chore(comet): bumped cometBFT version (#2474) #272
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-License-Identifier: MIT | |
| # | |
| # Copyright (c) 2025 Berachain Foundation | |
| # | |
| # Permission is hereby granted, free of charge, to any person | |
| # obtaining a copy of this software and associated documentation | |
| # files (the "Software"), to deal in the Software without | |
| # restriction, including without limitation the rights to use, | |
| # copy, modify, merge, publish, distribute, sublicense, and/or sell | |
| # copies of the Software, and to permit persons to whom the | |
| # Software is furnished to do so, subject to the following | |
| # conditions: | |
| # | |
| # The above copyright notice and this permission notice shall be | |
| # included in all copies or substantial portions of the Software. | |
| # | |
| # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | |
| # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES | |
| # OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND | |
| # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT | |
| # HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, | |
| # WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING | |
| # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR | |
| # OTHER DEALINGS IN THE SOFTWARE. | |
| name: release | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| branches: | |
| - 'release/*' | |
| env: | |
| REPO_NAME: ${{ github.repository }} | |
| IMAGE_NAME: ${{ github.repository }} | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| jobs: | |
| # Job to extract version | |
| extract-version: | |
| name: extract version | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Extract version | |
| run: echo "VERSION=$(echo ${GITHUB_REF#refs/tags/})" >> $GITHUB_OUTPUT | |
| id: extract_version | |
| outputs: | |
| VERSION: ${{ steps.extract_version.outputs.VERSION }} | |
| # Job to build release | |
| build: | |
| name: build release | |
| needs: extract-version | |
| strategy: | |
| matrix: | |
| configs: | |
| - arch: arm64 | |
| target-os: linux | |
| runs-on: ubuntu-latest | |
| - arch: amd64 | |
| target-os: linux | |
| runs-on: ubuntu-latest | |
| - arch: arm64 | |
| target-os: darwin | |
| runs-on: macos-14 | |
| build: | |
| - binary: beacond | |
| runs-on: ${{ matrix.configs.runs-on }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-go@v3 | |
| with: | |
| go-version: "^1.23" | |
| env: | |
| GOOS: ${{ matrix.configs.target-os }} | |
| GOARCH: ${{ matrix.configs.arch }} | |
| - name: Import GPG key | |
| run: echo "$GPG_KEY" | gpg --batch --import | |
| env: | |
| GPG_KEY: ${{ secrets.GPG_KEY }} | |
| - name: Build ${{ matrix.build.binary }} | |
| run: | | |
| make build-${{ matrix.configs.target-os }}-${{ matrix.configs.arch }}-${{ needs.extract-version.outputs.VERSION }} | |
| tar -czvf ${{ matrix.build.binary }}-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.configs.target-os }}-${{ matrix.configs.arch }}.tar.gz -C build/bin . | |
| - name: Sign binary archive | |
| run: gpg --batch --yes --pinentry-mode=loopback --passphrase "$GPG_KEY_PASSPHRASE" --detach-sign ${{ matrix.build.binary }}-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.configs.target-os }}-${{ matrix.configs.arch }}.tar.gz | |
| env: | |
| GPG_KEY_PASSPHRASE: ${{ secrets.GPG_KEY_PASSPHRASE }} | |
| # Upload archives and signatures | |
| - name: Upload archive | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.build.binary }}-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.configs.target-os }}-${{ matrix.configs.arch }}.tar.gz | |
| path: | | |
| ${{ matrix.build.binary }}-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.configs.target-os }}-${{ matrix.configs.arch }}.tar.gz | |
| - name: Upload archive signature | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.build.binary }}-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.configs.target-os }}-${{ matrix.configs.arch }}.tar.gz.sig | |
| path: | | |
| ${{ matrix.build.binary }}-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.configs.target-os }}-${{ matrix.configs.arch }}.tar.gz.sig | |
| # Job to draft release | |
| draft-release: | |
| name: draft release | |
| needs: [build, extract-version] | |
| runs-on: ubuntu-latest | |
| env: | |
| VERSION: ${{ needs.extract-version.outputs.VERSION }} | |
| permissions: | |
