diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 567c3fd..98e44ee 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,7 +1,9 @@ ---- version: 2 updates: - # Maintain dependencies for GitHub Actions + - package-ecosystem: "cargo" + directory: "/" + schedule: + interval: "weekly" - package-ecosystem: "github-actions" directory: "/" schedule: diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index c85c20c..2a847a5 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -1,19 +1,13 @@ --- name: Security audit -'on': - # push: - # paths: - # # Run if workflow changes - # - '.github/workflows/audit.yml' - # # Run on changed dependencies - # - '**/Cargo.toml' - # - '**/Cargo.lock' - # # Run if the configuration file changes - # - '**/audit.toml' - # Rerun periodicly to pick up new advisories +"on": + push: + paths: + - "**/Cargo.toml" + - "**/Cargo.lock" schedule: - - cron: '43 05 * * *' + - cron: "43 05 * * *" # Run manually workflow_dispatch: diff --git a/.github/workflows/build_binaries.json b/.github/workflows/build_binaries.json deleted file mode 100644 index a88eeb4..0000000 --- a/.github/workflows/build_binaries.json +++ /dev/null @@ -1,64 +0,0 @@ -[ - { - "name": "linux-x86_64", - "runs-on": "ubuntu-22.04", - "rust": "stable", - "target": "x86_64-unknown-linux-gnu", - "cross": false, - "features": "" - }, - { - "name": "linux-arm64", - "runs-on": "ubuntu-22.04-arm", - "rust": "stable", - "target": "aarch64-unknown-linux-gnu", - "cross": false, - "build_enabled": true, - "best_effort": true - }, - { - "name": "linux-riscv64", - "runs-on": "ubuntu-latest", - "rust": "stable", - "target": "riscv64gc-unknown-linux-gnu", - "cross": true, - "build_enabled": true, - "best_effort": true - }, - { - "name": "macos-x86_64", - "runs-on": "macos-13", - "rust": "stable", - "target": "x86_64-apple-darwin", - "cross": false, - "features": "" - }, - { - "name": "macos-arm64", - "runs-on": "macos-14", - "rust": "stable", - "target": "aarch64-apple-darwin", - "cross": false, - "features": "", - "build_enabled": true, - "best_effort": true - }, - { - "name": "windows-x64", - "runs-on": "windows-2022", - "rust": "stable", - "target": "x86_64-pc-windows-msvc", - "cross": false, - "features": "" - }, - { - "name": "windows-arm64", - "runs-on": "windows-latest", - "rust": "stable", - "target": "aarch64-pc-windows-msvc", - "cross": false, - "features": "", - "build_enabled": true, - "best_effort": true - } -] diff --git a/.github/workflows/build_binaries.yml b/.github/workflows/build_binaries.yml deleted file mode 100644 index 23e5b19..0000000 --- a/.github/workflows/build_binaries.yml +++ /dev/null @@ -1,936 +0,0 @@ ---- -name: Build Matrix of Binaries - -on: - push: - tags: - - "v[0-9]+.[0-9]+.[0-9]+" - branches: - - "build-all-*" - - "build-bins-*" - schedule: - - cron: "05 00 * * *" - workflow_dispatch: - -env: - TS_FILENAME: "tari-cli" - TS_BUNDLE_ID_BASE: "com.tari.cli.pkg" - TS_SIG_FN: "sha256-unsigned.txt" - ## Must be a JSON string - TS_FILES: '["tari"]' - TS_FEATURES: "" - TS_LIBRARIES: "" - TS_DESCRIPTION: "Tari Ootle Cli" - TS_URL: "https://tari.com" - # For debug builds - # TS_BUILD: "debug" - TS_BUILD: "release" - TARI_TARGET_NETWORK: igor - TARI_NETWORK: igor - toolchain: 1.88.0 - matrix-json-file: ".github/workflows/build_binaries.json" - CARGO_HTTP_MULTIPLEXING: false - CARGO_UNSTABLE_SPARSE_REGISTRY: true - CARGO: cargo - CARGO_OPTIONS: "--locked" - CARGO_CACHE: true - RUSTUP_PERMIT_COPY_RENAME: true - -concurrency: - # https://docs.github.com/en/actions/examples/using-concurrency-expressions-and-a-test-matrix - group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}' - cancel-in-progress: ${{ !startsWith(github.ref, 'refs/tags/v') || github.ref != 'refs/heads/development' || github.ref != 'refs/heads/nextnet' || github.ref != 'refs/heads/stagenet' }} - -permissions: - contents: read - -jobs: - matrix-prep: - runs-on: ubuntu-latest - outputs: - matrix: ${{ steps.set-matrix.outputs.matrix }} - steps: - - uses: actions/checkout@v4 - - - name: Set Matrix - id: set-matrix - run: | - # - # build all targets images - # matrix=$( jq -s -c .[] .github/workflows/build_binaries.json ) - # - # build only single target image - # matrix_selection=$( jq -c '.[] | select( ."name" == "windows-x64" )' ${{ env.matrix-json-file }} ) - # matrix_selection=$( jq -c '.[] | select( ."name" | contains("macos") )' ${{ env.matrix-json-file }} ) - # - # build select target images - build_enabled - matrix_selection=$( jq -c '.[] | select( ."build_enabled" != false )' ${{ env.matrix-json-file }} ) - # - # Setup the json build matrix - matrix=$(echo ${matrix_selection} | jq -s -c '{"builds": .}') - echo $matrix - echo $matrix | jq . - echo "matrix=${matrix}" >> $GITHUB_OUTPUT - - matrix-check: - # Debug matrix - if: ${{ false }} - runs-on: ubuntu-latest - needs: matrix-prep - steps: - - name: Install json2yaml - run: | - sudo npm install -g json2yaml - - - name: Check matrix definition - run: | - matrix='${{ needs.matrix-prep.outputs.matrix }}' - echo $matrix - echo $matrix | jq . - echo $matrix | json2yaml - - builds: - name: Building ${{ matrix.builds.name }} on ${{ matrix.builds.runs-on }} - needs: matrix-prep - continue-on-error: ${{ startsWith(github.ref, 'refs/tags/') || matrix.builds.best_effort || false }} - outputs: - TARI_VERSION: ${{ steps.set-tari-vars.outputs.TARI_VERSION }} - VSHA_SHORT: ${{ steps.set-tari-vars.outputs.VSHA_SHORT }} - strategy: - fail-fast: false - matrix: ${{ fromJson(needs.matrix-prep.outputs.matrix) }} - - runs-on: ${{ matrix.builds.runs-on }} - - steps: - - name: Checkout source code - uses: actions/checkout@v4 - with: - submodules: recursive - - - name: Declare Global Variables 4 GHA ${{ github.event_name }} - id: set-tari-vars - shell: bash - run: | - echo "VBRANCH=${{ github.ref_name }}" >> $GITHUB_ENV - VSHA_SHORT=$(git rev-parse --short HEAD) - echo "VSHA_SHORT=${VSHA_SHORT}" >> $GITHUB_ENV - echo "VSHA_SHORT=${VSHA_SHORT}" >> $GITHUB_OUTPUT - TARI_VERSION=$(awk -F ' = ' '$1 ~ /^version/ \ - { gsub(/["]/, "", $2); printf("%s",$2) }' \ - "$GITHUB_WORKSPACE/Cargo.toml") - echo "TARI_VERSION=${TARI_VERSION}" >> $GITHUB_ENV - echo "TARI_VERSION=${TARI_VERSION}" >> $GITHUB_OUTPUT - if [[ "${{ matrix.builds.features }}" == "" ]]; then - echo "BUILD_FEATURES=${{ env.TS_FEATURES }}" >> $GITHUB_ENV - else - echo "BUILD_FEATURES=${{ matrix.builds.features }}" >> $GITHUB_ENV - fi - TARGET_BINS="" - if [[ "${{ matrix.builds.target_bins }}" == "" ]]; then - ARRAY_BINS=( $(echo ${TS_FILES} | jq --raw-output '.