Verification body not req #264
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Binaries | |
on: | |
push: | |
branches: | |
- stage | |
tags: | |
- '**' | |
pull_request: | |
branches: | |
- '**' | |
concurrency: | |
group: ${{ github.ref }}-${{ github.workflow }}-${{ github.event_name }} | |
cancel-in-progress: true | |
permissions: | |
id-token: write | |
contents: write | |
jobs: | |
build: | |
name: Build Binaries | |
runs-on: ${{ matrix.runs-on }} | |
strategy: | |
matrix: | |
include: | |
- runs-on: ubuntu-latest | |
artifact-name: core-registry-cadt-linux-x64 | |
build-command: npm run create-linux-x64-dist | |
sqlite-path: ./node_modules/sqlite3/build/Release/ | |
- runs-on: [Linux, ARM64] | |
artifact-name: core-registry-cadt-linux-arm64 | |
build-command: npm run create-linux-arm64-dist | |
sqlite-path: ./node_modules/sqlite3/build/Release/ | |
- runs-on: macos-latest | |
artifact-name: core-registry-cadt-macos-x64 | |
build-command: npm run create-mac-x64-dist | |
sqlite-path: ./node_modules/sqlite3/build/Release/ | |
- runs-on: windows-2019 | |
artifact-name: core-registry-cadt-windows-x64 | |
build-command: npm run create-win-x64-dist | |
sqlite-path: .\node_modules\sqlite3\build\Release\ | |
steps: | |
- name: Clean workspace | |
uses: Chia-Network/actions/clean-workspace@main | |
- name: Checkout Code | |
uses: actions/checkout@v3 | |
- name: Setup Node 18.x | |
uses: actions/setup-node@v3 | |
with: | |
node-version: '18.16' | |
- name: Install Husky | |
run: npm install --save-dev husky | |
- name: Ignore Husky where not compatible | |
run: npm pkg delete scripts.prepare | |
if: matrix.runs-on != 'windows-2019' | |
- name: npm install | |
run: | | |
node --version | |
npm install | |
- name: npm cache clear --force | |
run: npm cache clear --force | |
- name: npm cache rm | |
run: npm cache rm --force | |
- name: npm cache verify | |
run: npm cache verify | |
- name: install global packages | |
run: npm i -g @babel/cli @babel/preset-env pkg | |
- name: create distributions | |
run: ${{ matrix.build-command }} | |
- name: Make binary executable | |
run: | | |
chmod +x dist/core-registry-cadt | |
- name: Copy sqlite3 | |
run: cp ${{ matrix.sqlite-path }}node_sqlite3.node ./dist/ | |
# Windows Code Signing | |
- name: Sign windows artifacts | |
if: matrix.runs-on == 'windows-2019' | |
uses: chia-network/actions/digicert/windows-sign@main | |
with: | |
sm_api_key: ${{ secrets.SM_API_KEY }} | |
sm_client_cert_file_b64: ${{ secrets.SM_CLIENT_CERT_FILE_B64 }} | |
sm_client_cert_password: ${{ secrets.SM_CLIENT_CERT_PASSWORD }} | |
sm_code_signing_cert_sha1_hash: ${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }} | |
file: ${{ github.workspace }}/dist/core-registry-cadt.exe | |
# Mac .pkg build + sign | |
- name: Import Apple installer signing certificate | |
if: matrix.runs-on == 'macos-latest' | |
uses: Apple-Actions/import-codesign-certs@v1 | |
with: | |
keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }} | |
p12-file-base64: ${{ secrets.APPLE_DEV_ID_INSTALLER }} | |
p12-password: ${{ secrets.APPLE_DEV_ID_INSTALLER_PASS }} | |
- name: Import Apple Application signing certificate | |
if: matrix.runs-on == 'macos-latest' | |
uses: Apple-Actions/import-codesign-certs@v1 | |
with: | |
create-keychain: false # Created when importing the first cert | |
keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }} | |
p12-file-base64: ${{ secrets.APPLE_DEV_ID_APP }} | |
p12-password: ${{ secrets.APPLE_DEV_ID_APP_PASS }} | |
- name: Build Mac .pkg | |
if: matrix.runs-on == 'macos-latest' | |
run: | | |
