From 69d88915be86d0e0ff3fe211789e6796da6f2cd7 Mon Sep 17 00:00:00 2001 From: kalidax Date: Fri, 2 Feb 2024 09:47:38 +0100 Subject: [PATCH 1/7] feat(infra): setup a pipeline to build release binaries and containers of ampd --- .../build-docker-image-and-binaries.yaml | 215 ++++++++++++++++++ Makefile | 11 + 2 files changed, 226 insertions(+) create mode 100644 .github/workflows/build-docker-image-and-binaries.yaml create mode 100644 Makefile diff --git a/.github/workflows/build-docker-image-and-binaries.yaml b/.github/workflows/build-docker-image-and-binaries.yaml new file mode 100644 index 000000000..878ed68fb --- /dev/null +++ b/.github/workflows/build-docker-image-and-binaries.yaml @@ -0,0 +1,215 @@ +name: Amplifier - Build Release + +on: + workflow_dispatch: + inputs: + tag: + description: Github tag to release binaries for (reusing an existing tag will make the pipeline fail) + required: true + default: latest + +jobs: + release-binaries: + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [ubuntu-latest, macos-latest] + arch: [amd64, arm64] + + permissions: + contents: write + packages: write + id-token: write + + steps: + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: us-east-2 + role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/ghwf-${{ github.event.repository.name }} + + - name: Validate tag + env: + SEMVER: ${{ github.event.inputs.tag }} + run: | + if [[ $SEMVER =~ v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} ]]; then echo "Tag is okay" && exit 0; else echo "invalid tag" && exit 1; fi + aws s3 ls s3://axelar-releases/axelard/"$SEMVER" && echo "tag already exists, use a new one" && exit 1 + + - name: Checkout code + uses: actions/checkout@v3 + with: + fetch-depth: '0' + ref: ${{ github.event.inputs.tag }} + submodules: recursive + + - name: Install Rust + run: | + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y + + #- name: Import GPG key + # id: import_gpg + # uses: crazy-max/ghaction-import-gpg@v4 + # with: + # gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + # passphrase: ${{ secrets.GPG_PASSPHRASE }} + + - name: build and sign darwin binaries + env: + SEMVER: ${{ github.event.inputs.tag }} + if: matrix.os == 'macos-latest' + run: | + OS="darwin" + ARCH="${{ matrix.arch }}" + if [ "$ARCH" == "arm64" ] + then + brew install protobuf + rustup target add aarch64-apple-darwin + cargo build --release --target aarch64-apple-darwin + mkdir ampdbin + mv "/Users/runner/work/axelar-amplifier/axelar-amplifier/target/aarch64-apple-darwin/release/ampd" "./ampdbin/ampd-$OS-$ARCH-$SEMVER" + #gpg --armor --detach-sign "./ampdbin/ampd-$OS-$ARCH-$SEMVER" + else + brew install protobuf + cargo build --release + mkdir ampdbin + mv "/Users/runner/work/axelar-amplifier/axelar-amplifier/target/release/ampd" "./ampdbin/ampd-$OS-$ARCH-$SEMVER" + #gpg --armor --detach-sign "./ampdbin/ampd-$OS-$ARCH-$SEMVER" + fi + + - name: build and sign linux binaries + env: + SEMVER: ${{ github.event.inputs.tag }} + if: matrix.os == 'ubuntu-latest' + run: | + OS="linux" + ARCH="${{ matrix.arch }}" + if [ "$ARCH" == "arm64" ] + then + sudo apt-get install protobuf-compiler gcc-aarch64-linux-gnu g++-aarch64-linux-gnu + rustup target add aarch64-unknown-linux-gnu + export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc + cargo build --release --target aarch64-unknown-linux-gnu + mkdir ampdbin + mv "/home/runner/work/axelar-amplifier/axelar-amplifier/target/aarch64-unknown-linux-gnu/release/ampd" "./ampdbin/ampd-$OS-$ARCH-$SEMVER" + #gpg --armor --detach-sign "./ampdbin/ampd-$OS-$ARCH-$SEMVER" + else + sudo apt-get install protobuf-compiler + cargo build --release + mkdir ampdbin + mv "/home/runner/work/axelar-amplifier/axelar-amplifier/target/release/ampd" "./ampdbin/ampd-$OS-$ARCH-$SEMVER" + #gpg --armor --detach-sign "./ampdbin/ampd-$OS-$ARCH-$SEMVER" + fi + + - name: Test ampd + working-directory: ./ampdbin + run: | + file ./ampd-* + + - name: Create zip and sha256 files + working-directory: ./ampdbin + run: | + for i in `ls | grep -v .asc` + do + shasum -a 256 $i | awk '{print $1}' > $i.sha256 + zip $i.zip $i + shasum -a 256 $i.zip | awk '{print $1}' > $i.zip.sha256 + done + + #- name: Upload binaries to release + #uses: svenstaro/upload-release-action@v2 + #with: + #repo_token: ${{ secrets.GITHUB_TOKEN }} + #file: ./ampdbin/* + # tag: ${{ github.event.inputs.tag }} + #overwrite: true + #file_glob: true + + - name: Upload binaries to S3 + env: + S3_PATH: s3://axelar-releases/ampd/${{ github.event.inputs.tag }} + run: | + aws s3 cp ./ampdbin ${S3_PATH}/ --recursive + + release-docker: + + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [ubuntu-20.04] + platform: [linux/amd64] + + permissions: + contents: write + packages: write + id-token: write + + steps: + + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: '0' + ref: ${{ github.event.inputs.tag }} + submodules: recursive + + #- name: Set up ssh agent + #uses: webfactory/ssh-agent@v0.5.2 + #with: + #ssh-private-key: ${{ secrets.CICD_RSA_KEY }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_TOKEN }} + + - name: Build and push docker images + run: | + make build-push-docker-images + env: + PLATFORM: ${{ matrix.platform }} + SEMVER: ${{ github.event.inputs.tag }} + + combine-sign: + + needs: release-docker + runs-on: ubuntu-22.04 + + permissions: + contents: write + packages: write + id-token: write + + steps: + + - name: Install Cosign + uses: sigstore/cosign-installer@main + with: + cosign-release: 'v1.13.1' + + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_TOKEN }} + + - name: Create multiarch manifest + run: | + docker buildx imagetools create -t axelarnet/axelar-ampd:${SEMVER} \ + axelarnet/axelar-ampd-linux-amd64:${SEMVER} + env: + SEMVER: ${{ github.event.inputs.tag }} + + - name: Sign the images with GitHub OIDC + run: cosign sign --oidc-issuer https://token.actions.githubusercontent.com ${TAGS} + env: + TAGS: axelarnet/axelar-ampd:${{ github.event.inputs.tag }} + COSIGN_EXPERIMENTAL: 1 \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 000000000..2b4c9c9fe --- /dev/null +++ b/Makefile @@ -0,0 +1,11 @@ +PUSH_DOCKER_IMAGE := true +SUFFIX := $(shell echo $$PLATFORM | sed 's/\//-/' | sed 's/\///') + +.PHONY: build-push-docker-image +build-push-docker-images: + @DOCKER_BUILDKIT=1 docker buildx build \ + --platform ${PLATFORM} \ + --output "type=image,push=${PUSH_DOCKER_IMAGE}" \ + --build-arg ARCH="${ARCH}" \ + -f ampd/Dockerfile \ + -t axelarnet/axelar-ampd-${SUFFIX}:${SEMVER} --provenance=false . From 5d42177eb56998f501a100386b1e6ee7d759d871 Mon Sep 17 00:00:00 2001 From: Talal Ashraf Date: Wed, 14 Feb 2024 01:25:41 +0500 Subject: [PATCH 2/7] - refactor pipeline onto seeded workflow --- .github/workflows/build-ampd-release.yaml | 169 +++++++++++++- .../build-docker-image-and-binaries.yaml | 215 ------------------ 2 files changed, 168 insertions(+), 216 deletions(-) delete mode 100644 .github/workflows/build-docker-image-and-binaries.yaml diff --git a/.github/workflows/build-ampd-release.yaml b/.github/workflows/build-ampd-release.yaml index abf218cb8..22960f368 100644 --- a/.github/workflows/build-ampd-release.yaml +++ b/.github/workflows/build-ampd-release.yaml @@ -22,9 +22,176 @@ jobs: id-token: write steps: - - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 with: aws-region: us-east-2 role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/ghwf-${{ github.event.repository.name }} + + - name: Validate tag + env: + SEMVER: ${{ github.event.inputs.tag }} + run: | + if [[ $SEMVER =~ v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} ]]; then