Move base enclave image to 20.04 as well #584
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
# Sequence of patterns matched against refs/tags | |
tags: | |
- "v[0-9]+.[0-9]+.[0-9]+" # Push events to matching v*, i.e. v1.0, v20.15.10 | |
- "v[0-9]+.[0-9]+.[0-9]+-alpha.[0-9]+" # Push events to matching alpha releases | |
- "v[0-9]+.[0-9]+.[0-9]+-beta.[0-9]+" # Push events to matching beta releases | |
- "v[0-9]+.[0-9]+.[0-9]+-patch.[0-9]+" # Push events to matching beta releases | |
- "v[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+" # Push events to matching rc releases | |
jobs: | |
build-deb-testnet: | |
strategy: | |
fail-fast: false | |
matrix: | |
db_backend: [goleveldb] | |
runs-on: ubuntu-20.04 | |
env: # Or as an environment variable | |
SPID: ${{ secrets.SPID_TESTNET }} | |
API_KEY: ${{ secrets.API_KEY_TESTNET }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Declare Commit Variables | |
id: vars | |
shell: bash | |
run: | | |
echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" | |
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)" | |
- name: Cache build artifacts | |
uses: actions/cache@v4 | |
with: | |
path: ~/.cache/sccache | |
key: ${{ runner.os }}-sccache | |
- name: Get the version | |
id: get_version | |
run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\/v/} | |
- name: Build .deb Package Image | |
uses: docker/build-push-action@v4 | |
with: | |
file: deployment/dockerfiles/Dockerfile | |
context: . | |
load: true | |
tags: deb_build | |
secrets: | | |
API_KEY=${{ secrets.API_KEY_TESTNET }} | |
SPID=${{ secrets.SPID_TESTNET }} | |
build-args: | | |
SECRET_NODE_TYPE=NODE | |
DB_BACKEND=${{ matrix.db_backend }} | |
CGO_LDFLAGS=${{ env.DOCKER_CGO_LDFLAGS }} | |
BUILD_VERSION=${{ steps.get_version.outputs.VERSION }} | |
SGX_MODE=HW | |
FEATURES="verify-validator-whitelist,light-client-validation,random" | |
target: build-deb | |
- name: Run .deb Package Image | |
run: | | |
docker run -e VERSION=${{ steps.get_version.outputs.VERSION }} -v $GITHUB_WORKSPACE/build:/build deb_build | |
cp build/secretnetwork_${{ steps.get_version.outputs.VERSION }}_amd64.deb secretnetwork_${{ steps.get_version.outputs.VERSION }}_testnet_${{ matrix.db_backend }}_amd64.deb | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: secretnetwork_${{ steps.get_version.outputs.VERSION }}_testnet_${{ matrix.db_backend }}_amd64.deb | |
path: secretnetwork_${{ steps.get_version.outputs.VERSION }}_testnet_${{ matrix.db_backend }}_amd64.deb | |
build-deb-mainnet: | |
runs-on: ubuntu-20.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
db_backend: [goleveldb] | |
env: # Or as an environment variable | |
SPID: ${{ secrets.SPID_MAINNET }} | |
API_KEY: ${{ secrets.API_KEY_MAINNET }} | |
REGISTRY: ghcr.io | |
IMAGE_NAME: scrtlabs/secret-network-node | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Get the version | |
id: get_version | |
run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\/v/} | |
- name: Log in to the Container registry | |
if: ${{ matrix.db_backend == 'goleveldb' }} | |
uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and Push Node Image | |
if: ${{ matrix.db_backend == 'goleveldb' }} | |
uses: docker/build-push-action@v4 | |
with: | |
file: deployment/dockerfiles/Dockerfile | |
context: . | |
push: true | |
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:v${{ steps.get_version.outputs.VERSION }} | |
secrets: | | |
API_KEY=${{ secrets.API_KEY_MAINNET }} | |
SPID=${{ secrets.SPID_MAINNET }} | |
build-args: | | |
