use Chia-Network/actions/git-ssh-to-https@main in windows #28136
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 📦🚀 Build Installer - Linux DEB | |
on: | |
workflow_dispatch: | |
inputs: | |
release_type: | |
description: "Tagged release testing scenario" | |
required: false | |
type: choice | |
default: "" | |
options: | |
- "" | |
- 9.9.9-b1 | |
- 9.9.9-rc1 | |
- 9.9.9 | |
push: | |
paths-ignore: | |
- "**.md" | |
branches: | |
- "long_lived/**" | |
- main | |
- "release/**" | |
release: | |
types: [published] | |
pull_request: | |
paths-ignore: | |
- "**.md" | |
branches: | |
- "**" | |
concurrency: | |
# SHA is added to the end if on `main` to let all main workflows run | |
group: ${{ github.ref }}-${{ github.workflow }}-${{ github.event_name }}-${{ (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/') || startsWith(github.ref, 'refs/heads/long_lived/')) && github.sha || '' }} | |
cancel-in-progress: true | |
permissions: | |
id-token: write | |
contents: write | |
jobs: | |
version: | |
uses: ./.github/workflows/reflow-version.yml | |
build: | |
name: Build ${{ matrix.os.arch }} | |
runs-on: ${{ matrix.os.runs-on }} | |
needs: | |
- version | |
container: chianetwork/ubuntu-20.04-builder:latest | |
timeout-minutes: 120 | |
strategy: | |
fail-fast: false | |
matrix: | |
python-version: ["3.10"] | |
os: | |
- runs-on: ubuntu-latest | |
arch: amd64 | |
madmax-suffix: "x86-64" | |
bladebit-suffix: "ubuntu-x86-64.tar.gz" | |
- runs-on: [Linux, ARM64] | |
arch: arm64 | |
madmax-suffix: "arm64" | |
bladebit-suffix: "ubuntu-arm64.tar.gz" | |
env: | |
CHIA_INSTALLER_VERSION: ${{ needs.version.outputs.chia-installer-version }} | |
SETUPTOOLS_SCM_PRETEND_VERSION_FOR_CHIA_BLOCKCHAIN: ${{ needs.version.outputs.chia-installer-version }} | |
TAG_TYPE: ${{ needs.version.outputs.tag-type }} | |
steps: | |
- uses: Chia-Network/actions/clean-workspace@main | |
- name: Add safe git directory | |
uses: Chia-Network/actions/git-mark-workspace-safe@main | |
- name: Checkout Code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
submodules: recursive | |
- uses: Chia-Network/actions/git-ssh-to-https@main | |
- name: Cleanup any leftovers that exist from previous runs | |
run: bash build_scripts/clean-runner.sh || true | |
- name: Set Env | |
uses: Chia-Network/actions/setjobenv@main | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Get latest madmax plotter | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
LATEST_MADMAX=$(gh api repos/Chia-Network/chia-plotter-madmax/releases/latest --jq 'select(.prerelease == false) | .tag_name') | |
mkdir "$GITHUB_WORKSPACE"/madmax | |
gh release download -R Chia-Network/chia-plotter-madmax "$LATEST_MADMAX" -p 'chia_plot-*-${{ matrix.os.madmax-suffix }}' -O "$GITHUB_WORKSPACE"/madmax/chia_plot | |
gh release download -R Chia-Network/chia-plotter-madmax "$LATEST_MADMAX" -p 'chia_plot_k34-*-${{ matrix.os.madmax-suffix }}' -O "$GITHUB_WORKSPACE"/madmax/chia_plot_k34 | |
chmod +x "$GITHUB_WORKSPACE"/madmax/chia_plot | |
chmod +x "$GITHUB_WORKSPACE"/madmax/chia_plot_k34 | |
- name: Fetch bladebit versions | |
shell: bash | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
# Fetch the latest version of each type | |
LATEST_RELEASE=$(gh api repos/Chia-Network/bladebit/releases/latest --jq 'select(.prerelease == false) | .tag_name') | |
LATEST_BETA=$(gh api repos/Chia-Network/bladebit/releases --jq 'map(select(.prerelease) | select(.tag_name | test("^v[0-9]+\\.[0-9]+\\.[0-9]+-beta[0-9]+$"))) | first | .tag_name') | |
