-
Notifications
You must be signed in to change notification settings - Fork 36
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'pkg/workflow' into develop
- Loading branch information
Showing
8 changed files
with
320 additions
and
244 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| name: CI workflow | ||
|
|
||
| on: | ||
| pull_request: | ||
| types: [ opened, synchronize, reopened ] | ||
| push: | ||
| branches: | ||
| - "develop" | ||
| - "master" | ||
| - "pkg/*" | ||
|
|
||
| env: | ||
| CARGO_TERM_COLOR: always | ||
| RUST_BACKTRACE: full | ||
|
|
||
| jobs: | ||
| unit-test: | ||
| runs-on: ${{ matrix.os }} | ||
| strategy: | ||
| matrix: | ||
| os: [ ubuntu-latest, macos-latest, windows-latest ] | ||
| steps: | ||
| - uses: actions/checkout@v2 | ||
| - if: matrix.os == 'windows-latest' | ||
| name: Windows Dependencies | ||
| run: | | ||
| Set-ExecutionPolicy RemoteSigned -scope CurrentUser | ||
| Invoke-Expression (New-Object System.Net.WebClient).DownloadString('https://get.scoop.sh') | ||
| scoop install yasm | ||
| echo ("PATH=" + $env:PATH + ";" + $env:USERPROFILE + "\scoop\shims;C:\msys64\mingw64\bin") >> $env:GITHUB_ENV | ||
| - name: UnitTest | ||
| run: make test | ||
|
|
||
| integration-test: | ||
| runs-on: ${{ matrix.os }} | ||
| strategy: | ||
| matrix: | ||
| os: [ubuntu-latest, macos-latest] | ||
| steps: | ||
| - uses: actions/checkout@v2 | ||
| - name: Integration_Test | ||
| run: make integration | ||
|
|
||
| linters: | ||
| runs-on: ${{ matrix.os }} | ||
| strategy: | ||
| matrix: | ||
| os: [ubuntu-latest, macos-latest] | ||
| steps: | ||
| - uses: actions/checkout@v2 | ||
| - name: Linters | ||
| run: | | ||
| cargo fmt --version || rustup component add rustfmt | ||
| cargo clippy --version || rustup component add clippy | ||
| make fmt | ||
| make clippy | ||
| git diff --exit-code Cargo.lock | ||
| security-audit: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v2 | ||
| - name: Security Audit & Licenses | ||
| run: | | ||
| rustup toolchain install nightly --allow-downgrade --profile minimal | ||
| make security-audit | ||
| ci-success: | ||
| name: ci | ||
| needs: | ||
| - unit-test | ||
| - integration-test | ||
| - linters | ||
| - security-audit | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: CI succeeded | ||
| run: exit 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,239 @@ | ||
| name: Package | ||
|
|
||
| concurrency: | ||
| group: package-${{ github.ref }} | ||
| cancel-in-progress: true | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - 'pkg/*' | ||
|
|
||
| env: | ||
| CARGO_TERM_COLOR: always | ||
| RUST_BACKTRACE: full | ||
|
|
||
| jobs: | ||
| create-release: | ||
| name: Create release | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| upload_url: ${{ steps.create-release.outputs.upload_url }} | ||
| steps: | ||
| - uses: actions/checkout@v2 | ||
| - name: Set tag | ||
| run: | | ||
| export GIT_TAG_NAME=` echo ${{ github.ref }} | awk -F '/' '{print $4}' ` | ||
| echo "GIT_TAG_NAME=$GIT_TAG_NAME" >> $GITHUB_ENV | ||
| - name: Create release | ||
| id: create-release | ||
