Skip to content
Release

Release/1.2.10 #495

Sign in to view logs

Release/1.2.10

Release/1.2.10 #495

Workflow file for this run

.github/workflows/release.yml at 537dd60
---
name: Release
on:
pull_request:
branches:
- 'master'
- 'release/**'
defaults:
run:
shell: bash
jobs:
build:
name: Build release
if: startsWith(github.head_ref, 'release/')
runs-on: ubuntu-22.04
timeout-minutes: 10
env:
INFURA_PROJECT_ID: '${{ secrets.INFURA_PROJECT_ID }}'
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
- uses: actions/setup-node@v3
with:
node-version: '14'
cache: 'yarn'
- run: yarn install --frozen-lockfile
- name: Compile contracts
run: yarn compile
- name: Save build artifacts
uses: actions/upload-artifact@v3
with:
name: contract-artifacts
path: |
artifacts
cache/*.json
# test:
# name: Test release
# if: startsWith(github.head_ref, 'release/')
# runs-on: ubuntu-22.04
# # timeout-minutes: 20
# needs: build
# steps:
# - uses: actions/checkout@v3
# with:
# ref: ${{ github.event.pull_request.head.sha }}
# - uses: actions/setup-node@v3
# with:
# node-version: '14'
# cache: 'yarn'
# - run: yarn install --frozen-lockfile
# - name: Get build artifacts
# uses: actions/download-artifact@v3
# with:
# name: contract-artifacts
# - name: Run unit tests
# run: yarn test --no-compile
# coverage:
# name: Code coverage
# if: startsWith(github.head_ref, 'release/')
# runs-on: ubuntu-22.04
# needs: test
# # needs: build
# steps:
# - uses: actions/checkout@v3
# with:
# ref: ${{ github.event.pull_request.head.sha }}
# - uses: actions/setup-node@v3
# with:
# node-version: '14'
# cache: 'yarn'
# - run: yarn install --frozen-lockfile
# - run: yarn coverage
# - uses: codecov/codecov-action@v3
# with:
# token: ${{ secrets.CODECOV_TOKEN }}
#
prepare:
name: Prepare release
if: startsWith(github.head_ref, 'release/')
runs-on: ubuntu-22.04
# needs: coverage
needs: build
outputs:
release_version: ${{ steps.parse.outputs.release_version }}
release_path: ${{ steps.parse.outputs.release_path }}
release_network: ${{ steps.parse.outputs.release_network }}
release_title: ${{ steps.parse.outputs.release_title }}
release_description: ${{ steps.parse.outputs.release_description }}
release_multisig: ${{ steps.parse.outputs.release_multisig }}
release_audited: ${{ steps.parse.outputs.release_audited }}
release_deploy_cmd: ${{ steps.parse.outputs.release_deploy_cmd }}
release_verify_cmd: ${{ steps.parse.outputs.release_verify_cmd }}
release_finish_cmd: ${{ steps.parse.outputs.release_finish_cmd }}
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
- name: Parse release info
id: parse
run: |
version=${BRANCH_NAME#release\/}
release_path=releases/$version
network=$(yq -r .network $release_path/index.yml)
path=$release_path/$network
echo "release_version=$version" >> $GITHUB_OUTPUT
echo "release_path=$path" >> $GITHUB_OUTPUT
echo "release_network=$network" >> $GITHUB_OUTPUT
echo "release_multisig=$(jq -r .$network releases/deployments/multisigs.json)" >> $GITHUB_OUTPUT
echo "release_deploy_cmd=$(yq -r '.deploy // ""' $release_path/index.yml)" >> $GITHUB_OUTPUT
echo "release_verify_cmd=$(yq -r '.verify // ""' $release_path/index.yml)" >> $GITHUB_OUTPUT
