Build Matrix of Binaries #706
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Matrix of Binaries | |
| on: | |
| push: | |
| tags: | |
| - "v[0-9]+.[0-9]+.[0-9]+" | |
| branches: | |
| - build-* | |
| schedule: | |
| - cron: "05 00 * * *" | |
| workflow_dispatch: | |
| inputs: | |
| customTag: | |
| description: "Development Tag" | |
| required: true | |
| default: "development-tag" | |
| env: | |
| TBN_FILENAME: "tari_suite" | |
| TBN_BUNDLEID_BASE: "com.tarilabs.pkg" | |
| jobs: | |
| builds: | |
| name: Build and upload Binaries | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-18.04, macos-10.15, windows-2019] | |
| # https://gcc.gnu.org/onlinedocs/gcc/x86-Options.html | |
| target_cpu: ["x86-64"] | |
| # https://github.com/zkcrypto/curve25519-dalek-ng/pull/14 | |
| # target_cpu: ["haswell"] | |
| # exclude: | |
| # - os: "macos-10.15" | |
| # target_cpu: "haswell" | |
| # include: | |
| # - os: "macos-10.15" | |
| # target_cpu: "x86-64" | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Checkout source code | |
| uses: actions/checkout@v2 | |
| - name: Declare Global Variables 4 GHA ${{ github.event_name }} | |
| id: vars | |
| shell: bash | |
| run: | | |
| echo "VBRANCH=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV | |
| echo "VSHA_SHORT=$(git rev-parse --short HEAD)" >> $GITHUB_ENV | |
| echo "CARGO_HTTP_MULTIPLEXING=false" >> $GITHUB_ENV | |
| - name: Default Destination Folder | |
| run: | | |
| echo "S3DESTOVERRIDE=" >> $GITHUB_ENV | |
| - name: Scheduled Destination Folder Override | |
| if: ${{ github.event_name == 'schedule' && github.event.schedule == '05 00 01 * *' }} | |
| run: | | |
| echo "S3DESTOVERRIDE=daily/" >> $GITHUB_ENV | |
| - name: Setup Rust toolchain | |
| uses: actions-rs/toolchain@v1 | |
| with: | |
| toolchain: nightly-2021-11-20 | |
| components: rustfmt | |
| override: true | |
| - name: Install Linux dependencies - Ubuntu | |
| if: startsWith(runner.os,'Linux') | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get -y install \ | |
| openssl \ | |
| libssl-dev \ | |
| pkg-config \ | |
| libsqlite3-dev \ | |
| clang-10 \ | |
| git \ | |
| cmake \ | |
| libc++-dev \ | |
| libc++abi-dev \ | |
| libprotobuf-dev \ | |
| protobuf-compiler \ | |
| libncurses5-dev \ | |
| libncursesw5-dev \ | |
| zip \ | |
| build-essential \ | |
| libgtk-3-dev \ | |
| libwebkit2gtk-4.0-dev \ | |
| libsoup2.4-dev \ | |
| curl \ | |
| wget \ | |
| libappindicator3-dev \ | |
| patchelf \ | |
| librsvg2-dev | |
| - name: Install macOS dependencies | |
| if: startsWith(runner.os,'macOS') | |
| run: brew install cmake zip coreutils automake autoconf | |
| - name: Install Windows dependencies | |
| if: startsWith(runner.os,'Windows') | |
| run: | | |
| vcpkg.exe install sqlite3:x64-windows zlib:x64-windows | |
| choco upgrade llvm zip psutils openssl strawberryperl -y | |
| - name: Set environment variables - Nix | |
| if: "!startsWith(runner.os,'Windows')" | |
| run: | | |
| echo "SHARUN=shasum --algorithm 256" >> $GITHUB_ENV | |
| echo "CC=gcc" >> $GITHUB_ENV | |
| echo "TBN_EXT=" >> $GITHUB_ENV | |
| echo "LIB_PRE=lib" >> $GITHUB_ENV | |
| echo "SHELL_EXT=.sh" >> $GITHUB_ENV | |
| echo "PLATFORM_SPECIFIC_DIR=linux" >> $GITHUB_ENV | |
| echo "TBN_DIST=/dist" >> $GITHUB_ENV | |
