diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1c59f23e8d..834a34e919 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -50,21 +50,30 @@ jobs: with: alias: "fmt-stacks" - ###################################################################################### - ## Check if the branch that this workflow is being run against is a release branch + ## Check if the head branch of the PR is a release branch + ## + ## Runs when the following is true: + ## - The workflow was triggered by a `workflow_dispatch` action check-release: + if: | + ( + github.event_name == 'workflow_dispatch' + ) name: Check Release needs: - rustfmt runs-on: ubuntu-latest outputs: - tag: ${{ steps.check_release.outputs.tag }} - docker_tag: ${{ steps.check_release.outputs.docker_tag }} - is_release: ${{ steps.check_release.outputs.is_release }} + node_tag: ${{ steps.check_release.outputs.node_tag }} + node_docker_tag: ${{ steps.check_release.outputs.node_docker_tag }} + signer_tag: ${{ steps.check_release.outputs.signer_tag }} + signer_docker_tag: ${{ steps.check_release.outputs.signer_docker_tag }} + is_node_release: ${{ steps.check_release.outputs.is_node_release }} + is_signer_release: ${{ steps.check_release.outputs.is_signer_release }} steps: - name: Check Release id: check_release - uses: stacks-network/actions/stacks-core/check-release@main + uses: stacks-network/actions/stacks-core/release/check-release@main with: tag: ${{ github.ref_name }} @@ -75,15 +84,20 @@ jobs: ## - it is a release run create-release: if: | - needs.check-release.outputs.is_release == 'true' - name: Create Release + needs.check-release.outputs.is_node_release == 'true' || + needs.check-release.outputs.is_signer_release == 'true' + name: Create Release(s) needs: - rustfmt - check-release uses: ./.github/workflows/github-release.yml with: - tag: ${{ needs.check-release.outputs.tag }} - docker_tag: ${{ needs.check-release.outputs.docker_tag }} + node_tag: ${{ needs.check-release.outputs.node_tag }} + node_docker_tag: ${{ needs.check-release.outputs.node_docker_tag }} + signer_tag: ${{ needs.check-release.outputs.signer_tag }} + signer_docker_tag: ${{ needs.check-release.outputs.signer_docker_tag }} + is_node_release: ${{ needs.check-release.outputs.is_node_release }} + is_signer_release: ${{ needs.check-release.outputs.is_signer_release }} secrets: inherit ## Build and push Debian image built from source @@ -92,7 +106,7 @@ jobs: ## - it is not a release run docker-image: if: | - needs.check-release.outputs.is_release != 'true' + needs.check-release.outputs.is_signer_release != 'true' name: Docker Image (Source) uses: ./.github/workflows/image-build-source.yml needs: @@ -112,7 +126,7 @@ jobs: ## - commit to either (development, master) branch create-cache: if: | - needs.check-release.outputs.is_release == 'true' || ( + needs.check-release.outputs.is_node_release == 'true' || ( github.event_name == 'workflow_dispatch' || github.event_name == 'pull_request' || github.event_name == 'merge_group' || @@ -144,7 +158,7 @@ jobs: ## - commit to either (development, next, master) branch stacks-core-tests: if: | - needs.check-release.outputs.is_release == 'true' || ( + needs.check-release.outputs.is_signer_release == 'true' || ( github.event_name == 'workflow_dispatch' || github.event_name == 'pull_request' || github.event_name == 'merge_group' || @@ -166,7 +180,7 @@ jobs: bitcoin-tests: if: | - needs.check-release.outputs.is_release == 'true' || ( + needs.check-release.outputs.is_node_release == 'true' || ( github.event_name == 'workflow_dispatch' || github.event_name == 