forked from ethereum/staking-deposit-cli
-
Notifications
You must be signed in to change notification settings - Fork 10
138 lines (138 loc) · 6.79 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
name: ci-build
run-name: ${{ github.actor }} is running ci-build
on: [workflow_dispatch]
jobs:
ci-build:
runs-on: ${{ matrix.os }}
permissions:
id-token: write
contents: read
attestations: write
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-12, macos-latest, windows-latest]
python-version: ["3.12"]
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
cache: 'pip'
- name: Setup variables (Linux & macOS)
if: ${{ startsWith(matrix.os, 'ubuntu-') || startsWith(matrix.os, 'macos-') }}
run: |
echo "PYTHONHASHSEED=42" >> "$GITHUB_ENV"
export SHORT_SHA=$(eval echo ${{ github.sha }} | cut -c -7)
echo "SHORT_SHA=${SHORT_SHA}" >> "$GITHUB_ENV"
- name: Setup variables (Windows)
if: ${{ startsWith(matrix.os, 'windows-') }}
run: |
echo "PYTHONHASHSEED=42" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
$env:SHORT_SHA = "${{ github.sha }}".Substring(0, 7)
echo ("SHORT_SHA=" + $env:SHORT_SHA) | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
- name: Install Linux build dependencies
if: ${{ startsWith(matrix.os, 'ubuntu-') }}
run: |
python -m pip install --upgrade pip
pip install -r build_configs/linux/requirements.txt
- name: Install macOS build dependencies
if: ${{ startsWith(matrix.os, 'macos-') }}
run: |
python -m pip install --upgrade pip
pip install -r build_configs/linux/requirements.txt
- name: Install Windows build dependencies
if: ${{ startsWith(matrix.os, 'windows-') }}
run: |
python -m pip install --upgrade pip
pip install -r build_configs/windows/requirements.txt
- name: Build with build.spec (Linux amd64)
if: ${{ startsWith(matrix.os, 'ubuntu-') }}
run: |
export BUILD_FILE_NAME=ethstaker_deposit-cli-${SHORT_SHA}-linux-amd64
echo "BUILD_FILE_NAME=${BUILD_FILE_NAME}" >> "$GITHUB_ENV"
mkdir ${BUILD_FILE_NAME}
pyinstaller --distpath ./${BUILD_FILE_NAME} ./build_configs/linux/build.spec
- name: Build with build.spec (macOS amd64)
if: ${{ matrix.os == 'macos-12' }}
run: |
export BUILD_FILE_NAME=ethstaker_deposit-cli-${SHORT_SHA}-darwin-amd64
echo "BUILD_FILE_NAME=${BUILD_FILE_NAME}" >> "$GITHUB_ENV"
mkdir ${BUILD_FILE_NAME}
pyinstaller --distpath ./${BUILD_FILE_NAME} ./build_configs/macos/build.spec
- name: Build with build.spec (macOS arm64)
if: ${{ matrix.os == 'macos-latest' }}
run: |
export BUILD_FILE_NAME=ethstaker_deposit-cli-${SHORT_SHA}-darwin-arm64
echo "BUILD_FILE_NAME=${BUILD_FILE_NAME}" >> "$GITHUB_ENV"
mkdir ${BUILD_FILE_NAME}
pyinstaller --distpath ./${BUILD_FILE_NAME} ./build_configs/macos/build.spec
- name: Build with build.spec (Windows amd64)
if: ${{ startsWith(matrix.os, 'windows-') }}
run: |
$env:BUILD_FILE_NAME = ("ethstaker_deposit-cli-" + $env:SHORT_SHA + "-windows-amd64")
echo ("BUILD_FILE_NAME=" + $env:BUILD_FILE_NAME) | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
mkdir $env:BUILD_FILE_NAME
$env:BUILD_FILE_NAME_PATH = (".\" + $env:BUILD_FILE_NAME)
echo ("BUILD_FILE_NAME_PATH=" + $env:BUILD_FILE_NAME_PATH) | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
pyinstaller --distpath $env:BUILD_FILE_NAME .\build_configs\windows\build.spec
- name: Install coreutils (macOS)
if: ${{ startsWith(matrix.os, 'macos-') }}
run: |
brew install coreutils
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v6
id: import-gpg-key
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.PASSPHRASE }}
trust_level: 5
- name: List GPG keys
run: gpg -K
- name: Create archive, checksum and GPG signature (Linux & macOS)
if: ${{ startsWith(matrix.os, 'ubuntu-') || startsWith(matrix.os, 'macos-') }}
env:
GPG_KEY_ID: ${{ steps.import-gpg-key.outputs.fingerprint }}
run: |
tar -zcvf ${BUILD_FILE_NAME}.tar.gz ./${BUILD_FILE_NAME}
mkdir -p output/artifacts
cp ${BUILD_FILE_NAME}.tar.gz output/artifacts
sha256sum ${BUILD_FILE_NAME}.tar.gz | head -c 64 > output/artifacts/${BUILD_FILE_NAME}.sha256
gpg --default-key ${GPG_KEY_ID} --sign --armor --output output/artifacts/${BUILD_FILE_NAME}.tar.gz.asc --detach-sig ${BUILD_FILE_NAME}.tar.gz
- name: Create archive, checksum and GPG signature (Windows)
if: ${{ startsWith(matrix.os, 'windows-') }}
env:
GPG_KEY_ID: ${{ steps.import-gpg-key.outputs.fingerprint }}
run: |
$env:ZIP_FILE_NAME = ($env:BUILD_FILE_NAME + ".zip")
echo ("ZIP_FILE_NAME=" + $env:ZIP_FILE_NAME) | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
Compress-Archive -Path $env:BUILD_FILE_NAME_PATH -DestinationPath $env:ZIP_FILE_NAME
mkdir output\artifacts
copy $env:ZIP_FILE_NAME output\artifacts
$env:CHECKSUM_FILE_NAME_PATH = ("output\artifacts\" + $env:BUILD_FILE_NAME + ".sha256")
certUtil -hashfile $env:ZIP_FILE_NAME SHA256 | findstr /i /v "SHA256" | findstr /i /v "CertUtil" > $env:CHECKSUM_FILE_NAME_PATH
$env:SIGNATURE_FILE_NAME_PATH = ("output\artifacts\" + $env:ZIP_FILE_NAME + ".asc")
gpg --default-key $env:GPG_KEY_ID --sign --armor --output $env:SIGNATURE_FILE_NAME_PATH --detach-sig $env:ZIP_FILE_NAME
- name: Generate artifacts attestation (Linux & macOS)
if: ${{ startsWith(matrix.os, 'ubuntu-') || startsWith(matrix.os, 'macos-') }}
uses: actions/attest-build-provenance@v1
with:
subject-path: output/artifacts/*
- name: Generate artifacts attestation (Windows)
if: ${{ startsWith(matrix.os, 'windows-') }}
uses: actions/attest-build-provenance@v1
with:
subject-path: output\artifacts\*
- name: Archive production artifacts (Linux & macOS)
if: ${{ startsWith(matrix.os, 'ubuntu-') || startsWith(matrix.os, 'macos-') }}
uses: actions/upload-artifact@v4
with:
name: binary-${{ matrix.os }}-${{ github.sha }}-${{ github.run_id }}
path: output/artifacts
- name: Archive production artifacts (Windows)
if: ${{ startsWith(matrix.os, 'windows-') }}
uses: actions/upload-artifact@v4
with:
name: binary-${{ matrix.os }}-${{ github.sha }}-${{ github.run_id }}
path: output\artifacts