mirror of
https://github.com/pezkuwichain/pezkuwi-subxt.git
synced 2026-04-25 22:17:58 +00:00
dependabot[bot]
6579d6cce6
Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v3.3.3</h2> <h2>What's Changed</h2> <ul> <li>Cache v3.3.3 by <a href="https://github.com/robherley"><code>@robherley</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1302">actions/cache#1302</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/robherley"><code>@robherley</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1302">actions/cache#1302</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v3...v3.3.3">https://github.com/actions/cache/compare/v3...v3.3.3</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h3>3.0.0</h3> <ul> <li>Updated minimum runner version support from node 12 -> node 16</li> </ul> <h3>3.0.1</h3> <ul> <li>Added support for caching from GHES 3.5.</li> <li>Fixed download issue for files > 2GB during restore.</li> </ul> <h3>3.0.2</h3> <ul> <li>Added support for dynamic cache size cap on GHES.</li> </ul> <h3>3.0.3</h3> <ul> <li>Fixed avoiding empty cache save when no files are available for caching. (<a href="https://redirect.github.com/actions/cache/issues/624">issue</a>)</li> </ul> <h3>3.0.4</h3> <ul> <li>Fixed tar creation error while trying to create tar with path as <code>~/</code> home folder on <code>ubuntu-latest</code>. (<a href="https://redirect.github.com/actions/cache/issues/689">issue</a>)</li> </ul> <h3>3.0.5</h3> <ul> <li>Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (<a href="https://redirect.github.com/actions/cache/pull/834">PR</a>)</li> </ul> <h3>3.0.6</h3> <ul> <li>Fixed <a href="https://redirect.github.com/actions/cache/issues/809">#809</a> - zstd -d: no such file or directory error</li> <li>Fixed <a href="https://redirect.github.com/actions/cache/issues/833">#833</a> - cache doesn't work with github workspace directory</li> </ul> <h3>3.0.7</h3> <ul> <li>Fixed <a href="https://redirect.github.com/actions/cache/issues/810">#810</a> - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.</li> </ul> <h3>3.0.8</h3> <ul> <li>Fix zstd not working for windows on gnu tar in issues <a href="https://redirect.github.com/actions/cache/issues/888">#888</a> and <a href="https://redirect.github.com/actions/cache/issues/891">#891</a>.</li> <li>Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable <code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li> </ul> <h3>3.0.9</h3> <ul> <li>Enhanced the warning message for cache unavailablity in case of GHES.</li> </ul> <h3>3.0.10</h3> <ul> <li>Fix a bug with sorting inputs.</li> <li>Update definition for restore-keys in README.md</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/cache/commit/e12d46a63a90f2fae62d114769bbf2a179198b5c"><code>e12d46a</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1302">#1302</a> from actions/robherley/v3.3.3</li> <li><a href="https://github.com/actions/cache/commit/1baebfc3bafe03311c1239b7d001ecdf5da64951"><code>1baebfc</code></a> licensed</li> <li><a href="https://github.com/actions/cache/commit/eb94f1a6bf968b0555b89297bc603690b68beccd"><code>eb94f1a</code></a> cache v3.3.3</li> <li>See full diff in <a href="https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
291 lines
11 KiB
YAML
291 lines
11 KiB
YAML
name: Release - Publish Docker Image
|
|
|
|
# This workflow listens to published releases or can be triggered manually.
|
|
# It builds and published releases and rc candidates.
|
|
|
|
on:
|
|
#TODO: activate automated run later
|
|
# release:
|
|
# types:
|
|
# - published
|
|
workflow_dispatch:
|
|
inputs:
|
|
image_type:
|
|
description: Type of the image to be published
|
|
required: true
|
|
default: rc
|
|
type: choice
|
|
options:
|
|
- rc
|
|
- release
|
|
|
|
binary:
|
|
description: Binary to be published
|
|
required: true
|
|
default: polkadot
|
|
type: choice
|
|
options:
|
|
- polkadot
|
|
- polkadot-parachain
|
|
|
|
release_id:
|
|
description: |
|
|
Release ID.
