Safe-Wallet-Monorepo Web Release on IPFS #1873
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow is used to deploy a safe-wallet-monorepo release to IPFS | |
| name: Safe-Wallet-Monorepo Web Release on IPFS | |
| on: | |
| schedule: | |
| - cron: "0 * * * *" # Runs every hour | |
| workflow_dispatch: # Allows manual triggering | |
| jobs: | |
| ## Check if a new release of safe-wallet-monorepo is available | |
| ## Outputs: | |
| ## - new_release: true if a new release is available, false otherwise | |
| ## - latest_tag: the tag of the latest release | |
| ## - tar_url: the URL of the tarball of the latest release | |
| ## - checksum_url: the URL of the checksum of the latest release | |
| check-release: | |
| runs-on: ubuntu-latest | |
| name: Check for new release | |
| outputs: | |
| new_release: ${{ steps.compare.outputs.new_release }} | |
| latest_tag: ${{ steps.latest_release_info.outputs.latest_tag }} | |
| tar_url: ${{ steps.latest_release_info.outputs.tar_url }} | |
| checksum_url: ${{ steps.latest_release_info.outputs.checksum_url }} | |
| steps: | |
| - name: Get latest release info | |
| id: latest_release_info | |
| env: | |
| API_URL: https://api.github.com/repos/safe-global/safe-wallet-monorepo/releases/latest | |
| MAX_ATTEMPTS: 3 ## Max number of attempts to fetch the release info | |
| DELAY: 10 ## seconds | |
| run: | | |
| ## Fetch the latest release info from the GitHub API with retry logic | |
| ## This is necessary because the GitHub API sometimes fails | |
| ## see https://github.com/5afe/safe-wallet-ipfs/actions/runs/14427680232/job/40458689018 | |
| attempt=1 | |
| while true; do | |
| echo "Attempt $attempt to fetch release info..." | |
| RELEASE_INFO=$(curl -sSf "$API_URL") | |
| if [ $? -eq 0 ] && echo "$RELEASE_INFO" | jq -e '.assets' > /dev/null; then | |
| break | |
| fi | |
| if [ "$attempt" -ge "$MAX_ATTEMPTS" ]; then | |
| echo "Failed to fetch release info after $attempt attempts." | |
| exit 1 | |
| fi | |
| attempt=$((attempt + 1)) | |
| sleep "$DELAY" | |
| done | |
| ## Extract the tag name, tar URL, and checksum URL from the release info | |
| TAG_NAME=$(echo "$RELEASE_INFO" | jq -r '.tag_name') | |
| TAR_URL=$(echo "$RELEASE_INFO" | jq -r '.assets[] | select(.name | endswith(".tar.gz")) | .browser_download_url') | |
| CHECKSUM_URL=$(echo "$RELEASE_INFO" | jq -r '.assets[] | select(.name | endswith("-sha256-checksum.txt")) | .browser_download_url') | |
| ## Store the tag name, tar URL, and checksum URL in the GitHub output | |
| echo "latest_tag=$TAG_NAME" >> "$GITHUB_OUTPUT" | |
| echo "tar_url=$TAR_URL" >> "$GITHUB_OUTPUT" | |
| echo "checksum_url=$CHECKSUM_URL" >> "$GITHUB_OUTPUT" | |
| - name: Restore last release tag | |
| id: restore-cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: .prev_release | |
| key: latest-release-${{ steps.latest_release_info.outputs.latest_tag }} | |
| restore-keys: | | |
| latest-release- | |
| - name: Compare current tag with cached release tag | |
| id: compare | |
| run: | | |
| TAG_NAME=${{ steps.latest_release_info.outputs.latest_tag }} | |
| PREV_TAG_NAME=$(cat .prev_release 2>/dev/null || echo "none") | |
| echo "Previous tag: $PREV_TAG_NAME" | |
| echo "Current tag: $TAG_NAME" | |
| if [ "$TAG_NAME" != "null" ] && [ "$TAG_NAME" != "$PREV_TAG_NAME" ]; then | |
| echo "New release detected :: $TAG_NAME" | |
| echo "new_release=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "No new release detected" | |
| echo "new_release=false" >> $GITHUB_OUTPUT | |
| fi | |
| ## Deploy the web app to IPFS | |
| ## Outputs: | |
| ## - cid: the IPFS hash (CID) of the deployed web app | |
| deploy: | |
| if: ${{ needs.check-release.outputs.new_release == 'true' }} | |
