Merge pull request #1113 from godwokenrises/dependabot/cargo/web3/ope… #244
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker | |
on: | |
push: | |
branches: [ 'main', 'dev*', 'v1*', '1.*' ] | |
# Publish semver tags as releases. | |
tags: [ 'v*.*.*', '1.*' ] | |
# This event occurs when a GitHub Actions workflow is manually triggered. | |
# For more information, see | |
# https://docs.github.com/en/actions/managing-workflow-runs/manually-running-a-workflow | |
# Note: Write access to the repository is required to perform these steps. | |
workflow_dispatch: | |
inputs: | |
runner_type: | |
description: 'Choose an appropriate runner' | |
required: true | |
default: ubuntu-20.04 | |
type: choice | |
options: | |
- ubuntu-20.04 | |
- self-hosted | |
env: | |
# Use docker.io for Docker Hub if empty | |
REGISTRY: 'ghcr.io/' | |
# github.repository as <account>/<repo> | |
IMAGE_NAME: godwoken | |
jobs: | |
build-scripts: | |
runs-on: 'ubuntu-20.04' | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
key: ${{ runner.os }}-${{ runner.arch }}-cargo-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ runner.arch }}-cargo- | |
- name: Install Rust components | |
run: rustup component add rustfmt && rustup component add clippy | |
- name: Install moleculec 0.7.2 | |
run: | | |
test "$(moleculec --version)" = "Moleculec 0.7.2" \ | |
|| cargo install moleculec --version 0.7.2 --force | |
- name: Install capsule | |
env: | |
CAPSULE_VERSION: v0.7.0 | |
run: | | |
(which capsule && test "$(capsule --version)" = "Capsule 0.7.0") \ | |
|| curl -OL https://github.com/nervosnetwork/capsule/releases/download/${CAPSULE_VERSION}/capsule_${CAPSULE_VERSION}_x86_64-linux.tar.gz \ | |
&& tar xf capsule_${CAPSULE_VERSION}_x86_64-linux.tar.gz \ | |
&& mv capsule_${CAPSULE_VERSION}_x86_64-linux/capsule ~/.cargo/bin/ | |
capsule --version | |
- name: Prepare components | |
id: prepare | |
working-directory: docker | |
# The path of `hashFiles(path)` is relative to the GITHUB_WORKSPACE directory | |
run: | | |
make prepare-repos | |
echo "Record the component's reference/filehash to the outputs of this step" | |
echo "godwoken-filehash=${{ hashFiles('crates/**') }}" >> build/versions | |
echo "gwos-filehash=${{ hashFiles('gwos/**') }}" >> build/versions | |
echo "gwos-evm-filehash=${{ hashFiles('gwos-evm/**') }}" >> build/versions | |
cat build/versions | |
cat build/versions >> $GITHUB_OUTPUT | |
- name: Cache of component.ckb-production-scripts | |
id: ckb-production-scripts-cache | |
uses: actions/cache@v3 | |
with: | |
path: docker/build/ckb-production-scripts/build/omni_lock | |
key: component.omni_lock-${{ steps.prepare.outputs.ckb-production-scripts-sha1 }} | |
- name: Build omni_lock | |
if: steps.ckb-production-scripts-cache.outputs.cache-hit != 'true' | |
working-directory: docker/build/ckb-production-scripts | |
run: make all-via-docker | |
- name: Cache of component.gwos | |
id: gwos-cache | |
uses: actions/cache@v3 | |
with: | |
path: | | |
gwos/build/release/* | |
gwos/c/build/*-generator | |
gwos/c/build/*-validator | |
gwos/c/build/account_locks/* | |
key: component.gwos-${{ steps.prepare.outputs.gwos-filehash }} | |
- name: Build gwos | |
if: steps.gwos-cache.outputs.cache-hit != 'true' | |
working-directory: gwos | |
run: cd c && make && cd .. && capsule build --release --debug-output | |
- name: Archive built scripts | |
# TODO: upload only once | |
# if: steps.gwos-cache.outputs.cache-hit != 'true' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: component.gwos-${{ steps.prepare.outputs.gwos-filehash }} | |
path: | | |
gwos/build/release/* | |
gwos/c/build/*-generator | |
gwos/c/build/*-validator | |
gwos/c/build/account_locks/* | |
docker/build/ckb-production-scripts/build/omni_lock | |
docker/build/versions | |
- name: Cache of component.gwos-evm | |
id: godwoken-polyjuice-cache | |
uses: actions/cache@v3 | |
with: | |
path: | | |
gwos-evm/build/*generator* | |
gwos-evm/build/*validator* | |
key: component.gwos-evm-${{ steps.prepare.outputs.gwos-evm-filehash }} | |
- name: Build godwoken-polyjuice | |
if: steps.godwoken-polyjuice-cache.outputs.cache-hit != 'true' | |
working-directory: gwos-evm | |
run: | | |
git submodule update --init --recursive --depth=1 | |
