Skip to content

feat: impersonating sender of requests to a local PocketIC instance #5447

feat: impersonating sender of requests to a local PocketIC instance

feat: impersonating sender of requests to a local PocketIC instance #5447

Workflow file for this run

name: Publish
# We have to use gtar on macOS because apple's tar is literally broken.
# Yes, I know how stupid that sounds. But it's true:
# https://github.com/actions/virtual-environments/issues/2619
on:
push:
tags:
- '[0-9]+.[0-9]+.[0-9]+'
- '[0-9]+.[0-9]+.[0-9]+-[A-Za-z]+.[0-9]+'
pull_request:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
# When getting Rust dependencies, retry on network error:
CARGO_NET_RETRY: 10
# Use the local .curlrc
CURL_HOME: .
jobs:
build_dfx:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
# We build a dynamic-linked linux binary because otherwise HSM support fails with:
# Error: IO: Dynamic loading not supported
target: [ x86_64-apple-darwin, x86_64-unknown-linux-gnu ]
include:
- os: macos-13-large
target: x86_64-apple-darwin
binary_path: target/x86_64-apple-darwin/release
name: x86_64-darwin
tar: gtar
- os: ubuntu-20.04
target: x86_64-unknown-linux-gnu
binary_path: target/x86_64-unknown-linux-gnu/release
name: x86_64-linux
tar: tar
steps:
- uses: actions/checkout@v4
- name: Setup environment variables
run: |
echo "RUSTFLAGS=--remap-path-prefix=${GITHUB_WORKSPACE}=/builds/dfinity" >> $GITHUB_ENV
# GITHUB_REF_NAME will be something link 2353/merge for branch builds, which isn't great as a dfx version
- name: Set dfx version (tag builds only)
if: github.ref_type == 'tag'
run: |
echo "DFX_VERSION=$GITHUB_REF_NAME" >> $GITHUB_ENV
echo "TARBALL_1_FILENAME=dfx-$GITHUB_REF_NAME-${{ matrix.name }}.tar.gz" >> $GITHUB_ENV
echo "SHA256_1_FILENAME=dfx-$GITHUB_REF_NAME-${{ matrix.name }}.tar.gz.sha256" >> $GITHUB_ENV
echo "TARBALL_2_FILENAME=dfx-${{ matrix.target }}.tar.gz" >> $GITHUB_ENV
echo "SHA256_2_FILENAME=dfx-${{ matrix.target }}.tar.gz.sha256" >> $GITHUB_ENV
- name: Cache Cargo
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}-${{ hashFiles('rust-toolchain.toml') }}-publish-1
- name: Build
run: |
cargo clean --target ${{ matrix.target }} --release
cargo build --target ${{ matrix.target }} --locked --release
- name: Check dynamically-linked libraries (macos)
run: |
ACTUAL="$(otool -L ${{ matrix.binary_path }}/dfx | awk 'NR > 1{ print $1 }' | grep -v /System/Library/Frameworks | sort | awk -v d=" " '{s=(NR==1?s:s d)$0}END{printf "%s",s}')"
EXPECTED="/usr/lib/libSystem.B.dylib /usr/lib/libc++.1.dylib /usr/lib/libiconv.2.dylib"
echo "Dynamically-linked libraries:"
echo " Actual: $ACTUAL"
echo " Expected: $EXPECTED"
if [ "$ACTUAL" != "$EXPECTED" ]; then
exit 1
fi
if: contains(matrix.os, 'macos')
- name: Check dynamically-linked libraries (ubuntu)
run: |
ACTUAL="$(ldd ${{ matrix.binary_path }}/dfx | awk '{ print $1 }' | sort | awk -v d=" " '{s=(NR==1?s:s d)$0}END{printf "%s",s}')"
EXPECTED="/lib64/ld-linux-x86-64.so.2 libc.so.6 libdl.so.2 libgcc_s.so.1 libm.so.6 libpthread.so.0 libstdc++.so.6 linux-vdso.so.1"
echo "Dynamically-linked libraries:"
echo " Actual: $ACTUAL"
echo " Expected: $EXPECTED"
if [ "$ACTUAL" != "$EXPECTED" ]; then
exit 1
fi
if: contains(matrix.os, 'ubuntu')
- name: Strip binaries
run: |
cd ${{ matrix.binary_path }}
sudo chown -R $(whoami) .
strip dfx
if: contains(matrix.os, 'ubuntu')
- name: Create tarball of binaries and sha256 of tarball
if: github.ref_type == 'tag'
run: |
mkdir dfx-${{ matrix.target }}
cp ${{ matrix.binary_path }}/dfx dfx-${{ matrix.target }}
cp LICENSE dfx-${{ matrix.target }}
${{ matrix.tar }} -zc -f ${{ env.TARBALL_2_FILENAME }} dfx-${{ matrix.target }}
shasum -a 256 ${{ env.TARBALL_2_FILENAME }} > ${{ env.SHA256_2_FILENAME }}
shasum -c ${{ env.SHA256_2_FILENAME }}
${{ matrix.tar }} -zcC ${{ matrix.binary_path }} -f ${{ env.TARBALL_1_FILENAME }} dfx
shasum -a 256 ${{ env.TARBALL_1_FILENAME }} > $SHA256_1_FILENAME
shasum -c $SHA256_1_FILENAME
- name: Upload Artifacts
if: github.ref_type == 'tag'
uses: actions/upload-artifact@v4
with:
name: dfx-artifacts-${{ hashFiles('rust-toolchain.toml') }}-${{ matrix.name }}
path: |
${{ env.TARBALL_1_FILENAME }}
${{ env.SHA256_1_FILENAME }}
${{ env.TARBALL_2_FILENAME }}
${{ env.SHA256_2_FILENAME }}
aggregate:
name: publishable:required
if: ${{ always() }}
needs: [build_dfx]
runs-on: ubuntu-latest
steps:
- name: check build result
if: ${{ needs.build_dfx.result != 'success' }}
run: exit 1
publish:
runs-on: ubuntu-latest
if: github.ref_type == 'tag'
needs: build_dfx
strategy:
fail-fast: false
matrix:
name: [ 'x86_64-darwin', 'x86_64-linux' ]
steps:
- uses: actions/checkout@v4
- name: Setup environment variables
run: echo "VERSION=$GITHUB_REF_NAME" >> $GITHUB_ENV
- name: Download Artifacts
uses: actions/download-artifact@v4
with:
name: dfx-artifacts-${{ hashFiles('rust-toolchain.toml') }}-${{ matrix.name }}
- name: Upload tarball and sha256
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: dfx-*.tar.*
file_glob: true
tag: ${{ env.VERSION }}
prerelease: true
make_latest: false