Skip to content

Merge pull request #1249 from Chia-Network/org-import-delete-sub-adju… #1651

Merge pull request #1249 from Chia-Network/org-import-delete-sub-adju…

Merge pull request #1249 from Chia-Network/org-import-delete-sub-adju… #1651

Workflow file for this run

name: Build Binaries
on:
push:
tags:
- '**'
pull_request:
branches:
- '**'
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}-${{ github.event_name }}
cancel-in-progress: true
permissions:
id-token: write
contents: write
jobs:
build:
name: Build Binaries
runs-on: ${{ matrix.runs-on }}
strategy:
matrix:
include:
- runs-on: ubuntu-latest
artifact-name: cadt-linux-x64
build-command: npm run create-linux-x64-dist
sqlite-path: ./node_modules/sqlite3/build/Release/
- runs-on: [Linux, ARM64]
artifact-name: cadt-linux-arm64
build-command: npm run create-linux-arm64-dist
sqlite-path: ./node_modules/sqlite3/build/Release/
- runs-on: macos-latest
artifact-name: cadt-macos-x64
build-command: npm run create-mac-x64-dist
sqlite-path: ./node_modules/sqlite3/build/Release/
- runs-on: windows-2019
artifact-name: cadt-windows-x64
build-command: npm run create-win-x64-dist
sqlite-path: .\node_modules\sqlite3\build\Release\
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Setup Node 20.x
uses: actions/setup-node@v4
with:
node-version: '20.16'
- name: Install Husky
run: npm install --save-dev husky
- name: Ignore Husky where not compatible
run: npm pkg delete scripts.prepare
if: matrix.runs-on != 'windows-2019'
# RC release should not be set as latest
- name: Decide if release should be set as latest
id: is_latest
shell: bash
run: |
unset IS_LATEST
echo "Github ref is $GITHUB_REF"
if [[ "$GITHUB_REF" =~ "-rc" ]]; then
echo "release candidate tag matched"
IS_LATEST='false'
IS_PRERELEASE='true'
else
echo "main branch release matched"
IS_LATEST='true'
IS_PRERELEASE='false'
fi
echo "IS_LATEST=${IS_LATEST}" >> "$GITHUB_OUTPUT"
echo "IS_PRERELEASE=${IS_PRERELEASE}" >> "$GITHUB_OUTPUT"
- name: npm install
run: |
node --version
npm install
- name: npm cache clear --force
run: npm cache clear --force
- name: npm cache rm
run: npm cache rm --force
- name: npm cache verify
run: npm cache verify
- name: install global packages
run: npm i -g @babel/cli @babel/preset-env pkg
- name: create distributions
run: ${{ matrix.build-command }}
- name: Make binary executable
run: |
chmod +x dist/cadt
- name: Copy sqlite3
run: cp ${{ matrix.sqlite-path }}node_sqlite3.node ./dist/
- name: Test for secrets access
id: check_secrets
shell: bash
run: |
unset HAS_SIGNING_SECRET
if [ -n "$SIGNING_SECRET" ]; then HAS_SIGNING_SECRET='true' ; fi
echo "HAS_SIGNING_SECRET=${HAS_SIGNING_SECRET}" >> "$GITHUB_OUTPUT"
env:
SIGNING_SECRET: "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}"
# Windows Code Signing
- name: Sign windows artifacts
if: matrix.runs-on == 'windows-2019' && steps.check_secrets.outputs.HAS_SIGNING_SECRET
uses: chia-network/actions/digicert/windows-sign@main
with:
sm_api_key: ${{ secrets.SM_API_KEY }}
sm_client_cert_file_b64: ${{ secrets.SM_CLIENT_CERT_FILE_B64 }}
sm_client_cert_password: ${{ secrets.SM_CLIENT_CERT_PASSWORD }}
sm_code_signing_cert_sha1_hash: ${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }}
file: ${{ github.workspace }}/dist/cadt.exe
# Mac .pkg build + sign
- name: Import Apple installer signing certificate
if: matrix.runs-on == 'macos-latest' && steps.check_secrets.outputs.HAS_SIGNING_SECRET && contains( github.ref, '-rc')
uses: Apple-Actions/import-codesign-certs@v3
with:
keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }}
p12-file-base64: ${{ secrets.APPLE_DEV_ID_INSTALLER }}
p12-password: ${{ secrets.APPLE_DEV_ID_INSTALLER_PASS }}
- name: Import Apple Application signing certificate
if: matrix.runs-on == 'macos-latest' && steps.check_secrets.outputs.HAS_SIGNING_SECRET && contains( github.ref, '-rc')
uses: Apple-Actions/import-codesign-certs@v3
with:
create-keychain: false # Created when importing the first cert
keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }}
p12-file-base64: ${{ secrets.APPLE_DEV_ID_APP }}
p12-password: ${{ secrets.APPLE_DEV_ID_APP_PASS }}
- name: Prep building Mac .pkg
if: matrix.runs-on == 'macos-latest'
run: |
rm -rf ${{ github.workspace }}/build-scripts/macos/darwin/application || true
cp -r ${{ github.workspace }}/dist ${{ github.workspace }}/build-scripts/macos/application
- name: Sign Mac binaries
if: matrix.runs-on == 'macos-latest' && steps.check_secrets.outputs.HAS_SIGNING_SECRET && contains( github.ref, '-rc')
run: |
echo "Signing the binaries"
codesign -f -s "Developer ID Application: Chia Network Inc." --timestamp --options=runtime --entitlements ${{ github.workspace }}/build-scripts/macos/entitlements.mac.plist ${{ github.workspace }}/build-scripts/macos/application/cadt
codesign -f -s "Developer ID Application: Chia Network Inc." --timestamp ${{ github.workspace }}/build-scripts/macos/application/node_sqlite3.node
- name: Build Mac .pkg
if: matrix.runs-on == 'macos-latest'
run: |
# Makes the .pkg in ./build-scripts/macos/target/pkg
echo "Building the .pkg"
bash ${{ github.workspace }}/build-scripts/macos/build-macos.sh CADT
mkdir -p ${{ github.workspace }}/build-scripts/macos/target/ready-to-upload
cp ${{ github.workspace }}/build-scripts/macos/target/pkg/CADT-macos-installer-x64.pkg ${{ github.workspace }}/build-scripts/macos/target/ready-to-upload/CADT-macos-installer-x64.pkg
- name: Notarize Mac .pkg
if: matrix.runs-on == 'macos-latest' && steps.check_secrets.outputs.HAS_SIGNING_SECRET && contains( github.ref, '-rc')
run: |
mkdir -p ${{ github.workspace }}/build-scripts/macos/target/pkg-signed
echo "Signing the .pkg"
productsign --sign "Developer ID Installer: Chia Network Inc." ${{ github.workspace }}/build-scripts/macos/target/pkg/CADT-macos-installer-x64.pkg ${{ github.workspace }}/build-scripts/macos/target/pkg-signed/CADT-macos-installer-x64.pkg
echo "Notarizing the .pkg"
xcrun notarytool submit \
--wait \
--apple-id "${{ secrets.APPLE_NOTARIZE_USERNAME }}" \
--password "${{ secrets.APPLE_NOTARIZE_PASSWORD }}" \
--team-id "${{ secrets.APPLE_TEAM_ID }}" \
"${{ github.workspace }}/build-scripts/macos/target/pkg-signed/CADT-macos-installer-x64.pkg"
rm -f ${{ github.workspace }}/build-scripts/macos/target/ready-to-upload/*
mv ${{ github.workspace }}/build-scripts/macos/target/pkg-signed/CADT-macos-installer-x64.pkg ${{ github.workspace }}/build-scripts/macos/target/ready-to-upload/
- name: Upload Mac Installer
if: matrix.runs-on == 'macos-latest'
uses: actions/upload-artifact@v4
with:
name: cadt-mac-installer
path: ${{ github.workspace }}/build-scripts/macos/target/ready-to-upload
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.artifact-name }}
path: ${{ github.workspace }}/dist
# build-linux-arm64:
# name: Build Linux ARM64 Binaries
# runs-on: ubuntu-latest
# steps:
# - name: Set up QEMU
# uses: docker/setup-qemu-action@v3
# with:
# platforms: arm64
# - uses: Chia-Network/actions/clean-workspace@main
# - name: Checkout Code
# uses: actions/checkout@v4
# - name: Determine npm cache key
# id: npm-cache
# run: |
# CACHE_KEY=node-linux-arm64-$(shasum package.json | awk '{ print $1 }')-$(shasum package-lock.json | awk '{ print $1 }')
# echo "CACHE_KEY=$CACHE_KEY" >> $GITHUB_OUTPUT
# - name: Setup NPM Cache
# uses: actions/cache@v4
# with:
# path: node_modules
# key: ${{ steps.npm-cache.outputs.CACHE_KEY }}
# - name: Build arm 64 dist
# run: |
# mkdir pkgcache
# docker run --rm --platform linux/arm64 -v $(pwd):/app -w /app -e PKG_CACHE_PATH=pkgcache node:20.16 /bin/bash -c "npm pkg delete scripts.prepare && npm install && npm i -g @babel/cli @babel/preset-env pkg && npm run create-linux-arm64-dist"
# - name: Copy sqlite3
# run: |
# sudo cp ./node_modules/sqlite3/build/Release/node_sqlite3.node ./dist/
# - name: Upload artifacts
# uses: actions/upload-artifact@v4
# with:
# name: cadt-linux-arm64
# path: ${{ github.workspace }}/dist
debs:
