Publish RPM packages for Azure Linux in the release job (#6774) #97

Workflow file for this run

.github/workflows/release.yml at 118bcd1

	name: Release

	on:
	push:
	tags:
	- "ccf-[56].*"
	workflow_dispatch:

	permissions:
	contents: write
	actions: read
	checks: write

	jobs:
	make_sbom:
	name: SBOM Generation
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 1
	- name: "Install SBOM tool"
	run: \|
	set -ex
	curl -Lo sbom-tool https://github.com/microsoft/sbom-tool/releases/latest/download/sbom-tool-linux-x64 > sbom-tool
	chmod +x sbom-tool
	shell: bash
	- name: "Produce SBOM"
	run: \|
	set -ex
	CCF_VERSION=${{ github.ref_name }}
	CCF_VERSION=${CCF_VERSION#ccf-}
	./sbom-tool generate -b . -bc . -pn CCF -ps Microsoft -nsb https://sbom.microsoft -pv $CCF_VERSION -V Error
	shell: bash
	- name: "Upload SBOM"
	uses: actions/upload-artifact@v4
	with:
	name: sbom
	path: _manifest/spdx_2.2/*

	release_notes:
	name: Release Notes
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 1
	- name: "Check Release Notes"
	run: \|
	set -ex
	python scripts/extract-release-notes.py --target-git-version
	shell: bash
	- name: "Produce Release Notes"
	run: \|
	set -ex
	set -o pipefail
	python ./scripts/extract-release-notes.py --target-git-version --describe-path-changes "./samples/constitution" \| tee rel-notes.md
	- name: "Upload .deb Package"
	uses: actions/upload-artifact@v4
	with:
	name: relnotes
	path: rel-notes.md

	build_release:
	name: Build Release
	needs: release_notes
	strategy:
	matrix:
	platform:
	- name: virtual
	os: ubuntu
	image: ghcr.io/microsoft/ccf/ci/default:build-14-01-2025
	test_filter: "benchmark\|unit"
	- name: snp
	os: ubuntu
	image: ghcr.io/microsoft/ccf/ci/default:build-14-01-2025
	- name: virtual
	os: azure-linux
	image: mcr.microsoft.com/azurelinux/base/core:3.0
	test_filter: "benchmark\|unit\|protocolstest\|lts"
	- name: snp
	os: azure-linux
	image: mcr.microsoft.com/azurelinux/base/core:3.0

	runs-on: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub]
	container:
	image: ${{ matrix.platform.image }}
	options: "--user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE"

	steps:
	- name: "Checkout dependencies"
	if: ${{ matrix.platform.os == 'azure-linux' }}
	shell: bash
	run: \|
	gpg --import /etc/pki/rpm-gpg/MICROSOFT-RPM-GPG-KEY
	tdnf -y update
	tdnf -y install ca-certificates git

	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: "Install dependencies"
	if: ${{ matrix.platform.os == 'azure-linux' }}
	shell: bash
	run: \|
	set -ex
	./scripts/install-azure-linux-deps.sh
	# For packaging and release tests
	tdnf -y install rpm-build

	- name: "Build Release ${{ matrix.platform.name }}"
	shell: bash
	run: \|
	set -ex
	git config --global --add safe.directory /__w/CCF/CCF
	mkdir build
	cd build
	CC=`which clang` CXX=`which clang++` cmake -GNinja -DCOMPILE_TARGET=${{ matrix.platform.name }} -DCLIENT_PROTOCOLS_TEST=ON -DCMAKE_BUILD_TYPE=Release ..
	ninja -v \| tee build.log

	- name: "Install Extended Testing Tools"
	if: ${{ matrix.platform.os == 'ubuntu' && matrix.platform.name == 'virtual' }}
	run: \|
	set -ex
	sudo apt-get -y update
	sudo apt install ansible -y
	cd getting_started/setup_vm
	ansible-playbook ccf-extended-testing.yml
	shell: bash