| uses: actions/create-release@v1 | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| with: | ||
| tag_name: ${{ env.GIT_TAG_NAME}} | ||
| release_name: ${{ env.GIT_TAG_NAME}} | ||
| draft: true | ||
| prerelease: true | ||
|
|
||
| package-for-linux: | ||
| name: package-for-linux | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v2 | ||
| - name: Set Env | ||
| run: | | ||
| export GIT_TAG_NAME=` echo ${{ github.ref }} | awk -F '/' '{print $4}' ` | ||
| echo "GIT_TAG_NAME=$GIT_TAG_NAME" >> $GITHUB_ENV | ||
| - name: Build and package ckb-cli | ||
| env: | ||
| LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} | ||
| GPG_SIGNER: ${{ secrets.GPG_SIGNER }} | ||
| run: | | ||
| export GIT_TAG_NAME=` echo ${{ github.ref }} | awk -F '/' '{print $4}' ` | ||
| mkdir -p $HOME/.cargo | ||
| docker run --rm -i -w /ckb-cli -v $(pwd):/ckb-cli -v $HOME/.cargo:/root/.cargo -e OPENSSL_STATIC=1 -e OPENSSL_LIB_DIR=/usr/local/lib -e OPENSSL_INCLUDE_DIR=/usr/local/include/openssl $BUILDER_IMAGE make prod | ||
| gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output devtools/ci/signer.asc devtools/ci/signer.asc.gpg | ||
| gpg --import devtools/ci/signer.asc | ||
| devtools/ci/package.sh target/release/ckb-cli | ||
| mv ${{ github.workspace }}/releases/ckb-cli_${{env.GIT_TAG_NAME }}_${{env.REL_PKG }} ${{ github.workspace }} | ||
| mv ${{ github.workspace }}/releases/ckb-cli_${{env.GIT_TAG_NAME }}_${{env.REL_PKG }}.asc ${{ github.workspace }} | ||
| - name: upload-zip-file | ||
| uses: actions/upload-artifact@v2 | ||
| with: | ||
| name: ckb-cli_${{env.GIT_TAG_NAME }}_${{env.REL_PKG }} | ||
| path: ckb-cli_${{env.GIT_TAG_NAME }}_${{env.REL_PKG }} | ||
| - name: upload-asc-file | ||
| uses: actions/upload-artifact@v2 | ||
| with: | ||
| name: ckb-cli_${{env.GIT_TAG_NAME }}_${{env.REL_PKG }}.asc | ||
| path: ckb-cli_${{env.GIT_TAG_NAME }}_${{env.REL_PKG }}.asc | ||
| env: | ||
| BUILDER_IMAGE: nervos/ckb-docker-builder:xenial-rust-1.51.0 | ||
| REL_PKG: x86_64-unknown-linux-gnu.tar.gz | ||
|
|
||
| package-for-centos: | ||
| name: package-for-centos | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v2 | ||
| - name: Set Env | ||
| run: | | ||
| export GIT_TAG_NAME=` echo ${{ github.ref }} | awk -F '/' '{print $4}' ` | ||
| echo "GIT_TAG_NAME=$GIT_TAG_NAME" >> $GITHUB_ENV | ||
| - name: Build and package ckb-cli | ||
| env: | ||
| LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} | ||
| GPG_SIGNER: ${{ secrets.GPG_SIGNER }} | ||
| run: | | ||
| export GIT_TAG_NAME=` echo ${{ github.ref }} | awk -F '/' '{print $4}' ` | ||
| mkdir -p $HOME/.cargo | ||
| docker run --rm -i -w /ckb-cli -v $(pwd):/ckb-cli -v $HOME/.cargo:/root/.cargo $BUILDER_IMAGE scl enable llvm-toolset-7 'make prod' | ||
| gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output devtools/ci/signer.asc devtools/ci/signer.asc.gpg | ||
| gpg --import devtools/ci/signer.asc | ||
| devtools/ci/package.sh target/release/ckb-cli | ||
| mv ${{ github.workspace }}/releases/ckb-cli_${{env.GIT_TAG_NAME }}_${{env.REL_PKG }} ${{ github.workspace }} | ||
| mv ${{ github.workspace }}/releases/ckb-cli_${{env.GIT_TAG_NAME }}_${{env.REL_PKG }}.asc ${{ github.workspace }} | ||
