Skip to content

Commit

Permalink
Merge pull request #1667 from subspace/ci-self-hosted-runner
Browse files Browse the repository at this point in the history 
Ci self hosted runner
  • Loading branch information
@nazar-pc
nazar-pc authored Sep 11, 2023
2 parents 3a2f870 + ea8d385 commit 9c96089
Show file tree
Hide file tree
Showing 5 changed files with 71 additions and 65 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/chain-spec-snapshot-build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ on:

jobs:
chains-spec:
runs-on: ubuntu-22.04
runs-on: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "ubuntu-20.04-x86-64"]' || 'ubuntu-22.04') }}
permissions:
contents: write
packages: write
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/runtime-snapshot-build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,12 @@ on:
workflow_dispatch:
push:
tags:
- 'runtime-snapshot-*'
- 'runtime-gemini-*'
- "runtime-snapshot-*"
- "runtime-gemini-*"

jobs:
runtime:
runs-on: ubuntu-22.04
runs-on: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "ubuntu-20.04-x86-64"]' || 'ubuntu-22.04') }}
permissions:
contents: write
packages: write
Expand Down
33 changes: 12 additions & 21 deletions .github/workflows/rust.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,6 @@ on:
- '**.md'
- '.github/CODEOWNERS'
workflow_dispatch:
inputs:
test-macos:
description: 'Whether to run macOS tests'
required: true
default: false
type: boolean

concurrency:
group: rust-${{ github.workflow }}-${{ github.ref }}
Expand All @@ -37,14 +31,14 @@ env:

jobs:
cargo-fmt:
runs-on: ubuntu-22.04
runs-on: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "ubuntu-20.04-x86-64"]' || 'ubuntu-22.04') }}

steps:
- name: Checkout
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # @v3.1.0

- name: Install Protoc
uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # @v1.1.2
uses: arduino/setup-protoc@9b1ee5b22b0a3f1feb8c2ff99b32c89b3c3191e9 # v2.0.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}

Expand All @@ -65,10 +59,7 @@ jobs:
cargo-clippy:
strategy:
matrix:
os:
- ubuntu-22.04
- macos-12
- windows-2022
os: ${{ fromJson(github.repository_owner == 'subspace' && '[["self-hosted", "ubuntu-20.04-x86-64"], ["self-hosted", "macos-12-arm64"], ["self-hosted", "windows-server-2022-x86-64"]]' || '["ubuntu-22.04", "macos-12", "windows-2022"]') }}

runs-on: ${{ matrix.os }}

Expand All @@ -95,14 +86,16 @@ jobs:
if: runner.os != 'macOS'

- name: Install Protoc
uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # @v1.1.2
uses: arduino/setup-protoc@9b1ee5b22b0a3f1feb8c2ff99b32c89b3c3191e9 # v2.0.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}

# Workaround to resolve link error with C:\msys64\mingw64\bin\libclang.dll
- name: Remove msys64
run: Remove-Item -LiteralPath "C:\msys64\" -Force -Recurse
if: runner.os == 'Windows'
# Doesn't exist on self-hosted runners
continue-on-error: true

- name: Configure cache
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # @v3.0.11
Expand All @@ -119,13 +112,13 @@ jobs:
args: --locked --all-targets -- -D warnings

cargo-docs:
runs-on: ubuntu-22.04
runs-on: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "ubuntu-20.04-x86-64"]' || 'ubuntu-22.04') }}
steps:
- name: Checkout
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # @v3.1.0

- name: Install Protoc
uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # @v1.1.2
uses: arduino/setup-protoc@9b1ee5b22b0a3f1feb8c2ff99b32c89b3c3191e9 # v2.0.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}

Expand All @@ -145,10 +138,7 @@ jobs:
cargo-test:
strategy:
matrix:
os:
- ubuntu-22.04
- macos-12
- windows-2022
os: ${{ fromJson(github.repository_owner == 'subspace' && '[["self-hosted", "ubuntu-20.04-x86-64"], ["self-hosted", "macos-12-arm64"], ["self-hosted", "windows-server-2022-x86-64"]]' || '["ubuntu-22.04", "macos-12", "windows-2022"]') }}

runs-on: ${{ matrix.os }}

Expand All @@ -175,14 +165,16 @@ jobs:
if: runner.os != 'macOS'

- name: Install Protoc
uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # @v1.1.2
uses: arduino/setup-protoc@9b1ee5b22b0a3f1feb8c2ff99b32c89b3c3191e9 # v2.0.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}

# Workaround to resolve link error with C:\msys64\mingw64\bin\libclang.dll
- name: Remove msys64
run: Remove-Item -LiteralPath "C:\msys64\" -Force -Recurse
if: runner.os == 'Windows'
# Doesn't exist on self-hosted runners
continue-on-error: true

- name: Configure cache
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # @v3.0.11
Expand All @@ -196,4 +188,3 @@ jobs:
uses: actions-rs/cargo@ae10961054e4aa8b4aa7dffede299aaf087aa33b # @v1.0.1
with:
command: test
if: runner.os != 'macOS' || inputs.test-macos == true || github.ref == 'refs/heads/main'
2 changes: 1 addition & 1 deletion .github/workflows/rustdoc.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
version: "15.0"