| - name: Set environment variables - macOS | |
| if: startsWith(runner.os,'macOS') | |
| run: | | |
| echo "PLATFORM_SPECIFIC_DIR=osx" >> $GITHUB_ENV | |
| echo "LIB_EXT=.dylib" >> $GITHUB_ENV | |
| - name: Set environment variables - Ubuntu | |
| if: startsWith(runner.os,'Linux') | |
| run: | | |
| echo "LIB_EXT=.so" >> $GITHUB_ENV | |
| - name: Set environment variables - Windows | |
| if: startsWith(runner.os,'Windows') | |
| shell: bash | |
| run: | | |
| echo "SHARUN=pwsh C:\ProgramData\chocolatey\lib\psutils\tools\psutils-master\shasum.ps1 --algorithm 256" >> $GITHUB_ENV | |
| echo "TBN_EXT=.exe" >> $GITHUB_ENV | |
| echo "LIB_EXT=.dll" >> $GITHUB_ENV | |
| echo "LIB_PRE=" >> $GITHUB_ENV | |
| echo "SHELL_EXT=.bat" >> $GITHUB_ENV | |
| echo "TBN_DIST=\dist" >> $GITHUB_ENV | |
| echo "PLATFORM_SPECIFIC_DIR=windows" >> $GITHUB_ENV | |
| echo "SQLITE3_LIB_DIR=C:\vcpkg\installed\x64-windows\lib" >> $GITHUB_ENV | |
| echo "OPENSSL_DIR=C:\Program Files\OpenSSL-Win64" >> $GITHUB_ENV | |
| echo "LIBCLANG_PATH=C:\Program Files\LLVM\bin" >> $GITHUB_ENV | |
| echo "C:\Strawberry\perl\bin" >> $GITHUB_PATH | |
| - name: Cache cargo files and outputs | |
| uses: Swatinem/rust-cache@v1 | |
| - name: Compile launchpad GUI | |
| run: | | |
| cd applications/launchpad/gui-vue | |
| npm install | |
| npm run build | |
| - name: Compile collectibles GUI | |
| run: | | |
| cd applications/tari_collectibles/web-app | |
| npm install | |
| npm run build | |
| - name: Info - Pre-Compile Space Check for Nix | |
| if: "!startsWith(runner.os,'Windows')" | |
| shell: bash | |
| run: | | |
| df -h | |
| - name: Build rust binaries | |
| env: | |
| RUSTFLAGS: "-C target_cpu=${{ matrix.target_cpu }}" | |
| ROARING_ARCH: "${{ matrix.target_cpu }}" | |
| run: | | |
| cargo build --release | |
| - name: Info - Post-Compile Space Check for Nix | |
| if: "!startsWith(runner.os,'Windows')" | |
| shell: bash | |
| run: | | |
| df -h | |
| - name: Copy binaries to folder for zipping | |
| shell: bash | |
| run: | | |
| mkdir -p "$GITHUB_WORKSPACE${TBN_DIST}" | |
| cd "$GITHUB_WORKSPACE${TBN_DIST}" | |
| VERSION=$(awk -F ' = ' '$1 ~ /version/ { gsub(/[\"]/, "", $2); printf("%s",$2) }' "$GITHUB_WORKSPACE/applications/tari_base_node/Cargo.toml") | |
| echo "Branch: ${VBRANCH}" | |
| echo "Sha: ${VSHA_SHORT}" | |
| echo "VERSION=${VERSION}" >> $GITHUB_ENV | |
| echo "VSHA_SHORT=${VSHA_SHORT}" >> $GITHUB_ENV | |
| BINFILE="${TBN_FILENAME}-${VERSION}-${VSHA_SHORT}-${{ matrix.os }}-${{ matrix.target_cpu }}${TBN_EXT}" | |
| echo "BINFILE=${BINFILE}" >> $GITHUB_ENV | |
| echo "Copying files for ${BINFILE} to $(pwd)" | |
| ls -la "$GITHUB_WORKSPACE/target/release/" | |
| cp -v "$GITHUB_WORKSPACE/target/release/tari_base_node${TBN_EXT}" . | |
| cp -v "$GITHUB_WORKSPACE/target/release/tari_console_wallet${TBN_EXT}" . | |
| cp -v "$GITHUB_WORKSPACE/target/release/tari_merge_mining_proxy${TBN_EXT}" . | |
| cp -v "$GITHUB_WORKSPACE/target/release/tari_miner${TBN_EXT}" . | |
| cp -v "$GITHUB_WORKSPACE/target/release/tari_validator_node${TBN_EXT}" . | |
| cp -v "$GITHUB_WORKSPACE/target/release/tari_collectibles${TBN_EXT}" . | |
| cp -v "$GITHUB_WORKSPACE/target/release/tari_launchpad${TBN_EXT}" . | |
