Merge branch 'master' into umbrella-authorship

paritytech · Nov 29, 2024 · 8eeea21 · 8eeea21
2 parents 4d3af7f + 6416b28
commit 8eeea21
Show file tree

Hide file tree

Showing 116 changed files with 3,620 additions and 728 deletions.
diff --git a/.github/scripts/common/lib.sh b/.github/scripts/common/lib.sh
@@ -237,15 +237,44 @@ fetch_release_artifacts() {
   popd > /dev/null
 }
 
-# Fetch the release artifacts like binary and signatures from S3. Assumes the ENV are set:
+# Fetch deb package from S3. Assumes the ENV are set:
 # - RELEASE_ID
 # - GITHUB_TOKEN
 # - REPO in the form paritytech/polkadot
-fetch_release_artifacts_from_s3() {
+fetch_debian_package_from_s3() {
   BINARY=$1
   echo "Version    : $VERSION"
   echo "Repo       : $REPO"
   echo "Binary     : $BINARY"
+  echo "Tag        : $RELEASE_TAG"
+  OUTPUT_DIR=${OUTPUT_DIR:-"./release-artifacts/${BINARY}"}
+  echo "OUTPUT_DIR : $OUTPUT_DIR"
+
+  URL_BASE=$(get_s3_url_base $BINARY)
+  echo "URL_BASE=$URL_BASE"
+
+  URL=$URL_BASE/$RELEASE_TAG/x86_64-unknown-linux-gnu/${BINARY}_${VERSION}_amd64.deb
+
+  mkdir -p "$OUTPUT_DIR"
+  pushd "$OUTPUT_DIR" > /dev/null
+
+  echo "Fetching deb package..."
+
+  echo "Fetching %s" "$URL"
+  curl --progress-bar -LO "$URL" || echo "Missing $URL"
+
+  pwd
+  ls -al --color
+  popd > /dev/null
+
+}
+
+# Fetch the release artifacts like binary and signatures from S3. Assumes the ENV are set:
+# - RELEASE_ID
+# - GITHUB_TOKEN
+# - REPO in the form paritytech/polkadot
+fetch_release_artifacts_from_s3() {
+  BINARY=$1
   OUTPUT_DIR=${OUTPUT_DIR:-"./release-artifacts/${BINARY}"}
   echo "OUTPUT_DIR : $OUTPUT_DIR"
 

diff --git a/.github/scripts/release/distributions b/.github/scripts/release/distributions
@@ -0,0 +1,39 @@
+Origin: Parity
+Label: Parity
+Codename: release
+Architectures: amd64
+Components: main
+Description: Apt repository for software made by Parity Technologies Ltd.
+SignWith: 90BD75EBBB8E95CB3DA6078F94A4029AB4B35DAE
+
+Origin: Parity
+Label: Parity Staging
+Codename: staging
+Architectures: amd64
+Components: main
+Description: Staging distribution for Parity Technologies Ltd. packages
+SignWith: 90BD75EBBB8E95CB3DA6078F94A4029AB4B35DAE
+
+Origin: Parity
+Label: Parity stable2407
+Codename: stable2407
+Architectures: amd64
+Components: main
+Description: Apt repository for software made by Parity Technologies Ltd.
+SignWith: 90BD75EBBB8E95CB3DA6078F94A4029AB4B35DAE
+
+Origin: Parity
+Label: Parity stable2409
+Codename: stable2409
+Architectures: amd64
+Components: main
+Description: Apt repository for software made by Parity Technologies Ltd.
+SignWith: 90BD75EBBB8E95CB3DA6078F94A4029AB4B35DAE
+
+Origin: Parity
+Label: Parity stable2412
+Codename: stable2412
+Architectures: amd64
+Components: main
+Description: Apt repository for software made by Parity Technologies Ltd.
+SignWith: 90BD75EBBB8E95CB3DA6078F94A4029AB4B35DAE
diff --git a/.github/workflows/build-misc.yml b/.github/workflows/build-misc.yml
@@ -44,7 +44,7 @@ jobs:
           forklift cargo check -p rococo-runtime
           forklift cargo check -p polkadot-test-runtime
       - name: Stop all workflows if failed
-        if: ${{ failure() && steps.required.conclusion == 'failure' }}
+        if: ${{ failure() && steps.required.conclusion == 'failure' && !github.event.pull_request.head.repo.fork }}
         uses: ./.github/actions/workflow-stopper
         with:
           app-id: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_ID }}
@@ -73,7 +73,7 @@ jobs:
           cd ./substrate/bin/utils/subkey
           forklift cargo build --locked --release
       - name: Stop all workflows if failed
-        if: ${{ failure() && steps.required.conclusion == 'failure' }}
+        if: ${{ failure() && steps.required.conclusion == 'failure' && !github.event.pull_request.head.repo.fork }}
         uses: ./.github/actions/workflow-stopper
         with:
           app-id: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_ID }}

