-
Notifications
You must be signed in to change notification settings - Fork 2k
160 lines (135 loc) · 6.3 KB
/
reflow-publish-installer.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
name: 📦 Publish Installer
on:
workflow_call:
inputs:
concurrency-name:
required: true
type: string
chia-installer-version:
required: true
type: string
chia-dev-version:
required: true
type: string
configuration:
required: true
type: string
concurrency:
# SHA is added to the end if on `main` to let all main workflows run
group: ${{ github.ref }}-${{ github.workflow }}-${{ inputs.concurrency-name }}-${{ github.event_name }}-${{ (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/') || startsWith(github.ref, 'refs/heads/long_lived/')) && github.sha || '' }}
cancel-in-progress: true
permissions:
id-token: write
contents: write
jobs:
publish:
name: Publish ${{ matrix.arch.name }} ${{ matrix.mode.name }} ${{ matrix.os.file-type.name }}
runs-on: ubuntu-latest
timeout-minutes: 5
strategy:
fail-fast: false
matrix: ${{ fromJson(inputs.configuration) }}
env:
FILE: ${{ format(matrix.os.names[matrix.mode.matrix].file, inputs.chia-installer-version, inputs.chia-dev-version, matrix.os.file-arch-name[matrix.arch.matrix], matrix.os.file-suffix[matrix.arch.matrix]) }}
DEV_FILE: ${{ format(matrix.os.names[matrix.mode.matrix].dev-file, inputs.chia-installer-version, inputs.chia-dev-version, matrix.os.file-arch-name[matrix.arch.matrix], matrix.os.file-suffix[matrix.arch.matrix]) }}
LATEST_DEV_FILE: ${{ format(matrix.os.names[matrix.mode.matrix].latest-dev-file, inputs.chia-installer-version, inputs.chia-dev-version, matrix.os.file-arch-name[matrix.arch.matrix], matrix.os.file-suffix[matrix.arch.matrix]) }}
INSTALL_S3_URL: s3://download.chia.net/install/
DEV_S3_URL: s3://download.chia.net/dev/
LATEST_DEV_S3_URL: s3://download.chia.net/latest-dev/
TORRENT_S3_URL: s3://download.chia.net/torrents/
TRACKER_URL: udp://tracker.opentrackr.org:1337/announce
steps:
- uses: Chia-Network/actions/clean-workspace@main
- uses: Chia-Network/actions/setup-python@main
with:
python-version: ${{ matrix.python-version }}
- uses: chia-network/actions/create-venv@main
id: create-venv
- uses: chia-network/actions/activate-venv@main
with:
directories: ${{ steps.create-venv.outputs.activate-venv-directories }}
- name: Download constraints file
uses: actions/download-artifact@v4
with:
name: constraints-file-${{ matrix.arch.artifact-name }}
path: venv
- name: Install utilities
run: |
pip install --constraint venv/constraints.txt py3createtorrent
- name: Download packages
uses: actions/download-artifact@v4
with:
name: chia-installers-${{ matrix.os.artifact-platform-name }}-${{ matrix.os.file-type.extension }}-${{ matrix.arch.artifact-name }}
path: artifacts/
- name: Set Env
uses: Chia-Network/actions/setjobenv@main
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Test for secrets access
id: check_secrets
run: |
unset HAS_AWS_SECRET
unset HAS_GLUE_SECRET
if [ -n "$AWS_SECRET" ]; then HAS_AWS_SECRET='true' ; fi
echo HAS_AWS_SECRET=${HAS_AWS_SECRET} >> "$GITHUB_OUTPUT"
if [ -n "$GLUE_API_URL" ]; then HAS_GLUE_SECRET='true' ; fi
echo HAS_GLUE_SECRET=${HAS_GLUE_SECRET} >> "$GITHUB_OUTPUT"
env:
AWS_SECRET: "${{ secrets.CHIA_AWS_ACCOUNT_ID }}"
GLUE_API_URL: "${{ secrets.GLUE_API_URL }}"
- name: Configure AWS credentials
if: steps.check_secrets.outputs.HAS_AWS_SECRET
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ secrets.CHIA_AWS_ACCOUNT_ID }}:role/installer-upload
aws-region: us-west-2
- name: Create Checksums
run: |
ls artifacts/
sha256sum "artifacts/${FILE}" > "artifacts/${FILE}.sha256"
- name: Upload to s3
if: steps.check_secrets.outputs.HAS_AWS_SECRET
run: |
ls artifacts/
aws s3 cp "artifacts/${FILE}" "${DEV_S3_URL}/${DEV_FILE}"
aws s3 cp "artifacts/${FILE}.sha256" "${LATEST_DEV_S3_URL}/${DEV_FILE}.sha256"
- name: Create torrent
if: env.RELEASE == 'true' && matrix.mode.matrix == 'gui'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
py3createtorrent -f -t ${TRACKER_URL} artifacts/${FILE} -o artifacts/${FILE}.torrent --webseed https://download.chia.net/install/${FILE}
gh release upload --repo ${{ github.repository }} $RELEASE_TAG artifacts/${FILE}.torrent
- name: Upload Dev Installer
if: steps.check_secrets.outputs.HAS_AWS_SECRET && github.ref == 'refs/heads/main'
run: |
aws s3 cp artifacts/${FILE} ${LATEST_DEV_S3_URL}/${LATEST_DEV_FILE}
aws s3 cp artifacts/${FILE}.sha256 ${LATEST_DEV_S3_URL}/${LATEST_DEV_FILE}.sha256
- name: Upload Release Files
if: steps.check_secrets.outputs.HAS_AWS_SECRET && env.RELEASE == 'true'
run: |
aws s3 cp artifacts/${FILE} ${INSTALL_S3_URL}
aws s3 cp artifacts/${FILE}.sha256 ${INSTALL_S3_URL}
- name: Upload Release Torrent
if: steps.check_secrets.outputs.HAS_AWS_SECRET && env.RELEASE == 'true' && matrix.mode.matrix == 'gui'
run: |
aws s3 cp artifacts/${FILE}.torrent ${TORRENT_S3_URL}
- name: Upload release artifacts
if: env.RELEASE == 'true'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release upload \
--repo ${{ github.repository }} \
$RELEASE_TAG \
artifacts/${FILE}
- name: Mark installer complete
uses: Chia-Network/actions/github/glue@main
if: steps.check_secrets.outputs.HAS_GLUE_SECRET && (env.RELEASE == 'true')
env:
REPO_SUFFIX: ${{ env.PRE_RELEASE == 'true' && '-prerelease' || '' }}
with:
json_data: '{"chia_ref": "${{ env.RELEASE_TAG }}"}'
glue_url: "${{ secrets.GLUE_API_URL }}"
glue_project: "${{ env.RFC_REPO }}${{ env.REPO_SUFFIX }}/${{ env.RELEASE_TAG }}"
glue_path: "success/build-${{ matrix.os.glue-name }}-${{ matrix.arch.glue-name }}-${{ matrix.mode.glue-name }}"