rm -rf ${{ github.workspace }}/build-scripts/macos/darwin/application || true | |
cp -r ${{ github.workspace }}/dist ${{ github.workspace }}/build-scripts/macos/application | |
echo "Signing the binaries" | |
codesign -f -s "Developer ID Application: Chia Network Inc." --timestamp --options=runtime --entitlements ${{ github.workspace }}/build-scripts/macos/entitlements.mac.plist ${{ github.workspace }}/build-scripts/macos/application/core-registry-cadt | |
codesign -f -s "Developer ID Application: Chia Network Inc." --timestamp ${{ github.workspace }}/build-scripts/macos/application/node_sqlite3.node | |
# Makes the .pkg in ./build-scripts/macos/target/pkg | |
echo "Building the .pkg" | |
bash ${{ github.workspace }}/build-scripts/macos/build-macos.sh core-registry-cadt | |
mkdir -p ${{ github.workspace }}/build-scripts/macos/target/pkg-signed | |
echo "Signing the .pkg" | |
productsign --sign "Developer ID Installer: Chia Network Inc." ${{ github.workspace }}/build-scripts/macos/target/pkg/core-registry-cadt-macos-installer-x64.pkg ${{ github.workspace }}/build-scripts/macos/target/pkg-signed/core-registry-cadt-macos-installer-x64.pkg | |
echo "Notarizing the .pkg" | |
xcrun notarytool submit \ | |
--wait \ | |
--apple-id "${{ secrets.APPLE_NOTARIZE_USERNAME }}" \ | |
--password "${{ secrets.APPLE_NOTARIZE_PASSWORD }}" \ | |
--team-id "${{ secrets.APPLE_TEAM_ID }}" \ | |
"${{ github.workspace }}/build-scripts/macos/target/pkg-signed/core-registry-cadt-macos-installer-x64.pkg" | |
- name: Upload Mac Installer | |
if: matrix.runs-on == 'macos-latest' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: core-registry-cadt-mac-installer | |
path: ${{ github.workspace }}/build-scripts/macos/target/pkg-signed | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ matrix.artifact-name }} | |
path: ${{ github.workspace }}/dist | |
debs: | |
name: Build ${{ matrix.name }} deb | |
runs-on: ubuntu-latest | |
needs: | |
- build | |
strategy: | |
matrix: | |
include: | |
- name: core-registry-cadt-linux-x64 | |
platform: amd64 | |
- name: core-registry-cadt-linux-arm64 | |
platform: arm64 | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v3 | |
- name: Download Linux artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: ${{ matrix.name }} | |
path: ${{ matrix.name }} | |
- name: Get tag name | |
id: tag-name | |
run: | | |
echo "TAGNAME=$(echo $GITHUB_REF | cut -d / -f 3)" >> $GITHUB_OUTPUT | |
- name: Build .deb | |
env: | |
CADT_VERSION: ${{ steps.tag-name.outputs.TAGNAME }} | |
PLATFORM: ${{ matrix.platform }} | |
run: | | |
pip install j2cli | |
CLI_DEB_BASE="core-registry-cadt_${{ steps.tag-name.outputs.TAGNAME }}-1_${PLATFORM}" | |
mkdir -p "deb/$CLI_DEB_BASE/opt/core-registry-cadt" | |
mkdir -p "deb/$CLI_DEB_BASE/usr/bin" | |
mkdir -p "deb/$CLI_DEB_BASE/etc/systemd/system" | |
mkdir -p "deb/$CLI_DEB_BASE/DEBIAN" | |
j2 -o "deb/$CLI_DEB_BASE/DEBIAN/control" build-scripts/deb/control.j2 | |
cp -r ${{ matrix.name }}/* "deb/$CLI_DEB_BASE/opt/core-registry-cadt/" | |
cp build-scripts/deb/[email protected] deb/$CLI_DEB_BASE/etc/systemd/system/[email protected] | |
chmod +x deb/$CLI_DEB_BASE/opt/core-registry-cadt/core-registry-cadt | |
ln -s ../../opt/core-registry-cadt/core-registry-cadt "deb/$CLI_DEB_BASE/usr/bin/core-registry-cadt" | |
dpkg-deb --build --root-owner-group "deb/$CLI_DEB_BASE" | |
- name: Upload deb | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ matrix.name }}-deb | |
path: ${{ github.workspace }}/deb/*.deb | |
release: | |
runs-on: ubuntu-latest | |
if: startsWith(github.ref, 'refs/tags/') | |
needs: | |
- debs | |
