Merge remote-tracking branch 'review/vrf_modulo_comapct_assignment_re…

…based' into coalescing_of_approvals_v3
paritytech · Aug 17, 2023 · 1aa937d · 1aa937d
2 parents 2cb6756 + 6db4ec8
commit 1aa937d
Show file tree

Hide file tree

Showing 351 changed files with 10,287 additions and 5,754 deletions.
diff --git a/.cargo/config.toml b/.cargo/config.toml
@@ -29,4 +29,5 @@ rustflags = [
   "-Aclippy::needless_option_as_deref",  # false positives
   "-Aclippy::derivable_impls",           # false positives
   "-Aclippy::stable_sort_primitive",     # prefer stable sort
+  "-Aclippy::extra-unused-type-parameters", # stylistic
 ]
diff --git a/.github/workflows/check-licenses.yml b/.github/workflows/check-licenses.yml
@@ -8,8 +8,8 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout sources
-        uses: actions/checkout@v3.3.0
-      - uses: actions/setup-node@v3.7.0
+        uses: actions/checkout@v3
+      - uses: actions/setup-node@v3.8.0
         with:
           node-version: '18.x'
           registry-url: 'https://npm.pkg.github.com'

diff --git a/.github/workflows/release-40_publish-rc-image.yml b/.github/workflows/release-40_publish-rc-image.yml
@@ -0,0 +1,132 @@
+name: Release - Publish RC Container image
+# see https://github.com/paritytech/release-engineering/issues/97#issuecomment-1651372277
+
+on:
+  workflow_dispatch:
+    inputs:
+      release_id:
+        description: |
+          Release ID.
+          You can find it using the command:
+            curl -s \
+              -H "Authorization: Bearer ${GITHUB_TOKEN}" https://api.github.com/repos/$OWNER/$REPO/releases | \
+              jq '.[] | { name: .name, id: .id }'
+        required: true
+        type: string
+      registry:
+        description: "Container registry"
+        required: true
+        type: string
+        default: docker.io
+      owner:
+        description: Owner of the container image repo
+        required: true
+        type: string
+        default: parity
+
+env:
+  RELEASE_ID: ${{ inputs.release_id }}
+  ENGINE: docker
+  REGISTRY: ${{ inputs.registry }}
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  DOCKER_OWNER: ${{ inputs.owner || github.repository_owner }}
+  REPO: ${{ github.repository }}
+
+jobs:
+  fetch-artifacts:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v3
+
+      - name: Fetch all artifacts
+        run: |
+          . ./scripts/ci/common/lib.sh
+          fetch_release_artifacts
+
+      - name: Cache the artifacts
+        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
+        with:
+          key: artifacts-${{ github.sha }}
+          path: |
+            ./release-artifacts/**/*
+
+  build-container:
+    runs-on: ubuntu-latest
+    needs: fetch-artifacts
+
+    strategy:
+      matrix:
+        binary: ["polkadot", "staking-miner"]
+
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v3
+
+      - name: Get artifacts from cache
+        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
+        with:
+          key: artifacts-${{ github.sha }}
+          fail-on-cache-miss: true
+          path: |
+            ./release-artifacts/**/*
+
+      - name: Check sha256 ${{ matrix.binary }}
+        working-directory: ./release-artifacts
+        run: |
+          . ../scripts/ci/common/lib.sh
+
+          echo "Checking binary ${{ matrix.binary }}"
+          check_sha256 ${{ matrix.binary }} && echo "OK" || echo "ERR"
+
+      - name: Check GPG ${{ matrix.binary }}
+        working-directory: ./release-artifacts
+        run: |
+          . ../scripts/ci/common/lib.sh
+          import_gpg_keys
+          check_gpg ${{ matrix.binary }}
+
+      - name: Fetch commit and tag
+        id: fetch_refs
+        run: |
+          release=release-${{ inputs.release_id }} && \
+          echo "release=${release}" >> $GITHUB_OUTPUT
+
+          commit=$(git rev-parse --short HEAD) && \
+          echo "commit=${commit}" >> $GITHUB_OUTPUT
+
+          tag=$(git name-rev --tags --name-only $(git rev-parse HEAD)) && \
+          [ "${tag}" != "undefined" ] && echo "tag=${tag}" >> $GITHUB_OUTPUT || \
+          echo "No tag, doing without"
+
+      - name: Build Injected Container image for ${{ matrix.binary }}
+        env:
+            BIN_FOLDER: ./release-artifacts
+            BINARY: ${{ matrix.binary }}
+            TAGS: ${{join(steps.fetch_refs.outputs.*, ',')}}
+        run: |
+          echo "Building container for ${{ matrix.binary }}"
+          ./scripts/ci/dockerfiles/build-injected.sh
+
+      - name: Login to Dockerhub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Push Container image for ${{ matrix.binary }}
+        id: docker_push
+        env:
+          BINARY: ${{ matrix.binary }}
+        run: |
+          $ENGINE images | grep ${BINARY}
+          $ENGINE push --all-tags ${REGISTRY}/${DOCKER_OWNER}/${BINARY}
+
+      - name: Check version for the published image for ${{ matrix.binary }}
+        env:
+          BINARY: ${{ matrix.binary }}
+          RELEASE_TAG: ${{ steps.fetch_refs.outputs.release }}
+        run: |
+          echo "Checking tag ${RELEASE_TAG} for image ${REGISTRY}/${DOCKER_OWNER}/${BINARY}"
+          $ENGINE run -i ${REGISTRY}/${DOCKER_OWNER}/${BINARY}:${RELEASE_TAG} --version
diff --git a/.github/workflows/release-50_publish-docker-release.yml b/.github/workflows/release-50_publish-docker-release.yml
@@ -30,7 +30,7 @@ jobs:
         uses: docker/build-push-action@v4
         with:
           push: true
-          file: scripts/ci/dockerfiles/polkadot_injected_release.Dockerfile
+          file: scripts/ci/dockerfiles/polkadot/polkadot_injected_debian.Dockerfile
           tags: |
             parity/polkadot:latest
             parity/polkadot:${{ github.event.release.tag_name }}

