Skip to content

Build Matrix of Binaries #67

Build Matrix of Binaries

Build Matrix of Binaries #67

---
name: Build Matrix of Binaries
'on':
push:
tags:
- "v[0-9]+.[0-9]+.[0-9]*"
branches:
- "build-all-*"
- "build-bins-*"
schedule:
- cron: "05 00 * * *"
workflow_dispatch:
inputs:
customTag:
description: "Development Tag"
required: true
default: "development-tag"
env:
TS_FILENAME: "clythor"
TS_BUNDLE_ID_BASE: "com.tarilabs"
TS_SIG_FN: "sha256-unsigned.txt"
## Must be a JSon string
TS_FILES: '["clythor"]'
toolchain: nightly-2024-03-01
matrix-json-file: ".github/workflows/build_binaries.json"
CARGO_HTTP_MULTIPLEXING: false
CARGO_UNSTABLE_SPARSE_REGISTRY: true
CARGO: cargo
CARGO_OPTIONS: "--release"
CARGO_CACHE: true
concurrency:
# https://docs.github.com/en/actions/examples/using-concurrency-expressions-and-a-test-matrix
group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
cancel-in-progress: ${{ !startsWith(github.ref, 'refs/tags/v') || github.ref != 'refs/heads/development' || github.ref != 'refs/heads/nextnet' || github.ref != 'refs/heads/stagenet' }}
permissions: {}
jobs:
matrix-prep:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v4
with:
submodules: false
- name: Set Matrix
id: set-matrix
run: |
#
# build all targets images
# matrix=$( jq -s -c .[] .github/workflows/build_binaries.json )
#
# build only single target image
# matrix_selection=$( jq -c '.[] | select( ."name" == "windows-x64" )' ${{ env.matrix-json-file }} )
# matrix_selection=$( jq -c '.[] | select( ."name" | contains("macos") )' ${{ env.matrix-json-file }} )
#
# build select target images - build_enabled
matrix_selection=$( jq -c '.[] | select( ."build_enabled" != false )' ${{ env.matrix-json-file }} )
#
# Setup the json build matrix
matrix=$(echo ${matrix_selection} | jq -s -c '{"builds": .}')
echo $matrix
echo $matrix | jq .
echo "matrix=${matrix}" >> $GITHUB_OUTPUT
matrix-check:
# Debug matrix
if: ${{ false }}
runs-on: ubuntu-latest
needs: matrix-prep
steps:
- name: Install json2yaml
run: |
sudo npm install -g json2yaml
- name: Check matrix definition
run: |
matrix='${{ needs.matrix-prep.outputs.matrix }}'
echo $matrix
echo $matrix | jq .
echo $matrix | json2yaml
builds:
name: Building ${{ matrix.builds.name }} on ${{ matrix.builds.runs-on }}
needs: matrix-prep
continue-on-error: ${{ matrix.builds.best_effort || false }}
outputs:
TARI_VERSION: ${{ steps.set-tari-vars.outputs.TARI_VERSION }}
VSHA_SHORT: ${{ steps.set-tari-vars.outputs.VSHA_SHORT }}
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.matrix-prep.outputs.matrix) }}
runs-on: ${{ matrix.builds.runs-on }}
steps:
- name: Checkout source code
uses: actions/checkout@v4
- name: Declare Global Variables 4 GHA ${{ github.event_name }}
id: set-tari-vars
shell: bash
run: |
echo "VBRANCH=${{ github.ref_name }}" >> $GITHUB_ENV
VSHA_SHORT=$(git rev-parse --short HEAD)
echo "VSHA_SHORT=${VSHA_SHORT}" >> $GITHUB_ENV
echo "VSHA_SHORT=${VSHA_SHORT}" >> $GITHUB_OUTPUT
TARI_VERSION=$(awk -F ' = ' '$1 ~ /^version/ \
{ gsub(/["]/, "", $2); printf("%s",$2) }' \
"$GITHUB_WORKSPACE/Cargo.toml")
echo "TARI_VERSION=${TARI_VERSION}" >> $GITHUB_ENV
echo "TARI_VERSION=${TARI_VERSION}" >> $GITHUB_OUTPUT
TARGET_BINS=""
if [[ "${{ matrix.builds.target_bins }}" == "" ]]; then
ARRAY_BINS=( $(echo ${TS_FILES} | jq --raw-output '.[]' | awk '{ print $1 }') )
else
