-
Notifications
You must be signed in to change notification settings - Fork 8
155 lines (137 loc) · 5.65 KB
/
gambit.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
name: Gambit
on: [push, pull_request]
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: full
jobs:
build-linux:
runs-on: ubuntu-20.04
env:
TAG: ${{ github.ref_name }}
steps:
- uses: actions/checkout@v4
- name: Check rust
run: |
rustup --version
cargo --version
rustc --version
- name: Cache cargo bin
uses: actions/cache@v4
with:
path: ~/.cargo/bin
key: ${{ runner.os }}-cargo-bin
- name: Install solc for sanity checks
run: |
if [[ ! -f "/usr/bin/solc" ]]
then
wget -q https://github.com/ethereum/solidity/releases/download/v0.8.13/solc-static-linux
mv solc-static-linux solc
chmod +x solc
sudo mv solc /usr/bin/solc
fi
- name: Build and Test
run: make all_linux
- name: Rename gambit binary
if: startsWith(github.event.ref, 'refs/tags/v') # only on new tag creation
run: mv ./target/x86_64-unknown-linux-gnu/release/gambit ./target/x86_64-unknown-linux-gnu/release/gambit-linux-$TAG
- name: Upload artifact to action
uses: actions/upload-artifact@v4
if: startsWith(github.event.ref, 'refs/tags/v') # only on new tag creation
with:
name: gambit-linux-${{ env.TAG }}
path: ./target/x86_64-unknown-linux-gnu/release/gambit-linux-${{ env.TAG }}
build-mac:
runs-on: macos-latest
env:
TAG: ${{ github.ref_name }}
steps:
- uses: actions/checkout@v4
- name: Check rust
run: |
rustup --version
cargo --version
rustc --version
- name: Cache cargo bin
uses: actions/cache@v4
with:
path: ~/.cargo/bin
key: ${{ runner.os }}-cargo-bin
- name: Install solc for sanity checks
run: |
if [[ ! -f "/usr/bin/solc" ]]
then
wget -q https://github.com/ethereum/solidity/releases/download/v0.8.13/solc-macos
chmod +x solc-macos
sudo mv solc-macos /usr/local/bin/solc
fi
- name: Build and Test
run: |
rustup target add x86_64-apple-darwin
make all_macos
- name: Darwin link as Universal
run: lipo -create -output gambit-macos target/aarch64-apple-darwin/release/gambit target/x86_64-apple-darwin/release/gambit
- name: Create keychain
run: |
printf ${{ secrets.APPLE_P12_BASE64 }} | base64 -d > dev.p12
security create-keychain -p "${{ secrets.APPLE_TEMPKEYCHAIN_PASSWORD }}" "${{ secrets.APPLE_TEMPKEYCHAIN_NAME }}"
security list-keychains -d user -s "${{ secrets.APPLE_TEMPKEYCHAIN_NAME }}" $(security list-keychains -d user | tr -d '"')
security set-keychain-settings "${{ secrets.APPLE_TEMPKEYCHAIN_NAME }}"
security import dev.p12 -k "${{ secrets.APPLE_TEMPKEYCHAIN_NAME }}" -P "${{ secrets.APPLE_P12_PASSWORD }}" -T "/usr/bin/codesign"
security set-key-partition-list -S apple-tool:,apple: -s -k "${{ secrets.APPLE_TEMPKEYCHAIN_PASSWORD }}" -D "${{ secrets.APPLE_CODESIGN_IDENTITY }}" -t private ${{ secrets.APPLE_TEMPKEYCHAIN_NAME }}
security default-keychain -d user -s ${{ secrets.APPLE_TEMPKEYCHAIN_NAME }}
security unlock-keychain -p ${{ secrets.APPLE_TEMPKEYCHAIN_PASSWORD }} ${{ secrets.APPLE_TEMPKEYCHAIN_NAME }}
- name: Sign the binary
run: |
codesign -o runtime --timestamp -s "${{ secrets.APPLE_CODESIGN_IDENTITY }}" -v gambit-macos
ditto -c -k gambit-macos gambit-macos.zip
- name: Notarize
run: |
xcrun notarytool store-credentials --apple-id shelly@certora.com --password "${{ secrets.APPLE_CRED }}" --team-id "${{ secrets.APPLE_TEAMID }}" altool
xcrun notarytool submit gambit-macos.zip --keychain-profile altool --wait
- name: Rename gambit binary
if: startsWith(github.event.ref, 'refs/tags/v') # only on new tag creation
run: mv gambit-macos gambit-macos-$TAG
- name: Upload artifact to action
uses: actions/upload-artifact@v4
if: startsWith(github.event.ref, 'refs/tags/v') # only on new tag creation
with:
name: gambit-macos-${{ env.TAG }}
path: gambit-macos-${{ env.TAG }}
release:
runs-on: ubuntu-latest
needs: [build-linux, build-mac]
if: startsWith(github.event.ref, 'refs/tags/v') # only on new tag creation
env:
TAG: ${{ github.ref_name }}
steps:
- uses: actions/checkout@v4
- name: Download artifact
uses: actions/download-artifact@v4
- name: Create a release
env:
GH_TOKEN: ${{ github.token }}
run: |
ls -lR
release_exist=$(gh release view $TAG 2>&1 || exit 0)
if [ "$release_exist" = "release not found" ]; then
gh release create $TAG gambit-linux-$TAG/gambit-linux-$TAG --title "Release $TAG" --generate-notes --latest
gh release upload $TAG gambit-macos-$TAG/gambit-macos-$TAG
else
gh release upload $TAG gambit-linux-$TAG/gambit-linux-$TAG
gh release upload $TAG gambit-macos-$TAG/gambit-macos-$TAG
fi
check-docs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: PIP install
run: pip install ansi
- name: Check that RTD Docs are Up To Date
run: python3 scripts/check_rtd_docs_up_to_date.py
- name: Check Exit Code
run: |
if [[ $? -ne 0 ]]; then
echo "Error: documentation is not synced"
exit 1
fi