From 07da040e510066a0a6c08981b415b62fc574bd0c Mon Sep 17 00:00:00 2001 From: avalonche Date: Fri, 22 Aug 2025 04:18:44 +1000 Subject: [PATCH] Websocket proxy release flow --- .github/workflows/release.yml | 100 ++++++- .github/workflows/websocket-proxy-release.yml | 243 ++++++++++++++++++ 2 files changed, 333 insertions(+), 10 deletions(-) create mode 100644 .github/workflows/websocket-proxy-release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 32340be7..984cf2c1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,7 +3,7 @@ name: Release on: push: tags: - - 'v*' + - 'rollup-boost/v*' permissions: contents: write @@ -12,25 +12,101 @@ env: REGISTRY_IMAGE: flashbots/rollup-boost jobs: - release: + extract-version: + name: Extract version + runs-on: warp-ubuntu-latest-x64-16x + outputs: + VERSION: ${{ steps.extract_version.outputs.VERSION }} + steps: + - name: Extract version + id: extract_version + run: | + if [[ "${GITHUB_REF_TYPE}" == "tag" ]]; then + VERSION="${GITHUB_REF#refs/tags/rollup-boost/}" + else + VERSION="$(echo ${GITHUB_SHA} | cut -c1-7)" + fi + echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT + echo "| | |" >> $GITHUB_STEP_SUMMARY + echo "| ------------------- | ---------------------- |" >> $GITHUB_STEP_SUMMARY + echo "| \`GITHUB_REF_TYPE\` | \`${GITHUB_REF_TYPE}\` |" >> $GITHUB_STEP_SUMMARY + echo "| \`GITHUB_REF_NAME\` | \`${GITHUB_REF_NAME}\` |" >> $GITHUB_STEP_SUMMARY + echo "| \`GITHUB_REF\` | \`${GITHUB_REF}\` |" >> $GITHUB_STEP_SUMMARY + echo "| \`GITHUB_SHA\` | \`${GITHUB_SHA}\` |" >> $GITHUB_STEP_SUMMARY + echo "| \`VERSION\` | \`${VERSION}\` |" >> $GITHUB_STEP_SUMMARY + echo "| \`FEATURES\` | \`${{ github.event.inputs.features || 'none' }}\` |" >> $GITHUB_STEP_SUMMARY + + build-binary: + name: Build binary + needs: extract-version + runs-on: ${{ matrix.configs.runner }} + container: + image: ubuntu:22.04 + permissions: + contents: write + packages: write + strategy: + matrix: + configs: + - target: x86_64-unknown-linux-gnu + runner: warp-ubuntu-latest-x64-32x + - target: aarch64-unknown-linux-gnu + runner: warp-ubuntu-latest-arm64-32x + # Paused until docker is pre-installed https://github.com/actions/runner-images/blob/main/images/macos/macos-14-arm64-Readme.md + # - target: aarch64-apple-darwin + # runner: warp-macos-14-arm64-6x + + steps: + - name: Install dependencies + run: | + apt-get update + apt-get install -y \ + build-essential \ + curl \ + git \ + libclang-dev \ + libssl-dev \ + libtss2-dev \ + pkg-config \ + protobuf-compiler + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y + - uses: actions/checkout@v4 # must install git before checkout and set safe.directory after checkout because of container + + - name: Build rollup-boost binary + run: | + git config --global --add safe.directory "$(pwd)" + . $HOME/.cargo/env + cargo build --release --target ${{ matrix.configs.target }} --package rollup-boost + mkdir -p artifacts + mv target/${{ matrix.configs.target }}/release/rollup-boost artifacts/rollup-boost-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.configs.target }}${{ matrix.features && '-' }}${{ matrix.features }} + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: rollup-boost-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.configs.target }}${{ matrix.features && '-' }}${{ matrix.features }} + path: artifacts + + publish-docker-image: name: Publish Docker Image strategy: matrix: - config: + configs: - platform: linux/amd64 - runner: warp-ubuntu-latest-x64-16x + runner: warp-ubuntu-latest-x64-32x - platform: linux/arm64 - runner: warp-ubuntu-latest-arm64-16x - runs-on: ${{ matrix.config.runner }} + runner: warp-ubuntu-latest-arm64-32x + # Paused until docker is pre-installed https://github.com/actions/runner-images/blob/main/images/macos/macos-14-arm64-Readme.md + # - target: aarch64-apple-darwin + # runner: warp-macos-14-arm64-6x + runs-on: ${{ matrix.configs.runner }} steps: - name: Checkout sources uses: actions/checkout@v4.2.0 - name: Set env run: | - platform=${{ matrix.config.platform }} + platform=${{ matrix.configs.platform }} echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV + echo "RELEASE_VERSION=${GITHUB_REF#refs/tags/rollup-boost/}" >> $GITHUB_ENV - name: Print version run: | @@ -42,6 +118,10 @@ jobs: uses: docker/metadata-action@v4 with: images: ${{ env.REGISTRY_IMAGE }} + tags: | + type=sha + type=raw,value=${{ env.RELEASE_VERSION }} + type=raw,value=latest,enable=${{ !contains(env.RELEASE_VERSION, '-') }} - name: Set up QEMU uses: docker/setup-qemu-action@v3 @@ -64,7 +144,7 @@ jobs: context: . build-args: | VERSION=${{ env.RELEASE_VERSION }} - platforms: ${{ matrix.config.platform }} + platforms: ${{ matrix.configs.platform }} labels: ${{ steps.meta.outputs.labels }} outputs: type=registry,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true @@ -85,7 +165,7 @@ jobs: merge: runs-on: warp-ubuntu-latest-x64-16x needs: - - release + - publish-docker-image steps: - name: Download digests uses: actions/download-artifact@v4 diff --git a/.github/workflows/websocket-proxy-release.yml b/.github/workflows/websocket-proxy-release.yml new file mode 100644 index 00000000..23177801 --- /dev/null +++ b/.github/workflows/websocket-proxy-release.yml @@ -0,0 +1,243 @@ +name: Release + +on: + push: + tags: + - 'websocket-proxy/v*' + +permissions: + contents: write + +env: + REGISTRY_IMAGE: flashbots/flashblocks-websocket-proxy + +jobs: + extract-version: + name: Extract version + runs-on: warp-ubuntu-latest-x64-16x + outputs: + VERSION: ${{ steps.extract_version.outputs.VERSION }} + steps: + - name: Extract version + id: extract_version + run: | + if [[ "${GITHUB_REF_TYPE}" == "tag" ]]; then + VERSION="${GITHUB_REF#refs/tags/websocket-proxy/}" + else + VERSION="$(echo ${GITHUB_SHA} | cut -c1-7)" + fi + echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT + echo "| | |" >> $GITHUB_STEP_SUMMARY + echo "| ------------------- | ---------------------- |" >> $GITHUB_STEP_SUMMARY + echo "| \`GITHUB_REF_TYPE\` | \`${GITHUB_REF_TYPE}\` |" >> $GITHUB_STEP_SUMMARY + echo "| \`GITHUB_REF_NAME\` | \`${GITHUB_REF_NAME}\` |" >> $GITHUB_STEP_SUMMARY + echo "| \`GITHUB_REF\` | \`${GITHUB_REF}\` |" >> $GITHUB_STEP_SUMMARY + echo "| \`GITHUB_SHA\` | \`${GITHUB_SHA}\` |" >> $GITHUB_STEP_SUMMARY + echo "| \`VERSION\` | \`${VERSION}\` |" >> $GITHUB_STEP_SUMMARY + echo "| \`FEATURES\` | \`${{ github.event.inputs.features || 'none' }}\` |" >> $GITHUB_STEP_SUMMARY + + build-binary: + name: Build binary + needs: extract-version + runs-on: ${{ matrix.configs.runner }} + container: + image: ubuntu:22.04 + permissions: + contents: write + packages: write + strategy: + matrix: + configs: + - target: x86_64-unknown-linux-gnu + runner: warp-ubuntu-latest-x64-32x + - target: aarch64-unknown-linux-gnu + runner: warp-ubuntu-latest-arm64-32x + # Paused until docker is pre-installed https://github.com/actions/runner-images/blob/main/images/macos/macos-14-arm64-Readme.md + # - target: aarch64-apple-darwin + # runner: warp-macos-14-arm64-6x + + steps: + - name: Install dependencies + run: | + apt-get update + apt-get install -y \ + build-essential \ + curl \ + git \ + libclang-dev \ + libssl-dev \ + libtss2-dev \ + pkg-config \ + protobuf-compiler + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y + - uses: actions/checkout@v4 # must install git before checkout and set safe.directory after checkout because of container + + - name: Build websocket-proxy binary + run: | + git config --global --add safe.directory "$(pwd)" + . $HOME/.cargo/env + cargo build --release --target ${{ matrix.configs.target }} --package flashblocks-websocket-proxy + mkdir -p artifacts + mv target/${{ matrix.configs.target }}/release/flashblocks-websocket-proxy artifacts/flashblocks-websocket-proxy-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.configs.target }}${{ matrix.features && '-' }}${{ matrix.features }} + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: flashblocks-websocket-proxy-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.configs.target }}${{ matrix.features && '-' }}${{ matrix.features }} + path: artifacts + + publish-docker-image: + name: Publish Docker Image + strategy: + matrix: + configs: + - platform: linux/amd64 + runner: warp-ubuntu-latest-x64-32x + - platform: linux/arm64 + runner: warp-ubuntu-latest-arm64-32x + # Paused until docker is pre-installed https://github.com/actions/runner-images/blob/main/images/macos/macos-14-arm64-Readme.md + # - target: aarch64-apple-darwin + # runner: warp-macos-14-arm64-6x + runs-on: ${{ matrix.configs.runner }} + steps: + - name: Checkout sources + uses: actions/checkout@v4.2.0 + + - name: Set env + run: | + platform=${{ matrix.configs.platform }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + echo "RELEASE_VERSION=${GITHUB_REF#refs/tags/websocket-proxy/}" >> $GITHUB_ENV + + - name: Print version + run: | + echo $RELEASE_VERSION + echo ${{ env.RELEASE_VERSION }} + + - name: Extract metadata (tags, labels) for Docker images + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ env.REGISTRY_IMAGE }} + tags: | + type=sha + type=raw,value=${{ env.RELEASE_VERSION }} + type=raw,value=latest,enable=${{ !contains(env.RELEASE_VERSION, '-') }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to DockerHub + uses: docker/login-action@v3 + with: + username: ${{ secrets.FLASHBOTS_DOCKERHUB_USERNAME }} + password: ${{ secrets.FLASHBOTS_DOCKERHUB_TOKEN }} + + - name: Build and push + id: build + uses: docker/build-push-action@v6 + with: + cache-from: type=gha + cache-to: type=gha,mode=max + context: . + file: ./crates/websocket-proxy/Dockerfile + build-args: | + VERSION=${{ env.RELEASE_VERSION }} + platforms: ${{ matrix.configs.platform }} + labels: ${{ steps.meta.outputs.labels }} + outputs: type=registry,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true + + - name: Export digest + run: | + mkdir -p /tmp/digests + digest="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" + + - name: Upload digest + uses: actions/upload-artifact@v4 + with: + name: digests-${{ env.PLATFORM_PAIR }} + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + + merge: + runs-on: warp-ubuntu-latest-x64-16x + needs: + - publish-docker-image + steps: + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: /tmp/digests + pattern: digests-* + merge-multiple: true + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.FLASHBOTS_DOCKERHUB_USERNAME }} + password: ${{ secrets.FLASHBOTS_DOCKERHUB_TOKEN }} + + - name: Login to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.FLASHBOTS_GHCR_TOKEN }} # PAT required for Organization policy + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY_IMAGE }} + tags: | + type=sha + type=raw,value=${{ env.RELEASE_VERSION }} + type=raw,value=latest,enable=${{ !contains(env.RELEASE_VERSION, '-') }} + + - name: Create manifest list and push + working-directory: /tmp/digests + run: | + image=$( + jq -cr '.tags | first' <<< "$DOCKER_METADATA_OUTPUT_JSON" + ) + + docker buildx imagetools create -t $image $( + printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' * + ) + + - name: Install regctl + uses: regclient/actions/regctl-installer@main + + - name: Push to GHCR + run: | + regctl image copy \ + ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} \ + ghcr.io/${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} + + - name: Inspect image + run: | + docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} + + github-release: + runs-on: warp-ubuntu-latest-x64-16x + steps: + - name: Checkout sources + uses: actions/checkout@v4.2.0 + + - name: Create release + id: create_release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: ${{ github.ref }} + release_name: ${{ github.ref }} + draft: true + prerelease: false