diff --git a/.github/workflows/check-frame-omni-bencher.yml b/.github/workflows/check-frame-omni-bencher.yml
@@ -41,7 +41,7 @@ jobs:
           forklift cargo build --locked --quiet --release -p asset-hub-westend-runtime --features runtime-benchmarks
           forklift cargo run --locked --release -p frame-omni-bencher --quiet -- v1 benchmark pallet --runtime target/release/wbuild/asset-hub-westend-runtime/asset_hub_westend_runtime.compact.compressed.wasm --all --steps 2 --repeat 1 --quiet
       - name: Stop all workflows if failed
-        if: ${{ failure() && steps.required.conclusion == 'failure' }}
+        if: ${{ failure() && steps.required.conclusion == 'failure' && !github.event.pull_request.head.repo.fork }}
         uses: ./.github/actions/workflow-stopper
         with:
           app-id: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_ID }}
@@ -99,7 +99,7 @@ jobs:
           echo "Running command: $cmd"
           eval "$cmd"
       - name: Stop all workflows if failed
-        if: ${{ failure() && steps.required.conclusion == 'failure' }}
+        if: ${{ failure() && steps.required.conclusion == 'failure' && !github.event.pull_request.head.repo.fork }}
         uses: ./.github/actions/workflow-stopper
         with:
           app-id: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_ID }}

diff --git a/.github/workflows/check-semver.yml b/.github/workflows/check-semver.yml
@@ -11,7 +11,7 @@ concurrency:
   cancel-in-progress: true
 
 env:
-  TOOLCHAIN: nightly-2024-06-01
+  TOOLCHAIN: nightly-2024-10-19
 
 jobs:
   preflight:
@@ -74,7 +74,7 @@ jobs:
 
       - name: install parity-publish
         # Set the target dir to cache the build.
-        run: CARGO_TARGET_DIR=./target/ cargo install parity-publish@0.8.0 --locked -q
+        run: CARGO_TARGET_DIR=./target/ cargo install parity-publish@0.10.1 --locked -q
 
       - name: check semver
         run: |

diff --git a/.github/workflows/checks-quick.yml b/.github/workflows/checks-quick.yml
@@ -30,7 +30,7 @@ jobs:
         id: required
         run: cargo +nightly fmt --all -- --check
       - name: Stop all workflows if failed
-        if: ${{ failure() && steps.required.conclusion == 'failure' }}
+        if: ${{ failure() && steps.required.conclusion == 'failure' && !github.event.pull_request.head.repo.fork }}
         uses: ./.github/actions/workflow-stopper
         with:
           app-id: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_ID }}

diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
@@ -36,7 +36,7 @@ jobs:
           cargo clippy --all-targets --locked --workspace --quiet
           cargo clippy --all-targets --all-features --locked --workspace --quiet
       - name: Stop all workflows if failed
-        if: ${{ failure() && steps.required.conclusion == 'failure' }}
+        if: ${{ failure() && steps.required.conclusion == 'failure' && !github.event.pull_request.head.repo.fork }}
         uses: ./.github/actions/workflow-stopper
         with:
           app-id: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_ID }}
@@ -62,7 +62,7 @@ jobs:
           # experimental code may rely on try-runtime and vice-versa
           forklift cargo check --locked --all --features try-runtime,experimental --quiet
       - name: Stop all workflows if failed
-        if: ${{ failure() && steps.required.conclusion == 'failure' }}
+        if: ${{ failure() && steps.required.conclusion == 'failure' && !github.event.pull_request.head.repo.fork }}
         uses: ./.github/actions/workflow-stopper
         with:
           app-id: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_ID }}
@@ -91,7 +91,7 @@ jobs:
           ./check-features-variants.sh
           cd -
       - name: Stop all workflows if failed
-        if: ${{ failure() && steps.required.conclusion == 'failure' }}
+        if: ${{ failure() && steps.required.conclusion == 'failure' && !github.event.pull_request.head.repo.fork }}
         uses: ./.github/actions/workflow-stopper
         with:
           app-id: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_ID }}

