This repository has been archived by the owner on Nov 15, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2.6k
/
Copy pathpublish.yml
238 lines (223 loc) · 9.56 KB
/
publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
# This file is part of .gitlab-ci.yml
# Here are all jobs that are executed during "publish" stage
.build-push-docker-image-common:
extends:
- .kubernetes-env
stage: publish
variables:
CI_IMAGE: $BUILDAH_IMAGE
GIT_STRATEGY: none
DOCKERFILE: $PRODUCT.Dockerfile
IMAGE_NAME: docker.io/$IMAGE_PATH
before_script:
- !reference [.job-switcher, before_script]
- cd ./artifacts/$PRODUCT/
- VERSION="$(cat ./VERSION)"
- echo "${PRODUCT} version = ${VERSION}"
- test -z "${VERSION}" && exit 1
script:
- test "$DOCKER_USER" -a "$DOCKER_PASS" ||
( echo "no docker credentials provided"; exit 1 )
- buildah bud
--format=docker
--build-arg VCS_REF="${CI_COMMIT_SHA}"
--build-arg BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M:%SZ')"
--build-arg IMAGE_NAME="${IMAGE_PATH}"
--tag "$IMAGE_NAME:$VERSION"
--tag "$IMAGE_NAME:latest"
--file "$DOCKERFILE" .
- echo "$DOCKER_PASS" |
buildah login --username "$DOCKER_USER" --password-stdin docker.io
- buildah info
- buildah push --format=v2s2 "$IMAGE_NAME:$VERSION"
- buildah push --format=v2s2 "$IMAGE_NAME:latest"
after_script:
- buildah logout --all
- echo "SUBSTRATE_IMAGE_NAME=${IMAGE_NAME}" | tee -a ./artifacts/$PRODUCT/build.env
- IMAGE_TAG="$(cat ./artifacts/$PRODUCT/VERSION)"
- echo "SUBSTRATE_IMAGE_TAG=${IMAGE_TAG}" | tee -a ./artifacts/$PRODUCT/build.env
- cat ./artifacts/$PRODUCT/build.env
.build-push-docker-image:
extends:
- .publish-refs
- .build-push-docker-image-common
variables:
IMAGE_PATH: parity/$PRODUCT
DOCKER_USER: $Docker_Hub_User_Parity
DOCKER_PASS: $Docker_Hub_Pass_Parity
# publish image to docker.io/paritypr, (e.g. for later use in zombienet testing)
.build-push-image-temporary:
extends:
- .build-refs
- .build-push-docker-image-common
variables:
IMAGE_PATH: paritypr/$PRODUCT
DOCKER_USER: $PARITYPR_USER
DOCKER_PASS: $PARITYPR_PASS
publish-docker-substrate:
extends: .build-push-docker-image
needs:
- job: build-linux-substrate
artifacts: true
variables:
PRODUCT: substrate
publish-docker-substrate-temporary:
extends: .build-push-image-temporary
needs:
- job: build-linux-substrate
artifacts: true
variables:
PRODUCT: substrate
artifacts:
reports:
# this artifact is used in zombienet-tests job
# https://docs.gitlab.com/ee/ci/multi_project_pipelines.html#with-variable-inheritance
dotenv: ./artifacts/$PRODUCT/build.env
expire_in: 24h
publish-docker-subkey:
extends: .build-push-docker-image
needs:
- job: build-subkey-linux
artifacts: true
variables:
PRODUCT: subkey
publish-s3-release:
stage: publish
extends:
- .publish-refs
- .kubernetes-env
needs:
- job: build-linux-substrate
artifacts: true
- job: build-subkey-linux
artifacts: true
image: paritytech/awscli:latest
variables:
GIT_STRATEGY: none
BUCKET: "releases.parity.io"
PREFIX: "substrate/${ARCH}-${DOCKER_OS}"
script:
- aws s3 sync ./artifacts/ s3://${BUCKET}/${PREFIX}/$(cat ./artifacts/substrate/VERSION)/
- echo "update objects in latest path"
- aws s3 sync s3://${BUCKET}/${PREFIX}/$(cat ./artifacts/substrate/VERSION)/ s3://${BUCKET}/${PREFIX}/latest/
after_script:
- aws s3 ls s3://${BUCKET}/${PREFIX}/latest/
--recursive --human-readable --summarize
publish-rustdoc:
stage: publish
extends: .kubernetes-env
variables:
CI_IMAGE: node:16
GIT_DEPTH: 100
RUSTDOCS_DEPLOY_REFS: "master"
rules:
- if: $CI_PIPELINE_SOURCE == "pipeline"
when: never
- if: $CI_PIPELINE_SOURCE == "web" && $CI_COMMIT_REF_NAME == "master"
- if: $CI_COMMIT_REF_NAME == "master"
- if: $CI_COMMIT_REF_NAME =~ /^monthly-20[0-9]{2}-[0-9]{2}.*$/ # to support: monthly-2021-09+1
- if: $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/ # i.e. v1.0, v2.1rc1
# `needs:` can be removed after CI image gets nonroot. In this case `needs:` stops other
# artifacts from being dowloaded by this job.
needs:
- job: build-rustdoc
artifacts: true
script:
