Development -> Main (#47)

Co-authored-by: Yurii Kovalchuk <[email protected]>
Co-authored-by: Yurii Kovalchuk <[email protected]>

.github/actions/build-and-push/action.yml

@@ -15,8 +15,11 @@ inputs:
   environment:
     required: true
   push:
-    required: false  
-    default: true  
+    required: false
+    default: true
+  push-latest:
+    required: false
+    default: false
 
 runs:
   using: "composite"
@@ -41,3 +44,11 @@ runs:
         build-args: |
           ANON_VER=${{ inputs.version }}
           ANON_ENV=${{ inputs.environment }}
+
+    - name: Push latest
+      if: ${{ inputs.push-latest == true }}
+      shell: bash
+      run: |
+        docker buildx imagetools create \
+          -t ${{ inputs.docker-base-repo }}:${{ github.sha }} \
+             ${{ inputs.docker-base-repo }}:latest

.github/actions/multiarch-push/action.yml

@@ -8,6 +8,9 @@ inputs:
     required: true
   docker-tag:
     required: true
+  push-latest:
+    required: false
+    default: false
 
 runs:
   using: "composite"
@@ -27,8 +30,16 @@ runs:
         docker buildx imagetools create \
           -t ${{ inputs.docker-base-repo }}:${{ inputs.docker-tag }} \
              ${{ inputs.docker-base-repo }}-amd64:${{ inputs.docker-tag }} \
-             ${{ inputs.docker-base-repo }}-arm64:${{ inputs.docker-tag }} 
+             ${{ inputs.docker-base-repo }}-arm64:${{ inputs.docker-tag }}
         docker buildx imagetools create \
-          -t ${{ inputs.docker-base-repo }}:${{ github.sha}} \
+          -t ${{ inputs.docker-base-repo }}:${{ github.sha }} \
              ${{ inputs.docker-base-repo }}-amd64:${{ github.sha }} \
-             ${{ inputs.docker-base-repo }}-arm64:${{ github.sha }} 
+             ${{ inputs.docker-base-repo }}-arm64:${{ github.sha }}
+
+    - name: Push latest
+      if: ${{ inputs.push-latest == true }}
+      shell: bash
+      run: |
+        docker buildx imagetools create \
+          -t ${{ inputs.docker-base-repo }}:${{ github.sha }} \
+             ${{ inputs.docker-base-repo }}:latest

.github/workflows/build-packages.yml

@@ -15,10 +15,11 @@ on:
 env:
   DEBIAN_FRONTEND: noninteractive
 
-  # tags, main: stage
+  # tags: live
+  # main: stage
   # development: dev
-  # everything else (pr, etc.): unstable-dev
-  PKG_ENV: ${{ (github.ref == 'refs/heads/main' || github.ref_type == 'tag') && 'stage' || github.ref == 'refs/heads/development' && 'dev' || 'unstable-dev' }}
+  # everything else (pull request, etc.): unstable-dev
+  PKG_ENV: ${{ github.ref_type == 'tag' && 'live' || github.ref == 'refs/heads/main' && 'stage' || github.ref == 'refs/heads/development' && 'dev' || 'unstable-dev' }}
 
 jobs:
 
@@ -162,6 +163,74 @@ jobs:
           name: anon-${{ env.PKG_ENV }}-${{ matrix.build.os }}-${{ matrix.build.suite }}-${{ matrix.build.arch }}
           path: binary-packages/
 