LATEST_RC=$(gh api repos/Chia-Network/bladebit/releases --jq 'map(select(.prerelease) | select(.tag_name | test("^v[0-9]+\\.[0-9]+\\.[0-9]+-rc[0-9]+$"))) | first | .tag_name') | |
# Compare the versions and choose the newest that matches the requirements | |
if [[ "$TAG_TYPE" == "beta" || -z "$TAG_TYPE" ]]; then | |
# For beta or dev builds (indicated by the absence of a tag), use the latest version available | |
LATEST_VERSION=$(printf "%s\n%s\n%s\n" "$LATEST_RELEASE" "$LATEST_BETA" "$LATEST_RC" | sed '/-/!s/$/_/' | sort -V | sed 's/_$//' | tail -n 1) | |
elif [[ "$TAG_TYPE" == "rc" ]]; then | |
# For RC builds, use the latest RC or full release if it's newer | |
LATEST_VERSION=$(printf "%s\n%s\n" "$LATEST_RELEASE" "$LATEST_RC" | sed '/-/!s/$/_/' | sort -V | sed 's/_$//' | tail -n 1) | |
else | |
# For full releases, use the latest full release | |
LATEST_VERSION="$LATEST_RELEASE" | |
fi | |
echo "LATEST_VERSION=$LATEST_VERSION" >> "$GITHUB_ENV" | |
- name: Get latest bladebit plotter | |
shell: bash | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
# Download and extract the chosen version | |
mkdir "$GITHUB_WORKSPACE"/bladebit | |
cd "$GITHUB_WORKSPACE"/bladebit | |
gh release download -R Chia-Network/bladebit "$LATEST_VERSION" -p 'bladebit*-${{ matrix.os.bladebit-suffix }}' | |
ls *.tar.gz | xargs -I{} bash -c 'tar -xzf {} && rm {}' | |
ls bladebit* | xargs -I{} chmod +x {} | |
cd "$OLDPWD" | |
- uses: ./.github/actions/install | |
with: | |
python-version: ${{ matrix.python-version }} | |
development: true | |
constraints-file-artifact-name: constraints-file-${{ matrix.os.arch }} | |
- uses: chia-network/actions/activate-venv@main | |
- name: Prepare GUI cache | |
id: gui-ref | |
run: | | |
gui_ref=$(git submodule status chia-blockchain-gui | sed -e 's/^ //g' -e 's/ chia-blockchain-gui.*$//g') | |
echo "${gui_ref}" | |
echo "GUI_REF=${gui_ref}" >> "$GITHUB_OUTPUT" | |
echo "rm -rf ./chia-blockchain-gui" | |
rm -rf ./chia-blockchain-gui | |
- name: Cache GUI | |
uses: actions/cache@v4 | |
id: cache-gui | |
with: | |
path: ./chia-blockchain-gui | |
key: ${{ runner.os }}-${{ matrix.os.arch }}-chia-blockchain-gui-${{ steps.gui-ref.outputs.GUI_REF }} | |
- if: steps.cache-gui.outputs.cache-hit != 'true' | |
name: Build GUI | |
continue-on-error: false | |
run: | | |
cd ./build_scripts | |
bash build_linux_deb-1-gui.sh | |
- name: Build .deb package | |
run: | | |
ldd --version | |
cd ./build_scripts | |
sh build_linux_deb-2-installer.sh ${{ matrix.os.arch }} | |
- name: Upload Linux artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: chia-installers-linux-deb-${{ matrix.os.arch }} | |
path: ${{ github.workspace }}/build_scripts/final_installer/ | |
- name: Remove working files to exclude from cache | |
run: | | |
rm -rf ./chia-blockchain-gui/packages/gui/daemon | |
publish: | |
name: Publish ${{ matrix.os.arch }} | |
runs-on: ubuntu-latest | |
needs: | |
- version | |
- build | |
timeout-minutes: ${{ matrix.os.timeout }} | |
strategy: | |
fail-fast: false | |
matrix: | |
python-version: ["3.10"] | |
os: | |
- arch: amd64 | |
glue-name: "build-amd64-deb" | |
timeout: 5 | |
- arch: arm64 | |
glue-name: "build-arm64-deb" | |
timeout: 5 | |
env: | |
CHIA_INSTALLER_VERSION: ${{ needs.version.outputs.chia-installer-version }} | |
steps: | |
- uses: Chia-Network/actions/clean-workspace@main | |
