cerc-io/lotus
16
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 27 Wiki Activity

ci: ci: migrate the release workflow to github actions (#11785)

Browse Source 
* ci: rename install ubuntu deps to install system dependencies

* ci: migrate the release workflow to github actions

* ci: set permissions required by the newly added workflows explicitly

* ci: prevent duplicate release and docker publishing

* ci: trigger docker workflow on push to master

* ci: do not pass tokens to goreleaser on dry release runs

* ci: specify higher permissions on a job level
This commit is contained in:
Piotr Galar 2024-04-02 14:22:09 +01:00 committed by GitHub
parent 86279403ea
commit 2a0d8970e8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
12 changed files with 271 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.github/actions/export-circle-env/action.yml vendored Normal file
View File

@ -0,0 +1,14 @@
name: Export Circle Env
description: Export CircleCI environment variables for Filecoin Lotus
runs:
using: composite
steps:
- run: |
if [[ "$GITHUB_REF" == refs/tags/* ]]; then
echo "CIRCLE_TAG=${GITHUB_REF#refs/tags/}" | tee -a $GITHUB_ENV
fi
echo "CIRCLE_PROJECT_USERNAME=$GITHUB_REPOSITORY_OWNER" | tee -a $GITHUB_ENV
echo "CIRCLE_PROJECT_REPONAME=${GITHUB_REPOSITORY#$GITHUB_REPOSITORY_OWNER/}" | tee -a $GITHUB_ENV
echo "CIRCLE_SHA1=$GITHUB_SHA" | tee -a $GITHUB_ENV
shell: bash

19
.github/actions/install-system-dependencies/action.yml vendored Normal file
View File

@ -0,0 +1,19 @@
name: Install System Dependencies
description: Install System dependencies for Filecoin Lotus
runs:
using: composite
steps:
- if: runner.os == 'Linux'
run: |
sudo apt-get update -y
sudo apt-get install -y ocl-icd-opencl-dev libhwloc-dev pkg-config
shell: bash
- if: runner.os == 'macOS'
env:
HOMEBREW_NO_AUTO_UPDATE: '1'
run: |
brew install hwloc pkg-config
echo "CPATH=$(brew --prefix)/include" | tee -a $GITHUB_ENV
echo "LIBRARY_PATH=$(brew --prefix)/lib" | tee -a $GITHUB_ENV
shell: bash

10
.github/actions/install-ubuntu-deps/action.yml vendored
View File

@ -1,10 +0,0 @@
name: Install Ubuntu Dependencies
description: Install Ubuntu dependencies for Filecoin Lotus
runs:
using: composite
steps:
- run: |
sudo apt-get update -y
sudo apt-get install -y ocl-icd-opencl-dev libhwloc-dev pkg-config
shell: bash

4
.github/workflows/build.yml vendored
View File

@ -16,6 +16,8 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions: {}
jobs:
build:
name: Build
@ -24,6 +26,6 @@ jobs:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- uses: ./.github/actions/install-ubuntu-deps
- uses: ./.github/actions/install-system-dependencies
- uses: ./.github/actions/install-go
- run: make deps lotus

4
.github/workflows/builtin-actor-tests.yml vendored
View File

@ -1,4 +1,5 @@
name: Built-in Actors
on:
push:
paths:
@ -6,6 +7,9 @@ on:
- build/builtin_actors_gen.go
branches:
- release/*
permissions: {}
jobs:
release:
name: Release Tests

8
.github/workflows/check.yml vendored
View File

@ -16,6 +16,8 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions: {}
jobs:
check-docsgen:
name: Check (docs-check)
@ -24,7 +26,7 @@ jobs:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- uses: ./.github/actions/install-ubuntu-deps
- uses: ./.github/actions/install-system-dependencies
- uses: ./.github/actions/install-go
- run: go install golang.org/x/tools/cmd/goimports
- run: make deps
@ -37,7 +39,7 @@ jobs:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- uses: ./.github/actions/install-ubuntu-deps
- uses: ./.github/actions/install-system-dependencies
- uses: ./.github/actions/install-go
- run: make deps lotus
- run: go install golang.org/x/tools/cmd/goimports
@ -53,7 +55,7 @@ jobs:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- uses: ./.github/actions/install-ubuntu-deps
- uses: ./.github/actions/install-system-dependencies
- uses: ./.github/actions/install-go
- run: go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
- run: make deps

