f353e00172
- Restructure .env.example with security-focused documentation, service-specific environment file references, and AWS Secrets Manager integration - Update CLI tests workflow to single Python 3.13 version, add pytest-mock dependency, and consolidate test execution with coverage - Add comprehensive security validation to package publishing workflow with manual approval gates, secret scanning, and release
315 lines
10 KiB
YAML
315 lines
10 KiB
YAML
name: Publish Packages to GitHub Packages Registry
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- 'v*'
|
|
release:
|
|
types: [published]
|
|
workflow_dispatch:
|
|
inputs:
|
|
version:
|
|
description: 'Version to publish (e.g., 0.1.0)'
|
|
required: true
|
|
default: '0.1.0'
|
|
|
|
jobs:
|
|
publish-debian-packages:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Login to GitHub Container Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Build and publish Debian packages
|
|
run: |
|
|
# Create Debian package structure
|
|
mkdir -p dist/debian
|
|
|
|
# Copy existing packages
|
|
cp packages/github/packages/debian-packages/*.deb dist/debian/
|
|
|
|
# Create Dockerfile for Debian packages
|
|
cat > dist/debian/Dockerfile << 'EOF'
|
|
FROM debian:trixie-slim
|
|
LABEL maintainer="AITBC Team"
|
|
LABEL version="0.1.0"
|
|
|
|
# Copy packages
|
|
COPY *.deb /tmp/
|
|
|
|
# Install packages
|
|
RUN dpkg -i /tmp/*.deb || true && \
|
|
apt-get install -f -y && \
|
|
rm /tmp/*.deb
|
|
|
|
# Set entrypoint
|
|
ENTRYPOINT ["/usr/bin/aitbc"]
|
|
EOF
|
|
|
|
# Build and push Docker image
|
|
cd dist/debian
|
|
docker buildx build \
|
|
--platform linux/amd64,linux/arm64 \
|
|
--tag ghcr.io/${{ github.repository }}/aitbc-cli:${{ github.ref_name || github.event.inputs.version }} \
|
|
--tag ghcr.io/${{ github.repository }}/aitbc-cli:latest \
|
|
--push \
|
|
.
|
|
|
|
- name: Publish individual service packages
|
|
run: |
|
|
cd packages/github/packages/debian-packages
|
|
|
|
# Publish each service as a separate container
|
|
for package in aitbc-*-service_0.1.0_all.deb; do
|
|
service_name=$(echo $package | sed 's/aitbc-\(.*\)-service_0.1.0_all.deb/\1/')
|
|
|
|
# Create service-specific Dockerfile
|
|
cat > Dockerfile.service << EOF
|
|
FROM debian:trixie-slim
|
|
LABEL maintainer="AITBC Team"
|
|
LABEL version="0.1.0"
|
|
LABEL service="${service_name}"
|
|
|
|
COPY ${package} /tmp/
|
|
RUN dpkg -i /tmp/${package} || true && \
|
|
apt-get install -f -y && \
|
|
rm /tmp/${package}
|
|
EOF
|
|
|
|
# Build and push service image
|
|
docker buildx build \
|
|
-f Dockerfile.service \
|
|
--platform linux/amd64,linux/arm64 \
|
|
--tag ghcr.io/${{ github.repository }}/aitbc-${service_name}-service:${{ github.ref_name || github.event.inputs.version }} \
|
|
--tag ghcr.io/${{ github.repository }}/aitbc-${service_name}-service:latest \
|
|
--push \
|
|
.