[]' | awk '{ print $1 }') ) - else - ARRAY_BINS=( $(echo "${{ matrix.builds.target_bins }}" | tr ', ' '\n') ) - fi - for BIN_FILE in "${ARRAY_BINS[@]}"; do - echo "Adding ${BIN_FILE} to Builds" - TARGET_BINS+="--bin ${BIN_FILE} " - done - echo "TARGET_BINS=${TARGET_BINS}" >> $GITHUB_ENV - TARGET_LIBS="" - if [[ "${{ matrix.builds.target_libs }}" == "" ]]; then - ARRAY_LIBS=( $(echo ${TS_LIBRARIES} | tr ', ' '\n') ) - else - ARRAY_LIBS=( $(echo "${{ matrix.builds.target_libs }}" | tr ', ' '\n') ) - fi - for LIB_FILE in "${ARRAY_LIBS[@]}"; do - echo "Adding ${LIB_FILE} to library Builds" - TARGET_LIBS+="--package ${LIB_FILE} " - done - echo "TARGET_LIBS=${TARGET_LIBS}" >> $GITHUB_ENV - TARI_BUILD_ISA_CPU=${{ matrix.builds.target }} - # Strip unknown part - TARI_BUILD_ISA_CPU=${TARI_BUILD_ISA_CPU//-unknown-linux-gnu} - # Strip gc used by rust - TARI_BUILD_ISA_CPU=${TARI_BUILD_ISA_CPU//gc} - echo "TARI_BUILD_ISA_CPU=${TARI_BUILD_ISA_CPU}" >> $GITHUB_ENV - - - name: Scheduled Destination Folder Override - if: ${{ github.event_name == 'schedule' && github.event.schedule == '05 00 * * *' }} - shell: bash - run: | - echo "S3_DEST_OVERRIDE=daily/" >> $GITHUB_ENV - - - name: Setup Rust toolchain - uses: dtolnay/rust-toolchain@master - with: - components: rustfmt, clippy - toolchain: ${{ matrix.builds.rust }} - targets: ${{ matrix.builds.target }} - - - uses: rui314/setup-mold@v1 - - - name: wasm target install - run: rustup target add wasm32-unknown-unknown - - - name: Install Linux dependencies - Ubuntu - if: ${{ startsWith(runner.os,'Linux') && ( ! matrix.builds.cross ) }} - run: | - sudo apt-get update - sudo bash scripts/install_ubuntu_dependencies.sh - - - name: Install Linux dependencies - Ubuntu - local cross-compiled ${{ env.TARI_BUILD_ISA_CPU }} on x86-64 - # Disabled - if: ${{ false }} - # if: ${{ startsWith(runner.os,'Linux') && ( ! matrix.builds.cross ) && matrix.builds.name != 'linux-x86_64' }} - run: | - sudo apt-get update - sudo bash scripts/install_ubuntu_dependencies-cross_compile.sh ${{ env.TARI_BUILD_ISA_CPU }} - rustup target add ${{ matrix.builds.target }} - echo "PKG_CONFIG_SYSROOT_DIR=/usr/${{ env.TARI_BUILD_ISA_CPU }}-linux-gnu/" >> $GITHUB_ENV - - - name: Install macOS dependencies - if: startsWith(runner.os,'macOS') - run: | - # openssl, cmake and autoconf already installed - brew install zip coreutils automake protobuf - rustup target add ${{ matrix.builds.target }} - - - name: Install macOS-14 missing dependencies - hack - if: ${{ startsWith(runner.os,'macOS') && startsWith(runner.arch,'ARM64') }} - run: | - brew install libtool - - - name: Install Windows dependencies - if: startsWith(runner.os,'Windows') - run: | - vcpkg.exe install sqlite3:x64-windows zlib:x64-windows - # Needed for hickory openssl dependency - vcpkg install openssl:x64-windows-static - # Bug in choco - need to install each package individually - choco upgrade llvm -y - # psutils is out of date - # choco upgrade psutils -y - choco upgrade protoc -y - rustup target add ${{ matrix.builds.target }} - - - uses: pnpm/action-setup@v4 - with: - version: 10 - - - name: Set environment variables - Nix - if: ${{ ! startsWith(runner.os,'Windows') }} - shell: bash - run: | - echo "SHARUN=shasum --algorithm 256" >> $GITHUB_ENV - echo "CC=gcc" >> $GITHUB_ENV - echo "TS_EXT=" >> $GITHUB_ENV - echo "LIB_PRE=lib" >> $GITHUB_ENV - echo "SHELL_EXT=.sh" >> $GITHUB_ENV - echo "PLATFORM_SPECIFIC_DIR=linux" >> $GITHUB_ENV - echo "TS_DIST=/dist" >> $GITHUB_ENV - - - name: Set environment variables - macOS - if: startsWith(runner.os,'macOS') - shell: bash - run: | - echo "PLATFORM_SPECIFIC_DIR=osx" >> $GITHUB_ENV - echo "LIB_EXT=.dylib" >> $GITHUB_ENV - - # Hardcoded sdk for MacOSX on ARM64 - - name: Set environment variables - macOS - ARM64 (pin/sdk) - # Debug - if: ${{ false }} - # if: ${{ startsWith(runner.os,'macOS') && matrix.builds.name == 'macos-arm64' }} - run: | - xcrun --show-sdk-path - ls -alhtR "/Library/Developer/CommandLineTools/SDKs/" - echo "RANDOMX_RS_CMAKE_OSX_SYSROOT=/Library/Developer/CommandLineTools/SDKs/MacOSX12.1.sdk" >> $GITHUB_ENV - - - name: Set environment variables - Ubuntu - if: startsWith(runner.os,'Linux') - shell: bash - run: | - echo "LIB_EXT=.so" >> $GITHUB_ENV - - - name: Set environment variables - Windows - if: startsWith(runner.os,'Windows') - shell: bash - run: | - # echo "SHARUN=pwsh C:\ProgramData\chocolatey\lib\psutils\tools\psutils-master\shasum.ps1 --algorithm 256" >> $GITHUB_ENV - mkdir -p "$GITHUB_WORKSPACE\psutils" - curl -v -o "$GITHUB_WORKSPACE\psutils\getopt.ps1" "https://raw.githubusercontent.com/lukesampson/psutils/master/getopt.ps1" - curl -v -o "$GITHUB_WORKSPACE\psutils\shasum.ps1" "https://raw.githubusercontent.com/lukesampson/psutils/master/shasum.ps1" - echo "SHARUN=pwsh $GITHUB_WORKSPACE\psutils\shasum.ps1 --algorithm 256" >> $GITHUB_ENV - echo "TS_EXT=.exe" >> $GITHUB_ENV - echo "LIB_EXT=.dll" >> $GITHUB_ENV - echo "LIB_PRE=" >> $GITHUB_ENV - echo "SHELL_EXT=.bat" >> $GITHUB_ENV - echo "TS_DIST=\dist" >> $GITHUB_ENV - echo "PLATFORM_SPECIFIC_DIR=windows" >> $GITHUB_ENV - echo "SQLITE3_LIB_DIR=C:\vcpkg\installed\x64-windows\lib" >> $GITHUB_ENV - echo "X86_64_PC_WINDOWS_MSVC_OPENSSL_DIR=C:\vcpkg\packages\openssl_x64-windows-static" >> $GITHUB_ENV - echo "LIBCLANG_PATH=C:\Program Files\LLVM\bin" >> $GITHUB_ENV - - - name: Cache cargo files and outputs - if: ${{ ( ! startsWith(github.ref, 'refs/tags/v') ) && ( ! matrix.builds.cross ) && ( env.CARGO_CACHE ) }} - uses: Swatinem/rust-cache@v2 - with: - key: ${{ matrix.builds.runs-on }}-${{ matrix.builds.target }}-${{ matrix.builds.name }} - - - name: Install and setup cargo cross - if: ${{ matrix.builds.cross }} - shell: bash - run: | - #cargo install cross - cargo install cross --git https://github.com/cross-rs/cross - echo "CARGO=cross" >> $GITHUB_ENV - - - name: Install and setup cargo-auditable - if: ${{ ( ! matrix.builds.cross ) }} - shell: bash - run: | - cargo install cargo-auditable cargo-audit - echo "CARGO=${{ env.CARGO }} auditable" >> $GITHUB_ENV - - - name: Build release targets - # if: ${{ startsWith(github.ref, 'refs/tags/v') }} - shell: bash - run: | - # echo "TS_BUILD=release" >> $GITHUB_ENV - if [[ "${{ env.TS_BUILD }}" == "release" ]]; then - echo "CARGO_OPTIONS=${{ env.CARGO_OPTIONS }} --${{ env.TS_BUILD }}" >> $GITHUB_ENV - fi - - - name: Show command used for Cargo - shell: bash - run: | - echo "cargo command is: ${{ env.CARGO }}" - echo "cargo options is: ${{ env.CARGO_OPTIONS }}" - echo "cross flag: ${{ matrix.builds.cross }}" - - - name: Build release binaries - timeout-minutes: 60 - shell: bash - run: | - ${{ env.CARGO }} build ${{ env.CARGO_OPTIONS }} \ - --target ${{ matrix.builds.target }} \ - --features "${{ env.BUILD_FEATURES }}" \ - ${{ env.TARGET_BINS }} \ - ${{ matrix.builds.flags }} - - - name: Build release libraries - if: ${{ env.TS_LIBRARIES != '' }} - shell: bash - run: | - ${{ env.CARGO }} build ${{ env.CARGO_OPTIONS }} \ - --target ${{ matrix.builds.target }} \ - --lib ${{ env.TARGET_LIBS }} \ - ${{ matrix.builds.flags }} - - - name: Copy binaries to folder for archiving - shell: bash - run: | - # set -xo pipefail - mkdir -p "$GITHUB_WORKSPACE${TS_DIST}" - cd "$GITHUB_WORKSPACE${TS_DIST}" - BINFILE="${TS_FILENAME}-${TARI_VERSION}-${VSHA_SHORT}-${{ matrix.builds.name }}${TS_EXT}" - echo "BINFILE=${BINFILE}" >> $GITHUB_ENV - echo "Copying files for ${BINFILE} to $(pwd)" - echo "MTS_SOURCE=$(pwd)" >> $GITHUB_ENV - ls -alht "$GITHUB_WORKSPACE/target/${{ matrix.builds.target }}/${{ env.TS_BUILD }}/" - ARRAY_FILES=( $(echo ${TS_FILES} | jq --raw-output '.[]' | awk '{ print $1 }') ) - for FILE in "${ARRAY_FILES[@]}"; do - echo "checking for file - ${FILE}${TS_EXT}" - if [ -f "${GITHUB_WORKSPACE}/target/${{ matrix.builds.target }}/${{ env.TS_BUILD }}/${FILE}${TS_EXT}" ]; then - cp -vf "${GITHUB_WORKSPACE}/target/${{ matrix.builds.target }}/${{ env.TS_BUILD }}/${FILE}${TS_EXT}" . - fi - done - if [[ "${{ matrix.builds.target_libs }}" == "" ]]; then - ARRAY_LIBS=( $(echo ${TS_LIBRARIES} | tr ', ' '\n') ) - else - ARRAY_LIBS=( $(echo "${{ matrix.builds.target_libs }}" | tr ', ' '\n') ) - fi - for FILE in "${ARRAY_LIBS[@]}"; do - echo "checking for file - ${FILE}${TS_EXT}" - # Check on Nix for libs - if [ -f "${GITHUB_WORKSPACE}/target/${{ matrix.builds.target }}/${{ env.TS_BUILD }}/lib${FILE}${LIB_EXT}" ]; then - cp -vf "${GITHUB_WORKSPACE}/target/${{ matrix.builds.target }}/${{ env.TS_BUILD }}/lib${FILE}${LIB_EXT}" . - fi - # Check on Windows libs - if [ -f "${GITHUB_WORKSPACE}/target/${{ matrix.builds.target }}/${{ env.TS_BUILD }}/${FILE}${LIB_EXT}" ]; then - cp -vf "${GITHUB_WORKSPACE}/target/${{ matrix.builds.target }}/${{ env.TS_BUILD }}/${FILE}${LIB_EXT}" . - fi - done - if [ -f "${GITHUB_WORKSPACE}/applications/minotari_node/${PLATFORM_SPECIFIC_DIR}/runtime/start_tor${SHELL_EXT}" ]; then - cp -vf "${GITHUB_WORKSPACE}/applications/minotari_node/${PLATFORM_SPECIFIC_DIR}/runtime/start_tor${SHELL_EXT}" . - fi - ls -alhtR ${{ env.MTS_SOURCE }} - - - name: Pre/unsigned OSX Artifact upload for Archive - # Disabled - if: ${{ false }} - # if: startsWith(runner.os,'macOS') - continue-on-error: true - uses: actions/upload-artifact@v4 - with: - name: ${{ env.TS_FILENAME }}_unsigned-archive-${{ matrix.builds.name }} - path: "${{ env.MTS_SOURCE }}/*" - - - name: Build the macOS Archive and code-sign - if: ${{ ( startsWith(runner.os,'macOS') ) && ( env.MACOS_NOTARIZE_USERNAME != '' ) }} - continue-on-error: true - env: - MACOS_KEYCHAIN_PASS: ${{ secrets.MACOS_KEYCHAIN_PASS }} - MACOS_APPLICATION_ID: ${{ secrets.MACOS_APPLICATION_ID }} - MACOS_APPLICATION_CERT: ${{ secrets.MACOS_APPLICATION_CERT }} - MACOS_APPLICATION_PASS: ${{ secrets.MACOS_APPLICATION_PASS }} - # MACOS_INSTALLER_ID: ${{ secrets.MACOS_INSTALLER_ID }} - # MACOS_INSTALLER_CERT: ${{ secrets.MACOS_INSTALLER_CERT }} - # MACOS_INSTALLER_PASS: ${{ secrets.MACOS_INSTALLER_PASS }} - MACOS_NOTARIZE_USERNAME: ${{ secrets.MACOS_NOTARIZE_USERNAME }} - MACOS_NOTARIZE_PASSWORD: ${{ secrets.MACOS_NOTARIZE_PASSWORD }} - MACOS_ASC_PROVIDER: ${{ secrets.MACOS_ASC_PROVIDER }} - run: | - set -xo pipefail - echo "${MACOS_APPLICATION_CERT}" | base64 --decode > application.p12 - # echo "${MACOS_INSTALLER_CERT}" | base64 --decode > installer.p12 - security create-keychain -p ${MACOS_KEYCHAIN_PASS} build.keychain - security default-keychain -s build.keychain - security unlock-keychain -p ${MACOS_KEYCHAIN_PASS} build.keychain - security import application.p12 -k build.keychain \ - -t cert -f pkcs12 \ - -P ${MACOS_APPLICATION_PASS} \ - -T /usr/bin/codesign - # security import installer.p12 -k build.keychain \ - # -t cert -f pkcs12 \ - # -P ${MACOS_INSTALLER_PASS} \ - # -T /usr/bin/pkgbuild - security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k ${MACOS_KEYCHAIN_PASS} build.keychain - - # if [[ "${{ matrix.builds.name }}" == "macos-arm64" ]]; then - # echo "Add codesign extra args for ${{ matrix.builds.name }}" - # OSX_CODESIGN_EXTRAS="--entitlements ${GITHUB_WORKSPACE}/applications/minotari_node/osx-pkg/entitlements.xml" - # fi - - # cd buildtools - # export target_release="target/${{ matrix.builds.target }}/${{ env.TS_BUILD }}" - - # mkdir -p "${{ runner.temp }}/osxpkg" - # export tarball_parent="${{ runner.temp }}/osxpkg" - # export tarball_source="${{ env.TARI_NETWORK_DIR }}" - # ./create_osx_install_zip.sh unused nozip - - ARRAY_FILES=( $(echo ${TS_FILES} | jq --raw-output '.