ARRAY_BINS=( $(echo "${{ matrix.builds.target_bins }}" | tr ', ' '\n') )
fi
for BIN_FILE in "${ARRAY_BINS[@]}"; do
echo "Adding ${BIN_FILE} to Builds"
TARGET_BINS+="--bin ${BIN_FILE} "
done
echo "TARGET_BINS=${TARGET_BINS}" >> $GITHUB_ENV
TARI_BUILD_ISA_CPU=${{ matrix.builds.target }}
# Strip unknown part
TARI_BUILD_ISA_CPU=${TARI_BUILD_ISA_CPU//-unknown-linux-gnu}
# Strip gc used by rust
TARI_BUILD_ISA_CPU=${TARI_BUILD_ISA_CPU//gc}
echo "TARI_BUILD_ISA_CPU=${TARI_BUILD_ISA_CPU}" >> $GITHUB_ENV
- name: Scheduled Destination Folder Override
if: ${{ github.event_name == 'schedule' && github.event.schedule == '05 00 * * *' }}
shell: bash
run: |
echo "S3_DEST_OVERRIDE=daily/" >> $GITHUB_ENV
- name: Setup Rust toolchain
uses: dtolnay/rust-toolchain@master
with:
components: rustfmt, clippy
toolchain: ${{ matrix.builds.rust }}
targets: ${{ matrix.builds.target }}
- name: Install Linux dependencies - Ubuntu
if: ${{ startsWith(runner.os,'Linux') && ( ! matrix.builds.cross ) }}
run: |
sudo apt-get update
sudo bash scripts/install_ubuntu_dependencies.sh
- name: Install Linux dependencies - Ubuntu - cross-compiled ${{ env.TARI_BUILD_ISA_CPU }} on x86-64
if: ${{ startsWith(runner.os,'Linux') && ( ! matrix.builds.cross ) && matrix.builds.name != 'linux-x86_64' }}
run: |
sudo apt-get update
sudo bash scripts/install_ubuntu_dependencies-cross_compile.sh ${{ env.TARI_BUILD_ISA_CPU }}
rustup target add ${{ matrix.builds.target }}
echo "PKG_CONFIG_SYSROOT_DIR=/usr/${{ env.TARI_BUILD_ISA_CPU }}-linux-gnu/" >> $GITHUB_ENV
- name: Install macOS dependencies
if: startsWith(runner.os,'macOS')
run: |
# Already installed items
# brew install openssl cmake autoconf zip
brew install coreutils automake protobuf
rustup target add ${{ matrix.builds.target }}
- name: Install Windows dependencies
if: startsWith(runner.os,'Windows')
run: |
vcpkg.exe install sqlite3:x64-windows zlib:x64-windows
# Bug in choco - need to install each package individually
choco upgrade llvm -y
# psutils is out of date
# choco upgrade psutils -y
choco upgrade openssl -y
# Should already be installed
# choco upgrade strawberryperl -y
choco upgrade protoc -y
rustup target add ${{ matrix.builds.target }}
- name: Set environment variables - Nix
if: ${{ ! startsWith(runner.os,'Windows') }}
shell: bash
run: |
echo "SHARUN=shasum --algorithm 256" >> $GITHUB_ENV
echo "CC=gcc" >> $GITHUB_ENV
echo "TS_EXT=" >> $GITHUB_ENV
echo "SHELL_EXT=.sh" >> $GITHUB_ENV
echo "PLATFORM_SPECIFIC_DIR=linux" >> $GITHUB_ENV
echo "TS_DIST=/dist" >> $GITHUB_ENV
- name: Set environment variables - macOS
if: startsWith(runner.os,'macOS')
shell: bash
run: |
echo "PLATFORM_SPECIFIC_DIR=osx" >> $GITHUB_ENV
echo "LIB_EXT=.dylib" >> $GITHUB_ENV
# Hardcoded sdk for MacOSX on ARM64
- name: Set environment variables - macOS - ARM64 (pin/sdk)
# Debug
if: ${{ false }}
# if: ${{ startsWith(runner.os,'macOS') && matrix.builds.name == 'macos-arm64' }}
run: |
xcrun --show-sdk-path
ls -alhtR "/Library/Developer/CommandLineTools/SDKs/"
echo "RANDOMX_RS_CMAKE_OSX_SYSROOT=/Library/Developer/CommandLineTools/SDKs/MacOSX12.1.sdk" >> $GITHUB_ENV
- name: Set environment variables - Ubuntu
if: startsWith(runner.os,'Linux')
shell: bash
run: |
echo "LIB_EXT=.so" >> $GITHUB_ENV
- name: Set environment variables - Windows
if: startsWith(runner.os,'Windows')
shell: bash
run: |
