feat(ci): release concrete-keygen

2026-01-10 05:18:00 -05:00 · 2025-05-14 11:16:58 +01:00
parent 097539d253
commit a7d6b8f34a
3 changed files with 176 additions and 1 deletions
--- a/.github/workflows/concrete_rust_keygen_release.yaml
+++ b/.github/workflows/concrete_rust_keygen_release.yaml
@@ -0,0 +1,121 @@
+# Publish new release of concrete-keygen crate
+name: Release Concrete Rust Keygen
+
+on:
+  workflow_dispatch:
+    inputs:
+      dry_run:
+        description: "Dry-run"
+        type: boolean
+        default: true
+
+env:
+  ACTION_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+  SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }}
+  SLACK_USERNAME: ${{ secrets.BOT_USERNAME }}
+  SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+
+permissions: {}
+
+jobs:
+  package:
+    runs-on: ubuntu-latest
+    outputs:
+      hash: ${{ steps.hash.outputs.hash }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+          persist-credentials: 'false'
+      - name: Prepare package
+        run: |
+          sudo apt install -y capnproto libcapnp-dev
+          cd frontends/concrete-rust/concrete-keygen/
+          cargo package --features="wasm"
+      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: crate
+          path: target/package/*.crate
+      - name: generate hash
+        id: hash
+        run: cd target/package && echo "hash=$(sha256sum ./*.crate | base64 -w0)" >> "${GITHUB_OUTPUT}"
+
+  provenance:
+    if: ${{ !inputs.dry_run  }}
+    needs: [package]
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0
+    permissions:
+      # Needed to detect the GitHub Actions environment
+      actions: read
+      # Needed to create the provenance via GitHub OIDC
+      id-token: write
+      # Needed to upload assets/artifacts
+      contents: write
+    with:
+      # SHA-256 hashes of the Crate package.
+      base64-subjects: ${{ needs.package.outputs.hash }}
+
+  publish_release:
+    name: Publish Concrete Rust Keygen Release
+    runs-on: ubuntu-latest
+    needs: [package] # for comparing hashes
+    permissions:
+      # Needed to create the draft release
+      contents: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+          persist-credentials: 'false'
+
+      - name: Publish crate.io package
+        env:
+          CRATES_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
+          DRY_RUN: ${{ inputs.dry_run && '--dry-run' || '' }}
+        run: |
+          sudo apt install -y capnproto libcapnp-dev
+          # DRY_RUN expansion cannot be double quoted when variable contains empty string otherwise cargo publish 
+          # would fail. This is safe since DRY_RUN is handled in the env section above.
+          # shellcheck disable=SC2086
+          cargo publish --token "${CRATES_TOKEN}" ${DRY_RUN}
+
+      - name: Create draft release
+        run: |
+          VERSION=$(grep '^version = ' frontends/concrete-rust/concrete-keygen/Cargo.toml | cut -d '"' -f2)
+          export VERSION
+          TAG="concrete-keygen-v${VERSION}"
+          export TAG
+          echo "version: ${VERSION}"
+          echo "tag: ${TAG}"
+
+          git tag "$TAG"
+          git push origin "${TAG}"
+
+          gh release create --draft --repo ${{ github.repository }} \
+          --verify-tag "${TAG}" \
+          --title "${TAG}" \
+          target/package/*.crate
+        env:
+          GH_TOKEN: ${{ github.token }}
+
+      - name: Generate hash
+        id: published_hash
+        run: cd target/package && echo "pub_hash=$(sha256sum ./*.crate | base64 -w0)" >> "${GITHUB_OUTPUT}"