|
|
done
|
|
|
|
publish-macos-packages:
|
|
runs-on: macos-latest
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Xcode
|
|
uses: maxim-lobanov/setup-xcode@v1
|
|
with:
|
|
xcode-version: latest-stable
|
|
|
|
- name: Build macOS packages
|
|
run: |
|
|
cd packages
|
|
./build-macos-packages.sh
|
|
|
|
- name: Create GitHub Package for macOS
|
|
run: |
|
|
cd packages/github/packages/macos-packages
|
|
|
|
# Create package metadata
|
|
cat > package.json << EOF
|
|
{
|
|
"name": "@aitbc/cli-macos",
|
|
"version": "${{ github.ref_name || github.event.inputs.version }}",
|
|
"description": "AITBC CLI for macOS Apple Silicon",
|
|
"main": "aitbc-cli",
|
|
"files": [
|
|
"*.pkg",
|
|
"*.sh"
|
|
],
|
|
"repository": {
|
|
"type": "git",
|
|
"url": "https://github.com/${{ github.repository }}.git"
|
|
},
|
|
"author": "AITBC Team",
|
|
"license": "MIT",
|
|
"publishConfig": {
|
|
"registry": "https://npm.pkg.github.com"
|
|
}
|
|
}
|
|
EOF
|
|
|
|
- name: Publish to GitHub Packages (npm registry)
|
|
run: |
|
|
cd packages/github/packages/macos-packages
|
|
|
|
# Set up npm registry
|
|
npm config set @aitbc:registry https://npm.pkg.github.com
|
|
npm config set //npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }}
|
|
|
|
# Publish package
|
|
npm publish
|
|
|
|
publish-universal-installer:
|
|
runs-on: ubuntu-latest
|
|
needs: [publish-debian-packages, publish-macos-packages]
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Create universal package manifest
|
|
run: |
|
|
cat > packages/github/packages/package-manifest.json << EOF
|
|
{
|
|
"name": "aitbc-universal-installer",
|
|
"version": "${{ github.ref_name || github.event.inputs.version }}",
|
|
"description": "Universal AITBC package installer for all platforms",
|
|
"platforms": {
|
|
"linux": {
|
|
"packages": [
|
|
"ghcr.io/${{ github.repository }}/aitbc-cli:latest",
|
|
"ghcr.io/${{ github.repository }}/aitbc-node-service:latest",
|
|
"ghcr.io/${{ github.repository }}/aitbc-coordinator-service:latest",
|
|
"ghcr.io/${{ github.repository }}/aitbc-miner-service:latest",
|
|
"ghcr.io/${{ github.repository }}/aitbc-marketplace-service:latest",
|
|
"ghcr.io/${{ github.repository }}/aitbc-explorer-service:latest",
|
|
"ghcr.io/${{ github.repository }}/aitbc-wallet-service:latest",
|
|
"ghcr.io/${{ github.repository }}/aitbc-multimodal-service:latest"
|
|
],
|
|
"installer": "https://raw.githubusercontent.com/${{ github.repository }}/main/packages/github/install.sh"
|
|
},
|
|
"macos": {
|
|
"packages": [
|
|
"@aitbc/cli-macos:latest"
|
|
],
|
|
"installer": "https://raw.githubusercontent.com/${{ github.repository }}/main/packages/github/packages/macos-packages/install-macos-complete.sh"
|
|
}
|
|
},
|
|
"checksums": {
|
|
"debian": "$(cat packages/github/packages/debian-packages/checksums.txt)",
|
|
"macos": "$(cat packages/github/packages/macos-packages/checksums.txt)"
|
|
}
|
|
}
|
|
EOF
|
|
|
|
- name: Publish manifest to GitHub Packages
|
|
run: |
|
|
# Create a simple package for the manifest
|
|
mkdir -p manifest-pkg
|
|
cd manifest-pkg
|
|
|
|
cat > package.json << EOF
|
|
{
|
|
"name": "@aitbc/manifest",
|
|
"version": "${{ github.ref_name || github.event.inputs.version }}",
|
|
"description": "AITBC Universal Package Manifest",
|
|