| cp -v "$GITHUB_WORKSPACE/target/release/${LIB_PRE}tari_mining_helper_ffi${LIB_EXT}" . | |
| cp -v "$GITHUB_WORKSPACE/applications/tari_base_node/${PLATFORM_SPECIFIC_DIR}/runtime/start_tor${SHELL_EXT}" . | |
| - name: Build the macOS pkg | |
| if: startsWith(runner.os,'macOS') | |
| continue-on-error: true | |
| env: | |
| MACOS_KEYCHAIN_PASS: ${{ secrets.MACOS_KEYCHAIN_PASS }} | |
| MACOS_APPLICATION_ID: ${{ secrets.MACOS_APPLICATION_ID }} | |
| MACOS_APPLICATION_CERT: ${{ secrets.MACOS_APPLICATION_CERT }} | |
| MACOS_APPLICATION_PASS: ${{ secrets.MACOS_APPLICATION_PASS }} | |
| MACOS_INSTALLER_ID: ${{ secrets.MACOS_INSTALLER_ID }} | |
| MACOS_INSTALLER_CERT: ${{ secrets.MACOS_INSTALLER_CERT }} | |
| MACOS_INSTALLER_PASS: ${{ secrets.MACOS_INSTALLER_PASS }} | |
| MACOS_NOTARIZE_USERNAME: ${{ secrets.MACOS_NOTARIZE_USERNAME }} | |
| MACOS_NOTARIZE_PASSWORD: ${{ secrets.MACOS_NOTARIZE_PASSWORD }} | |
| MACOS_ASC_PROVIDER: ${{ secrets.MACOS_ASC_PROVIDER }} | |
| run: | | |
| echo $MACOS_APPLICATION_CERT | base64 --decode > application.p12 | |
| echo $MACOS_INSTALLER_CERT | base64 --decode > installer.p12 | |
| security create-keychain -p $MACOS_KEYCHAIN_PASS build.keychain | |
| security default-keychain -s build.keychain | |
| security unlock-keychain -p $MACOS_KEYCHAIN_PASS build.keychain | |
| security import application.p12 -k build.keychain -P $MACOS_APPLICATION_PASS -T /usr/bin/codesign | |
| security import installer.p12 -k build.keychain -P $MACOS_INSTALLER_PASS -T /usr/bin/pkgbuild | |
| security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $MACOS_KEYCHAIN_PASS build.keychain | |
| cd buildtools | |
| ./create_osx_install_zip.sh unused nozip | |
| FILES=( | |
| "tari_base_node" | |
| "tari_console_wallet" | |
| "tari_miner" | |
| "tari_merge_mining_proxy" | |
| "tari_validator_node" | |
| "tari_collectibles" | |
| "tari_launchpad" | |
| ) | |
| for FILE in "${FILES[@]}"; do | |
| codesign --options runtime --force --verify --verbose --timestamp --sign "Developer ID Application: $MACOS_APPLICATION_ID" "/tmp/tari_testnet/runtime/$FILE" | |
| codesign --verify --deep --display --verbose=4 "/tmp/tari_testnet/runtime/$FILE" | |
| cp -vf "/tmp/tari_testnet/runtime/$FILE" "$GITHUB_WORKSPACE${{ env.TBN_DIST }}" | |
| done | |
| distDirPKG=$(mktemp -d -t ${{ env.TBN_FILENAME }}) | |
| echo "${distDirPKG}" | |
| echo "distDirPKG=${distDirPKG}" >> $GITHUB_ENV | |
| TBN_Temp=${{ env.TBN_FILENAME }} | |
| TBN_BUNDLEID_VALID_NAME=$(echo "${TBN_Temp//_/-}") | |
| pkgbuild --root /tmp/tari_testnet \ | |
| --identifier "${{ env.TBN_BUNDLEID_BASE }}.$TBN_BUNDLEID_VALID_NAME" \ | |
| --version "$VERSION" \ | |
| --install-location "/tmp/tari" \ | |
| --scripts "/tmp/tari_testnet/scripts" \ | |
| --sign "Developer ID Installer: $MACOS_INSTALLER_ID" \ | |
| "${distDirPKG}/${{ env.TBN_FILENAME }}-${{ env.VERSION }}.pkg" | |
| echo -e "Submitting to Apple...\n\n" | |
| xcrun altool --notarize-app \ | |
| --primary-bundle-id "${{ env.TBN_BUNDLEID_BASE }}.$TBN_BUNDLEID_VALID_NAME" \ | |
| --username "$MACOS_NOTARIZE_USERNAME" --password "$MACOS_NOTARIZE_PASSWORD" \ | |
| --asc-provider "$MACOS_ASC_PROVIDER" \ | |
| --file "${distDirPKG}/${{ env.TBN_FILENAME }}-${{ env.VERSION }}.pkg" &> notarisation.result | |