name: Build ${{ matrix.name }} deb
runs-on: ubuntu-latest
needs:
- build
# - build-linux-arm64
strategy:
matrix:
include:
- name: cadt-linux-x64
platform: amd64
- name: cadt-linux-arm64
platform: arm64
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Download Linux artifacts
uses: actions/download-artifact@v4
with:
name: ${{ matrix.name }}
path: ${{ matrix.name }}
- name: Get tag name
id: tag-name
run: |
echo "TAGNAME=$(echo $GITHUB_REF | cut -d / -f 3)" >> $GITHUB_OUTPUT
- name: Build .deb
env:
CADT_VERSION: ${{ steps.tag-name.outputs.TAGNAME }}
PLATFORM: ${{ matrix.platform }}
run: |
pip install j2cli
CLI_DEB_BASE="cadt_${{ steps.tag-name.outputs.TAGNAME }}-1_${PLATFORM}"
mkdir -p "deb/$CLI_DEB_BASE/opt/cadt"
mkdir -p "deb/$CLI_DEB_BASE/usr/bin"
mkdir -p "deb/$CLI_DEB_BASE/etc/systemd/system"
mkdir -p "deb/$CLI_DEB_BASE/DEBIAN"
j2 -o "deb/$CLI_DEB_BASE/DEBIAN/control" build-scripts/deb/control.j2
cp -r ${{ matrix.name }}/* "deb/$CLI_DEB_BASE/opt/cadt/"
cp build-scripts/deb/[email protected] deb/$CLI_DEB_BASE/etc/systemd/system/[email protected]
chmod +x deb/$CLI_DEB_BASE/opt/cadt/cadt
ln -s ../../opt/cadt/cadt "deb/$CLI_DEB_BASE/usr/bin/cadt"
dpkg-deb --build --root-owner-group "deb/$CLI_DEB_BASE"
- name: Upload deb
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.name }}-deb
path: ${{ github.workspace }}/deb/*.deb
release:
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/')
needs:
- debs
steps:
- name: Download Windows artifacts
uses: actions/download-artifact@v4
with:
name: cadt-windows-x64
path: cadt-windows-x64
- name: Download MacOS artifacts
uses: actions/download-artifact@v4
with:
name: cadt-mac-installer
path: cadt-mac-installer
- name: Download x64 Linux artifacts
uses: actions/download-artifact@v4
with:
name: cadt-linux-x64
path: cadt-linux-x64
- name: Download arm64 Linux artifacts
uses: actions/download-artifact@v4
with:
name: cadt-linux-arm64
path: cadt-linux-arm64
- name: Download Linux x64 deb
uses: actions/download-artifact@v4
with:
name: cadt-linux-x64-deb
path: cadt-linux-x64-deb
- name: Download Linux arm64 deb
uses: actions/download-artifact@v4
with:
name: cadt-linux-arm64-deb
path: cadt-linux-arm64-deb
- name: Get tag name
id: tag-name
run: |
echo "TAGNAME=$(echo $GITHUB_REF | cut -d / -f 3)" >>$GITHUB_OUTPUT
- name: Create zips
run: |
zip -r cadt-windows-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip cadt-windows-x64
zip -r cadt-macos-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip cadt-mac-installer
zip -r cadt-linux-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip cadt-linux-x64
zip -r cadt-linux-arm64-${{ steps.tag-name.outputs.TAGNAME }}.zip cadt-linux-arm64
# RC release should not be set as latest
- name: Decide if release should be set as latest
id: is_latest
shell: bash
run: |
unset IS_LATEST
echo "Github ref is $GITHUB_REF"
if [[ "$GITHUB_REF" =~ "-rc" ]]; then
echo "release candidate tag matched"
IS_LATEST='false'
IS_PRERELEASE='true'
else
echo "main branch release matched"
IS_LATEST='true'
IS_PRERELEASE='false'
fi
echo "IS_LATEST=${IS_LATEST}" >> "$GITHUB_OUTPUT"
echo "IS_PRERELEASE=${IS_PRERELEASE}" >> "$GITHUB_OUTPUT"
- name: Release
uses: softprops/action-gh-release@v2
with:
prerelease: ${{steps.is_latest.outputs.IS_PRERELEASE}}
make_latest: "${{steps.is_latest.outputs.IS_LATEST}}"
files: |
cadt-windows-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip
cadt-macos-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip
cadt-linux-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip
cadt-linux-arm64-${{ steps.tag-name.outputs.TAGNAME }}.zip
cadt-linux-x64-deb/*.deb
cadt-linux-arm64-deb/*.deb
- name: Trigger apt repo update
if: startsWith(github.ref, 'refs/tags/') && !contains( github.ref, '-rc')
uses: Chia-Network/actions/github/glue@main
with:
json_data: '{"cadt_repo":"cadt","release_version":"${{ steps.tag-name.outputs.TAGNAME }}"}'
glue_url: ${{ secrets.GLUE_API_URL }}
glue_project: "cadt"
glue_path: "trigger"