make all-via-docker | |
- name: Archive godwoken-polyjuice binaries | |
# TODO: upload only once | |
# if: steps.godwoken-polyjuice-cache.outputs.cache-hit != 'true' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: component.gwos-evm-${{ steps.prepare.outputs.gwos-evm-filehash }} | |
path: | | |
gwos-evm/build/*generator* | |
gwos-evm/build/*validator* | |
outputs: | |
omni_lock-gitref: ${{ steps.prepare.outputs.ckb-production-scripts-sha1 }} | |
godwoken-filehash: ${{ steps.prepare.outputs.godwoken-filehash }} | |
gwos-filehash: ${{ steps.prepare.outputs.gwos-filehash }} | |
gwos-evm-filehash: ${{ steps.prepare.outputs.gwos-evm-filehash }} | |
build-godwoken: | |
strategy: | |
matrix: | |
# optional SMT trie feature | |
# see https://github.com/godwokenrises/godwoken/pull/859 | |
features: ['', 'smt-trie'] | |
runs-on: ${{ inputs.runner_type || 'ubuntu-20.04' }} | |
# matrix: [with or without builtin consensus] | |
# TODO: build-godwoken-without-builtin-consensus: | |
# TODO: build for alphanet | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
key: ${{ runner.os }}-${{ runner.arch }}-${{ inputs.runner_type || 'ubuntu-20.04' }}-cargo-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ runner.arch }}-${{ inputs.runner_type || 'ubuntu-20.04' }}-cargo- | |
- name: Install Rust components | |
run: rustup component add rustfmt && rustup component add clippy | |
- name: Install moleculec 0.7.2 | |
run: | | |
test "$(moleculec --version)" = "Moleculec 0.7.2" \ | |
|| cargo install moleculec --version 0.7.2 --force | |
# see https://github.com/godwokenrises/godwoken/pull/946#discussion_r1068149031 | |
- name: Cache of component.godwoken | |
id: godwoken-cache | |
uses: actions/cache@v3 | |
with: | |
path: | | |
target/release/godwoken | |
target/release/gw-tools | |
key: ${{ runner.os }}-${{ runner.arch }}-${{ inputs.runner_type || 'ubuntu-20.04' }}-godwoken-${{ matrix.features || 'default' }}-${{ hashFiles('crates/**') }} | |
- name: Cache Godwoken target directory | |
if: steps.godwoken-cache.outputs.cache-hit != 'true' | |
uses: actions/cache@v3 | |
with: | |
path: | | |
target | |
key: ${{ runner.os }}-${{ runner.arch }}-${{ inputs.runner_type || 'ubuntu-20.04' }}-cargo-godwoken-${{ hashFiles('crates/**') }} | |
restore-keys: | | |
${{ runner.os }}-${{ runner.arch }}-${{ inputs.runner_type || 'ubuntu-20.04' }}-cargo-godwoken | |
- name: Build godwoken | |
id: build | |
if: steps.godwoken-cache.outputs.cache-hit != 'true' | |
env: | |
FEATURE_ARG: ${{ matrix.features && format('--features={0}', matrix.features) || '' }} | |
# Use SSE4.2, POPCNT, etc. These are available on almost all x86 CPUs in use today, including rosetta 2. | |
run: | | |
echo "install libclang required by autorocks-sys" | |
sudo apt update && sudo apt install -y libclang-dev | |
RUSTFLAGS="-C target-cpu=x86-64-v2" CARGO_PROFILE_RELEASE_LTO=true cargo build --release ${{ env.FEATURE_ARG }} | |
- name: Archive godwoken binaries | |
# TODO: upload only once | |
# if: steps.godwoken-cache.outputs.cache-hit != 'true' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: component.godwoken-${{ matrix.features || 'default' }}-${{ hashFiles('crates/**') }} | |
path: | | |
target/release/godwoken | |
target/release/gw-tools | |
# https://github.com/docker/build-push-action has a warning: | |
# > Subdirectory for Git context is available from BuildKit v0.9.0. If you're using the docker | |
# > builder (default if setup-buildx-action not used), then BuildKit in Docker Engine will be | |
# > used. As Docker Engine < v22.x.x embeds Buildkit 0.8.2 at the moment, it does not support | |
# > this feature. It's therefore required to use the setup-buildx-action at the moment. | |
# | |
# But there is an error while using setup-buildx-action in self-hosted runner: | |
# `ERROR: could not create a builder instance` | |
# | |
# So the `docker-build-push` step was simply moved to a separate job. | |
docker-build-push: | |
strategy: | |
matrix: | |
# optional SMT trie feature | |
# see https://github.com/godwokenrises/godwoken/pull/859 | |
features: ['', 'smt-trie'] | |
needs: [build-scripts, build-godwoken] | |
runs-on: 'ubuntu-20.04' | |
