fix(ci): remove inner brackets (#3972) #61
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Component | |
| on: | |
| push: | |
| tags: ['*/v[0-9]+\.[0-9]+\.[0-9]+\-rc[0-9]+*', '*/v[0-9]+\.[0-9]+\.[0-9]+*'] | |
| jobs: | |
| eval-tag: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| build: ${{ steps.eval.outputs.BUILD }} | |
| component: ${{ steps.eval.outputs.COMPONENT }} | |
| image-produced: ${{ steps.eval.outputs.IMAGE_PRODUCED}} | |
| version: ${{ steps.eval.outputs.VERSION }} | |
| systems: ${{ steps.eval.outputs.SYSTEMS }} | |
| archive: ${{ steps.eval.outputs.ARCHIVE }} | |
| steps: | |
| - id: eval | |
| env: | |
| TAG: ${{github.ref_name}} | |
| run: | | |
| component="${TAG%/*}" | |
| case $component in | |
| bundle-testnet-9) | |
| attrs="[\"bundle-testnet-9\", \"bundle-testnet-9-image\"]" | |
| systems="[\"x86_64-linux\", \"aarch64-linux\"]" | |
| echo "COMPONENT=$component" >> $GITHUB_OUTPUT | |
| echo "IMAGE_PRODUCED=true" >> $GITHUB_OUTPUT | |
| echo "SYSTEMS=$systems" >> $GITHUB_OUTPUT | |
| echo "ARCHIVE=true" >> $GITHUB_OUTPUT | |
| ;; | |
| cometbls-light-client) | |
| attrs="[\"cometbls-light-client\"]" | |
| systems="[\"x86_64-linux\"]" | |
| echo "COMPONENT=$component" >> $GITHUB_OUTPUT | |
| echo "SYSTEMS=$systems" >> $GITHUB_OUTPUT | |
| echo "ARCHIVE=true" >> $GITHUB_OUTPUT | |
| ;; | |
| ucs01-relay) | |
| attrs="[\"ucs01-relay\"]" | |
| systems="[\"x86_64-linux\"]" | |
| echo "COMPONENT=$component" >> $GITHUB_OUTPUT | |
| echo "SYSTEMS=$systems" >> $GITHUB_OUTPUT | |
| echo "ARCHIVE=true" >> $GITHUB_OUTPUT | |
| ;; | |
| uniond) | |
| attrs="[\"uniond-release\", \"uniond-release-image\"]" | |
| systems="[\"x86_64-linux\", \"aarch64-linux\"]" | |
| echo "COMPONENT=uniond-release" >> $GITHUB_OUTPUT | |
| echo "IMAGE_PRODUCED=true" >> $GITHUB_OUTPUT | |
| echo "SYSTEMS=$systems" >> $GITHUB_OUTPUT | |
| ;; | |
| voyager) | |
| attrs="[\"voyager\"]" | |
| systems="[\"x86_64-linux\", \"aarch64-linux\"]" | |
| echo "COMPONENT=$component" >> $GITHUB_OUTPUT | |
| echo "SYSTEMS=$systems" >> $GITHUB_OUTPUT | |
| ;; | |
| evm-contracts) | |
| attrs="[\"evm-contracts\"]" | |
| systems="[\"x86_64-linux\"]" | |
| echo "COMPONENT=$component" >> $GITHUB_OUTPUT | |
| echo "SYSTEMS=$systems" >> $GITHUB_OUTPUT | |
| echo "ARCHIVE=true" >> $GITHUB_OUTPUT | |
| ;; | |
| *) | |
| echo "Invalid tag $TAG" | |
| exit 1 | |
| ;; | |
| esac | |
| echo "BUILD=(.top_attr == \"packages\") \ | |
| and ([.system] | inside($systems) ) \ | |
| and ([.attr] | inside($attrs))" >> $GITHUB_OUTPUT | |
| echo "VERSION=${TAG##*/}" >> $GITHUB_OUTPUT | |
| download-images-x86_64: | |
| if: ${{ needs.eval-tag.outputs.image-produced }} | |
| needs: [eval-tag] | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| lfs: true | |
| - uses: cachix/install-nix-action@v30 | |
| with: | |
| extra_nix_config: | | |
| trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g= union.cachix.org-1:TV9o8jexzNVbM1VNBOq9fu8NK+hL6ZhOyOh0quATy+M= | |
| trusted-substituters = https://cache.nixos.org https://cache.garnix.io https://union.cachix.org | |
| - name: Fetch from Cache | |
| env: | |
| COMPONENT: ${{ needs.eval-tag.outputs.component }} | |
| run: | | |
| nix build .#packages.x86_64-linux.\"$COMPONENT\"-image --accept-flake-config | |
