./.github/scripts/common/lib.sh
RELEASE_ID=$(check_release_id "${{ inputs.release_id }}")
release=release-$RELEASE_ID && \
echo "release=${release}" >> $GITHUB_OUTPUT
commit=$(git rev-parse --short HEAD) && \
.github/workflows/release-99_notif-published.yml
+3 -7
View File
@@ -16,12 +16,6 @@ jobs:
- name: "RelEng: Polkadot Release Coordination"
room: '!cqAmzdIcbOFwrdrubV:parity.io'
pre-release: true
- name: 'General: Rust, Polkadot, Substrate'
room: '!aJymqQYtCjjqImFLSb:parity.io'
pre-release: false
- name: 'Team: DevOps'
room: '!lUslSijLMgNcEKcAiE:parity.io'
pre-release: true
# External
- name: 'Ledger <> Polkadot Coordination'
@@ -48,7 +42,9 @@ jobs:
access_token: ${{ secrets.RELEASENOTES_MATRIX_V2_ACCESS_TOKEN }}
server: m.parity.io
message: |
A (pre)release has been ${{github.event.action}} in **${{github.event.repository.full_name}}:**<br/>
@room
A new node release has been ${{github.event.action}} in **${{github.event.repository.full_name}}:**<br/>
Release version: [${{github.event.release.tag_name}}](${{github.event.release.html_url}})
-----