[]' | awk '{ print $1 }') ) - - # find "${GITHUB_WORKSPACE}/${target_release}" \ - # -name "randomx-*" -type f -perm -+x \ - # -exec cp -vf {} "${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}/runtime/" \; - # FILES_DIAG_UTILS=( \ - # $(find "${GITHUB_WORKSPACE}/${target_release}" \ - # -name "randomx-*" -type f -perm -+x \ - # -exec sh -c 'echo "$(basename "{}")"' \; \ - # ) \ - # ) - # ARRAY_FILES+=(${FILES_DIAG_UTILS[@]}) - - # Codesign all files in ARRAY_FILES - for FILE in "${ARRAY_FILES[@]}"; do - # Codesign - codesign --options runtime --force --verify --verbose --timestamp ${OSX_CODESIGN_EXTRAS} \ - --sign "Developer ID Application: ${MACOS_APPLICATION_ID}" \ - "${{ env.MTS_SOURCE }}/${FILE}" - - # Verify codesign - codesign --verify --deep --display --verbose=4 \ - "${{ env.MTS_SOURCE }}/${FILE}" - - # cp -vf "${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}/runtime/${FILE}" \ - # "${{ env.MTS_SOURCE }}" - done - - # distDirPKG=$(mktemp -d -t ${{ env.TS_FILENAME }}) - # echo "${distDirPKG}" - # echo "distDirPKG=${distDirPKG}" >> $GITHUB_ENV - # TS_Temp=${{ env.TS_FILENAME }} - # TS_BUNDLE_ID_VALID_NAME=$(echo "${TS_Temp//_/-}") - # # Strip apple-darwin - # TS_ARCH=$(echo "${${{ matrix.builds.target }}//-apple-darwin/}") - # pkgbuild --root "${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}" \ - # --identifier "${{ env.TS_BUNDLE_ID_BASE }}.pkg.${TS_BUNDLE_ID_VALID_NAME}" \ - # --version "${TARI_VERSION}" \ - # --install-location "/tmp/tari" \ - # --scripts "${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}/scripts" \ - # --sign "Developer ID Installer: ${MACOS_INSTALLER_ID}" \ - # "${distDirPKG}/${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg" - - echo "Archive ${{ env.BINFILE }} too ${{ env.BINFILE }}.zip" - cd "${{ env.MTS_SOURCE }}" - echo "Compute files shasum" - ${SHARUN} * >> "${{ env.BINFILE }}.sha256" - echo "Show the shasum" - cat "${{ env.BINFILE }}.sha256" - echo "Checksum verification for files is " - ${SHARUN} --check "${{ env.BINFILE }}.sha256" - 7z a "${{ env.BINFILE }}.zip" * - - echo -e "Submitting to Apple...\n\n" - xcrun notarytool submit \ - "${{ env.BINFILE }}.zip" \ - --apple-id "${MACOS_NOTARIZE_USERNAME}" \ - --password ${MACOS_NOTARIZE_PASSWORD} \ - --team-id ${MACOS_ASC_PROVIDER} \ - --verbose --wait 2>&1 | tee -a notarisation.result - # Maybe use line from with "Processing complete"? - requestUUID=$(tail -n5 notarisation.result | grep "id:" | cut -d" " -f 4) - requestSTATUS=$(tail -n5 notarisation.result | grep "\ \ status:" | cut -d" " -f 4) - if [[ ${requestUUID} == "" ]] || [[ ${requestSTATUS} != "Accepted" ]]; then - echo "## status: ${requestSTATUS} - could not notarize - ${requestUUID} - ${{ env.BINFILE }}.zip" - exit 1 - else - echo "Notarization RequestUUID: ${requestUUID} - can't stapler archives" - # echo -e "\nStapling package...\ - # ${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg\n" - # xcrun stapler staple -v \ - # "${distDirPKG}/${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg" - fi - - # cd ${distDirPKG} - # echo "Compute pkg shasum" - # ${SHARUN} "${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg" \ - # >> "${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg.sha256" - # cat "${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg.sha256" - # echo "Checksum verification for pkg is " - # ${SHARUN} --check "${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg.sha256" - - echo "Compute archive shasum" - ${SHARUN} "${{ env.BINFILE }}.zip" >> "${{ env.BINFILE }}.zip.sha256" - echo "Show the shasum" - cat "${{ env.BINFILE }}.zip.sha256" - echo "Checksum verification archive is " - ${SHARUN} --check "${{ env.BINFILE }}.zip.sha256" - - - name: Artifact upload for macOS pkg - # Disabled - if: ${{ false }} - # if: startsWith(runner.os,'macOS') - continue-on-error: true - uses: actions/upload-artifact@v4 - with: - name: ${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg - path: "${{ env.distDirPKG }}/${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}*.pkg*" - - - name: Sign Windows files with Trusted Signing - if: ${{ ( startsWith(runner.os,'Windows') ) && ( env.AZURE_TENANT_ID != '' ) }} - env: - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - uses: azure/trusted-signing-action@v0.5.1 - with: - azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} - azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} - azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} - endpoint: https://eus.codesigning.azure.net/ - trusted-signing-account-name: Tari - certificate-profile-name: Tarilabs - files-folder: ${{ github.workspace }}${{ env.TS_DIST }}/ - files-folder-filter: exe,dll - file-digest: SHA256 - timestamp-rfc3161: http://timestamp.acs.microsoft.com - timestamp-digest: SHA256 - description: ${{ env.TS_DESCRIPTION }} - description-url: ${{ env.TS_URL }} - - - name: Verify Windows signing for archive pack - if: ${{ ( startsWith(runner.os,'Windows') ) && ( env.AZURE_TENANT_ID != '' ) }} - env: - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - shell: powershell - run: | - .\buildtools\check_signatures.ps1 -ScanDir ".\${{ env.TS_DIST }}" - - - name: Build the Windows installer - # Disabled - if: ${{ false }} - # if: startsWith(runner.os,'Windows') - shell: cmd - run: | - cd buildtools - "%programfiles(x86)%\Inno Setup 6\iscc.exe" "/DMyAppVersion=${{ env.TARI_VERSION }}-${{ env.VSHA_SHORT }}-${{ matrix.builds.name }}-installer" "/DMinotariSuite=${{ env.TS_FILENAME }}" "/DTariSuitePath=${{ github.workspace }}${{ env.TS_DIST }}" "windows_inno_installer.iss" - cd Output - echo "Compute archive shasum" - ${{ env.SHARUN }} "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}-${{ env.VSHA_SHORT }}-${{ matrix.builds.name }}-installer.exe" >> "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}-${{ env.VSHA_SHORT }}-${{ matrix.builds.name }}-installer.exe.sha256" - echo "Show the shasum" - cat "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}-${{ env.VSHA_SHORT }}-${{ matrix.builds.name }}-installer.exe.sha256" - echo "Checksum verification archive is " - ${{ env.SHARUN }} --check "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}-${{ env.VSHA_SHORT }}-${{ matrix.builds.name }}-installer.exe.sha256" - - - name: Sign Windows installer with Trusted Signing - # Disabled - if: ${{ false }} - # if: ${{ ( startsWith(runner.os,'Windows') ) && ( env.AZURE_TENANT_ID != '' ) }} - env: - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - uses: azure/trusted-signing-action@v0.5.1 - with: - azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} - azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} - azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} - endpoint: https://eus.codesigning.azure.net/ - trusted-signing-account-name: Tari - certificate-profile-name: Tarilabs - files-folder: ${{ github.workspace }}/buildtools/Output/ - files-folder-filter: exe,dll - file-digest: SHA256 - timestamp-rfc3161: http://timestamp.acs.microsoft.com - timestamp-digest: SHA256 - description: ${{ env.TS_DESCRIPTION }} - description-url: ${{ env.TS_URL }} - - - name: Verify Windows signing for installer - # Disabled - if: ${{ false }} - # if: ${{ ( startsWith(runner.os,'Windows') ) && ( env.AZURE_TENANT_ID != '' ) }} - env: - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - shell: powershell - working-directory: ${{ github.workspace }}/buildtools/Output - run: | - ..\check_signatures.ps1 -ScanDir "." - - - name: Artifact upload for Windows installer - # Disabled - if: ${{ false }} - # if: startsWith(runner.os,'Windows') - uses: actions/upload-artifact@v4 - with: - name: "${{ env.TS_FILENAME }}_windows_installer" - path: "${{ github.workspace }}/buildtools/Output/*" - - - name: Audit tree and feedback for binaries - if: ${{ ( ! matrix.builds.cross ) }} - continue-on-error: true - shell: bash - run: | - cd "${{ env.MTS_SOURCE }}" - echo "Audit binaries ..." - cargo audit bin *tari* - - - name: Archive and Checksum Binaries - if: ${{ ! ( ( startsWith(runner.os, 'macOS') && ( env.MACOS_NOTARIZE_USERNAME != '' ) ) ) }} - env: - MACOS_NOTARIZE_USERNAME: ${{ secrets.MACOS_NOTARIZE_USERNAME }} - shell: bash - run: | - echo "Archive ${{ env.BINFILE }} too ${{ env.BINFILE }}.zip" - cd "${{ env.MTS_SOURCE }}" - echo "Compute files shasum" - ${SHARUN} * >> "${{ env.BINFILE }}.sha256" - echo "Show the shasum" - cat "${{ env.BINFILE }}.sha256" - echo "Checksum verification for files is " - ${SHARUN} --check "${{ env.BINFILE }}.sha256" - 7z a "${{ env.BINFILE }}.zip" * - echo "Compute archive shasum" - ${SHARUN} "${{ env.BINFILE }}.zip" >> "${{ env.BINFILE }}.zip.sha256" - echo "Show the shasum" - cat "${{ env.BINFILE }}.zip.sha256" - echo "Checksum verification archive is " - ${SHARUN} --check "${{ env.BINFILE }}.zip.sha256" - - - name: Artifact upload for Archive - uses: actions/upload-artifact@v4 - with: - name: ${{ env.TS_FILENAME }}_archive-${{ matrix.builds.name }} - path: "${{ github.workspace }}${{ env.TS_DIST }}/${{ env.BINFILE }}.zip*" - - macOS-universal-assemble: - name: macOS universal assemble - needs: builds - - env: - TARI_VERSION: ${{ needs.builds.outputs.TARI_VERSION }} - VSHA_SHORT: ${{ needs.builds.outputs.VSHA_SHORT }} - SHARUN: "shasum --algorithm 256" - - continue-on-error: true - - runs-on: macos-14 - - steps: - - name: Checkout source code - uses: actions/checkout@v4 - - - name: Download macOS binaries - uses: actions/download-artifact@v4 - with: - path: osxuni - # macos - x86_64 / arm64 - pattern: ${{ env.TS_FILENAME }}_archive-macos-* - merge-multiple: true - - - name: Set environment variables for macOS universal - shell: bash - run: | - BINFN="${TS_FILENAME}-${TARI_VERSION}-${VSHA_SHORT}" - echo "BINFN=${BINFN}" >> $GITHUB_ENV - echo "BINFILE=${BINFN}-macos-universal" >> $GITHUB_ENV - - - name: Install macOS dependencies - shell: bash - run: | - brew install coreutils - - - name: Verify checksums and extract - shell: bash - working-directory: osxuni - run: | - ls -alhtR - ${SHARUN} --ignore-missing --check \ - "${{ env.BINFN }}-macos-x86_64.zip.sha256" - ${SHARUN} --ignore-missing --check \ - "${{ env.BINFN }}-macos-arm64.zip.sha256" - ls -alhtR - mkdir macos-universal macos-x86_64 macos-arm64 - cd macos-x86_64 - 7z e "../${{ env.BINFN }}-macos-x86_64.zip" - cd ../macos-arm64 - 7z e "../${{ env.BINFN }}-macos-arm64.zip" - - - name: Assemble macOS universal binaries - shell: bash - working-directory: osxuni - run: | - ls -alhtR - ARRAY_FILES=( $(echo ${TS_FILES} | jq --raw-output '.[]' | awk '{ print $1 }') ) - for FILE in "${ARRAY_FILES[@]}"; do - echo "processing binary file - ${FILE}" - lipo -create -output macos-universal/${FILE} \ - macos-x86_64/${FILE} \ - macos-arm64/${FILE} - done - ARRAY_LIBS=( $(echo ${TS_LIBRARIES} | tr ', ' '\n') ) - for FILE in "${ARRAY_LIBS[@]}"; do - echo "processing library file - lib${FILE}.dylib" - lipo -create -output macos-universal/lib${FILE}.dylib \ - macos-x86_64/lib${FILE}.dylib \ - macos-arm64/lib${FILE}.dylib - done - ls -alhtR macos-universal - - - name: Build the macOS universal Archive and code-sign - if: ${{ ( startsWith(runner.os,'macOS') ) && ( env.MACOS_NOTARIZE_USERNAME != '' ) }} - continue-on-error: true - env: - MACOS_KEYCHAIN_PASS: ${{ secrets.MACOS_KEYCHAIN_PASS }} - MACOS_APPLICATION_ID: ${{ secrets.MACOS_APPLICATION_ID }} - MACOS_APPLICATION_CERT: ${{ secrets.MACOS_APPLICATION_CERT }} - MACOS_APPLICATION_PASS: ${{ secrets.MACOS_APPLICATION_PASS }} - # MACOS_INSTALLER_ID: ${{ secrets.MACOS_INSTALLER_ID }} - # MACOS_INSTALLER_CERT: ${{ secrets.MACOS_INSTALLER_CERT }} - # MACOS_INSTALLER_PASS: ${{ secrets.MACOS_INSTALLER_PASS }} - MACOS_NOTARIZE_USERNAME: ${{ secrets.MACOS_NOTARIZE_USERNAME }} - MACOS_NOTARIZE_PASSWORD: ${{ secrets.MACOS_NOTARIZE_PASSWORD }} - MACOS_ASC_PROVIDER: ${{ secrets.MACOS_ASC_PROVIDER }} - run: | - set -xo pipefail - echo "${MACOS_APPLICATION_CERT}" | base64 --decode > application.p12 - # echo "${MACOS_INSTALLER_CERT}" | base64 --decode > installer.p12 - security create-keychain -p ${MACOS_KEYCHAIN_PASS} build.keychain - security default-keychain -s build.keychain - security unlock-keychain -p ${MACOS_KEYCHAIN_PASS} build.keychain - security import application.p12 -k build.keychain \ - -t cert -f pkcs12 \ - -P ${MACOS_APPLICATION_PASS} \ - -T /usr/bin/codesign - # security import installer.p12 -k build.keychain \ - # -t cert -f pkcs12 \ - # -P ${MACOS_INSTALLER_PASS} \ - # -T /usr/bin/pkgbuild - security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k ${MACOS_KEYCHAIN_PASS} build.keychain - - # OSX_CODESIGN_EXTRAS="--entitlements ${GITHUB_WORKSPACE}/applications/minotari_node/osx-pkg/entitlements.xml" - - # cd buildtools - # # export target_release="target/${{ matrix.builds.target }}/${{ env.TS_BUILD }}" - # # matrix.builds.target=macos-universal - # # matrix.builds.name=macos-universal - # export target_release="osxuni/macos-universal" - # mkdir -p "${{ runner.temp }}/osxpkg" - # export tarball_parent="${{ runner.temp }}/osxpkg" - # export tarball_source="${{ env.TARI_NETWORK_DIR }}" - # ./create_osx_install_zip.sh unused nozip - - ARRAY_FILES=( $(echo ${TS_FILES} | jq --raw-output '.[]' | awk '{ print $1 }') ) - - # Codesign all files in ARRAY_FILES - for FILE in "${ARRAY_FILES[@]}"; do - # Codesign - codesign --options runtime --force --verify --verbose --timestamp ${OSX_CODESIGN_EXTRAS} \ - --sign "Developer ID Application: ${MACOS_APPLICATION_ID}" \ - "${{ github.workspace }}/osxuni/macos-universal/${FILE}" - # Verify codesign - codesign --verify --deep --display --verbose=4 \ - "${{ github.workspace }}/osxuni/macos-universal/${FILE}" - - # cp -vf "${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}/runtime/${FILE}" \ - # "${{ github.workspace }}/osxuni/macos-universal/" - done - - # distDirPKG=$(mktemp -d -t ${{ env.TS_FILENAME }}) - # echo "${distDirPKG}" - # echo "distDirPKG=${distDirPKG}" >> $GITHUB_ENV - # TS_Temp=${{ env.TS_FILENAME }} - # TS_BUNDLE_ID_VALID_NAME=$(echo "${TS_Temp//_/-}") - # TS_ARCH=universal - # pkgbuild --root "${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}" \ - # --identifier "${{ env.TS_BUNDLE_ID_BASE }}.pkg.${TS_BUNDLE_ID_VALID_NAME}" \ - # --version "${TARI_VERSION}" \ - # --install-location "/tmp/tari" \ - # --scripts "${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}/scripts" \ - # --sign "Developer ID Installer: ${MACOS_INSTALLER_ID}" \ - # "${distDirPKG}/${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg" - - echo "Archive ${{ env.BINFILE }} too ${{ env.BINFILE }}.zip" - cd "osxuni/macos-universal" - echo "Compute files shasum" - ${SHARUN} * >> "${{ env.BINFILE }}.sha256" - echo "Show the shasum" - cat "${{ env.BINFILE }}.sha256" - echo "Checksum verification for files is " - ${SHARUN} --check "${{ env.BINFILE }}.sha256" - 7z a "${{ env.BINFILE }}.zip" * - - echo -e "Submitting to Apple...\n\n" - xcrun notarytool submit \ - "${{ env.BINFILE }}.zip" \ - --apple-id "${MACOS_NOTARIZE_USERNAME}" \ - --password ${MACOS_NOTARIZE_PASSWORD} \ - --team-id ${MACOS_ASC_PROVIDER} \ - --verbose --wait 2>&1 | tee -a notarisation.result - # Maybe use line from with "Processing complete"? - requestUUID=$(tail -n5 notarisation.result | grep "id:" | cut -d" " -f 4) - requestSTATUS=$(tail -n5 notarisation.result | grep "\ \ status:" | cut -d" " -f 4) - if [[ ${requestUUID} == "" ]] || [[ ${requestSTATUS} != "Accepted" ]]; then - echo "## status: ${requestSTATUS} - could not notarize - ${requestUUID} - ${{ env.BINFILE }}.zip" - exit 1 - else - echo "Notarization RequestUUID: ${requestUUID} - can't stapler archives" - # echo -e "\nStapling package...\ - # ${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg\n" - # xcrun stapler staple -v \ - # "${distDirPKG}/${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg" - fi - - # cd ${distDirPKG} - # echo "Compute pkg shasum" - # ${SHARUN} "${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg" \ - # >> "${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg.sha256" - # cat "${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg.sha256" - # echo "Checksum verification for pkg is " - # ${SHARUN} --check "${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg.sha256" - - echo "Compute archive shasum" - ${SHARUN} "${{ env.BINFILE }}.zip" >> "${{ env.BINFILE }}.zip.sha256" - echo "Show the shasum" - cat "${{ env.BINFILE }}.zip.sha256" - echo "Checksum verification archive is " - ${SHARUN} --check "${{ env.BINFILE }}.zip.sha256" - - - name: Artifact upload for Archive - uses: actions/upload-artifact@v4 - with: - name: ${{ env.TS_FILENAME }}_archive-macos-universal - path: "${{ github.workspace }}/osxuni/macos-universal/${{ env.BINFILE }}.zip*" - - create-release: - if: ${{ startsWith(github.ref, 'refs/tags/v') }} - - runs-on: ubuntu-latest - needs: [ builds, macOS-universal-assemble ] - - env: - TARI_NETWORK_DIR: ${{ needs.builds.outputs.TARI_NETWORK_DIR }} - TARI_VERSION: ${{ needs.builds.outputs.TARI_VERSION }} - - permissions: - contents: write - - steps: - - name: Download binaries - uses: actions/download-artifact@v4 - with: - path: ${{ env.TS_FILENAME }} - pattern: "${{ env.TS_FILENAME }}*" - merge-multiple: true - - - name: Verify checksums and Prep Uploads - shell: bash - working-directory: ${{ env.TS_FILENAME }} - run: | - # set -xo pipefail - sudo apt-get update - sudo apt-get --no-install-recommends --assume-yes install dos2unix - ls -alhtR - if [ -f "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}.${{ env.TS_SIG_FN }}" ] ; then - rm -fv "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}.${{ env.TS_SIG_FN }}" - fi - # Merge all sha256 files into one - find . -name "*.sha256" -type f -print | xargs cat >> "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}.${{ env.TS_SIG_FN }}" - dos2unix --quiet "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}.${{ env.TS_SIG_FN }}" - cat "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}.${{ env.TS_SIG_FN }}" - sha256sum --ignore-missing --check "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}.