ampd - Build and release binary and image #4

Workflow file for this run

.github/workflows/build-ampd-release.yaml at 6f5597a

	name: Amplifier - Build Release

	on:
	workflow_dispatch:
	inputs:
	tag:
	description: Github tag to release binaries for (reusing an existing tag will make the pipeline fail)
	required: true
	default: latest

	jobs:
	release-binaries:
	runs-on: ${{ matrix.os }}
	strategy:
	matrix:
	os: [ubuntu-22.04, macos-12]
	arch: [amd64, arm64]

	permissions:
	contents: write
	packages: write
	id-token: write

	steps:
	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-region: us-east-2
	role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/ghwf-${{ github.event.repository.name }}

	- name: Validate tag
	env:
	SEMVER: ${{ github.event.inputs.tag }}
	run: \|
	if [[ $SEMVER =~ v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} ]]; then echo "Tag is okay" && exit 0; else echo "invalid tag" && exit 1; fi
	aws s3 ls s3://axelar-releases/ampd/"$SEMVER" && echo "tag already exists, use a new one" && exit 1

	- name: Checkout code
	uses: actions/checkout@v4
	with:
	fetch-depth: '0'
	ref: ${{ github.event.inputs.tag }}
	submodules: recursive

	- name: Install Rust
	run: \|
	curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs \| sh -s -- -y

	- name: Import GPG key
	id: import_gpg
	uses: crazy-max/ghaction-import-gpg@v6
	with:
	gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
	passphrase: ${{ secrets.GPG_PASSPHRASE }}

	- name: build and sign darwin binaries
	env:
	SEMVER: ${{ github.event.inputs.tag }}
	if: matrix.os == 'macos-12'
	run: \|
	OS="darwin"
	ARCH="${{ matrix.arch }}"
	if [ "$ARCH" == "arm64" ]
	then
	brew install protobuf
	rustup target add aarch64-apple-darwin
	cargo build --release --target aarch64-apple-darwin
	mkdir ampdbin
	mv "/Users/runner/work/axelar-amplifier/axelar-amplifier/target/aarch64-apple-darwin/release/ampd" "./ampdbin/ampd-$OS-$ARCH-$SEMVER"
	gpg --armor --detach-sign "./ampdbin/ampd-$OS-$ARCH-$SEMVER"
	else
	brew install protobuf
	cargo build --release
	mkdir ampdbin
	mv "/Users/runner/work/axelar-amplifier/axelar-amplifier/target/release/ampd" "./ampdbin/ampd-$OS-$ARCH-$SEMVER"
	gpg --armor --detach-sign "./ampdbin/ampd-$OS-$ARCH-$SEMVER"
	fi

	- name: build and sign linux binaries
	env:
	SEMVER: ${{ github.event.inputs.tag }}
	if: matrix.os == 'ubuntu-22.04'
	run: \|
	OS="linux"
	ARCH="${{ matrix.arch }}"
	if [ "$ARCH" == "arm64" ]
	then
	sudo apt-get install protobuf-compiler gcc-aarch64-linux-gnu g++-aarch64-linux-gnu
	rustup target add aarch64-unknown-linux-gnu
	export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc
	cargo build --release --target aarch64-unknown-linux-gnu
	mkdir ampdbin
	mv "/home/runner/work/axelar-amplifier/axelar-amplifier/target/aarch64-unknown-linux-gnu/release/ampd" "./ampdbin/ampd-$OS-$ARCH-$SEMVER"
	gpg --armor --detach-sign "./ampdbin/ampd-$OS-$ARCH-$SEMVER"
	else
	sudo apt-get install protobuf-compiler
	cargo build --release
	mkdir ampdbin
	mv "/home/runner/work/axelar-amplifier/axelar-amplifier/target/release/ampd" "./ampdbin/ampd-$OS-$ARCH-$SEMVER"
	gpg --armor --detach-sign "./ampdbin/ampd-$OS-$ARCH-$SEMVER"
	fi

	- name: Test ampd
	working-directory: ./ampdbin
	run: \|
	file ./ampd-*

	- name: Create zip and sha256 files
	working-directory: ./ampdbin
	run: \|
	for i in `ls \| grep -v .asc`
	do
	shasum -a 256 $i \| awk '{print $1}' > $i.sha256
	zip $i.zip $i
	shasum -a 256 $i.zip \| awk '{print $1}' > $i.zip.sha256
	done

	- name: Upload binaries to release
	uses: svenstaro/upload-release-action@v2
	with:
	repo_token: ${{ secrets.GITHUB_TOKEN }}
	file: ./ampdbin/*
	tag: ${{ github.event.inputs.tag }}
	overwrite: true
	file_glob: true

	- name: Upload binaries to S3
	env:
	S3_PATH: s3://axelar-releases/ampd/${{ github.event.inputs.tag }}
	run: \|
	aws s3 cp ./ampdbin ${S3_PATH}/ --recursive

	release-docker:
	runs-on: ubuntu-22.04
	permissions:
	contents: write
	packages: write
	id-token: write
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	with:
	fetch-depth: '0'
	ref: ${{ github.event.inputs.tag }}
	submodules: recursive

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	id: buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to DockerHub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKER_HUB_USERNAME }}
	password: ${{ secrets.DOCKER_HUB_TOKEN }}

	- name: Build and push docker images
	run: \|
	make build-push-docker-images
	env:
	PLATFORM: linux/amd64
	SEMVER: ${{ github.event.inputs.tag }}

	combine-sign:
	needs: release-docker
	runs-on: ubuntu-22.04
	permissions:
	contents: write
	packages: write
	id-token: write
	steps:
	- name: Install Cosign
	uses: sigstore/cosign-installer@main
	with:
	cosign-release: 'v1.13.1'

	- name: Login to DockerHub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKER_HUB_USERNAME }}
	password: ${{ secrets.DOCKER_HUB_TOKEN }}

	- name: Create multiarch manifest
	run: \|
	docker buildx imagetools create -t axelarnet/axelar-ampd:${SEMVER} \
	axelarnet/axelar-ampd-linux-amd64:${SEMVER}
	env:
	SEMVER: ${{ github.event.inputs.tag }}

	- name: Sign the images with GitHub OIDC
	run: cosign sign --oidc-issuer https://token.actions.githubusercontent.com ${TAGS}
	env:
	TAGS: axelarnet/axelar-ampd:${{ github.event.inputs.tag }}
	COSIGN_EXPERIMENTAL: 1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ampd - Build and release binary and image #4

Workflow file

ampd - Build and release binary and image #4

Jobs

Run details

Workflow file for this run