Skip to content

Commit

Permalink
Fix release docker image GHA (#3547)
Browse files Browse the repository at this point in the history
This PR add extra checks for the input fields in the GHA which does the
docker image build and publishing.
  • Loading branch information
EgorPopelyaev authored Mar 11, 2024
1 parent bbaa5a3 commit a6713c5
Show file tree
Hide file tree
Showing 3 changed files with 107 additions and 15 deletions.
96 changes: 93 additions & 3 deletions .github/scripts/common/lib.sh
Original file line number Diff line number Diff line change
Expand Up @@ -237,6 +237,61 @@ fetch_release_artifacts() {
popd > /dev/null
}

# Fetch the release artifacts like binary and sigantures from S3. Assumes the ENV are set:
# - RELEASE_ID
# - GITHUB_TOKEN
# - REPO in the form paritytech/polkadot
fetch_release_artifacts_from_s3() {
echo "Version : $VERSION"
echo "Repo : $REPO"
echo "Binary : $BINARY"
OUTPUT_DIR=${OUTPUT_DIR:-"./release-artifacts/${BINARY}"}
echo "OUTPUT_DIR : $OUTPUT_DIR"

URL_BASE=$(get_s3_url_base $BINARY)
echo "URL_BASE=$URL_BASE"

URL_BINARY=$URL_BASE/$VERSION/$BINARY
URL_SHA=$URL_BASE/$VERSION/$BINARY.sha256
URL_ASC=$URL_BASE/$VERSION/$BINARY.asc

# Fetch artifacts
mkdir -p "$OUTPUT_DIR"
pushd "$OUTPUT_DIR" > /dev/null

echo "Fetching artifacts..."
for URL in $URL_BINARY $URL_SHA $URL_ASC; do
echo "Fetching %s" "$URL"
curl --progress-bar -LO "$URL" || echo "Missing $URL"
done

pwd
ls -al --color
popd > /dev/null

}

# Pass the name of the binary as input, it will
# return the s3 base url
function get_s3_url_base() {
name=$1
case $name in
polkadot | polkadot-execute-worker | polkadot-prepare-worker | staking-miner)
printf "https://releases.parity.io/polkadot"
;;

polkadot-parachain)
printf "https://releases.parity.io/cumulus"
;;

*)
printf "UNSUPPORTED BINARY $name"
exit 1
;;
esac
}


# Check the checksum for a given binary
function check_sha256() {
echo "Checking SHA256 for $1"
Expand All @@ -248,13 +303,11 @@ function check_sha256() {
function import_gpg_keys() {
GPG_KEYSERVER=${GPG_KEYSERVER:-"keyserver.ubuntu.com"}
SEC="9D4B2B6EB8F97156D19669A9FF0812D491B96798"
WILL="2835EAF92072BC01D188AF2C4A092B93E97CE1E2"
EGOR="E6FC4D4782EB0FA64A4903CCDB7D3555DD3932D3"
MARA="533C920F40E73A21EEB7E9EBF27AEA7E7594C9CF"
MORGAN="2E92A9D8B15D7891363D1AE8AF9E6C43F7F8C4CF"

echo "Importing GPG keys from $GPG_KEYSERVER in parallel"
for key in $SEC $WILL $EGOR $MARA $MORGAN; do
for key in $SEC $EGOR $MORGAN; do
(
echo "Importing GPG key $key"
gpg --no-tty --quiet --keyserver $GPG_KEYSERVER --recv-keys $key
Expand Down Expand Up @@ -344,3 +397,40 @@ function find_runtimes() {
done
echo $JSON
}

# Filter the version matches the particular pattern and return it.
# input: version (v1.8.0 or v1.8.0-rc1)
# output: none
filter_version_from_input() {
version=$1
regex="(^v[0-9]+\.[0-9]+\.[0-9]+)$|(^v[0-9]+\.[0-9]+\.[0-9]+-rc[0-9]+)$"

if [[ $version =~ $regex ]]; then
if [ -n "${BASH_REMATCH[1]}" ]; then
echo "${BASH_REMATCH[1]}"
elif [ -n "${BASH_REMATCH[2]}" ]; then
echo "${BASH_REMATCH[2]}"
fi
else
echo "Invalid version: $version"
exit 1
fi