+
+      - name: Slack notification (hashes comparison)
+        if: ${{ needs.package.outputs.hash != steps.published_hash.outputs.pub_hash }}
+        continue-on-error: true
+        uses: rtCamp/action-slack-notify@c33737706dea87cd7784c687dadc9adf1be59990
+        env:
+          SLACK_COLOR: failure
+          SLACK_MESSAGE: "SLSA concrete-keygen crate - hash comparison failure: (${{ env.ACTION_RUN_URL }})"
+
+      - name: Slack Notification
+        if: ${{ failure() || (cancelled() && github.event_name != 'pull_request') }}
+        continue-on-error: true
+        uses: rtCamp/action-slack-notify@c33737706dea87cd7784c687dadc9adf1be59990
+        env:
+          SLACK_COLOR: ${{ job.status }}
+          SLACK_MESSAGE: "Concrete Rust Keygen release failed: (${{ env.ACTION_RUN_URL }})"
--- a/frontends/concrete-rust/concrete-keygen/Cargo.toml
+++ b/frontends/concrete-rust/concrete-keygen/Cargo.toml
@@ -4,7 +4,7 @@ name = "concrete-keygen"
 version = "0.1.0"
 edition = "2021"
 build = "build.rs"
-readme = "../../../README.md"
+readme = "./README.md"
 homepage = "https://zama.ai/"
 documentation = "https://docs.zama.ai/concrete"
 repository = "https://github.com/zama-ai/concrete"
--- a/frontends/concrete-rust/concrete-keygen/README.md
+++ b/frontends/concrete-rust/concrete-keygen/README.md
@@ -0,0 +1,54 @@
+<p align="center">
+<!-- product name logo -->
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="https://github.com/zama-ai/concrete/assets/157474013/d4680525-2371-454e-97d3-ba39c809a074">
+  <source media="(prefers-color-scheme: light)" srcset="https://github.com/zama-ai/concrete/assets/157474013/95d02fb1-de48-4bb7-b175-d536bb13091c">
+  <img width=600 alt="Zama Concrete">
+</picture>
+</p>
+<hr/>
+
+<p align="center">
+  <a href="https://docs.zama.ai/concrete"> 📒 Documentation</a> | <a href="https://zama.ai/community"> 💛 Community support</a> | <a href="https://github.com/zama-ai/awesome-zama"> 📚 FHE resources by Zama</a>
+</p>
+
+<p align="center">
+  <a href="https://github.com/zama-ai/concrete/blob/main/LICENSE.txt"><img src="https://img.shields.io/badge/License-BSD--3--Clause--Clear-%23ffb243?style=flat-square"></a>
+  <a href="https://github.com/zama-ai/bounty-program"><img src="https://img.shields.io/badge/Contribute-Zama%20Bounty%20Program-%23ffd208?style=flat-square"></a>
+  <a href="https://slsa.dev"><img alt="SLSA 3" src="https://slsa.dev/images/gh-badge-level3.svg" /></a>
+</p>
+
+
+
+## About
+
+This crate is part of the [Concrete](https://github.com/zama-ai/concrete) framework. Its main purpose is to provide a way to manage Concrete Keys in Rust and Wasm.
+
+#### Key Features
+- 🚀 Keygen with low memory footprint for Wasm targets
+- 🔒 Wasm API to build client apps on the browser
+
+<br></br>
+
+
+### License
+This software is distributed under the **BSD-3-Clause-Clear** license. Read [this](../../../LICENSE.txt) for more details.
+
+## Support
+
+<a target="_blank" href="https://community.zama.ai/c/concrete/7">
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="https://github.com/zama-ai/concrete/assets/157474013/204c349f-b9c7-41d6-b93a-48ecd6977ff6">
+  <source media="(prefers-color-scheme: light)" srcset="https://github.com/zama-ai/concrete/assets/157474013/588b6aae-9677-463a-8542-209bb8106366">
+  <img alt="Support">
+</picture>
+</a>
+
+
+🌟 If you find this project helpful or interesting, please consider giving it a star on GitHub! Your support helps to grow the community and motivates further development.
+
+
+<p align="right">
+  <a href="#about" > ↑ Back to top </a>
+</p>
+