| - name: upload-zip-file | ||
| uses: actions/upload-artifact@v2 | ||
| with: | ||
| name: ckb-cli_${{env.GIT_TAG_NAME }}_${{env.REL_PKG }} | ||
| path: ckb-cli_${{env.GIT_TAG_NAME }}_${{env.REL_PKG }} | ||
| - name: upload-asc-file | ||
| uses: actions/upload-artifact@v2 | ||
| with: | ||
| name: ckb-cli_${{env.GIT_TAG_NAME }}_${{env.REL_PKG }}.asc | ||
| path: ckb-cli_${{env.GIT_TAG_NAME }}_${{env.REL_PKG }}.asc | ||
| env: | ||
| BUILDER_IMAGE: nervos/ckb-docker-builder:centos-7-rust-1.51.0 | ||
| REL_PKG: x86_64-unknown-centos-gnu.tar.gz | ||
|
|
||
| package-for-mac: | ||
| name: package-for-mac | ||
| runs-on: macos-latest | ||
| steps: | ||
| - uses: actions/checkout@v2 | ||
| - name: Set Env | ||
| run: | | ||
| export GIT_TAG_NAME=` echo ${{ github.ref }} | awk -F '/' '{print $4}' ` | ||
| echo "GIT_TAG_NAME=$GIT_TAG_NAME" >> $GITHUB_ENV | ||
| - name: Build and package ckb-cli | ||
| env: | ||
| LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} | ||
| GPG_SIGNER: ${{ secrets.GPG_SIGNER }} | ||
| run: | | ||
| export GIT_TAG_NAME=` echo ${{ github.ref }} | awk -F '/' '{print $4}' ` | ||
| make OPENSSL_STATIC=1 OPENSSL_LIB_DIR=/usr/local/opt/[email protected]/lib OPENSSL_INCLUDE_DIR=/usr/local/opt/[email protected]/include prod | ||
| gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output devtools/ci/signer.asc devtools/ci/signer.asc.gpg | ||
| gpg --import devtools/ci/signer.asc | ||
| devtools/ci/package.sh target/release/ckb-cli | ||
| mv ${{ github.workspace }}/releases/ckb-cli_${{env.GIT_TAG_NAME }}_${{env.REL_PKG }} ${{ github.workspace }} | ||
| mv ${{ github.workspace }}/releases/ckb-cli_${{env.GIT_TAG_NAME }}_${{env.REL_PKG }}.asc ${{ github.workspace }} | ||
| - name: upload-zip-file | ||
| uses: actions/upload-artifact@v2 | ||
| with: | ||
| name: ckb-cli_${{env.GIT_TAG_NAME }}_${{env.REL_PKG }} | ||
| path: ckb-cli_${{env.GIT_TAG_NAME }}_${{env.REL_PKG }} | ||
| - name: upload-asc-file | ||
| uses: actions/upload-artifact@v2 | ||
| with: | ||
| name: ckb-cli_${{env.GIT_TAG_NAME }}_${{env.REL_PKG }}.asc | ||
| path: ckb-cli_${{env.GIT_TAG_NAME }}_${{env.REL_PKG }}.asc | ||
| env: | ||
| REL_PKG: x86_64-apple-darwin.zip | ||
|
|
||
| package-for-windows: | ||
| name: package-for-windows | ||
| runs-on: windows-latest | ||
| steps: | ||
| - name: Install Dependencies | ||
| run: | | ||
| Set-ExecutionPolicy RemoteSigned -scope CurrentUser | ||
| Invoke-Expression (New-Object System.Net.WebClient).DownloadString('https://get.scoop.sh') | ||
| scoop install yasm | ||
| echo ("GIT_TAG_NAME=" + $env:GITHUB_REF.replace('refs/heads/pkg/', '')) >> $env:GITHUB_ENV | ||
| echo ("PATH=" + $env:PATH + ";" + $env:USERPROFILE + "\scoop\shims;C:\msys64\mingw64\bin") >> $env:GITHUB_ENV | ||
| - uses: actions/checkout@v2 | ||
| - name: Build | ||
| run: | | ||
| make prod | ||
| - name: Prepare archive | ||
| run: | | ||
| $env:GIT_TAG_NAME=($env:GITHUB_REF -split '/')[3] | ||
| mkdir ckb-cli_$($env:GIT_TAG_NAME)_x86_64-pc-windows-msvc | ||
| cp -r target/release/ckb-cli.exe,README.md,CHANGELOG.md,COPYING ckb-cli_$($env:GIT_TAG_NAME)_x86_64-pc-windows-msvc | ||
| - name: Archive Files | ||