steps: | |
- name: Download Windows artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: core-registry-cadt-windows-x64 | |
path: core-registry-cadt-windows-x64 | |
- name: Download MacOS installer artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: core-registry-cadt-mac-installer | |
path: core-registry-cadt-mac-installer | |
- name: Download MacOS binary executable artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: core-registry-cadt-macos-x64 | |
path: core-registry-cadt-macos-x64 | |
- name: Download Linux x64 artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: core-registry-cadt-linux-x64 | |
path: core-registry-cadt-linux-x64 | |
- name: Download Linux ARM64 artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: core-registry-cadt-linux-arm64 | |
path: core-registry-cadt-linux-arm64 | |
- name: Download Linux x64 deb | |
uses: actions/download-artifact@v3 | |
with: | |
name: core-registry-cadt-linux-x64-deb | |
path: core-registry-cadt-linux-x64-deb | |
- name: Download Linux arm64 deb | |
uses: actions/download-artifact@v3 | |
with: | |
name: core-registry-cadt-linux-arm64-deb | |
path: core-registry-cadt-linux-arm64-deb | |
- name: Get tag name | |
id: tag-name | |
run: | | |
echo "TAGNAME=$(echo $GITHUB_REF | cut -d / -f 3)" >>$GITHUB_OUTPUT | |
- name: Create zips | |
run: | | |
zip -r core-registry-cadt-windows-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip core-registry-cadt-windows-x64 | |
zip -r core-registry-cadt-macos-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip core-registry-cadt-mac-installer | |
zip -r core-registry-cadt-linux-arm64-${{ steps.tag-name.outputs.TAGNAME }}.zip core-registry-cadt-linux-arm64 | |
zip -r core-registry-cadt-linux-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip core-registry-cadt-linux-x64 | |
zip -r core-registry-cadt-macos-binary-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip core-registry-cadt-macos-x64 | |
- name: Release | |
uses: softprops/[email protected] | |
with: | |
files: | | |
core-registry-cadt-windows-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip | |
core-registry-cadt-macos-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip | |
core-registry-cadt-linux-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip | |
core-registry-cadt-linux-arm64-${{ steps.tag-name.outputs.TAGNAME }}.zip | |
core-registry-cadt-macos-binary-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip | |
core-registry-cadt-linux-x64-deb/*.deb | |
core-registry-cadt-linux-arm64-deb/*.deb | |
- name: Get repo name | |
id: repo-name | |
run: | | |
echo "REPO_NAME=$(echo "$GITHUB_REPOSITORY" | cut -d "/" -f 2)" >>$GITHUB_OUTPUT | |
- name: Gets JWT Token from GitHub | |
uses: Chia-Network/actions/github/jwt@main | |
- name: Trigger apt repo update | |
run: | | |
curl -s -XPOST -H "Authorization: Bearer ${{ env.JWT_TOKEN }}" --data '{"climate_tokenization_repo":"${{ steps.repo-name.outputs.REPO_NAME }}","application_name":"[\"core-registry-cadt\"]","release_version":"${{ steps.tag-name.outputs.TAGNAME }}","add_debian_version":"true","arm64":"available"}' ${{ secrets.GLUE_API_URL }}/api/v1/climate-tokenization/${{ github.sha }}/start | |
curl -s -XPOST -H "Authorization: Bearer ${{ env.JWT_TOKEN }}" --data '{"climate_tokenization_repo":"${{ steps.repo-name.outputs.REPO_NAME }}","application_name":"[\"core-registry-cadt\"]","release_version":"${{ steps.tag-name.outputs.TAGNAME }}","add_debian_version":"true","arm64":"available"}' ${{ secrets.GLUE_API_URL }}/api/v1/climate-tokenization/${{ github.sha }}/success/deploy |