# echo "SHARUN=pwsh C:\ProgramData\chocolatey\lib\psutils\tools\psutils-master\shasum.ps1 --algorithm 256" >> $GITHUB_ENV
mkdir -p "$GITHUB_WORKSPACE\psutils"
curl -v -o "$GITHUB_WORKSPACE\psutils\getopt.ps1" "https://raw.githubusercontent.com/lukesampson/psutils/master/getopt.ps1"
curl -v -o "$GITHUB_WORKSPACE\psutils\shasum.ps1" "https://raw.githubusercontent.com/lukesampson/psutils/master/shasum.ps1"
echo "SHARUN=pwsh $GITHUB_WORKSPACE\psutils\shasum.ps1 --algorithm 256" >> $GITHUB_ENV
echo "TS_EXT=.exe" >> $GITHUB_ENV
echo "LIB_EXT=.dll" >> $GITHUB_ENV
echo "SHELL_EXT=.bat" >> $GITHUB_ENV
echo "TS_DIST=\dist" >> $GITHUB_ENV
echo "PLATFORM_SPECIFIC_DIR=windows" >> $GITHUB_ENV
echo "SQLITE3_LIB_DIR=C:\vcpkg\installed\x64-windows\lib" >> $GITHUB_ENV
echo "OPENSSL_DIR=C:\Program Files\OpenSSL-Win64" >> $GITHUB_ENV
echo "LIBCLANG_PATH=C:\Program Files\LLVM\bin" >> $GITHUB_ENV
echo "C:\Strawberry\perl\bin" >> $GITHUB_PATH
- name: Cache cargo files and outputs
if: ${{ ( ! startsWith(github.ref, 'refs/tags/v') ) && ( ! matrix.builds.cross ) && ( env.CARGO_CACHE ) }}
uses: Swatinem/rust-cache@v2
with:
key: ${{ matrix.builds.target }}
- name: Install and setup cargo cross
if: ${{ matrix.builds.cross }}
shell: bash
run: |
#cargo install cross
cargo install cross --git https://github.com/cross-rs/cross
echo "CARGO=cross" >> $GITHUB_ENV
- name: Install and setup cargo-auditable
if: ${{ false }}
# if: ${{ startsWith(github.ref, 'refs/tags/v') }}
shell: bash
run: |
cargo install cargo-auditable
echo "CARGO=${{ env.CARGO }} auditable" >> $GITHUB_ENV
echo "CARGO_OPTIONS=${{ env.CARGO_OPTIONS }} --release" >> $GITHUB_ENV
- name: Show command used for Cargo
shell: bash
run: |
echo "cargo command is: ${{ env.CARGO }}"
echo "cargo options is: ${{ env.CARGO_OPTIONS }}"
echo "cross flag: ${{ matrix.builds.cross }}"
- name: Build release binaries
shell: bash
run: |
${{ env.CARGO }} build ${{ env.CARGO_OPTIONS }} \
--target ${{ matrix.builds.target }} \
${{ env.TARGET_BINS }} \
${{ matrix.builds.flags }} --locked
- name: Sign Windows files with Trusted Certificate
if: ${{ ( startsWith(runner.os,'Windows') ) && ( env.AZURE_TENANT_ID != '' ) }}
env:
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
uses: azure/trusted-signing-action@v0.4.0
with:
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
endpoint: https://eus.codesigning.azure.net/
trusted-signing-account-name: Tari
certificate-profile-name: Tarilabs
files-folder: ${{ github.workspace }}/target/${{ matrix.builds.target }}/release/
files-folder-filter: exe,dll
file-digest: SHA256
timestamp-rfc3161: http://timestamp.acs.microsoft.com
timestamp-digest: SHA256
- name: Copy binaries to folder for archiving
shell: bash
run: |
# set -xo pipefail
mkdir -p "$GITHUB_WORKSPACE${TS_DIST}"
cd "$GITHUB_WORKSPACE${TS_DIST}"
BINFILE="${TS_FILENAME}-${TARI_VERSION}-${VSHA_SHORT}-${{ matrix.builds.name }}${TS_EXT}"
echo "BINFILE=${BINFILE}" >> $GITHUB_ENV
echo "Copying files for ${BINFILE} to $(pwd)"
echo "MTS_SOURCE=$(pwd)" >> $GITHUB_ENV
ls -alht "$GITHUB_WORKSPACE/target/${{ matrix.builds.target }}/release/"
ARRAY_FILES=( $(echo ${TS_FILES} | jq --raw-output '.[]' | awk '{ print $1 }') )
for FILE in "${ARRAY_FILES[@]}"; do
echo "checking for file - ${FILE}${TS_EXT}"
if [ -f "${GITHUB_WORKSPACE}/target/${{ matrix.builds.target }}/release/${FILE}${TS_EXT}" ]; then
cp -vf "${GITHUB_WORKSPACE}/target/${{ matrix.builds.target }}/release/${FILE}${TS_EXT}" .
