fix(ampd): unhide solo cmd and add docs for commands (#1519) #650
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: ["main"] | |
| tags: ["v*"] | |
| permissions: | |
| contents: read | |
| packages: write | |
| concurrency: | |
| cancel-in-progress: true | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| jobs: | |
| build: | |
| name: Build (${{ matrix.target }}) | |
| runs-on: ${{ matrix.runner }} | |
| timeout-minutes: 60 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - runner: namespace-profile-linux-amd64-build | |
| target: x86_64-unknown-linux-gnu | |
| - runner: namespace-profile-linux-arm64-build | |
| target: aarch64-unknown-linux-gnu | |
| - runner: namespace-profile-macos-arm64-build | |
| target: x86_64-apple-darwin | |
| - runner: namespace-profile-macos-arm64-build | |
| target: aarch64-apple-darwin | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 | |
| - name: Setup rust toolchain | |
| uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1 | |
| with: | |
| target: ${{ matrix.target }} | |
| cache: true | |
| rustflags: "" | |
| - name: Build binaries | |
| run: cargo build --target ${{ matrix.target }} --release -v -p ampd -p ampctl -p ampup -p ampsync | |
| - name: Compress debug sections (Linux only) | |
| if: contains(matrix.target, 'linux') | |
| run: | | |
| for binary in ampd ampctl ampup ampsync; do | |
| path="target/${{ matrix.target }}/release/$binary" | |
| size_before=$(stat -c%s "$path") | |
| objcopy --compress-debug-sections=zlib-gnu "$path" | |
| size_after=$(stat -c%s "$path") | |
| echo "$binary: $size_before -> $size_after bytes" | |
| done | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 | |
| with: | |
| name: ${{ matrix.target }} | |
| path: | | |
| target/${{ matrix.target }}/release/ampd | |
| target/${{ matrix.target }}/release/ampctl | |
| target/${{ matrix.target }}/release/ampup | |
| target/${{ matrix.target }}/release/ampsync | |
| retention-days: 30 | |
| notarize: | |
| name: Sign and Notarize (${{ matrix.target }}-${{ matrix.binary }}) | |
| needs: build | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| binary: [ampd, ampctl, ampup, ampsync] | |
| target: [x86_64-apple-darwin, aarch64-apple-darwin] | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 | |
| - name: Download artifact | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 | |
| with: | |
| name: ${{ matrix.target }} | |
| path: ./binaries/ | |
| - name: Setup signing certificate | |
| run: echo "${{ secrets.APPLE_CERT_DATA }}" | base64 -d > certificate.p12 | |
| - name: Setup App Store Connect API Key | |
| run: echo "${{ secrets.APPLE_APP_STORE_CONNECT_API_KEY_JSON }}" | base64 -d > key.json | |
| - name: Sign binary | |
| uses: indygreg/apple-code-sign-action@7833348d60ab2228e66dda72322120fb89db09ee | |
| with: | |
| input_path: binaries/${{ matrix.binary }} | |
| sign: true | |
| p12_file: certificate.p12 | |
| p12_password: ${{ secrets.APPLE_CERT_PASSWORD }} | |
| sign_args: | | |
| --code-signature-flags | |
| runtime | |
| --entitlements-xml-file | |
| entitlements.plist | |
| - name: Create ZIP for notarization | |
| run: | | |
| cd binaries | |
| zip ${{ matrix.binary }}.zip ${{ matrix.binary }} | |
| - name: Notarize binary | |
| uses: indygreg/apple-code-sign-action@7833348d60ab2228e66dda72322120fb89db09ee | |
| with: | |
| input_path: binaries/${{ matrix.binary }}.zip | |
| sign: false | |
| notarize: true | |
| app_store_connect_api_key_json_file: key.json | |
| - name: Extract notarized binary | |
