Automated build (WalletWasabi#13273)

* Automated build (part 1) * Automated build (part 2) * Suggestions * first working version * missing file
Kukks · Sep 11, 2024 · b1ffed5 · b1ffed5
1 parent e8a6e55
commit b1ffed5
Show file tree

Hide file tree

Showing 5 changed files with 800 additions and 1 deletion.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,160 @@
+name: Build and Upload packages for release
+
+on:
+  push:
+    tags:
+      - 'v*'  # Triggers on tags that start with 'v'
+
+jobs:
+  debian-package-and-zips:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Run bash script
+        run: sudo bash -x ./Contrib/release.sh debian
+
+      - name: Upload debian package
+        uses: actions/upload-artifact@v4
+        with:
+          name: packages-for-debian
+          path: ./packages/*.deb  # Adjust the path to your generated files
+          compression-level: 0
+          if-no-files-found: error
+
+      - name: Upload zip & tar package
+        uses: actions/upload-artifact@v4
+        with:
+          name: packages-zip-tar
+          path: |
+            ./packages/*
+            !./packages/*.deb
+          compression-level: 0
+          if-no-files-found: error
+
+  installer-for-windows:
+    runs-on: windows-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Setup .NET
+      uses: actions/setup-dotnet@v4
+
+    - name: Install WiX Toolset
+      run: |
+        choco install wixtoolset --version=3.14.1 --force
+        choco install 7zip.commandline
+
+    - name: Install Windows SDK
+      run: |
+        choco install windows-sdk-10-version-1903-all
+
+    - name: Set up environment
+      shell: bash
+      env:
+        SIGNING_CERTIFICATE: ${{ secrets.SIGNING_CERTIFICATE }}
+      run: |
+        echo "$SIGNING_CERTIFICATE" | base64 -d > Certificate.pfx
+
+    - name: Build Windows Installer
+      shell: bash
+      run: |
+        set -x
+        ./Contrib/release.sh wininstaller
+      env:
+        SIGNING_CERTIFICATE_PASSWORD: ${{ secrets.SIGNING_CERTIFICATE_PASSWORD }}
+
+    - name: Upload windows installer
+      uses: actions/upload-artifact@v4
+      with:
+        name: packages-for-windows
+        path: ./packages/*  # Adjust the path to your generated files
+        compression-level: 0
+        if-no-files-found: error
+  macos-packages-and-zips:
+    runs-on: macos-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up environment
+        shell: bash
+        env:
+          MAC_CER: ${{ secrets.MAC_CER }}
+          MAC_P12: ${{ secrets.MAC_P12 }}
+        run: |
+          echo "$MAC_CER" | base64 -d > MacCertificate.cer
+          echo "$MAC_P12" | base64 -d > MacP12.p12
+
+      - name: Build dmg and zip
+        shell: bash
+        run: |
+          set -x
+          ./Contrib/release.sh dmg
+        env:
+          MAC_TEAMID: ${{ secrets.MAC_TEAMID }}
+          MAC_APPLEID: ${{ secrets.MAC_APPLEID }}
+          MAC_APPLEPSSWD: ${{ secrets.MAC_APPLEPSSWD }}
+          MAC_P12_PASSWORD: ${{ secrets.MAC_P12_PASSWORD }}
+
+      - name: Upload zip & dmg package
+        uses: actions/upload-artifact@v4
+        with:
+          name: packages-zip-dmg
+          path: ./packages/*
+          compression-level: 0
+          if-no-files-found: error
+
+  sign-all-packages:
+    runs-on: ubuntu-latest
+    needs: [debian-package-and-zips, installer-for-windows, macos-packages-and-zips]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Download package for Debian
+        uses: actions/download-artifact@v4
+        with:
+          name: packages-for-debian
+          path: ./packages
+      - name: Download compressed packages
+        uses: actions/download-artifact@v4
+        with:
+          name: packages-zip-tar
+          path: ./packages
+      - name: Download windows packages
+        uses: actions/download-artifact@v4
+        with:
+          name: packages-for-windows
+          path: ./packages
+      - name: Download zip & dmg packages
+        uses: actions/download-artifact@v4
+        with:
+          name: packages-zip-dmg
+          path: ./packages
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.SIGNING_PGP_KEY }}
+          passphrase: ${{ secrets.SIGNING_PGP_PASSPHRASE }}
+      - name: PGP and Wasabi signing
+        shell: bash
+        env:
+          SIGNING_WASABI_KEY: ${{ secrets.SIGNING_WASABI_KEY }}
+        run: bash -x ./Contrib/release.sh gpgsign
