Release - Build node release candidate #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release - Build node release candidate | |
on: | |
workflow_dispatch: | |
inputs: | |
binary: | |
description: Binary to be build for the release | |
default: all | |
type: choice | |
options: | |
- polkadot | |
- polkadot-parachain | |
- all | |
release_tag: | |
description: Tag matching the actual release candidate with the format stableYYMM-rcX or stableYYMM | |
type: string | |
jobs: | |
check-synchronization: | |
uses: paritytech-release/sync-workflows/.github/workflows/check-syncronization.yml@main | |
validate-inputs: | |
needs: [check-synchronization] | |
if: ${{ needs.check-synchronization.outputs.checks_passed }} == 'true' | |
runs-on: ubuntu-latest | |
outputs: | |
release_tag: ${{ steps.validate_inputs.outputs.release_tag }} | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
- name: Validate inputs | |
id: validate_inputs | |
run: | | |
. ./.github/scripts/common/lib.sh | |
RELEASE_TAG=$(validate_stable_tag ${{ inputs.release_tag }}) | |
echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT | |
# build-polkadot-binary: | |
# needs: [validate-inputs] | |
# if: ${{ inputs.binary == 'polkadot' || inputs.binary == 'all' }} | |
# uses: "./.github/workflows/release-reusable-rc-buid.yml" | |
# with: | |
# binary: '["polkadot", "polkadot-prepare-worker", "polkadot-execute-worker"]' | |
# package: polkadot | |
# release_tag: ${{ needs.validate-inputs.outputs.release_tag }} | |
# secrets: | |
# PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }} | |
# PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }} | |
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
# AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
# AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} | |
# AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} | |
# permissions: | |
# id-token: write | |
# attestations: write | |
# contents: read | |
# | |
# build-polkadot-parachain-binary: | |
# needs: [validate-inputs] | |
# if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'all' }} | |
# uses: "./.github/workflows/release-reusable-rc-buid.yml" | |
# with: | |
# binary: '["polkadot-parachain"]' | |
# package: "polkadot-parachain-bin" | |
# release_tag: ${{ needs.validate-inputs.outputs.release_tag }} | |
# secrets: | |
# PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }} | |
# PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }} | |
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
# AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
# AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} | |
# AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} | |
# permissions: | |
# id-token: write | |
# attestations: write | |
# contents: read | |
build-polkadot-macos-binary: | |
needs: [validate-inputs] | |
if: ${{ inputs.binary == 'polkadot' || inputs.binary == 'all' }} | |
uses: "./.github/workflows/release-reusable-rc-buid.yml" | |
with: | |
binary: '["polkadot", "polkadot-prepare-worker", "polkadot-execute-worker"]' | |
package: polkadot | |
release_tag: ${{ needs.validate-inputs.outputs.release_tag }} | |
runs_on: parity-macos | |
secrets: | |
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }} | |
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} | |
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} | |
permissions: | |
id-token: write | |
attestations: write | |
contents: read | |
build-polkadot-parachain-macos-binary: | |
needs: [validate-inputs] | |
if: ${{ inputs.binary == 'polkadot-parachain' || inputs.binary == 'all' }} | |
uses: "./.github/workflows/release-reusable-rc-buid.yml" | |
with: | |
binary: '["polkadot-parachain"]' | |
package: "polkadot-parachain-bin" | |
release_tag: ${{ needs.validate-inputs.outputs.release_tag }} | |
runs_on: parity-macos | |
secrets: | |
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }} | |
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }} | |
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }} | |
permissions: | |
id-token: write | |
attestations: write | |
contents: read |