Merge branch 'master' into ao-try-fixing-zombienet-slashing

* master: (24 commits)
  GHW for building and publishing docker images (#1391)
  pallet asset-conversion additional quote tests (#1371)
  Remove deprecated `pallet_balances`'s `set_balance_deprecated` and `transfer` dispatchables (#1226)
  Fix PRdoc check (#1419)
  Fix the wasm runtime substitute caching bug (#1416)
  Bump enumn from 0.1.11 to 0.1.12 (#1412)
  RFC 14: Improve locking mechanism for parachains (#1290)
  Add PRdoc check (#1408)
  fmt fixes (#1413)
  Enforce a decoding limit in MultiAssets (#1395)
  Remove dynamic dispatch using `Ext` (#1399)
  Remove redundant calls to `borrow()` (#1393)
  Get rid of polling in `WarpSync` (#1265)
  Bump actions/checkout from 3 to 4 (#1398)
  Bump thiserror from 1.0.47 to 1.0.48 (#1396)
  Move Relay-Specific Shared Code to One Place (#1193)
  rust docs: add simple analytics (#1377)
  Contracts: Update read_sandbox (#1390)
  Extract block announce validation from `ChainSync` (#1170)
  [ci] Remove runtime-benchmarks from tests (#1335)
  ...

Author: ordian

.gitlab/common/lib.sh renamed to .github/scripts/common/lib.sh

@@ -96,7 +96,7 @@ structure_message() {
 # access_token: see https://matrix.org/docs/guides/client-server-api/
 # Usage: send_message $body (json formatted) $room_id $access_token
 send_message() {
-curl -XPOST -d "$1" "https://matrix.parity.io/_matrix/client/r0/rooms/$2/send/m.room.message?access_token=$3"
+  curl -XPOST -d "$1" "https://m.parity.io/_matrix/client/r0/rooms/$2/send/m.room.message?access_token=$3"
 }
 
 # Pretty-printing functions
@@ -193,3 +193,74 @@ check_bootnode(){
     echo "    Bootnode appears unreachable"
     return 1
 }
+
+# Assumes the ENV are set:
+# - RELEASE_ID
+# - GITHUB_TOKEN
+# - REPO in the form paritytech/polkadot
+fetch_release_artifacts() {
+  echo "Release ID : $RELEASE_ID"
+  echo "Repo       : $REPO"
+  echo "Binary     : $BINARY"
+
+  curl -L -s \
+    -H "Accept: application/vnd.github+json" \
+    -H "Authorization: Bearer ${GITHUB_TOKEN}" \
+    -H "X-GitHub-Api-Version: 2022-11-28" \
+    https://api.github.com/repos/${REPO}/releases/${RELEASE_ID} > release.json
+
+  # Get Asset ids
+  ids=($(jq -r '.assets[].id' < release.json ))
+  count=$(jq '.assets|length' < release.json )
+
+  # Fetch artifacts
+  mkdir -p "./release-artifacts/${BINARY}"
+  pushd "./release-artifacts/${BINARY}" > /dev/null
+
+  iter=1
+  for id in "${ids[@]}"
+  do
+      echo " - $iter/$count: downloading asset id: $id..."
+      curl -s -OJ -L -H "Accept: application/octet-stream" \
+          -H "Authorization: Token ${GITHUB_TOKEN}" \
+          "https://api.github.com/repos/${REPO}/releases/assets/$id"
+      iter=$((iter + 1))
+  done
+
+  pwd
+  ls -al --color
+  popd > /dev/null
+}
+
+# Check the checksum for a given binary
+function check_sha256() {
+    echo "Checking SHA256 for $1"
+    shasum -qc $1.sha256
+}
+
+# Import GPG keys of the release team members
+# This is done in parallel as it can take a while sometimes
+function import_gpg_keys() {
+  GPG_KEYSERVER=${GPG_KEYSERVER:-"keyserver.ubuntu.com"}
+  SEC="9D4B2B6EB8F97156D19669A9FF0812D491B96798"
+  WILL="2835EAF92072BC01D188AF2C4A092B93E97CE1E2"
+  EGOR="E6FC4D4782EB0FA64A4903CCDB7D3555DD3932D3"
+  MARA="533C920F40E73A21EEB7E9EBF27AEA7E7594C9CF"
+  MORGAN="2E92A9D8B15D7891363D1AE8AF9E6C43F7F8C4CF"
+
+  echo "Importing GPG keys from $GPG_KEYSERVER in parallel"
+  for key in $SEC $WILL $EGOR $MARA $MORGAN; do
+    (
+      echo "Importing GPG key $key"
+      gpg --no-tty --quiet --keyserver $GPG_KEYSERVER --recv-keys $key
+      echo -e "5\ny\n" | gpg --no-tty --command-fd 0 --expert --edit-key $key trust;
+    ) &
+  done
+  wait
+}
+
+# Check the GPG signature for a given binary
+function check_gpg() {
+    echo "Checking GPG Signature for $1"
+    gpg --no-tty --verify -q $1.asc $1
+}