| contents: write # Required to post the release | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # This is necessary for generating the changelog. It has to come before "Download Artifacts" or else it deletes the artifacts. | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v4 | |
| - name: Generate full changelog | |
| id: changelog | |
| run: | | |
| echo "CHANGELOG<<EOF" >> $GITHUB_OUTPUT | |
| echo "$(git log --pretty=format:"- %s" $(git describe --tags --abbrev=0 ${{ env.VERSION }}^)..${{ env.VERSION }})" >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| - name: Create release draft | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # The formatting here is borrowed from Reth (which is borrowed from Lighthouse (which is borrowed from OpenEthereum)): | |
| # https://github.com/openethereum/openethereum/blob/6c2d392d867b058ff867c4373e40850ca3f96969/.github/workflows/build.yml | |
| run: | | |
| body=$(cat <<- "ENDBODY" | |
|  | |
| ## Testing Checklist (DELETE ME) | |
| - [ ] Run on testnet for 1-3 days. | |
| - [ ] Resync a mainnet node. | |
| - [ ] Ensure all CI checks pass. | |
| ## Release Checklist (DELETE ME) | |
| - [ ] Ensure all crates have had their versions bumped. | |
| - [ ] Write the summary. | |
| - [ ] Fill out the update priority. | |
| - [ ] Ensure all binaries have been added. | |
| - [ ] Prepare release posts (Twitter, ...). | |
| ## Summary | |
| Add a summary, including: | |
| - Critical bug fixes | |
| - New features | |
| - Any breaking changes (and what to expect) | |
| ## Update Priority | |
| This table provides priorities for which classes of users should update particular components. | |
| | User Class | Priority | | |
| |----------------------|-----------------| | |
| | Payload Builders | <TODO> | | |
| | Non-Payload Builders | <TODO> | | |
| ## All Changes | |
| ${{ steps.changelog.outputs.CHANGELOG }} | |
| ## Binaries | |
| | System | Architecture | Binary | PGP Signature | | |
| |:---:|:---:|:---:|:---| | |
| | <img src="https://simpleicons.org/icons/linux.svg" style="width: 32px;"/> | amd64 | [beacond-${{ env.VERSION }}-linux-amd64](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/beacond-${{ env.VERSION }}-linux-amd64.tar.gz) | [Signature](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/beacond-${{ env.VERSION }}-linux-amd64.tar.gz.sig) | | |
| | <img src="https://simpleicons.org/icons/linux.svg" style="width: 32px;"/> | arm64 | [beacond-${{ env.VERSION }}-linux-arm64](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/beacond-${{ env.VERSION }}-linux-arm64.tar.gz) | [Signature](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/beacond-${{ env.VERSION }}-linux-arm64.tar.gz.sig) | | |
| | <img src="https://simpleicons.org/icons/apple.svg" style="width: 32px;"/> | arm64 | [beacond-${{ env.VERSION }}-darwin-arm64](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/beacond-${{ env.VERSION }}-darwin-arm64.tar.gz) | [Signature](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/beacond-${{ env.VERSION }}-darwin-arm64.tar.gz.sig) | | |
| | **System** | **Option** | - | **Resource** | | |
| | <img src="https://simpleicons.org/icons/docker.svg" style="width: 32px;"/> | Docker | | [${{ env.IMAGE_NAME }}](https://ghcr.io/berachain/beacon-kit) | | |
| ### Verifying signatures | |
| Use gpg to verify the signature on these binary archives. This is important to make sure that the content you\'ve downloaded is legitimate. gpg can be installed with most package managers. For example: | |
| - `brew install gpg` on mac | |
| - `apt install gpg` on Ubuntu/Debian | |
| Once gpg is installed, import our public key into its database and verify: | |
| - [Download signing public key from here](https://raw.githubusercontent.com/${{ github.repository }}/${{ github.ref_name }}/.github/workflows/berachain_release.asc). | |
| - Run `gpg --import berachain_release.asc` | |
| - Verify with `gpg --verify {signature}.sig {binary}.tar.gz` | |
| - This message is expected: `WARNING: This key is not certified with a trusted signature!` | |
| - To resolve the warning, trust the key by signing with your own keypair. `gpg --lsign-key <keyid>` | |
| ENDBODY | |
| ) | |
| assets=() | |
| for asset in ./*beacond-*.tar.gz*; do | |
| assets+=("$asset/$asset") | |
| done | |
| tag_name="${{ env.VERSION }}" | |
| echo "$body" | gh release create --draft -t "BeaconKit $tag_name" -F "-" "$tag_name" "${assets[@]}" |