"main": "manifest.json",
|
|
"files": [
|
|
"manifest.json"
|
|
],
|
|
"repository": {
|
|
"type": "git",
|
|
"url": "https://github.com/${{ github.repository }}.git"
|
|
},
|
|
"author": "AITBC Team",
|
|
"license": "MIT",
|
|
"publishConfig": {
|
|
"registry": "https://npm.pkg.github.com"
|
|
}
|
|
}
|
|
EOF
|
|
|
|
cp ../packages/github/packages/package-manifest.json manifest.json
|
|
|
|
# Set up npm registry
|
|
npm config set @aitbc:registry https://npm.pkg.github.com
|
|
npm config set //npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }}
|
|
|
|
# Publish manifest
|
|
npm publish
|
|
|
|
update-package-index:
|
|
runs-on: ubuntu-latest
|
|
needs: [publish-debian-packages, publish-macos-packages, publish-universal-installer]
|
|
permissions:
|
|
contents: write
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Update package index
|
|
run: |
|
|
cat > packages/github/packages/PACKAGE_INDEX.md << EOF
|
|
# AITBC Packages Index
|
|
|
|
## Published Packages
|
|
|
|
### Container Registry (ghcr.io)
|
|
|
|
#### CLI Package
|
|
- **Package**: \`ghcr.io/${{ github.repository }}/aitbc-cli:latest\`
|
|
- **Platforms**: linux/amd64, linux/arm64
|
|
- **Version**: ${{ github.ref_name || github.event.inputs.version }}
|
|
|
|
#### Service Packages
|
|
- **Node Service**: \`ghcr.io/${{ github.repository }}/aitbc-node-service:latest\`
|
|
- **Coordinator Service**: \`ghcr.io/${{ github.repository }}/aitbc-coordinator-service:latest\`
|
|
- **Miner Service**: \`ghcr.io/${{ github.repository }}/aitbc-miner-service:latest\`
|
|
- **Marketplace Service**: \`ghcr.io/${{ github.repository }}/aitbc-marketplace-service:latest\`
|
|
- **Explorer Service**: \`ghcr.io/${{ github.repository }}/aitbc-explorer-service:latest\`
|
|
- **Wallet Service**: \`ghcr.io/${{ github.repository }}/aitbc-wallet-service:latest\`
|
|
- **Multimodal Service**: \`ghcr.io/${{ github.repository }}/aitbc-multimodal-service:latest\`
|
|
|
|
### NPM Registry (npm.pkg.github.com)
|
|
|
|
#### macOS Package
|
|
- **Package**: \`@aitbc/cli-macos@${{ github.ref_name || github.event.inputs.version }}\`
|
|
- **Platform**: macOS Apple Silicon
|
|
- **Format**: npm package with .pkg installer
|
|
|
|
#### Universal Manifest
|
|
- **Package**: \`@aitbc/manifest@${{ github.ref_name || github.event.inputs.version }}\`
|
|
- **Content**: Universal package manifest for all platforms
|
|
|
|
## Installation
|
|
|
|
### Linux (Docker)
|
|
\`\`\`bash
|
|
docker run --rm -it ghcr.io/${{ github.repository }}/aitbc-cli:latest --help
|
|
\`\`\`
|
|
|
|
### macOS (npm)
|
|
\`\`\`bash
|
|
npm install @aitbc/cli-macos@${{ github.ref_name || github.event.inputs.version }}
|
|
\`\`\`
|
|
|
|
### Universal Installer
|
|
\`\`\`bash
|
|
curl -fsSL https://raw.githubusercontent.com/${{ github.repository }}/main/packages/github/install.sh | bash
|
|
\`\`\`
|
|
|
|
---
|
|
*Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")*
|
|
EOF
|
|
|
|
- name: Commit and push changes
|
|
run: |
|
|
git config --local user.email "action@github.com"
|
|
git config --local user.name "GitHub Action"
|
|
git add packages/github/packages/PACKAGE_INDEX.md
|
|
git diff --staged --quiet || git commit -m "Update package index for version ${{ github.ref_name || github.event.inputs.version }}"
|
|
git push
|