	- name: "Test ${{ matrix.platform.name }}"
	if: "${{ matrix.platform.name == 'virtual' }}"
	run: \|
	set -ex
	cd build
	rm -rf /github/home/.cache
	mkdir -p /github/home/.cache
	export ASAN_SYMBOLIZER_PATH=$(realpath /usr/bin/llvm-symbolizer-15)
	# Unit tests
	./tests.sh --output-on-failure -L unit -j$(nproc --all)
	# Suite tests
	./tests.sh --timeout 600 --output-on-failure -L "suite"
	# Most tests
	./tests.sh --timeout 360 --output-on-failure -LE "suite\|${{ matrix.platform.test_filter }}"
	shell: bash

	- name: "Upload logs for ${{ matrix.platform.os }}-${{ matrix.platform.name }}"
	if: success() \|\| failure()
	uses: actions/upload-artifact@v4
	with:
	name: logs-${{ matrix.platform.os }}-${{ matrix.platform.name }}
	path: \|
	build/workspace//.config.json
	build/workspace/*/out
	build/workspace/*/err
	build/workspace/.ledger/
	if-no-files-found: ignore

	- name: "Make .deb Package"
	if: "${{ matrix.platform.os == 'ubuntu' }}"
	id: make_deb
	run: \|
	set -ex
	set -o pipefail
	cd build
	cmake -L .. 2>/dev/null \| grep CMAKE_INSTALL_PREFIX: \| cut -d = -f 2 > /tmp/install_prefix
	cpack -V -G DEB
	INITIAL_PKG=`ls *.deb`
	CCF_GITHUB_PKG=${INITIAL_PKG//\~/_}
	if [[ "$INITIAL_PKG" != "$CCF_GITHUB_PKG" ]]; then
	mv $INITIAL_PKG $CCF_GITHUB_PKG
	fi
	echo "name=$CCF_GITHUB_PKG" >> $GITHUB_OUTPUT
	shell: bash

	- name: "Make .rpm Package"
	if: "${{ matrix.platform.os == 'azure-linux' }}"
	id: make_rpm
	run: \|
	set -ex
	set -o pipefail
	cd build
	cmake -L .. 2>/dev/null \| grep CMAKE_INSTALL_PREFIX: \| cut -d = -f 2 > /tmp/install_prefix
	cpack -V -G RPM
	INITIAL_PKG=`ls *.rpm`
	CCF_GITHUB_PKG=${INITIAL_PKG//\~/_}
	if [[ "$INITIAL_PKG" != "$CCF_GITHUB_PKG" ]]; then
	mv $INITIAL_PKG $CCF_GITHUB_PKG
	fi
	echo "name=$CCF_GITHUB_PKG" >> $GITHUB_OUTPUT
	shell: bash

	- name: "Install CCF Debian package"
	if: "${{ matrix.platform.os == 'ubuntu' }}"
	run: \|
	set -ex
	cd build
	sudo apt -y install ./${{ steps.make_deb.outputs.name }}
	shell: bash

	- name: "Install CCF RPM package"
	if: "${{ matrix.platform.os == 'azure-linux' }}"
	run: \|
	set -ex
	cd build
	tdnf -y install ./${{ steps.make_rpm.outputs.name }}
	shell: bash

	- name: "Test Installed CCF"
	if: "${{ matrix.platform.name == 'virtual' }}"
	run: \|
	set -ex
	set -o pipefail
	cd build
	cat /tmp/install_prefix \| xargs -i bash -c "PYTHON_PACKAGE_PATH=../python ./test_install.sh {}"
	shell: bash

	- name: "Recovery Benchmark for Installed CCF"
	if: "${{ matrix.platform.name == 'virtual' }}"
	run: \|
	set -ex
	set -o pipefail
	cd build
	cat /tmp/install_prefix \| xargs -i bash -c "PYTHON_PACKAGE_PATH=../python ./recovery_benchmark.sh {}"
	shell: bash

	- name: "Test Building a Sample Against Installed CCF"
	run: \|
	set -ex
	./tests/test_install_build.sh -DCOMPILE_TARGET=${{ matrix.platform.name }}
	shell: bash

	- name: "Upload .deb Package"
	if: "${{ matrix.platform.os == 'ubuntu' }}"
	uses: actions/upload-artifact@v4
	with:
	name: pkg-${{ matrix.platform.os }}-${{ matrix.platform.name }}
	path: build/${{ steps.make_deb.outputs.name }}