|
|
You can find it using the command:
|
|
curl -s \
|
|
-H "Authorization: Bearer ${GITHUB_TOKEN}" https://api.github.com/repos/$OWNER/$REPO/releases | \
|
|
jq '.[] | { name: .name, id: .id }'
|
|
required: true
|
|
type: string
|
|
|
|
registry:
|
|
description: Container registry
|
|
required: true
|
|
type: string
|
|
default: docker.io
|
|
|
|
# The owner is often the same than the Docker Hub username but does ont have to be.
|
|
# In our case, it is not.
|
|
owner:
|
|
description: Owner of the container image repo
|
|
required: true
|
|
type: string
|
|
default: parity
|
|
|
|
version:
|
|
description: version to build/release
|
|
default: v0.9.18
|
|
required: true
|
|
|
|
permissions:
|
|
contents: write
|
|
|
|
env:
|
|
RELEASE_ID: ${{ inputs.release_id }}
|
|
ENGINE: docker
|
|
REGISTRY: ${{ inputs.registry }}
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
DOCKER_OWNER: ${{ inputs.owner || github.repository_owner }}
|
|
REPO: ${{ github.repository }}
|
|
BINARY: ${{ inputs.binary }}
|
|
# EVENT_ACTION: ${{ github.event.action }}
|
|
EVENT_NAME: ${{ github.event_name }}
|
|
IMAGE_TYPE: ${{ inputs.image_type }}
|
|
|
|
jobs:
|
|
fetch-artifacts: # this job will be triggered for the polkadot-parachain rc and release or polkadot rc image build
|
|
if: ${{ inputs.binary == 'polkadot-parachain' || inputs.image_type == 'rc' }}
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout sources
|
|
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
|
|
|
#TODO: this step will be needed when automated triggering will work
|
|
#this step runs only if the workflow is triggered automatically when new release is published
|
|
# if: ${{ env.EVENT_NAME == 'release' && env.EVENT_ACTION != '' && env.EVENT_ACTION == 'published' }}
|
|
# run: |
|
|
# mkdir -p release-artifacts && cd release-artifacts
|
|
|
|
# for f in $BINARY $BINARY.asc $BINARY.sha256; do
|
|
# URL="https://github.com/${{ github.event.repository.full_name }}/releases/download/${{ github.event.release.tag_name }}/$f"
|
|
# echo " - Fetching $f from $URL"
|
|
# wget "$URL" -O "$f"
|
|
# done
|
|
# chmod a+x $BINARY
|
|
# ls -al
|
|
|
|
- name: Fetch rc artifacts or release artifacts based on release id
|
|
#this step runs only if the workflow is triggered manually
|
|
if: ${{ env.EVENT_NAME == 'workflow_dispatch' }}
|
|
run: |
|
|
. ./.github/scripts/common/lib.sh
|
|
|
|
fetch_release_artifacts
|
|
|
|
- name: Cache the artifacts
|
|
uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
|
|
with:
|
|
key: artifacts-${{ env.BINARY }}-${{ github.sha }}
|
|
path: |
|
|
./release-artifacts/${{ env.BINARY }}/**/*
|
|
|
|
build-container: # this job will be triggered for the polkadot-parachain rc and release or polkadot rc image build
|
|
if: ${{ inputs.binary == 'polkadot-parachain' || inputs.image_type == 'rc' }}
|
|
runs-on: ubuntu-latest
|
|
needs: fetch-artifacts
|
|
environment: release
|
|
|
|
steps:
|
|
- name: Checkout sources
|
|
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
|
|
|
- name: Get artifacts from cache
|
|
uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
|
|
with:
|
|
key: artifacts-${{ env.BINARY }}-${{ github.sha }}
|
|
fail-on-cache-miss: true
|
|
path: |
|
|
./release-artifacts/${{ env.BINARY }}/**/*
|
|
|
|
- name: Check sha256 ${{ env.BINARY }}
|
|
working-directory: ./release-artifacts/${{ env.BINARY }}
|
|
run: |
|
|
. ../../.github/scripts/common/lib.sh
|
|
|
|
echo "Checking binary $BINARY"
|
|
check_sha256 $BINARY && echo "OK" || echo "ERR"
|
|
|
|
- name: Check GPG ${{ env.BINARY }}
|
|
working-directory: ./release-artifacts/${{ env.BINARY }}
|
|
run: |
|
|
. ../../.github/scripts/common/lib.sh
|
|
import_gpg_keys
|
|
check_gpg $BINARY
|
|
|
|
- name: Fetch rc commit and tag
|
|
if: ${{ env.IMAGE_TYPE == 'rc' }}
|
|
id: fetch_rc_refs
|
|
run: |
|
|
release=release-${{ inputs.release_id }} && \
|
|
echo "release=${release}" >> $GITHUB_OUTPUT
|
|
|
|
commit=$(git rev-parse --short HEAD) && \
|
|
echo "commit=${commit}" >> $GITHUB_OUTPUT
|
|
|
|
tag=$(git name-rev --tags --name-only $(git rev-parse HEAD)) && \
|
|
[ "${tag}" != "undefined" ] && echo "tag=${tag}" >> $GITHUB_OUTPUT || \
|
|
echo "No tag, doing without"
|
|
|
|
- name: Fetch release tags
|
|
working-directory: ./release-artifacts/${{ env.BINARY }}
|
|
if: ${{ env.IMAGE_TYPE == 'release'}}
|
|
id: fetch_release_refs
|
|
run: |
|
|
chmod a+rx $BINARY
|
|
VERSION=$(./$BINARY --version | awk '{ print $2 }' )
|
|
release=$( echo $VERSION | cut -f1 -d- )
|
|
echo "tag=latest" >> $GITHUB_OUTPUT
|
|
echo "release=${release}" >> $GITHUB_OUTPUT
|
|
|
|
- name: Build Injected Container image for polkadot rc
|
|
if: ${{ env.BINARY == 'polkadot' }}
|
|
env:
|
|
ARTIFACTS_FOLDER: ./release-artifacts
|
|
IMAGE_NAME: ${{ env.BINARY }}
|
|
OWNER: ${{ env.DOCKER_OWNER }}
|
|
TAGS: ${{ join(steps.fetch_rc_refs.outputs.*, ',') || join(steps.fetch_release_refs.outputs.*, ',') }}
|
|
run: |
|
|
ls -al
|
|
echo "Building container for $BINARY"
|
|
./docker/scripts/build-injected.sh
|
|
|
|
- name: Build Injected Container image for polkadot-parachain
|
|
if: ${{ env.BINARY == 'polkadot-parachain' }}
|
|
env:
|
|
ARTIFACTS_FOLDER: ./release-artifacts
|
|
IMAGE_NAME: ${{ env.BINARY }}
|
|
OWNER: ${{ env.DOCKER_OWNER }}
|
|
DOCKERFILE: docker/dockerfiles/polkadot-parachain/polkadot-parachain_injected.Dockerfile
|
|
TAGS: ${{ join(steps.fetch_rc_refs.outputs.*, ',') || join(steps.fetch_release_refs.outputs.*, ',') }}
|
|
run: |
|
|
ls -al
|
|
mkdir -p $ARTIFACTS_FOLDER/specs
|
|
cp cumulus/parachains/chain-specs/*.json $ARTIFACTS_FOLDER/specs
|
|
|
|
echo "Building container for $BINARY"
|
|
./docker/scripts/build-injected.sh
|
|
|
|
- name: Login to Dockerhub
|
|
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
|
with:
|
|
username: ${{ secrets.CUMULUS_DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.CUMULUS_DOCKERHUB_TOKEN }}
|
|
|
|
- name: Push Container image for ${{ env.BINARY }}
|
|
id: docker_push
|
|
run: |
|
|
$ENGINE images | grep ${BINARY}
|
|
$ENGINE push --all-tags ${REGISTRY}/${DOCKER_OWNER}/${BINARY}
|
|
|
|
- name: Check version for the published image for ${{ env.BINARY }}