${{ env.TS_SIG_FN }}" - ls -alhtR - - - name: Create release - uses: ncipollo/release-action@v1 - with: - artifacts: "${{ env.TS_FILENAME }}*/**/*" - token: ${{ secrets.GITHUB_TOKEN }} - prerelease: true - draft: true - allowUpdates: true - updateOnlyUnreleased: true - replacesArtifacts: true - - - name: Sync assets to S3 - continue-on-error: true - if: ${{ env.AWS_SECRET_ACCESS_KEY != '' && matrix.builds.runs-on != 'self-hosted' }} - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - S3CMD: "cp" - S3OPTIONS: '--recursive --exclude "*" --include "*.sha256*" --include "*.zip*" --include "*.pkg*" --include "*installer.exe*"' - shell: bash - working-directory: ${{ env.TS_FILENAME }} - run: | - echo "Upload processing ..." - ls -alhtR - echo "Clean up" - # Bash check if file with wildcards, does not work as expected - # if [ -f ${{ env.TS_FILENAME }}*diag-utils* ] ; then - if ls ${{ env.TS_FILENAME }}*diag-utils* > /dev/null 2>&1 ; then - rm -fv ${{ env.TS_FILENAME }}*diag-utils* - fi - echo "Folder setup" - if ls ${{ env.TS_FILENAME }}*linux* > /dev/null 2>&1 ; then - mkdir -p "linux/${{ env.TARI_NETWORK_DIR }}/" - mv -v ${{ env.TS_FILENAME }}*linux* "linux/${{ env.TARI_NETWORK_DIR }}/" - fi - if ls ${{ env.TS_FILENAME }}*macos* > /dev/null 2>&1 ; then - mkdir -p "osx/${{ env.TARI_NETWORK_DIR }}/" - mv -v ${{ env.TS_FILENAME }}*macos* "osx/${{ env.TARI_NETWORK_DIR }}/" - fi - if ls ${{ env.TS_FILENAME }}*windows* > /dev/null 2>&1 ; then - mkdir -p "windows/${{ env.TARI_NETWORK_DIR }}/" - mv -v ${{ env.TS_FILENAME }}*windows* "windows/${{ env.TARI_NETWORK_DIR }}/" - fi - ls -alhtR - aws --version - echo "ls current" - aws s3 ls --region ${{ secrets.AWS_REGION }} \ - s3://${{ secrets.AWS_S3_BUCKET }}/current/ - echo "Upload current" - aws s3 ${{ env.S3CMD }} --region ${{ secrets.AWS_REGION }} \ - . \ - s3://${{ secrets.AWS_S3_BUCKET }}/current/ \ - ${{ env.S3OPTIONS }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index 9aea92e..0000000 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,243 +0,0 @@ ---- -name: CI - -'on': - workflow_dispatch: - push: - branches: - - development - - main - - ci-* - pull_request: - types: - - opened - - reopened - - synchronize - merge_group: - -concurrency: - # https://docs.github.com/en/actions/examples/using-concurrency-expressions-and-a-test-matrix - group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}' - cancel-in-progress: ${{ !startsWith(github.ref, 'refs/tags/v') || github.ref != 'refs/heads/development' }} - -env: - nightly_toolchain: nightly-2025-01-09 - stable_toolchain: 1.88.0 - CARGO_HTTP_MULTIPLEXING: false - CARGO_TERM_COLOR: always - TARI_TARGET_NETWORK: localnet - TARI_NETWORK: localnet - PROTOC: protoc - TERM: unknown - -jobs: - fmt: - name: fmt - runs-on: [ ubuntu-latest ] - - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: toolchain - uses: dtolnay/rust-toolchain@nightly - with: - toolchain: ${{ env.nightly_toolchain }} - components: rustfmt - - - name: ubuntu dependencies - run: | - sudo apt-get update - sudo bash scripts/install_ubuntu_dependencies.sh - - - name: wasm target install - run: rustup target add wasm32-unknown-unknown - - - name: cargo format - run: cargo +${{ env.nightly_toolchain }} fmt --all -- --check - - clippy: - name: clippy - runs-on: [ ubuntu-latest ] - - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: toolchain - uses: dtolnay/rust-toolchain@stable - with: - toolchain: ${{ env.stable_toolchain }} - components: clippy - - - name: ubuntu dependencies - run: | - sudo apt-get update - sudo bash scripts/install_ubuntu_dependencies.sh - - - uses: rui314/setup-mold@v1 - - - name: wasm target install - run: rustup target add wasm32-unknown-unknown - - - name: Install cargo-lints - run: cargo install cargo-lints - - - name: Clippy check (with lints) - run: cargo lints clippy --all-targets --all-features - - machete: - # Checks for unused dependencies. - name: machete - runs-on: [ ubuntu-latest ] - - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: toolchain - uses: dtolnay/rust-toolchain@stable - with: - toolchain: ${{ env.stable_toolchain }} - components: clippy, rustfmt - - - name: ubuntu dependencies - run: | - sudo apt-get update - sudo bash scripts/install_ubuntu_dependencies.sh - - - name: cargo machete - run: | - cargo install cargo-machete - cargo machete - - build: - name: check nightly - runs-on: [ ubuntu-latest ] - - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: toolchain - uses: dtolnay/rust-toolchain@nightly - with: - toolchain: ${{ env.nightly_toolchain }} - - - name: ubuntu dependencies - run: | - sudo apt-get update - sudo bash scripts/install_ubuntu_dependencies.sh - - - uses: rui314/setup-mold@v1 - - - name: wasm target install - run: rustup target add wasm32-unknown-unknown - - - name: cargo check - run: cargo check --release --all-features --all-targets --locked - - build-stable: - name: check stable - runs-on: [ ubuntu-latest ] - env: - RUSTUP_PERMIT_COPY_RENAME: true - - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: toolchain - uses: dtolnay/rust-toolchain@stable - with: - toolchain: stable - - - uses: Swatinem/rust-cache@v2 - - - name: ubuntu dependencies - run: | - sudo apt-get update - sudo bash scripts/install_ubuntu_dependencies.sh - - - uses: rui314/setup-mold@v1 - - - name: wasm target install - run: rustup target add wasm32-unknown-unknown - - - name: rustup show - run: | - rustup show - - - name: cargo check - run: cargo check --release --all-targets --locked - - licenses: - name: file licenses - runs-on: [ ubuntu-latest ] - - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: install ripgrep - # https://github.com/BurntSushi/ripgrep/releases - env: - ripgrep_version: 14.1.0 - run: | - #wget https://github.com/BurntSushi/ripgrep/releases/download/14.1.0/ripgrep_14.1.0-1_amd64.deb.sha256 - wget https://github.com/BurntSushi/ripgrep/releases/download/${{ env.ripgrep_version }}/ripgrep_${{ env.ripgrep_version }}-1_amd64.deb - sudo dpkg -i ripgrep_${{ env.ripgrep_version }}-1_amd64.deb - rg --version || exit 1 - - - name: run the license check - run: ./scripts/file_license_check.sh - - test: - name: test - runs-on: [ ubuntu-latest ] - - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: toolchain - uses: dtolnay/rust-toolchain@stable - with: - toolchain: ${{ env.stable_toolchain }} - - - name: ubuntu dependencies - run: | - sudo apt-get update - sudo bash scripts/install_ubuntu_dependencies.sh - - - uses: rui314/setup-mold@v1 - - - name: wasm target install - run: rustup target add wasm32-unknown-unknown - - - name: Install cargo-nextest - run: cargo install cargo-nextest --locked - - - name: cargo test compile - run: cargo test --no-run --locked --all-features --release - - - name: cargo test - run: cargo nextest run --all-features --release --profile ci - - - name: upload artifact - uses: actions/upload-artifact@v4 # upload test results as artifact - if: success() || failure() - with: - name: test-results - path: ${{ github.workspace }}/target/nextest/ci/junit.xml - - # needed for test results - event_file: - runs-on: [ ubuntu-latest ] - - steps: - - name: Upload - uses: actions/upload-artifact@v4 - with: - name: Event File - path: ${{ github.event_path }} diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml deleted file mode 100644 index c8bbd30..0000000 --- a/.github/workflows/coverage.yml +++ /dev/null @@ -1,64 +0,0 @@ ---- -name: Source Coverage - -'on': - workflow_dispatch: - -env: - toolchain: nightly-2022-05-01 - -jobs: - coverage: - name: test and generate cov - runs-on: [ self-hosted, ubuntu18.04-high-mem ] - - steps: - - name: checkout - uses: actions/checkout@v4 - - - name: ubuntu dependencies - run: | - sudo apt-get update - sudo bash scripts/install_ubuntu_dependencies.sh - - - name: toolchain - uses: dtolnay/rust-toolchain@stable - with: - toolchain: nightly - components: llvm-tools-preview - - - name: cargo test compile - env: - RUSTFLAGS: "-C instrument-coverage" - RUSTDOCFLAGS: "-C instrument-coverage" - LLVM_PROFILE_FILE: "coverage_data-%p-%m.profraw" - run: cargo test --all-features --no-fail-fast - - - id: coverage - name: Prepare coverage data - env: - COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }} - run: | - cargo install grcov - grcov . -s . --binary-path ./target/debug -t coveralls --branch --ignore-not-existing \ - -o ./target/coveralls_coverage.json \ - --token $COVERALLS_REPO_TOKEN \ - --ignore target/**/*.rs \ - --ignore **/.cargo/**/*.rs \ - --vcs-branch $GITHUB_REF_NAME \ - --service-name github \ - --service-job-id ${GITHUB_RUN_ID} - - - name: archive-coverage - id: archive-coverage - uses: actions/upload-artifact@v4 - with: - path: target/coveralls_coverage.json - name: coveralls-coverage - - - name: Coveralls upload - uses: toshke/github-action@master - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - path-to-lcov: ./target/coveralls_coverage.json - file-format: coveralls diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml new file mode 100644 index 0000000..ec399e1 --- /dev/null +++ b/.github/workflows/pr-check.yml @@ -0,0 +1,53 @@ +name: PR Check + +on: + pull_request: + workflow_dispatch: + +jobs: + test: + name: Test + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install Rust + uses: dtolnay/rust-toolchain@stable + with: + components: rustfmt, clippy + + - name: Cache + uses: Swatinem/rust-cache@v2 + + - name: Install system deps + run: sudo apt-get update && sudo apt-get install -y libdbus-1-dev pkg-config + + - name: Format check + run: cargo fmt --all -- --check + + - name: Clippy + run: cargo clippy --all-targets --all-features -- -D warnings + + - name: Test + run: cargo test --all-features --release + + licenses: + name: file licenses + runs-on: ubuntu-latest + + steps: + - name: checkout + uses: actions/checkout@v4 + + - name: install ripgrep + # https://github.com/BurntSushi/ripgrep/releases + env: + ripgrep_version: 14.1.1 + run: | + wget https://github.com/BurntSushi/ripgrep/releases/download/${{ env.ripgrep_version }}/ripgrep_${{ env.ripgrep_version }}-1_amd64.deb + sudo dpkg -i ripgrep_${{ env.ripgrep_version }}-1_amd64.deb + rg --version || exit 1 + + - name: run the license check + run: ./scripts/file_license_check.sh diff --git a/.github/workflows/pr_signed_commits_check.yml b/.github/workflows/pr_signed_commits_check.yml index 2024a9f..d0e2bc4 100644 --- a/.github/workflows/pr_signed_commits_check.yml +++ b/.github/workflows/pr_signed_commits_check.yml @@ -2,10 +2,7 @@ # Checks if the comments are signed or not name: PR - Signed commits check -'on': - pull_request_target - -permissions: {} +"on": pull_request_target jobs: check-signed-commits: diff --git a/.github/workflows/pr_title.yml b/.github/workflows/pr_title.yml deleted file mode 100644 index 5801de8..0000000 --- a/.github/workflows/pr_title.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Checks that PR titles conform to Conventional Commits -# See https://www.conventionalcommits.org/en/v1.0.0/ for more information -name: PR - -on: - pull_request: - types: - - opened - - reopened - - edited - - synchronize - -jobs: - check-title: - runs-on: ubuntu-latest - steps: - - name: install - run: | - npm install -g @commitlint/cli @commitlint/config-conventional - echo "module.exports = {extends: ['@commitlint/config-conventional']}" > commitlint.config.js - - - name: lint - run: | - echo "$PR_TITLE" | commitlint - env: - PR_TITLE: ${{github.event.pull_request.title}} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b4ad04a..3515ce2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,8 +4,6 @@ on: push: tags: - "v*" - pull_request: - workflow_dispatch: jobs: build: @@ -85,23 +83,15 @@ jobs: name: Create Release runs-on: ubuntu-latest needs: build - if: startsWith(github.ref, 'refs/tags/') permissions: contents: write steps: - - name: Download all artifacts + - name: Download artifacts uses: actions/download-artifact@v4 with: path: artifacts - name: Create release - run: | - # Extract tag name from ref - TAG_NAME=${GITHUB_REF#refs/tags/} - # Create release with GitHub CLI - gh release create "$TAG_NAME" \ - artifacts/*/tari-* \ - --generate-notes \ - --title "$TAG_NAME" + run: gh release create ${{ github.ref_name }} artifacts/*/tari-* --generate-notes env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}