- name: Install Protoc
uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # @v1.1.2
uses: arduino/setup-protoc@9b1ee5b22b0a3f1feb8c2ff99b32c89b3c3191e9 # v2.0.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}

Expand Down
93 changes: 54 additions & 39 deletions .github/workflows/snapshot-build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,16 +9,16 @@ on:
workflow_dispatch:
push:
tags:
- 'snapshot-*'
- 'gemini-*'
- "snapshot-*"
- "gemini-*"

# Incremental compilation here isn't helpful
env:
CARGO_INCREMENTAL: 0

jobs:
container-linux:
runs-on: ubuntu-22.04
runs-on: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "ubuntu-20.04-x86-64"]' || 'ubuntu-22.04') }}
permissions:
contents: write
packages: write
Expand All @@ -30,25 +30,25 @@ jobs:
- bootstrap-node
platform:
- arch: linux/amd64
dockerfile-suffix: ''
dockerfile-suffix: ""
suffix: ubuntu-x86_64-${{ github.ref_name }}
image-suffix: ''
rustflags: '-C target-cpu=skylake'
image-suffix: ""
rustflags: "-C target-cpu=skylake"
# We build AArch64
- arch: linux/amd64
dockerfile-suffix: '.aarch64'
dockerfile-suffix: ".aarch64"
suffix: ubuntu-aarch64-${{ github.ref_name }}
image-suffix: '-aarch64'
image-suffix: "-aarch64"

steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # @v2.1.0
uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # @v2.2.0

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # @v2.2.1

- name: Log into registry
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # @v2.1.0
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # @v2.2.0
with:
registry: ghcr.io
username: ${{ github.actor }}
Expand Down Expand Up @@ -84,38 +84,38 @@ jobs:
strategy:
matrix:
build:
- os: ubuntu-20.04
- os: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "ubuntu-20.04-x86-64"]' || 'ubuntu-20.04') }}
target: x86_64-unknown-linux-gnu
suffix: ubuntu-x86_64-v2-${{ github.ref_name }}
rustflags: '-C target-cpu=x86-64-v2'
- os: ubuntu-20.04
rustflags: "-C target-cpu=x86-64-v2"
- os: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "ubuntu-20.04-x86-64"]' || 'ubuntu-20.04') }}
target: x86_64-unknown-linux-gnu
suffix: ubuntu-x86_64-skylake-${{ github.ref_name }}
rustflags: '-C target-cpu=skylake'
- os: ubuntu-20.04
rustflags: "-C target-cpu=skylake"
- os: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "ubuntu-20.04-x86-64"]' || 'ubuntu-20.04') }}
target: aarch64-unknown-linux-gnu
suffix: ubuntu-aarch64-${{ github.ref_name }}
# TODO: AES flag is such that we have decent performance on ARMv8, remove once `aes` crate bumps MSRV to
# at least 1.61: https://github.com/RustCrypto/block-ciphers/issues/373
rustflags: '-C linker=aarch64-linux-gnu-gcc --cfg aes_armv8'
- os: macos-12
rustflags: "-C linker=aarch64-linux-gnu-gcc --cfg aes_armv8"
- os: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "macos-12-arm64"]' || 'macos-12') }}
target: x86_64-apple-darwin
suffix: macos-x86_64-${{ github.ref_name }}
rustflags: ''
- os: macos-12
rustflags: ""
- os: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "macos-12-arm64"]' || 'macos-12') }}
target: aarch64-apple-darwin
suffix: macos-aarch64-${{ github.ref_name }}
# TODO: AES flag is such that we have decent performance on ARMv8, remove once `aes` crate bumps MSRV to
# at least 1.61: https://github.com/RustCrypto/block-ciphers/issues/373
rustflags: '--cfg aes_armv8'
- os: windows-2022
rustflags: "--cfg aes_armv8"
- os: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "windows-server-2022-x86-64"]' || 'windows-2022') }}
target: x86_64-pc-windows-msvc
suffix: windows-x86_64-v2-${{ github.ref_name }}
rustflags: '-C target-cpu=x86-64-v2'
- os: windows-2022
rustflags: "-C target-cpu=x86-64-v2"
- os: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "windows-server-2022-x86-64"]' || 'windows-2022') }}
target: x86_64-pc-windows-msvc
suffix: windows-x86_64-skylake-${{ github.ref_name }}
rustflags: '-C target-cpu=skylake'
rustflags: "-C target-cpu=skylake"
runs-on: ${{ matrix.build.os }}
env:
PRODUCTION_TARGET: target/${{ matrix.build.target }}/production
Expand Down Expand Up @@ -144,14 +144,16 @@ jobs:
if: runner.os != 'macOS'

- name: Install Protoc
uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # @v1.1.2
uses: arduino/setup-protoc@9b1ee5b22b0a3f1feb8c2ff99b32c89b3c3191e9 # v2.0.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}

