Merge branch 'develop' into ilyaaay/add-localhost-constructor-for-hos…

…tname-port

.github/actions/aws_upload/action.yml

@@ -19,6 +19,8 @@ inputs:
     description: File name to upload. Note, file must be in the same path
   release_version:
     description: Release version, e.g. 0.22.0
+  download_release_dir:
+    description: Download all release assets from AWS s3 to a specific directory
 
 runs:
   using: composite
@@ -32,4 +34,9 @@ runs:
     - shell: bash
       if: ${{ inputs.file_name }}
       run: |
-        aws s3api put-object --bucket ${{ inputs.bucket_name }} --key ${{ inputs.release_version }}/${{ inputs.file_name }} --body ${{ inputs.file_name }}
+        aws s3api put-object --bucket ${{ inputs.bucket_name }} --key command/${{ inputs.release_version }}/${{ inputs.file_name }} --body ${{ inputs.file_name }}
+
+    - shell: bash
+      if: ${{ inputs.download_release_dir }}
+      run: |
+        aws s3 cp s3://${{ inputs.bucket_name }}/command/${{ inputs.release_version }} ${{ inputs.download_release_dir }} --recursive

.github/actions/build_binaries/action.yml

@@ -55,9 +55,9 @@ runs:
         fi
 
         if [[ $use_cross_build == "true" ]]; then
-          cross build --bin ockam --target ${{ inputs.target }} --release --no-default-features -F ockam_command/aws-lc -F ockam_command/orchestrator
+          cross build --bin ockam --target ${{ inputs.target }} --release --no-default-features -F ockam_command/aws-lc
         else
-          cargo build --bin ockam --target ${{ inputs.target }} --release --no-default-features -F ockam_command/aws-lc -F ockam_command/orchestrator
+          cargo build --bin ockam --target ${{ inputs.target }} --release --no-default-features -F ockam_command/aws-lc
         fi
 
         cp target/${{ inputs.target }}/release/ockam target/${{ inputs.target }}/release/ockam_command

.github/workflows/release-draft-binaries.yml

@@ -85,39 +85,14 @@ jobs:
           docker pull ghcr.io/build-trust/ockam:$ockam_version
           \`\`\`"
 
-          url_head="https://${{ env.BUCKET_NAME }}.s3.amazonaws.com/${ockam_version}"
-
           text="$text
 
-          # Precompiled Binaries
-
-          \`\`\`bash
-          # download sha256sums.txt
-          curl --proto '=https' --tlsv1.2 -sSfL -O \\
-            ${url_head}/sha256sums.txt
-
-          # download sha256sums.txt.sig
-          curl --proto '=https' --tlsv1.2 -sSfL -O \\
-            ${url_head}/sha256sums.txt.sig
-
-          # download our release public key
-          curl --proto '=https' --tlsv1.2 -sSfL -o ockam.pub \\
-            https://raw.githubusercontent.com/build-trust/ockam/develop/tools/docker/cosign.pub
-
-          # verify signatures
-          cosign verify-blob --key ockam.pub --signature sha256sums.txt.sig sha256sums.txt
+          # Curl Install
 
-          # download ockam command binary for your architecture
-          curl --proto '=https' --tlsv1.2 -sSfL -O \\
-            ${url_head}/ockam.x86_64-unknown-linux-gnu
+          To install this release using curl:
 
-          # verify that the sha256 hash of the downloaded binary is the same as
-          # the corresponding hash mentioned in sha256sums.txt
-          cat sha256sums.txt | grep ockam.x86_64-unknown-linux-gnu | sha256sum -c
-
-          # rename the download binary and give it permission to execute
-          mv ockam.x86_64-unknown-linux-gnu ockam
-          chmod u+x ockam
+          \`\`\`bash
+          curl --proto '=https' --tlsv1.2 -sSfL https://install.command.ockam.io | bash
           \`\`\`"
 
           text="$text
@@ -282,12 +257,6 @@ jobs:
       run: |
         cosign sign-blob --yes --key env://PRIVATE_KEY "${{ env.ASSET_OCKAM_CLI }}" > "${{ env.ASSET_OCKAM_CLI }}.sig"
 
