light-client-snapshot-periodic-update #11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# The following code has been adapted from the Substrate Connect: | |
# https://github.com/paritytech/substrate-connect/blob/ef6418015c371430c0735d2b491447326406e5fd/.github/workflows/update-chain-specs.yml | |
name: light-client-snapshot-periodic-update | |
on: | |
schedule: | |
- cron: '0 9 * * MON' # every Monday at 9am | |
workflow_dispatch: # allow triggering through the UI | |
jobs: | |
download-spec: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
# This starts one parallel job for each of these addresses. | |
rpc-node-address: [ | |
"wss://rpc.polkadot.io", | |
"wss://kusama-rpc.polkadot.io", | |
"wss://westend-rpc.polkadot.io", | |
] | |
fail-fast: false # Don't automatically cancel the jobs of the other RPC nodes if one fails | |
steps: | |
- uses: actions/[email protected] | |
with: | |
persist-credentials: false | |
path: repo | |
ref: dev | |
- run: | | |
curl -L -O https://github.com/vi/websocat/releases/download/v1.9.0/websocat_linux64 | |
chmod +x websocat_linux64 | |
- run: | | |
echo '{"id":1,"jsonrpc":"2.0","method":"sync_state_genSyncSpec","params":[true]}' | | |
./websocat_linux64 -n1 -B 99999999 ${{ matrix.rpc-node-address }} > rpc_answer.json | |
- run: cat ./rpc_answer.json | jq .result > chain_spec.json | |
- id: get-chain-id # Reads the `id` field in the newly-downloaded chain spec | |
run: echo "id=`jq -r .id ./chain_spec.json`" >> $GITHUB_OUTPUT | |
- if: ${{ steps.get-chain-id.outputs.id == '' }} | |
uses: actions/upload-artifact@v3 | |
with: | |
name: failed-response-${{ github.run_id }} | |
path: | | |
rpc_answer.json | |
- run: | # Overwrite the `lightSyncState` field of the existing chain spec with the value of spec that's been downloaded. | |
tmp=$(mktemp) | |
output=./repo/src/main/webapp/genesis/${{ steps.get-chain-id.outputs.id }}.json | |
jq --slurpfile downloaded ./chain_spec.json '.lightSyncState = $downloaded[0].lightSyncState' "$output" > "$tmp" | |
mv "$tmp" "$output" | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: chain-spec-${{ steps.get-chain-id.outputs.id }} | |
# Note that passing `repo/**` maintains paths under `repo`. This is a bit of magic by the upload-artifact action. | |
path: | | |
repo/**/${{ steps.get-chain-id.outputs.id }}.json | |
create-pr: | |
runs-on: ubuntu-latest | |
if: ${{ always() }} # Run this job even if one of the steps of download-spec has failed | |
needs: download-spec | |
steps: | |
- uses: actions/[email protected] | |
with: | |
path: repo | |
ref: dev | |
- uses: actions/download-artifact@v3 | |
with: | |
# Since we're not passing a name, this automatically downloads *all* artifacts | |
# Unfortunately, this creates intermediary directories. | |
path: . | |
- run: cp -r ./chain-spec-*/* ./repo | |
- uses: peter-evans/create-pull-request@v5 | |
with: | |
# We use a custom secret (rather than the default GITHUB_TOKEN) so that opening the pull | |
# request triggers other actions such as the CI checks. GitHub prevents actions that use | |
# GITHUB_TOKEN from triggering further actions, to avoid recursive actions. | |
token: ${{ secrets.GH_TOKEN }} | |
committer: Fruzhin CICD <[email protected]> | |
author: Fruzhin CICD <[email protected]> | |
path: repo | |
branch: automatic-checkpoints-update | |
base: dev | |
title: Update checkpoints in chain specifications | |
# Note that the `download-spec` job above fails if the downloaded specification doesn't | |
# correspond to an existing file. It is therefore impossible that the pull request | |
# accidentally adds new specifications. | |
body: > | |
This pull request has been automatically generated by downloading chain | |
specifications from various JSON-RPC endpoints and extracting their checkpoints. | |
Keep in mind that introducing a malicious checkpoint can redirect users to the wrong | |
chain. If this pull request looks suspicious, please be cautious. | |
commit-message: Update checkpoints in chain specifications | |
delete-branch: true |