Commit-Boost
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 125 additions & 34 deletions b/‎.github/workflows/release.yml‎
Lines changed: 125 additions & 34 deletions
diff --git a/‎provisioning/build.Dockerfile‎
Lines changed: 4 additions & 17 deletions b/‎provisioning/build.Dockerfile‎
Lines changed: 4 additions & 17 deletions
diff --git a/‎provisioning/cli.Dockerfile‎ b/‎provisioning/cli.Dockerfile‎
diff --git a/‎provisioning/protoc.sh‎
Lines changed: 57 additions & 0 deletions b/‎provisioning/protoc.sh‎
Lines changed: 57 additions & 0 deletions
@@ -10,22 +10,95 @@ permissions:
   packages: write
 
 jobs:
-  build-binaries:
+  # Builds the x64 and arm64 binaries for Linux, for all 3 crates, via the Docker builder
+  build-binaries-linux:
     strategy:
       matrix:
         target:
-          - x86_64-unknown-linux-gnu
+          - amd64
+          - arm64
+        name:
+          - commit-boost-cli
+          - commit-boost-pbs
+          - commit-boost-signer
+        include:
+          - target: amd64
+            package-suffix: x86-64
+          - target: arm64
+            package-suffix: arm64
+          - name: commit-boost-cli
+            target-crate: cli
+          - name: commit-boost-pbs
+            target-crate: pbs
+          - name: commit-boost-signer
+            target-crate: signer
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: "stable"
+          fetch-depth: 0
+          submodules: true
+
+      - name: Log commit hash
+        run: |
+          echo "Releasing commit: $(git rev-parse HEAD)"
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build binary (Linux)
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: false
+          platforms: linux/amd64,linux/arm64
+          cache-from: type=registry,ref=ghcr.io/commit-boost/buildcache:${{ matrix.target-crate}}
+          cache-to: type=registry,ref=ghcr.io/commit-boost/buildcache:${{ matrix.target-crate }},mode=max
+          file: provisioning/build.Dockerfile
+          outputs: type=local,dest=build
+          build-args: |
+            TARGET_CRATE=${{ matrix.name }}
+
+      - name: Package binary (Linux)
+        run: |
+          cd build/linux_${{ matrix.target }}
+          tar -czvf ${{ matrix.name }}-${{ github.ref_name }}-linux_${{ matrix.package-suffix }}.tar.gz ${{ matrix.name }}
+          mv ${{ matrix.name }}-${{ github.ref_name }}-linux_${{ matrix.package-suffix }}.tar.gz ../../
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.name }}-${{ github.ref_name }}-linux_${{ matrix.package-suffix }}
+          path: |
+            ${{ matrix.name }}-${{ github.ref_name }}-linux_${{ matrix.package-suffix }}.tar.gz
+
+  # Builds the arm64 binaries for Darwin, for all 3 crates, natively
+  build-binaries-darwin:
+    strategy:
+      matrix:
+        target:
+          # x64 requires macos-latest-large which is not available in the free tier
           # - x86_64-apple-darwin
           - aarch64-apple-darwin
         name:
           - commit-boost-cli
           - commit-boost-pbs
           - commit-boost-signer
         include:
-          - target: x86_64-unknown-linux-gnu
-            os: ubuntu-latest
           # - target: x86_64-apple-darwin
-          #   os: macos-latest
+          #  os: macos-latest-large
           - target: aarch64-apple-darwin
             os: macos-latest
     runs-on: ${{ matrix.os }}
@@ -41,6 +114,12 @@ jobs:
         run: |
           echo "Releasing commit: $(git rev-parse HEAD)"
 
+      - name: Install Protoc
+        run:
+          # Brew's version is much more up to date than the Linux ones, and installing the latest via script runs into curl issues so for now, brew's easier to use
+          # provisioning/protoc.sh
+          brew install protobuf
+
       - name: Cache Cargo registry
         uses: actions/cache@v3
         with:
@@ -63,48 +142,25 @@ jobs:
             ${{ runner.os }}-cargo-build-${{ matrix.target }}-
             ${{ runner.os }}-cargo-build-
 