.github/workflows/check-licenses.yml

@@ -14,7 +14,7 @@ jobs:
       NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - name: Checkout sources
-        uses: actions/checkout@v3
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
       - uses: actions/[email protected]
         with:
           node-version: "18.x"

.github/workflows/check-markdown.yml

@@ -13,7 +13,7 @@ jobs:
 
     steps:
       - name: Checkout sources
-        uses: actions/checkout@v3
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
 
       - uses: actions/[email protected]
         with:

.github/workflows/check-prdoc.yml

@@ -0,0 +1,51 @@
+name: Check PRdoc
+
+on:
+  pull_request:
+    types: [labeled, opened, synchronize, unlabeled]
+
+env:
+  # todo: switch to paritytech/prdoc once the container is built & published
+  # see https://github.com/paritytech/scripts/pull/595
+  IMAGE: chevdor/prdoc:v0.0.4
+  API_BASE: https://api.github.com/repos
+  REPO: ${{ github.repository }}
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GITHUB_PR: ${{ github.event.pull_request.number }}
+  MOUNT: /prdoc
+  ENGINE: docker
+
+jobs:
+  check-prdoc:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Pull image
+        run: |
+          echo "Pulling $IMAGE"
+          docker pull $IMAGE
+          docker run --rm $IMAGE --version
+
+      - name: Check if PRdoc is required
+        id: get-labels
+        run: |
+            # Fetch the labels for the PR under test
+            echo "Fetch the labels for $API_BASE/${REPO}/pulls/${GITHUB_PR}"
+            labels=$( curl -H "Authorization: token ${GITHUB_TOKEN}" -s "$API_BASE/${REPO}/pulls/${GITHUB_PR}" | jq '.labels | .[] | .name' | tr "\n" ",")
+            echo "Labels: ${labels}"
+            echo "labels=${labels}" >> "$GITHUB_OUTPUT"
+
+      - name: No PRdoc required
+        if: ${{ contains(steps.get-labels.outputs.labels, 'R0') }}
+        run: |
+          echo "PR detected as silent, no PRdoc is required, exiting..."
+          exit 0
+
+      - name: Checkout repo
+        if: ${{ !contains(steps.get-labels.outputs.labels, 'R0') }}
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0
+
+      - name: PRdoc check for PR#${{ github.event.pull_request.number }}
+        if: ${{ !contains(steps.get-labels.outputs.labels, 'R0') }}
+        run: |
+          echo "Checking for PR#${GITHUB_PR} in $MOUNT"
+          $ENGINE run --rm -v $PWD/prdoc:/doc $IMAGE check -n ${GITHUB_PR}

.github/workflows/fmt-check.yml

@@ -16,7 +16,7 @@ jobs:
     container:
       image: paritytech/ci-unified:bullseye-1.70.0-2023-05-23-v20230706
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
 
       - name: Cargo fmt
         run: cargo +nightly fmt --all -- --check