Skip to content

deploy

deploy #5556

Workflow file for this run

# Smoldot
# Copyright (C) 2019-2022 Parity Technologies (UK) Ltd.
# SPDX-License-Identifier: GPL-3.0-or-later WITH Classpath-exception-2.0
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
name: deploy
on:
pull_request: # All deployment steps are tested on PRs, but the actual deployment doesn't happen.
merge_group:
push:
branches:
- main
# TODO: improve the security of this module
permissions: read-all
jobs:
build-push-docker-image:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
- uses: actions/checkout@v4
- uses: docker/login-action@v3
# This `if` adds an additional safety against accidental pushes.
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: docker/[email protected]
with:
context: .
file: ./full-node/Dockerfile
load: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
tags: ghcr.io/smol-dot/full-node:main
- run: docker push ghcr.io/smol-dot/full-node:main
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
build-js-doc:
runs-on: ubuntu-latest
container:
image: rust:1.77
steps:
- uses: actions/checkout@v4
with:
path: repo
- run: rustup target add wasm32-unknown-unknown
- uses: actions/[email protected]
with:
node-version: current
- run: npm install
working-directory: ./repo/wasm-node/javascript
- uses: Swatinem/rust-cache@v2
with:
workspaces: ./repo -> target
- run: npm run doc
working-directory: ./repo/wasm-node/javascript
- run: |
mkdir -p ./doc
mv ./repo/wasm-node/javascript/dist/doc/* ./doc
- uses: actions/upload-artifact@v4
with:
name: javascript-documentation
path: ./doc/
build-rust-doc:
runs-on: ubuntu-latest
container:
image: rust:1.77
steps:
- uses: actions/checkout@v4
with:
path: repo
- uses: Swatinem/rust-cache@v2
with:
workspaces: ./repo -> target
- run: cargo doc --verbose --all-features --no-deps --package smoldot --package smoldot-light --package smoldot-full-node
working-directory: ./repo
- run: |
mkdir -p ./doc
mv ./repo/target/doc/* ./doc
- uses: actions/upload-artifact@v4
with:
name: rust-documentation
path: ./doc/
build-tests-coverage:
runs-on: ubuntu-latest
container:
image: rust:1.77
steps:
- run: apt update && apt install -y jq
- run: rustup component add llvm-tools-preview
- uses: actions/checkout@v4
with:
path: repo
- uses: Swatinem/rust-cache@v2
with:
workspaces: ./repo -> target
- run: |
mkdir -p ../coverage
RUSTFLAGS="-C instrument-coverage" LLVM_PROFILE_FILE="`pwd`/../coverage/default_%m_%p.profraw" cargo test --workspace --tests
RUSTFLAGS="-C instrument-coverage" cargo test --workspace --tests --no-run --message-format=json | jq -r "select(.profile.test == true) | .filenames[]" | grep -v dSYM > ../coverage/binaries-list
working-directory: ./repo
- run: |
`rustc --print sysroot`/lib/rustlib/x86_64-unknown-linux-gnu/bin/llvm-profdata merge -sparse ./coverage/default_*.profraw -o ./coverage/tests-coverage.profdata
`rustc --print sysroot`/lib/rustlib/x86_64-unknown-linux-gnu/bin/llvm-cov show --format=html --output-dir=./html-out --instr-profile=./coverage/tests-coverage.profdata --ignore-filename-regex='cargo/registry' --ignore-filename-regex='/rustc/' --show-instantiations --show-line-counts-or-regions $(for file in `cat ./coverage/binaries-list`; do printf "%s %s " -object $file; done)
`rustc --print sysroot`/lib/rustlib/x86_64-unknown-linux-gnu/bin/llvm-cov report --instr-profile=./coverage/tests-coverage.profdata --ignore-filename-regex='cargo/registry' --ignore-filename-regex='/rustc/' $(for file in `cat ./coverage/binaries-list`; do printf "%s %s " -object $file; done)
- uses: actions/upload-artifact@v4
with:
name: code-coverage-report
path: ./html-out/
docs-publish:
runs-on: ubuntu-latest
needs: [build-js-doc, build-rust-doc, build-tests-coverage]
permissions:
contents: write # Necessary to push on the `gh-pages` branch.
steps:
- uses: actions/checkout@v4
with:
path: repo
- run: |
mkdir -p ./upload/doc-javascript
mkdir -p ./upload/doc-rust
mkdir -p ./upload/tests-coverage
touch ./upload/.nojekyll
- uses: actions/download-artifact@v4
with:
name: javascript-documentation
path: ./upload/doc-javascript
- uses: actions/download-artifact@v4
with:
name: rust-documentation
path: ./upload/doc-rust
- uses: actions/download-artifact@v4
with:
name: code-coverage-report
path: ./upload/tests-coverage
- run: |
git config user.email "[email protected]"
git config user.name "GitHub Action"
git config user.password ${{ secrets.GITHUB_TOKEN }}