100
.github/workflows/docker.yml vendored Normal file
View File

@ -0,0 +1,100 @@
name: Docker
on:
push:
branches:
- master
- release/*
tags:
- v*
schedule:
- cron: '0 0 * * *'
workflow_dispatch:
defaults:
run:
shell: bash
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions: {}
jobs:
docker:
name: Docker (${{ matrix.image }} / ${{ matrix.network }}) [publish=${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/') }}]
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
image:
- lotus-all-in-one
network:
- mainnet
- butterflynet
- calibnet
- debug
include:
- image: lotus
network: mainnet
env:
# Do not publish until CircleCI is deprecated
PUBLISH: false
# PUBLISH: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/') }}
steps:
- id: channel
env:
IS_MASTER: ${{ github.ref == 'refs/heads/master' }}
IS_TAG: ${{ startsWith(github.ref, 'refs/tags/') }}
IS_RC: ${{ endsWith(github.ref, '-rc') }}
IS_SCHEDULED: ${{ github.event_name == 'schedule' }}
run: |
channel=''
if [[ "$IS_MASTER" == 'true' ]]; then
if [[ "$IS_SCHEDULED" == 'true' ]]; then
channel=nightly
else
channel=master
fi
elif [[ "$IS_TAG" == 'true' ]]; then
if [[ "$IS_RC" == 'true' ]]; then
channel=candidate
else
channel=stable
fi
fi
echo "channel=$channel" | tee -a $GITHUB_ENV
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: filecoin/${{ matrix.image }}
tags: |
type=schedule
type=raw,enable=${{ github.event_name != 'schedule' && steps.channel.outputs.channel != '' }},value=${{ steps.channel.outputs.channel }}
type=ref,event=tag
type=sha,prefix=
flavor: |
latest=false
suffix=${{ matrix.network != 'mainnet' && format('-{0}', matrix.network) || '' }}
- if: env.PUBLISH == 'true'
name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push if channel is set (channel=${{ steps.channel.outputs.channel }})
uses: docker/build-push-action@v5
with:
context: .
push: ${{ env.PUBLISH == 'true' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
${{ matrix.network != 'mainnet' && format('GOFLAGS=-tags={0}', matrix.network) || ''}}

113
.github/workflows/release.yml vendored Normal file
View File

@ -0,0 +1,113 @@
name: Release
on:
push:
branches:
- ci/*
- release/*
tags:
- v*
workflow_dispatch:
defaults:
run:
shell: bash
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions: {}
jobs:
build:
name: Build (${{ matrix.os }}/${{ matrix.arch }})
runs-on: ${{ matrix.runner }}
strategy:
fail-fast: false
matrix:
include:
- runner: ubuntu-latest
os: Linux
arch: X64
- runner: macos-13
os: macOS
arch: X64
- runner: macos-14
os: macOS
arch: ARM64
steps:
- env:
OS: ${{ matrix.os }}
ARCH: ${{ matrix.arch }}
run: |
if [[ "$OS" != "$RUNNER_OS" || "$ARCH" != "$RUNNER_ARCH" ]]; then
echo "::error title=Unexpected Runner::Expected $OS/$ARCH, got $RUNNER_OS/$RUNNER_ARCH"
exit 1
fi
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- uses: ./.github/actions/export-circle-env
- uses: ./.github/actions/install-system-dependencies
- uses: ./.github/actions/install-go
- env:
GITHUB_TOKEN: ${{ github.token }}
run: make deps lotus lotus-miner lotus-worker
- if: runner.os == 'macOS'
run: otool -hv lotus
- run: ./scripts/version-check.sh ./lotus
- uses: actions/upload-artifact@v4
with:
name: lotus-${{ matrix.os }}-${{ matrix.arch }}
path: |
lotus
lotus-miner
lotus-worker
release:
name: Release [publish=${{ startsWith(github.ref, 'refs/tags/') }}]
permissions:
# This enables the job to create and/or update GitHub releases
contents: write
runs-on: ubuntu-latest
needs: [build]
env:
# Do not publish until CircleCI is deprecated
PUBLISH: false
# PUBLISH: ${{ startsWith(github.ref, 'refs/tags/') }}
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
fetch-depth: 0
- uses: actions/download-artifact@v4
with:
name: lotus-Linux-X64
path: linux_amd64_v1
- uses: actions/download-artifact@v4
with:
name: lotus-macOS-X64
path: darwin_amd64_v1
- uses: actions/download-artifact@v4
with:
name: lotus-macOS-ARM64
path: darwin_arm64
- uses: ./.github/actions/export-circle-env
- uses: ./.github/actions/install-go
- uses: ipfs/download-ipfs-distribution-action@v1
with:
name: kubo
version: v0.16.0
- uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
with:
distribution: goreleaser-pro
version: latest
args: release --clean --debug ${{ env.PUBLISH == 'false' && '--snapshot' || '' }}
env:
GITHUB_TOKEN: ${{ env.PUBLISH == 'true' && github.token || '' }}
GORELEASER_KEY: ${{ env.PUBLISH == 'true' && secrets.GORELEASER_KEY || '' }}
- run: ./scripts/generate-checksums.sh
- if: env.PUBLISH == 'true'
env:
GITHUB_TOKEN: ${{ github.token }}
run: ./scripts/publish-checksums.sh