}

# Check if the release_id is valid number
# input: release_id
# output: release_id or exit 1
check_release_id() {
input=$1

release_id=$(echo "$input" | sed 's/[^0-9]//g')

if [[ $release_id =~ ^[0-9]+$ ]]; then
echo "$release_id"
else
echo "Invalid release_id from input: $input"
exit 1
fi

}
16 changes: 11 additions & 5 deletions .github/workflows/release-50_publish-docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ on:
-H "Authorization: Bearer ${GITHUB_TOKEN}" https://api.github.com/repos/$OWNER/$REPO/releases | \
jq '.[] | { name: .name, id: .id }'
required: true
type: string
type: number

registry:
description: Container registry
Expand All @@ -61,7 +61,6 @@ permissions:
contents: write

env:
RELEASE_ID: ${{ inputs.release_id }}
ENGINE: docker
REGISTRY: ${{ inputs.registry }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand All @@ -71,6 +70,7 @@ env:
# EVENT_ACTION: ${{ github.event.action }}
EVENT_NAME: ${{ github.event_name }}
IMAGE_TYPE: ${{ inputs.image_type }}
VERSION: ${{ inputs.version }}

jobs:
fetch-artifacts: # this job will be triggered for the polkadot-parachain rc and release or polkadot rc image build
Expand All @@ -95,13 +95,16 @@ jobs:
# chmod a+x $BINARY
# ls -al

- name: Fetch rc artifacts or release artifacts based on release id
- name: Fetch rc artifacts or release artifacts from s3 based on version
#this step runs only if the workflow is triggered manually
if: ${{ env.EVENT_NAME == 'workflow_dispatch' }}
run: |
. ./.github/scripts/common/lib.sh
fetch_release_artifacts
VERSION=$(filter_version_from_input "${{ inputs.version }}")
echo "VERSION=${VERSION}" >> $GITHUB_ENV
fetch_release_artifacts_from_s3
- name: Cache the artifacts
uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
Expand Down Expand Up @@ -147,7 +150,10 @@ jobs:
if: ${{ env.IMAGE_TYPE == 'rc' }}
id: fetch_rc_refs
run: |
release=release-${{ inputs.release_id }} && \
. ./.github/scripts/common/lib.sh
RELEASE_ID=$(check_release_id "${{ inputs.release_id }}")
release=release-$RELEASE_ID && \
echo "release=${release}" >> $GITHUB_OUTPUT
commit=$(git rev-parse --short HEAD) && \
Expand Down
10 changes: 3 additions & 7 deletions .github/workflows/release-99_notif-published.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,6 @@ jobs:
- name: "RelEng: Polkadot Release Coordination"
room: '!cqAmzdIcbOFwrdrubV:parity.io'
pre-release: true
- name: 'General: Rust, Polkadot, Substrate'
room: '!aJymqQYtCjjqImFLSb:parity.io'
pre-release: false
- name: 'Team: DevOps'
room: '!lUslSijLMgNcEKcAiE:parity.io'
pre-release: true

# External
- name: 'Ledger <> Polkadot Coordination'
Expand All @@ -48,7 +42,9 @@ jobs:
access_token: ${{ secrets.RELEASENOTES_MATRIX_V2_ACCESS_TOKEN }}
server: m.parity.io
message: |
A (pre)release has been ${{github.event.action}} in **${{github.event.repository.full_name}}:**<br/>
@room
A new node release has been ${{github.event.action}} in **${{github.event.repository.full_name}}:**<br/>
Release version: [${{github.event.release.tag_name}}](${{github.event.release.html_url}})
-----
Expand Down

0 comments on commit a6713c5

Please sign in to comment.