-      - name: Install protoc (Ubuntu)
-        if: runner.os == 'Linux'
-        run: sudo apt-get install protobuf-compiler
-
-      - name: Install protoc (macOS)
-        if: runner.os == 'macOS'
-        run: brew install protobuf
-
-      - name: Set up Rust
-        uses: actions-rs/toolchain@v1
-        with:
-          profile: minimal
-          toolchain: stable
-          override: true
-          target: ${{ matrix.target }}
-
-      - name: Build binary
+      - name: Build binary (Darwin)
         run: cargo build --release --target ${{ matrix.target }} --bin ${{ matrix.name }}
-        env:
-          CARGO_TARGET_X86_64_PC_WINDOWS_GNU_LINKER: gcc
 
       - name: Package binary (Unix)
-        if: runner.os != 'Windows'
         run: |
           cd target/${{ matrix.target }}/release
           tar -czvf ${{ matrix.name }}-${{ github.ref_name }}-${{ matrix.target }}.tar.gz ${{ matrix.name }}
           mv ${{ matrix.name }}-${{ github.ref_name }}-${{ matrix.target }}.tar.gz ../../../
 
-      - name: Package binary (Windows)
-        if: runner.os == 'Windows'
-        run: |
-          7z a ${{ matrix.name }}-${{ github.ref_name }}-${{ matrix.target }}.zip target\${{ matrix.target }}\release\${{ matrix.name }}.exe
-
       - name: Upload artifact
         uses: actions/upload-artifact@v4
         with:
           name: ${{ matrix.name }}-${{ github.ref_name }}-${{ matrix.target }}
           path: |
-            ${{ matrix.name }}-${{ github.ref_name }}-${{ matrix.target }}.${{ runner.os == 'Windows' && 'zip' || 'tar.gz' }}
+            ${{ matrix.name }}-${{ github.ref_name }}-${{ matrix.target }}.tar.gz
 
+  # Builds the PBS Docker image
   build-and-push-pbs-docker:
-    needs: [build-binaries]
+    needs: [build-binaries-linux]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
@@ -114,6 +170,20 @@ jobs:
           fetch-depth: 0
           submodules: true
 
+      - name: Download binary archives
+        uses: actions/download-artifact@v4
+        with:
+          path: ./artifacts
+          pattern: "commit-boost-*"
+
+      - name: Extract binaries
+        run: |
+          mkdir -p ./artifacts/bin
+          tar -xzf ./artifacts/commit-boost-pbs-${{ github.ref_name }}-linux_x86-64/commit-boost-pbs-${{ github.ref_name }}-linux_x86-64.tar.gz -C ./artifacts/bin
+          mv ./artifacts/bin/commit-boost-pbs ./artifacts/bin/commit-boost-pbs-linux-amd64
+          tar -xzf ./artifacts/commit-boost-pbs-${{ github.ref_name }}-linux_arm64/commit-boost-pbs-${{ github.ref_name }}-linux_arm64.tar.gz -C ./artifacts/bin
+          mv ./artifacts/bin/commit-boost-pbs ./artifacts/bin/commit-boost-pbs-linux-arm64
+
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
 
@@ -133,15 +203,18 @@ jobs:
           context: .
           push: true
           platforms: linux/amd64,linux/arm64
+          build-args: |
+            BINARIES_PATH=./artifacts/bin
           tags: |
             ghcr.io/commit-boost/pbs:${{ github.ref_name }}
             ${{ !contains(github.ref_name, 'rc') && 'ghcr.io/commit-boost/pbs:latest' || '' }}
           cache-from: type=registry,ref=ghcr.io/commit-boost/pbs:buildcache
           cache-to: type=registry,ref=ghcr.io/commit-boost/pbs:buildcache,mode=max
           file: provisioning/pbs.Dockerfile
 