echo "release_finish_cmd=$(yq -r '.finish // ""' $release_path/index.yml)" >> $GITHUB_OUTPUT
echo "release_audited=$(yq -r '.audited // ""' $release_path/index.yml)" >> $GITHUB_OUTPUT
echo "release_title=$(yq -r '.title // ""' $release_path/index.yml)" >> $GITHUB_OUTPUT
echo "release_description<<DESCRIPTION_DELIMITER" >> $GITHUB_OUTPUT
echo "$(yq -r '.description // ""' $release_path/index.yml)" >> $GITHUB_OUTPUT
echo "DESCRIPTION_DELIMITER" >> $GITHUB_OUTPUT
env:
BRANCH_NAME: ${{ github.head_ref }}
- name: Output summary
run: |
echo "## $TITLE" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Network:** $NETWORK" >> $GITHUB_STEP_SUMMARY
echo "**Commit:** [\`$COMMIT\`]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/tree/$COMMIT)" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "$DESCRIPTION" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
env:
TITLE: ${{ steps.parse.outputs.release_title }}
DESCRIPTION: ${{ steps.parse.outputs.release_description }}
NETWORK: ${{ steps.parse.outputs.release_network }}
COMMIT: ${{ github.event.pull_request.head.sha }}
- name: Output audit info
if: "steps.parse.outputs.release_audited != ''"
run: |
echo "---" >> $GITHUB_STEP_SUMMARY
echo "### Audit" >> $GITHUB_STEP_SUMMARY
echo "Audited contracts at commit [\`$AUDIT_COMMIT\`]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/tree/$AUDIT_COMMIT) :detective:" >> $GITHUB_STEP_SUMMARY
audit_diff="$(git diff $AUDIT_COMMIT *.sol)"
if [[ -z $audit_diff ]]; then
echo "Contracts have not been modified since audit :heavy_check_mark:" >> $GITHUB_STEP_SUMMARY
else
echo "Contracts have been modified since audit :warning:" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`diff" >> $GITHUB_STEP_SUMMARY
echo "$audit_diff" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
fi
env:
AUDIT_COMMIT: ${{ steps.parse.outputs.release_audited }}
deploy:
name: Deploy contracts
if: startsWith(github.head_ref, 'release/')
runs-on: ubuntu-22.04
timeout-minutes: 20
needs: prepare
environment: production
outputs:
deploy_commit: ${{ steps.commit.outputs.commit_hash }}
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
- uses: actions/setup-node@v3
with:
node-version: '14'
cache: 'yarn'
- run: yarn install --frozen-lockfile
- name: Get build artifacts
uses: actions/download-artifact@v3
with:
name: contract-artifacts
- name: Deploy contracts
run: eval yarn hardhat --network ${{ needs.prepare.outputs.release_network }} ${{ needs.prepare.outputs.release_deploy_cmd }}
env:
INFURA_PROJECT_ID: '${{ secrets.INFURA_PROJECT_ID }}'
MUMBAI_MNEMONIC: '${{ secrets.MUMBAI_MNEMONIC }}'
MUMBAI_NODE: '${{ secrets.MUMBAI_NODE }}'
POLYGON_MNEMONIC: '${{ secrets.POLYGON_MNEMONIC }}'
POLYGON_NODE: '${{ secrets.POLYGON_NODE }}'
POLYGON_GAS_PRICE: 1200000000000
DEBUG: '@openzeppelin:*'
# ETHERSCAN "${{ secrets.ETHERSCAN }}"
POLYSCAN: '${{ secrets.POLYSCAN }}'
RELEASE_PATH: '${{ needs.prepare.outputs.release_path }}'
MULTISIG_ADDRESS: '${{ needs.prepare.outputs.release_multisig }}'
- name: Commit changes
uses: stefanzweifel/git-auto-commit-action@v4
id: commit
if: always()
with:
