9178e8a75f feat: add smob and provenance in release for dockerhub; use jammy; apt remove as possible (pasta)
Pull request description:
## Issue being fixed or feature implemented
Docker provenance refers to the origin and history of Docker images, including how they were built, modified, and by whom. An SBOM (Software Bill of Materials) is a detailed list of all components in a software application, providing transparency about libraries, dependencies, and versions used, which is crucial for security and compliance.
## What was done?
Add SBOM and provenance to docker build; this may allow some level of validation that GitHub actions is actually doing what it says it is.
See this for more information https://docs.docker.com/build/ci/github-actions/attestations/
## How Has This Been Tested?
Building with buildx with sbom and provenance flags locally
## Breaking Changes
None
## Checklist:
_Go over all the following points, and put an `x` in all the boxes that apply._
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e tests
- [ ] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone _(for repository code-owners and collaborators only)_
ACKs for top commit:
UdjinM6:
utACK 9178e8a75f
Tree-SHA512: 6e3f35a0b30f002e2d5d80d6dd18ee554a1c15c62c1d4cbe1185f38977f55a199998515cf5bb9a027670f068f3d56ef33faa062d8c4122a886375d00afe6bf2f
f1f994a122b135160216b6fc56c095b83eeaf812 doc: Add `guix` prefix for changes to reproducible builds (Hennadii Stepanov)
Pull request description:
Most of contributors already use the `guix:` prefix for changes to `contrib/guix`. Also `guix` is shorter than `build`, and it is more focused/specific.
ACKs for top commit:
fanquake:
ACK f1f994a122b135160216b6fc56c095b83eeaf812
Tree-SHA512: 3f754e80802ec4e871b099ce1f0877e34ecc4816fbe9c49bfd2a7368ef79fed9edf6c65f38eedef2a87367fdc911dc548e0def422d80b66a91ce2e5f35826032
## Issue being fixed or feature implemented
Client version string is inconsistent. Building `v20.0.0-beta.8` tag
locally produces binaries that report `v20.0.0-beta.8` version but
binaries built in guix would report
`v20.0.0rc1-g3e732a952226a20505f907e4fd9b3fdbb14ea5ee` instead. Building
any commit after `v20.0.0-beta.8` locally would result in versions like
`v20.0.0rc1-8c94153d2497` which is close but it's still yet another
format. And both versions with `rc1` in their names are confusing cause
you'd expect them to mention `beta.8` instead maybe (or is it just me?
:D ).
## What was done?
Change it so that the version string would look like this:
on tag: ~`v20.0.0-beta.8-dev` or `v20.0.0-beta.8-gitarc`~
`v20.0.0-beta.8`
post-tag: ~`v20.0.0-beta.8-1-gb837e08164-gitarc`~
`v20.0.0-beta.8-1-gb837e08164`
post-tag format is
`recent tag`-`commits since that tag`-`g+12 chars of commit hash`-`dirty
(optional)` ~-`dev or gitarc`~
~`dev`/`gitarc` suffixes should help avoiding confusion with the release
versions and they also indicate the way non-release binaries were
built.~
Note that release binaries do not use any of this, they still use
`PACKAGE_VERSION` from `configure` like before.
Also, `CLIENT_VERSION_RC` is no longer used in this setup so it was
removed.
Few things aren't clear to me yet:
1. Version bump in `configure.ac` no longer affects the reported version
(unless it's an actual release). Are there any downsides I might be
missing?
2. Which tag should we use on `develop` once we bump version in
configure? `v21.0.0-init`? `v21.0.0-alpha1`?
3. How is it going to behave once `merge master back into develop` kind
of PR is merged? E.g. say `develop` branch is on `v21.0.0-alpha1` tag
and we merge v20.1.0 from `master` back into it. Will this bring
`v20.1.0` release tag into `develop`? Will it become the one that will
be used from that moment? If so we will probably need another tag on
`develop` every time such PR is merged e.g. `v21.0.0-alpha2` (or
whatever the next number is).
Don't think these are blockers but would like to hear thoughts from
others.
## How Has This Been Tested?
Built binaries locally, built them using guix at a specific tag and at
some commit on top of it.