FEATURES=verify-validator-whitelist,light-client-validation,random,production | |
FEATURES_U=production | |
SECRET_NODE_TYPE=NODE | |
DB_BACKEND=${{ matrix.db_backend }} | |
BUILD_VERSION=${{ steps.get_version.outputs.VERSION }} | |
SGX_MODE=HW | |
target: mainnet-release | |
- name: Sets env vars for rocksdb | |
if: ${{ matrix.db_backend == 'rocksdb' }} | |
run: | | |
echo "DOCKER_CGO_LDFLAGS=-L/usr/lib/x86_64-linux-gnu/ -lrocksdb -lstdc++ -llz4 -lm -lz -lbz2 -lsnappy" >> $GITHUB_ENV | |
- name: Build .deb Package Image | |
uses: docker/build-push-action@v4 | |
with: | |
file: deployment/dockerfiles/Dockerfile | |
context: . | |
load: true | |
tags: deb_build | |
secrets: | | |
API_KEY=${{ secrets.API_KEY_MAINNET }} | |
SPID=${{ secrets.SPID_MAINNET }} | |
build-args: | | |
FEATURES=verify-validator-whitelist,light-client-validation,random,production | |
FEATURES_U=production | |
SECRET_NODE_TYPE=NODE | |
DB_BACKEND=${{ matrix.db_backend }} | |
CGO_LDFLAGS=${{ env.DOCKER_CGO_LDFLAGS }} | |
BUILD_VERSION=${{ steps.get_version.outputs.VERSION }} | |
SGX_MODE=HW | |
target: build-deb-mainnet | |
- name: Run .deb Package Image | |
run: | | |
docker run -e VERSION=${{ steps.get_version.outputs.VERSION }} -v $GITHUB_WORKSPACE/build:/build deb_build | |
cp build/secretnetwork_${{ steps.get_version.outputs.VERSION }}_amd64.deb secretnetwork_${{ steps.get_version.outputs.VERSION }}_mainnet_${{ matrix.db_backend }}_amd64.deb | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: secretnetwork_${{ steps.get_version.outputs.VERSION }}_mainnet_${{ matrix.db_backend }}_amd64.deb | |
path: secretnetwork_${{ steps.get_version.outputs.VERSION }}_mainnet_${{ matrix.db_backend }}_amd64.deb | |
native-build-cli: | |
runs-on: ${{matrix.os}} | |
strategy: | |
matrix: | |
os: [ubuntu-20.04, windows-latest, macos-13] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: 1.21 # The Go version to download (if necessary) and use. | |
- name: Build CLI | |
shell: bash | |
run: | | |
SGX_MODE=SW make build_cli | |
cp "secretcli" "secretcli-$RUNNER_OS" | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: secretcli-${{runner.os}} | |
path: secretcli-${{runner.os}} | |
MacOS-ARM64-CLI: | |
runs-on: macos-latest | |
strategy: | |
fail-fast: false | |
timeout-minutes: 90 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
name: checkout | |
submodules: recursive | |
- uses: actions/setup-go@v5 | |
with: | |
name: set up go | |
go-version: 1.21 # The Go version to download (if necessary) and use. | |
- name: Build macos darwin/arm64 | |
run: | | |
SGX_MODE=SW make build_cli | |
cp "secretcli" "secretcli-MacOS-arm64" | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: secretcli-MacOS-arm64 | |
path: secretcli-MacOS-arm64 | |
check-hw-tool: | |
runs-on: ubuntu-20.04 | |
env: # Or as an environment variable | |
SPID: ${{ secrets.SPID_TESTNET }} | |
API_KEY: ${{ secrets.API_KEY_TESTNET }} | |
API_KEY_MAINNET: ${{ secrets.API_KEY_MAINNET }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Get the version | |
id: get_version | |
run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\/v/} | |
- name: Build check-hw-tool image | |
uses: docker/build-push-action@v4 | |
with: | |
file: deployment/dockerfiles/Dockerfile | |
context: . | |
load: true | |
tags: check_hw_tool_build | |
secrets: | | |
API_KEY=${{ secrets.API_KEY_TESTNET }} | |
SPID=${{ secrets.SPID_TESTNET }} | |
API_KEY_MAINNET=${{ secrets.API_KEY_MAINNET }} | |
build-args: | | |
BUILD_VERSION=${{ steps.get_version.outputs.VERSION }} | |
