Skip to content

Upload Binaries and Docker Image #183

Upload Binaries and Docker Image

Upload Binaries and Docker Image #183

name: Upload Binaries and Docker Image
on:
workflow_dispatch:
inputs:
tag:
description: Github tag to release binaries for (reusing an existing tag will make the pipeline fail)
required: true
default: latest
wasm:
description: Whether to enable wasm ("true"/"false")
required: true
default: "true"
ibc-wasm-hooks:
description: Whether to enable ibc wasm hooks ("true"/"false")
required: true
default: "false"
jobs:
release-binaries:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version:
- 1.23
os: [ubuntu-22.04, macos-latest]
arch: [amd64, arm64]
exclude:
- {os: "ubuntu-22.04", arch: "arm64"}
permissions:
contents: write
packages: write
id-token: write
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-region: us-east-2
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/ghwf-${{ github.event.repository.name }}
- name: Validate tag
env:
SEMVER: ${{ github.event.inputs.tag }}
run: |
if [[ $SEMVER =~ v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} ]]; then echo "Tag is okay" && exit 0; else echo "invalid tag" && exit 1; fi
aws s3 ls s3://axelar-releases/axelard/"$SEMVER" && echo "tag already exists, use a new one" && exit 1
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: '0'
ref: ${{ github.event.inputs.tag }}
submodules: recursive
- name: Setup Golang with cache
uses: magnetikonline/action-golang-cache@v2
with:
go-version: ${{ matrix.go-version }}
- name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v4
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
- name: Build and sign binaries
env:
ARCH: ${{ matrix.arch }}
OS_TYPE: ${{ matrix.os }}
SEMVER: ${{ github.event.inputs.tag }}
WASM: ${{ github.event.inputs.wasm }}
IBC_WASM_HOOKS: ${{ github.event.inputs.ibc-wasm-hooks }}
run: |
OS=$(echo "$OS_TYPE" | sed -e 's/ubuntu-22.04/linux/; s/macos-latest/darwin/')
make ARCH="$ARCH" build-binaries-multiarch
mv ./bin/axelard ./bin/axelard-"$OS"-"$ARCH"-"$SEMVER"
gpg --armor --detach-sign ./bin/axelard-"$OS"-"$ARCH"-"$SEMVER"
- name: Check architecture
env:
SEMVER: ${{ github.event.inputs.tag }}
run: |
if [ "$RUNNER_OS" == "Linux" ]
then
OS="linux"
else
OS="darwin"
fi
ARCH="${{ matrix.arch }}"
file ./bin/axelard-"$OS"-"$ARCH"-"$SEMVER"
- name: Check ledger support
if: matrix.arch == 'amd64'
env:
SEMVER: ${{ github.event.inputs.tag }}
run: |
if [ "$RUNNER_OS" == "Linux" ]
then
OS="linux"
else
OS="darwin"
fi
ARCH="${{ matrix.arch }}"
./bin/axelard-"$OS"-"$ARCH"-"$SEMVER" version --long 2>&1 | grep "build_tags: ledger"
- name: Create zip and sha256 files
working-directory: ./bin
run: |
for i in `ls | grep -v .asc`
do
shasum -a 256 $i | awk '{print $1}' > $i.sha256
zip $i.zip $i
shasum -a 256 $i.zip | awk '{print $1}' > $i.zip.sha256
done
- name: Upload binaries to release
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: ./bin/*
tag: ${{ github.event.inputs.tag }}
overwrite: true
file_glob: true
- name: Upload binaries to S3
env:
S3_PATH: s3://axelar-releases/axelard/${{ github.event.inputs.tag }}
run: |
aws s3 cp ./bin ${S3_PATH}/ --recursive
- name: Upload binaries to Cloudflare R2
uses: ryand56/r2-upload-action@latest
with:
r2-account-id: ${{ secrets.R2_ACCOUNT_ID }}
r2-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CF }}
r2-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CF }}
r2-bucket: ${{ secrets.R2_BUCKET }}
source-dir: ./bin
destination-dir: ./releases/axelard/
release-docker:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-22.04]
platform: [linux/amd64]
permissions:
contents: write
packages: write
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: '0'
ref: ${{ github.event.inputs.tag }}
submodules: recursive
- name: Set up ssh agent
uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.CICD_RSA_KEY }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
with:
config: .github/buildkit-config.toml
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
- name: Build and push docker images
run: |
make build-push-docker-images
env:
PLATFORM: ${{ matrix.platform }}
SEMVER: ${{ github.event.inputs.tag }}
WASM: ${{ github.event.inputs.wasm }}
IBC_WASM_HOOKS: ${{ github.event.inputs.ibc-wasm-hooks }}
combine-sign:
needs: release-docker
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-22.04]
permissions:
contents: write
packages: write
id-token: write
steps:
- name: Install Cosign
uses: sigstore/[email protected]
with:
cosign-release: 'v2.2.2'
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
- name: Create multiarch manifest
run: |
docker buildx imagetools create -t axelarnet/axelar-core:${SEMVER} \
axelarnet/axelar-core-linux-amd64:${SEMVER}
env:
SEMVER: ${{ github.event.inputs.tag }}
- name: Sign the images with GitHub OIDC
run: cosign sign -y --oidc-issuer https://token.actions.githubusercontent.com ${TAGS}
env:
TAGS: axelarnet/axelar-core:${{ github.event.inputs.tag }}
COSIGN_EXPERIMENTAL: 1