Skip to content

ci: get llvm keys differently #1194

ci: get llvm keys differently

ci: get llvm keys differently #1194

Workflow file for this run

name: Build binaries
on:
pull_request:
push:
branches:
- master
tags:
- "v*"
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
linux-build:
name: Build binaries for ${{ matrix.platform.name }}-${{ matrix.arch }}
runs-on: ${{ matrix.platform.runner }}
container:
image: ubuntu:18.04
strategy:
fail-fast: false
matrix:
arch:
- arm64
- amd64
platform:
- name: linux
runner: ubuntu-latest
- name: windows
runner: ubuntu-latest
exclude:
- platform:
name: windows
arch: arm64
steps:
- name: Setup ubuntu container
run: |
apt update
apt install -yqq build-essential make software-properties-common
add-apt-repository -y ppa:git-core/ppa
apt update && apt install -yqq git zip unzip zlib1g-dev zlib1g
- name: Check out code
uses: actions/[email protected]
with:
fetch-depth: 0
# Check https://github.com/livepeer/go-livepeer/pull/1891
# for ref value discussion
ref: ${{ github.event.pull_request.head.sha }}
- name: Set up go
id: go
uses: actions/setup-go@v4
with:
go-version: 1.20.4
cache: true
cache-dependency-path: go.sum
- name: Cache ffmpeg
id: cache-ffmpeg
uses: actions/cache@v3
with:
path: /github/home/compiled
key: ${{ runner.os }}-${{ matrix.platform.name }}-${{ matrix.arch }}-ffmpeg-${{ hashFiles('**/install_ffmpeg.sh') }}
restore-keys: |
${{ runner.os }}-${{ matrix.platform.name }}-${{ matrix.arch }}-ffmpeg-
- name: Cache binaries
uses: actions/cache@v3
with:
path: ~/build
key: ${{ runner.os }}-${{ matrix.platform.name }}-${{ matrix.arch }}-binaries-${{ github.sha }}
- name: Set build environment
run: |
echo "GOARCH=${{ matrix.arch }}" >> $GITHUB_ENV
echo "GOOS=${{ matrix.platform.name }}" >> $GITHUB_ENV
echo "GO_BUILD_DIR=lp-builds/" >> $GITHUB_ENV
- name: Install dependencies
run: |
apt-get update \
&& apt-get install -y software-properties-common curl apt-transport-https \
&& curl -fsSl https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add - \
&& add-apt-repository "deb [arch=amd64] http://apt.llvm.org/xenial/ llvm-toolchain-xenial-12 main" \
&& apt-get update \
&& apt-get -y install clang-12 clang-tools-12 lld-12 build-essential pkg-config autoconf git python gcc-multilib libgcc-8-dev-arm64-cross mingw-w64-tools gcc-mingw-w64-x86-64
update-alternatives --install /usr/bin/clang++ clang++ /usr/bin/clang++-12 30 \
&& update-alternatives --install /usr/bin/clang clang /usr/bin/clang-12 30 \
&& update-alternatives --install /usr/bin/ld ld /usr/bin/lld-12 30
- name: Install go modules
if: steps.go.outputs.cache-hit != 'true'
run: go mod download
- name: Install ffmpeg
if: steps.cache-ffmpeg.outputs.cache-hit != 'true'
run: ./install_ffmpeg.sh
- name: Build binaries
env:
GHA_REF: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || github.ref }}
run: |
git config --global --add safe.directory '*'
export PKG_CONFIG_PATH=/github/home/compiled/lib/pkgconfig
./ci_env.sh make
- name: Upload build
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository
env:
GHA_REF: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || github.ref }}
GCLOUD_KEY: ${{ secrets.GCLOUD_KEY }}
GCLOUD_SECRET: ${{ secrets.GCLOUD_SECRET }}
DISCORD_URL: ${{ secrets.DISCORD_URL }}
run: ./upload_build.sh
- name: Upload artifacts for cutting release
uses: actions/upload-artifact@master
with:
name: release-artifacts
path: releases/
- name: Notify new build upload
run: curl -X POST https://holy-bread-207a.livepeer.workers.dev
macos-build:
name: Build binaries for ${{ matrix.platform.name }}-${{ matrix.arch }}
runs-on: ${{ matrix.platform.runner }}
strategy:
fail-fast: false
matrix:
