Merge pull request #135 from Chia-Network/jinjanator #280
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Binaries | |
| on: | |
| push: | |
| tags: | |
| - '**' | |
| pull_request: | |
| branches: | |
| - '**' | |
| concurrency: | |
| group: ${{ github.ref }}-${{ github.workflow }}-${{ github.event_name }} | |
| cancel-in-progress: true | |
| permissions: | |
| id-token: write | |
| contents: write | |
| env: | |
| APP_NAME: core-registry-api | |
| jobs: | |
| build: | |
| name: Build Binaries | |
| runs-on: ${{ matrix.runs-on }} | |
| strategy: | |
| matrix: | |
| include: | |
| - runs-on: ubuntu-latest | |
| artifact-name: core-registry-api-linux-x64 | |
| build-command: npm run create-linux-x64-dist | |
| os: linux | |
| arch: x64 | |
| - runs-on: [ubuntu-22.04-arm] | |
| artifact-name: core-registry-api-linux-arm64 | |
| build-command: npm run create-linux-arm64-dist | |
| os: linux | |
| arch: arm64 | |
| # - runs-on: macos-latest | |
| # artifact-name: core-registry-api-macos-x64 | |
| # build-command: npm run create-mac-x64-dist | |
| # os: macos | |
| # arch: x64 | |
| - runs-on: windows-2019 | |
| artifact-name: core-registry-api-windows-x64 | |
| build-command: npm run create-win-x64-dist | |
| os: windows | |
| arch: x64 | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node 20.16 | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20.16' | |
| - name: Create apps directory | |
| run: mkdir -p apps | |
| # Install wget on Windows | |
| - name: Install wget on Windows | |
| if: matrix.runs-on == 'windows-2019' | |
| run: choco install wget -y --no-progress | |
| # Install jq on Linux if not already installed | |
| - name: Install jq on Linux | |
| if: matrix.os == 'linux' | |
| run: command -v jq >/dev/null 2>&1 || { apt-get -y install jq; } | |
| - name: Download executables and create apps.json file | |
| shell: bash | |
| env: | |
| OS: ${{ matrix.os }} | |
| ARCH: ${{ matrix.arch }} | |
| run: | | |
| set -x | |
| # Start creating apps.json file | |
| echo "Creating temporary json file" | |
| echo '{}' | jq . > tmp.json | |
| echo "Here's the first jq function" | |
| jq -r '. | keys[]' < app-builds.json | |
| # Create bash array | |
| apps=() | |
| while IFS= read -r line; do | |
| line="${line/$'\r'/}" | |
| echo "Adding $line to array" | |
| apps+=( "$line" ) | |
| done < <(jq -r '. | keys[]' < app-builds.json) | |
| echo "apps array created" | |
| printf "'%s'\n" "${apps[@]}" | |
| for APP in "${apps[@]}"; do | |
| echo "Running loop for ${APP}" | |
| # Extract file info from json file | |
| APPNAME=$(jq -r --arg jsonKey ${APP} '.[$jsonKey].name' < app-builds.json) | |
| echo "APPNAME is ${APPNAME}" | |
| VERSION=$(jq -r '."'"${APP}"'".version' < app-builds.json) | |
| echo "VERSION is ${VERSION}" | |
| REPO=$(jq -r '."'"${APP}"'".repo' < app-builds.json) | |
| echo "REPO is ${APPNAME}" | |
| FORMAT=$(jq -r '."'"${APP}"'".filename_format' < app-builds.json) | |
| FILENAME=$(eval echo "${FORMAT}") | |
| URL="${REPO}releases/download/${VERSION}/${FILENAME}" | |
| echo "URL is ${URL}" | |
| # Work in apps directory | |
| pushd apps || exit | |
| wget --no-verbose "${URL}" | |
| unzip "${FILENAME}" | |
| rm -v "${FILENAME}" | |
| FOLDER=$(jq -r '."'"${APP}"'".folder' < ../app-builds.json) | |
| echo "Unprocessed folder name: ${FOLDER}" | |
| if [ "${FOLDER}" != "null" ] | |
| then | |
| echo "Moving out of subfolder" | |
| FOLDER=$(eval echo ${FOLDER}) | |
| echo "Folder name: ${FOLDER}" | |
| mv -v "${FOLDER}"/* ./ | |
| rm -rvf "${FOLDER}" | |
| fi | |
| EXECUTABLE=$(ls "${APP}"*) | |
| echo "Executable name: ${EXECUTABLE}" | |
| jq '. + { "'${APPNAME}'": "'${EXECUTABLE}'" }' ../tmp.json > ../newtmp.json | |
| mv ../newtmp.json ../tmp.json | |
| popd || exit | |
| done | |
| mv -v tmp.json apps.json | |
| jq < apps.json | |
| - name: install global packages | |
