Skip to content

Commit

Permalink
Merge branch 'master' into pkhry/silent-deprecation-attr
Browse files Browse the repository at this point in the history
  • Loading branch information
pkhry authored Dec 4, 2024
2 parents 5f9a1df + 5ca7267 commit 377981c
Show file tree
Hide file tree
Showing 181 changed files with 2,669 additions and 632 deletions.
47 changes: 35 additions & 12 deletions .github/scripts/common/lib.sh
Original file line number Diff line number Diff line change
Expand Up @@ -270,20 +270,19 @@ fetch_debian_package_from_s3() {
}

# Fetch the release artifacts like binary and signatures from S3. Assumes the ENV are set:
# - RELEASE_ID
# - GITHUB_TOKEN
# - REPO in the form paritytech/polkadot
# inputs: binary (polkadot), target(aarch64-apple-darwin)
fetch_release_artifacts_from_s3() {
BINARY=$1
OUTPUT_DIR=${OUTPUT_DIR:-"./release-artifacts/${BINARY}"}
TARGET=$2
OUTPUT_DIR=${OUTPUT_DIR:-"./release-artifacts/${TARGET}/${BINARY}"}
echo "OUTPUT_DIR : $OUTPUT_DIR"

URL_BASE=$(get_s3_url_base $BINARY)
echo "URL_BASE=$URL_BASE"

URL_BINARY=$URL_BASE/$VERSION/$BINARY
URL_SHA=$URL_BASE/$VERSION/$BINARY.sha256
URL_ASC=$URL_BASE/$VERSION/$BINARY.asc
URL_BINARY=$URL_BASE/$VERSION/$TARGET/$BINARY
URL_SHA=$URL_BASE/$VERSION/$TARGET/$BINARY.sha256
URL_ASC=$URL_BASE/$VERSION/$TARGET/$BINARY.asc

# Fetch artifacts
mkdir -p "$OUTPUT_DIR"
Expand All @@ -298,23 +297,34 @@ fetch_release_artifacts_from_s3() {
pwd
ls -al --color
popd > /dev/null

unset OUTPUT_DIR
}

# Pass the name of the binary as input, it will
# return the s3 base url
function get_s3_url_base() {
name=$1
case $name in
polkadot | polkadot-execute-worker | polkadot-prepare-worker | staking-miner)
polkadot | polkadot-execute-worker | polkadot-prepare-worker )
printf "https://releases.parity.io/polkadot"
;;

polkadot-parachain)
printf "https://releases.parity.io/cumulus"
polkadot-parachain)
printf "https://releases.parity.io/polkadot-parachain"
;;

polkadot-omni-node)
printf "https://releases.parity.io/polkadot-omni-node"
;;

*)
chain-spec-builder)
printf "https://releases.parity.io/chain-spec-builder"
;;

frame-omni-bencher)
printf "https://releases.parity.io/frame-omni-bencher"
;;
*)
printf "UNSUPPORTED BINARY $name"
exit 1
;;
Expand Down Expand Up @@ -497,3 +507,16 @@ validate_stable_tag() {
exit 1
fi
}

# Prepare docker stable tag form the polkadot stable tag
# input: tag (polkaodot-stableYYMM(-X) or polkadot-stableYYMM(-X)-rcX)
# output: stableYYMM(-X) or stableYYMM(-X)-rcX
prepare_docker_stable_tag() {
tag="$1"
if [[ "$tag" =~ stable[0-9]{4}(-[0-9]+)?(-rc[0-9]+)? ]]; then
echo "${BASH_REMATCH[0]}"
else
echo "Tag is invalid: $tag"
exit 1
fi
}
66 changes: 61 additions & 5 deletions .github/scripts/release/release_lib.sh
Original file line number Diff line number Diff line change
Expand Up @@ -129,13 +129,69 @@ upload_s3_release() {
echo "Working on version: $version "
echo "Working on platform: $target "

URL_BASE=$(get_s3_url_base $product)

echo "Current content, should be empty on new uploads:"
aws s3 ls "s3://releases.parity.io/${product}/${version}/${target}" --recursive --human-readable --summarize || true
aws s3 ls "s3://${URL_BASE}/${version}/${target}" --recursive --human-readable --summarize || true
echo "Content to be uploaded:"
artifacts="artifacts/$product/"
artifacts="release-artifacts/$target/$product/"
ls "$artifacts"
aws s3 sync --acl public-read "$artifacts" "s3://releases.parity.io/${product}/${version}/${target}"
aws s3 sync --acl public-read "$artifacts" "s3://${URL_BASE}/${version}/${target}"
echo "Uploaded files:"
aws s3 ls "s3://releases.parity.io/${product}/${version}/${target}" --recursive --human-readable --summarize
echo "✅ The release should be at https://releases.parity.io/${product}/${version}/${target}"
aws s3 ls "s3://${URL_BASE}/${version}/${target}" --recursive --human-readable --summarize
echo "✅ The release should be at https://${URL_BASE}/${version}/${target}"
}