| run: | | |
| cd binaries | |
| unzip -o ${{ matrix.binary }}.zip | |
| rm ${{ matrix.binary }}.zip | |
| - name: Upload notarized artifact | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 | |
| with: | |
| name: ${{ matrix.target }}-${{ matrix.binary }}-notarized | |
| path: binaries/${{ matrix.binary }} | |
| retention-days: 30 | |
| release: | |
| name: Release | |
| needs: [build, notarize] | |
| runs-on: ubuntu-latest | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 | |
| with: | |
| path: artifacts | |
| - name: Prepare release binaries | |
| run: | | |
| # Organize binaries for release | |
| mkdir -p release | |
| # Copy and rename ampd binaries | |
| cp artifacts/x86_64-unknown-linux-gnu/ampd release/ampd-linux-x86_64 | |
| cp artifacts/aarch64-unknown-linux-gnu/ampd release/ampd-linux-aarch64 | |
| cp artifacts/x86_64-apple-darwin-ampd-notarized/ampd release/ampd-darwin-x86_64 | |
| cp artifacts/aarch64-apple-darwin-ampd-notarized/ampd release/ampd-darwin-aarch64 | |
| # Copy and rename ampctl binaries | |
| cp artifacts/x86_64-unknown-linux-gnu/ampctl release/ampctl-linux-x86_64 | |
| cp artifacts/aarch64-unknown-linux-gnu/ampctl release/ampctl-linux-aarch64 | |
| cp artifacts/x86_64-apple-darwin-ampctl-notarized/ampctl release/ampctl-darwin-x86_64 | |
| cp artifacts/aarch64-apple-darwin-ampctl-notarized/ampctl release/ampctl-darwin-aarch64 | |
| # Copy and rename ampup binaries | |
| cp artifacts/x86_64-unknown-linux-gnu/ampup release/ampup-linux-x86_64 | |
| cp artifacts/aarch64-unknown-linux-gnu/ampup release/ampup-linux-aarch64 | |
| cp artifacts/x86_64-apple-darwin-ampup-notarized/ampup release/ampup-darwin-x86_64 | |
| cp artifacts/aarch64-apple-darwin-ampup-notarized/ampup release/ampup-darwin-aarch64 | |
| # Copy and rename ampsync binaries | |
| cp artifacts/x86_64-unknown-linux-gnu/ampsync release/ampsync-linux-x86_64 | |
| cp artifacts/aarch64-unknown-linux-gnu/ampsync release/ampsync-linux-aarch64 | |
| cp artifacts/x86_64-apple-darwin-ampsync-notarized/ampsync release/ampsync-darwin-x86_64 | |
| cp artifacts/aarch64-apple-darwin-ampsync-notarized/ampsync release/ampsync-darwin-aarch64 | |
| # Make all binaries executable | |
| chmod +x release/* | |
| # Verify binaries exist | |
| ls -la release/ | |
| - name: Create draft release | |
| uses: softprops/action-gh-release@6cbd405e2c4e67a21c47fa9e383d020e4e28b836 # v2 | |
| with: | |
| files: release/* | |
| fail_on_unmatched_files: true | |
| draft: true | |
| - name: Finalize release | |
| uses: softprops/action-gh-release@6cbd405e2c4e67a21c47fa9e383d020e4e28b836 # v2 | |
| with: | |
| draft: false | |
| containerize: | |
| name: Containerize (${{ matrix.title }}) | |
| runs-on: ubuntu-latest | |
| needs: build | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| strategy: | |
| matrix: | |
| include: | |
| - binary: ampd | |
| name: amp | |
| title: Amp | |
| description: A tool for building and managing blockchain datasets | |
| - binary: ampsync | |
| name: ampsync | |
| title: Ampsync | |
| description: Syncing engine that listens to the stream changes from the amp-client streaming layer to store changes in a configured database | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 | |
| - name: Download Linux AMD64 binaries | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 | |
| with: | |
| name: x86_64-unknown-linux-gnu | |
| path: ./amd64/ | |
| - name: Download Linux ARM64 binaries | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 | |
| with: | |