| run: npm i -g pkg | |
| - name: Change the package.json version if an RC tag | |
| shell: bash | |
| if: startsWith(github.ref, 'refs/tags/') && contains( github.ref, '-rc') | |
| run: | | |
| echo "Github ref: $GITHUB_REF" | |
| IFS='/' read -r base directory tag <<< "$GITHUB_REF" | |
| echo "Extracted tag is $tag" | |
| jq ".version = \"${tag}\"" package.json > package.tmp | |
| mv package.tmp package.json | |
| - name: npm install | |
| run: | | |
| node --version | |
| npm install | |
| - name: create distributions | |
| run: ${{ matrix.build-command }} | |
| - name: Make executable | |
| shell: bash | |
| run: | | |
| chmod -v +x dist/${APP_NAME}* | |
| - name: Move /apps folder to /dist folder | |
| run: mv -v apps dist/ | |
| - name: Test for secrets access | |
| id: check_secrets | |
| shell: bash | |
| run: | | |
| unset HAS_SIGNING_SECRET | |
| if [ -n "$SIGNING_SECRET" ]; then HAS_SIGNING_SECRET='true' ; fi | |
| echo "HAS_SIGNING_SECRET=${HAS_SIGNING_SECRET}" >> "$GITHUB_OUTPUT" | |
| env: | |
| SIGNING_SECRET: "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | |
| # Windows Code Signing | |
| - name: Sign windows artifacts | |
| if: matrix.runs-on == 'windows-2019' && steps.check_secrets.outputs.HAS_SIGNING_SECRET | |
| uses: chia-network/actions/digicert/windows-sign@main | |
| with: | |
| sm_api_key: ${{ secrets.SM_API_KEY }} | |
| sm_client_cert_file_b64: ${{ secrets.SM_CLIENT_CERT_FILE_B64 }} | |
| sm_client_cert_password: ${{ secrets.SM_CLIENT_CERT_PASSWORD }} | |
| sm_code_signing_cert_sha1_hash: ${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }} | |
| file: ${{ github.workspace }}/dist/${{ env.APP_NAME }}.exe | |
| # Mac .pkg build + sign | |
| - name: Import Apple installer signing certificate | |
| if: matrix.runs-on == 'macos-latest' && steps.check_secrets.outputs.HAS_SIGNING_SECRET && startsWith(github.ref, 'refs/tags/') | |
| uses: Apple-Actions/import-codesign-certs@v3 | |
| with: | |
| keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }} | |
| p12-file-base64: ${{ secrets.APPLE_DEV_ID_INSTALLER }} | |
| p12-password: ${{ secrets.APPLE_DEV_ID_INSTALLER_PASS }} | |
| - name: Import Apple Application signing certificate | |
| if: matrix.runs-on == 'macos-latest' && steps.check_secrets.outputs.HAS_SIGNING_SECRET && startsWith(github.ref, 'refs/tags/') | |
| uses: Apple-Actions/import-codesign-certs@v3 | |
| with: | |
| create-keychain: false # Created when importing the first cert | |
| keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }} | |
| p12-file-base64: ${{ secrets.APPLE_DEV_ID_APP }} | |
| p12-password: ${{ secrets.APPLE_DEV_ID_APP_PASS }} | |
| - name: Prep Build of Mac .pkg | |
| if: matrix.runs-on == 'macos-latest' | |
| run: | | |
| rm -rf ${{ github.workspace }}/build-scripts/macos/darwin/application || true | |
| cp -r ${{ github.workspace }}/dist ${{ github.workspace }}/build-scripts/macos/application | |
| - name: Sign Mac binaries | |
| if: matrix.runs-on == 'macos-latest' && steps.check_secrets.outputs.HAS_SIGNING_SECRET && startsWith(github.ref, 'refs/tags/') | |
| run: | | |
| echo "Signing the binaries" | |
| codesign -f -s "Developer ID Application: Chia Network Inc." --timestamp --options=runtime --entitlements ${{ github.workspace }}/build-scripts/macos/entitlements.mac.plist ${{ github.workspace }}/build-scripts/macos/application/$APP_NAME | |
| - name: Build Mac .pkg | |
| if: matrix.runs-on == 'macos-latest' | |
| run: | | |
| # Makes the .pkg in ./build-scripts/macos/target/pkg | |
| echo "Building the .pkg" | |
| bash ${{ github.workspace }}/build-scripts/macos/build-macos.sh ${APP_NAME} | |
| mkdir -p ${{ github.workspace }}/build-scripts/macos/target/ready-to-upload | |
| cp ${{ github.workspace }}/build-scripts/macos/target/pkg/${APP_NAME}-macos-installer-x64.pkg ${{ github.workspace }}/build-scripts/macos/target/ready-to-upload/${APP_NAME}-macos-installer-x64.pkg | |