6
.github/workflows/stale.yml vendored
View File

@ -4,14 +4,14 @@ on:
schedule:
- cron: '0 12 * * *'
permissions: {}
jobs:
stale:
runs-on: ubuntu-latest
permissions:
issues: write
pull-requests: write
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v9
with:

6
.github/workflows/sync-master-main.yaml vendored
View File

@ -1,14 +1,16 @@
name: sync-master-main
on:
push:
branches:
- master
permissions:
contents: write
permissions: {}
jobs:
sync:
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

7
.github/workflows/test.yml vendored
View File

@ -16,8 +16,7 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
permissions: {}
jobs:
discover:
@ -239,7 +238,7 @@ jobs:
path: ${{ steps.make_deps.outputs.path }}
lookup-only: true
- if: steps.restore_fetch_params.outputs.cache-hit != 'true'
uses: ./.github/actions/install-ubuntu-deps
uses: ./.github/actions/install-system-dependencies
- if: steps.restore_fetch_params.outputs.cache-hit != 'true'
uses: ./.github/actions/install-go
- if: steps.restore_fetch_params.outputs.cache-hit != 'true' || steps.restore_make_deps.outputs.cache-hit != 'true'
@ -272,7 +271,7 @@ jobs:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- uses: ./.github/actions/install-ubuntu-deps
- uses: ./.github/actions/install-system-dependencies
- uses: ./.github/actions/install-go
- run: go install gotest.tools/gotestsum@latest
- name: Restore cached make deps outputs

6
.goreleaser.yaml
View File

@ -27,7 +27,7 @@ builds:
- goos: linux
goarch: arm64
prebuilt:
path: /tmp/workspace/{{ .Os }}_{{ .Arch }}{{ with .Amd64 }}_{{ . }}{{ end }}/lotus
path: '{{ if index .Env "GITHUB_WORKSPACE" }}{{ .Env.GITHUB_WORKSPACE }}{{ else }}/tmp/workspace{{ end }}/{{ .Os }}_{{ .Arch }}{{ with .Amd64 }}_{{ . }}{{ end }}/lotus'
- id: lotus-miner
binary: lotus-miner
builder: prebuilt
@ -43,7 +43,7 @@ builds:
- goos: linux
goarch: arm64
prebuilt:
path: /tmp/workspace/{{ .Os }}_{{ .Arch }}{{ with .Amd64 }}_{{ . }}{{ end }}/lotus-miner
path: '{{ if index .Env "GITHUB_WORKSPACE" }}{{ .Env.GITHUB_WORKSPACE }}{{ else }}/tmp/workspace{{ end }}/{{ .Os }}_{{ .Arch }}{{ with .Amd64 }}_{{ . }}{{ end }}/lotus-miner'
- id: lotus-worker
binary: lotus-worker
builder: prebuilt
@ -59,7 +59,7 @@ builds:
- goos: linux
goarch: arm64
prebuilt:
path: /tmp/workspace/{{ .Os }}_{{ .Arch }}{{ with .Amd64 }}_{{ . }}{{ end }}/lotus-worker
path: '{{ if index .Env "GITHUB_WORKSPACE" }}{{ .Env.GITHUB_WORKSPACE }}{{ else }}/tmp/workspace{{ end }}/{{ .Os }}_{{ .Arch }}{{ with .Amd64 }}_{{ . }}{{ end }}/lotus-worker'
archives:
- id: primary