- uses: Chia-Network/actions/setup-python@main | |
with: | |
python-version: ${{ matrix.python-version }} | |
- uses: chia-network/actions/create-venv@main | |
id: create-venv | |
- uses: chia-network/actions/activate-venv@main | |
with: | |
directories: ${{ steps.create-venv.outputs.activate-venv-directories }} | |
- name: Download constraints file | |
uses: actions/download-artifact@v4 | |
with: | |
name: constraints-file-${{ matrix.os.arch }} | |
path: venv | |
- name: Install utilities | |
run: | | |
pip install --constraint venv/constraints.txt py3createtorrent | |
- name: Download packages | |
uses: actions/download-artifact@v4 | |
with: | |
name: chia-installers-linux-deb-${{ matrix.os.arch }} | |
path: build_scripts/final_installer/ | |
- name: Set Env | |
uses: Chia-Network/actions/setjobenv@main | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Test for secrets access | |
id: check_secrets | |
shell: bash | |
run: | | |
unset HAS_AWS_SECRET | |
unset HAS_GLUE_SECRET | |
if [ -n "$AWS_SECRET" ]; then HAS_AWS_SECRET='true' ; fi | |
echo HAS_AWS_SECRET=${HAS_AWS_SECRET} >> "$GITHUB_OUTPUT" | |
if [ -n "$GLUE_API_URL" ]; then HAS_GLUE_SECRET='true' ; fi | |
echo HAS_GLUE_SECRET=${HAS_GLUE_SECRET} >> "$GITHUB_OUTPUT" | |
env: | |
AWS_SECRET: "${{ secrets.CHIA_AWS_ACCOUNT_ID }}" | |
GLUE_API_URL: "${{ secrets.GLUE_API_URL }}" | |
- name: Configure AWS credentials | |
if: steps.check_secrets.outputs.HAS_AWS_SECRET | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: arn:aws:iam::${{ secrets.CHIA_AWS_ACCOUNT_ID }}:role/installer-upload | |
aws-region: us-west-2 | |
- name: Upload to s3 | |
if: steps.check_secrets.outputs.HAS_AWS_SECRET | |
run: | | |
GIT_SHORT_HASH=$(echo "${GITHUB_SHA}" | cut -c1-8) | |
CHIA_DEV_BUILD=${CHIA_INSTALLER_VERSION}-$GIT_SHORT_HASH | |
echo "CHIA_DEV_BUILD=$CHIA_DEV_BUILD" >> "$GITHUB_ENV" | |
aws s3 cp "$GITHUB_WORKSPACE/build_scripts/final_installer/chia-blockchain_${CHIA_INSTALLER_VERSION}_${{ matrix.os.arch }}.deb" "s3://download.chia.net/dev/chia-blockchain_${CHIA_DEV_BUILD}_${{ matrix.os.arch }}.deb" | |
aws s3 cp "$GITHUB_WORKSPACE/build_scripts/final_installer/chia-blockchain-cli_${CHIA_INSTALLER_VERSION}-1_${{ matrix.os.arch }}.deb" "s3://download.chia.net/dev/chia-blockchain-cli_${CHIA_DEV_BUILD}-1_${{ matrix.os.arch }}.deb" | |
- name: Create Checksums | |
run: | | |
ls "$GITHUB_WORKSPACE"/build_scripts/final_installer/ | |
sha256sum "$GITHUB_WORKSPACE"/build_scripts/final_installer/chia-blockchain_${CHIA_INSTALLER_VERSION}_${{ matrix.os.arch }}.deb > "$GITHUB_WORKSPACE"/build_scripts/final_installer/chia-blockchain_${CHIA_INSTALLER_VERSION}_${{ matrix.os.arch }}.deb.sha256 | |
sha256sum "$GITHUB_WORKSPACE"/build_scripts/final_installer/chia-blockchain-cli_${CHIA_INSTALLER_VERSION}-1_${{ matrix.os.arch }}.deb > "$GITHUB_WORKSPACE"/build_scripts/final_installer/chia-blockchain-cli_${CHIA_INSTALLER_VERSION}-1_${{ matrix.os.arch }}.deb.sha256 | |
ls "$GITHUB_WORKSPACE"/build_scripts/final_installer/ | |
- name: Create .deb torrent | |
if: env.FULL_RELEASE == 'true' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
py3createtorrent -f -t udp://tracker.opentrackr.org:1337/announce "$GITHUB_WORKSPACE"/build_scripts/final_installer/chia-blockchain_${CHIA_INSTALLER_VERSION}_${{ matrix.os.arch }}.deb -o "$GITHUB_WORKSPACE"/build_scripts/final_installer/chia-blockchain_${CHIA_INSTALLER_VERSION}_${{ matrix.os.arch }}.deb.torrent --webseed https://download.chia.net/install/chia-blockchain_${CHIA_INSTALLER_VERSION}_${{ matrix.os.arch }}.deb | |
