Skip to content

Commit

Permalink
chore(nextnet): ci merge back from development (#5446)
Browse files Browse the repository at this point in the history
Description
CI merge back from development

Motivation and Context
Keep nextNet CI in sync with development
  • Loading branch information
leet4tari authored Jun 9, 2023
1 parent 7889a36 commit c41ffc7
Show file tree
Hide file tree
Showing 10 changed files with 368 additions and 234 deletions.
14 changes: 13 additions & 1 deletion .github/workflows/audit.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,26 @@
name: Security audit - daily

'on':
push:
paths:
# Run if workflow changes
- '.github/workflows/audit.yml'
# Run on changed dependencies
- '**/Cargo.toml'
- '**/Cargo.lock'
# Run if the configuration file changes
- '**/audit.toml'
# Rerun periodicly to pick up new advisories
schedule:
- cron: '43 05 * * *'
# Run manually
workflow_dispatch:

jobs:
security_audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions-rs/audit-check@v1
- uses: rustsec/audit-check@v1.4.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
94 changes: 54 additions & 40 deletions .github/workflows/base_node_binaries.yml
Original file line number Diff line number Diff line change
Expand Up @@ -90,23 +90,7 @@ jobs:
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
shell: bash
run: |
tagnet=${{github.ref_name}}
echo $tagnet
# case match is not RegEx, but wildcards/globs
case "$tagnet" in
v*-pre.*)
TARI_NETWORK=esme
TARI_NETWORK_DIR=testnet
;;
v*-rc.*)
TARI_NETWORK=nextnet
TARI_NETWORK_DIR=nextnet
;;
*)
TARI_NETWORK=mainnet
TARI_NETWORK_DIR=mainnet
;;
esac
source buildtools/multinet_envs.sh ${{github.ref_name}}
echo ${TARI_NETWORK}
echo ${TARI_NETWORK_DIR}
echo "TARI_NETWORK=${TARI_NETWORK}" >> $GITHUB_ENV
Expand All @@ -129,13 +113,11 @@ jobs:
echo "S3DESTOVERRIDE=daily/" >> $GITHUB_ENV
- name: Setup Rust toolchain
uses: actions-rs/toolchain@v1
uses: dtolnay/rust-toolchain@master
with:
profile: minimal
components: rustfmt, clippy
toolchain: ${{ matrix.builds.rust }}
target: ${{ matrix.builds.target }}
override: true
targets: ${{ matrix.builds.target }}

- name: Install Linux dependencies - Ubuntu
if: ${{ startsWith(runner.os,'Linux') && matrix.builds.name != 'linux-arm64' }}
Expand Down Expand Up @@ -189,6 +171,7 @@ jobs:
xcrun --show-sdk-path
ls -la "/Library/Developer/CommandLineTools/SDKs/"
echo "RANDOMX_RS_CMAKE_OSX_SYSROOT=/Library/Developer/CommandLineTools/SDKs/MacOSX12.1.sdk" >> $GITHUB_ENV
rustup target add ${{ matrix.builds.target }}
- name: Set environment variables - Ubuntu
if: startsWith(runner.os,'Linux')
Expand All @@ -215,14 +198,26 @@ jobs:
uses: Swatinem/rust-cache@v2

- name: Build rust binaries
uses: actions-rs/cargo@v1
env:
CARGO_UNSTABLE_SPARSE_REGISTRY: true
RUSTFLAGS: "-C target_cpu=${{ matrix.builds.target_cpu }}"
ROARING_ARCH: "${{ matrix.builds.target_cpu }}"
with:
use-cross: ${{ matrix.builds.cross }}
command: build
args: --release --target ${{ matrix.builds.target }} --features ${{ matrix.builds.features }} ${{ matrix.builds.target_bins }} ${{ matrix.builds.flags }} --locked
shell: bash
run: |
if [ "${{ matrix.builds.cross }}" != "true" ]; then
cargo build --release \
--target ${{ matrix.builds.target }} \
--features ${{ matrix.builds.features }} \
${{ matrix.builds.target_bins }} \
${{ matrix.builds.flags }} --locked
else
cargo install cross
cross build --release \
--target ${{ matrix.builds.target }} \
--features ${{ matrix.builds.features }} \
${{ matrix.builds.target_bins }} \
${{ matrix.builds.flags }} --locked
fi
- name: Copy binaries to folder for archiving
shell: bash
Expand Down Expand Up @@ -339,14 +334,21 @@ jobs:
echo -e "\nStapling package...${{ env.TBN_FILENAME }}-${{ matrix.builds.name }}-${{ env.VERSION }}.pkg\n"
xcrun stapler staple -v "${distDirPKG}/${{ env.TBN_FILENAME }}-${{ matrix.builds.name }}-${{ env.VERSION }}.pkg"
fi
cd ${distDirPKG}
echo "Compute pkg shasum"
${SHARUN} "${{ env.TBN_FILENAME }}-${{ matrix.builds.name }}-${{ env.VERSION }}.pkg" \
>> "${{ env.TBN_FILENAME }}-${{ matrix.builds.name }}-${{ env.VERSION }}.pkg.sha256"
cat "${{ env.TBN_FILENAME }}-${{ matrix.builds.name }}-${{ env.VERSION }}.pkg.sha256"
echo "Checksum verification for pkg is "
${SHARUN} --check "${{ env.TBN_FILENAME }}-${{ matrix.builds.name }}-${{ env.VERSION }}.pkg.sha256"
- name: Artifact upload for macOS pkg
if: startsWith(runner.os,'macOS')
continue-on-error: true
uses: actions/upload-artifact@v3
with:
name: ${{ env.TBN_FILENAME }}-${{ matrix.builds.name }}-${{ env.VERSION }}.pkg
path: "${{ env.distDirPKG }}/${{ env.TBN_FILENAME }}-${{ matrix.builds.name }}-${{ env.VERSION }}*.pkg"
path: "${{ env.distDirPKG }}/${{ env.TBN_FILENAME }}-${{ matrix.builds.name }}-${{ env.VERSION }}*.pkg*"