'pull_request' || github.event_name == 'merge_group' || @@ -189,7 +203,7 @@ jobs: p2p-tests: if: | - needs.check-release.outputs.is_release == 'true' || ( + needs.check-release.outputs.is_node_release == 'true' || ( github.event_name == 'workflow_dispatch' || github.event_name == 'pull_request' || github.event_name == 'merge_group' || @@ -214,7 +228,7 @@ jobs: ## Runs when: ## - it is a release run atlas-tests: - if: needs.check-release.outputs.is_release == 'true' + if: needs.check-release.outputs.is_node_release == 'true' name: Atlas Tests needs: - rustfmt @@ -223,7 +237,7 @@ jobs: uses: ./.github/workflows/atlas-tests.yml epoch-tests: - if: needs.check-release.outputs.is_release == 'true' + if: needs.check-release.outputs.is_node_release == 'true' name: Epoch Tests needs: - rustfmt @@ -232,7 +246,7 @@ jobs: uses: ./.github/workflows/epoch-tests.yml slow-tests: - if: needs.check-release.outputs.is_release == 'true' + if: needs.check-release.outputs.is_node_release == 'true' name: Slow Tests needs: - rustfmt diff --git a/.github/workflows/create-source-binary.yml b/.github/workflows/create-source-binary.yml deleted file mode 100644 index 385b30af7d..0000000000 --- a/.github/workflows/create-source-binary.yml +++ /dev/null @@ -1,60 +0,0 @@ -## Github workflow to create multiarch binaries from source - -name: Create Binaries - -on: - workflow_call: - inputs: - tag: - description: "Tag name of this release (x.y.z)" - required: true - type: string - -## change the display name to the tag being built -run-name: ${{ inputs.tag }} - -concurrency: - group: create-binary-${{ github.head_ref || github.ref || github.run_id}} - ## Only cancel in progress if this is for a PR - cancel-in-progress: ${{ github.event_name == 'pull_request' }} - -jobs: - ## Runs when the following is true: - ## - tag is provided - artifact: - if: | - inputs.tag != '' - name: Build Binaries - runs-on: ubuntu-latest - strategy: - ## Run a maximum of 10 builds concurrently, using the matrix defined in inputs.arch - max-parallel: 10 - matrix: - arch: - - linux-musl - - linux-glibc - - macos - - windows - cpu: - - arm64 - - armv7 - - x86-64 ## defaults to x86-64-v3 variant - intel haswell (2013) and newer - # - x86-64-v2 ## intel nehalem (2008) and newer - # - x86-64-v3 ## intel haswell (2013) and newer - # - x86-64-v4 ## intel skylake (2017) and newer - exclude: - - arch: windows # excludes windows-arm64 - cpu: arm64 - - arch: windows # excludes windows-armv7 - cpu: armv7 - - arch: macos # excludes macos-armv7 - cpu: armv7 - - steps: - - name: Build Binary (${{ matrix.arch }}_${{ matrix.cpu }}) - id: build_binary - uses: stacks-network/actions/stacks-core/create-source-binary@main - with: - arch: ${{ matrix.arch }} - cpu: ${{ matrix.cpu }} - tag: ${{ inputs.tag }} diff --git a/.github/workflows/github-release.yml b/.github/workflows/github-release.yml index 9d4e18c665..a1b5bf9834 100644 --- a/.github/workflows/github-release.yml +++ b/.github/workflows/github-release.yml @@ -5,12 +5,28 @@ name: Github Release on: workflow_call: inputs: - tag: - description: "Release Tag" + node_tag: + description: "Node Release Tag" required: true type: string - docker_tag: - description: "Docker Release Tag" + node_docker_tag: + description: "Node Docker Release Tag" + required: true + type: string + signer_tag: + description: "Signer Release Tag" + required: true + type: string + signer_docker_tag: + description: "Signer Docker Release Tag" + required: true + type: string + is_node_release: + description: "True if it is a node release" + required: true + type: string + is_signer_release: + description: "True if it is a signer release" required: true type: string secrets: @@ -22,81 +38,107 @@ concurrency: ## Always cancel duplicate jobs cancel-in-progress: true -run-name: ${{ inputs.tag }} +run-name: ${{ inputs.node_tag || inputs.signer_tag }} jobs: ## Build arch dependent binaries from source ## ## Runs when the following is true: - ## - tag is provided + ## - either node or signer tag is provided build-binaries: if: | - inputs.tag != '' + inputs.node_tag != '' || + inputs.signer_tag != '' name: Build Binaries - uses: ./.github/workflows/create-source-binary.yml - with: - tag: ${{ inputs.tag }} - secrets: inherit + runs-on: ubuntu-latest + strategy: + ## Run a maximum of 10 builds concurrently, using the matrix defined in inputs.arch + max-parallel: 10 + matrix: + arch: + - linux-musl + - linux-glibc + - macos + - windows + cpu: + - arm64 + - armv7 + - x86-64 ## defaults to x86-64-v3 variant - intel haswell (2013) and newer + # - x86-64-v2 ## intel nehalem (2008) and newer + # - x86-64-v3 ## intel haswell (2013) and newer + # - x86-64-v4 ## intel skylake (2017) and newer + exclude: + - arch: windows # excludes windows-arm64 + cpu: arm64 + - arch: windows # excludes windows-armv7 + cpu: armv7 + - arch: macos # excludes macos-armv7 + cpu: armv7 + steps: + - name: Build Binary (${{ matrix.arch }}_${{ matrix.cpu }}) + uses: stacks-network/actions/stacks-core/release/create-source-binary@main + with: + arch: ${{ matrix.arch }} + cpu: ${{ matrix.cpu }} + node_tag: ${{ inputs.node_tag }} + signer_tag: ${{ inputs.signer_tag }} + signer_docker_tag: ${{ inputs.signer_docker_tag }} + is_node_release: ${{ inputs.is_node_release }} ## Runs when the following is true: - ## - tag is provided - ## - workflow is building default branch (master) + ## - either node or signer tag is provided create-release: if: | - inputs.tag != '' + inputs.node_tag != '' || + inputs.signer_tag != '' name: Create Release runs-on: ubuntu-latest needs: - build-binaries steps: - ## Downloads the artifacts built in `create-source-binary.yml` - - name: Download Artifacts - id: download_artifacts - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + ## Creates releases + - name: Create Release + uses: stacks-network/actions/stacks-core/release/create-github-releases@main with: - pattern: ${{ inputs.tag }}-binary-build-* - path: release - merge-multiple: true - - ## Generate a checksums file to be added to the release page - - name: Generate Checksums - id: generate_checksum - uses: stacks-network/actions/generate-checksum@main - with: - artifact_download_pattern: "${{ inputs.tag }}-binary-build-*" - - ## Upload the release archives with the checksums file - - name: Upload Release - id: upload_release - uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 #v2.0.5 - env: - GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} - with: - name: Release ${{ inputs.tag || github.ref }} - tag_name: ${{ inputs.tag || github.ref }} - draft: false - prerelease: true - fail_on_unmatched_files: true - target_commitish: ${{ github.sha }} - generate_release_notes: true - files: | - release/*.zip - CHECKSUMS.txt + node_tag: ${{ inputs.node_tag }} + node_docker_tag: ${{ inputs.node_docker_tag }} + signer_tag: ${{ inputs.signer_tag }} + signer_docker_tag: ${{ inputs.signer_docker_tag }} + is_node_release: ${{ inputs.is_node_release }} + is_signer_release: ${{ inputs.is_signer_release }} + GH_TOKEN: ${{ secrets.GH_TOKEN }} ## Builds arch dependent Docker images from binaries ## ## Runs when the following is true: - ## - tag is