# Upload runtimes artifacts to s3 release bucket
#
# input: version (stable release tage.g. polkadot-stable2412 or polkadot-stable2412-rc1)
# output: none
upload_s3_runtimes_release_artifacts() {
alias aws='podman run --rm -it docker.io/paritytech/awscli -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_BUCKET aws'

version=$1

echo "Working on version: $version "

echo "Current content, should be empty on new uploads:"
aws s3 ls "s3://releases.parity.io/polkadot/runtimes/${version}/" --recursive --human-readable --summarize || true
echo "Content to be uploaded:"
artifacts="artifacts/runtimes/"
ls "$artifacts"
aws s3 sync --acl public-read "$artifacts" "s3://releases.parity.io/polkadot/runtimes/${version}/"
echo "Uploaded files:"
aws s3 ls "s3://releases.parity.io/polkadot/runtimes/${version}/" --recursive --human-readable --summarize
echo "✅ The release should be at https://releases.parity.io/polkadot/runtimes/${version}"
}


# Pass the name of the binary as input, it will
# return the s3 base url
function get_s3_url_base() {
name=$1
case $name in
polkadot | polkadot-execute-worker | polkadot-prepare-worker )
printf "releases.parity.io/polkadot"
;;

polkadot-parachain)
printf "releases.parity.io/polkadot-parachain"
;;

polkadot-omni-node)
printf "releases.parity.io/polkadot-omni-node"
;;

chain-spec-builder)
printf "releases.parity.io/chain-spec-builder"
;;

frame-omni-bencher)
printf "releases.parity.io/frame-omni-bencher"
;;
*)
printf "UNSUPPORTED BINARY $name"
exit 1
;;
esac
}
4 changes: 2 additions & 2 deletions .github/workflows/check-semver.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ concurrency:
cancel-in-progress: true

env:
TOOLCHAIN: nightly-2024-10-19
TOOLCHAIN: nightly-2024-11-19

jobs:
preflight:
Expand Down Expand Up @@ -74,7 +74,7 @@ jobs:
- name: install parity-publish
# Set the target dir to cache the build.
run: CARGO_TARGET_DIR=./target/ cargo install [email protected].1 --locked -q
run: CARGO_TARGET_DIR=./target/ cargo install [email protected].2 --locked -q

- name: check semver
run: |
Expand Down
48 changes: 48 additions & 0 deletions .github/workflows/publish-check-compile.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
name: Check publish build

on:
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
merge_group:

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true

jobs:
preflight:
uses: ./.github/workflows/reusable-preflight.yml

check-publish:
timeout-minutes: 90
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7

- name: Rust Cache
uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5
with:
cache-on-failure: true

- name: install parity-publish
run: cargo install [email protected] --locked -q

- name: parity-publish update plan
run: parity-publish --color always plan --skip-check --prdoc prdoc/

- name: parity-publish apply plan
run: parity-publish --color always apply --registry

- name: parity-publish check compile
run: |
packages="$(parity-publish apply --print)"
if [ -n "$packages" ]; then
cargo --color always check $(printf -- '-p %s ' $packages)
fi
2 changes: 1 addition & 1 deletion .github/workflows/publish-check-crates.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
cache-on-failure: true

- name: install parity-publish
run: cargo install parity-publish@0.8.0 --locked -q
run: cargo install parity-publish@0.10.2 --locked -q

- name: parity-publish check
run: parity-publish --color always check --allow-unpublished
2 changes: 1 addition & 1 deletion .github/workflows/publish-claim-crates.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
cache-on-failure: true

- name: install parity-publish
run: cargo install parity-publish@0.8.0 --locked -q
run: cargo install parity-publish@0.10.2 --locked -q

- name: parity-publish claim
env:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,12 @@ on:
- polkadot
- polkadot-parachain
- polkadot-omni-node
- frame-omni-bencher
- chain-spec-builder
- all

release_tag:
description: Tag matching the actual release candidate with the format stableYYMM-rcX or stableYYMM
description: Tag matching the actual release candidate with the format polkadot-stableYYMM(-X)-rcX or polkadot-stableYYMM(-X)
type: string

jobs:
Expand Down Expand Up @@ -106,6 +108,50 @@ jobs:
attestations: write
contents: read

build-frame-omni-bencher-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'frame-omni-bencher' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["frame-omni-bencher"]'
package: "frame-omni-bencher"
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: x86_64-unknown-linux-gnu
secrets:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
permissions:
id-token: write
attestations: write
contents: read

build-chain-spec-builder-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'chain-spec-builder' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["chain-spec-builder"]'
package: staging-chain-spec-builder
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: x86_64-unknown-linux-gnu
secrets:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
permissions:
id-token: write
attestations: write
contents: read

build-polkadot-macos-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'polkadot' || inputs.binary == 'all' }}
Expand Down Expand Up @@ -134,7 +180,7 @@ jobs:
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["polkadot-parachain"]'
package: "polkadot-parachain-bin"
package: polkadot-parachain-bin
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: aarch64-apple-darwin
secrets:
Expand All @@ -156,7 +202,51 @@ jobs:
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["polkadot-omni-node"]'
package: "polkadot-omni-node"
package: polkadot-omni-node
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: aarch64-apple-darwin
secrets:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
permissions:
id-token: write
attestations: write
contents: read

build-frame-omni-bencher-macos-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'frame-omni-bencher' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["frame-omni-bencher"]'
package: frame-omni-bencher
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: aarch64-apple-darwin
secrets:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
permissions:
id-token: write
attestations: write
contents: read

build-chain-spec-builder-macos-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'chain-spec-builder' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-buid.yml"
with:
binary: '["chain-spec-builder"]'
package: staging-chain-spec-builder
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: aarch64-apple-darwin
secrets:
Expand Down
Loading

0 comments on commit 377981c

Please sign in to comment.