# unlike inno script studio, iscc.exe doesn't run the [precompile] step generate_config.bat
- name: Build the Windows installer
Expand All @@ -369,42 +371,44 @@ jobs:
run: |
echo "Archive ${{ env.BINFILE }} too ${{ env.BINFILE }}.zip"
cd "$GITHUB_WORKSPACE${{ env.TBN_DIST }}"
#zip -j "${{ env.BINFILE }}.zip" *
echo "Compute files shasum"
${SHARUN} * >> "${{ env.BINFILE }}.sha256"
cat "${{ env.BINFILE }}.sha256"
echo "Checksum verification for files is "
${SHARUN} --check "${{ env.BINFILE }}.sha256"
7z a "${{ env.BINFILE }}.zip" *
echo "Compute shasum"
echo "Compute archive shasum"
${SHARUN} "${{ env.BINFILE }}.zip" >> "${{ env.BINFILE }}.zip.sha256"
cat "${{ env.BINFILE }}.zip.sha256"
echo "Verifications is "
echo "Checkum verification archive is "
${SHARUN} --check "${{ env.BINFILE }}.zip.sha256"
if [ -f "${{ env.distDirPKG }}/${{ env.TBN_FILENAME }}-${{ matrix.builds.name }}-${{ env.VERSION }}.pkg" ]; then
echo "Add PKG to $GITHUB_WORKSPACE${{ env.TBN_DIST }} "
cp -v "${{ env.distDirPKG }}/${{ env.TBN_FILENAME }}-${{ matrix.builds.name }}-${{ env.VERSION }}.pkg" "$GITHUB_WORKSPACE${{ env.TBN_DIST }}"
${SHARUN} "${{ env.TBN_FILENAME }}-${{ matrix.builds.name }}-${{ env.VERSION }}.pkg" >> "${{ env.TBN_FILENAME }}-${{ matrix.builds.name }}-${{ env.VERSION }}.pkg.sha256"
${SHARUN} --check "${{ env.TBN_FILENAME }}-${{ matrix.builds.name }}-${{ env.VERSION }}.pkg.sha256"
fi
- name: Artifact upload for Archive
uses: actions/upload-artifact@v3
with:
name: ${{ env.TBN_FILENAME }}_archive-${{ matrix.builds.name }}
path: "${{ github.workspace }}${{ env.TBN_DIST }}/${{ env.BINFILE }}.zip*"

- name: Prep miner for upload
- name: Prep Miner for upload
shell: bash
run: |
cd "${{ github.workspace }}${{ env.TBN_DIST }}"
cp -v "tari_miner${{ env.TBN_EXT}}" \
"tari_miner-${{ matrix.builds.name }}${{ env.TBN_EXT}}"
echo "Compute miner shasum"
${SHARUN} "tari_miner-${{ matrix.builds.name }}${{ env.TBN_EXT}}" \
>> "tari_miner-${{ matrix.builds.name }}${{ env.TBN_EXT}}.sha256"
cat "tari_miner-${{ matrix.builds.name }}${{ env.TBN_EXT}}.sha256"
echo "Checksum verification for miner is "
${SHARUN} --check "tari_miner-${{ matrix.builds.name }}${{ env.TBN_EXT}}.sha256"
- name: Artifact upload for Miner
uses: actions/upload-artifact@v3
with:
name: tari_miner-${{ matrix.builds.name }}
path: "${{ github.workspace }}${{ env.TBN_DIST }}/tari_miner-${{ matrix.builds.name }}${{ env.TBN_EXT}}*"