provided - ## - workflow is building default branch (master) + ## - either node or signer tag is provided docker-image: if: | - inputs.tag != '' + inputs.node_tag != '' || + inputs.signer_tag != '' name: Docker Image (Binary) - uses: ./.github/workflows/image-build-binary.yml + runs-on: ubuntu-latest needs: - build-binaries - create-release - with: - tag: ${{ inputs.tag }} - docker_tag: ${{ inputs.docker_tag }} - secrets: inherit + strategy: + fail-fast: false + ## Build a maximum of 2 images concurrently based on matrix.dist + max-parallel: 2 + matrix: + dist: + - alpine + - debian + steps: + - name: Create Docker Image + uses: stacks-network/actions/stacks-core/release/create-docker-images@main + with: + node_tag: ${{ inputs.node_tag }} + node_docker_tag: ${{ inputs.node_docker_tag }} + signer_tag: ${{ inputs.signer_tag }} + signer_docker_tag: ${{ inputs.signer_docker_tag }} + is_node_release: ${{ inputs.is_node_release }} + is_signer_release: ${{ inputs.is_signer_release }} + DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} + DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} + dist: ${{ matrix.dist }} diff --git a/.github/workflows/image-build-binary.yml b/.github/workflows/image-build-binary.yml deleted file mode 100644 index 5966d7e68a..0000000000 --- a/.github/workflows/image-build-binary.yml +++ /dev/null @@ -1,145 +0,0 @@ -## Github workflow to build a multiarch docker image from pre-built binaries - -name: Docker Image (Binary) - -on: - workflow_call: - inputs: - tag: - required: true - type: string - description: "Version tag of release" - docker_tag: - required: true - type: string - description: "Version tag for docker images" - -## Define which docker arch to build for -env: - docker_platforms: "linux/arm64, linux/arm/v7, linux/amd64, linux/amd64/v3" - docker-org: blockstack - -concurrency: - group: docker-image-binary-${{ github.head_ref || github.ref || github.run_id }} - ## Always cancel duplicate jobs - cancel-in-progress: true - -run-name: ${{ inputs.tag }} - -jobs: - ## Runs when the following is true: - ## - tag is provided - ## - workflow is building default branch (master) - image: - if: | - inputs.tag != '' - name: Build Image - runs-on: ubuntu-latest - strategy: - fail-fast: false - ## Build a maximum of 2 images concurrently based on matrix.dist - max-parallel: 2 - matrix: - dist: - - alpine - - debian - steps: - ## Setup Docker for the builds - - name: Docker setup - id: docker_setup - uses: stacks-network/actions/docker@main - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_PASSWORD }} - - ## if the repo owner is not `stacks-network`, default to a docker-org of the repo owner (i.e. github user id) - ## this allows forks to run the docker push workflows without having to hardcode a dockerhub org (but it does require docker hub user to match github username) - - name: Set Local env vars - id: set_env - if: | - github.repository_owner != 'stacks-network' - run: | - echo "docker-org=${{ github.repository_owner }}" >> "$GITHUB_ENV" - - - name: Check Signer Release - id: check_signer_release - run: | - case "${{ inputs.tag }}" in - signer-*) - echo "is-signer-release=true" >> $GITHUB_ENV - ;; - *) - echo "is-signer-release=false" >> $GITHUB_ENV - ;; - esac - - ## Set docker metatdata - ## - depending on the matrix.dist, different tags will be enabled - ## ex. debian will have this tag: `type=ref,event=tag,enable=${{ matrix.dist == 'debian' }}` - - name: Docker Metadata ( ${{matrix.dist}} ) - if: ${{ env.is-signer-release == 'true' }} - id: docker_metadata_signer - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 #v5.5.1 - with: - images: | - ${{env.docker-org}}/stacks-signer - tags: | - type=raw,value=latest,enable=${{ inputs.docker_tag != '' && (github.ref == format('refs/heads/{0}', github.event.repository.default_branch) ) && matrix.dist == 'debian' }} - type=raw,value=${{ inputs.docker_tag }}-${{ matrix.dist }},enable=${{ inputs.docker_tag != '' && matrix.dist == 'debian'}} - type=raw,value=${{ inputs.docker_tag }},enable=${{ inputs.docker_tag != '' && matrix.dist == 'debian' }} - type=ref,event=tag,enable=${{ matrix.dist == 'debian' }} - type=raw,value=latest-${{ matrix.dist }},enable=${{ inputs.docker_tag != '' && (github.ref == format('refs/heads/{0}', github.event.repository.default_branch) ) && matrix.dist == 'alpine' }} - type=raw,value=${{ inputs.docker_tag }}-${{ matrix.dist }},enable=${{ inputs.docker_tag != '' && matrix.dist == 'alpine' }} - - - name: Docker Metadata ( ${{matrix.dist}} ) - if: ${{ env.is-signer-release == 'false' }} - id: docker_metadata_node - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 #v5.5.1 - with: - ## tag images with current repo name `stacks-core` as well as legacy `stacks-blockchain` - images: | - ${{env.docker-org}}/${{ github.event.repository.name }} - ${{env.docker-org}}/stacks-blockchain - tags: | - type=raw,value=latest,enable=${{ inputs.docker_tag != '' && (github.ref == format('refs/heads/{0}', github.event.repository.default_branch) ) && matrix.dist == 'debian' }} - type=raw,value=${{ inputs.docker_tag }}-${{ matrix.dist }},enable=${{ inputs.docker_tag != '' && matrix.dist == 'debian'}} - type=raw,value=${{ inputs.docker_tag }},enable=${{ inputs.docker_tag != '' && matrix.dist == 'debian' }} - type=ref,event=tag,enable=${{ matrix.dist == 'debian' }} - type=raw,value=latest-${{ matrix.dist }},enable=${{ inputs.docker_tag != '' && (github.ref == format('refs/heads/{0}', github.event.repository.default_branch) ) && matrix.dist == 'alpine' }} - type=raw,value=${{ inputs.docker_tag }}-${{ matrix.dist }},enable=${{ inputs.docker_tag != '' && matrix.dist == 'alpine' }} - - ## Build docker image for signer release - - name: Build and Push ( ${{matrix.dist}} ) - if: ${{ env.is-signer-release == 'true' }} - id: docker_build_signer - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 - with: - file: ./.github/actions/dockerfiles/Dockerfile.${{ matrix.dist }}-binary - platforms: ${{ env.docker_platforms }} - tags: ${{ steps.docker_metadata_signer.outputs.tags }} - labels: ${{ steps.docker_metadata_signer.outputs.labels }} - build-args: | - TAG=${{ inputs.tag }} - REPO=${{ github.repository_owner }}/${{ github.event.repository.name }} - STACKS_NODE_VERSION=${{ inputs.tag || env.GITHUB_SHA_SHORT }} - GIT_BRANCH=${{ env.GITHUB_REF_SHORT }} - GIT_COMMIT=${{ env.GITHUB_SHA_SHORT }} - push: ${{ env.DOCKER_PUSH }} - - ## Build docker image for node release - - name: Build and Push ( ${{matrix.dist}} ) - if: ${{ env.is-signer-release == 'false' }} - id: docker_build_node - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 - with: - file: ./.github/actions/dockerfiles/Dockerfile.${{ matrix.dist }}-binary - platforms: ${{ env.docker_platforms }} - tags: ${{ steps.docker_metadata_node.outputs.tags }} - labels: ${{ steps.docker_metadata_node.outputs.labels }} - build-args: | - TAG=${{ inputs.tag }} - REPO=${{ github.repository_owner }}/${{ github.event.repository.name }} - STACKS_NODE_VERSION=${{ inputs.tag || env.GITHUB_SHA_SHORT }} - GIT_BRANCH=${{ env.GITHUB_REF_SHORT }} - GIT_COMMIT=${{ env.GITHUB_SHA_SHORT }} - push: ${{ env.DOCKER_PUSH }}