+      - name: List downloaded files
+        run: ls -l ./packages
+      - name: Create release note
+        run: bash -x ./Contrib/release.sh releasenote > ReleaseNote.md
+      - name: Release
+        uses: softprops/action-gh-release@v2
+        with:
+          name: Wasabi Wallet ${{ github.ref_name }}
+          files: ./packages/*
+          body_path: ReleaseNote.md
+          generate_release_notes: true
+          draft: true
diff --git a/Contrib/ReleaseHighlight.md b/Contrib/ReleaseHighlight.md
@@ -0,0 +1,31 @@
+## Release Highlights
+🔒 Set minimum coinjoin input count
+🔒 Stricter absolute limits for maximum coinjoin mining fee rate and minimum coinjoin input count
+🔒 Prevent solo coinjoining
+👀 Coordinator Connection String
+👀 Advanced send Workflow
+## Release Summary
+
+Wasabi Wallet v2.1.0.0 adds safeguards for coinjoin participants.
+Clients can now set their own policies regarding minimum input count and maximum coordination fee to protect from malicious coordinators which tries to charge more than they announce.
+
+### Apply coinjoin coordination policies to all rounds:
+
+It was possible for a malicious coordinator to bypass the client policies for blame round and set different coordination fees for those.
+v2.1.0.0 fixes this issue by enforcing the policies to blame rounds too.
+
+### Stricter safeguards:
+
+Wasabi clients use more restrictive policies that guarantee that even in presence of a malicious coordinator, the risk of losing money is mitigated. These are: absolute maximum coordination fee rate changed from 0.01 to 0.005, absolute minimum input count changed from 2 to 5.
+
+### Prevent signing coinjoin where there is only one participant:
+
+A malicious coordinator could set the minimum input count as a very low number to create coinjoins where all the inputs belong to the same user. In v2.1.0.0 clients don't sign transaction where there are no other participants.
+
+### Coordinator Connection String
+
+Changing coordinator has never been easier! Coordinators can create a connection string that once in the clipboard will be recognized by Wasabi and allow the client to be quickly configured to coinjoin with it.
+
+### Advanced send Workflow
+
+The sending whole coin feature has been replaced by a new Manual Control feature to allow users to specify which coins can be used for sending.
diff --git a/Contrib/ReleaseTemplate.md b/Contrib/ReleaseTemplate.md
@@ -0,0 +1,38 @@
+### _[Wasabi Wallet](https://wasabiwallet.io) is an easy to use, privacy-focused, open-source, non-custodial, Bitcoin wallet._
+
+# Download
+:window: [Windows](https://github.com/WalletWasabi/WalletWasabi/releases/download/v{version}/Wasabi-{version}.msi)
+:green_apple: [Apple M1/M2](https://github.com/WalletWasabi/WalletWasabi/releases/download/v{version}/Wasabi-{version}-arm64.dmg)
+:apple: [Apple Intel](https://github.com/WalletWasabi/WalletWasabi/releases/download/v{version}/Wasabi-{version}.dmg)
+:penguin: [Ubuntu / Debian](https://github.com/WalletWasabi/WalletWasabi/releases/download/v{version}/Wasabi-{version}.deb)
+:penguin: [Other Linux](https://github.com/WalletWasabi/WalletWasabi/releases/download/v{version}/Wasabi-{version}.tar.gz)
+
+---
+
+{highlights}
+
+---
+
+## Installation Guide
+Download the operating system relevant software package and install Wasabi like you would with any other software on your computer.
+For a detailed installation guide, including **signature verification**, see [the documentation](https://docs.wasabiwallet.io/using-wasabi/InstallPackage.html).
+
+## Documentation
+:spider_web: [Website](https://wasabiwallet.io)
+:onion: [Tor onion site](http://wasabiukrxmkdgve5kynjztuovbg43uxcbcxn6y2okcrsg7gb6jdmbad.onion/)
+:orange_book: [Documentation](https://docs.wasabiwallet.io)
+:grey_question: [FAQ](https://github.com/WalletWasabi/WalletWasabi/discussions/categories/faq)
+
+## Advanced Guide
+If you want to build or update Wasabi from source code, check out [these easy instructions](https://docs.wasabiwallet.io/using-wasabi/BuildSource.html).
+
+Wasabi uses [reproducible builds](https://reproducible-builds.org/), which you can verify with [this guide](https://github.com/WalletWasabi/WalletWasabi/blob/master/WalletWasabi.Documentation/Guides/DeterministicBuildGuide.md).
+
+## Requirements
+- Windows 10 1607+
+- Windows 11 22000+
+- macOS 12.0+
+- Ubuntu 22.04+
+- Fedora 37+
+- Debian 11+
+---