diff --git a/.github/actions/build_package/action.yml b/.github/actions/build_package/action.yml index 998d0090..fbb95328 100644 --- a/.github/actions/build_package/action.yml +++ b/.github/actions/build_package/action.yml @@ -1,3 +1,4 @@ +# Creates miden-node.deb and miden-faucet.deb DEBIAN packages. name: build-package description: Builds miden-node and miden-faucet debian packages for the given git reference inputs: @@ -12,23 +13,19 @@ runs: id: git-sha shell: bash run: | - if git show-ref -q --verify "refs/remotes/origin/$gitref" 2>/dev/null; then - echo "sha=$(git show-ref --hash --verify "refs/remotes/origin/$gitref")" >> $GITHUB_OUTPUT - elif git show-ref -q --verify "refs/tags/$gitref" 2>/dev/null; then - echo "sha=$(git show-ref --hash --verify "refs/tags/$gitref")" >> $GITHUB_OUTPUT - elif git rev-parse --verify "$gitref^{commit}" >/dev/null 2>&1; then - echo "sha=$(git rev-parse --verify "$gitref^{commit})" >> $GITHUB_OUTPUT + if git show-ref -q --verify "refs/remotes/origin/${{ inputs.gitref }}" 2>/dev/null; then + echo "sha=$(git show-ref --hash --verify 'refs/remotes/origin/${{ inputs.gitref }}')" >> $GITHUB_OUTPUT + elif git show-ref -q --verify "refs/tags/${{ inputs.gitref }}" 2>/dev/null; then + echo "sha=$(git show-ref --hash --verify 'refs/tags/${{ inputs.gitref }}')" >> $GITHUB_OUTPUT + elif git rev-parse --verify "${{ inputs.gitreff }}^{commit}" >/dev/null 2>&1; then + echo "sha=$(git rev-parse --verify '${{ inputs.gitref }}^{commit}')" >> $GITHUB_OUTPUT else echo "::error Unknown git reference type" - # exit 1 + exit 1 fi - - name: Build binaries - run: | - cargo install miden-node --locked --features testing --git ${{ github.repositoryUrl }} --rev ${{ steps.git-sha.outputs.sha }} - cargo install miden-faucet --locked --features testing --git ${{ github.repositoryUrl }} --rev ${{ steps.git-sha.outputs.sha }} - - name: Create package directories + shell: bash run: | mkdir -p \ packaging/deb/miden-node/DEBIAN \ @@ -44,13 +41,9 @@ runs: packaging/deb/miden-faucet/etc/miden\ packaging/deb/miden-faucet/opt/miden/miden-faucet - - name: Copy binary files - run: | - cp -p $CARGO_HOME/bin/miden-node packaging/deb/miden-node/urs/bin/ - cp -p $CARGO_HOME/bin/miden-faucet packaging/deb/miden-faucet/urs/bin/ - # These have to be downloaded as the current repo source isn't necessarily the target git reference. - name: Copy package install scripts + shell: bash run: | git show ${{ steps.git-sha.outputs.sha }}:packaging/miden-node.service > packaging/deb/miden-node/lib/systemd/system/miden-node.service git show ${{ steps.git-sha.outputs.sha }}:packaging/postinst > packaging/deb/miden-node/DEBIAN/postinst @@ -58,15 +51,26 @@ runs: git show ${{ steps.git-sha.outputs.sha }}:packaging/miden-faucet.service > packaging/deb/miden-faucet/lib/systemd/system/miden-faucet.service git show ${{ steps.git-sha.outputs.sha }}:packaging/postinst > packaging/deb/miden-faucet/DEBIAN/postinst git show ${{ steps.git-sha.outputs.sha }}:packaging/postrm > packaging/deb/miden-faucet/DEBIAN/postrm + chmod 0775 packaging/deb/miden-node/DEBIAN/postinst + chmod 0775 packaging/deb/miden-node/DEBIAN/postrm + chmod 0775 packaging/deb/miden-faucet/DEBIAN/postinst + chmod 0775 packaging/deb/miden-faucet/DEBIAN/postrm - name: Create control files + shell: bash run: | + # Map the architecture to the format required by Debian. + # i.e. arm64 and amd64 instead of aarch64 and x86_64. + arch=$(uname -m | sed "s/x86_64/amd64/" | sed "s/aarch64/arm64/") + # Control file's version field must be x.y.z format so strip the rest. + version=$(git describe --tags --abbrev=0 | sed 's/[^0-9.]