echo "Tag is okay" && exit 0; else echo "invalid tag" && exit 1; fi + aws s3 ls s3://axelar-releases/axelard/"$SEMVER" && echo "tag already exists, use a new one" && exit 1 + + - name: Checkout code + uses: actions/checkout@v3 + with: + fetch-depth: '0' + ref: ${{ github.event.inputs.tag }} + submodules: recursive + + - name: Install Rust + run: | + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y + + - name: Import GPG key + id: import_gpg + uses: crazy-max/ghaction-import-gpg@v4 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PASSPHRASE }} + + - name: build and sign darwin binaries + env: + SEMVER: ${{ github.event.inputs.tag }} + if: matrix.os == 'macos-latest' + run: | + OS="darwin" + ARCH="${{ matrix.arch }}" + if [ "$ARCH" == "arm64" ] + then + brew install protobuf + rustup target add aarch64-apple-darwin + cargo build --release --target aarch64-apple-darwin + mkdir ampdbin + mv "/Users/runner/work/axelar-amplifier/axelar-amplifier/target/aarch64-apple-darwin/release/ampd" "./ampdbin/ampd-$OS-$ARCH-$SEMVER" + gpg --armor --detach-sign "./ampdbin/ampd-$OS-$ARCH-$SEMVER" + else + brew install protobuf + cargo build --release + mkdir ampdbin + mv "/Users/runner/work/axelar-amplifier/axelar-amplifier/target/release/ampd" "./ampdbin/ampd-$OS-$ARCH-$SEMVER" + gpg --armor --detach-sign "./ampdbin/ampd-$OS-$ARCH-$SEMVER" + fi + + - name: build and sign linux binaries + env: + SEMVER: ${{ github.event.inputs.tag }} + if: matrix.os == 'ubuntu-latest' + run: | + OS="linux" + ARCH="${{ matrix.arch }}" + if [ "$ARCH" == "arm64" ] + then + sudo apt-get install protobuf-compiler gcc-aarch64-linux-gnu g++-aarch64-linux-gnu + rustup target add aarch64-unknown-linux-gnu + export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc + cargo build --release --target aarch64-unknown-linux-gnu + mkdir ampdbin + mv "/home/runner/work/axelar-amplifier/axelar-amplifier/target/aarch64-unknown-linux-gnu/release/ampd" "./ampdbin/ampd-$OS-$ARCH-$SEMVER" + gpg --armor --detach-sign "./ampdbin/ampd-$OS-$ARCH-$SEMVER" + else + sudo apt-get install protobuf-compiler + cargo build --release + mkdir ampdbin + mv "/home/runner/work/axelar-amplifier/axelar-amplifier/target/release/ampd" "./ampdbin/ampd-$OS-$ARCH-$SEMVER" + gpg --armor --detach-sign "./ampdbin/ampd-$OS-$ARCH-$SEMVER" + fi + + - name: Test ampd + working-directory: ./ampdbin + run: | + file ./ampd-* + + - name: Create zip and sha256 files + working-directory: ./ampdbin + run: | + for i in `ls | grep -v .asc` + do + shasum -a 256 $i | awk '{print $1}' > $i.sha256 + zip $i.zip $i + shasum -a 256 $i.zip | awk '{print $1}' > $i.zip.sha256 + done + + - name: Upload binaries to release + uses: svenstaro/upload-release-action@v2 + with: + repo_token: ${{ secrets.GITHUB_TOKEN }} + file: ./ampdbin/* + tag: ${{ github.event.inputs.tag }} + overwrite: true + file_glob: true + + - name: Upload binaries to S3 + env: + S3_PATH: s3://axelar-releases/ampd/${{ github.event.inputs.tag }} + run: | + aws s3 cp ./ampdbin ${S3_PATH}/ --recursive + + release-docker: + runs-on: ubuntu-22.04 + permissions: + contents: write + packages: write + id-token: write + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: '0' + ref: ${{ github.event.inputs.tag }} + submodules: recursive + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_TOKEN }} + + - name: Build and push docker images + run: | + make build-push-docker-images + env: + PLATFORM: linux/amd64 + SEMVER: ${{ github.event.inputs.tag }} + + combine-sign: + needs: release-docker + runs-on: ubuntu-22.04 + permissions: + contents: write + packages: write + id-token: write + steps: + - name: Install Cosign + uses: sigstore/cosign-installer@main + with: + cosign-release: 'v1.13.1' + + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_TOKEN }} + + - name: Create multiarch manifest + run: | + docker buildx imagetools create -t axelarnet/axelar-ampd:${SEMVER} \ + axelarnet/axelar-ampd-linux-amd64:${SEMVER} + env: + SEMVER: ${{ github.event.inputs.tag }} + + - name: Sign the images with GitHub OIDC + run: cosign sign --oidc-issuer https://token.actions.githubusercontent.com ${TAGS} + env: + TAGS: axelarnet/axelar-ampd:${{ github.event.inputs.tag }} + COSIGN_EXPERIMENTAL: 1 diff --git a/.github/workflows/build-docker-image-and-binaries.yaml b/.github/workflows/build-docker-image-and-binaries.yaml deleted file mode 100644 index 878ed68fb..000000000 --- a/.github/workflows/build-docker-image-and-binaries.yaml +++ /dev/null @@ -1,215 +0,0 @@ -name: Amplifier - Build Release - -on: - workflow_dispatch: - inputs: - tag: - description: Github tag to release binaries for (reusing an existing tag will make the pipeline fail) - required: true - default: latest - -jobs: - release-binaries: - runs-on: ${{ matrix.os }} - strategy: - matrix: - os: [ubuntu-latest, macos-latest] - arch: [amd64, arm64] - - permissions: - contents: write - packages: write - id-token: write - - steps: - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-region: us-east-2 - role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/ghwf-${{ github.event.repository.name }} - - - name: Validate tag - env: - SEMVER: ${{ github.event.inputs.tag }} - run: | - if [[ $SEMVER =~ v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} ]]; then echo "Tag is okay" && exit 0; else echo "invalid tag" && exit 1; fi - aws s3 ls s3://axelar-releases/axelard/"$SEMVER" && echo "tag already exists, use a new one" && exit 1 - - - name: Checkout code - uses: actions/checkout@v3 - with: - fetch-depth: '0' - ref: ${{ github.event.inputs.tag }} - submodules: recursive - - - name: Install Rust - run: | - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y - - #- name: Import GPG key - # id: import_gpg - # uses: crazy-max/ghaction-import-gpg@v4 - # with: - # gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} - # passphrase: ${{ secrets.GPG_PASSPHRASE }} - - - name: build and sign darwin binaries - env: - SEMVER: ${{ github.event.inputs.tag }} - if: matrix.os == 'macos-latest' - run: | - OS="darwin" - ARCH="${{ matrix.arch }}" - if [ "$ARCH" == "arm64" ] - then - brew install protobuf - rustup target add aarch64-apple-darwin - cargo build --release --target aarch64-apple-darwin - mkdir ampdbin - mv "/Users/runner/work/axelar-amplifier/axelar-amplifier/target/aarch64-apple-darwin/release/ampd" "./ampdbin/ampd-$OS-$ARCH-$SEMVER" - #gpg --armor --detach-sign "./ampdbin/ampd-$OS-$ARCH-$SEMVER" - else - brew install protobuf - cargo build --release - mkdir ampdbin - mv "/Users/runner/work/axelar-amplifier/axelar-amplifier/target/release/ampd" "./ampdbin/ampd-$OS-$ARCH-$SEMVER" - #gpg --armor --detach-sign "./ampdbin/ampd-$OS-$ARCH-$SEMVER" - fi - - - name: build and sign linux binaries - env: - SEMVER: ${{ github.event.inputs.tag }} - if: matrix.os == 'ubuntu-latest' - run: | - OS="linux" - ARCH="${{ matrix.arch }}" - if [ "$ARCH" == "arm64" ] - then - sudo apt-get install protobuf-compiler gcc-aarch64-linux-gnu g++-aarch64-linux-gnu - rustup target add aarch64-unknown-linux-gnu - export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc - cargo build --release --target aarch64-unknown-linux-gnu - mkdir ampdbin - mv "/home/runner/work/axelar-amplifier/axelar-amplifier/target/aarch64-unknown-linux-gnu/release/ampd" "./ampdbin/ampd-$OS-$ARCH-$SEMVER" - #gpg --armor --detach-sign "./ampdbin/ampd-$OS-$ARCH-$SEMVER" - else - sudo apt-get install protobuf-compiler - cargo build --release - mkdir ampdbin - mv "/home/runner/work/axelar-amplifier/axelar-amplifier/target/release/ampd" "./ampdbin/ampd-$OS-$ARCH-$SEMVER" - #gpg --armor --detach-sign "./ampdbin/ampd-$OS-$ARCH-$SEMVER" - fi - - - name: Test ampd - working-directory: ./ampdbin - run: | - file ./ampd-* - - - name: Create zip and sha256 files - working-directory: ./ampdbin - run: | - for i in `ls | grep -v .asc` - do - shasum -a 256 $i | awk '{print $1}' > $i.sha256 - zip $i.zip $i - shasum -a 256 $i.zip | awk '{print $1}' > $i.zip.sha256 - done - - #- name: Upload binaries to release - #uses: svenstaro/upload-release-action@v2 - #with: - #repo_token: ${{ secrets.GITHUB_TOKEN }} - #file: ./ampdbin/* - # tag: ${{ github.event.inputs.tag }} - #overwrite: true - #file_glob: true - - - name: Upload binaries to S3 - env: - S3_PATH: s3://axelar-releases/ampd/${{ github.event.inputs.tag }} - run: | - aws s3 cp ./ampdbin ${S3_PATH}/ --recursive - - release-docker: - - runs-on: ${{ matrix.os }} - strategy: - matrix: - os: [ubuntu-20.04] - platform: [linux/amd64] - - permissions: - contents: write - packages: write - id-token: write - - steps: - - - name: Checkout code - uses: actions/checkout@v4 - with: - fetch-depth: '0' - ref: ${{ github.event.inputs.tag }} - submodules: recursive - - #- name: Set up ssh agent - #uses: webfactory/ssh-agent@v0.5.2 - #with: - #ssh-private-key: ${{ secrets.CICD_RSA_KEY }} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_TOKEN }} - - - name: Build and push docker images - run: | - make build-push-docker-images - env: - PLATFORM: ${{ matrix.platform }} - SEMVER: ${{ github.event.inputs.tag }} - - combine-sign: - - needs: release-docker - runs-on: ubuntu-22.04 - - permissions: - contents: write - packages: write - id-token: write - - steps: - - - name: Install Cosign - uses: sigstore/cosign-installer@main - with: - cosign-release: 'v1.13.1' - - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_TOKEN }} - - - name: Create multiarch manifest - run: | - docker buildx imagetools create -t axelarnet/axelar-ampd:${SEMVER} \ - axelarnet/axelar-ampd-linux-amd64:${SEMVER} - env: - SEMVER: ${{ github.event.inputs.tag }} - - - name: Sign the images with GitHub OIDC - run: cosign sign --oidc-issuer https://token.actions.githubusercontent.com ${TAGS} - env: - TAGS: axelarnet/axelar-ampd:${{ github.event.inputs.tag }} - COSIGN_EXPERIMENTAL: 1 \ No newline at end of file From ecf40c0a919f3cb58e1f5d382e0cbe9e835c607f Mon Sep 17 00:00:00 2001 From: Talal Ashraf Date: Wed, 14 Feb 2024 01:29:36 +0500 Subject: [PATCH 3/7] - fix typo, was using axelard instead of ampd --- .github/workflows/build-ampd-release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-ampd-release.yaml b/.github/workflows/build-ampd-release.yaml index 22960f368..2cc911853 100644 --- a/.github/workflows/build-ampd-release.yaml +++ b/.github/workflows/build-ampd-release.yaml @@ -33,7 +33,7 @@ jobs: SEMVER: ${{ github.event.inputs.tag }} run: | if [[ $SEMVER =~ v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} ]]; then echo "Tag is okay" && exit 0; else echo "invalid tag" && exit 1; fi - aws s3 ls s3://axelar-releases/axelard/"$SEMVER" && echo "tag already exists, use a new one" && exit 1 + aws s3 ls s3://axelar-releases/ampd/"$SEMVER" && echo "tag already exists, use a new one" && exit 1 - name: Checkout code uses: actions/checkout@v3 From 0a8338bbfad4a5305c80f3e50d340452b6b12d37 Mon Sep 17 00:00:00 2001 From: Talal Ashraf Date: Wed, 14 Feb 2024 01:37:37 +0500 Subject: [PATCH 4/7] - fix os matching condition --- .github/workflows/build-ampd-release.