fi
done
if [[ "${{ matrix.builds.target_libs }}" == "" ]]; then
ARRAY_LIBS=( $(echo ${TS_LIBRARIES} | tr ', ' '\n') )
else
ARRAY_LIBS=( $(echo "${{ matrix.builds.target_libs }}" | tr ', ' '\n') )
fi
for FILE in "${ARRAY_LIBS[@]}"; do
echo "checking for file - ${FILE}${TS_EXT}"
# Check on Nix for libs
if [ -f "${GITHUB_WORKSPACE}/target/${{ matrix.builds.target }}/release/lib${FILE}${LIB_EXT}" ]; then
cp -vf "${GITHUB_WORKSPACE}/target/${{ matrix.builds.target }}/release/lib${FILE}${LIB_EXT}" .
fi
# Check on Windows libs
if [ -f "${GITHUB_WORKSPACE}/target/${{ matrix.builds.target }}/release/${FILE}${LIB_EXT}" ]; then
cp -vf "${GITHUB_WORKSPACE}/target/${{ matrix.builds.target }}/release/${FILE}${LIB_EXT}" .
fi
done
ls -alhtR ${{ env.MTS_SOURCE }}
- name: Pre/unsigned OSX Artifact upload for Archive
if: ${{ false }}
# if: startsWith(runner.os,'macOS')
continue-on-error: true
uses: actions/upload-artifact@v4
with:
name: ${{ env.TS_FILENAME }}_unsigned-archive-${{ matrix.builds.name }}
path: "${{ env.MTS_SOURCE }}/*"
- name: Build the macOS pkg
if: ${{ false }}
# if: startsWith(runner.os,'macOS')
continue-on-error: true
env:
MACOS_KEYCHAIN_PASS: ${{ secrets.MACOS_KEYCHAIN_PASS }}
MACOS_APPLICATION_ID: ${{ secrets.MACOS_APPLICATION_ID }}
MACOS_APPLICATION_CERT: ${{ secrets.MACOS_APPLICATION_CERT }}
MACOS_APPLICATION_PASS: ${{ secrets.MACOS_APPLICATION_PASS }}
MACOS_INSTALLER_ID: ${{ secrets.MACOS_INSTALLER_ID }}
MACOS_INSTALLER_CERT: ${{ secrets.MACOS_INSTALLER_CERT }}
MACOS_INSTALLER_PASS: ${{ secrets.MACOS_INSTALLER_PASS }}
MACOS_NOTARIZE_USERNAME: ${{ secrets.MACOS_NOTARIZE_USERNAME }}
MACOS_NOTARIZE_PASSWORD: ${{ secrets.MACOS_NOTARIZE_PASSWORD }}
MACOS_ASC_PROVIDER: ${{ secrets.MACOS_ASC_PROVIDER }}
run: |
echo $MACOS_APPLICATION_CERT | base64 --decode > application.p12
echo $MACOS_INSTALLER_CERT | base64 --decode > installer.p12
security create-keychain -p $MACOS_KEYCHAIN_PASS build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p $MACOS_KEYCHAIN_PASS build.keychain
security import application.p12 -k build.keychain -P $MACOS_APPLICATION_PASS -T /usr/bin/codesign
security import installer.p12 -k build.keychain -P $MACOS_INSTALLER_PASS -T /usr/bin/pkgbuild
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $MACOS_KEYCHAIN_PASS build.keychain
if [[ "${{ matrix.builds.name }}" == "macos-arm64" ]]; then
echo "Add codesign extra args for ${{ matrix.builds.name }}"
OSX_CODESIGN_EXTRAS="--entitlements ${GITHUB_WORKSPACE}/applications/minotari_node/osx-pkg/entitlements.xml"
fi
cd buildtools
export target_release="target/${{ matrix.builds.target }}/release"
mkdir -p "${{ runner.temp }}/osxpkg"
export tarball_parent="${{ runner.temp }}/osxpkg"
export tarball_source="${{ env.TARI_NETWORK_DIR }}"
./create_osx_install_zip.sh unused nozip
ARRAY_FILES=( $(echo ${TS_FILES} | jq --raw-output '.[]' | awk '{ print $1 }') )
find "${GITHUB_WORKSPACE}/${target_release}" \
-name "randomx-*" -type f -perm -+x \
-exec cp -vf {} "${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}/runtime/" \;
FILES_DIAG_UTILS=( \
$(find "${GITHUB_WORKSPACE}/${target_release}" \
-name "randomx-*" -type f -perm -+x \
-exec sh -c 'echo "$(basename "{}")"' \; \
) \
)
ARRAY_FILES+=(${FILES_DIAG_UTILS[@]})
for FILE in "${ARRAY_FILES[@]}"; do