	- name: "Upload .rpm Package"
	if: "${{ matrix.platform.os == 'azure-linux' }}"
	uses: actions/upload-artifact@v4
	with:
	name: pkg-${{ matrix.platform.os }}-${{ matrix.platform.name }}
	path: build/${{ steps.make_rpm.outputs.name }}

	- name: "Upload Compatibility Report"
	if: "${{ matrix.platform.os == 'ubuntu' && matrix.platform.name == 'virtual' }}"
	uses: actions/upload-artifact@v4
	with:
	name: compatibility
	path: build/compatibility_report.json

	- name: "Upload TLS Report"
	if: "${{ matrix.platform.os == 'ubuntu' && matrix.platform.name == 'virtual' }}"
	uses: actions/upload-artifact@v4
	with:
	name: tls
	path: build/tls_report.html

	- name: "Build Python Wheel"
	if: "${{ matrix.platform.os == 'ubuntu' && matrix.platform.name == 'virtual' }}"
	id: build_wheel
	run: \|
	set -ex
	cd python
	python3 -m venv env
	source ./env/bin/activate
	pip install wheel build
	python -m build --wheel
	WHL=`ls dist/*.whl`
	echo "name=$WHL" >> $GITHUB_OUTPUT
	shell: bash

	- name: "Upload Python Wheel"
	if: "${{ matrix.platform.os == 'ubuntu' && matrix.platform.name == 'virtual' }}"
	uses: actions/upload-artifact@v4
	with:
	name: wheel
	path: python/${{ steps.build_wheel.outputs.name }}

	- name: "Build TS Package"
	if: "${{ matrix.platform.os == 'ubuntu' && matrix.platform.name == 'virtual' }}"
	id: build_tstgz
	run: \|
	set -ex
	cd js/ccf-app
	CCF_VERSION=$(<../../build/VERSION_LONG)
	CCF_VERSION=${CCF_VERSION#ccf-}
	echo "Setting npm package version to ${CCF_VERSION}"
	npm version $CCF_VERSION
	npm pack
	PKG=`ls *.tgz`
	echo "name=$PKG" >> $GITHUB_OUTPUT
	shell: bash

	- name: "Upload TS Package"
	if: "${{ matrix.platform.os == 'ubuntu' && matrix.platform.name == 'virtual' }}"
	uses: actions/upload-artifact@v4
	with:
	name: tstgz
	path: js/ccf-app/${{ steps.build_tstgz.outputs.name }}

	create_release:
	needs:
	- build_release
	- make_sbom
	name: Create Release
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 1
	- name: Download Packages
	uses: actions/download-artifact@v4
	with:
	path: pkg
	pattern: pkg-*
	merge-multiple: true
	- name: Download Release Notes
	uses: actions/download-artifact@v4
	with:
	name: relnotes
	- name: Download Compatibility Report
	uses: actions/download-artifact@v4
	with:
	name: compatibility
	- name: Download TLS Report
	uses: actions/download-artifact@v4
	with:
	name: tls
	- name: Download Python Wheel
	uses: actions/download-artifact@v4
	with:
	path: wheel
	name: wheel
	- name: Download TS Package
	uses: actions/download-artifact@v4
	with:
	path: tstgz
	name: tstgz
	- name: Download SBOM
	uses: actions/download-artifact@v4
	with:
	path: sbom
	name: sbom
	- run: \|
	set -ex
	CCF_VERSION=${{ github.ref_name }}
	CCF_VERSION=${CCF_VERSION#ccf-}
	gh release create --title $CCF_VERSION --draft --notes-file rel-notes.md ${{ github.ref_name }} pkg/* wheel/.whl tstgz/.tgz sbom/* tls_report.html compatibility_report.json
	shell: bash
	env:
	GH_TOKEN: ${{ github.token }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Publish RPM packages for Azure Linux in the release job (#6774) #97

Workflow file

Publish RPM packages for Azure Linux in the release job (#6774) #97

Jobs

Run details

Workflow file for this run