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-ampd-release.yaml b/.github/workflows/build-ampd-release.yaml index 2cc911853..76f1c9c5f 100644 --- a/.github/workflows/build-ampd-release.yaml +++ b/.github/workflows/build-ampd-release.yaml @@ -56,7 +56,7 @@ jobs: - name: build and sign darwin binaries env: SEMVER: ${{ github.event.inputs.tag }} - if: matrix.os == 'macos-latest' + if: matrix.os == 'macos-12' run: | OS="darwin" ARCH="${{ matrix.arch }}" @@ -79,7 +79,7 @@ jobs: - name: build and sign linux binaries env: SEMVER: ${{ github.event.inputs.tag }} - if: matrix.os == 'ubuntu-latest' + if: matrix.os == 'ubuntu-22.04' run: | OS="linux" ARCH="${{ matrix.arch }}" From fd5e5c3744e013af0c04534ebf00bfc46bd4860f Mon Sep 17 00:00:00 2001 From: kalidax Date: Tue, 13 Feb 2024 23:16:33 +0100 Subject: [PATCH 5/7] update actions version --- .github/workflows/build-ampd-release.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-ampd-release.yaml b/.github/workflows/build-ampd-release.yaml index 76f1c9c5f..ed0b4948e 100644 --- a/.github/workflows/build-ampd-release.yaml +++ b/.github/workflows/build-ampd-release.yaml @@ -36,7 +36,7 @@ jobs: aws s3 ls s3://axelar-releases/ampd/"$SEMVER" && echo "tag already exists, use a new one" && exit 1 - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: '0' ref: ${{ github.event.inputs.tag }} @@ -48,7 +48,7 @@ jobs: - name: Import GPG key id: import_gpg - uses: crazy-max/ghaction-import-gpg@v4 + uses: crazy-max/ghaction-import-gpg@v6 with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.GPG_PASSPHRASE }} From cd77c82b64628f58bbfe95e70f9550c1a56edea7 Mon Sep 17 00:00:00 2001 From: Talal Ashraf Date: Thu, 15 Feb 2024 22:29:14 +0500 Subject: [PATCH 6/7] - update some more actions --- .github/workflows/build-ampd-release.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-ampd-release.yaml b/.github/workflows/build-ampd-release.yaml index ed0b4948e..7f557bb15 100644 --- a/.github/workflows/build-ampd-release.yaml +++ b/.github/workflows/build-ampd-release.yaml @@ -145,14 +145,14 @@ jobs: submodules: recursive - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 - name: Login to DockerHub - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_HUB_USERNAME }} password: ${{ secrets.DOCKER_HUB_TOKEN }} @@ -178,7 +178,7 @@ jobs: cosign-release: 'v1.13.1' - name: Login to DockerHub - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_HUB_USERNAME }} password: ${{ secrets.DOCKER_HUB_TOKEN }} From 7e59ada1aa5af3b04555396a5c7deb93d1216c08 Mon Sep 17 00:00:00 2001 From: kalidax Date: Fri, 16 Feb 2024 15:52:35 +0100 Subject: [PATCH 7/7] improve test --- .github/workflows/build-ampd-release.yaml | 33 +++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-ampd-release.yaml b/.github/workflows/build-ampd-release.yaml index 7f557bb15..379c2f747 100644 --- a/.github/workflows/build-ampd-release.yaml +++ b/.github/workflows/build-ampd-release.yaml @@ -100,10 +100,39 @@ jobs: gpg --armor --detach-sign "./ampdbin/ampd-$OS-$ARCH-$SEMVER" fi - - name: Test ampd + - name: Test Binary Format working-directory: ./ampdbin run: | - file ./ampd-* + for binary in ./ampd-*; do + if [[ "$binary" != *.asc ]]; then + echo "Testing binary: $binary" + OUTPUT=$(file "$binary" | cut -d: -f2- | awk -F, '{print $1"," $2}') + if [[ "${{ matrix.os }}" == "ubuntu-22.04" ]]; then + if [[ "${{ matrix.arch }}" == "amd64" ]]; then + EXPECTED="ELF 64-bit LSB pie executable, x86-64" + elif [[ "${{ matrix.arch }}" == "arm64" ]]; then + EXPECTED="ELF 64-bit LSB pie executable, ARM aarch64" + fi + elif [[ "${{ matrix.os }}" == "macos-12" ]]; then + OUTPUT=$(file "$binary" | cut -d: -f2-) + if [[ "${{ matrix.arch }}" == "amd64" ]]; then + EXPECTED="Mach-O 64-bit executable x86_64" + elif [[ "${{ matrix.arch }}" == "arm64" ]]; then + EXPECTED="Mach-O 64-bit executable arm64" + fi + fi + + echo "Output: $OUTPUT" + echo "Expected: $EXPECTED" + + if [[ "$OUTPUT" == *"$EXPECTED"* ]]; then + echo "The binary format is correct." + else + echo "Error: The binary format does not match the expected format." + exit 1 + fi + fi + done - name: Create zip and sha256 files working-directory: ./ampdbin