codesign --options runtime --force --verify --verbose --timestamp ${OSX_CODESIGN_EXTRAS} \
--prefix "${{ env.TS_BUNDLE_ID_BASE }}.${{ env.TS_FILENAME }}." \
--sign "Developer ID Application: $MACOS_APPLICATION_ID" \
"${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}/runtime/$FILE"
codesign --verify --deep --display --verbose=4 \
"${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}/runtime/$FILE"
cp -vf "${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}/runtime/$FILE" \
"${{ env.MTS_SOURCE }}"
done
distDirPKG=$(mktemp -d -t ${{ env.TS_FILENAME }})
echo "${distDirPKG}"
echo "distDirPKG=${distDirPKG}" >> $GITHUB_ENV
TS_Temp=${{ env.TS_FILENAME }}
TS_BUNDLE_ID_VALID_NAME=$(echo "${TS_Temp//_/-}")
# Strip apple-darwin
TS_ARCH=$(echo "${${{ matrix.builds.target }}//-apple-darwin/}")
pkgbuild --root "${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}" \
--identifier "${{ env.TS_BUNDLE_ID_BASE }}.pkg.${TS_BUNDLE_ID_VALID_NAME}" \
--version "${TARI_VERSION}" \
--install-location "/tmp/tari" \
--scripts "${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}/scripts" \
--sign "Developer ID Installer: ${MACOS_INSTALLER_ID}" \
"${distDirPKG}/${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg"
echo -e "Submitting to Apple...\n\n"
xcrun notarytool submit \
"${distDirPKG}/${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg" \
--apple-id "${MACOS_NOTARIZE_USERNAME}" \
--password ${MACOS_NOTARIZE_PASSWORD} \
--team-id ${MACOS_ASC_PROVIDER} \
--verbose --wait 2>&1 | tee -a notarisation.result
# Maybe use line from with "Processing complete"?
requestUUID=$(tail -n5 notarisation.result | grep "id:" | cut -d" " -f 4)
requestSTATUS=$(tail -n5 notarisation.result | grep "\ \ status:" | cut -d" " -f 4)
if [[ ${requestUUID} == "" ]] || [[ ${requestSTATUS} != "Accepted" ]]; then
echo "## status: ${requestSTATUS} - could not notarize - ${requestUUID} - ${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg"
exit 1
else
echo "Notarization RequestUUID: ${requestUUID}"
echo -e "\nStapling package...\
${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg\n"
xcrun stapler staple -v \
"${distDirPKG}/${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg"
fi
cd ${distDirPKG}
echo "Compute pkg shasum"
${SHARUN} "${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg" \
>> "${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg.sha256"
cat "${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg.sha256"
echo "Checksum verification for pkg is "
${SHARUN} --check "${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg.sha256"
- name: Artifact upload for macOS pkg
if: ${{ false }}
# if: startsWith(runner.os,'macOS')
continue-on-error: true
uses: actions/upload-artifact@v4
with:
name: ${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg
path: "${{ env.distDirPKG }}/${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}*.pkg*"
- name: Build the Windows installer
if: ${{ false }}
# if: startsWith(runner.os,'Windows')
continue-on-error: true
shell: cmd
run: |
cd buildtools
"%programfiles(x86)%\Inno Setup 6\iscc.exe" "/DMyAppVersion=${{ env.TARI_VERSION }}-${{ env.VSHA_SHORT }}-${{ matrix.builds.name }}-installer" "/DMinotariSuite=${{ env.TS_FILENAME }}" "/DTariSuitePath=${{ github.workspace }}${{ env.TS_DIST }}" "windows_inno_installer.iss"
cd Output