+  # Builds the Signer Docker image
   build-and-push-signer-docker:
-    needs: [build-binaries]
+    needs: [build-binaries-linux]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
@@ -151,6 +224,20 @@ jobs:
           fetch-depth: 0
           submodules: true
 
+      - name: Download binary archives
+        uses: actions/download-artifact@v4
+        with:
+          path: ./artifacts
+          pattern: "commit-boost-*"
+
+      - name: Extract binaries
+        run: |
+          mkdir -p ./artifacts/bin
+          tar -xzf ./artifacts/commit-boost-signer-${{ github.ref_name }}-linux_x86-64/commit-boost-signer-${{ github.ref_name }}-linux_x86-64.tar.gz -C ./artifacts/bin
+          mv ./artifacts/bin/commit-boost-signer ./artifacts/bin/commit-boost-signer-linux-amd64
+          tar -xzf ./artifacts/commit-boost-signer-${{ github.ref_name }}-linux_arm64/commit-boost-signer-${{ github.ref_name }}-linux_arm64.tar.gz -C ./artifacts/bin
+          mv ./artifacts/bin/commit-boost-signer ./artifacts/bin/commit-boost-signer-linux-arm64
+
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
 
@@ -170,16 +257,20 @@ jobs:
           context: .
           push: true
           platforms: linux/amd64,linux/arm64
+          build-args: |
+            BINARIES_PATH=./artifacts/bin
           tags: |
             ghcr.io/commit-boost/signer:${{ github.ref_name }}
             ${{ !contains(github.ref_name, 'rc') && 'ghcr.io/commit-boost/signer:latest' || '' }}
           cache-from: type=registry,ref=ghcr.io/commit-boost/signer:buildcache
           cache-to: type=registry,ref=ghcr.io/commit-boost/signer:buildcache,mode=max
           file: provisioning/signer.Dockerfile
 
+  # Creates a draft release on GitHub with the binaries
   finalize-release:
     needs:
-      - build-binaries
+      - build-binaries-linux
+      - build-binaries-darwin
       - build-and-push-pbs-docker
       - build-and-push-signer-docker
     runs-on: ubuntu-latest
 
@@ -14,23 +14,6 @@ RUN test -n "$TARGET_CRATE" || (echo "TARGET_CRATE must be set to the service /
 ENV BUILD_VAR_SCRIPT=/tmp/env.sh
 COPY --from=planner /app/recipe.json recipe.json
 
-# Get the latest Protoc since the one in the Debian repo is incredibly old
-RUN apt update && apt install -y unzip curl ca-certificates && \
-  PROTOC_VERSION=$(curl -s "https://api.github.com/repos/protocolbuffers/protobuf/releases/latest" | grep -Po '"tag_name": "v\K[0-9.]+') && \
-  if [ "$BUILDPLATFORM" = "linux/amd64" ]; then \
-    PROTOC_ARCH=x86_64; \
-  elif [ "$BUILDPLATFORM" = "linux/arm64" ]; then \
-    PROTOC_ARCH=aarch_64; \
-  else \
-    echo "${BUILDPLATFORM} is not supported."; \
-    exit 1; \
-  fi && \
-  curl -Lo protoc.zip https://github.com/protocolbuffers/protobuf/releases/latest/download/protoc-$PROTOC_VERSION-linux-$PROTOC_ARCH.zip && \
-  unzip -q protoc.zip bin/protoc -d /usr && \
-  unzip -q protoc.zip "include/google/*" -d /usr && \
-  chmod a+x /usr/bin/protoc && \
-  rm -rf protoc.zip
-
 # Set up the build environment for cross-compilation if needed
 RUN if [ "$BUILDPLATFORM" = "linux/amd64" -a "$TARGETARCH" = "arm64" ]; then \
       # We're on x64, cross-compiling for arm64
@@ -90,6 +73,10 @@ RUN if [ -f ${BUILD_VAR_SCRIPT} ]; then \
     export GIT_HASH=$(git rev-parse HEAD) && \
     cargo chef cook ${TARGET_FLAG} --release --recipe-path recipe.json ${FEATURE_OPENSSL_VENDORED}
 
