From 9d1841f13b27df2f3f8684b07ecf7473c16144c0 Mon Sep 17 00:00:00 2001 From: antondlr Date: Thu, 20 Jun 2024 13:19:46 +0200 Subject: [PATCH 1/8] build docker --- .github/workflows/docker.yml | 37 +++--------------------------------- 1 file changed, 3 insertions(+), 34 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index b600fe2e..328c3dfd 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -5,6 +5,7 @@ on: branches: - unstable - stable + - fix-workflows tags: - v* @@ -41,32 +42,6 @@ jobs: outputs: VERSION: ${{ env.VERSION }} VERSION_SUFFIX: ${{ env.VERSION_SUFFIX }} - build-html: - name: build html - runs-on: ubuntu-22.04 - needs: [extract-version] - steps: - - name: Checkout sources - uses: actions/checkout@v4 - - name: Use node 18 - uses: actions/setup-node@v4 - with: - node-version: 18 - cache: 'yarn' - - name: Install dependencies - env: - NODE_ENV: development - run: | - yarn - - name: Build Siren - env: - NODE_ENV: production - run: yarn build - - name: Upload artifact - uses: actions/upload-artifact@v3 - with: - name: html - path: build/ build-docker-single-arch: name: build-docker-${{ matrix.binary }} @@ -75,7 +50,7 @@ jobs: matrix: binary: [aarch64, x86_64] - needs: [extract-version, build-html] + needs: [extract-version] env: # We need to enable experimental docker features in order to use `docker buildx` DOCKER_CLI_EXPERIMENTAL: enabled @@ -93,18 +68,12 @@ jobs: - name: Map x86_64 to amd64 short arch if: startsWith(matrix.binary, 'x86_64') run: echo "SHORT_ARCH=amd64" >> $GITHUB_ENV; - - name: Download artifacts - uses: actions/download-artifact@v3 - with: - name: html - path: html/ - name: Build Dockerfile and push run: | docker buildx build \ --platform=linux/${SHORT_ARCH} \ - --file ./Dockerfile.release . \ + --file ./Dockerfile . \ --tag ${IMAGE_NAME}:${VERSION}-${SHORT_ARCH}${VERSION_SUFFIX} \ - --provenance=false \ --push build-docker-multiarch: From 5043ddc222653f439d3e5946a1e4cdb22b419011 Mon Sep 17 00:00:00 2001 From: antondlr Date: Thu, 20 Jun 2024 13:23:05 +0200 Subject: [PATCH 2/8] temp fix tags --- .github/workflows/docker.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 328c3dfd..3a0b6151 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -34,6 +34,11 @@ jobs: run: | echo "VERSION=latest" >> $GITHUB_ENV echo "VERSION_SUFFIX=-unstable" >> $GITHUB_ENV + - name: Extract version (if fix-workflows) + if: github.event.ref == 'refs/heads/fix-workflows' + run: | + echo "VERSION=latest" >> $GITHUB_ENV + echo "VERSION_SUFFIX=-wip" >> $GITHUB_ENV - name: Extract version (if tagged release) if: startsWith(github.event.ref, 'refs/tags') run: | From b18f1774d4f78e7990aa32874c83ad76debd2152 Mon Sep 17 00:00:00 2001 From: antondlr Date: Sat, 22 Jun 2024 06:53:23 +0200 Subject: [PATCH 3/8] revert --- .github/workflows/docker.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 3a0b6151..76eaab3f 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -5,7 +5,6 @@ on: branches: - unstable - stable - - fix-workflows tags: - v* @@ -34,11 +33,6 @@ jobs: run: | echo "VERSION=latest" >> $GITHUB_ENV echo "VERSION_SUFFIX=-unstable" >> $GITHUB_ENV - - name: Extract version (if fix-workflows) - if: github.event.ref == 'refs/heads/fix-workflows' - run: | - echo "VERSION=latest" >> $GITHUB_ENV - echo "VERSION_SUFFIX=-wip" >> $GITHUB_ENV - name: Extract version (if tagged release) if: startsWith(github.event.ref, 'refs/tags') run: | From 1cbc8bebba51c077c412ddcadf71115ab94a4843 Mon Sep 17 00:00:00 2001 From: antondlr Date: Sat, 22 Jun 2024 06:54:04 +0200 Subject: [PATCH 4/8] trim down the release workflow --- .github/workflows/release.yml | 137 ++-------------------------------- 1 file changed, 6 insertions(+), 131 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 278fc87a..be66484c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,7 +7,9 @@ on: env: REPO_NAME: ${{ github.repository_owner }}/siren - IMAGE_NAME: sigmaprime/siren + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + IMAGE_NAME: ${{ secrets.DOCKER_USERNAME }}/siren jobs: extract-version: @@ -22,118 +24,10 @@ jobs: id: extract_version outputs: VERSION: ${{ steps.extract_version.outputs.VERSION }} - build: - name: Build Release - strategy: - matrix: - arch: [ - aarch64-unknown-linux-gnu, - x86_64-unknown-linux-gnu, - # Requires apple signature secrets - # x86_64-apple-darwin, - x86_64-windows, - ] - include: - - arch: aarch64-unknown-linux-gnu - platform: ubuntu-latest - - arch: x86_64-unknown-linux-gnu - platform: ubuntu-latest - # Requires apple signature secrets - #- arch: x86_64-apple-darwin - # platform: macos-latest - - arch: x86_64-windows - platform: windows-2019 - - runs-on: ${{ matrix.platform }} - needs: extract-version - steps: - - name: Checkout sources - uses: actions/checkout@v4 - - name: Use node 18 - uses: actions/setup-node@v4 - with: - node-version: 18 - - name: Configure Yarn Timeout - run: yarn config set network-timeout 300000 - - # ============================== - # Windows & Mac dependencies - # ============================== - - # ============================== - # Builds - # ============================== - - name: Build Siren - run: make release - - - name: Move unsigned packages (*nix) - if: startsWith(matrix.arch, 'x86_64-windows') != true - run: | - mv out/make/zip/*/*/*.zip ./siren-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.arch }}.zip - - - name: Move unsigned packages (windows) - if: startsWith(matrix.arch, 'x86_64-windows') - run: | - move out/make/zip/*/*/*.zip ./siren-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.arch }}.zip - - # ======================================================================= - # Upload artifacts - # This is required to share artifacts between different jobs - # ======================================================================= - - - name: Upload artifact - uses: actions/upload-artifact@v3 - with: - name: siren-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.arch }}.zip - path: ./siren-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.arch }}.zip - - sign: - name: Sign Release - runs-on: ubuntu-latest - needs: [extract-version, build] - strategy: - matrix: - arch: [ - aarch64-unknown-linux-gnu, - x86_64-unknown-linux-gnu, - # Requires apple signature secrets - # x86_64-apple-darwin, - x86_64-windows, - ] - steps: - - name: Download artifact - uses: actions/download-artifact@v3 - with: - name: siren-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.arch }}.zip - - - name: Move artifacts - run: | - mkdir artifacts - #find siren-*/ -type f -name "*.zip" -exec mv {} artifacts/ \; - mv siren-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.arch }}.zip artifacts/ - ls -hal artifacts - - name: Configure GPG and create artifacts - env: - GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} - GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - run: | - export GPG_TTY=$(tty) - echo "$GPG_SIGNING_KEY" | gpg --batch --import - #for file in $(ls artifacts); do - # echo "$GPG_PASSPHRASE" | gpg --passphrase-fd 0 --pinentry-mode loopback --batch -ab artifacts/$file ; - #done - echo "$GPG_PASSPHRASE" | gpg --passphrase-fd 0 --pinentry-mode loopback --batch -ab artifacts/siren-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.arch }}.zip - ls -hal artifacts - - - name: Upload signature (${{ matrix.arch }}) - uses: actions/upload-artifact@v3 - with: - name: siren-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.arch }}.zip.asc - path: ./siren-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.arch }}.zip.asc draft-release: name: Draft Release - needs: [build, extract-version] + needs: [extract-version] runs-on: ubuntu-latest env: VERSION: ${{ needs.extract-version.outputs.VERSION }} @@ -144,13 +38,6 @@ jobs: with: fetch-depth: 0 - # ============================== - # Download artifacts - # ============================== - - - name: Download artifacts - uses: actions/download-artifact@v3 - # ============================== # Create release draft # ============================== @@ -195,21 +82,9 @@ jobs: ${{ steps.changelog.outputs.CHANGELOG }} - ## Binaries - - [See pre-built binaries