# If you specify the access for any of these scopes, all of those that are not specified are set to none. | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
# Docker buildx is required by docker/build-push-action | |
# see https://github.com/docker/setup-buildx-action | |
- name: Setup Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
# https://docs.github.com/en/actions/using-workflows/storing-workflow-data-as-artifacts | |
- name: Download component.gwos and omni_lock | |
uses: actions/download-artifact@v3 | |
with: | |
name: component.gwos-${{ hashFiles('gwos/**') }} | |
- name: Download component.gwos-evm | |
uses: actions/download-artifact@v3 | |
with: | |
name: component.gwos-evm-${{ hashFiles('gwos-evm/**') }} | |
path: gwos-evm/build/ | |
- name: Download component.godwoken | |
uses: actions/download-artifact@v3 | |
with: | |
name: component.godwoken-${{ matrix.features || 'default' }}-${{ hashFiles('crates/**') }} | |
path: target/release/ | |
- name: Add executable permission to Godwoken binaries | |
run: chmod +x godwoken gw-tools | |
working-directory: target/release/ | |
# Extract metadata (tags, labels) for Docker | |
# https://github.com/docker/metadata-action | |
- name: Extract Docker metadata | |
id: meta | |
uses: docker/metadata-action@v5 | |
env: | |
FEATURE_TAG: ${{ matrix.features && format('-{0}', matrix.features) || '' }} | |
with: | |
images: ${{ env.REGISTRY }}${{ github.repository_owner }}/${{ env.IMAGE_NAME }} | |
flavor: | | |
latest=auto | |
suffix=${{ env.FEATURE_TAG }},onlatest=true | |
# dynamically set date as a suffix | |
tags: | | |
type=ref,event=tag | |
type=ref,event=branch,suffix=${{ env.FEATURE_TAG }}-{{date 'YYYYMMDDHHmm'}} | |
type=ref,event=branch | |
labels: | | |
maintainer=Godwoken Core Dev | |
org.opencontainers.image.authors=Godwoken Core Dev | |
source.component.godwoken=https://github.com/godwokenrises/godwoken/tree/${{ github.sha }} | |
source.component.gwos=https://github.com/godwokenrises/godwoken/tree/${{ github.sha }}/gwos | |
source.component.gwos-evm=https://github.com/godwokenrises/godwoken/tree/${{ github.sha }}/gwos-evm | |
source.component.omni_lock=https://github.com/nervosnetwork/ckb-production-scripts/tree/rc_lock | |
- name: Echo steps.meta.outputs.bake-file | |
run: cat ${{ steps.meta.outputs.bake-file }} | |
# Login against a Docker registry except on PR | |
# https://github.com/docker/login-action | |
# GitHub automatically creates a unique GITHUB_TOKEN secret to use in this workflow. | |
- name: Log into registry ${{ env.REGISTRY }} | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
# Build and push Docker image with Buildx (don't push on PR) | |
# https://github.com/docker/build-push-action | |
- name: Build and push Docker image to ${{ env.REGISTRY }}${{ github.repository_owner }}/${{ env.IMAGE_NAME }} | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: docker/Dockerfile | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
- name: Check versions of the binaries in ${{ fromJSON(steps.meta.outputs.json).tags[0] }} | |
if: ${{ github.event_name != 'pull_request' }} | |
env: | |
IMAGE: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} | |
run: | | |
docker run --rm ${{ env.IMAGE }} godwoken --version | |
docker run --rm ${{ env.IMAGE }} gw-tools --version | |
docker run --rm ${{ env.IMAGE }} ckb --version | |
docker run --rm ${{ env.IMAGE }} ckb-cli --version | |
docker run --rm ${{ env.IMAGE }} find /scripts -type f -exec sha256sum {} \; | |
- name: Record image info to the outputs of this jobs | |
id: result | |
run: | | |
echo "image_name=`echo ${{ fromJSON(steps.meta.outputs.json).tags[0] }} | awk -F ':' '{print $1}'`" >> $GITHUB_OUTPUT | |
echo "image_tag=`echo ${{ fromJSON(steps.meta.outputs.json).tags[0] }} | awk -F ':' '{print $NF}'`" >> $GITHUB_OUTPUT | |
# Map the meta step outputs to this job outputs | |
outputs: | |
image_name: ${{ steps.result.outputs.image_name }} | |
image_tag: ${{ steps.result.outputs.image_tag }} | |
integration-test: | |
needs: docker-build-push | |
uses: godwokenrises/godwoken-tests/.github/workflows/reusable-integration-test-v1.yml@develop | |
with: | |
extra_github_env: | | |
GODWOKEN_IMAGE="${{ needs.docker-build-push.outputs.image_name }}:${{ needs.docker-build-push.outputs.image_tag }}" |