Skip to content

fix(ci): remove nixbuild build step #47

fix(ci): remove nixbuild build step

fix(ci): remove nixbuild build step #47

name: Release Component
on:
push:
# tags: ['*/v[0-9]+\.[0-9]+\.[0-9]+\-rc[0-9]+', '*/v[0-9]+\.[0-9]+\.[0-9]+']
jobs:
eval-tag:
runs-on: ubuntu-latest
outputs:
build: ${{ steps.eval.outputs.BUILD }}
component: ${{ steps.eval.outputs.COMPONENT }}
image-produced: ${{ steps.eval.outputs.IMAGE_PRODUCED}}
version: ${{ steps.eval.outputs.VERSION }}
systems: ${{ steps.eval.outputs.SYSTEMS }}
archive: ${{ steps.eval.outputs.ARCHIVE }}
steps:
- id: eval
env:
# TAG: ${{github.ref_name}}
TAG: bundle-testnet-9
run: |
component="${TAG%/*}"
case $component in
bundle-testnet-9)
attrs="[\"bundle-testnet-9\", \"bundle-testnet-9-image\"]"
systems="[\"x86_64-linux\", \"aarch64-linux\"]"
echo "COMPONENT=$component" >> $GITHUB_OUTPUT
echo "IMAGE_PRODUCED=true" >> $GITHUB_OUTPUT
echo "SYSTEMS=$systems" >> $GITHUB_OUTPUT
echo "ARCHIVE=true" >> $GITHUB_OUTPUT
;;
cometbls-light-client)
attrs="[\"cometbls-light-client\"]"
systems="[\"x86_64-linux\"]"
echo "COMPONENT=$component" >> $GITHUB_OUTPUT
echo "SYSTEMS=$systems" >> $GITHUB_OUTPUT
echo "ARCHIVE=true" >> $GITHUB_OUTPUT
;;
ucs01-relay)
attrs="[\"ucs01-relay\"]"
systems="[\"x86_64-linux\"]"
echo "COMPONENT=$component" >> $GITHUB_OUTPUT
echo "SYSTEMS=$systems" >> $GITHUB_OUTPUT
echo "ARCHIVE=true" >> $GITHUB_OUTPUT
;;
uniond)
attrs="[\"uniond-release\", \"uniond-release-image\"]"
systems="[\"x86_64-linux\", \"aarch64-linux\"]"
echo "COMPONENT=uniond-release" >> $GITHUB_OUTPUT
echo "IMAGE_PRODUCED=true" >> $GITHUB_OUTPUT
echo "SYSTEMS=$systems" >> $GITHUB_OUTPUT
;;
voyager)
attrs="[\"voyager\"]"
systems="[\"x86_64-linux\", \"aarch64-linux\"]"
echo "COMPONENT=$component" >> $GITHUB_OUTPUT
echo "SYSTEMS=$systems" >> $GITHUB_OUTPUT
;;
evm-contracts)
attrs="[\"evm-contracts\"]"
systems="[\"x86_64-linux\"]"
echo "COMPONENT=$component" >> $GITHUB_OUTPUT
echo "SYSTEMS=$systems" >> $GITHUB_OUTPUT
echo "ARCHIVE=true" >> $GITHUB_OUTPUT
;;
*)
echo "Invalid tag $TAG"
exit 1
;;
esac
echo "BUILD=(.top_attr == \"packages\") \
and ([.system] | inside($systems) ) \
and ([.attr] | inside($attrs))" >> $GITHUB_OUTPUT
echo "VERSION=${TAG##*/}" >> $GITHUB_OUTPUT
download-images-x86_64:
if: ${{ needs.eval-tag.outputs.image-produced }}
needs: [build, eval-tag]