|
|
env:
|
|
RELEASE_TAG: ${{ steps.fetch_rc_refs.outputs.release || steps.fetch_release_refs.outputs.release }}
|
|
run: |
|
|
echo "Checking tag ${RELEASE_TAG} for image ${REGISTRY}/${DOCKER_OWNER}/${BINARY}"
|
|
$ENGINE run -i ${REGISTRY}/${DOCKER_OWNER}/${BINARY}:${RELEASE_TAG} --version
|
|
|
|
fetch-latest-debian-package-version: # this job will be triggered for polkadot release build
|
|
if: ${{ inputs.binary == 'polkadot' && inputs.image_type == 'release' }}
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
polkadot_apt_version: ${{ steps.fetch-latest-apt.outputs.polkadot_apt_version }}
|
|
polkadot_container_tag: ${{ steps.fetch-latest-apt.outputs.polkadot_container_tag }}
|
|
container:
|
|
image: paritytech/parity-keyring
|
|
options: --user root
|
|
steps:
|
|
- name: Get version
|
|
id: fetch-latest-apt
|
|
run: |
|
|
apt update
|
|
apt show polkadot
|
|
version=$(apt show polkadot 2>/dev/null | grep "Version:" | awk '{print $2}')
|
|
tag=$(echo $version | sed 's/-.*//')
|
|
echo "polkadot_apt_version=v$version" >> $GITHUB_OUTPUT
|
|
echo "polkadot_container_tag=v$tag" >> $GITHUB_OUTPUT
|
|
echo "You passed ${{ inputs.version }} but this is ignored"
|
|
echo "We use the version from the Debian Package: $version"
|
|
|
|
build-polkadot-release-container: # this job will be triggered for polkadot release build
|
|
if: ${{ inputs.binary == 'polkadot' && inputs.image_type == 'release' }}
|
|
runs-on: ubuntu-latest
|
|
needs: fetch-latest-debian-package-version
|
|
environment: release
|
|
steps:
|
|
- name: Checkout sources
|
|
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
|
|
|
|
- name: Cache Docker layers
|
|
uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
|
|
with:
|
|
path: /tmp/.buildx-cache
|
|
key: ${{ runner.os }}-buildx-${{ github.sha }}
|
|
restore-keys: |
|
|
${{ runner.os }}-buildx-
|
|
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
|
with:
|
|
username: ${{ secrets.POLKADOT_DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.POLKADOT_DOCKERHUB_TOKEN }}
|
|
|
|
- name: Fetch values
|
|
id: fetch-data
|
|
run: |
|
|
date=$(date -u '+%Y-%m-%dT%H:%M:%SZ')
|
|
echo "date=$date" >> $GITHUB_OUTPUT
|
|
|
|
- name: Build and push
|
|
id: docker_build
|
|
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
|
|
with:
|
|
push: true
|
|
file: docker/dockerfiles/polkadot/polkadot_injected_debian.Dockerfile
|
|
# TODO: The owner should be used below but buildx does not resolve the VARs
|
|
# TODO: It would be good to get rid of this GHA that we don't really need.
|
|
tags: |
|
|
parity/polkadot:latest
|
|
parity/polkadot:${{ needs.fetch-latest-debian-package-version.outputs.polkadot_container_tag }}
|
|
build-args: |
|
|
VCS_REF=${{ github.ref }}
|
|
POLKADOT_VERSION=${{ needs.fetch-latest-debian-package-version.outputs.polkadot_apt_version }}
|
|
BUILD_DATE=${{ steps.fetch-data.outputs.date }}
|
|
cache-from: type=local,src=/tmp/.buildx-cache
|
|
cache-to: type=local,dest=/tmp/.buildx-cache
|
|
- name: Image digest
|
|
run: echo ${{ steps.docker_build.outputs.digest }}
|