-    - name: Upload CLI release archive to GitHub
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      run: |
-        gh release upload ${{ needs.create_release.outputs.tag_name }} ${{ env.ASSET_OCKAM_CLI }} ${{ env.ASSET_OCKAM_CLI }}.sig --clobber
-
     - name: Upload CLI release archive to AWS
       uses: ./.github/actions/aws_upload
       with:
@@ -401,12 +370,6 @@ jobs:
         run: |
           cosign sign-blob --yes --key env://PRIVATE_KEY ${{ env.FILE_NAME }} > "${{ env.FILE_NAME }}.sig"
 
-      - name: Upload NIF to GitHub
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          gh release upload ${{ needs.create_release.outputs.tag_name }} ${{ env.FILE_NAME }} ${{ env.FILE_NAME }}.sig --clobber
-
       - name: Upload NIF to AWS
         uses: ./.github/actions/aws_upload
         with:
@@ -447,17 +410,15 @@ jobs:
           ref: ${{ github.event.inputs.release_branch }}
           path: aws
 
-      - name: Login to AWS
+      - name: Download Assets From AWS
         uses: ./aws/.github/actions/aws_upload
         with:
           aws_role: ${{ env.AWS_ROLE }}
           aws_role_session_name: aws_upload
           aws_region: ${{ env.AWS_REGION }}
-
-      - name: Fetch All Assets
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: aws s3 sync s3://${{ env.BUCKET_NAME }}/v${{ needs.create_release.outputs.version }} . && ls
+          bucket_name: ${{ env.BUCKET_NAME }}
+          release_version: "v${{ needs.create_release.outputs.version }}"
+          download_release_dir: "."
 
       - name: Generate File SHASum
         run: shasum -a 256 *ockam* > sha256sums.txt
@@ -473,12 +434,6 @@ jobs:
           COSIGN_PASSWORD: '${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }}'
         run: cosign sign-blob --yes --key env://PRIVATE_KEY sha256sums.txt > sha256sums.txt.sig
 
-      - name: Upload SHASum File to GitHub
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          gh release upload ${{ needs.create_release.outputs.tag_name }} sha256sums.txt sha256sums.txt.sig --clobber -R build-trust/ockam
-
       - name: Upload SHASum File to AWS
         uses: ./aws/.github/actions/aws_upload
         with:

.github/workflows/release-ockam-package.yml

@@ -38,25 +38,22 @@ jobs:
       actions: read
       contents: write
       packages: write
+      id-token: write
 
     steps:
-      - name: Checker
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          set -ex
-          mkdir assets && cd assets
-          gh release download ${{ github.event.inputs.tag }} -R ${ORGANIZATION}/ockam
-
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
         with:
           path: ockam
 
-      - id: image
-        run: |
-          tag_name="${{ github.event.inputs.tag }}"
-          version=${tag_name:7}
-          echo "image=ghcr.io/${ORGANIZATION}/$ARTIFACT_NAME:${version}-draft" >> $GITHUB_OUTPUT
+      - name: Download Assets From AWS
+        uses: ./ockam/.github/actions/aws_upload
+        with:
+          aws_role: ${{ vars.AWS_ROLE }}
+          aws_role_session_name: aws_upload
+          aws_region: ${{ vars.AWS_REGION }}
+          bucket_name: ${{ vars.AWS_BUCKET_NAME }}
+          release_version: "${{ github.event.inputs.tag }}"
+          download_release_dir: "assets"
 
       - name: Update Docker Template
         run: |
@@ -103,7 +100,8 @@ jobs:
       - name: Build And Publish As Draft
         run: |
           tag_name="${{ github.event.inputs.tag }}"
-          version=${tag_name:7}
+          # strip off the 'v' prefix from v0.146.0
+          version=${tag_name:1}
 
           docker buildx build --push \
             --tag ghcr.io/${ORGANIZATION}/ockam:${version}-draft \
@@ -132,7 +130,8 @@ jobs:
         id: image
         run: |
           tag_name="${{ github.event.inputs.tag }}"
-          version=${tag_name:7}
+          # strip off the 'v' prefix
+          version=${tag_name:1}
           echo "version=${version}" >> $GITHUB_OUTPUT
 
       - name: Deploy Latest Image