git checkout --orphan gh-pages
git rm -rf .
git clean -d --force
shopt -s dotglob
mv ../upload/* .
git add --all
git commit -m "Documentation"
working-directory: ./repo
shell: bash # Necessary for `shopt`
- run: git push -f origin gh-pages:gh-pages
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
working-directory: ./repo
npm-publish:
runs-on: ubuntu-latest
container:
image: rust:1.77
steps:
- uses: actions/checkout@v4
- run: rustup target add wasm32-unknown-unknown
- uses: actions/[email protected]
with:
# Set the oldest version still maintained, in order to ensure compatibility. See <https://nodejs.dev/en/about/releases/>
node-version: 16
- uses: Swatinem/rust-cache@v2
- run: npm install
working-directory: ./wasm-node/javascript
- run: npm publish --unsafe-perm --dry-run
working-directory: ./wasm-node/javascript
- uses: JS-DevTools/npm-publish@v3
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
# Warning: this GitHub action doesn't seem to run prepublish scripts, hence
# the `npm publish --dry-run` done right above is important to ensure this.
with:
token: ${{ secrets.NPM_TOKEN }}
package: ./wasm-node/javascript/package.json
access: public
deno-publish:
runs-on: ubuntu-latest
permissions:
contents: write # Necessary in order to push tags.
# This action checks if a certain git tag exists. If not, it compiles the JavaScript package,
# then commits the compilation artifacts, tags the commit, and pushes the tag.
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Necessary below for checking if the tag exists.
- run: rustup target add wasm32-unknown-unknown
- uses: actions/[email protected]
with:
node-version: 16
- uses: denoland/setup-deno@v1
with:
deno-version: v1.x
# TODO: do not use `actions-rs/toolchain` but instead use `image: rust:...` like all the other stages; unfortunately this causes incomprehensible `detected dubious ownership in repository` git errors
- uses: actions-rs/toolchain@v1
with:
# Ideally we don't want to install any toolchain, but the GH action doesn't support this.
toolchain: 1.77
profile: minimal
- uses: Swatinem/rust-cache@v2
- id: compute-tag # Compute the tag that we might push.
run: echo "tag=light-js-deno-v`jq -r .version ./wasm-node/javascript/package.json`" >> $GITHUB_OUTPUT
- id: check-tag-exists # Check whether the tag already exists.
run: echo "num-existing=`git tag -l | grep ${{ steps.compute-tag.outputs.tag }} | wc -l`" >> $GITHUB_OUTPUT
- run: npm install
working-directory: ./wasm-node/javascript
- run: npm publish --unsafe-perm --dry-run
working-directory: ./wasm-node/javascript
- run: cp ./README.md ./dist/mjs
working-directory: ./wasm-node/javascript
- run: |
git add --force ./wasm-node/javascript/dist/mjs # --force bypasses the .gitignore
git config --local user.email "github-actions[bot]@users.noreply.github.com"
git config --local user.name "github-actions[bot]"
git commit -m "Deno version publishing"
- run: |
git tag ${{ steps.compute-tag.outputs.tag }}
if: ${{ steps.check-tag-exists.outputs.num-existing == 0 }}
- run: git push origin ${{ steps.compute-tag.outputs.tag }}
if: ${{ steps.check-tag-exists.outputs.num-existing == 0 && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
crates-io-publish:
runs-on: ubuntu-latest
container:
image: rust:1.77
steps:
- uses: actions/checkout@v4
- run: cargo publish --dry-run --locked
working-directory: ./lib
# Note that no dry run is performed for the crates that have dependencies towards the
# library, as `cargo publish --dry-run` tries to build them against the version on
# `crates.io`, which causes build failures if its public API has changed.
# TODO: is there a way to solve that? ^
- run: cargo login ${{ secrets.CRATES_IO_TOKEN }}
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
- run: cargo publish --no-verify
working-directory: ./lib
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
continue-on-error: true
- run: cargo publish --no-verify
working-directory: ./light-base
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
continue-on-error: true
- run: cargo publish --no-verify
working-directory: ./full-node
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
continue-on-error: true
all-deploy:
# This dummy job depends on all the mandatory checks. It succeeds if and only if CI is
# considered successful.
needs: [build-push-docker-image, docs-publish, npm-publish, deno-publish, crates-io-publish]
runs-on: ubuntu-latest
steps:
- run: echo Success