echo "Compute archive shasum"
${{ env.SHARUN }} "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}-${{ env.VSHA_SHORT }}-${{ matrix.builds.name }}-installer.exe" >> "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}-${{ env.VSHA_SHORT }}-${{ matrix.builds.name }}-installer.exe.sha256"
echo "Show the shasum"
cat "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}-${{ env.VSHA_SHORT }}-${{ matrix.builds.name }}-installer.exe.sha256"
echo "Checksum verification archive is "
${{ env.SHARUN }} --check "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}-${{ env.VSHA_SHORT }}-${{ matrix.builds.name }}-installer.exe.sha256"
- name: Artifact upload for Windows installer
if: ${{ false }}
# if: startsWith(runner.os,'Windows')
continue-on-error: true
uses: actions/upload-artifact@v4
with:
name: "${{ env.TS_FILENAME }}_windows_installer"
path: "${{ github.workspace }}/buildtools/Output/*"
- name: Archive and Checksum Binaries
shell: bash
run: |
echo "Archive ${{ env.BINFILE }} too ${{ env.BINFILE }}.zip"
cd "${{ env.MTS_SOURCE }}"
echo "Compute files shasum"
${SHARUN} * >> "${{ env.BINFILE }}.sha256"
echo "Show the shasum"
cat "${{ env.BINFILE }}.sha256"
echo "Checksum verification for files is "
${SHARUN} --check "${{ env.BINFILE }}.sha256"
7z a "${{ env.BINFILE }}.zip" *
echo "Compute archive shasum"
${SHARUN} "${{ env.BINFILE }}.zip" >> "${{ env.BINFILE }}.zip.sha256"
echo "Show the shasum"
cat "${{ env.BINFILE }}.zip.sha256"
echo "Checksum verification archive is "
${SHARUN} --check "${{ env.BINFILE }}.zip.sha256"
- name: Artifact upload for Archive
uses: actions/upload-artifact@v4
with:
name: ${{ env.TS_FILENAME }}_archive-${{ matrix.builds.name }}
path: "${{ github.workspace }}${{ env.TS_DIST }}/${{ env.BINFILE }}.zip*"
macOS-universal-assemble:
name: macOS universal assemble
needs: builds
env:
TARI_VERSION: ${{ needs.builds.outputs.TARI_VERSION }}
VSHA_SHORT: ${{ needs.builds.outputs.VSHA_SHORT }}
SHARUN: "shasum --algorithm 256"
continue-on-error: true
runs-on: macos-14
steps:
- name: Checkout source code
uses: actions/checkout@v4
- name: Download macOS binaries
uses: actions/download-artifact@v4
with:
path: osxuni
# macos - x86_64 / arm64
pattern: ${{ env.TS_FILENAME }}_archive-macos-*
merge-multiple: true
- name: Set environment variables for macOS universal
shell: bash
run: |
BINFN="${TS_FILENAME}-${TARI_VERSION}-${VSHA_SHORT}"
echo "BINFN=${BINFN}" >> $GITHUB_ENV
- name: Install macOS dependencies
shell: bash
run: |
brew install coreutils
- name: Verify checksums and extract
shell: bash
working-directory: osxuni
run: |
ls -alhtR
${SHARUN} --ignore-missing --check \
"${{ env.BINFN }}-macos-x86_64.zip.sha256"
${SHARUN} --ignore-missing --check \
"${{ env.BINFN }}-macos-arm64.zip.sha256"
ls -alhtR
mkdir macos-universal macos-x86_64 macos-arm64
cd macos-x86_64
7z e "../${{ env.BINFN }}-macos-x86_64.zip"
cd ../macos-arm64
7z e "../${{ env.BINFN }}-macos-arm64.zip"
- name: Assemble macOS universal binaries
shell: bash
working-directory: osxuni
run: |
ls -alhtR
ARRAY_FILES=( $(echo ${TS_FILES} | jq --raw-output '.[]' | awk '{ print $1 }') )
for FILE in "${ARRAY_FILES[@]}"; do
echo "processing binary file - ${FILE}"
lipo -create -output macos-universal/${FILE} \
macos-x86_64/${FILE} \
macos-arm64/${FILE}
done
ARRAY_LIBS=( $(echo ${TS_LIBRARIES} | tr ', ' '\n') )
