From b5e81eb6b2d151bff649b2c4d3fba2f22be0f814 Mon Sep 17 00:00:00 2001 From: realbigsean Date: Wed, 23 Dec 2020 07:53:34 +0000 Subject: [PATCH] add automated release workflow (#2077) ## Issue Addressed Resolves #1674 ## Proposed Changes - Whenever a tag is pushed with the prefix `v` this workflow is triggered - creates portable and non-portable binaries for linux x86_64, linux aarch64, macOS - an attempt at using github actions caching - signs each binary using GPG - auto-generates full changelog based on commit messages since the last release - creates a **draft** release - hot new formatting (preview [here](https://github.com/realbigsean/lighthouse/releases/tag/v0.9.23)) - has been taking around 35 minutes ## Additional Info TODOs: - Figure out how we should automate dockerhub's version tag. - It'd be quickest just to tag `latest`, but we'd need to make sure the docker workflow completes before this starts - we do the same cross-compile in the `docker` workflow, we could try to use the same binary - integrate a similar flow for unstable binaries (`-rc` tag?) - improve caching, potentially use sccache - if we start using a self-hosted runner this'll require some re-working Need to add the following secrets to Github: - `GPG_PASSPHRASE` - ~~`GPG_PUBLIC_KEY`~~ hard-coded this, because it was tough manage as a secret - `GPG_SIGNING_KEY` Co-authored-by: realbigsean --- .github/workflows/book.yml | 1 + .github/workflows/docker.yml | 2 + .github/workflows/release.yml | 186 ++++++++++++++++++++++++++++++++++ 3 files changed, 189 insertions(+) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/book.yml b/.github/workflows/book.yml index eee433b322..0a9b5a9c34 100644 --- a/.github/workflows/book.yml +++ b/.github/workflows/book.yml @@ -8,6 +8,7 @@ on: jobs: build-and-upload-to-s3: runs-on: ubuntu-18.04 + environment: protected steps: - uses: actions/checkout@master diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index bc57238cfe..5a7fc39b1a 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -22,6 +22,7 @@ jobs: BRANCH_NAME: ${{ steps.extract_branch.outputs.BRANCH_NAME }} build-docker-arm64: runs-on: ubuntu-18.04 + environment: protected needs: [extract-branch-name] # We need to enable experimental docker features in order to use `docker buildx` env: @@ -60,6 +61,7 @@ jobs: --push build-docker-amd64: runs-on: ubuntu-18.04 + environment: protected needs: [extract-branch-name] steps: - uses: actions/checkout@v2 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000000..6c43466fea --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,186 @@ +name: Release Suite + +on: + push: + tags: + - v* + +env: + REPO_NAME: sigp/lighthouse + +jobs: + extract-version: + runs-on: ubuntu-latest + steps: + - name: Extract version + run: echo "::set-output name=VERSION::$(echo ${GITHUB_REF#refs/tags/})" + id: extract_version + outputs: + VERSION: ${{ steps.extract_version.outputs.VERSION }} + + build: + name: Build Release + strategy: + matrix: + arch: [aarch64-unknown-linux-gnu, + aarch64-unknown-linux-gnu-portable, + x86_64-unknown-linux-gnu, + x86_64-unknown-linux-gnu-portable, + x86_64-apple-darwin, + x86_64-apple-darwin-portable] + include: + - arch: aarch64-unknown-linux-gnu + platform: ubuntu-latest + - arch: aarch64-unknown-linux-gnu-portable + platform: ubuntu-latest + - arch: x86_64-unknown-linux-gnu + platform: ubuntu-latest + - arch: x86_64-unknown-linux-gnu-portable + platform: ubuntu-latest + - arch: x86_64-apple-darwin + platform: macos-latest + - arch: x86_64-apple-darwin-portable + platform: macos-latest + + runs-on: ${{ matrix.platform }} + environment: protected + needs: extract-version + steps: + - name: Checkout sources + uses: actions/checkout@v2 + - name: Build toolchain + uses: actions-rs/toolchain@v1 + with: + toolchain: stable + profile: minimal + override: true + + # ============================== + # Builds + # ============================== + + - name: Build Lighthouse for ${{matrix.arch}} + if: startsWith(matrix.arch, 'aarch64') && endsWith(matrix.arch, 'portable') + run: | + cargo install cross + make build-aarch64-portable + + - name: Build Lighthouse for ${{matrix.arch}} + if: startsWith(matrix.arch, 'aarch64') && !endsWith(matrix.arch, 'portable') + run: | + cargo install cross + make build-aarch64 + + - name: Move cross-compiled binary + if: startsWith(matrix.arch, 'aarch64') + run: mv target/aarch64-unknown-linux-gnu/release/lighthouse ~/.cargo/bin/lighthouse + + - name: Build Lighthouse for ${{matrix.arch}} portable + if: startsWith(matrix.arch, 'x86_64') && endsWith(matrix.arch, 'portable') + run: cargo install --path lighthouse --force --locked --features portable + + - name: Build Lighthouse for ${{matrix.arch}} modern + if: startsWith(matrix.arch, 'x86_64') && !endsWith(matrix.arch, 'portable') + run: cargo install --path lighthouse --force --locked --features modern + + - name: Configure GPG and create artifacts + env: + GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + run: | + export GPG_TTY=$(tty) + echo "$GPG_SIGNING_KEY" | gpg --batch --import + mkdir artifacts + mv ~/.cargo/bin/lighthouse ./artifacts + cd artifacts + tar -czf lighthouse-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.arch }}.tar.gz lighthouse + echo "$GPG_PASSPHRASE" | gpg --passphrase-fd 0 --pinentry-mode loopback --batch -ab lighthouse-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.arch }}.tar.gz + mv *tar.gz* .. + + # ======================================================================= + # Upload artifacts + # This is required to share artifacts between different jobs + # ======================================================================= + + - name: Upload artifact + uses: actions/upload-artifact@v2 + with: + name: lighthouse-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.arch }}.tar.gz + path: lighthouse-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.arch }}.tar.gz + + - name: Upload signature + uses: actions/upload-artifact@v2 + with: + name: lighthouse-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.arch }}.tar.gz.asc + path: lighthouse-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.arch }}.tar.gz.asc + + draft-release: + name: Draft Release + needs: [build, extract-version] + runs-on: ubuntu-latest + env: + VERSION: ${{ needs.extract-version.outputs.VERSION }} + steps: + # This is necessary for generating the changelog. It has to come before "Download Artifacts" or else it deletes the artifacts. + - name: Checkout sources + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + # ============================== + # Download artifacts + # ============================== + + - name: Download artifacts + uses: actions/download-artifact@v2 + + # ============================== + # Create release draft + # ============================== + + - name: Generate Full Changelog + id: changelog + run: echo "::set-output name=CHANGELOG::$(git log --pretty=format:"- %s" $(git describe --tags --abbrev=0 ${{ env.VERSION }}^)..${{ env.VERSION }})" + + - name: Create Release Draft + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # The formatting here is borrowed from OpenEthereum: https://github.com/openethereum/openethereum/blob/main/.github/workflows/build.yml + run: | + body=$(cat <<- "ENDBODY" + + + ## Summary + + Add a summary. + + ## All Changes + + ${{ steps.changelog.outputs.CHANGELOG }} + + ## Binaries + + [See pre-built binaries documentation.](https://lighthouse-book.sigmaprime.io/installation-binaries.html) + + The binaries are signed with Sigma Prime's PGP key: `15E66D941F697E28F49381F426416DC3F30674B0` + + | System | Architecture | Binary | PGP Signature | + |:---:|:---:|:---:|:---| + | | x86_64 | [lighthouse-${{ env.VERSION }}-x86_64-apple-darwin.tar.gz](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/lighthouse-${{ env.VERSION }}-x86_64-apple-darwin.tar.gz) | [PGP Signature](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/lighthouse-${{ env.VERSION }}-x86_64-apple-darwin.tar.gz.asc) | + | | x86_64 | [lighthouse-${{ env.VERSION }}-x86_64-apple-darwin-portable.tar.gz](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/lighthouse-${{ env.VERSION }}-x86_64-apple-darwin-portable.tar.gz) | [PGP Signature](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/lighthouse-${{ env.VERSION }}-x86_64-apple-darwin-portable.tar.gz.asc) | + | | x86_64 | [lighthouse-${{ env.VERSION }}-x86_64-unknown-linux-gnu.tar.gz](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/lighthouse-${{ env.VERSION }}-x86_64-unknown-linux-gnu.tar.gz) | [PGP Signature](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/lighthouse-${{ env.VERSION }}-x86_64-unknown-linux-gnu.tar.gz.asc) | + | | x86_64 | [lighthouse-${{ env.VERSION }}-x86_64-unknown-linux-gnu-portable.tar.gz](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/lighthouse-${{ env.VERSION }}-x86_64-unknown-linux-gnu-portable.tar.gz) | [PGP Signature](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/lighthouse-${{ env.VERSION }}-x86_64-unknown-linux-gnu-portable.tar.gz.asc) | + | | aarch64 | [lighthouse-${{ env.VERSION }}-aarch64-unknown-linux-gnu.tar.gz](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/lighthouse-${{ env.VERSION }}-aarch64-unknown-linux-gnu.tar.gz) | [PGP Signature](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/lighthouse-${{ env.VERSION }}-aarch64-unknown-linux-gnu.tar.gz.asc) | + | | aarch64 | [lighthouse-${{ env.VERSION }}-aarch64-unknown-linux-gnu-portable.tar.gz](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/lighthouse-${{ env.VERSION }}-aarch64-unknown-linux-gnu-portable.tar.gz) | [PGP Signature](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/lighthouse-${{ env.VERSION }}-aarch64-unknown-linux-gnu-portable.tar.gz.asc) | + | | | | | + | **System** | **Option** | - | **Resource** | + | | Docker | - | [sigp/lighthouse](https://hub.docker.com/r/sigp/lighthouse) | + ENDBODY + ) + assets=() + for asset in ./lighthouse-*.tar.gz*; do + assets+=("-a" "$asset/$asset") + done + tag_name="${{ env.VERSION }}" + echo "$body" | hub release create --draft "${assets[@]}" -F "-" "$tag_name"