| requestUUID=`grep RequestUUID notarisation.result | cut -d" " -f 3` | |
| echo $requestUUID | |
| if [[ $requestUUID == "" ]]; then | |
| echo "could not upload for notarization" | |
| exit 1 | |
| else | |
| echo "Notarization RequestUUID: $requestUUID" | |
| fi | |
| echo -e "\n\nChecking result of notarisation..." | |
| request_status="in progress" | |
| while [[ "$request_status" == "in progress" ]]; do | |
| echo -n "waiting... " | |
| sleep 10 | |
| request_status=$(xcrun altool --notarization-info $requestUUID --username "$MACOS_NOTARIZE_USERNAME" --password "$MACOS_NOTARIZE_PASSWORD" 2>&1) | |
| echo "$request_status" | |
| request_status=$(echo "$request_status" | awk -F ': ' '/Status:/ { print $2; }' ) | |
| echo "$request_status" | |
| done | |
| echo "$request_status" | |
| if [[ $request_status != "success" ]]; then | |
| echo "## could not notarize - $request_status - ${{ env.TBN_FILENAME }}-${{ env.VERSION }}.pkg" | |
| exit 1 | |
| else | |
| echo -e "\nStapling package...${{ env.TBN_FILENAME }}-${{ env.VERSION }}.pkg\n" | |
| xcrun stapler staple -v "${distDirPKG}/${{ env.TBN_FILENAME }}-${{ env.VERSION }}.pkg" | |
| fi | |
| - name: Artifact upload for macOS pkg | |
| if: startsWith(runner.os,'macOS') | |
| continue-on-error: true | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: ${{ env.TBN_FILENAME }}-${{ env.VERSION }}.pkg | |
| path: "${{ env.distDirPKG }}/${{ env.TBN_FILENAME }}-${{ env.VERSION }}*.pkg" | |
| # unlike inno script studio, iscc.exe doesn't run the [precompile] step generate_config.bat | |
| - name: Build the Windows installer | |
| shell: cmd | |
| if: startsWith(runner.os,'Windows') | |
| run: | | |
| cd buildtools | |
| call generate_config.bat | |
| "%programfiles(x86)%\Inno Setup 6\iscc.exe" "/DMyAppVersion=${{ env.VERSION }}-${{ env.VSHA_SHORT }}-release" "windows_inno_installer.iss" | |
| - name: Artifact upload for Windows installer | |
| uses: actions/upload-artifact@v2 | |
| if: startsWith(runner.os,'Windows') | |
| with: | |
| name: "tari_windows_installer" | |
| path: "${{ github.workspace }}/buildtools/Output/*" | |
| - name: Archive and Checksum Binaries | |
| shell: bash | |
| run: | | |
| echo "Archive ${{ env.BINFILE }} too ${{ env.BINFILE }}.zip" | |
| cd "$GITHUB_WORKSPACE${{ env.TBN_DIST }}" | |
| #zip -j "${{ env.BINFILE }}.zip" "${{ env.BINFILE }}" | |
| zip -j "${{ env.BINFILE }}.zip" * | |
| echo "Compute shasum" | |
| ${SHARUN} "${{ env.BINFILE }}.zip" >> "${{ env.BINFILE }}.zip.sha256" | |
| cat "${{ env.BINFILE }}.zip.sha256" | |
| echo "Verifications is " | |
| ${SHARUN} --check "${{ env.BINFILE }}.zip.sha256" | |
| if [ -f "${{ env.distDirPKG }}/${{ env.TBN_FILENAME }}-${{ env.VERSION }}.pkg" ]; then | |
| echo "Add PKG to $GITHUB_WORKSPACE${{ env.TBN_DIST }} " | |
| cp -v "${{ env.distDirPKG }}/${{ env.TBN_FILENAME }}-${{ env.VERSION }}.pkg" "$GITHUB_WORKSPACE${{ env.TBN_DIST }}" | |
| ${SHARUN} "${{ env.TBN_FILENAME }}-${{ env.VERSION }}.pkg" >> "${{ env.TBN_FILENAME }}-${{ env.VERSION }}.pkg.sha256" | |
| ${SHARUN} --check "${{ env.TBN_FILENAME }}-${{ env.VERSION }}.pkg.sha256" | |
| fi | |
| - name: Artifact upload for Archive | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| #name: ${{ env.TBN_FILENAME }}-${{ env.VERSION }}-${{ env.VSHA_SHORT }}-${{ matrix.os }}-${{ matrix.target_cpu }}-${{ matrix.features }} | |