for FILE in "${ARRAY_LIBS[@]}"; do
echo "processing library file - lib${FILE}.dylib"
lipo -create -output macos-universal/lib${FILE}.dylib \
macos-x86_64/lib${FILE}.dylib \
macos-arm64/lib${FILE}.dylib
done
ls -alhtR macos-universal
- name: Build the macOS universal pkg
continue-on-error: true
env:
MACOS_KEYCHAIN_PASS: ${{ secrets.MACOS_KEYCHAIN_PASS }}
MACOS_APPLICATION_ID: ${{ secrets.MACOS_APPLICATION_ID }}
MACOS_APPLICATION_CERT: ${{ secrets.MACOS_APPLICATION_CERT }}
MACOS_APPLICATION_PASS: ${{ secrets.MACOS_APPLICATION_PASS }}
MACOS_INSTALLER_ID: ${{ secrets.MACOS_INSTALLER_ID }}
MACOS_INSTALLER_CERT: ${{ secrets.MACOS_INSTALLER_CERT }}
MACOS_INSTALLER_PASS: ${{ secrets.MACOS_INSTALLER_PASS }}
MACOS_NOTARIZE_USERNAME: ${{ secrets.MACOS_NOTARIZE_USERNAME }}
MACOS_NOTARIZE_PASSWORD: ${{ secrets.MACOS_NOTARIZE_PASSWORD }}
MACOS_ASC_PROVIDER: ${{ secrets.MACOS_ASC_PROVIDER }}
run: |
echo $MACOS_APPLICATION_CERT | base64 --decode > application.p12
echo $MACOS_INSTALLER_CERT | base64 --decode > installer.p12
security create-keychain -p $MACOS_KEYCHAIN_PASS build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p $MACOS_KEYCHAIN_PASS build.keychain
security import application.p12 -k build.keychain -P $MACOS_APPLICATION_PASS -T /usr/bin/codesign
security import installer.p12 -k build.keychain -P $MACOS_INSTALLER_PASS -T /usr/bin/pkgbuild
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $MACOS_KEYCHAIN_PASS build.keychain
OSX_CODESIGN_EXTRAS="--entitlements ${GITHUB_WORKSPACE}/applications/minotari_node/osx-pkg/entitlements.xml"
cd buildtools
# export target_release="target/${{ matrix.builds.target }}/release"
# matrix.builds.target=macos-universal
# matrix.builds.name=macos-universal
export target_release="osxuni/macos-universal"
mkdir -p "${{ runner.temp }}/osxpkg"
export tarball_parent="${{ runner.temp }}/osxpkg"
export tarball_source="${{ env.TARI_NETWORK_DIR }}"
./create_osx_install_zip.sh unused nozip
ARRAY_FILES=( $(echo ${TS_FILES} | jq --raw-output '.[]' | awk '{ print $1 }') )
for FILE in "${ARRAY_FILES[@]}"; do
codesign --options runtime --force --verify --verbose --timestamp ${OSX_CODESIGN_EXTRAS} \
--prefix "${{ env.TS_BUNDLE_ID_BASE }}.${{ env.TS_FILENAME }}." \
--sign "Developer ID Application: $MACOS_APPLICATION_ID" \
"${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}/runtime/$FILE"
codesign --verify --deep --display --verbose=4 \
"${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}/runtime/$FILE"
cp -vf "${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}/runtime/$FILE" \
"${{ github.workspace }}/osxuni/macos-universal/"
done
distDirPKG=$(mktemp -d -t ${{ env.TS_FILENAME }})
echo "${distDirPKG}"
echo "distDirPKG=${distDirPKG}" >> $GITHUB_ENV
TS_Temp=${{ env.TS_FILENAME }}
TS_BUNDLE_ID_VALID_NAME=$(echo "${TS_Temp//_/-}")
TS_ARCH=universal
pkgbuild --root "${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}" \
--identifier "${{ env.TS_BUNDLE_ID_BASE }}.pkg.${TS_BUNDLE_ID_VALID_NAME}" \
--version "${TARI_VERSION}" \
--install-location "/tmp/tari" \
--scripts "${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}/scripts" \
--sign "Developer ID Installer: ${MACOS_INSTALLER_ID}" \
"${distDirPKG}/${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg"
echo -e "Submitting to Apple...\n\n"