diff --git a/.github/workflows/release-51_publish-docker-manual.yml b/.github/workflows/release-51_publish-docker-manual.yml
@@ -37,7 +37,7 @@ jobs:
         uses: docker/build-push-action@v4
         with:
           push: true
-          file: scripts/ci/dockerfiles/polkadot_injected_release.Dockerfile
+          file: scripts/ci/dockerfiles/polkadot/polkadot_injected_debian.Dockerfile
           tags: |
             parity/polkadot:latest
             parity/polkadot:${{ github.event.inputs.version }}

diff --git a/.gitignore b/.gitignore
@@ -10,3 +10,7 @@ polkadot.*
 !polkadot.service
 .DS_Store
 .env
+
+artifacts
+release-artifacts
+release.json
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -33,12 +33,12 @@ variables:
   GIT_STRATEGY: fetch
   GIT_DEPTH: 100
   CI_SERVER_NAME: "GitLab CI"
-  CI_IMAGE: !reference [.ci-unified, variables, CI_IMAGE] 
+  CI_IMAGE: !reference [.ci-unified, variables, CI_IMAGE]
   BUILDAH_IMAGE: "quay.io/buildah/stable:v1.29"
   BUILDAH_COMMAND: "buildah --storage-driver overlay2"
   DOCKER_OS: "debian:stretch"
   ARCH: "x86_64"
-  ZOMBIENET_IMAGE: "docker.io/paritytech/zombienet:v1.3.55"
+  ZOMBIENET_IMAGE: "docker.io/paritytech/zombienet:v1.3.65"
 
 default:
   cache: {}
@@ -159,31 +159,39 @@ default:
     - if: $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/ # i.e. v1.0, v2.1rc1
 
 .build-push-image:
+  variables:
+    CI_IMAGE: "${BUILDAH_IMAGE}"
+
+    REGISTRY: "docker.io"
+    DOCKER_OWNER: "paritypr"
+    DOCKER_USER: "${PARITYPR_USER}"
+    DOCKER_PASS: "${PARITYPR_PASS}"
+    IMAGE: "${REGISTRY}/${DOCKER_OWNER}/${IMAGE_NAME}"
+
+    ENGINE: "${BUILDAH_COMMAND}"
+    BUILDAH_FORMAT: "docker"
+    SKIP_IMAGE_VALIDATION: 1
+
+    PROJECT_ROOT: "."
+    BIN_FOLDER: "./artifacts"
+    VCS_REF: "${CI_COMMIT_SHA}"
+
   before_script:
     - !reference [.common-before-script, before_script]
     - test -s ./artifacts/VERSION || exit 1
     - test -s ./artifacts/EXTRATAG || exit 1
-    - VERSION="$(cat ./artifacts/VERSION)"
+    - export VERSION="$(cat ./artifacts/VERSION)"
     - EXTRATAG="$(cat ./artifacts/EXTRATAG)"
     - echo "Polkadot version = ${VERSION} (EXTRATAG = ${EXTRATAG})"
   script:
     - test "$DOCKER_USER" -a "$DOCKER_PASS" ||
       ( echo "no docker credentials provided"; exit 1 )
-    - cd ./artifacts
-    - $BUILDAH_COMMAND build
-      --format=docker
-      --build-arg VCS_REF="${CI_COMMIT_SHA}"
-      --build-arg BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M:%SZ')"
-      --build-arg IMAGE_NAME="${IMAGE_NAME}"
-      --tag "$IMAGE_NAME:$VERSION"
-      --tag "$IMAGE_NAME:$EXTRATAG"
-      --file ${DOCKERFILE} .
-    # The job will success only on the protected branch
+    - TAGS="${VERSION},${EXTRATAG}" scripts/ci/dockerfiles/build-injected.sh
     - echo "$DOCKER_PASS" |
-      buildah login --username "$DOCKER_USER" --password-stdin docker.io
+      buildah login --username "$DOCKER_USER" --password-stdin "${REGISTRY}"
     - $BUILDAH_COMMAND info
-    - $BUILDAH_COMMAND push --format=v2s2 "$IMAGE_NAME:$VERSION"
-    - $BUILDAH_COMMAND push --format=v2s2 "$IMAGE_NAME:$EXTRATAG"
+    - $BUILDAH_COMMAND push --format=v2s2 "$IMAGE:$VERSION"
+    - $BUILDAH_COMMAND push --format=v2s2 "$IMAGE:$EXTRATAG"
   after_script:
     - buildah logout --all
 
@@ -225,7 +233,7 @@ include:
     file: /common/timestamp.yml
   - project: parity/infrastructure/ci_cd/shared
     ref: main
-    file: /common/ci-unified.yml   
+    file: /common/ci-unified.yml
 
 
 #### stage:                        .post