| - name: Notarize Mac .pkg | |
| if: matrix.runs-on == 'macos-latest' && steps.check_secrets.outputs.HAS_SIGNING_SECRET && startsWith(github.ref, 'refs/tags/') | |
| run: | | |
| mkdir -p ${{ github.workspace }}/build-scripts/macos/target/pkg-signed | |
| echo "Signing the .pkg" | |
| productsign --sign "Developer ID Installer: Chia Network Inc." ${{ github.workspace }}/build-scripts/macos/target/pkg/${APP_NAME}-macos-installer-x64.pkg ${{ github.workspace }}/build-scripts/macos/target/pkg-signed/${APP_NAME}-macos-installer-x64.pkg | |
| echo "Notarizing the .pkg" | |
| npm install -g notarize-cli | |
| notarize-cli \ | |
| --file=${{ github.workspace }}/build-scripts/macos/target/pkg-signed/${APP_NAME}-macos-installer-x64.pkg \ | |
| --bundle-id net.chia.${APP_NAME} \ | |
| --username "${{ secrets.APPLE_NOTARIZE_USERNAME }}" \ | |
| --password "${{ secrets.APPLE_NOTARIZE_PASSWORD }}" | |
| rm -f ${{ github.workspace }}/build-scripts/macos/target/ready-to-upload/* | |
| mv ${{ github.workspace }}/build-scripts/macos/target/pkg-signed/${APP_NAME}-macos-installer-x64.pkg ${{ github.workspace }}/build-scripts/macos/target/ready-to-upload/ | |
| - name: Upload Mac Installer | |
| if: matrix.runs-on == 'macos-latest' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.APP_NAME }}-mac-installer | |
| path: ${{ github.workspace }}/build-scripts/macos/target/ready-to-upload | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.artifact-name }} | |
| path: ${{ github.workspace }}/dist | |
| debs: | |
| name: Build ${{ matrix.name }} deb | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| strategy: | |
| matrix: | |
| include: | |
| - name: core-registry-api-linux-x64 | |
| platform: amd64 | |
| - name: core-registry-api-linux-arm64 | |
| platform: arm64 | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Download Linux artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ matrix.name }} | |
| path: ${{ matrix.name }} | |
| - name: Get tag name | |
| id: tag-name | |
| run: | | |
| echo "TAGNAME=$(echo $GITHUB_REF | cut -d / -f 3)" >> $GITHUB_OUTPUT | |
| - name: Build .deb | |
| env: | |
| PLATFORM: ${{ matrix.platform }} | |
| VERSION: ${{ steps.tag-name.outputs.TAGNAME }} | |
| DESCRIPTION: "Core Registry API" | |
| HOMEPAGE: "https://github.com/Chia-Network/core-registry-api/" | |
| run: | | |
| set -x | |
| pip install jinjanator | |
| CLI_DEB_BASE="${APP_NAME}_${{ steps.tag-name.outputs.TAGNAME }}-1_${PLATFORM}" | |
| mkdir -p "deb/$CLI_DEB_BASE/opt/${APP_NAME}" | |
| mkdir -p "deb/$CLI_DEB_BASE/usr/bin" | |
| mkdir -p "deb/$CLI_DEB_BASE/etc/systemd/system" | |
| mkdir -p "deb/$CLI_DEB_BASE/DEBIAN" | |
| jinjanate -o "deb/$CLI_DEB_BASE/DEBIAN/control" build-scripts/deb/control.j2 | |
| cp -r ${{ matrix.name }}/* "deb/$CLI_DEB_BASE/opt/${APP_NAME}/" | |
| cp build-scripts/deb/systemd@.service deb/$CLI_DEB_BASE/etc/systemd/system/${APP_NAME}@.service | |
| chmod +x deb/$CLI_DEB_BASE/opt/${APP_NAME}/${APP_NAME} | |
| chmod +x deb/$CLI_DEB_BASE/opt/${APP_NAME}/apps/climate-* | |
| chmod +x deb/$CLI_DEB_BASE/opt/${APP_NAME}/apps/core-* | |
| ln -s ../../opt/${APP_NAME}/${APP_NAME} "deb/$CLI_DEB_BASE/usr/bin/${APP_NAME}" | |
| dpkg-deb --build --root-owner-group "deb/$CLI_DEB_BASE" | |
| - name: Upload deb | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.name }}-deb | |
| path: ${{ github.workspace }}/deb/*.deb | |
| release: | |
| runs-on: ubuntu-latest | |
| if: startsWith(github.ref, 'refs/tags/') | |
| needs: | |
| - debs | |
| - build | |
| steps: | |
| - name: Download Windows artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ env.APP_NAME }}-windows-x64 | |
| path: ${{ env.APP_NAME }}-windows-x64 | |
| # - name: Download MacOS installer artifacts | |
| # uses: actions/download-artifact@v4 | |
| # with: | |
