-
Notifications
You must be signed in to change notification settings - Fork 682
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' into chore/master-to-develop
- Loading branch information
Showing
58 changed files
with
2,059 additions
and
1,474 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
FROM --platform=${TARGETPLATFORM} alpine as builder | ||
# Use a small image to download and extract the release archive | ||
|
||
ARG TAG | ||
ARG BIN_ARCH | ||
ARG TARGETPLATFORM | ||
ARG BUILDPLATFORM | ||
ARG TARGETARCH | ||
ARG TARGETVARIANT | ||
ARG REPO=stacks-network/stacks-blockchain | ||
|
||
RUN case ${TARGETARCH} in \ | ||
"amd64") BIN_ARCH=linux-musl-x64 ;; \ | ||
"arm64") BIN_ARCH=linux-musl-arm64 ;; \ | ||
"*") exit 1 ;; \ | ||
esac \ | ||
&& echo "wget -q https://github.com/${REPO}/releases/download/${TAG}/${BIN_ARCH}.zip -O /${BIN_ARCH}.zip" \ | ||
&& wget -q https://github.com/${REPO}/releases/download/${TAG}/${BIN_ARCH}.zip -O /${BIN_ARCH}.zip \ | ||
&& unzip ${BIN_ARCH}.zip -d /out | ||
|
||
FROM --platform=${TARGETPLATFORM} alpine | ||
COPY --from=builder /out/stacks-node /bin/ | ||
CMD ["stacks-node", "mainnet"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
FROM --platform=${TARGETPLATFORM} alpine as builder | ||
# Use a small image to download and extract the release archive | ||
|
||
ARG TAG | ||
ARG BIN_ARCH | ||
ARG TARGETPLATFORM | ||
ARG BUILDPLATFORM | ||
ARG TARGETARCH | ||
ARG TARGETVARIANT | ||
ARG REPO=stacks-network/stacks-blockchain | ||
|
||
RUN case ${TARGETARCH} in \ | ||
"amd64") BIN_ARCH=linux-musl-x64 ;; \ | ||
"arm64") BIN_ARCH=linux-musl-arm64 ;; \ | ||
"*") exit 1 ;; \ | ||
esac \ | ||
&& echo "wget -q https://github.com/${REPO}/releases/download/${TAG}/${BIN_ARCH}.zip -O /${BIN_ARCH}.zip" \ | ||
&& wget -q https://github.com/${REPO}/releases/download/${TAG}/${BIN_ARCH}.zip -O /${BIN_ARCH}.zip \ | ||
&& unzip ${BIN_ARCH}.zip -d /out | ||
|
||
FROM --platform=${TARGETPLATFORM} debian:bullseye | ||
COPY --from=builder /out/stacks-node /bin/ | ||
CMD ["stacks-node", "mainnet"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
FROM rust:bullseye as build | ||
|
||
ARG STACKS_NODE_VERSION="No Version Info" | ||
ARG GIT_BRANCH='No Branch Info' | ||
ARG GIT_COMMIT='No Commit Info' | ||
ARG BUILD_DIR=/build | ||
ARG TARGET=x86_64-unknown-linux-gnu | ||
WORKDIR /src | ||
|
||
COPY . . | ||
|
||
RUN apt-get update && apt-get install -y git | ||
|
||
# Run all the build steps in ramdisk in an attempt to speed things up | ||
RUN --mount=type=tmpfs,target=${BUILD_DIR} cp -R /src/. ${BUILD_DIR}/ \ | ||
&& cd ${BUILD_DIR} \ | ||
&& rustup target add ${TARGET} \ | ||
&& cargo build --features monitoring_prom,slog_json --release --workspace --target ${TARGET} \ | ||
&& mkdir -p /out \ | ||
&& cp -R ${BUILD_DIR}/target/${TARGET}/release/. /out | ||
|
||
FROM --platform=${TARGETPLATFORM} debian:bullseye | ||
COPY --from=build /out/stacks-node /bin/ | ||
CMD ["stacks-node", "mainnet"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
FROM rust:stretch as build | ||
FROM rust:bullseye as build | ||
|
||
WORKDIR /src | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
## | ||
## Performs an audit for crate advisories against cargo dependencies | ||
## | ||
|
||
name: Security Audit | ||
|
||
# Only run when: | ||
# - workflow is manually triggered | ||
# - Cargo.toml/lock is changed | ||
# - Daily at 0330 UTC | ||
# Note: this will create issues for any crate advisories unless they already exist | ||
|
||
on: | ||
workflow_dispatch: | ||
push: | ||
paths: | ||
- "**/Cargo.toml" | ||
- "**/Cargo.lock" | ||
schedule: | ||
- cron: 30 03 * * * | ||
|
||
jobs: | ||
security_audit: | ||
if: ${{ false }} | ||
name: Crate Vulnerability Check | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout the latest code | ||
id: git_checkout | ||
uses: actions/checkout@v3 | ||
- name: Rust Dependency Check | ||
id: rust_dep_check | ||
uses: actions-rs/audit-check@v1 | ||
with: | ||
token: ${{ secrets.GITHUB_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
## | ||
## Builds binary assets of stacks-blockchain and creates a named tag github (draft) release | ||
## | ||
|
||
name: Build Distributable Assets | ||
|
||
# Only run when: | ||
# - manually triggered via the ci.yml workflow with a provided input tag | ||
|
||
on: | ||
workflow_call: | ||
inputs: | ||
tag: | ||
description: "Tag name of this release (x.y.z)" | ||
required: true | ||
type: string | ||
parallel_jobs: | ||
description: "Number of parallel binary builds" | ||
required: false | ||
type: number | ||
default: 4 | ||
arch: | ||
description: "Stringified JSON object listing of platform matrix" | ||
required: true | ||
type: string | ||
|
||
jobs: | ||
artifact: | ||
if: ${{ inputs.tag != '' }} | ||
name: Create Artifacts | ||
runs-on: ubuntu-latest | ||
strategy: | ||
max-parallel: ${{ inputs.parallel_jobs }} | ||
matrix: | ||
platform: ${{ fromJson(inputs.arch) }} | ||
steps: | ||
- name: Checkout the latest code | ||
id: git_checkout | ||
uses: actions/checkout@v3 | ||
- name: Set Vars | ||
id: set_vars | ||
run: | | ||
echo "GITHUB_SHA_SHORT=${GITHUB_SHA::7}" >> $GITHUB_ENV | ||
echo "GITHUB_REF_SHORT=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV | ||
- name: Set up Docker Buildx | ||
id: setup_buildx | ||
uses: docker/setup-buildx-action@v2 | ||
- name: Build Binaries | ||
id: build_binaries | ||
uses: docker/build-push-action@v3 | ||
with: | ||
file: build-scripts/Dockerfile.${{ matrix.platform }} | ||
outputs: type=local,dest=./release/${{ matrix.platform }} | ||
build-args: | | ||
OS_ARCH=${{ matrix.platform }} | ||
GIT_BRANCH=${{ env.GITHUB_REF_SHORT }} | ||
GIT_COMMIT=${{ env.GITHUB_SHA_SHORT }} | ||
- name: Compress artifact | ||
id: compress_artifact | ||
run: zip --junk-paths ${{ matrix.platform }} ./release/${{ matrix.platform }}/* | ||
- name: Upload artifact | ||
id: upload_artifact | ||
uses: actions/upload-artifact@v3 | ||
with: | ||
path: ${{ matrix.platform }}.zip |
Oops, something went wrong.