| run: | | ||
| $env:GIT_TAG_NAME=($env:GITHUB_REF -split '/')[3] | ||
| Compress-Archive -Path ckb-cli_$($env:GIT_TAG_NAME)_x86_64-pc-windows-msvc -DestinationPath ckb-cli_$($env:GIT_TAG_NAME)_$($env:REL_PKG) | ||
| - name: Sign Archive | ||
| env: | ||
| LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} | ||
| GPG_SIGNER: ${{ secrets.GPG_SIGNER }} | ||
| run: | | ||
| $CYGPWD = cygpath -u (Get-Location) | ||
| gpg --quiet --batch --yes --decrypt --passphrase="$env:LARGE_SECRET_PASSPHRASE" --output "$CYGPWD/devtools/ci/signer.asc" "$CYGPWD/devtools/ci/signer.asc.gpg" | ||
| gpg --import "$CYGPWD/devtools/ci/signer.asc" | ||
| $env:GIT_TAG_NAME=($env:GITHUB_REF -split '/')[3] | ||
| gpg -u "$env:GPG_SIGNER" -ab "$CYGPWD/ckb-cli_$($env:GIT_TAG_NAME)_$($env:REL_PKG)" | ||
| - name: upload-artifact | ||
| uses: actions/upload-artifact@v2 | ||
| with: | ||
| name: ckb-cli_${{env.GIT_TAG_NAME }}_${{env.REL_PKG }} | ||
| path: ckb-cli_${{env.GIT_TAG_NAME }}_${{env.REL_PKG }} | ||
| - name: upload-artifact | ||
| uses: actions/upload-artifact@v2 | ||
| with: | ||
| name: ckb-cli_${{env.GIT_TAG_NAME }}_${{env.REL_PKG }}.asc | ||
| path: ckb-cli_${{env.GIT_TAG_NAME }}_${{env.REL_PKG }}.asc | ||
| env: | ||
| REL_PKG: x86_64-pc-windows-msvc.zip | ||
|
|
||
| Upload_File: | ||
| name: Upload_Zip_File | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| matrix: | ||
| include: | ||
| - REL_PKG: x86_64-unknown-linux-gnu.tar.gz | ||
| - REL_PKG: x86_64-unknown-centos-gnu.tar.gz | ||
| - REL_PKG: x86_64-apple-darwin.zip | ||
| - REL_PKG: x86_64-pc-windows-msvc.zip | ||
| needs: | ||
| - create-release | ||
| - package-for-linux | ||
| - package-for-mac | ||
| - package-for-windows | ||
| - package-for-centos | ||
| steps: | ||
| - uses: actions/checkout@v2 | ||
| - name: Set tag | ||
| run: | | ||
| export GIT_TAG_NAME=` echo ${{ github.ref }} | awk -F '/' '{print $4}' ` | ||
| echo "GIT_TAG_NAME=$GIT_TAG_NAME" >> $GITHUB_ENV | ||
| - name: Prepare - Download tar | ||
| uses: actions/download-artifact@v2 | ||
| with: | ||
| name: ckb-cli_${{env.GIT_TAG_NAME}}_${{ matrix.REL_PKG }} | ||
| - name: Prepare - Download asc | ||
| uses: actions/download-artifact@v2 | ||
| with: | ||
| name: ckb-cli_${{env.GIT_TAG_NAME}}_${{ matrix.REL_PKG }}.asc | ||
| - name: Upload tar assets | ||
| uses: actions/upload-release-asset@v1 | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| with: | ||
| upload_url: ${{ needs.create-release.outputs.upload_url }} | ||
| asset_name: ckb-cli_${{env.GIT_TAG_NAME}}_${{ matrix.REL_PKG }} | ||
| asset_path: ${{ github.workspace }}/ckb-cli_${{env.GIT_TAG_NAME }}_${{ matrix.REL_PKG }} | ||
| asset_content_type: application/octet-stream | ||
| - name: Upload asc assets | ||
| uses: actions/upload-release-asset@v1 | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| with: | ||
| upload_url: ${{ needs.create-release.outputs.upload_url }} | ||
| asset_name: ckb-cli_${{env.GIT_TAG_NAME}}_${{ matrix.REL_PKG }}.asc | ||
| asset_path: ${{ github.workspace }}/ckb-cli_${{env.GIT_TAG_NAME }}_${{ matrix.REL_PKG }}.asc | ||
| asset_content_type: application/octet-stream |
Oops, something went wrong.