Check failure on line 79 in .github/workflows/release-component.yml

View workflow run for this annotation

GitHub Actions / Release Component

Invalid workflow file

The workflow is not valid. .github/workflows/release-component.yml (Line: 79, Col: 13): Job 'download-images-x86_64' depends on unknown job 'build'. .github/workflows/release-component.yml (Line: 104, Col: 13): Job 'download-images-aarch64' depends on unknown job 'build'.
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
with:
lfs: true
- uses: nixbuild/nix-quick-install-action@v28
with:
nix_conf: |
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g= union.cachix.org-1:TV9o8jexzNVbM1VNBOq9fu8NK+hL6ZhOyOh0quATy+M=
trusted-substituters = https://cache.nixos.org https://cache.garnix.io https://union.cachix.org
- name: Fetch from Cache
env:
COMPONENT: ${{ needs.eval-tag.outputs.component }}
run: |
nix build .#packages.x86_64-linux."$COMPONENT"
cp -Lr result x86_64-linux.${{ needs.eval-tag.outputs.component }}-image
exit 1
- uses: actions/upload-artifact@v4
with:
name: x86_64-linux.${{ needs.eval-tag.outputs.component }}-image
path: x86_64-linux.${{ needs.eval-tag.outputs.component }}-image
download-images-aarch64:
if: ${{ needs.eval-tag.outputs.image-produced }}
needs: [build, eval-tag]
runs-on: ubuntu-24.04-arm
steps:
- uses: actions/checkout@v4
with:
lfs: true
- uses: nixbuild/nix-quick-install-action@v28
with:
nix_conf: |
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g= union.cachix.org-1:TV9o8jexzNVbM1VNBOq9fu8NK+hL6ZhOyOh0quATy+M=
trusted-substituters = https://cache.nixos.org https://cache.garnix.io https://union.cachix.org
- name: Fetch from Cache
env:
COMPONENT: ${{ needs.eval-tag.outputs.component }}
run: |
nix build .#packages.aarch64-linux."$COMPONENT"
cp -Lr result aarch64-linux."$COMPONENT"-image
exit 1
- uses: actions/upload-artifact@v4
with:
name: aarch64-linux.${{ needs.eval-tag.outputs.component }}-image
path: aarch64-linux.${{ needs.eval-tag.outputs.component }}-image
download-binaries-x86_64:
needs: [build, eval-tag]
runs-on: ubuntu-24.04
strategy:
matrix:
system: ${{ fromJSON(needs.eval-tag.outputs.systems) }}
steps:
- uses: actions/download-artifact@v4
with:
name: packages.${{ matrix.system }}.${{ needs.eval-tag.outputs.component }}
- uses: nixbuild/nix-quick-install-action@v28
- uses: nixbuild/nixbuild-action@812f1ab2b51842b0d44b9b79574611502d6940a0
with:
nixbuild_token: ${{ secrets.nixbuild_token }}
- env:
ARCHIVE: ${{ needs.eval-tag.outputs.archive }}
COMPONENT: ${{ needs.eval-tag.outputs.component }}
SYSTEM: ${{ matrix.system }}
run: |
exit 1
mkdir "$SYSTEM"
echo "Getting OUTPUT and NARINFO_NAME"
OUTPUT=$(jq -r \
--arg component "$COMPONENT" \
--arg system "$SYSTEM" \
'.packages[$system][$component].outputs.out' result.json)
NARINFO_NAME=$(basename "$OUTPUT" | cut -d'-' -f1)
echo "Copying $OUTPUT from nixbuild.net"
nix copy --to "file://$(pwd)/$SYSTEM" --from ssh-ng://eu.nixbuild.net "$OUTPUT" --extra-experimental-features nix-command
echo "Get the NAR_URL"
nar_url_line=$(cat "./$SYSTEM/$NARINFO_NAME.narinfo" | grep "URL:")
NAR_URL=$(echo "$nar_url_line" | cut -d " " -f 2-)
echo "Restore the package from the NAR_URL archive"
cat "$SYSTEM/$NAR_URL" | xz -dc | nix-store --restore "$SYSTEM.$COMPONENT"
if [[ "$COMPONENT" =~ uniond-release ]]
then
mv "$SYSTEM.$COMPONENT"/bin/uniond "$COMPONENT-$SYSTEM"
elif [[ $ARCHIVE ]]
then
ls -la
tar -zcf "$COMPONENT-$SYSTEM" "$SYSTEM.$COMPONENT"
else
mv "$SYSTEM.$COMPONENT/bin/$COMPONENT" "$COMPONENT-$SYSTEM"
fi
- uses: actions/upload-artifact@v4
with:
name: ${{ needs.eval-tag.outputs.component }}-${{ matrix.system }}
path: ${{ needs.eval-tag.outputs.component }}-${{ matrix.system }}
release-images:
needs: [download-images-x86_64, eval-tag]
if: ${{ needs.eval-tag.outputs.image-produced }}
runs-on: ubuntu-latest
permissions:
packages: write
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
- uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Download aarch64-linux.${{ needs.eval-tag.outputs.component }}-image
uses: actions/download-artifact@v4
with:
name: aarch64-linux.${{ needs.eval-tag.outputs.component }}-image
- name: Download x86_64-linux.${{ needs.eval-tag.outputs.component }}-image
uses: actions/download-artifact@v4
with:
name: x86_64-linux.${{ needs.eval-tag.outputs.component }}-image
- name: Tag Docker Images
env:
COMPONENT: ${{ needs.eval-tag.outputs.component }}
TAG: ${{ needs.eval-tag.outputs.version }}
run: |
