Upload Binaries and Docker Image #182
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Upload Binaries and Docker Image | |
on: | |
workflow_dispatch: | |
inputs: | |
tag: | |
description: Github tag to release binaries for (reusing an existing tag will make the pipeline fail) | |
required: true | |
default: latest | |
wasm: | |
description: Whether to enable wasm ("true"/"false") | |
required: true | |
default: "true" | |
ibc-wasm-hooks: | |
description: Whether to enable ibc wasm hooks ("true"/"false") | |
required: true | |
default: "false" | |
jobs: | |
release-binaries: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
go-version: | |
- 1.23 | |
os: [ubuntu-22.04, macos-latest] | |
arch: [amd64, arm64] | |
exclude: | |
- {os: "ubuntu-22.04", arch: "arm64"} | |
permissions: | |
contents: write | |
packages: write | |
id-token: write | |
steps: | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-region: us-east-2 | |
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/ghwf-${{ github.event.repository.name }} | |
- name: Validate tag | |
env: | |
SEMVER: ${{ github.event.inputs.tag }} | |
run: | | |
if [[ $SEMVER =~ v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} ]]; then echo "Tag is okay" && exit 0; else echo "invalid tag" && exit 1; fi | |
aws s3 ls s3://axelar-releases/axelard/"$SEMVER" && echo "tag already exists, use a new one" && exit 1 | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: '0' | |
ref: ${{ github.event.inputs.tag }} | |
submodules: recursive | |
- name: Setup Golang with cache | |
uses: magnetikonline/action-golang-cache@v2 | |
with: | |
go-version: ${{ matrix.go-version }} | |
- name: Import GPG key | |
id: import_gpg | |
uses: crazy-max/ghaction-import-gpg@v4 | |
with: | |
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
- name: Build and sign binaries | |
env: | |
ARCH: ${{ matrix.arch }} | |
OS_TYPE: ${{ matrix.os }} | |
SEMVER: ${{ github.event.inputs.tag }} | |
WASM: ${{ github.event.inputs.wasm }} | |
IBC_WASM_HOOKS: ${{ github.event.inputs.ibc-wasm-hooks }} | |
run: | | |
OS=$(echo "$OS_TYPE" | sed -e 's/ubuntu-22.04/linux/; s/macos-latest/darwin/') | |
make ARCH="$ARCH" build-binaries-multiarch | |
mv ./bin/axelard ./bin/axelard-"$OS"-"$ARCH"-"$SEMVER" | |
gpg --armor --detach-sign ./bin/axelard-"$OS"-"$ARCH"-"$SEMVER" | |
- name: Check architecture | |
env: | |
SEMVER: ${{ github.event.inputs.tag }} | |
run: | | |
if [ "$RUNNER_OS" == "Linux" ] | |
then | |
OS="linux" | |
else | |
OS="darwin" | |
fi | |
ARCH="${{ matrix.arch }}" | |
file ./bin/axelard-"$OS"-"$ARCH"-"$SEMVER" | |
- name: Check ledger support | |
if: matrix.arch == 'amd64' | |
env: | |
SEMVER: ${{ github.event.inputs.tag }} | |
run: | | |
if [ "$RUNNER_OS" == "Linux" ] | |
then | |
OS="linux" | |
else | |
OS="darwin" | |
fi | |
ARCH="${{ matrix.arch }}" | |
./bin/axelard-"$OS"-"$ARCH"-"$SEMVER" version --long 2>&1 | grep "build_tags: ledger" | |
- name: Create zip and sha256 files | |
working-directory: ./bin | |
run: | | |
for i in `ls | grep -v .asc` | |
do | |
shasum -a 256 $i | awk '{print $1}' > $i.sha256 | |
zip $i.zip $i | |
shasum -a 256 $i.zip | awk '{print $1}' > $i.zip.sha256 | |
done | |
- name: Upload binaries to release | |
uses: svenstaro/upload-release-action@v2 | |
with: | |
repo_token: ${{ secrets.GITHUB_TOKEN }} | |
file: ./bin/* | |
tag: ${{ github.event.inputs.tag }} | |
overwrite: true | |
file_glob: true | |
- name: Upload binaries to S3 | |
env: | |
S3_PATH: s3://axelar-releases/axelard/${{ github.event.inputs.tag }} | |
run: | | |
aws s3 cp ./bin ${S3_PATH}/ --recursive | |
- name: Upload binaries to Cloudflare R2 | |
uses: ryand56/r2-upload-action@latest | |
with: | |
r2-account-id: ${{ secrets.R2_ACCOUNT_ID }} | |
r2-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CF }} | |
r2-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CF }} | |
r2-bucket: ${{ secrets.R2_BUCKET }} | |
source-dir: ./bin | |
destination-dir: ./releases/axelard/ | |
release-docker: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [ubuntu-22.04] | |
platform: [linux/amd64] | |
permissions: | |
contents: write | |
packages: write | |
id-token: write | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: '0' | |
ref: ${{ github.event.inputs.tag }} | |
submodules: recursive | |
- name: Set up ssh agent | |
uses: webfactory/[email protected] | |
with: | |
ssh-private-key: ${{ secrets.CICD_RSA_KEY }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v1 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v1 | |
with: | |
config: .github/buildkit-config.toml | |
- name: Login to DockerHub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
- name: Build and push docker images | |
run: | | |
make build-push-docker-images | |
env: | |
PLATFORM: ${{ matrix.platform }} | |
SEMVER: ${{ github.event.inputs.tag }} | |
WASM: ${{ github.event.inputs.wasm }} | |
IBC_WASM_HOOKS: ${{ github.event.inputs.ibc-wasm-hooks }} | |
combine-sign: | |
needs: release-docker | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [ubuntu-22.04] | |
permissions: | |
contents: write | |
packages: write | |
id-token: write | |
steps: | |
- name: Install Cosign | |
uses: sigstore/[email protected] | |
with: | |
cosign-release: 'v2.2.2' | |
- name: Login to DockerHub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
- name: Create multiarch manifest | |
run: | | |
docker buildx imagetools create -t axelarnet/axelar-core:${SEMVER} \ | |
axelarnet/axelar-core-linux-amd64:${SEMVER} | |
env: | |
SEMVER: ${{ github.event.inputs.tag }} | |
- name: Sign the images with GitHub OIDC | |
run: cosign sign -y --oidc-issuer https://token.actions.githubusercontent.com ${TAGS} | |
env: | |
TAGS: axelarnet/axelar-core:${{ github.event.inputs.tag }} | |
COSIGN_EXPERIMENTAL: 1 | |