| name: ${{ env.TBN_FILENAME }}_archive-${{ matrix.os }}-${{ matrix.target_cpu }} | |
| path: "${{ github.workspace }}${{ env.TBN_DIST }}/${{ env.BINFILE }}.zip*" | |
| - name: Artifact upload for Miner | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: tari_miner-${{ matrix.os }}-${{ matrix.target_cpu }} | |
| path: "${{ github.workspace }}${{ env.TBN_DIST }}/tari_miner${{ env.TBN_EXT}}" | |
| - name: Sync dist to S3 - Bash | |
| continue-on-error: true # Don't break if s3 upload fails | |
| if: ${{ env.AWS_SECRET_ACCESS_KEY != '' && matrix.os != 'self-hosted' }} | |
| shell: bash | |
| run: | | |
| echo "Starting upload ... ${{ env.SOURCE }}" | |
| if [ "$RUNNER_OS" == "Windows" ]; then | |
| echo "No ls for 'D:' on Windows" | |
| else | |
| ls -al ${{ env.SOURCE }} | |
| fi | |
| aws s3 ${{ env.S3CMD }} --region ${{ secrets.AWS_REGION }} \ | |
| "${{ env.SOURCE }}" \ | |
| s3://${{ secrets.AWS_S3_BUCKET }}/${{ env.DEST_DIR }} \ | |
| ${{ env.S3OPTIONS }} | |
| echo "Done - $?" | |
| exit 0 | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| SOURCE: "${{ github.workspace }}${{ env.TBN_DIST }}" | |
| DEST_DIR: "${{ env.S3DESTOVERRIDE }}${{ env.PLATFORM_SPECIFIC_DIR }}/" | |
| S3CMD: "cp" | |
| S3OPTIONS: '--recursive --exclude "*" --include "*.zip*" --include "*.pkg*"' | |
| # S3OPTIONS: '--recursive --exclude "*" --include "*.zip*"' | |
| # S3OPTIONS: '--acl public-read' | |
| - name: Copy tags to latest s3 - Bash | |
| continue-on-error: true # Don't break if s3 upload fails | |
| if: ${{ env.AWS_SECRET_ACCESS_KEY != '' && matrix.os != 'self-hosted' && startsWith(github.ref, 'refs/tags/v') }} | |
| shell: bash | |
| run: | | |
| echo "Starting upload ... ${{ env.SOURCE }}" | |
| if [ "$RUNNER_OS" == "Windows" ]; then | |
| echo "No ls for 'D:' on Windows" | |
| else | |
| ls -al ${{ env.SOURCE }} | |
| fi | |
| aws s3 ${{ env.S3CMD }} --region ${{ secrets.AWS_REGION }} \ | |
| "${{ env.SOURCE }}" \ | |
| s3://${{ secrets.AWS_S3_BUCKET }}/current/${{ env.DEST_DIR }} \ | |
| ${{ env.S3OPTIONS }} | |
| aws s3 rm --region ${{ secrets.AWS_REGION }} \ | |
| s3://${{ secrets.AWS_S3_BUCKET }}/latest/${{ env.DEST_DIR }}/* | |
| aws s3 ${{ env.S3CMD }} --region ${{ secrets.AWS_REGION }} \ | |
| "${{ env.SOURCE }}" \ | |
| s3://${{ secrets.AWS_S3_BUCKET }}/latest/${{ env.DEST_DIR }} \ | |
| ${{ env.S3OPTIONS }} | |
| echo "Done - $?" | |
| exit 0 | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| SOURCE: "${{ github.workspace }}${{ env.TBN_DIST }}" | |
| DEST_DIR: "${{ env.S3DESTOVERRIDE }}${{ env.PLATFORM_SPECIFIC_DIR }}/" | |
| S3CMD: "cp" | |
| S3OPTIONS: '--recursive --exclude "*" --include "*.zip*" --include "*.pkg*"' | |
| # S3OPTIONS: '--acl public-read' | |
| create-release: | |
| runs-on: ubuntu-latest | |
| needs: builds | |
| if: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
| steps: | |
| - name: Download binaries | |
| uses: actions/download-artifact@v2 | |
| - name: Create release | |
| uses: ncipollo/release-action@v1 | |
| with: | |
| artifacts: "tari_*/**/*" | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| prerelease: true | |
| draft: true |