diff --git a/.github/workflows/command-backport.yml b/.github/workflows/command-backport.yml
@@ -40,7 +40,7 @@ jobs:
         uses: korthout/backport-action@v3
         id: backport
         with:
-          target_branches: stable2407 stable2409
+          target_branches: stable2407 stable2409 stable2412
           merge_commits: skip
           github_token: ${{ steps.generate_token.outputs.token }}
           pull_description: |

diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
@@ -29,7 +29,7 @@ jobs:
         env:
           RUSTFLAGS: "-Cdebug-assertions=y -Dwarnings"
       - name: Stop all workflows if failed
-        if: ${{ failure() && steps.required.conclusion == 'failure' }}
+        if: ${{ failure() && steps.required.conclusion == 'failure' && !github.event.pull_request.head.repo.fork }}
         uses: ./.github/actions/workflow-stopper
         with:
           app-id: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_ID }}
@@ -69,7 +69,7 @@ jobs:
           retention-days: 1
           if-no-files-found: error
       - name: Stop all workflows if failed
-        if: ${{ failure() && steps.required.conclusion == 'failure' }}
+        if: ${{ failure() && steps.required.conclusion == 'failure' && !github.event.pull_request.head.repo.fork }}
         uses: ./.github/actions/workflow-stopper
         with:
           app-id: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_ID }}