arch:
- arm64
- amd64
platform:
- name: darwin
runner: macos-latest
steps:
- name: Check out code
uses: actions/[email protected]
with:
fetch-depth: 0
# Check https://github.com/livepeer/go-livepeer/pull/1891
# for ref value discussion
ref: ${{ github.event.pull_request.head.sha }}
- name: Set up go
id: go
uses: actions/setup-go@v4
with:
go-version: 1.20.4
cache: true
cache-dependency-path: go.sum
- name: Set build environment
run: |
echo "GOARCH=${{ matrix.arch }}" >> $GITHUB_ENV
echo "GOOS=${{ matrix.platform.name }}" >> $GITHUB_ENV
echo "GO_BUILD_DIR=lp-builds/" >> $GITHUB_ENV
- name: Cache ffmpeg
id: cache-ffmpeg
uses: actions/cache@v3
with:
path: ~/compiled
key: ${{ runner.os }}-${{ matrix.platform.name }}-${{ matrix.arch }}-ffmpeg-${{ hashFiles('**/install_ffmpeg.sh') }}
restore-keys: |
${{ runner.os }}-${{ matrix.platform.name }}-${{ matrix.arch }}-ffmpeg-
- name: Cache binaries
uses: actions/cache@v3
with:
path: ~/build
key: ${{ runner.os }}-${{ matrix.platform.name }}-${{ matrix.arch }}-binaries-${{ github.sha }}
- name: Install dependencies
run: brew install coreutils pkg-config
- name: Install go modules
# if: steps.go.outputs.cache-hit != 'true'
run: go mod download
- name: Install ffmpeg
if: steps.cache-ffmpeg.outputs.cache-hit != 'true'
run: ./install_ffmpeg.sh
- name: Build binaries
env:
GHA_REF: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || github.ref }}
run: |
git config --global --add safe.directory '*'
export PKG_CONFIG_PATH=~/compiled/lib/pkgconfig
./ci_env.sh make
- uses: actions-ecosystem/action-regex-match@v2
id: match-tag
with:
text: ${{ github.ref_name }}
regex: '^(master|main|v[0-9]+\.\d+\.\d+)$'
- name: Codesign and notarize binaries
if: steps.match-tag.outputs.match != '' && matrix.platform.name == 'darwin'
uses: livepeer/action-gh-codesign-apple@latest
with:
developer-certificate-id: ${{ secrets.CI_MACOS_CERTIFICATE_ID }}
developer-certificate-base64: ${{ secrets.CI_MACOS_CERTIFICATE_BASE64 }}
developer-certificate-password: ${{ secrets.CI_MACOS_CERTIFICATE_PASSWORD }}
app-notarization-email: ${{ secrets.CI_MACOS_NOTARIZATION_USER }}
app-notarization-password: ${{ secrets.CI_MACOS_NOTARIZATION_PASSWORD }}
app-notarization-team-id: ${{ secrets.CI_MACOS_NOTARIZATION_TEAM_ID }}
binary-path: "lp-builds/"
- name: Upload build
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository
env:
GHA_REF: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || github.ref }}
GCLOUD_KEY: ${{ secrets.GCLOUD_KEY }}
GCLOUD_SECRET: ${{ secrets.GCLOUD_SECRET }}
DISCORD_URL: ${{ secrets.DISCORD_URL }}
run: ./upload_build.sh
- name: Upload artifacts for cutting release
uses: actions/upload-artifact@master
with:
name: release-artifacts
path: releases/
- name: Notify new build upload
run: curl -X POST https://holy-bread-207a.livepeer.workers.dev
linux-tensorflow:
name: Build binaries for linux using tensorflow
runs-on: ubuntu-latest
container:
image: ubuntu:18.04
steps:
- name: Setup ubuntu container
run: |
apt update
apt install -yqq build-essential make software-properties-common
add-apt-repository -y ppa:git-core/ppa
apt update && apt install -yqq git zip unzip zlib1g-dev zlib1g coreutils binutils libc++-dev libc++abi-dev libtool p7zip-full mediainfo xz-utils
- name: Check out code
uses: actions/[email protected]
with:
fetch-depth: 0
# Check https://github.com/livepeer/go-livepeer/pull/1891
# for ref value discussion
ref: ${{ github.event.pull_request.head.sha }}
- name: Set up go
id: go
uses: actions/setup-go@v4
with:
go-version: 1.20.4
cache: true
cache-dependency-path: go.sum
- name: Cache ffmpeg
id: cache-ffmpeg
uses: actions/cache@v3
with:
path: /github/home/compiled
