Skip to content

Release Platform

Release Platform #983

Workflow file for this run

name: Release Platform
on:
release:
types:
- published
workflow_dispatch:
inputs:
tag:
description: "Version (i.e. v0.22.3-pre.2)"
required: true
only_drive:
type: boolean
description: Only build Drive image
default: false
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
release-npm:
name: Release NPM packages
runs-on: ubuntu-24.04
timeout-minutes: 15
if: github.event_name != 'workflow_dispatch'
steps:
- name: Check out repo
uses: actions/checkout@v4
- name: Check package version matches tag
uses: geritol/[email protected]
env:
TAG_PREFIX: v
- uses: softwareforgood/check-artifact-v4-existence@v0
id: check-artifact
with:
name: js-build-${{ github.sha }}
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
if: ${{ steps.check-artifact.outputs.exists != 'true' }}
- name: Setup Rust
uses: ./.github/actions/rust
with:
target: wasm32-unknown-unknown
if: ${{ steps.check-artifact.outputs.exists != 'true' }}
- name: Setup sccache
uses: ./.github/actions/sccache
with:
bucket: ${{ vars.CACHE_S3_BUCKET }}
region: ${{ vars.AWS_REGION }}
endpoint: ${{ vars.CACHE_S3_ENDPOINT }}
access_key_id: ${{ secrets.CACHE_KEY_ID }}
secret_access_key: ${{ secrets.CACHE_SECRET_KEY }}
if: ${{ steps.check-artifact.outputs.exists != 'true' }}
- name: Setup Node.JS
uses: ./.github/actions/nodejs
- name: Install Cargo binstall
uses: cargo-bins/[email protected]
if: ${{ steps.check-artifact.outputs.exists != 'true' }}
- name: Install wasm-bindgen-cli
run: cargo binstall [email protected]
if: ${{ steps.check-artifact.outputs.exists != 'true' }}
- name: Build packages
run: yarn build
env:
CARGO_BUILD_PROFILE: release
if: ${{ steps.check-artifact.outputs.exists != 'true' }}
- name: Set suffix
uses: actions/github-script@v6
id: suffix
with:
result-encoding: string
script: |
const fullTag = "${{ inputs.tag }}" || context.payload.release.tag_name;
if (fullTag.includes('-')) {
const [, fullSuffix] = fullTag.split('-');
const [suffix] = fullSuffix.split('.');
return suffix;
} else {
return '';
}
- name: Set NPM release tag
uses: actions/github-script@v6
id: tag
with:
result-encoding: string
script: |
const tag = "${{ inputs.tag }}" || context.payload.release.tag_name;
const [, major, minor] = tag.match(/^v([0-9]+)\.([0-9]+)/);
return (tag.includes('-') ? `${major}.${minor}-${{steps.suffix.outputs.result}}` : 'latest');
- name: Show NPM release tag
run: |
echo "NPM suffix: ${{ steps.suffix.outputs.result }}"
echo "NPM release tag: ${{ steps.tag.outputs.result }}"
- name: Configure NPM auth token
run: yarn config set npmAuthToken ${{ secrets.NPM_TOKEN }}
- name: Publish NPM packages
run: yarn workspaces foreach --all --no-private --parallel npm publish --tolerate-republish --access public --tag ${{ steps.tag.outputs.result }}
- name: Ignore only already cached artifacts
run: |
find . -name '.gitignore' -exec rm -f {} +
echo ".yarn" >> .gitignore
echo "target" >> .gitignore
echo "node_modules" >> .gitignore
echo ".nyc_output" >> .gitignore
echo ".idea" >> .gitignore
echo ".ultra.cache.json" >> .gitignore
echo "db/*" >> .gitignore
if: ${{ steps.check-artifact.outputs.exists != 'true' }}
- name: Get modified files
id: diff
run: |
echo "files<<EOF" >> $GITHUB_OUTPUT
git ls-files --others --exclude-standard >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
if: ${{ steps.check-artifact.outputs.exists != 'true' }}
- name: Upload the archive of built files
uses: actions/upload-artifact@v4
with:
name: js-build-${{ github.sha }}
path: ${{ steps.diff.outputs.files }}
retention-days: 1