+  #
+  # Linux Build
+  #
+
+  build-linux-binary:
+    runs-on: ${{ matrix.build.runner }}
+    container:
+      image: debian:bookworm
+    env:
+      OPENSSL_VERSION: "1.1.1w"
+    strategy:
+      fail-fast: false
+      matrix:
+        build:
+
+          # Linux amd64
+          - runner: ubuntu-latest
+            arch: amd64
+            libarch: x86_64
+
+          # Linux arm64
+          - runner: arm64
+            arch: arm64
+            libarch: aarch64
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          path: ator-protocol
+          fetch-depth: 1
+      - name: Install dependencies
+        run: |
+          apt-get update && \
+          apt_build_deps="libssl-dev zlib1g-dev libevent-dev ca-certificates dh-apparmor libseccomp-dev debhelper" && \
+          apt_runtime_deps="iputils-ping curl pwgen" && \
+          apt_temps="build-essential automake git wget" && \
+          apt-get -y --no-install-recommends install $apt_build_deps $apt_runtime_deps $apt_temps
+      - name: Build anon
+        run: |
+          cd ator-protocol
+          ./scripts/ci/update-env.sh ${{ env.PKG_ENV }}
+          ./autogen.sh
+          ./configure \
+            --disable-asciidoc \
+            --disable-zstd \
+            --disable-lzma \
+            --enable-static-zlib \
+            --enable-static-libevent \
+            --enable-static-openssl \
+            --enable-static-tor \
+            --with-libevent-dir=/usr/lib/${{ matrix.build.libarch }}-linux-gnu/ \
+            --with-openssl-dir=/usr/lib/${{ matrix.build.libarch }}-linux-gnu/ \
+            --with-zlib-dir=/usr/lib/${{ matrix.build.libarch }}-linux-gnu/ \
+            --disable-tool-name-check \
+            --disable-gcc-hardening
+          make
+      - name: Copy executables to artifact directory
+        run: |
+          mkdir -p package
+          cp ator-protocol/src/app/anon package
+          cp ator-protocol/src/tools/anon-gencert package
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: anon-${{ env.PKG_ENV }}-linux-${{ matrix.build.arch }}
+          path: package/
+
   #
   # MacOS Build
   #
@@ -380,8 +449,12 @@ jobs:
         run: |
           mkdir -p release-artifacts/
           cp raw-artifacts/anon-*/anon_*.deb release-artifacts/
+          chmod +x raw-artifacts/anon-${{ env.PKG_ENV }}-linux-amd64/*
+          chmod +x raw-artifacts/anon-${{ env.PKG_ENV }}-linux-arm64/*
           chmod +x raw-artifacts/anon-${{ env.PKG_ENV }}-macos-amd64/*
           chmod +x raw-artifacts/anon-${{ env.PKG_ENV }}-macos-arm64/*
+          zip -j release-artifacts/anon-${{ env.PKG_ENV }}-linux-amd64.zip raw-artifacts/anon-${{ env.PKG_ENV }}-linux-amd64/*
+          zip -j release-artifacts/anon-${{ env.PKG_ENV }}-linux-arm64.zip raw-artifacts/anon-${{ env.PKG_ENV }}-linux-arm64/*
           zip -j release-artifacts/anon-${{ env.PKG_ENV }}-macos-amd64.zip raw-artifacts/anon-${{ env.PKG_ENV }}-macos-amd64/*
           zip -j release-artifacts/anon-${{ env.PKG_ENV }}-macos-arm64.zip raw-artifacts/anon-${{ env.PKG_ENV }}-macos-arm64/*
           zip -j release-artifacts/anon-${{ env.PKG_ENV }}-windows-amd64.zip raw-artifacts/anon-${{ env.PKG_ENV }}-windows-amd64/*

.github/workflows/live-build-and-push.yml

@@ -0,0 +1,61 @@
+name: Stage Build and Push Docker Images
+
+on:
+  push:
+    tags:
+      - 'v*.*.*.*'
+  workflow_dispatch:
+
+env:
+  image-tag: ${{ github.event_name == 'push' && (github.ref_name) || 'latest-manual' }}
+
+jobs:
+  build-and-push:
+    runs-on: ${{ matrix.platform.runs-on }}
+    strategy:
+      matrix:
+        platform:
+          - name: linux/amd64
+            image-suffix: amd64
+            runs-on: ubuntu-latest
+          - name: linux/arm64
+            image-suffix: arm64
+            runs-on: arm64
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+      - name: Build and push
+        uses: ./.github/actions/build-and-push
+        with:
+          docker-username: ${{ secrets.DOCKER_USERNAME }}
+          docker-password: ${{ secrets.DOCKER_PASSWORD }}
+          docker-base-repo: ${{ secrets.DOCKER_BASE_REPO_LIVE }}-${{ matrix.platform.image-suffix }}
+          docker-tag: ${{ env.image-tag }}
+          docker-platform: ${{ matrix.platform.name }}
+          version: ${{ github.sha }}
+          environment: live
+          push-latest: true
+
+  multiarch-push:
+    runs-on: arm64
+    needs: build-and-push
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+      - name: Multiarch push
+        uses: ./.github/actions/multiarch-push
+        with:
+          docker-username: ${{ secrets.DOCKER_USERNAME }}
+          docker-password: ${{ secrets.DOCKER_PASSWORD }}
+          docker-base-repo: ${{ secrets.DOCKER_BASE_REPO_LIVE }}
+          docker-tag: ${{ env.image-tag }}
+          push-latest: true
+
+  deploy:
+    needs: multiarch-push
+    runs-on: ubuntu-latest
+    steps:
+      - name: Invoke workflow without inputs
+        uses: benc-uk/workflow-dispatch@v1
+        with:
+          workflow: Live Deploy