commit_message: Update registries of deployed addresses
file_pattern: '.openzeppelin/ releases/'
skip_checkout: true
# tagging_message: '${{ needs.prepare.outputs.release_version }}'
# verify:
# name: Verify contracts
# if: "startsWith(github.head_ref, 'release/') && needs.prepare.outputs.release_verify_cmd != ''"
# runs-on: ubuntu-22.04
# timeout-minutes: 60
# needs:
# - build
# - prepare
# - deploy
# steps:
# - uses: actions/checkout@v3
# with:
# ref: ${{ needs.deploy.outputs.deploy_commit || github.event.pull_request.head.sha }}
# - uses: actions/setup-node@v3
# with:
# node-version: '14'
# cache: 'yarn'
# - run: yarn install --frozen-lockfile
# - name: Get build artifacts
# uses: actions/download-artifact@v3
# with:
# name: contract-artifacts
# - name: Verify contracts
# shell: bash
# run: |
# yarn hardhat --network ${{ needs.prepare.outputs.release_network }} ${{ needs.prepare.outputs.release_verify_cmd }} ${{ needs.prepare.outputs.release_version }}
# env:
# INFURA_PROJECT_ID: '${{ secrets.INFURA_PROJECT_ID }}'
# MUMBAI_MNEMONIC: '${{ secrets.MUMBAI_MNEMONIC }}'
# MUMBAI_NODE: '${{ secrets.MUMBAI_NODE }}'
# POLYGON_MNEMONIC: '${{ secrets.POLYGON_MNEMONIC }}'
# POLYGON_NODE: '${{ secrets.POLYGON_NODE }}'
# # ETHERSCAN "${{ secrets.ETHERSCAN }}"
# POLYSCAN: '${{ secrets.POLYSCAN }}'
# RELEASE_PATH: '${{ needs.prepare.outputs.release_path }}'
# ARTIFACT_REFERENCE_URL: '${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}'
finish-release:
name: Finish release
if: "startsWith(github.head_ref, 'release/')"
runs-on: ubuntu-22.04
timeout-minutes: 20
environment: production
needs:
- prepare
- deploy
steps:
- uses: actions/checkout@v3
with:
ref: ${{ needs.deploy.outputs.deploy_commit || github.event.pull_request.head.sha }}
- uses: actions/setup-node@v3
with:
node-version: '14'
cache: 'yarn'
- run: yarn install --frozen-lockfile
- name: Get build artifacts
uses: actions/download-artifact@v3
with:
name: contract-artifacts
- name: Complete release
if: "needs.prepare.outputs.release_finish_cmd != ''"
shell: bash
run: |
yarn hardhat --network ${{ needs.prepare.outputs.release_network }} ${{ needs.prepare.outputs.release_finish_cmd }} ${{ needs.prepare.outputs.release_version }} "${{ needs.prepare.outputs.release_title }}" "${{ needs.prepare.outputs.release_description }}"
env:
INFURA_PROJECT_ID: '${{ secrets.INFURA_PROJECT_ID }}'
MUMBAI_MNEMONIC: '${{ secrets.MUMBAI_MNEMONIC }}'
MUMBAI_NODE: '${{ secrets.MUMBAI_NODE }}'
POLYGON_MNEMONIC: "${{ secrets.POLYGON_MNEMONIC }}"
POLYGON_NODE: "${{ secrets.POLYGON_NODE }}"
POLYGON_GAS_PRICE: 1200000000000
DEBUG: '@openzeppelin:*'
# ETHERSCAN "${{ secrets.ETHERSCAN }}"
POLYSCAN: '${{ secrets.POLYSCAN }}'
DEFENDER_API_KEY: '${{ secrets.DEFENDER_API_KEY }}'
DEFENDER_API_SECRET: '${{ secrets.DEFENDER_API_SECRET }}'
RELEASE_PATH: '${{ needs.prepare.outputs.release_path }}'
MULTISIG_ADDRESS: '${{ needs.prepare.outputs.release_multisig }}'
- name: Link to run in PR
uses: actions/github-script@v6
env:
RUN_URL: '${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}'
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `[**Deploy finished**](${process.env.RUN_URL})`,
});