# Workaround to resolve link error with C:\msys64\mingw64\bin\libclang.dll
- name: Remove msys64
run: Remove-Item -LiteralPath "C:\msys64\" -Force -Recurse
if: runner.os == 'Windows'
# Doesn't exist on self-hosted runners
continue-on-error: true

- name: AArch64 cross-compile packages
run: sudo apt-get update && sudo apt-get install -y --no-install-recommends g++-aarch64-linux-gnu gcc-aarch64-linux-gnu libc6-dev-arm64-cross
Expand Down Expand Up @@ -187,26 +189,39 @@ jobs:
cp ${{ env.PRODUCTION_TARGET }}/subspace-farmer ${{ env.PRODUCTION_TARGET }}/subspace-node ${{ env.PRODUCTION_TARGET }}/macos-binaries
ditto -c -k --rsrc ${{ env.PRODUCTION_TARGET }}/macos-binaries subspace-binaries.zip
echo "Notarizing"
xcrun altool --notarize-app --primary-bundle-id binaries-${{ github.ref_name }} --username "${{ secrets.MACOS_APPLE_ID}}" --password "${{ secrets.MACOS_APP_PW }}" --file subspace-binaries.zip
# TODO: Wait for notarization before stapling
# echo "Stapling farmer"
# xcrun stapler staple ${{ env.PRODUCTION_TARGET }}/subspace-farmer
# echo "Stapling node"
# xcrun stapler staple ${{ env.PRODUCTION_TARGET }}/subspace-node
brew update
brew install mitchellh/gon/gon
cat << EOF > gon.hcl
source = ["subspace-binaries.zip"]
bundle_id = "${{ secrets.MACOS_BUNDLE_ID }}"
sign {
application_identity = "${{ secrets.MACOS_IDENTITY }}"
}
apple_id {
username = "${{ secrets.MACOS_APPLE_ID }}"
password = "${{ secrets.MACOS_APP_PW }}"
}
EOF
gon -log-level=info -log-json gon.hcl
# Notarize the ZIP using notarytool
xcrun notarytool submit subspace-binaries.zip --apple-id "${{ secrets.MACOS_APPLE_ID }}" --password "${{ secrets.MACOS_APP_PW }}" --team-id "${{ secrets.MACOS_TEAM_ID }}" --wait
# // todo stapling for macOS artifacts
# Staple the zip package
# xcrun stapler staple subspace-binaries.zip
echo "Done!"
# Allow code signing to fail on non-release builds and in non-subspace repos (forks)
continue-on-error: ${{ github.github.repository_owner != 'subspace' || github.event_name != 'push' || github.ref_type != 'tag' }}
continue-on-error: ${{ github.repository_owner != 'subspace' || github.event_name != 'push' || github.ref_type != 'tag' }}
if: runner.os == 'macOS'

- name: Sign Application (Windows)
uses: skymatic/code-sign-action@cfcc1c15b32938bab6dea25192045b6d2989e4d0 # @v1.1.0
with:
certificate: '${{ secrets.WINDOWS_CERTIFICATE }}'
password: '${{ secrets.WINDOWS_CERTIFICATE_PW }}'
certificatesha1: 'FCA030AC3840FAED48ADC5A8F734ACFCC857DF37'
folder: '${{ env.PRODUCTION_TARGET }}'
run: |
AzureSignTool sign --azure-key-vault-url "${{ secrets.AZURE_KEY_VAULT_URI }}" --azure-key-vault-client-id "${{ secrets.AZURE_CLIENT_ID }}" --azure-key-vault-client-secret "${{ secrets.AZURE_CLIENT_SECRET }}" --azure-key-vault-tenant-id "${{ secrets.AZURE_TENANT_ID }}" --azure-key-vault-certificate "${{ secrets.AZURE_CERT_NAME }}" --file-digest sha512 --timestamp-rfc3161 http://timestamp.digicert.com -v "${{ matrix.build.production_target }}/subspace-farmer.exe"
AzureSignTool sign --azure-key-vault-url "${{ secrets.AZURE_KEY_VAULT_URI }}" --azure-key-vault-client-id "${{ secrets.AZURE_CLIENT_ID }}" --azure-key-vault-client-secret "${{ secrets.AZURE_CLIENT_SECRET }}" --azure-key-vault-tenant-id "${{ secrets.AZURE_TENANT_ID }}" --azure-key-vault-certificate "${{ secrets.AZURE_CERT_NAME }}" --file-digest sha512 --timestamp-rfc3161 http://timestamp.digicert.com -v "${{ matrix.build.production_target }}/subspace-node.exe"
# Allow code signing to fail on non-release builds and in non-subspace repos (forks)
continue-on-error: ${{ github.github.repository_owner != 'subspace' || github.event_name != 'push' || github.ref_type != 'tag' }}
continue-on-error: ${{ github.repository_owner != 'subspace' || github.event_name != 'push' || github.ref_type != 'tag' }}
if: runner.os == 'Windows'

- name: Prepare executables for uploading (Ubuntu)
Expand Down

0 comments on commit 9c96089

Please sign in to comment.