| cp -Lr result x86_64-linux.\"$COMPONENT\"-image | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: x86_64-linux.${{ needs.eval-tag.outputs.component }}-image | |
| path: x86_64-linux.${{ needs.eval-tag.outputs.component }}-image | |
| download-images-aarch64: | |
| if: ${{ needs.eval-tag.outputs.image-produced && contains(needs.eval-tag.outputs.systems, 'aarch64-linux') }} | |
| needs: [eval-tag] | |
| runs-on: ubuntu-24.04-arm | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| lfs: true | |
| - uses: cachix/install-nix-action@v30 | |
| with: | |
| extra_nix_config: | | |
| trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g= union.cachix.org-1:TV9o8jexzNVbM1VNBOq9fu8NK+hL6ZhOyOh0quATy+M= | |
| trusted-substituters = https://cache.nixos.org https://cache.garnix.io https://union.cachix.org | |
| - name: Fetch from Cache | |
| env: | |
| COMPONENT: ${{ needs.eval-tag.outputs.component }} | |
| run: | | |
| nix build .#packages.aarch64-linux."$COMPONENT"-image --accept-flake-config | |
| cp -Lr result aarch64-linux."$COMPONENT"-image | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: aarch64-linux.${{ needs.eval-tag.outputs.component }}-image | |
| path: aarch64-linux.${{ needs.eval-tag.outputs.component }}-image | |
| download-binaries-x86_64: | |
| needs: [eval-tag] | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| lfs: true | |
| - uses: cachix/install-nix-action@v30 | |
| with: | |
| extra_nix_config: | | |
| trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g= union.cachix.org-1:TV9o8jexzNVbM1VNBOq9fu8NK+hL6ZhOyOh0quATy+M= | |
| trusted-substituters = https://cache.nixos.org https://cache.garnix.io https://union.cachix.org | |
| - env: | |
| ARCHIVE: ${{ needs.eval-tag.outputs.archive }} | |
| COMPONENT: ${{ needs.eval-tag.outputs.component }} | |
| run: | | |
| nix build .#packages.x86_64-linux."$COMPONENT" --accept-flake-config | |
| if [[ "$COMPONENT" =~ uniond-release ]] | |
| then | |
| mv result/bin/uniond "$COMPONENT"-x86_64-linux | |
| elif [[ $ARCHIVE ]] | |
| then | |
| tar -zcf "$COMPONENT"-x86_64-linux result | |
| else | |
| mv result/bin/"$COMPONENT" "$COMPONENT"-x86_64-linux | |
| fi | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ needs.eval-tag.outputs.component }}-x86_64-linux | |
| path: ${{ needs.eval-tag.outputs.component }}-x86_64-linux | |
| download-binaries-aarch64: | |
| needs: [eval-tag] | |
| runs-on: ubuntu-24.04-arm | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| lfs: true | |
| - uses: cachix/install-nix-action@v30 | |
| with: | |
| extra_nix_config: | | |
| trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g= union.cachix.org-1:TV9o8jexzNVbM1VNBOq9fu8NK+hL6ZhOyOh0quATy+M= | |
| trusted-substituters = https://cache.nixos.org https://cache.garnix.io https://union.cachix.org | |
| - env: | |
| ARCHIVE: ${{ needs.eval-tag.outputs.archive }} | |
| COMPONENT: ${{ needs.eval-tag.outputs.component }} | |
| run: | | |
| nix build .#packages.aarch64-linux."$COMPONENT" --accept-flake-config | |
| if [[ "$COMPONENT" =~ uniond-release ]] | |
| then | |
| mv result/bin/uniond "$COMPONENT"-aarch64-linux | |
| elif [[ $ARCHIVE ]] | |
| then | |
| tar -zcf "$COMPONENT"-aarch64-linux result | |
| else | |