documentation.](https://lighthouse-book.sigmaprime.io/installation-binaries.html) - - The binaries are signed with Sigma Prime's PGP key: `15E66D941F697E28F49381F426416DC3F30674B0` + ## Docker Hub + https://hub.docker.com/r/${{ DOCKER_USERNAME }}/siren/tags - | System | Architecture | Binary | PGP Signature | - |:---:|:---:|:---:|:---| - | | x86_64 | [siren-${{ env.VERSION }}-x86_64-apple-darwin.zip](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/siren-${{ env.VERSION }}-x86_64-apple-darwin.zip) | [PGP Signature](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/siren-${{ env.VERSION }}-x86_64-apple-darwin.zip.asc) | - | | x86_64 | [siren-${{ env.VERSION }}-x86_64-unknown-linux-gnu.zip](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/siren-${{ env.VERSION }}-x86_64-unknown-linux-gnu.zip) | [PGP Signature](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/siren-${{ env.VERSION }}-x86_64-unknown-linux-gnu.zip.asc) | - | | aarch64 | [siren-${{ env.VERSION }}-aarch64-unknown-linux-gnu.zip](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/siren-${{ env.VERSION }}-aarch64-unknown-linux-gnu.zip) | [PGP Signature](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/siren-${{ env.VERSION }}-aarch64-unknown-linux-gnu.zip.asc) | - | | x86_64 | [siren-${{ env.VERSION }}-x86_64-windows.zip](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/siren-${{ env.VERSION }}-x86_64-windows.zip) | [PGP Signature](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/siren-${{ env.VERSION }}-x86_64-windows.zip.asc) | - | | | | | - | **System** | **Option** | - | **Resource** | - | | Docker | [${{ env.VERSION }}](https://hub.docker.com/r/${{ env.IMAGE_NAME }}/tags?page=1&ordering=last_updated&name=${{ env.VERSION }}) | [${{ env.IMAGE_NAME }}](https://hub.docker.com/r/${{ env.IMAGE_NAME }}) | ENDBODY ) assets=() From 3e4ffe891b3d84ed4a0f327a3be4bf843cdf71fe Mon Sep 17 00:00:00 2001 From: antondlr Date: Mon, 24 Jun 2024 09:48:37 +0200 Subject: [PATCH 5/8] correctly use env var --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index be66484c..8bc047d6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -83,7 +83,7 @@ jobs: ${{ steps.changelog.outputs.CHANGELOG }} ## Docker Hub - https://hub.docker.com/r/${{ DOCKER_USERNAME }}/siren/tags + https://hub.docker.com/r/${{ env.DOCKER_USERNAME }}/siren/tags ENDBODY ) From 4fa36a1b46851992b6fdec3c746e49cddfbbe40f Mon Sep 17 00:00:00 2001 From: antondlr Date: Mon, 24 Jun 2024 09:52:16 +0200 Subject: [PATCH 6/8] how did that get there in the first place? --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8bc047d6..0fef24ed 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -92,4 +92,4 @@ jobs: assets+=("-a" "$asset/$asset") done tag_name="${{ env.VERSION }}" - echo "$body" | hub release create --draft "${assets[@]}" -F "-" "$tag_name" + echo "$body" | gh release create --draft "${assets[@]}" -F "-" "$tag_name" From 9e0846311998887626733e05669501c52e7de836 Mon Sep 17 00:00:00 2001 From: antondlr Date: Mon, 24 Jun 2024 09:56:51 +0200 Subject: [PATCH 7/8] no assets for siren releases --- .github/workflows/release.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0fef24ed..578e1397 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -87,9 +87,5 @@ jobs: ENDBODY ) - assets=() - for asset in ./siren-*.zip*; do - assets+=("-a" "$asset/$asset") - done tag_name="${{ env.VERSION }}" - echo "$body" | gh release create --draft "${assets[@]}" -F "-" "$tag_name" + echo "$body" | gh release create --draft -F "-" "$tag_name" From a63fc99da6a7e731116bd713603d5bb008b27cde Mon Sep 17 00:00:00 2001 From: antondlr Date: Mon, 24 Jun 2024 10:24:04 +0200 Subject: [PATCH 8/8] filter for on docker hub link --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 578e1397..a131f22f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -83,7 +83,7 @@ jobs: ${{ steps.changelog.outputs.CHANGELOG }} ## Docker Hub - https://hub.docker.com/r/${{ env.DOCKER_USERNAME }}/siren/tags + https://hub.docker.com/r/${{ env.DOCKER_USERNAME }}/siren/tags?name=${{ env.VERSION }} ENDBODY )