# If $CI_COMMIT_REF_NAME doesn't match one of $RUSTDOCS_DEPLOY_REFS space-separated values, we
# exit immediately.
# Putting spaces at the front and back to ensure we are not matching just any substring, but the
# whole space-separated value.
- '[[ " ${RUSTDOCS_DEPLOY_REFS} " =~ " ${CI_COMMIT_REF_NAME} " ]] || exit 0'
# setup ssh
- eval $(ssh-agent)
- ssh-add - <<< ${GITHUB_SSH_PRIV_KEY}
- mkdir ~/.ssh && touch ~/.ssh/known_hosts
- ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts
# Set git config
- git config user.email "[email protected]"
- git config user.name "${GITHUB_USER}"
- git config remote.origin.url "[email protected]:/paritytech/${CI_PROJECT_NAME}.git"
- git config remote.origin.fetch "+refs/heads/*:refs/remotes/origin/*"
- git fetch origin gh-pages
# Save README and docs
- cp -r ./crate-docs/ /tmp/doc/
- cp README.md /tmp/doc/
# we don't need to commit changes because we copy docs to /tmp
- git checkout gh-pages --force
# Install `index-tpl-crud` and generate index.html based on RUSTDOCS_DEPLOY_REFS
- which index-tpl-crud &> /dev/null || yarn global add @substrate/index-tpl-crud
- index-tpl-crud upsert ./index.html ${CI_COMMIT_REF_NAME}
# Ensure the destination dir doesn't exist.
- rm -rf ${CI_COMMIT_REF_NAME}
- mv -f /tmp/doc ${CI_COMMIT_REF_NAME}
# Upload files
- git add --all
# `git commit` has an exit code of > 0 if there is nothing to commit.
# This causes GitLab to exit immediately and marks this job failed.
# We don't want to mark the entire job failed if there's nothing to
# publish though, hence the `|| true`.
- git commit -m "___Updated docs for ${CI_COMMIT_REF_NAME}___" ||
echo "___Nothing to commit___"
- git push origin gh-pages --force
after_script:
- rm -rf .git/ ./*
publish-draft-release:
stage: publish
image: paritytech/tools:latest
rules:
- if: $CI_COMMIT_REF_NAME =~ /^ci-release-.*$/
- if: $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/ # i.e. v1.0, v2.1rc1
script:
- ./scripts/ci/gitlab/publish_draft_release.sh
allow_failure: true
# Ref: https://github.com/paritytech/opstooling/issues/111
update-node-template:
stage: publish
extends: .kubernetes-env
rules:
- if: $CI_COMMIT_REF_NAME =~ /^polkadot-v[0-9]+\.[0-9]+.*$/ # i.e. polkadot-v1.0.99, polkadot-v2.1rc1
script:
- git clone --depth=1 --branch="$PIPELINE_SCRIPTS_TAG" https://github.com/paritytech/pipeline-scripts
- ./pipeline-scripts/update_substrate_template.sh
--repo-name "substrate-node-template"
--template-path "bin/node-template"
--github-api-token "$GITHUB_TOKEN"
--polkadot-branch "$CI_COMMIT_REF_NAME"
.publish-crates-template:
stage: publish
extends: .crates-publishing-template
# We don't want multiple jobs racing to publish crates as it's redundant and they might overwrite
# the releases of one another. Use resource_group to ensure that at most one instance of this job
# is running at any given time.
resource_group: crates-publishing
variables:
# crates.io rate limits crates publishing by 1 per minute, so a delay needs to be inserted
# slightly higher than that after publishing each crate. The value is specified in seconds.
SPUB_AFTER_PUBLISH_DELAY: 64
# We might have to publish lots of crates at a time. Given the 1 minute delay introduced above and
# taking into account the 202 (as of Dec 07, 2022) publishable Substrate crates, that would equate
# to roughly 202 minutes of delay, or 3h and 22 minutes. As such, the job needs to have a much
# higher timeout than average.
timeout: 9h
# A custom publishing environment is used for us to be able to set up protected secrets
# specifically for it
environment: publish-crates
script:
- rusty-cachier snapshot create
- git clone
--depth 1
--branch "$RELENG_SCRIPTS_BRANCH"
https://github.com/paritytech/releng-scripts.git
- CRATESIO_TARGET_INSTANCE=default ./releng-scripts/publish-crates
- rusty-cachier cache upload
publish-crates:
extends: .publish-crates-template
needs:
- job: publish-crates-locally
artifacts: false
rules:
- if: $CI_COMMIT_REF_NAME == "master"
publish-crates-manual:
extends: .publish-crates-template
when: manual
allow_failure: true