| mv result/bin/"$COMPONENT" "$COMPONENT"-aarch64-linux | |
| fi | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ needs.eval-tag.outputs.component }}-aarch64-linux | |
| path: ${{ needs.eval-tag.outputs.component }}-aarch64-linux | |
| release-images: | |
| needs: [download-images-x86_64, download-images-aarch64, eval-tag] | |
| if: ${{ needs.eval-tag.outputs.image-produced }} | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| packages: write | |
| services: | |
| registry: | |
| image: registry:2 | |
| ports: | |
| - 5000:5000 | |
| steps: | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Download aarch64-linux.${{ needs.eval-tag.outputs.component }}-image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: aarch64-linux.${{ needs.eval-tag.outputs.component }}-image | |
| path: . | |
| - name: Download x86_64-linux.${{ needs.eval-tag.outputs.component }}-image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: x86_64-linux.${{ needs.eval-tag.outputs.component }}-image | |
| path: . | |
| - name: Tag Docker Images | |
| env: | |
| COMPONENT: ${{ needs.eval-tag.outputs.component }} | |
| TAG: ${{ needs.eval-tag.outputs.version }} | |
| run: | | |
| echo "Entering for loop" | |
| for arch in 'aarch64-linux' 'x86_64-linux' | |
| do | |
| echo "Tagging $COMPONENT for $arch" | |
| echo "GITHUB_WORKSPACE ($GITHUB_WORKSPACE)" | |
| ls -la $GITHUB_WORKSPACE | |
| echo "wd: ($(pwd))" | |
| ls -la | |
| dockerstring=$(docker load < $arch.$COMPONENT-image) | |
| dockerstring=$(echo ${dockerstring##*':'}) | |
| echo "Getting image ID for $dockerstring" | |
| imageid=$(docker images --format "{{.ID}}:{{.Tag}}" | grep $dockerstring) | |
| imageid=$(echo ${imageid%%':'*}) | |
| echo "Tagging image" | |
| docker tag "$imageid" "localhost:5000/unionlabs/$COMPONENT:$TAG-$arch" | |
| echo "$COMPONENT for $arch is tagged" | |
| docker push "localhost:5000/unionlabs/$COMPONENT:$TAG-$arch" | |
| echo "localhost:5000/unionlabs/$COMPONENT:$TAG-$arch is pushed" | |
| done | |
| - name: Create Manifest | |
| env: | |
| COMPONENT: ${{ needs.eval-tag.outputs.component }} | |
| TAG: ${{ needs.eval-tag.outputs.version }} | |
| run: | | |
| docker pull "localhost:5000/unionlabs/$COMPONENT:$TAG-aarch64-linux" | |
| docker pull "localhost:5000/unionlabs/$COMPONENT:$TAG-x86_64-linux" | |
| docker manifest create --insecure \ | |
| "localhost:5000/unionlabs/$COMPONENT:$TAG" \ | |
| --amend "localhost:5000/unionlabs/$COMPONENT:$TAG-aarch64-linux" \ | |
| --amend "localhost:5000/unionlabs/$COMPONENT:$TAG-x86_64-linux" \ | |
| - name: Push Manifest to Local Registry | |
| env: | |
| COMPONENT: ${{ needs.eval-tag.outputs.component }} | |
| TAG: ${{ needs.eval-tag.outputs.version }} | |
| run: docker manifest push "localhost:5000/unionlabs/$COMPONENT:$TAG" | |
| - uses: actions/checkout@v4 | |
| with: | |
| lfs: true | |
| fetch-depth: 0 | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Annotate Manifest | |
| env: | |
| COMPONENT: ${{ needs.eval-tag.outputs.component }} | |
| TAG: ${{ needs.eval-tag.outputs.version }} | |
| run: | | |
| curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 >regctl | |
| chmod 755 regctl && sudo cp ./regctl /usr/bin | |
| echo "downloaded & installed regctl" | |
| regctl registry set --tls disabled localhost:5000 | |