| name: aarch64-unknown-linux-gnu | |
| path: ./arm64/ | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ github.token }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3 | |
| - name: Docker meta | |
| uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5 | |
| id: metadata | |
| with: | |
| images: ghcr.io/edgeandnode/${{ matrix.name }} | |
| tags: | | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| type=ref,event=tag | |
| type=sha | |
| labels: | | |
| org.opencontainers.image.source=https://github.com/edgeandnode/amp | |
| org.opencontainers.image.url=https://github.com/edgeandnode/amp | |
| org.opencontainers.image.vendor=Edge & Node | |
| org.opencontainers.image.title=${{ matrix.title }} | |
| org.opencontainers.image.description=${{ matrix.description }} | |
| annotations: | | |
| manifest:org.opencontainers.image.source=https://github.com/edgeandnode/amp | |
| manifest:org.opencontainers.image.url=https://github.com/edgeandnode/amp | |
| manifest:org.opencontainers.image.vendor=Edge & Node | |
| manifest:org.opencontainers.image.title=${{ matrix.title }} | |
| manifest:org.opencontainers.image.description=${{ matrix.description }} | |
| - name: Create multi-arch Dockerfile | |
| run: | | |
| cat > Dockerfile.native << 'DOCKERFILE' | |
| FROM debian:trixie-slim | |
| ARG TARGETARCH | |
| # Install runtime dependencies | |
| RUN apt-get update && \ | |
| apt-get install -y ca-certificates && \ | |
| apt-get clean && \ | |
| rm -rf /var/lib/apt/lists/* | |
| # Copy the appropriate binary based on target architecture | |
| COPY ${{ matrix.binary }}-linux-$TARGETARCH /${{ matrix.binary }} | |
| RUN chmod +x /${{ matrix.binary }} | |
| DOCKERFILE | |
| # Add ampctl for the amp image only | |
| if [ "${{ matrix.binary }}" = "ampd" ]; then | |
| cat >> Dockerfile.native << 'DOCKERFILE' | |
| COPY ampctl-linux-$TARGETARCH /ampctl | |
| RUN chmod +x /ampctl | |
| DOCKERFILE | |
| fi | |
| cat >> Dockerfile.native << 'DOCKERFILE' | |
| ENTRYPOINT ["/${{ matrix.binary }}"] | |
| DOCKERFILE | |
| - name: Rename binaries for Docker context | |
| run: | | |
| # Copy and rename the binaries from their download directories | |
| cp ./amd64/${{ matrix.binary }} ./${{ matrix.binary }}-linux-amd64 | |
| chmod +x ./${{ matrix.binary }}-linux-amd64 | |
| cp ./arm64/${{ matrix.binary }} ./${{ matrix.binary }}-linux-arm64 | |
| chmod +x ./${{ matrix.binary }}-linux-arm64 | |
| if [ "${{ matrix.binary }}" = "ampd" ]; then | |
| cp ./amd64/ampctl ./ampctl-linux-amd64 | |
| chmod +x ./ampctl-linux-amd64 | |
| cp ./arm64/ampctl ./ampctl-linux-arm64 | |
| chmod +x ./ampctl-linux-arm64 | |
| fi | |
| # Verify binaries exist | |
| ls -la ${{ matrix.binary }}-linux-* | |
| if [ "${{ matrix.binary }}" = "ampd" ]; then | |
| ls -la ampctl-linux-* | |
| fi | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6 | |
| id: build-and-push | |
| with: | |
| context: . | |
| file: Dockerfile.native | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ${{ steps.metadata.outputs.tags }} | |
| labels: ${{ steps.metadata.outputs.labels }} | |
| annotations: ${{ steps.metadata.outputs.annotations }} | |
| - name: Install Cosign | |
| uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 | |
| - name: Sign Docker image with Cosign | |
| env: | |
| DIGEST: ${{ steps.build-and-push.outputs.digest }} | |
| TAGS: ${{ steps.metadata.outputs.tags }} | |
| run: | | |
| images="" | |
| for tag in ${TAGS}; do | |
| images+="${tag}@${DIGEST} " | |
| done | |
| cosign sign --yes ${images} |