| runs-on: ubuntu-latest | |
| name: Deploy to IPFS | |
| needs: check-release | |
| outputs: | |
| cid: ${{ steps.deploy_ipfs.outputs.cid }} | |
| permissions: | |
| contents: read | |
| statuses: write | |
| checks: write | |
| pull-requests: write | |
| steps: | |
| - name: Download Tarball and Checksum | |
| run: | | |
| curl -L "${{ needs.check-release.outputs.tar_url }}" -o /tmp/release.tar.gz || { echo "Download failed!" >&2; exit 1; } | |
| curl -L "${{ needs.check-release.outputs.checksum_url }}" -o /tmp/checksum.txt || { echo "Download failed!" >&2; exit 1; } | |
| - name: Verify Checksum | |
| run: | | |
| CHECKSUM_EXPECTED=$(cat /tmp/checksum.txt | awk '{print $1}') | |
| CHECKSUM_ACTUAL=$(sha256sum /tmp/release.tar.gz | awk '{print $1}') | |
| if [ "$CHECKSUM_EXPECTED" != "$CHECKSUM_ACTUAL" ]; then | |
| echo "Checksum verification failed!" >&2 | |
| exit 1 | |
| fi | |
| - name: Extract Tarball | |
| run: | | |
| mkdir -p /tmp/release | |
| tar -xzf /tmp/release.tar.gz -C /tmp/release | |
| echo "Extracted files:" | |
| ls -lah /tmp/release | |
| - name: Remove .html extension from all files | |
| run: | | |
| for file in $(find /tmp/release/out -name '*.html' | sed 's|^\./||'); do | |
| if [ -d ${file%.*} ]; then | |
| cp ${file%} ${file%.*}/index.html | |
| else | |
| cp ${file%} ${file%.*} | |
| fi | |
| done | |
| - name: Deploy to IPFS | |
| uses: ipfs/ipfs-deploy-action@v1 | |
| id: deploy_ipfs | |
| with: | |
| path-to-deploy: /tmp/release/out | |
| storacha-key: ${{ secrets.STORACHA_KEY }} | |
| storacha-proof: ${{ secrets.STORACHA_PROOF }} | |
| pinata-jwt-token: ${{ secrets.PINATA_JWT }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Store CID in outputs | |
| run: | | |
| echo "cid=${{ steps.deploy_ipfs.outputs.cid }}" >> $GITHUB_OUTPUT | |
| - name: Clean up temporary files | |
| run: | | |
| rm -rf /tmp/release /tmp/checksum.txt /tmp/release.tar.gz | |
| ## Create a release note | |
| release_note: | |
| if: ${{ needs.deploy.outputs.cid != '' }} | |
| runs-on: ubuntu-latest | |
| name: Create Release Note | |
| needs: | |
| - check-release | |
| - deploy | |
| permissions: | |
| contents: write | |
| statuses: write | |
| checks: write | |
| pull-requests: write | |
| steps: | |
| - name: Create Release | |
| id: create_release | |
| uses: actions/create-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| tag_name: ${{ needs.check-release.outputs.latest_tag }} | |
| release_name: safe-wallet-monorepo ${{ needs.check-release.outputs.latest_tag }} | |
| body: | | |
| - 🧩 Version: `${{ needs.check-release.outputs.latest_tag }}` | |
| - 📦 Release link: https://github.com/safe-global/safe-wallet-monorepo/releases/tag/${{ needs.check-release.outputs.latest_tag }} | |
| - 🔏 CID: `${{ needs.deploy.outputs.cid }}` | |
| - 🌐 Preview: | |
| - [https://${{ needs.deploy.outputs.cid }}.ipfs.dweb.link](https://${{ needs.deploy.outputs.cid }}.ipfs.dweb.link/) | |
| - [https://${{ needs.deploy.outputs.cid }}.ipfs.w3s.link](https://${{ needs.deploy.outputs.cid }}.ipfs.w3s.link/) | |
| - [https://${{ needs.deploy.outputs.cid }}.ipfs.inbrowser.link](https://${{ needs.deploy.outputs.cid }}.ipfs.inbrowser.link/) | |
| draft: false | |
| prerelease: false | |
| - name: Prepare to store Last Release Tag in Cache | |
| id: prepare-cache-last-release-tag | |
| run: | | |
| TAG_NAME=${{ needs.check-release.outputs.latest_tag }} | |
| echo "$TAG_NAME" > .prev_release | |
| - name: Cache Last Release Tag | |
| id: cache-last-release-tag | |
| uses: actions/cache/save@v4 | |
| with: | |
| path: .prev_release | |
| key: latest-release-${{ needs.check-release.outputs.latest_tag }} |