From 5c3cd137f14c5d53b28cb191a66ba4dd711896c2 Mon Sep 17 00:00:00 2001 From: Monty Guilhaus Date: Wed, 13 May 2026 04:39:14 +0000 Subject: [PATCH] Add GoReleaser config + tag-driven release workflow Adds the first standardised release-artefact pipeline for sei-chain so that every `v*` tag publishes a pre-built static `seid` binary on the GitHub Release page alongside the existing Docker images. Files: - .goreleaser.yaml static linux/amd64 `seid` build - .github/workflows/goreleaser-release.yml tag-triggered caller; delegates to sei-protocol/uci's reusable goreleaser workflow - scripts/check-libwasmvm-static.sh fail-fast pre-build hook verifying the muslc `.a` files are present Build details: - CGO_ENABLED=1, CC=musl-gcc, tags netgo,muslc,ledger - linkmode=external with -static extldflags - LDFLAGS match the existing Makefile (sei-cosmos/version.* symbols) - libwasmvm_muslc.a / libwasmvm_muslc.aarch64.a are already checked into sei-wasmvm/internal/api/, so no rebuild at release time - release: draft=true, mode=append so this coexists safely with any other release-creation paths (uci release-publish, manual) Out of scope (follow-ups): - linux/arm64 static seid (requires aarch64 musl cross-toolchain) - macOS seid - cosign signatures, SBOM, SLSA provenance Once the uci PR adding goreleaser-release.yml is merged and tagged, update the @ref in goreleaser-release.yml to a uci version tag. Refs PLT-41, PLT-266. --- .github/workflows/goreleaser-release.yml | 21 ++++++ .goreleaser.yaml | 87 ++++++++++++++++++++++++ scripts/check-libwasmvm-static.sh | 33 +++++++++ 3 files changed, 141 insertions(+) create mode 100644 .github/workflows/goreleaser-release.yml create mode 100644 .goreleaser.yaml create mode 100755 scripts/check-libwasmvm-static.sh diff --git a/.github/workflows/goreleaser-release.yml b/.github/workflows/goreleaser-release.yml new file mode 100644 index 0000000000..1c34cba872 --- /dev/null +++ b/.github/workflows/goreleaser-release.yml @@ -0,0 +1,21 @@ +name: GoReleaser + +on: + push: + tags: + - 'v[0-9]+.[0-9]+.[0-9]+' + - 'v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+' + workflow_dispatch: + +permissions: + contents: write + +jobs: + goreleaser: + uses: sei-protocol/uci/.github/workflows/goreleaser-release.yml@monty/goreleaser-reusable-workflow + with: + go-version: '1.25.6' + submodules: 'true' + prebuild-script: | + sudo apt-get update + sudo apt-get install -y --no-install-recommends musl musl-tools diff --git a/.goreleaser.yaml b/.goreleaser.yaml new file mode 100644 index 0000000000..733f63a9e8 --- /dev/null +++ b/.goreleaser.yaml @@ -0,0 +1,87 @@ +version: 2 + +project_name: sei-chain + +before: + hooks: + - go mod download + - bash scripts/check-libwasmvm-static.sh + +builds: + - id: seid + main: ./cmd/seid + binary: seid + env: + - CGO_ENABLED=1 + - CC=musl-gcc + flags: + - -trimpath + - -tags=netgo,muslc,ledger + ldflags: + - -s -w + - -X github.com/sei-protocol/sei-chain/sei-cosmos/version.Name=sei + - -X github.com/sei-protocol/sei-chain/sei-cosmos/version.AppName=seid + - -X github.com/sei-protocol/sei-chain/sei-cosmos/version.Version={{ .Version }} + - -X github.com/sei-protocol/sei-chain/sei-cosmos/version.Commit={{ .FullCommit }} + - -X "github.com/sei-protocol/sei-chain/sei-cosmos/version.BuildTags=netgo,muslc,ledger" + - -linkmode=external + - -extldflags "-Wl,-z,muldefs -static" + goos: + - linux + goarch: + - amd64 + +archives: + - id: seid + formats: [tar.gz] + name_template: >- + {{ .ProjectName }}_{{ .Version }}_{{ .Os }}_ + {{- if eq .Arch "amd64" }}x86_64 + {{- else }}{{ .Arch }}{{ end }} + files: + - LICENSE* + - README.md + - CHANGELOG* + +checksum: + name_template: 'checksums.txt' + algorithm: sha256 + +snapshot: + version_template: '{{ incpatch .Version }}-snapshot-{{ .ShortCommit }}' + +changelog: + use: github + sort: asc + filters: + exclude: + - '^docs:' + - '^test:' + - '^chore:' + - 'merge conflict' + - Merge pull request + - Merge remote-tracking branch + - Merge branch + +release: + github: + owner: sei-protocol + name: sei-chain + draft: true + prerelease: auto + mode: append + name_template: '{{ .Tag }}' + header: | + # Sei {{ .Tag }} + + Pre-built **statically-linked** `seid` binary attached below for `linux/amd64`. + + Verify your download: + + ``` + sha256sum -c checksums.txt --ignore-missing + ``` + + For Docker images, see `ghcr.io/sei-protocol/sei`. + footer: | + **Full Changelog**: https://github.com/sei-protocol/sei-chain/compare/{{ .PreviousTag }}...{{ .Tag }} diff --git a/scripts/check-libwasmvm-static.sh b/scripts/check-libwasmvm-static.sh new file mode 100755 index 0000000000..ba4eb43427 --- /dev/null +++ b/scripts/check-libwasmvm-static.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash +# Verifies that the static libwasmvm artefacts required for a static `seid` +# build are present. The .a files are produced by `make release-build-alpine` +# in sei-wasmvm and are checked into sei-wasmvm/internal/api/. +# +# Used by .goreleaser.yaml as a `before:` hook so a release tag fails fast +# when the artefacts are missing rather than producing a broken binary. + +set -euo pipefail + +repo_root="$(git rev-parse --show-toplevel)" +api_dir="$repo_root/sei-wasmvm/internal/api" + +required=( + "$api_dir/libwasmvm_muslc.a" + "$api_dir/libwasmvm_muslc.aarch64.a" +) + +missing=0 +for f in "${required[@]}"; do + if [[ ! -f "$f" ]]; then + echo "::error::missing static libwasmvm artefact: $f" + missing=1 + fi +done + +if [[ $missing -eq 1 ]]; then + echo "::error::run 'make release-build-alpine' inside sei-wasmvm/ to (re)produce them" + exit 1 +fi + +echo "All required static libwasmvm artefacts present:" +ls -la "${required[@]}"