- name: Prep diag-utils for upload
- name: Prep diag-utils archive for upload
continue-on-error: true
shell: bash
run: |
Expand All @@ -413,15 +417,26 @@ jobs:
# Find RandomX built tools for testing
find "$GITHUB_WORKSPACE/target/${{ matrix.builds.target }}/release/" \
-name "randomx-*${{ env.TBN_EXT}}" -type f -perm -+x -exec cp -v {} . \;
echo "Compute diag utils shasum"
${SHARUN} * \
>> "${{ env.TBN_FILENAME }}_archive-diag-utils-${{ matrix.builds.name }}.sha256"
cat "${{ env.TBN_FILENAME }}_archive-diag-utils-${{ matrix.builds.name }}.sha256"
echo "Checksum verification for diag utils is "
${SHARUN} --check "${{ env.TBN_FILENAME }}_archive-diag-utils-${{ matrix.builds.name }}.sha256"
7z a "${{ env.TBN_FILENAME }}_archive-diag-utils-${{ matrix.builds.name }}.zip" *
echo "Compute diag utils archive shasum"
${SHARUN} "${{ env.TBN_FILENAME }}_archive-diag-utils-${{ matrix.builds.name }}.zip" \
>> "${{ env.TBN_FILENAME }}_archive-diag-utils-${{ matrix.builds.name }}.zip.sha256"
cat "${{ env.TBN_FILENAME }}_archive-diag-utils-${{ matrix.builds.name }}.zip.sha256"
echo "Checksum verification for diag utils archive is "
${SHARUN} --check "${{ env.TBN_FILENAME }}_archive-diag-utils-${{ matrix.builds.name }}.zip.sha256"
- name: Artifact upload for diag-utils
continue-on-error: true
uses: actions/upload-artifact@v3
with:
name: ${{ env.TBN_FILENAME }}_archive-diag-utils-${{ matrix.builds.name }}
path: "${{ github.workspace }}${{ env.TBN_DIST }}/diag-utils/*"
path: "${{ github.workspace }}${{ env.TBN_DIST }}/diag-utils/*.zip*"

- name: Sync dist to S3 - Bash
continue-on-error: true # Don't break if s3 upload fails
Expand Down Expand Up @@ -498,7 +513,6 @@ jobs:
with:
artifacts: "tari_*/**/*"
token: ${{ secrets.GITHUB_TOKEN }}
#bodyFile: changelog.md
prerelease: true
draft: true
allowUpdates: true
Expand Down
12 changes: 1 addition & 11 deletions .github/workflows/build_dockers_workflow.yml
Original file line number Diff line number Diff line change
Expand Up @@ -116,17 +116,7 @@ jobs:
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
shell: bash
run: |
tagnet=${{github.ref_name}}
echo $tagnet
# case match is not RegEx, but wildcards/globs
case "$tagnet" in
v*-pre.*) TARI_NETWORK=esme
;;
v*-rc.*) TARI_NETWORK=nextnet
;;
*) TARI_NETWORK=mainnet
;;
esac
source tari/buildtools/multinet_envs.sh ${{github.ref_name}}
echo ${TARI_NETWORK}
echo "TARI_NETWORK=${TARI_NETWORK}" >> $GITHUB_ENV
Expand Down
20 changes: 6 additions & 14 deletions .github/workflows/build_libwallets.yml
Original file line number Diff line number Diff line change
Expand Up @@ -70,9 +70,9 @@ jobs:
working-directory: libwallets
run: |
ls -alhtR
find . -name "*.sha256sums" -type f -print | xargs cat >> libwallets.txt.sha256sums-verify
cat libwallets.txt.sha256sums-verify
sha256sum -c libwallets.txt.sha256sums-verify
find . -name "*.sha256" -type f -print | xargs cat >> libwallets.txt.sha256-verify
cat libwallets.txt.sha256-verify
sha256sum -c libwallets.txt.sha256-verify
- name: Sync to S3 on tag
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
Expand All @@ -98,18 +98,12 @@ jobs:
with:
path: libwallets

# - name: Setup changelog
# shell: bash
# working-directory: libwallets
# run: |
# find . -name changelog.md -type f -exec cp -vf {} "$GITHUB_WORKSPACE/" \;

- name: Update sha256sums for top level paths
- name: Update sha256 for top level paths
shell: bash
working-directory: libwallets
run: |
ls -alht
find . -name "libtari_wallet_ffi.*.sha256sums" -type f \
find . -name "libtari_wallet_ffi.*.sha256" -type f \
-exec sed -i -e "s/libwallet-.*\///g" '{}' \;
ls -alht
Expand All @@ -119,12 +113,11 @@ jobs:
run: |
ls -alht
if [ -d libwallet-ios-xcframework ]; then
#zip -j libtari_wallet_ffi.ios-xcframework.zip libwallet-ios-xcframework/*
7z a libtari_wallet_ffi.ios-xcframework.zip libwallet-ios-xcframework/*
rm -fr libwallet-ios-xcframework/*
shasum -a 256 \
"libtari_wallet_ffi.ios-xcframework.zip" \
> "libtari_wallet_ffi.ios-xcframework.zip.sha256sums"
> "libtari_wallet_ffi.ios-xcframework.zip.sha256"
fi
ls -alht
Expand All @@ -133,7 +126,6 @@ jobs:
with:
artifacts: "libwallet*/**/*"
token: ${{ secrets.GITHUB_TOKEN }}
#bodyFile: "changelog.md"
prerelease: true
draft: true
allowUpdates: true
Expand Down
Loading

0 comments on commit c41ffc7

Please sign in to comment.