xcrun notarytool submit \
"${distDirPKG}/${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg" \
--apple-id "${MACOS_NOTARIZE_USERNAME}" \
--password ${MACOS_NOTARIZE_PASSWORD} \
--team-id ${MACOS_ASC_PROVIDER} \
--verbose --wait 2>&1 | tee -a notarisation.result
# Maybe use line from with "Processing complete"?
requestUUID=$(tail -n5 notarisation.result | grep "id:" | cut -d" " -f 4)
requestSTATUS=$(tail -n5 notarisation.result | grep "\ \ status:" | cut -d" " -f 4)
if [[ ${requestUUID} == "" ]] || [[ ${requestSTATUS} != "Accepted" ]]; then
echo "## status: ${requestSTATUS} - could not notarize - ${requestUUID} - ${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg"
exit 1
else
echo "Notarization RequestUUID: ${requestUUID}"
echo -e "\nStapling package...\
${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg\n"
xcrun stapler staple -v \
"${distDirPKG}/${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg"
fi
cd ${distDirPKG}
echo "Compute pkg shasum"
${SHARUN} "${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg" \
>> "${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg.sha256"
cat "${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg.sha256"
echo "Checksum verification for pkg is "
${SHARUN} --check "${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg.sha256"
- name: Artifact upload for macOS universal pkg
if: startsWith(runner.os,'macOS')
continue-on-error: true
uses: actions/upload-artifact@v4
with:
name: ${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg
path: "${{ env.distDirPKG }}/${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}*.pkg*"
- name: Archive and Checksum macOS universal Binaries
shell: bash
working-directory: osxuni/macos-universal
run: |
# set -xo pipefail
BINFILE="${BINFN}-macos-universal"
echo "BINFILE=${BINFILE}" >> $GITHUB_ENV
echo "Archive ${BINFILE} into ${BINFILE}.zip"
echo "Compute files shasum into ${BINFILE}.sha256"
${SHARUN} * >> "${BINFILE}.sha256"
echo "Show the shasum"
cat "${BINFILE}.sha256"
echo "Checksum verification for files is "
${SHARUN} --check "${BINFILE}.sha256"
7z a "${BINFILE}.zip" *
echo "Compute archive shasum into ${BINFILE}.zip.sha256"
${SHARUN} "${BINFILE}.zip" >> "${BINFILE}.zip.sha256"
echo "Show the shasum from ${BINFILE}.zip.sha256"
cat "${BINFILE}.zip.sha256"
echo "Checksum verification archive is "
${SHARUN} --check "${BINFILE}.zip.sha256"
- name: Artifact upload for Archive
uses: actions/upload-artifact@v4
with:
name: ${{ env.TS_FILENAME }}_archive-macos-universal
path: "${{ github.workspace }}/osxuni/macos-universal/${{ env.BINFILE }}.zip*"
create-release:
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
runs-on: ubuntu-latest
needs: builds
env:
TARI_VERSION: ${{ needs.builds.outputs.TARI_VERSION }}
permissions:
contents: write
steps:
- name: Download binaries
uses: actions/download-artifact@v4
with:
path: ${{ env.TS_FILENAME }}
pattern: "${{ env.TS_FILENAME }}*"
merge-multiple: true
- name: Verify checksums and Prep Uploads
shell: bash
working-directory: ${{ env.TS_FILENAME }}
run: |
# set -xo pipefail
sudo apt-get update
sudo apt-get --no-install-recommends --assume-yes install dos2unix
ls -alhtR
if [ -f "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}.${{ env.TS_SIG_FN }}" ] ; then
rm -fv "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}.${{ env.TS_SIG_FN }}"
fi
# Merge all sha256 files into one
find . -name "*.sha256" -type f -print | xargs cat >> "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}.${{ env.TS_SIG_FN }}"
dos2unix --quiet "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}.${{ env.TS_SIG_FN }}"
cat "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}.${{ env.TS_SIG_FN }}"
sha256sum --ignore-missing --check "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}.${{ env.TS_SIG_FN }}"
ls -alhtR
- name: Create release
uses: ncipollo/release-action@v1
with:
artifacts: "${{ env.TS_FILENAME }}*/**/*"
token: ${{ secrets.GITHUB_TOKEN }}
prerelease: true
draft: true
allowUpdates: true
updateOnlyUnreleased: true
replacesArtifacts: true
- name: Sync assets to S3
continue-on-error: true
if: ${{ env.AWS_SECRET_ACCESS_KEY != '' && matrix.builds.runs-on != 'self-hosted' }}
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
S3CMD: "cp"
S3OPTIONS: '--recursive --exclude "*" --include "*.sha256*" --include "*.zip*" --include "*.pkg*" --include "*installer.exe*"'
shell: bash
working-directory: ${{ env.TS_FILENAME }}
run: |
echo "Upload processing ..."
ls -alhtR
echo "Clean up"
# Bash check if file with wildcards, does not work as expected
echo "Folder setup"
if ls ${{ env.TS_FILENAME }}*linux* > /dev/null 2>&1 ; then
mkdir -p "linux/${{ env.TARI_NETWORK_DIR }}/"
mv -v ${{ env.TS_FILENAME }}*linux* "linux/${{ env.TARI_NETWORK_DIR }}/"
fi
if ls ${{ env.TS_FILENAME }}*macos* > /dev/null 2>&1 ; then
mkdir -p "osx/${{ env.TARI_NETWORK_DIR }}/"
mv -v ${{ env.TS_FILENAME }}*macos* "osx/${{ env.TARI_NETWORK_DIR }}/"
fi
if ls ${{ env.TS_FILENAME }}*windows* > /dev/null 2>&1 ; then
mkdir -p "windows/${{ env.TARI_NETWORK_DIR }}/"
mv -v ${{ env.TS_FILENAME }}*windows* "windows/${{ env.TARI_NETWORK_DIR }}/"
fi
ls -alhtR
aws --version
echo "ls current"
aws s3 ls --region ${{ secrets.AWS_REGION }} \
s3://${{ secrets.AWS_S3_BUCKET }}/current/
echo "Upload current"
aws s3 ${{ env.S3CMD }} --region ${{ secrets.AWS_REGION }} \
. \
s3://${{ secrets.AWS_S3_BUCKET }}/current/ \
${{ env.S3OPTIONS }}