Skip to content

Amplifier wasm contracts - Upload wasm binaries to Cloudflare R2 bucket #28

Amplifier wasm contracts - Upload wasm binaries to Cloudflare R2 bucket

Amplifier wasm contracts - Upload wasm binaries to Cloudflare R2 bucket #28

name: Amplifier wasm contracts - Upload wasm binaries to Cloudflare R2 bucket
on:
push:
branches:
- main
create:
tags:
- '*-v[0-9]+.[0-9]+.[0-9]+'
workflow_dispatch:
inputs:
ref:
description: Github branch or tag to checkout for compilation
required: true
default: main
type: string
jobs:
compile-and-upload:
name: Compile contracts and push to R2
runs-on: ubuntu-22.04
permissions:
contents: write
packages: write
id-token: write
steps:
- name: Get tag
id: get-tag
run: |
echo "github_ref=$GITHUB_REF"
if [[ $GITHUB_REF == refs/tags/* ]]; then
echo "tag=${GITHUB_REF#refs/tags/}"
echo "tag=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
input_ref="${{ github.event.inputs.ref }}"
if [[ $input_ref =~ ^([a-zA-Z-]+)-v([0-9]+\.[0-9]+\.[0-9]+)$ ]]; then
echo "tag=$input_ref"
echo "tag=$input_ref" >> $GITHUB_OUTPUT
else
echo "tag="
echo "tag=" >> $GITHUB_OUTPUT
fi
else
echo "tag="
echo "tag=" >> $GITHUB_OUTPUT
fi
- name: Check for release information from tag
id: check-release
run: |
tag="${{ steps.get-tag.outputs.tag }}"
is_release="false"
if [[ $tag =~ ^([a-zA-Z-]+)-v([0-9]+\.[0-9]+\.[0-9]+)$ ]]; then
is_release="true"
crate_name="${BASH_REMATCH[1]}"
crate_version="${BASH_REMATCH[2]}"
if [[ $crate_name == "ampd" ]]; then
echo "Ampd release. Ignoring the wasm build and upload."
exit 1
fi
echo "Is release: $is_release"
echo "Crate Name: $crate_name"
echo "Crate Version: $crate_version"
echo "is-release=$is_release" >> $GITHUB_OUTPUT
echo "crate-name=$crate_name" >> $GITHUB_OUTPUT
echo "crate-version=$crate_version" >> $GITHUB_OUTPUT
else
echo "Is release: $is_release"
echo "Not a release tag. Skipping crate name and version extraction."
echo "is-release=$is_release" >> $GITHUB_OUTPUT
fi
- name: Determine checkout ref
id: get-checkout-ref
run: |
if [[ $GITHUB_REF == refs/tags/* ]]; then
echo "ref=$GITHUB_REF" >> $GITHUB_OUTPUT
elif [ "${{ github.event_name }}" == "push" ]; then
echo "ref=main" >> $GITHUB_OUTPUT
else
echo "ref=${{ inputs.ref }}" >> $GITHUB_OUTPUT
fi
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: "0"
path: axelar-amplifier
submodules: recursive
ref: ${{ steps.get-checkout-ref.outputs.ref }}
token: ${{ secrets.INTEROP_CI_ACTION_TOKEN }}
- name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v4
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
- name: Compile all amplifier contracts
id: compile-contracts
run: |
cd axelar-amplifier
docker run --rm -v "$(pwd)":/code \
--mount type=volume,source="$(basename "$(pwd)")_cache",target=/code/target \
--mount type=volume,source=registry_cache,target=/usr/local/cargo/registry \
cosmwasm/optimizer:0.16.0
commit_hash=$(git rev-parse --short HEAD)
cd ..
mkdir -p ./$commit_hash/
cp -R axelar-amplifier/artifacts/* ./$commit_hash/
echo "wasm-directory=./$commit_hash" >> $GITHUB_OUTPUT
- name: Prepare and sign release artifacts
if: steps.check-release.outputs.is-release == 'true'
id: prepare-release
run: |
cd ${{ steps.compile-contracts.outputs.wasm-directory }}
crate_name="${{ steps.check-release.outputs.crate-name }}"
crate_version="${{ steps.check-release.outputs.crate-version }}"
wasm_file=$(find . -name "${crate_name//-/_}.wasm")
checksum_file=$(find . -name "checksums.txt")
if [ -z "$wasm_file" ]; then
echo "Error: Could not find .wasm file for $crate_name"
exit 1
fi
mkdir -p "../${crate_version}"
cp "$wasm_file" "../${crate_version}/${crate_name}.wasm"
cp "$checksum_file" "../${crate_version}/"
gpg --armor --detach-sign ../${crate_version}/${crate_name}.wasm
gpg --armor --detach-sign ../${crate_version}/checksums.txt
echo "release-artifacts-dir=./${crate_version}" >> $GITHUB_OUTPUT
echo "r2-destination-dir=./releases/cosmwasm/${crate_name}" >> $GITHUB_OUTPUT
- uses: ryand56/[email protected]
if: steps.check-release.outputs.is-release == 'true'
with:
r2-account-id: ${{ secrets.R2_ACCOUNT_ID }}
r2-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CF }}
r2-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CF }}
r2-bucket: ${{ secrets.R2_BUCKET }}
source-dir: ${{ steps.prepare-release.outputs.release-artifacts-dir }}
destination-dir: ${{ steps.prepare-release.outputs.r2-destination-dir }}
- uses: ryand56/[email protected]
if: steps.check-release.outputs.is-release != 'true'
with:
r2-account-id: ${{ secrets.R2_ACCOUNT_ID }}
r2-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CF }}
r2-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CF }}
r2-bucket: ${{ secrets.R2_BUCKET }}
source-dir: ${{ steps.compile-contracts.outputs.wasm-directory }}
destination-dir: ./pre-releases/cosmwasm/