Publish scripts.

Author: sacherjj

.github/workflows/node_util.yml

@@ -0,0 +1,67 @@
+---
+name: publish-casper-sidecar-deb
+permissions:
+  contents: read
+  id-token: write
+
+on:
+  push:
+    tags:
+      - "v*.*.*"
+
+jobs:
+  publish_deb:
+    strategy:
+      matrix:
+        include:
+          - os: ubuntu-20.04
+            code_name: focal
+#          - os: ubuntu-22.04
+#            code_name: jammy
+#          - os: ubuntu-24.04
+#            code_name: noble
+
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b #v3.0.2
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ACCESS_ROLE_REPO }}
+          role-session-name: GitHub_to_AWS_via_FederatedOIDC
+          aws-region: ${{ secrets.AWS_ACCESS_REGION_REPO }}
+
+      - name: Install deps
+        run: |
+          echo "deb http://repo.aptly.info/ squeeze main" | sudo tee -a /etc/apt/sources.list.d/aptly.list
+          wget -qO - https://www.aptly.info/pubkey.txt | sudo apt-key add -
+          sudo apt-get update
+          sudo apt-get install -y aptly=1.4.0
+          aptly config show
+
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@c8bb57c57e8df1be8c73ff3d59deab1dbc00e0d1 #v5.1.0
+        with:
+          gpg_private_key: ${{ secrets.APTLY_GPG_KEY }}
+          passphrase: ${{ secrets.APTLY_GPG_PASS }}
+
+      - name: Build deb
+        run: ./ci/build_deb.sh
+
+      - name: Upload binaries to repo
+        env:
+          PLUGIN_REPO_NAME: ${{ secrets.AWS_BUCKET_REPO }}
+          PLUGIN_REGION: ${{ secrets.AWS_ACCESS_REGION_REPO }}
+          PLUGIN_GPG_KEY: ${{ secrets.APTLY_GPG_KEY }}
+          PLUGIN_GPG_PASS: ${{ secrets.APTLY_GPG_PASS }}
+          PLUGIN_ACL: 'private'
+          PLUGIN_PREFIX: 'releases'
+          PLUGIN_DEB_PATH: './artifacts'
+          PLUGIN_OS_CODENAME: ${{ matrix.code_name }}
+        run: ./ci/publish_deb_to_repo.sh
+
+      - name: Invalidate CloudFront cache
+        run: |
+          aws cloudfront create-invalidation --distribution-id ${{ secrets.AWS_CLOUDFRONT_REPO }} --paths "/*"

.github/workflows/publish-casper-node-util-deb.yml

@@ -0,0 +1,45 @@
+---
+name: push-artifacts
+permissions:
+  contents: read
+  id-token: write
+
+on:
+  push:
+    branches:
+      - dev
+      - 'feat-**'
+      - 'release-**'
+
+jobs:
+  push_artifacts:
+    strategy:
+      matrix:
+        include:
+          - os: ubuntu-24.04
+            code_name: noble
+
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b #v3.0.2
+
+      # Assign AWS PROD role to get access to production cloudfronts and S3 buckets
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ACCESS_ROLE_GENESIS }}
+          role-session-name: GitHub_to_AWS_via_FederatedOIDC
+          aws-region: ${{ secrets.AWS_ACCESS_REGION_GENESIS }}
+
+
+      - name: Build artifacts
+        run: ./ci/build_artifacts_for_upload.sh
+
+      - name: Upload artifacts to S3
+        run: aws s3 sync ./artifacts/ s3://${{ secrets.AWS_BUCKET_GENESIS }}/artifacts/casper-node-util/$(git rev-parse HEAD)/
+
+      # Required in case of overwrite
+      - name: Invalidate CloudFront cache
+        run: aws cloudfront create-invalidation --distribution-id ${{ secrets.AWS_CLOUDFRONT_GENESIS }} --paths "/artifacts/casper-node-util/$(git rev-parse HEAD)/*"
+

