chore(main): release 0.5.2 (#307) #58
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Release Docker Container | |
| # Only one can run at a time | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: false | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: 'Docker image tag (e.g., v0.1.0)' | |
| required: true | |
| type: string | |
| workflow_call: | |
| inputs: | |
| tag: | |
| description: 'Docker image tag (e.g., v0.1.0)' | |
| required: true | |
| type: string | |
| secrets: | |
| INFRA_GH_TOKEN: | |
| required: true | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| jobs: | |
| build-and-push: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata for middleware | |
| id: meta_middleware | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/chainsafe/canton-middleware | |
| tags: | | |
| type=ref,event=tag | |
| type=sha,prefix=main-,enable={{is_default_branch}} | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| type=raw,value=${{ inputs.tag }},enable=${{ inputs.tag != '' }} | |
| - name: Extract metadata for ERC20 API | |
| id: meta_api | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/chainsafe/canton-erc20-api | |
| tags: | | |
| type=ref,event=tag | |
| type=sha,prefix=main-,enable={{is_default_branch}} | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| type=raw,value=${{ inputs.tag }},enable=${{ inputs.tag != '' }} | |
| - name: Extract metadata for indexer | |
| id: meta_indexer | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/chainsafe/canton-indexer | |
| tags: | | |
| type=ref,event=tag | |
| type=sha,prefix=main-,enable={{is_default_branch}} | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| type=raw,value=${{ inputs.tag }},enable=${{ inputs.tag != '' }} | |
| - name: Build and push Middlewware Docker Image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./cmd/relayer/Dockerfile | |
| push: true | |
| tags: ${{ steps.meta_middleware.outputs.tags }} | |
| labels: ${{ steps.meta_middleware.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| platforms: linux/amd64,linux/arm64 | |
| - name: Build and push ERC20 API Server Docker Image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./cmd/api-server/Dockerfile | |
| push: true | |
| tags: ${{ steps.meta_api.outputs.tags }} | |
| labels: ${{ steps.meta_api.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| platforms: linux/amd64,linux/arm64 | |
| - name: Build and push Indexer Docker Image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./cmd/indexer/Dockerfile | |
| push: true | |
| tags: ${{ steps.meta_indexer.outputs.tags }} | |
| labels: ${{ steps.meta_indexer.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| platforms: linux/amd64,linux/arm64 | |
| open-devnet-pr: | |
| name: Open devnet deploy PR | |
| needs: build-and-push | |
| runs-on: ubuntu-latest | |
| if: startsWith(github.ref, 'refs/tags/v') || startsWith(inputs.tag, 'v') | |
| steps: | |
| - name: Compute version | |
| id: version | |
| env: | |
| REF: ${{ github.ref_name }} | |
| INPUT: ${{ inputs.tag }} | |
| run: | | |
| VERSION="${INPUT:-$REF}" | |
| [[ "$VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+ ]] || { echo "Invalid version: $VERSION"; exit 1; } | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| - name: Checkout infra-kubernetes | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: ChainSafe/infra-kubernetes | |
| token: ${{ secrets.INFRA_GH_TOKEN }} | |
| ref: main | |
| - name: Update canton-middleware-api image tag | |
| env: | |
| VERSION: ${{ steps.version.outputs.version }} | |
| run: | | |
| yq e '.["canton-middleware-api"].image.tag = env(VERSION)' -i \ | |
| definitions/canton/validator-dev1/canton-middleware-api-values.yml | |
| - name: Create signed commit and open PR | |
| env: | |
| VERSION: ${{ steps.version.outputs.version }} | |
| GH_TOKEN: ${{ secrets.INFRA_GH_TOKEN }} | |
| FILE_PATH: definitions/canton/validator-dev1/canton-middleware-api-values.yml | |
| REPO: ChainSafe/infra-kubernetes | |
| run: | | |
| BRANCH="chore/bump-canton-middleware-api-${VERSION}" | |
| COMMIT_MSG="chore: bump canton-middleware-api to ${VERSION} on devnet" | |
| # Get current HEAD SHA of main | |
| HEAD_SHA=$(gh api repos/${REPO}/git/ref/heads/main --jq '.object.sha') | |
| # Create branch pointing at main HEAD (no-op if already exists) | |
| gh api repos/${REPO}/git/refs \ | |
| --method POST \ | |
| --field ref="refs/heads/${BRANCH}" \ | |
| --field sha="${HEAD_SHA}" > /dev/null 2>&1 || true | |
| # Get current branch HEAD SHA | |
| BRANCH_SHA=$(gh api repos/${REPO}/git/ref/heads/${BRANCH} --jq '.object.sha') | |
| # Skip if branch already has this version (idempotent re-run) | |
| BRANCH_TAG=$(gh api "repos/${REPO}/contents/${FILE_PATH}?ref=${BRANCH}" \ | |
| -H "Accept: application/vnd.github.raw" 2>/dev/null \ | |
| | yq e '.["canton-middleware-api"].image.tag' - 2>/dev/null || echo "") | |
| if [ "$BRANCH_TAG" = "$VERSION" ]; then | |
| echo "Branch already has tag ${VERSION}, ensuring auto-merge" | |
| gh pr merge --auto --squash --repo "${REPO}" "${BRANCH}" 2>/dev/null || true | |
| exit 0 | |
| fi | |
| # Base64-encode the updated file (no line wrapping, Linux base64) | |
| FILE_CONTENTS=$(base64 -w0 "${FILE_PATH}") | |
| # Create signed commit via GitHub GraphQL API | |
| # Commits via this API are automatically signed by GitHub (Verified) | |
| gh api graphql -f query=' | |
| mutation($repo: String!, $branch: String!, $oid: GitObjectID!, $msg: String!, $path: String!, $contents: Base64String!) { | |
| createCommitOnBranch(input: { | |
| branch: { repositoryNameWithOwner: $repo, branchName: $branch } | |
| message: { headline: $msg } | |
| fileChanges: { additions: [{ path: $path, contents: $contents }] } | |
| expectedHeadOid: $oid | |
| }) { | |
| commit { url } | |
| } | |
| }' \ | |
| -f repo="${REPO}" \ | |
| -f branch="${BRANCH}" \ | |
| -f oid="${BRANCH_SHA}" \ | |
| -f msg="${COMMIT_MSG}" \ | |
| -f path="${FILE_PATH}" \ | |
| -f contents="${FILE_CONTENTS}" | |
| # Open PR and enable auto-merge | |
| gh pr create \ | |
| --repo "${REPO}" \ | |
| --title "${COMMIT_MSG}" \ | |
| --body "Automated PR: bump \`canton-middleware-api\` image tag to \`${VERSION}\` on \`validator-dev1\`." \ | |
| --base main \ | |
| --head "${BRANCH}" \ | |
| || { echo "PR already exists for this branch, skipping"; exit 0; } | |
| gh pr merge --auto --squash --repo "${REPO}" "${BRANCH}" |