## Breaking Changes
n/a
## Checklist:
- [x] I have performed a self-review of my own code
- [x] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_
## Issue being fixed or feature implemented
## What was done?
Add an echo
## How Has This Been Tested?
## Breaking Changes
None
## Checklist:
_Go over all the following points, and put an `x` in all the boxes that
apply._
- [ ] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_
## Issue being fixed or feature implemented
I was probably using `GITHUB_REPOSITORY` incorrectly, let's try it this
way
#5724 follow-up
## What was done?
## How Has This Been Tested?
n/a
## Breaking Changes
n/a
## Checklist:
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_
## Issue being fixed or feature implemented
Should hopefully fix
https://github.com/dashpay/dash-dev-branches/actions/runs/6939402277/job/18876687119#5716 follow-up
## What was done?
`$GITHUB_REPOSITORY` is not available inside docker, pass it inside
## How Has This Been Tested?
## Breaking Changes
n/a
## Checklist:
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_
## Issue being fixed or feature implemented
- Using `actions/cache` with a local buildx cache without the "move
cache" workaround will result in constant growth in cache size:
https://docs.docker.com/build/ci/github-actions/cache/#local-cache
## What was done?
- Docker natively supports the GHA Cache API, so we should use it for
faster and more efficient cache usage
- Actions were also bumped to current stable versions
## How Has This Been Tested?
Devs please test this by running a test Guix build from workflow
dispatch
## Breaking Changes
None
## Checklist:
_Go over all the following points, and put an `x` in all the boxes that
apply._
- [x] I have performed a self-review of my own code
- [x] I have commented my code, particularly in hard-to-understand areas
- [x] I have added or updated relevant unit/integration/functional/e2e
tests
- [x] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_
## Issue being fixed or feature implemented
- We want to enable use of the AWS-hosted GitHub Actions runners, now
that [corresponding
infra](https://github.com/dcginfra/tf-aws-gh-runner/pull/8/files#diff-ad98d33884a302f6c747dc6b326c6b3af3887f2ec25e0bd7a0395f10444818f3)
exists to deploy these runners
## What was done?
Add new labels and workflow dispatch button to allow runner testing
## How Has This Been Tested?
Pending testing in CI
## Breaking Changes
None
## Checklist:
- [x] I have performed a self-review of my own code
- [x] I have commented my code, particularly in hard-to-understand areas
- [x] I have added or updated relevant unit/integration/functional/e2e
tests
- [x] I have made corresponding changes to the documentation
- [ ] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_
## Issue being fixed or feature implemented
see warnings in https://github.com/dashpay/dash/actions/runs/5462770856
## What was done?
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
## How Has This Been Tested?
n/a
## Breaking Changes
n/a
## Checklist:
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_
## Issue being fixed or feature implemented
1. not all binaries were covered with checksums
2. there were no checksums for archives
## What was done?
add missing checksums, also group and sort them
## How Has This Been Tested?
run commands after local guix build
see this PR results
## Breaking Changes
n/a
## Checklist:
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_
## Issue being fixed or feature implemented
Automated guix builds in CI when specifically requested
## What was done?
Any PR with the `build-guix` label added will automatically have the
Guix build ran and the hashes placed in the CI output to compare against
## How Has This Been Tested?
This PR
## Breaking Changes
None
## Checklist:
_Go over all the following points, and put an `x` in all the boxes that
apply._
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_
## Issue being fixed or feature implemented
small cleanups and improvements
## What was done?
pls see individual commits
## How Has This Been Tested?
see
https://github.com/dashpay/dash/actions/runs/4715728701/jobs/8362893373?pr=5330
## Breaking Changes
n/a
## Checklist:
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_
## Issue being fixed or feature implemented
This adds a check that ensures branches merge cleanly into master via a
ff-only
## What was done?
Added a GitHub action created via gpt-4 :)
## How Has This Been Tested?
https://github.com/PastaPastaPasta/dash/actions/runs/4703432752/jobs/8341923994
and
https://github.com/PastaPastaPasta/dash/actions/runs/4703457936/jobs/8341980146
for expected pass and expected fail
## Breaking Changes
None, should be back ported to v19.x branch when we get the chance.
## Checklist:
<!--- Go over all the following points, and put an `x` in all the boxes
that apply. -->
- [ ] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation
**For repository code-owners and collaborators only**
- [x] I have assigned this pull request to a milestone
* introduce handle_potential_conflicts.py to only warn on true conflicts. Fail CI when there is a conflict
Signed-off-by: Pasta <pasta@dashboost.org>
* remove unneeded input assign
Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
* use dashpay instead of PastaPastaPasta
Signed-off-by: Pasta <pasta@dashboost.org>
* Update .github/workflows/handle_potential_conflicts.py
Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
* more linter fixes
Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
* use pull_request_target instead of pull_request
Signed-off-by: Pasta <pasta@dashboost.org>
* use pasta based action 0.1.1
Signed-off-by: Pasta <pasta@dashboost.org>
* feat:add github actions
* add release tag
* multi-arch download
* remove erroneous add command
* install wget properly
* parse tag
* no multi-arch for now
* show vars
* more debug
* show uname
* install certs
* manually mutate tag
* fix syntax
* use env
* remove debug
* try docker meta
* try semver with v
* multi-arch
* remove v
* use tag-match
* match group 1
* prepare for dashpay repo
* optimize dockerfile
* remove unnecessary space
Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
* Update .github/workflows/release_docker_hub.yml
Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