.github/workflows/push-artifacts.yml

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+# This script will build
+#  - debian package
+#  - version.json
+# in target/artifacts
+
+set -e
+
+if command -v jq >&2; then
+  echo "jq installed"
+else
+  echo "ERROR: jq is not installed and required"
+  exit 1
+fi
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." >/dev/null 2>&1 && pwd)"
+ARTIFACTS_DIR="$ROOT_DIR/artifacts/"
+GIT_HASH=$(git rev-parse HEAD)
+BRANCH_NAME=$(git branch --show-current)
+SCRIPT_VERSION=$(cat "$ROOT_DIR/VERSION")
+
+echo "Copying debian to artifacts"
+./build_deb.sh
+
+echo "Copying script to artifacts"
+cp "$ROOT_DIR/casper-node-util/usr/bin/casper-node-util" "$ARTIFACTS_DIR/casper-node-util"
+
+echo "Building version.json"
+jq --null-input \
+--arg	branch "$BRANCH_NAME" \
+--arg version "$SIDECAR_VERSION" \
+--arg ghash "$GIT_HASH" \
+--arg now "$(jq -nr 'now | strftime("%Y-%m-%dT%H:%M:%SZ")')" \
+--arg files "$(ls "$ARTIFACTS_DIR" | jq -nRc '[inputs]')" \
+'{"branch": $branch, "version": $version, "git-hash": $ghash, "timestamp": $now, "files": $files}' \
+> "$ARTIFACTS_DIR/version.json"

build_deb.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+cd ..
+mkdir -p artifacts
+dpkg-deb --build casper-node-util "./artifacts/casper-node-util-$(cat VERSION).deb"

ci/build_artifacts_for_upload.sh

@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+set -e
+
+# Verify all variables are present
+if [[ -z $PLUGIN_GPG_KEY || -z $PLUGIN_GPG_PASS || -z $PLUGIN_REGION \
+        || -z $PLUGIN_REPO_NAME || -z $PLUGIN_ACL || -z $PLUGIN_PREFIX \
+        || -z $PLUGIN_DEB_PATH || -z $PLUGIN_OS_CODENAME ]]; then
+    echo "ERROR: Environment Variable Missing!"
+    exit 1
+fi
+
+# Verify if its the first time publishing. Will need to know later.
+# Probably an easier way to do this check :)
+EXISTS_RET=$(aws s3 ls s3://"$PLUGIN_REPO_NAME"/releases/dists/ --region "$PLUGIN_REGION" | grep "$PLUGIN_OS_CODENAME") || EXISTS_RET="false"
+
+# Sanity Check for later
+if [ "$EXISTS_RET" = "false" ]; then
+    echo "First time uploading repo!"
+else
+    echo "Repo Exists! Defaulting to publish update..."
+fi
+
+### APTLY SECTION
+
+# Move old config file to use in jq query
+mv ~/.aptly.conf ~/.aptly.conf.orig
+
+# Inject ENV Variables and save as .aptly.conf
+jq --arg region "$PLUGIN_REGION" --arg bucket "$PLUGIN_REPO_NAME" --arg acl "$PLUGIN_ACL" --arg prefix "$PLUGIN_PREFIX"   '.S3PublishEndpoints[$bucket] = {"region":$region, "bucket":$bucket, "acl": $acl, "prefix": $prefix}' ~/.aptly.conf.orig > ~/.aptly.conf
+
+# If aptly repo DOESNT exist locally already
+if [ ! "$(aptly repo list | grep $PLUGIN_OS_CODENAME)" ]; then
+    aptly repo create -distribution="$PLUGIN_OS_CODENAME" -component=main "release-$PLUGIN_OS_CODENAME"
+fi
+
+# If aptly mirror DOESNT exist locally already
+if [ ! "$(aptly mirror list | grep $PLUGIN_OS_CODENAME)" ] && [ ! "$EXISTS_RET" = "false" ] ; then
+    aptly mirror create -ignore-signatures "local-repo-$PLUGIN_OS_CODENAME" https://"${PLUGIN_REPO_NAME}"/"${PLUGIN_PREFIX}"/ "${PLUGIN_OS_CODENAME}" main
+fi
+
+# When it's not the first time uploading.
+if [ ! "$EXISTS_RET" = "false" ]; then
+    aptly mirror update -ignore-signatures "local-repo-$PLUGIN_OS_CODENAME"
+    # Found an article that said using 'Name' will select all packages for us
+    aptly repo import "local-repo-$PLUGIN_OS_CODENAME" "release-$PLUGIN_OS_CODENAME" Name
+fi
+
+# Add .debs to the local repo
+aptly repo add -force-replace "release-$PLUGIN_OS_CODENAME" "$PLUGIN_DEB_PATH"/*.deb
+
+# Publish to S3
+if [ ! "$(aptly publish list | grep $PLUGIN_REPO_NAME | grep $PLUGIN_OS_CODENAME)" ]; then
+    # If the repo is new
+    aptly publish repo -batch -force-overwrite -passphrase="$PLUGIN_GPG_PASS" "release-$PLUGIN_OS_CODENAME" s3:"${PLUGIN_REPO_NAME}":
+else
+    # If the repo exists
+    aptly publish update -batch -force-overwrite -passphrase="$PLUGIN_GPG_PASS" "$PLUGIN_OS_CODENAME" s3:"${PLUGIN_REPO_NAME}":
+fi