if-no-files-found: error
include-hidden-files: true
if: ${{ steps.check-artifact.outputs.exists != 'true' }}
release-drive-image:
name: Release Drive image
secrets: inherit
uses: ./.github/workflows/release-docker-image.yml
with:
name: Drive
image_org: dashpay
image_name: drive
target: drive-abci
tag: ${{ inputs.tag || github.event.release.tag_name }}
release-drive-image-debug:
name: Release Drive debug image
secrets: inherit
uses: ./.github/workflows/release-docker-image.yml
with:
name: Drive
image_org: dashpay
image_name: drive
target: drive-abci
cargo_profile: dev
tag: ${{ inputs.tag || github.event.release.tag_name }}-debug
release-dapi-image:
name: Release DAPI image
if: ${{ !inputs.only_drive }}
secrets: inherit
uses: ./.github/workflows/release-docker-image.yml
with:
name: DAPI
image_org: dashpay
image_name: dapi
target: dapi
tag: ${{ inputs.tag || github.event.release.tag_name }}
release-test-suite-image:
name: Release Test Suite image
if: ${{ !inputs.only_drive }}
secrets: inherit
uses: ./.github/workflows/release-docker-image.yml
with:
name: Test Suite
image_org: dashpay
image_name: platform-test-suite
target: test-suite
tag: ${{ inputs.tag || github.event.release.tag_name }}
release-dashmate-helper-image:
name: Release Dashmate Helper image
secrets: inherit
if: ${{ !inputs.only_drive }}
uses: ./.github/workflows/release-docker-image.yml
with:
name: Dashmate Helper
image_org: dashpay
image_name: dashmate-helper
target: dashmate-helper
tag: ${{ inputs.tag || github.event.release.tag_name }}
release-dashmate-packages:
name: Release Dashmate packages
runs-on: ${{ matrix.os }}
if: ${{ !inputs.only_drive }}
needs: release-npm
permissions:
id-token: write # s3 cache
contents: write # update release artifacts
strategy:
fail-fast: false
matrix:
include:
- package_type: tarballs
os: ubuntu-24.04
- package_type: win
os: ubuntu-24.04
- package_type: deb
os: ubuntu-24.04
- package_type: macos
os: macos-14
steps:
- name: Check out repo
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Download JS build artifacts
uses: actions/download-artifact@v4
with:
name: js-build-${{ github.sha }}
path: packages
- name: Install macOS build deps
if: runner.os == 'macOS'
run: |
brew install llvm coreutils
- name: Set up Docker for macOS
if: runner.os == 'macOS'
uses: docker-practice/actions-setup-docker@master
- name: Install the Apple certificate
if: runner.os == 'macOS'
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.MACOS_BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.MACOS_P12_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.MACOS_KEYCHAIN_PASSWORD }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
- name: Install Linux build deps
if: runner.os == 'Linux'
run: sudo apt-get install -y nsis
- name: Setup Node.JS
uses: ./.github/actions/nodejs
- name: Create package
env:
OSX_KEYCHAIN: ${{ runner.temp }}/app-signing.keychain-db
run: "${GITHUB_WORKSPACE}/scripts/pack_dashmate.sh ${{ matrix.package_type }}"
- name: Upload artifacts to action summary
uses: actions/upload-artifact@v4
if: github.event_name != 'release'
with:
name: dashmate
path: packages/dashmate/dist/**
- name: Notarize MacOS Release Build
if: runner.os == 'macOS'
run: |
find packages/dashmate/dist/ -name '*.pkg' -exec sh -c 'xcrun notarytool submit "{}" --apple-id "${{ secrets.MACOS_APPLE_ID }}" --team-id "${{ secrets.MACOS_TEAM_ID }}" --password "${{ secrets.MACOS_NOTARIZING_PASSWORD }}" --wait;' \;
- name: Upload artifacts to release
uses: softprops/[email protected]
if: github.event_name == 'release'
with:
files: packages/dashmate/dist/**