| # name: ${{ env.APP_NAME }}-mac-installer | |
| # path: ${{ env.APP_NAME }}-mac-installer | |
| # - name: Download MacOS executable artifacts | |
| # uses: actions/download-artifact@v4 | |
| # with: | |
| # name: ${{ env.APP_NAME }}-macos-x64 | |
| # path: ${{ env.APP_NAME }}-macos-x64 | |
| - name: Download Linux x64 artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ env.APP_NAME }}-linux-x64 | |
| path: ${{ env.APP_NAME }}-linux-x64 | |
| - name: Download Linux ARM 64 artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ env.APP_NAME }}-linux-arm64 | |
| path: ${{ env.APP_NAME }}-linux-arm64 | |
| - name: Download Linux x64 deb | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ env.APP_NAME }}-linux-x64-deb | |
| path: ${{ env.APP_NAME }}-linux-x64-deb | |
| - name: Download Linux arm64 deb | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ env.APP_NAME }}-linux-arm64-deb | |
| path: ${{ env.APP_NAME }}-linux-arm64-deb | |
| - name: Get tag name | |
| id: tag-name | |
| run: | | |
| echo "TAGNAME=$(echo $GITHUB_REF | cut -d / -f 3)" >>$GITHUB_OUTPUT | |
| - name: Create zips | |
| run: | | |
| zip -r ${APP_NAME}-windows-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip ${APP_NAME}-windows-x64 | |
| # zip -r ${APP_NAME}-macos-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip ${APP_NAME}-mac-installer | |
| zip -r ${APP_NAME}-linux-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip ${APP_NAME}-linux-x64 | |
| zip -r ${APP_NAME}-linux-arm64-${{ steps.tag-name.outputs.TAGNAME }}.zip ${APP_NAME}-linux-arm64 | |
| # zip -r ${APP_NAME}-macos-binary-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip ${APP_NAME}-macos-x64 | |
| # RC release should not be set as latest | |
| - name: Decide if release should be set as latest and set glue project | |
| id: is_latest | |
| shell: bash | |
| run: | | |
| unset IS_LATEST | |
| echo "Github ref is $GITHUB_REF" | |
| if [[ "$GITHUB_REF" =~ "-rc" ]]; then | |
| echo "release candidate tag matched" | |
| IS_LATEST='false' | |
| IS_PRERELEASE='true' | |
| GLUE_PROJECT='climate-tokenization-test' | |
| else | |
| echo "main branch release matched" | |
| IS_LATEST='true' | |
| IS_PRERELEASE='false' | |
| GLUE_PROJECT='climate-tokenization' | |
| fi | |
| echo "IS_LATEST=${IS_LATEST}" >> "$GITHUB_OUTPUT" | |
| echo "IS_PRERELEASE=${IS_PRERELEASE}" >> "$GITHUB_OUTPUT" | |
| echo "GLUE_PROJECT=${GLUE_PROJECT}" >> "$GITHUB_OUTPUT" | |
| - name: Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| prerelease: ${{steps.is_latest.outputs.IS_PRERELEASE}} | |
| make_latest: "${{steps.is_latest.outputs.IS_LATEST}}" | |
| files: | | |
| ${{ env.APP_NAME }}-windows-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip | |
| # ${{ env.APP_NAME }}-macos-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip | |
| ${{ env.APP_NAME }}-linux-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip | |
| ${{ env.APP_NAME }}-linux-arm64-${{ steps.tag-name.outputs.TAGNAME }}.zip | |
| # ${{ env.APP_NAME }}-macos-binary-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip | |
| ${{ env.APP_NAME }}-linux-x64-deb/*.deb | |
| ${{ env.APP_NAME }}-linux-arm64-deb/*.deb | |
| - name: Get repo name | |
| id: repo-name | |
| run: | | |
| echo "REPO_NAME=$(echo "$GITHUB_REPOSITORY" | cut -d "/" -f 2)" >>$GITHUB_OUTPUT | |
| - name: Trigger apt repo update | |
| if: startsWith(github.ref, 'refs/tags/') | |
| uses: Chia-Network/actions/github/glue@main | |
| with: | |
| json_data: '{"climate_tokenization_repo":"${{ steps.repo-name.outputs.REPO_NAME }}","application_name":"[\"${{ env.APP_NAME }}\"]","release_version":"${{ steps.tag-name.outputs.TAGNAME }}","add_debian_version":"true","arm64":"available"}' | |
| glue_url: ${{ secrets.GLUE_API_URL }} | |
| glue_project: "${{steps.is_latest.outputs.GLUE_PROJECT}}" | |
| glue_path: "trigger" |