+# Get the latest Protoc since the one in the Debian repo is incredibly old
+COPY provisioning/protoc.sh provisioning/protoc.sh
+RUN provisioning/protoc.sh
+
 # Now we can copy the source files - chef cook wants to run before this step
 COPY . .
 
 
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+# This script installs the latest version of protoc (Protocol Buffers Compiler) from the official GitHub repository.
+
+# Print a failure message to stderr and exit
+fail() {
+    MESSAGE=$1
+    RED='\033[0;31m'
+    RESET='\033[;0m'
+    >&2 echo -e "\n${RED}**ERROR**\n$MESSAGE${RESET}\n"
+    exit 1
+}
+
+# Get the OS
+case "$(uname)" in
+    Darwin*)
+        PROTOC_OS="osx" ;
+        TARGET_DIR="/opt/homebrew" ; # Emulating a homebrew install so we don't need elevated permissions
+        # Darwin comes with unzip and curl already
+        brew install jq ;;
+    Linux*)
+        PROTOC_OS="linux" ;
+        TARGET_DIR="/usr" ; # Assumes the script is run as root or the user can do it manually
+        apt update && apt install -y unzip curl ca-certificates jq ;;
+    *)
+        echo "Unsupported OS: $(uname)" ;
+        exit 1 ;;
+esac
+
+# Get the architecture
+case "$(uname -m)" in
+    x86_64)  PROTOC_ARCH="x86_64" ;;
+    aarch64) PROTOC_ARCH="aarch_64" ;;
+    arm64)   PROTOC_ARCH="aarch_64" ;;
+    *)       echo "Unsupported architecture: [$(uname -m)]"; exit 1 ;;
+esac
+
+# Get the latest version
+PROTOC_RAW_VERSION=$(curl --retry 10 --retry-delay 2 --retry-all-errors -fsL "https://api.github.com/repos/protocolbuffers/protobuf/releases/latest" | jq -r .tag_name) || fail "Failed to get the latest version of protoc"
+if [ "$PROTOC_RAW_VERSION" = "null" ]; then
+    fail "Failed to get the latest version of protoc"
+fi
+echo "Latest version of protoc: [$PROTOC_RAW_VERSION]"
+PROTOC_VERSION=$(echo $PROTOC_RAW_VERSION | sed 's/^v//') || fail "Failed to parse the latest version of protoc"
+if [ -z "$PROTOC_VERSION" ]; then
+    fail "Latest version of protoc was empty"
+fi
+
+echo "Installing protoc: $PROTOC_VERSION-$PROTOC_OS-$PROTOC_ARCH"
+
+# Download and install protoc
+curl --retry 10 --retry-delay 2 --retry-all-errors -fsLo protoc.zip https://github.com/protocolbuffers/protobuf/releases/latest/download/protoc-$PROTOC_VERSION-$PROTOC_OS-$PROTOC_ARCH.zip || fail "Failed to download protoc"
+unzip -q protoc.zip bin/protoc -d $TARGET_DIR || fail "Failed to unzip protoc"
+unzip -q protoc.zip "include/google/*" -d $TARGET_DIR || fail "Failed to unzip protoc includes"
+chmod a+x $TARGET_DIR/bin/protoc || fail "Failed to set executable permissions for protoc"
+rm -rf protoc.zip || fail "Failed to remove protoc zip file"
+echo "protoc ${PROTOC_VERSION} installed successfully for ${PROTOC_OS} ${PROTOC_ARCH}"