echo "Entering for loop"
for arch in 'aarch64-linux' 'x86_64-linux'
do
echo "Tagging $COMPONENT for $arch"
dockerstring=$(docker load < $arch.$COMPONENT-image)
dockerstring=$(echo ${dockerstring##*':'})
echo "Getting image ID for $dockerstring"
imageid=$(docker images --format "{{.ID}}:{{.Tag}}" | grep $dockerstring)
imageid=$(echo ${imageid%%':'*})
echo "Tagging image"
docker tag "$imageid" "localhost:5000/unionlabs/$COMPONENT:$TAG-$arch"
echo "$COMPONENT for $arch is tagged"
docker push "localhost:5000/unionlabs/$COMPONENT:$TAG-$arch"
echo "localhost:5000/unionlabs/$COMPONENT:$TAG-$arch is pushed"
done
- name: Create Manifest
env:
COMPONENT: ${{ needs.eval-tag.outputs.component }}
TAG: ${{ needs.eval-tag.outputs.version }}
run: |
docker pull "localhost:5000/unionlabs/$COMPONENT:$TAG-aarch64-linux"
docker pull "localhost:5000/unionlabs/$COMPONENT:$TAG-x86_64-linux"
docker manifest create --insecure \
"localhost:5000/unionlabs/$COMPONENT:$TAG" \
--amend "localhost:5000/unionlabs/$COMPONENT:$TAG-aarch64-linux" \
--amend "localhost:5000/unionlabs/$COMPONENT:$TAG-x86_64-linux" \
- name: Push Manifest to Local Registry
env:
COMPONENT: ${{ needs.eval-tag.outputs.component }}
TAG: ${{ needs.eval-tag.outputs.version }}
run: docker manifest push "localhost:5000/unionlabs/$COMPONENT:$TAG"
- uses: actions/checkout@v4
with:
lfs: true
fetch-depth: 0
token: ${{ secrets.GITHUB_TOKEN }}
- name: Annotate Manifest
env:
COMPONENT: ${{ needs.eval-tag.outputs.component }}
TAG: ${{ needs.eval-tag.outputs.version }}
run: |
curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 >regctl
chmod 755 regctl && sudo cp ./regctl /usr/bin
echo "downloaded & installed regctl"
regctl registry set --tls disabled localhost:5000
regctl image mod "localhost:5000/unionlabs/$COMPONENT:$TAG" --to-oci --create "$TAG" --annotation org.opencontainers.image.description="$(cat "$GITHUB_WORKSPACE/.github/container-descriptions/$COMPONENT.txt")"
- uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Copy Manifest to GHCR
env:
COMPONENT: ${{ needs.eval-tag.outputs.component }}
TAG: ${{ needs.eval-tag.outputs.version }}
run: |
wget https://github.com/rapidsai/skopeo/releases/download/v1.12/skopeo-linux-amd64 -O ./skopeo
chmod +x ./skopeo && sudo cp ./skopeo /usr/bin
echo "downloaded & installed skopeo"
skopeo copy --multi-arch=all --insecure-policy --src-tls-verify=false "docker://localhost:5000/unionlabs/$COMPONENT:$TAG" "docker://ghcr.io/unionlabs/$COMPONENT:$TAG"
echo "Copied $COMPONENT:$TAG multi-arch to GHCR"
public-release:
needs: [download-binaries-x86_64, eval-tag]
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@v4
- id: prep-artifacts
env:
COMPONENT: ${{ needs.eval-tag.outputs.component }}
ARCHIVE: ${{ needs.eval-tag.outputs.archive }}
SYSTEMS: ${{ needs.eval-tag.outputs.systems }}
run: |
echo "# sha256 Checksums" >> release.md
x86_64=$(echo "$SYSTEMS" | jq 'contains(["x86_64-linux"])')
aarch64=$(echo "$SYSTEMS" | jq 'contains(["aarch64-linux"])')
if [[ $ARCHIVE ]]; then
if [[ $x86_64 = true ]]; then
echo "Renaming x86_64-linux archive"
comp_x86_64="$COMPONENT-x86_64-linux"
comp_x86_64_archive="$comp_x86_64.tar.gz"
echo "- $(cd "$comp_x86_64" && mv "$comp_x86_64" "$comp_x86_64_archive" && sha256sum "$comp_x86_64_archive")" >> release.md
fi
if [[ $aarch64 = true ]]; then
echo "Renaming aarch64-linux archive"
comp_aarch64="$COMPONENT-aarch64-linux"
comp_aarch64_archive="$comp_aarch64.tar.gz"
echo "- $(cd "$comp_aarch64" && mv "$comp_aarch64" "$comp_aarch64_archive" && sha256sum "$comp_aarch64_archive")" >> release.md
fi
echo "Setting archive output"
echo "FILES=**/$COMPONENT-*.tar.gz" >> $GITHUB_OUTPUT
else
if [[ $x86_64 = true ]]; then
echo "Renaming x86_64-linux binary"
comp_x86_64="$COMPONENT-x86_64-linux"
echo "- $(cd "$comp_x86_64" && sha256sum "$comp_x86_64")" >> release.md
fi
if [[ $aarch64 = true ]]; then
echo "Renaming aarch64-linux binary"
comp_aarch64="$COMPONENT-aarch64-linux"
echo "- $(cd "$comp_aarch64" && sha256sum "$comp_aarch64")" >> release.md
fi
echo "Setting binary output"
echo "FILES=**/$COMPONENT-*" >> $GITHUB_OUTPUT
fi
tree
- uses: softprops/action-gh-release@v2
with:
body_path: release.md
prerelease: false
repository: unionlabs/union
token: ${{ secrets.UNION_RELEASES_PAT }}
name: ${{needs.eval-tag.outputs.component}} ${{needs.eval-tag.outputs.version}}
tag_name: ${{ needs.eval-tag.outputs.version }}
fail_on_unmatched_files: true
files: ${{ steps.prep-artifacts.outputs.FILES }}