key: ${{ runner.os }}-ffmpeg-tf-${{ hashFiles('**/install_ffmpeg.sh') }}
restore-keys: |
${{ runner.os }}-ffmpeg-tf-
- name: Cache binaries
uses: actions/cache@v3
with:
path: ~/build
key: ${{ runner.os }}-binaries-tf-${{ github.sha }}
- name: Install dependencies
run: |
apt-get update \
&& apt-get install -y software-properties-common curl apt-transport-https \
&& curl -fsSl https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add - \
&& add-apt-repository "deb [arch=amd64] http://apt.llvm.org/xenial/ llvm-toolchain-xenial-8 main" \
&& apt-get update \
&& apt-get -y install clang-8 clang-tools-8 build-essential pkg-config autoconf gnutls-dev git python
update-alternatives --install /usr/bin/clang++ clang++ /usr/bin/clang++-8 30 \
&& update-alternatives --install /usr/bin/clang clang /usr/bin/clang-8 30
LIBTENSORFLOW_VERSION=2.12.1 \
&& curl -LO https://storage.googleapis.com/tensorflow/libtensorflow/libtensorflow-gpu-linux-x86_64-${LIBTENSORFLOW_VERSION}.tar.gz \
&& tar -C /usr/local -xzf libtensorflow-gpu-linux-x86_64-${LIBTENSORFLOW_VERSION}.tar.gz \
&& ldconfig
- name: Install go modules
# if: steps.go.outputs.cache-hit != 'true'
run: go mod download
- name: Install ffmpeg
if: steps.cache-ffmpeg.outputs.cache-hit != 'true'
run: ./install_ffmpeg.sh
- name: Build binaries
env:
GHA_REF: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || github.ref }}
run: |
git config --global --add safe.directory '*'
export PKG_CONFIG_PATH=/github/home/compiled/lib/pkgconfig
./ci_env.sh make cgo_cflags="-lz" all
rm -rf ~/build && mkdir ~/build && mv livepeer* ~/build/
- name: Upload build
run: cp ~/build/* . && ./upload_build.sh
env:
GHA_REF: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || github.ref }}
GCLOUD_KEY: ${{ secrets.GCLOUD_KEY }}
GCLOUD_SECRET: ${{ secrets.GCLOUD_SECRET }}
DISCORD_URL: ${{ secrets.DISCORD_URL }}
RELEASE_TAG: "tensorflow"
- name: Upload artifacts for cutting release
uses: actions/upload-artifact@master
with:
name: release-artifacts
path: releases/
- name: Notify new build upload
run: curl -X POST https://holy-bread-207a.livepeer.workers.dev
upload:
name: Upload artifacts to google bucket
permissions:
contents: "read"
id-token: "write"
runs-on: ubuntu-latest
needs:
- macos-build
- linux-build
- linux-tensorflow
steps:
- name: Download artifacts
uses: actions/download-artifact@v3
with:
name: release-artifacts
path: releases/
- name: Generate sha256 checksum and gpg signatures for release artifacts
uses: livepeer/action-gh-checksum-and-gpg-sign@latest
with:
artifacts-dir: releases
release-name: ${{ (github.ref_type == 'tag' && github.ref_name) || github.sha }}
gpg-key: ${{ secrets.CI_GPG_SIGNING_KEY }}
gpg-key-passphrase: ${{ secrets.CI_GPG_SIGNING_PASSPHRASE }}
- name: Generate branch manifest
id: branch-manifest
uses: livepeer/branch-manifest-action@latest
with:
project-name: livepeer
bucket-key: ${{ github.event.repository.name }}
use-prefix: false
- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v1
with:
workload_identity_provider: ${{ secrets.CI_GOOGLE_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.CI_GOOGLE_SERVICE_ACCOUNT }}
- name: Upload release archives to Google Cloud
id: upload-archives
uses: google-github-actions/upload-cloud-storage@v1
with:
path: "releases"
destination: "build.livepeer.live/${{ github.event.repository.name }}/${{ (github.ref_type == 'tag' && github.ref_name) || github.sha }}"
parent: false
- name: Upload branch manifest file
id: upload-manifest
uses: google-github-actions/upload-cloud-storage@v1
with:
path: ${{ steps.branch-manifest.outputs.manifest-file }}
destination: "build.livepeer.live/${{ github.event.repository.name }}/"
parent: false