refactor(minor-ampd): separate generic public key for multisig signin… #446
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Amplifier wasm contracts - Upload wasm binaries to Cloudflare R2 bucket | |
on: | |
push: | |
branches: | |
- main | |
create: | |
tags: | |
- '*-v[0-9]+.[0-9]+.[0-9]+' | |
workflow_dispatch: | |
inputs: | |
ref: | |
description: Github branch or tag to checkout for compilation | |
required: true | |
default: main | |
type: string | |
jobs: | |
compile-and-upload: | |
name: Compile contracts and push to R2 | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: write | |
packages: write | |
id-token: write | |
steps: | |
- name: Get tag | |
id: get-tag | |
run: | | |
echo "github_ref=$GITHUB_REF" | |
if [[ $GITHUB_REF == refs/tags/* ]]; then | |
echo "tag=${GITHUB_REF#refs/tags/}" | |
echo "tag=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT | |
elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then | |
input_ref="${{ github.event.inputs.ref }}" | |
if [[ $input_ref =~ ^([a-zA-Z-]+)-v([0-9]+\.[0-9]+\.[0-9]+)$ ]]; then | |
echo "tag=$input_ref" | |
echo "tag=$input_ref" >> $GITHUB_OUTPUT | |
else | |
echo "tag=" | |
echo "tag=" >> $GITHUB_OUTPUT | |
fi | |
else | |
echo "tag=" | |
echo "tag=" >> $GITHUB_OUTPUT | |
fi | |
- name: Check for release information from tag | |
id: check-release | |
run: | | |
tag="${{ steps.get-tag.outputs.tag }}" | |
is_release="false" | |
if [[ $tag =~ ^([a-zA-Z-]+)-v([0-9]+\.[0-9]+\.[0-9]+)$ ]]; then | |
is_release="true" | |
crate_name="${BASH_REMATCH[1]}" | |
crate_version="${BASH_REMATCH[2]}" | |
if [[ $crate_name == "ampd" ]]; then | |
echo "Ampd release. Ignoring the wasm build and upload." | |
exit 1 | |
fi | |
echo "Is release: $is_release" | |
echo "Crate Name: $crate_name" | |
echo "Crate Version: $crate_version" | |
echo "is-release=$is_release" >> $GITHUB_OUTPUT | |
echo "crate-name=$crate_name" >> $GITHUB_OUTPUT | |
echo "crate-version=$crate_version" >> $GITHUB_OUTPUT | |
else | |
echo "Is release: $is_release" | |
echo "Not a release tag. Skipping crate name and version extraction." | |
echo "is-release=$is_release" >> $GITHUB_OUTPUT | |
fi | |
- name: Determine checkout ref | |
id: get-checkout-ref | |
run: | | |
if [[ $GITHUB_REF == refs/tags/* ]]; then | |
echo "ref=$GITHUB_REF" >> $GITHUB_OUTPUT | |
elif [ "${{ github.event_name }}" == "push" ]; then | |
echo "ref=main" >> $GITHUB_OUTPUT | |
else | |
echo "ref=${{ inputs.ref }}" >> $GITHUB_OUTPUT | |
fi | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: "0" | |
path: axelar-amplifier | |
submodules: recursive | |
ref: ${{ steps.get-checkout-ref.outputs.ref }} | |
token: ${{ secrets.INTEROP_CI_ACTION_TOKEN }} | |
- name: Import GPG key | |
id: import_gpg | |
uses: crazy-max/ghaction-import-gpg@v4 | |
with: | |
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
- name: Compile all amplifier contracts | |
id: compile-contracts | |
run: | | |
cd axelar-amplifier | |
docker run --rm -v "$(pwd)":/code \ | |
--mount type=volume,source="$(basename "$(pwd)")_cache",target=/code/target \ | |
--mount type=volume,source=registry_cache,target=/usr/local/cargo/registry \ | |
cosmwasm/optimizer:0.16.0 | |
commit_hash=$(git rev-parse --short HEAD) | |
cd .. | |
mkdir -p ./$commit_hash/ | |
cp -R axelar-amplifier/artifacts/* ./$commit_hash/ | |
echo "wasm-directory=./$commit_hash" >> $GITHUB_OUTPUT | |
- name: Prepare and sign release artifacts | |
if: steps.check-release.outputs.is-release == 'true' | |
id: prepare-release | |
run: | | |
cd ${{ steps.compile-contracts.outputs.wasm-directory }} | |
crate_name="${{ steps.check-release.outputs.crate-name }}" | |
crate_version="${{ steps.check-release.outputs.crate-version }}" | |
wasm_file=$(find . -name "${crate_name//-/_}.wasm") | |
checksum_file=$(find . -name "checksums.txt") | |
if [ -z "$wasm_file" ]; then | |
echo "Error: Could not find .wasm file for $crate_name" | |
exit 1 | |
fi | |
mkdir -p "../${crate_version}" | |
cp "$wasm_file" "../${crate_version}/${crate_name}.wasm" | |
cp "$checksum_file" "../${crate_version}/" | |
gpg --armor --detach-sign ../${crate_version}/${crate_name}.wasm | |
gpg --armor --detach-sign ../${crate_version}/checksums.txt | |
echo "release-artifacts-dir=./${crate_version}" >> $GITHUB_OUTPUT | |
echo "r2-destination-dir=./releases/cosmwasm/${crate_name}" >> $GITHUB_OUTPUT | |
- uses: ryand56/[email protected] | |
if: steps.check-release.outputs.is-release == 'true' | |
with: | |
r2-account-id: ${{ secrets.R2_ACCOUNT_ID }} | |
r2-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CF }} | |
r2-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CF }} | |
r2-bucket: ${{ secrets.R2_BUCKET }} | |
source-dir: ${{ steps.prepare-release.outputs.release-artifacts-dir }} | |
destination-dir: ${{ steps.prepare-release.outputs.r2-destination-dir }} | |
- uses: ryand56/[email protected] | |
if: steps.check-release.outputs.is-release != 'true' | |
with: | |
r2-account-id: ${{ secrets.R2_ACCOUNT_ID }} | |
r2-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CF }} | |
r2-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CF }} | |
r2-bucket: ${{ secrets.R2_BUCKET }} | |
source-dir: ${{ steps.compile-contracts.outputs.wasm-directory }} | |
destination-dir: ./pre-releases/cosmwasm/ |