py3createtorrent -f -t udp://tracker.opentrackr.org:1337/announce "$GITHUB_WORKSPACE"/build_scripts/final_installer/chia-blockchain-cli_${CHIA_INSTALLER_VERSION}-1_${{ matrix.os.arch }}.deb -o "$GITHUB_WORKSPACE"/build_scripts/final_installer/chia-blockchain-cli_${CHIA_INSTALLER_VERSION}-1_${{ matrix.os.arch }}.deb.torrent --webseed https://download.chia.net/install/chia-blockchain-cli_${CHIA_INSTALLER_VERSION}-1_${{ matrix.os.arch }}.deb | |
gh release upload --repo ${{ github.repository }} $RELEASE_TAG "$GITHUB_WORKSPACE"/build_scripts/final_installer/chia-blockchain_${CHIA_INSTALLER_VERSION}_${{ matrix.os.arch }}.deb.torrent | |
- name: Upload Dev Installer | |
if: steps.check_secrets.outputs.HAS_AWS_SECRET && github.ref == 'refs/heads/main' | |
run: | | |
aws s3 cp "$GITHUB_WORKSPACE"/build_scripts/final_installer/chia-blockchain_${CHIA_INSTALLER_VERSION}_${{ matrix.os.arch }}.deb s3://download.chia.net/latest-dev/chia-blockchain_${{ matrix.os.arch }}_latest_dev.deb | |
aws s3 cp "$GITHUB_WORKSPACE"/build_scripts/final_installer/chia-blockchain_${CHIA_INSTALLER_VERSION}_${{ matrix.os.arch }}.deb.sha256 s3://download.chia.net/latest-dev/chia-blockchain_${{ matrix.os.arch }}_latest_dev.deb.sha256 | |
aws s3 cp "$GITHUB_WORKSPACE"/build_scripts/final_installer/chia-blockchain-cli_${CHIA_INSTALLER_VERSION}-1_${{ matrix.os.arch }}.deb s3://download.chia.net/latest-dev/chia-blockchain-cli_${{ matrix.os.arch }}_latest_dev.deb | |
aws s3 cp "$GITHUB_WORKSPACE"/build_scripts/final_installer/chia-blockchain-cli_${CHIA_INSTALLER_VERSION}-1_${{ matrix.os.arch }}.deb.sha256 s3://download.chia.net/latest-dev/chia-blockchain-cli_${{ matrix.os.arch }}_latest_dev.deb.sha256 | |
- name: Upload Release Files | |
if: steps.check_secrets.outputs.HAS_AWS_SECRET && env.FULL_RELEASE == 'true' | |
run: | | |
aws s3 cp "$GITHUB_WORKSPACE"/build_scripts/final_installer/chia-blockchain_${CHIA_INSTALLER_VERSION}_${{ matrix.os.arch }}.deb s3://download.chia.net/install/ | |
aws s3 cp "$GITHUB_WORKSPACE"/build_scripts/final_installer/chia-blockchain_${CHIA_INSTALLER_VERSION}_${{ matrix.os.arch }}.deb.sha256 s3://download.chia.net/install/ | |
aws s3 cp "$GITHUB_WORKSPACE"/build_scripts/final_installer/chia-blockchain_${CHIA_INSTALLER_VERSION}_${{ matrix.os.arch }}.deb.torrent s3://download.chia.net/torrents/ | |
aws s3 cp "$GITHUB_WORKSPACE"/build_scripts/final_installer/chia-blockchain-cli_${CHIA_INSTALLER_VERSION}-1_${{ matrix.os.arch }}.deb s3://download.chia.net/install/ | |
aws s3 cp "$GITHUB_WORKSPACE"/build_scripts/final_installer/chia-blockchain-cli_${CHIA_INSTALLER_VERSION}-1_${{ matrix.os.arch }}.deb.sha256 s3://download.chia.net/install/ | |
aws s3 cp "$GITHUB_WORKSPACE"/build_scripts/final_installer/chia-blockchain-cli_${CHIA_INSTALLER_VERSION}-1_${{ matrix.os.arch }}.deb.torrent s3://download.chia.net/torrents/ | |
- name: Upload release artifacts | |
if: env.RELEASE == 'true' | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
gh release upload \ | |
--repo ${{ github.repository }} \ | |
$RELEASE_TAG \ | |
build_scripts/final_installer/chia-blockchain_${CHIA_INSTALLER_VERSION}_${{ matrix.os.arch }}.deb \ | |
build_scripts/final_installer/chia-blockchain-cli_${CHIA_INSTALLER_VERSION}-1_${{ matrix.os.arch }}.deb | |
- uses: Chia-Network/actions/github/jwt@main | |
if: steps.check_secrets.outputs.HAS_GLUE_SECRET | |