SGX_MODE=HW | |
target: compile-check-hw-tool | |
- name: Run check-hw-tool image | |
run: | | |
docker run -e VERSION=${{ steps.get_version.outputs.VERSION }} -v $GITHUB_WORKSPACE/build:/build check_hw_tool_build | |
cp build/check_hw_${{ steps.get_version.outputs.VERSION }}.tar.gz check_hw_${{ steps.get_version.outputs.VERSION }}.tar.gz | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: check_hw_${{ steps.get_version.outputs.VERSION }}.tar.gz | |
path: check_hw_${{ steps.get_version.outputs.VERSION }}.tar.gz | |
publish-localsecret: | |
runs-on: ubuntu-20.04 | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_NAME: scrtlabs/localsecret | |
DOCKER_BUILDKIT: 1 | |
steps: | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Get the version | |
id: get_version | |
run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//} | |
- name: Log in to the Container registry | |
uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build LocalSecret | |
uses: docker/build-push-action@v4 | |
with: | |
file: deployment/dockerfiles/Dockerfile | |
context: . | |
push: true | |
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.get_version.outputs.VERSION }} | |
secrets: | | |
API_KEY=00000000000000000000000000000000 | |
SPID=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF | |
build-args: | | |
SECRET_NODE_TYPE=BOOTSTRAP | |
CHAIN_ID=secretdev-1 | |
FEATURES=debug-print,random,light-client-validation | |
SGX_MODE=SW | |
target: build-localsecret | |
Lib-Checks: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/check-objdump | |
name: Check Mitigation flags in Cosmwasm Enclave | |
with: | |
version: "v1.9.0" | |
- uses: ./.github/actions/check-objdump | |
name: Check Mitigation flags in TM Enclave | |
with: | |
filename: "tendermint_enclave.signed.so" | |
min-fence: "1000" | |
version: "v1.9.0" | |
Release: | |
needs: [ | |
native-build-cli, | |
build-deb-testnet, | |
# build-deb-mainnet, | |
MacOS-ARM64-CLI, | |
# check-hw-tool, | |
# check-hw-tool-mainnet | |
] | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Get the version | |
id: get_version | |
run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\/v/} | |
- uses: actions/download-artifact@v3 | |
with: | |
name: secretcli-Linux | |
- uses: actions/download-artifact@v3 | |
with: | |
name: secretcli-macOS | |
- uses: actions/download-artifact@v3 | |
with: | |
name: secretcli-Windows | |
- uses: actions/download-artifact@v3 | |
with: | |
name: secretcli-MacOS-arm64 | |
# - uses: actions/download-artifact@v3 | |
# with: | |
# name: secretnetwork_${{ steps.get_version.outputs.VERSION }}_mainnet_goleveldb_amd64.deb | |
- uses: actions/download-artifact@v3 | |
with: | |
name: secretnetwork_${{ steps.get_version.outputs.VERSION }}_testnet_goleveldb_amd64.deb | |
# - uses: actions/download-artifact@v3 | |
# with: | |
# name: check_hw_${{ steps.get_version.outputs.VERSION }}.tar.gz | |
# - uses: actions/download-artifact@v3 | |
# with: | |
# name: check_hw_${{ steps.get_version.outputs.VERSION }}_mainnet.tar.gz | |
- name: Release | |
uses: softprops/action-gh-release@v1 | |
with: | |
prerelease: true | |
files: | | |
secretnetwork_${{ steps.get_version.outputs.VERSION }}_testnet_goleveldb_amd64.deb | |
secretcli-macOS | |
secretcli-Windows | |
secretcli-Linux | |
secretcli-MacOS-arm64 | |
# secretnetwork_${{ steps.get_version.outputs.VERSION }}_mainnet_goleveldb_amd64.deb | |
# check_hw_${{ steps.get_version.outputs.VERSION }}.tar.gz | |
# check_hw_${{ steps.get_version.outputs.VERSION }}_mainnet.tar.gz |