diff --git a/.github/workflows/release-40_publish-deb-package.yml b/.github/workflows/release-40_publish-deb-package.yml
@@ -0,0 +1,152 @@
+name: Release - Publish polakdot deb package
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: Current final release tag in the format polakdot-stableYYMM or polkadot-stable-YYMM-X
+        default: polkadot-stable2412
+        required: true
+        type: string
+
+      distribution:
+        description: Distribution where to publish deb package (release, staging, stable2407, etc)
+        default: staging
+        required: true
+        type: string
+
+jobs:
+  check-synchronization:
+    uses: paritytech-release/sync-workflows/.github/workflows/check-syncronization.yml@main
+
+  validate-inputs:
+    needs: [check-synchronization]
+    if: ${{ needs.check-synchronization.outputs.checks_passed }} == 'true'
+    runs-on: ubuntu-latest
+    outputs:
+        release_tag: ${{ steps.validate_inputs.outputs.release_tag }}
+
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+
+      - name: Validate inputs
+        id: validate_inputs
+        run: |
+          . ./.github/scripts/common/lib.sh
+
+          RELEASE_TAG=$(validate_stable_tag ${{ inputs.tag }})
+          echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT
+
+
+  fetch-artifacts-from-s3:
+    runs-on: ubuntu-latest
+    needs: [validate-inputs]
+    env:
+      REPO: ${{ github.repository }}
+      RELEASE_TAG: ${{ needs.validate-inputs.outputs.release_tag }}
+    outputs:
+      VERSION: ${{ steps.fetch_artifacts_from_s3.outputs.VERSION }}
+
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+
+      - name: Fetch rc artifacts or release artifacts from s3 based on version
+        id: fetch_artifacts_from_s3
+        run: |
+          . ./.github/scripts/common/lib.sh
+
+          VERSION="$(get_polkadot_node_version_from_code)"
+          echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
+
+          fetch_debian_package_from_s3 polkadot
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        with:
+          name: release-artifacts
+          path: release-artifacts/polkadot/*.deb
+
+  publish-deb-package:
+    runs-on: ubuntu-latest
+    needs: [fetch-artifacts-from-s3]
+    environment: release
+    env:
+      AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+      AWS_DEB_PATH: "s3://releases-package-repos/deb"
+      LOCAL_DEB_REPO_PATH: ${{ github.workspace }}/deb
+      VERSION: ${{ needs.fetch-artifacts-from-s3.outputs.VERSION }}
+
+    steps:
+      - name: Install pgpkkms
+        run: |
+          # Install pgpkms that is used to sign built artifacts
+          python3 -m pip install "pgpkms @ git+https://github.com/paritytech-release/pgpkms.git@1f8555426662ac93a3849480a35449f683b1c89f"
+          echo "PGPKMS_REPREPRO_PATH=$(which pgpkms-reprepro)" >> $GITHUB_ENV
+
+      - name: Install awscli
+        run: |
+          python3 -m pip install awscli
+          which aws
+
+      - name: Checkout sources
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+
+      - name: Import gpg keys
+        shell: bash
+        run: |
+          . ./.github/scripts/common/lib.sh
+
+          import_gpg_keys
+
+      - name: Download artifacts
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          name: release-artifacts
+          path: release-artifacts
+
+      - name: Setup local deb repo
+        run: |
+          sudo apt-get install -y reprepro
+          which reprepro
+
+          sed -i "s|^SignWith:.*|SignWith: ! ${PGPKMS_REPREPRO_PATH}|" ${{ github.workspace }}/.github/scripts/release/distributions
+
+          mkdir -p ${{ github.workspace }}/deb/conf
+          cp ${{ github.workspace }}/.github/scripts/release/distributions ${{ github.workspace }}/deb/conf/distributions
+          cat ${{ github.workspace }}/deb/conf/distributions
+
+      - name: Sync local deb repo
+        env:
+          AWS_ACCESS_KEY_ID:  ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
+        run: |
+          # Download the current state of the deb repo
+          aws s3 sync "$AWS_DEB_PATH/db" "$LOCAL_DEB_REPO_PATH/db"
+          aws s3 sync "$AWS_DEB_PATH/pool" "$LOCAL_DEB_REPO_PATH/pool"
+          aws s3 sync "$AWS_DEB_PATH/dists" "$LOCAL_DEB_REPO_PATH/dists"
+
+      - name: Add deb package to local repo
+        env:
+          PGP_KMS_KEY:  ${{ secrets.PGP_KMS_KEY }}
+          PGP_KMS_HASH:  ${{ secrets.PGP_KMS_HASH }}
+          AWS_ACCESS_KEY_ID:  ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        run: |
+          # Add the new deb to the repo
+          reprepro -b "$LOCAL_DEB_REPO_PATH" includedeb "${{ inputs.distribution }}" "release-artifacts/polkadot_${VERSION}_amd64.deb"
+
+      - name: Upload updated deb repo
+        env:
+          AWS_ACCESS_KEY_ID:  ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
+        run: |
+          # Upload the updated repo - dists and pool should be publicly readable
+          aws s3 sync "$LOCAL_DEB_REPO_PATH/pool" "$AWS_DEB_PATH/pool" --acl public-read
+          aws s3 sync "$LOCAL_DEB_REPO_PATH/dists" "$AWS_DEB_PATH/dists" --acl public-read
+          aws s3 sync "$LOCAL_DEB_REPO_PATH/db" "$AWS_DEB_PATH/db"
+          aws s3 sync "$LOCAL_DEB_REPO_PATH/conf" "$AWS_DEB_PATH/conf"
+
+          # Invalidate caches to make sure latest files are served
+          aws cloudfront create-invalidation --distribution-id E36FKEYWDXAZYJ --paths '/deb/*'
diff --git a/.github/workflows/tests-linux-stable.yml b/.github/workflows/tests-linux-stable.yml
@@ -37,7 +37,7 @@ jobs:
         id: required
         run: WASM_BUILD_NO_COLOR=1 forklift cargo test -p staging-node-cli --release --locked -- --ignored
       - name: Stop all workflows if failed
-        if: ${{ failure() && steps.required.conclusion == 'failure' }}
+        if: ${{ failure() && steps.required.conclusion == 'failure' && !github.event.pull_request.head.repo.fork }}
         uses: ./.github/actions/workflow-stopper
         with:
           app-id: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_ID }}
@@ -63,7 +63,7 @@ jobs:
         id: required
         run: forklift cargo nextest run --workspace --features runtime-benchmarks benchmark --locked --cargo-profile testnet --cargo-quiet
       - name: Stop all workflows if failed
-        if: ${{ failure() && steps.required.conclusion == 'failure' }}
+        if: ${{ failure() && steps.required.conclusion == 'failure' && !github.event.pull_request.head.repo.fork }}
         uses: ./.github/actions/workflow-stopper
         with:
           app-id: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_ID }}
@@ -113,7 +113,7 @@ jobs:
         if: ${{ matrix.partition == '1/3' }}
         run: forklift cargo nextest run -p sp-api-test --features enable-staging-api --cargo-quiet
       - name: Stop all workflows if failed
-        if: ${{ failure() && steps.required.conclusion == 'failure' }}
+        if: ${{ failure() && steps.required.conclusion == 'failure' && !github.event.pull_request.head.repo.fork }}
         uses: ./.github/actions/workflow-stopper
         with:
           app-id: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_ID }}
@@ -155,7 +155,7 @@ jobs:
                    --filter-expr " !test(/all_security_features_work/) - test(/nonexistent_cache_dir/)" \
                    --partition count:${{ matrix.partition }} \
       - name: Stop all workflows if failed
-        if: ${{ failure() && steps.required.conclusion == 'failure' }}
+        if: ${{ failure() && steps.required.conclusion == 'failure' && !github.event.pull_request.head.repo.fork }}
         uses: ./.github/actions/workflow-stopper
         with:
           app-id: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_ID }}