- name: Mark pre-release installer complete | |
if: steps.check_secrets.outputs.HAS_GLUE_SECRET && env.PRE_RELEASE == 'true' | |
run: | | |
curl -s -XPOST -H "Authorization: Bearer ${{ env.JWT_TOKEN }}" --data '{"chia_ref": "${{ env.RELEASE_TAG }}"}' ${{ secrets.GLUE_API_URL }}/api/v1/${{ env.RFC_REPO }}-prerelease/${{ env.RELEASE_TAG }}/success/${{ matrix.os.glue-name }} | |
- name: Mark release installer complete | |
if: steps.check_secrets.outputs.HAS_GLUE_SECRET && env.FULL_RELEASE == 'true' | |
run: | | |
curl -s -XPOST -H "Authorization: Bearer ${{ env.JWT_TOKEN }}" --data '{"chia_ref": "${{ env.RELEASE_TAG }}"}' ${{ secrets.GLUE_API_URL }}/api/v1/${{ env.RFC_REPO }}/${{ env.RELEASE_TAG }}/success/${{ matrix.os.glue-name }} | |
test: | |
name: Test ${{ matrix.distribution.name }} ${{ matrix.mode.name }} ${{ matrix.arch.name }} | |
runs-on: ${{ matrix.os.runs-on[matrix.arch.matrix] }} | |
needs: | |
- version | |
- build | |
container: ${{ matrix.distribution.url }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: | |
- runs-on: | |
arm: [linux, arm64] | |
intel: [ubuntu-latest] | |
distribution: | |
- name: debian:bullseye | |
type: debian | |
# https://packages.debian.org/bullseye/python/python3 (3.9) | |
url: "docker://debian:bullseye" | |
- name: debian:bookworm | |
type: debian | |
# https://packages.debian.org/bookworm/python/python3 (3.11) | |
url: "docker://debian:bookworm" | |
- name: ubuntu:focal (20.04) | |
type: ubuntu | |
# https://packages.ubuntu.com/focal/python3 (20.04, 3.8) | |
url: "docker://ubuntu:focal" | |
- name: ubuntu:jammy (22.04) | |
type: ubuntu | |
# https://packages.ubuntu.com/jammy/python3 (22.04, 3.10) | |
url: "docker://ubuntu:jammy" | |
- name: ubuntu:noble (24.04) | |
type: ubuntu | |
# https://packages.ubuntu.com/noble/python3 (24.04, 3.12) | |
url: "docker://ubuntu:noble" | |
mode: | |
- name: GUI | |
file: chia-blockchain_*.deb | |
package: chia-blockchain | |
- name: CLI | |
file: chia-blockchain-cli_*.deb | |
package: chia-blockchain-cli | |
arch: | |
- name: ARM64 | |
matrix: arm | |
artifact-name: arm64 | |
- name: Intel | |
matrix: intel | |
artifact-name: amd64 | |
env: | |
DEBIAN_FRONTEND: noninteractive | |
steps: | |
- uses: Chia-Network/actions/clean-workspace@main | |
- name: Download packages | |
uses: actions/download-artifact@v4 | |
id: download | |
with: | |
name: chia-installers-linux-deb-${{ matrix.arch.artifact-name }} | |
path: packages | |
- name: Update apt repos | |
run: | | |
apt-get update --yes | |
- name: Install package | |
run: | | |
ls -l "${{ steps.download.outputs.download-path }}" | |
apt-get install --yes libnuma1 "${{ steps.download.outputs.download-path }}"/${{ matrix.mode.file }} | |
- name: List /opt/chia contents | |
run: | | |
find /opt/chia | |
- name: Run chia dev installers test | |
run: | | |
chia dev installers test --expected-chia-version "${{ needs.version.outputs.chia-installer-version }}" | |
- name: Verify /opt/chia present | |
run: | | |
if [ ! -e /opt/chia ] | |
then | |
ls -l /opt | |
false | |
fi | |
- name: Check permissions of /opt/chia/chrome-sandbox | |
shell: bash | |
if: matrix.mode.name == 'GUI' | |
run: | | |
[ $(stat -c %a:%G:%U /opt/chia/chrome-sandbox) == "4755:root:root" ] | |
- name: Remove package | |
run: | | |
apt-get remove --yes ${{ matrix.mode.package }} | |
- name: Verify /opt/chia not present | |
run: | | |
if [ -e /opt/chia ] | |
then | |
ls -lR /opt/chia | |
false | |
fi |