//g' ) + cat > packaging/deb/miden-node/DEBIAN/control << EOF Package: miden-node - Version: ${{ inputs.gitref }} + Version: $version Section: base Priority: optional - Architecture: $(uname -m) + Architecture: $arch Maintainer: Polygon Devops Description: miden-node binary package Homepage: https://polygon.technology/polygon-miden @@ -76,10 +80,10 @@ runs: cat > packaging/deb/miden-faucet/DEBIAN/control << EOF Package: miden-faucet - Version: ${{ inputs.gitref }} + Version: $version Section: base Priority: optional - Architecture: $(uname -m) + Architecture: $arch Maintainer: Polygon Devops Description: miden-faucet binary package Homepage: https://polygon.technology/polygon-miden @@ -87,7 +91,26 @@ runs: Vcs-Browser: https://github.com/0xPolygonMiden/miden-node EOF + - name: Build binaries + shell: bash + env: + repo-url: ${{ github.server_url }}/${{ github.repository }} + run: | + cargo install miden-node --root . --locked --features testing --git ${{ env.repo-url }} --rev ${{ steps.git-sha.outputs.sha }} + cargo install miden-faucet --root . --locked --features testing --git ${{ env.repo-url }} --rev ${{ steps.git-sha.outputs.sha }} + + - name: Copy binary files + shell: bash + run: | + cp -p ./bin/miden-node packaging/deb/miden-node/usr/bin/ + cp -p ./bin/miden-faucet packaging/deb/miden-faucet/usr/bin/ + - name: Build packages + shell: bash run: | dpkg-deb --build --root-owner-group packaging/deb/miden-node dpkg-deb --build --root-owner-group packaging/deb/miden-faucet + + # Save the .deb files, delete the rest. + mv packaging/deb/*.deb . + rm -rf packaging diff --git a/.github/actions/ssm_execute/action.yml b/.github/actions/ssm_execute/action.yml index 933fee59..d6376260 100644 --- a/.github/actions/ssm_execute/action.yml +++ b/.github/actions/ssm_execute/action.yml @@ -64,7 +64,7 @@ runs: break elif [ "$STATUS" == "Failed" ] || [ "$STATUS" == "Cancelled" ]; then echo "Command failed with status: $STATUS" - break + exit 1 else elapsed_time=$(( $(date +%s) - start_time )) if [ "$elapsed_time" -gt "$timeout" ]; then diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 70377268..fe4e24f2 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -8,20 +8,13 @@ on: required: true type: choice options: - - testnet - devnet + - testnet gitref: - description: 'Version, commit or other gitref to deploy' + description: 'Version, branch or commit to deploy' required: true type: string - - architecture: - description: 'Instance architecture' - type: choice - options: - - arm64 - default: 'arm64' permissions: id-token: write @@ -29,24 +22,28 @@ permissions: jobs: deploy: - # Select the runner based on the input architecture using github workflows ternary operator. + name: ${{ inputs.network }} - ${{ inputs.gitref }} + # This is our arm64 runner which matches the AWS instance. runs-on: - labels: ${{ inputs.architecture == 'arm64' && 'ubuntu22-arm-4core' || ubuntu-latest }} + labels: ubuntu22-arm-4core env: # Define the instance information. account-id: MIDEN_DEV_ACCOUNT_ID - oicdrole: midendev + oidcrole: midendev instance-id: ${{ inputs.network == 'testnet' && 'TESTNET_INSTANCE_TF' || 'DEVNET_INSTANCE_TF' }} # Define the expected package names. - node-package: miden-node-${{ inputs.gitref }}-${{ inputs.architecture }}.deb - faucet-package: miden-faucet-${{ inputs.gitref }}-${{ inputs.architecture }}.deb + node-package: miden-node-${{ inputs.gitref }}-aarch64.deb + faucet-package: miden-faucet-${{ inputs.gitref }}-aarch64.deb - # S3 path where packages are stored; used to send packages to instance as this isn't trivially possible directly. - s3-path: s3://release-artifacts-${{ secrets[env.account-id] }} steps: + # S3 path where packages are stored; used to send packages to instance as this isn't trivially possible directly. + # This cannot be done in the global env setup as it requires another env variable. + - name: Setup S3 path + run: echo "s3-path=s3://release-artifacts-${{ secrets[env.account-id] }}" >> $GITHUB_ENV + # Checkout repo so we have access to the required workflow actions. - name: Checkout repo uses: actions/checkout@v3 @@ -54,23 +51,25 @@ jobs: fetch-depth: 0 # Download from github if its a version tag referece. - - name: Download packages from releases + - name: Download from releases if: ${{ startsWith(inputs.gitref, 'v') }} + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - gh release ${{ inputs.gitref }} download ${{ env.node-package }} - gh release ${{ inputs.gitref }} download ${{ env.node-package }}.checksum - gh release ${{ inputs.gitref }} download ${{ env.faucet-package }} - gh release ${{ inputs.gitref }} download ${{ env.faucet-package }}.checksum + gh release download ${{ inputs.gitref }} -p ${{ env.node-package }} + gh release download ${{ inputs.gitref }} -p ${{ env.node-package }}.checksum + gh release download ${{ inputs.gitref }} -p ${{ env.faucet-package }} + gh release download ${{ inputs.gitref }} -p ${{ env.faucet-package }}.checksum - sha256 --check ${{ env.node-package }}.checksum - sha256 --check ${{ env.faucet-package }}.checksum + sha256sum --check ${{ env.node-package }}.checksum + sha256sum --check ${{ env.faucet-package }}.checksum # Otherwise build the packages from source. # # Note that we cannot build from the currently checked out repo source since that source # defines our workflow actions, and not the compilation source target. For this reason we # prefer building the binary using `cargo install ...`. - - name: Build package + - name: Build from source if: ${{ !startsWith(inputs.gitref, 'v') }} run: | echo "::error Non-release deployment currently not supported" @@ -92,19 +91,18 @@ jobs: sudo apt udpate; \ sudo apt install awscli -y - # Move packages to instance using S3. - # TODO: does this fail if the files already exist? + # Move packages to instance using S3. Note that this will clobber the files. - name: Upload packages to S3 run: | - aws s3 cp ${{ env.node-package }} ${{ env.s3-path }}/${{ env.node-package }} - aws s3 cp ${{ env.node-faucet }} ${{ env.s3-path }}/${{ env.node-faucet }} + aws s3 cp ${{ env.node-package }} ${{ env.s3-path }}/${{ env.node-package }} + aws s3 cp ${{ env.faucet-package }} ${{ env.s3-path }}/${{ env.faucet-package }} - # TODO: does this fail if the files already exist? - name: Download packages to instance uses: ./.github/actions/ssm_execute with: instance_id: ${{ secrets[env.instance-id] }} command: | + touch iamhere.log; \ aws s3 cp ${{ env.s3-path }}/${{ env.node-package }} ${{ env.node-package}}; \ aws s3 cp ${{ env.s3-path }}/${{ env.faucet-package }} ${{ env.faucet-package}} @@ -117,7 +115,6 @@ jobs: sudo systemctl stop miden-node; \ sudo systemctl stop miden-faucet; \ sudo apt remove miden-node miden-faucet -y; \ - sudo rm -f miden-* - name: Install packages uses: ./.github/actions/ssm_execute diff --git a/.github/workflows/package.yml b/.github/workflows/package.yml index 3db431db..aff7a100 100644 --- a/.github/workflows/package.yml +++ b/.github/workflows/package.yml @@ -1,5 +1,6 @@ +# Release debian packages for miden node and faucet. name: Release packages -run-name: Release packaging for ${{ env.version }} +run-name: Release packaging for ${{ inputs.version || github.ref }} env: version: ${{ inputs.version || github.ref }} @@ -21,10 +22,12 @@ permissions: jobs: package: - matrix: - os: [ubuntu-latest, ubuntu22-arm-4core] + name: ${{ inputs.version }} for ${{ matrix.architecture }} + strategy: + matrix: + architecture: [aarch64, x86_64] runs-on: - labels: ${{ matrix.os }} + labels: ${{ inputs.architecture == 'aarch64' && 'ubuntu22-arm-4core' || 'ubuntu-latest' }} steps: # Note that this checkout is _not_ used as the source for the package. # Instead this is required to access the workflow actions. Package source @@ -35,16 +38,15 @@ jobs: fetch-depth: 0 - name: Build packages - uses: ./.github/actions/build_packages + uses: ./.github/actions/build_package with: gitref: ${{ env.version }} - name: Package names - env: - arch: $(uname -m) run: | - echo "node-package=$(echo miden-node-${{ env.version }}-${{ env.arch }}.deb") >> $GITHUB_ENV - echo "faucet-package=$(echo miden-faucet-${{ env.version }}-${{ env.arch }}.deb") >> $GITHUB_ENV + arch=$(uname -m) + echo "node-package=miden-node-${{ env.version }}-$arch.deb" >> $GITHUB_ENV + echo "faucet-package=miden-faucet-${{ env.version }}-$arch.deb" >> $GITHUB_ENV - name: Rename package files run: | @@ -57,6 +59,8 @@ jobs: sha256sum ${{ env.faucet-package }} > ${{ env.faucet-package }}.checksum - name: Publish packages + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | gh release upload ${{ env.version }} \ ${{ env.node-package }} \