| regctl image mod "localhost:5000/unionlabs/$COMPONENT:$TAG" --to-oci --create "$TAG" --annotation org.opencontainers.image.description="$(cat "$GITHUB_WORKSPACE/.github/container-descriptions/$COMPONENT.txt")" | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Copy Manifest to GHCR | |
| env: | |
| COMPONENT: ${{ needs.eval-tag.outputs.component }} | |
| TAG: ${{ needs.eval-tag.outputs.version }} | |
| run: | | |
| wget https://github.com/rapidsai/skopeo/releases/download/v1.12/skopeo-linux-amd64 -O ./skopeo | |
| chmod +x ./skopeo && sudo cp ./skopeo /usr/bin | |
| echo "downloaded & installed skopeo" | |
| skopeo copy --multi-arch=all --insecure-policy --src-tls-verify=false "docker://localhost:5000/unionlabs/$COMPONENT:$TAG" "docker://ghcr.io/unionlabs/$COMPONENT:$TAG" | |
| echo "Copied $COMPONENT:$TAG multi-arch to GHCR" | |
| public-release: | |
| needs: [download-binaries-x86_64, download-binaries-aarch64, eval-tag] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/download-artifact@v4 | |
| - id: prep-artifacts | |
| env: | |
| COMPONENT: ${{ needs.eval-tag.outputs.component }} | |
| ARCHIVE: ${{ needs.eval-tag.outputs.archive }} | |
| SYSTEMS: ${{ needs.eval-tag.outputs.systems }} | |
| run: | | |
| echo "# sha256 Checksums" >> release.md | |
| x86_64=$(echo "$SYSTEMS" | jq 'contains(["x86_64-linux"])') | |
| aarch64=$(echo "$SYSTEMS" | jq 'contains(["aarch64-linux"])') | |
| if [[ $ARCHIVE ]]; then | |
| if [[ $x86_64 = true ]]; then | |
| echo "Renaming x86_64-linux archive" | |
| comp_x86_64="$COMPONENT-x86_64-linux" | |
| comp_x86_64_archive="$comp_x86_64.tar.gz" | |
| echo "- $(cd "$comp_x86_64" && mv "$comp_x86_64" "$comp_x86_64_archive" && sha256sum "$comp_x86_64_archive")" >> release.md | |
| fi | |
| if [[ $aarch64 = true ]]; then | |
| echo "Renaming aarch64-linux archive" | |
| comp_aarch64="$COMPONENT-aarch64-linux" | |
| comp_aarch64_archive="$comp_aarch64.tar.gz" | |
| echo "- $(cd "$comp_aarch64" && mv "$comp_aarch64" "$comp_aarch64_archive" && sha256sum "$comp_aarch64_archive")" >> release.md | |
| fi | |
| echo "Setting archive output" | |
| echo "FILES=**/$COMPONENT-*.tar.gz" >> $GITHUB_OUTPUT | |
| else | |
| if [[ $x86_64 = true ]]; then | |
| echo "Renaming x86_64-linux binary" | |
| comp_x86_64="$COMPONENT-x86_64-linux" | |
| echo "- $(cd "$comp_x86_64" && sha256sum "$comp_x86_64")" >> release.md | |
| fi | |
| if [[ $aarch64 = true ]]; then | |
| echo "Renaming aarch64-linux binary" | |
| comp_aarch64="$COMPONENT-aarch64-linux" | |
| echo "- $(cd "$comp_aarch64" && sha256sum "$comp_aarch64")" >> release.md | |
| fi | |
| echo "Setting binary output" | |
| echo "FILES=**/$COMPONENT-*" >> $GITHUB_OUTPUT | |
| fi | |
| tree | |
| - uses: softprops/action-gh-release@v2 | |
| with: | |
| body_path: release.md | |
| prerelease: ${{ contains(needs.eval-tag.outputs.version, '-rc') || contains(needs.eval-tag.outputs.version, 'alpha') }} | |
| repository: unionlabs/union | |
| token: ${{ secrets.UNION_RELEASES_PAT }} | |
| name: ${{needs.eval-tag.outputs.component}} ${{needs.eval-tag.outputs.version}} | |
| tag_name: ${{ needs.eval-tag.outputs.version }} | |
| fail_on_unmatched_files: true | |
| files: ${{ steps.prep-artifacts.outputs.FILES }} |