.github/workflows/live-deploy.yml

@@ -0,0 +1,34 @@
+name: Live Deploy
+
+on:
+  workflow_dispatch:
+  workflow_call:
+
+env:
+  image-name: ${{ secrets.DOCKER_BASE_REPO_LIVE }}
+  image-tag: ${{ github.event_name == 'workflow_call' && 'latest' || github.sha }}
+  da-1-hc-url: http://49.13.145.234:9230/tor/status-vote/current/consensus
+  da-2-hc-url: http://5.161.108.187:9230/tor/status-vote/current/consensus
+  da-3-hc-url: http://5.78.90.106:9230/tor/status-vote/current/consensus
+
+jobs:
+  push:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Deploy new version 
+        uses: ./.github/actions/deploy
+        with:
+          image-tag: ${{ env.image-tag }}
+          nomad-job-file: anon-da-node-live.hcl
+          health-checks: "${{ env.da-1-hc-url }}|${{ env.da-2-hc-url }}|${{ env.da-3-hc-url }}"
+          nomad-cacert: operations/admin-ui-ca.crt
+          nomad-token: ${{ secrets.NOMAD_TOKEN_ATOR_NETWORK_DEPLOY }}
+          nomad-addr: ${{ secrets.NOMAD_DEPLOY_ADDR }}
+          consul-cacert: operations/admin-ui-ca.crt
+          consul-http-token: ${{ secrets.CONSUL_HTTP_TOKEN_ATOR_NETWORK_DEPLOY }}
+          consul-addr: ${{ secrets.CONSUL_DEPLOY_ADDR }}

configure.ac

@@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2019, The Tor Project, Inc.
 dnl See LICENSE for licensing information
 
 AC_PREREQ([2.63])
-AC_INIT([anon],[0.4.9.0-dev])
+AC_INIT([anon],[0.4.9.1-git])
 AC_CONFIG_SRCDIR([src/app/main/anon_main.c])
 AC_CONFIG_MACRO_DIR([m4])
 
@@ -18,7 +18,7 @@ AC_DEFINE_UNQUOTED([CONFIG_FLAGS], ["$configure_flags"], [Flags passed to config
 # version number changes.  Tor uses it to make sure that it
 # only shuts down for missing "required protocols" when those protocols
 # are listed as required by a consensus after this date.
-AC_DEFINE(APPROX_RELEASE_DATE, ["2024-01-18"], # for 0.4.9.0-dev
+AC_DEFINE(APPROX_RELEASE_DATE, ["2024-03-13"], # for 0.4.9.1-git
           [Approximate date when this software was released. (Updated when the version changes.)])
 
 # "foreign" means we don't follow GNU package layout standards

contrib/win32build/anon-mingw.nsi.in

@@ -8,7 +8,7 @@
 !include "LogicLib.nsh"
 !include "FileFunc.nsh"
 !insertmacro GetParameters
-!define VERSION "0.4.9.0-dev"
+!define VERSION "0.4.9.1-git"
 !define INSTALLER "tor-${VERSION}-win32.exe"
 !define WEBSITE "https://www.torproject.org/"
 !define LICENSE "LICENSE"