axelarnetwork · talalashraf · Feb 16, 2024 · Feb 2, 2024 · Feb 13, 2024 · Feb 13, 2024
@@ -22,9 +22,205 @@ jobs:
       id-token: write
 
     steps:
-
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-region: us-east-2
           role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/ghwf-${{ github.event.repository.name }}
+
+      - name: Validate tag
+        env:
+          SEMVER: ${{ github.event.inputs.tag }}
+        run: |
+          if [[ $SEMVER =~ v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} ]]; then echo "Tag is okay" && exit 0; else echo "invalid tag" && exit 1; fi
+          aws s3 ls s3://axelar-releases/ampd/"$SEMVER" && echo "tag already exists, use a new one" && exit 1
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: '0'
+          ref: ${{ github.event.inputs.tag }}
+          submodules: recursive
+
+      - name: Install Rust
+        run: |
+          curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+
+      - name: Import GPG key
+        id: import_gpg
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+
+      - name: build and sign darwin binaries
+        env:
+          SEMVER: ${{ github.event.inputs.tag }}
+        if: matrix.os == 'macos-12'
+        run: |
+          OS="darwin"
+          ARCH="${{ matrix.arch }}"
+          if [ "$ARCH" == "arm64" ]
+          then
+            brew install protobuf
+            rustup target add aarch64-apple-darwin
+            cargo build --release --target aarch64-apple-darwin
+            mkdir ampdbin
+            mv "/Users/runner/work/axelar-amplifier/axelar-amplifier/target/aarch64-apple-darwin/release/ampd" "./ampdbin/ampd-$OS-$ARCH-$SEMVER"
+            gpg --armor --detach-sign  "./ampdbin/ampd-$OS-$ARCH-$SEMVER"
+          else
+            brew install protobuf
+            cargo build --release
+            mkdir ampdbin
+            mv "/Users/runner/work/axelar-amplifier/axelar-amplifier/target/release/ampd" "./ampdbin/ampd-$OS-$ARCH-$SEMVER"
+            gpg --armor --detach-sign  "./ampdbin/ampd-$OS-$ARCH-$SEMVER"
+          fi
+
+      - name: build and sign linux binaries
+        env:
+          SEMVER: ${{ github.event.inputs.tag }}
+        if: matrix.os == 'ubuntu-22.04'
+        run: |
+          OS="linux"
+          ARCH="${{ matrix.arch }}"
+          if [ "$ARCH" == "arm64" ]
+          then
+            sudo apt-get install protobuf-compiler gcc-aarch64-linux-gnu g++-aarch64-linux-gnu
+            rustup target add aarch64-unknown-linux-gnu
+            export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc
+            cargo build --release --target aarch64-unknown-linux-gnu
+            mkdir ampdbin
+            mv "/home/runner/work/axelar-amplifier/axelar-amplifier/target/aarch64-unknown-linux-gnu/release/ampd" "./ampdbin/ampd-$OS-$ARCH-$SEMVER"
+            gpg --armor --detach-sign  "./ampdbin/ampd-$OS-$ARCH-$SEMVER"
+          else
+            sudo apt-get install protobuf-compiler
+            cargo build --release
+            mkdir ampdbin
+            mv "/home/runner/work/axelar-amplifier/axelar-amplifier/target/release/ampd" "./ampdbin/ampd-$OS-$ARCH-$SEMVER"
+            gpg --armor --detach-sign  "./ampdbin/ampd-$OS-$ARCH-$SEMVER"
+          fi
+
+      - name: Test Binary Format
+        working-directory: ./ampdbin
+        run: |
+          for binary in ./ampd-*; do
+          if [[ "$binary" != *.asc ]]; then
+            echo "Testing binary: $binary"
+            OUTPUT=$(file "$binary" | cut -d: -f2- | awk -F, '{print $1"," $2}')
+            if [[ "${{ matrix.os }}" == "ubuntu-22.04" ]]; then
+              if [[ "${{ matrix.arch }}" == "amd64" ]]; then
+                EXPECTED="ELF 64-bit LSB pie executable, x86-64"
+              elif [[ "${{ matrix.arch }}" == "arm64" ]]; then
+                EXPECTED="ELF 64-bit LSB pie executable, ARM aarch64"
+              fi
+            elif [[ "${{ matrix.os }}" == "macos-12" ]]; then
+              OUTPUT=$(file "$binary" | cut -d: -f2-)
+              if [[ "${{ matrix.arch }}" == "amd64" ]]; then
+                EXPECTED="Mach-O 64-bit executable x86_64"
+              elif [[ "${{ matrix.arch }}" == "arm64" ]]; then
+                EXPECTED="Mach-O 64-bit executable arm64"
+              fi
+            fi
+
+            echo "Output: $OUTPUT"
+            echo "Expected: $EXPECTED"
+
+            if [[ "$OUTPUT" == *"$EXPECTED"* ]]; then
+              echo "The binary format is correct."
+            else
+              echo "Error: The binary format does not match the expected format."
+              exit 1
+            fi
+          fi
+          done
+
+      - name: Create zip and sha256 files
+        working-directory: ./ampdbin
+        run: |
+          for i in `ls | grep -v .asc`
+          do
+            shasum -a 256 $i | awk '{print $1}' > $i.sha256
+            zip $i.zip $i
+            shasum -a 256 $i.zip | awk '{print $1}' > $i.zip.sha256
+          done
+
+      - name: Upload binaries to release
+        uses: svenstaro/upload-release-action@v2
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          file: ./ampdbin/*
+          tag: ${{ github.event.inputs.tag }}
+          overwrite: true
+          file_glob: true
+
+      - name: Upload binaries to S3
+        env:
+          S3_PATH: s3://axelar-releases/ampd/${{ github.event.inputs.tag }}
+        run: |
+          aws s3 cp ./ampdbin ${S3_PATH}/ --recursive
+
+  release-docker:
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: write
+      packages: write
+      id-token: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: '0'
+          ref: ${{ github.event.inputs.tag }}
+          submodules: recursive
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+      - name: Build and push docker images
+        run: |
+          make build-push-docker-images
+        env:
+          PLATFORM: linux/amd64
+          SEMVER: ${{ github.event.inputs.tag }}
+
+  combine-sign:
+    needs: release-docker
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: write
+      packages: write
+      id-token: write
+    steps:
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@main
+        with:
+          cosign-release: 'v1.13.1'
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+      - name: Create multiarch manifest
+        run: |
+          docker buildx imagetools create -t axelarnet/axelar-ampd:${SEMVER} \
+            axelarnet/axelar-ampd-linux-amd64:${SEMVER}
+        env:
+          SEMVER: ${{ github.event.inputs.tag }}
+
+      - name: Sign the images with GitHub OIDC
+        run: cosign sign --oidc-issuer https://token.actions.githubusercontent.com ${TAGS}
+        env:
+          TAGS: axelarnet/axelar-ampd:${{ github.event.inputs.tag }}
+          COSIGN_EXPERIMENTAL: 1
@@ -0,0 +1,11 @@
+PUSH_DOCKER_IMAGE := true
+SUFFIX := $(shell echo $$PLATFORM | sed 's/\//-/' | sed 's/\///')
+
+.PHONY: build-push-docker-image
+build-push-docker-images:
+	@DOCKER_BUILDKIT=1 docker buildx build \
+		--platform ${PLATFORM} \
+		--output "type=image,push=${PUSH_DOCKER_IMAGE}" \
+		--build-arg ARCH="${ARCH}" \
+		-f ampd/Dockerfile \
+		-t axelarnet/axelar-ampd-${SUFFIX}:${SEMVER} --provenance=false .