Merge pull request #3 from AmadeusITGroup/chore/bump_eonax_0.2.0 #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Connector | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - 'deployment/**' | |
| pull_request: | |
| paths: | |
| - 'deployment/**' | |
| permissions: | |
| contents: read | |
| jobs: | |
| Deploy-Connector: | |
| defaults: | |
| run: | |
| working-directory: ./deployment/connector | |
| env: | |
| CLUSTER_NAME: eonax-cluster | |
| DID_WEB: did:web:localhost:ih:did | |
| permissions: | |
| checks: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.CICD_TOKEN }} | |
| - name: 'Setup Terraform' | |
| uses: hashicorp/[email protected] | |
| with: | |
| terraform_version: 1.6.0 | |
| terraform_wrapper: false | |
| - name: 'Create Kubernetes cluster' | |
| uses: helm/[email protected] | |
| with: | |
| cluster_name: ${{ env.CLUSTER_NAME }} | |
| config: ./deployment/kind.config.yaml | |
| - name: 'Create Ingress Controller' | |
| shell: bash | |
| run: | | |
| kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml | |
| kubectl wait \ | |
| --namespace ingress-nginx \ | |
| --for=condition=ready pod \ | |
| --selector=app.kubernetes.io/component=controller \ | |
| --timeout=90s | |
| - name: 'Install Vault and DB' | |
| working-directory: ./deployment/storage | |
| shell: bash | |
| run: | | |
| terraform init | |
| terraform apply -auto-approve | |
| - name: 'Login to Docker registry' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_TOKEN }} | |
| - name: 'Pull Docker images and Helm charts' | |
| shell: bash | |
| run: | | |
| for i in control-plane data-plane identity-hub; do \ | |
| image=eonax-$i-postgresql-hashicorpvault; \ | |
| ## pull the Docker image | |
| docker pull ${{ vars.DOCKER_REPO }}/$image:${{ vars.EONAX_VERSION }}; \ | |
| ## tag image with version latest | |
| docker tag ${{ vars.DOCKER_REPO }}/$image:${{ vars.EONAX_VERSION }} $image:latest; \ | |
| ## load image to the cluster | |
| kind load docker-image $image:latest --name ${{ env.CLUSTER_NAME }}; \ | |
| ## pull Helm charts | |
| chart=${i//-/}; \ | |
| helm pull ${{ vars.HELM_REPO }}/$chart --version ${{ vars.EONAX_VERSION }}; \ | |
| mv $chart-${{ vars.EONAX_VERSION }}.tgz $chart.tgz; \ | |
| done | |
| - name: 'Download SQL files' | |
| working-directory: ./deployment | |
| shell: bash | |
| run: | | |
| jq -r --arg version "${{ vars.EDC_VERSION }}" '.files[] | "https://raw.githubusercontent.com/eclipse-edc/\(.repo)/\($version)/\(.path)/src/main/resources/\(.file_name)"' sql.json | \ | |
| tr -d '\r' | \ | |
| while read -r url; do curl -o "./connector/sql/$(basename "$url")" "$url"; done | |
| - name: 'Install connector' | |
| shell: bash | |
| run: | | |
| terraform init | |
| terraform apply -auto-approve | |
| - name: 'Generate keys' | |
| shell: bash | |
| run: | | |
| openssl genpkey -algorithm RSA -out private-key.pem -pkeyopt rsa_keygen_bits:2048 && \ | |
| openssl rsa -pubout -in private-key.pem -out public-key.pem && \ | |
| for k in public-key private-key; do VAULT_TOKEN=root VAULT_ADDR=http://localhost/vault vault kv put secret/$k content=@$k.pem; done | |
| - name: 'Create participant context' | |
| shell: bash | |
| env: | |
| IH_RESOLUTION_URL: http://localhost/ih/resolution | |
| CP_DSP_URL: http://localhost/cp/dsp | |
| run: | | |
| didBase64Url=$(echo -n "$DID_WEB" | base64 | tr '+/' '-_' | tr -d '=') | |
| curl -X POST -H "Content-Type: application/json" -d "$(cat <<EOF | |
| { | |
| "participantId": "${{ env.DID_WEB }}", | |
| "did": "${{ env.DID_WEB }}", | |
| "active": true, | |
| "key": { | |
| "keyId": "my-key", | |
| "privateKeyAlias": "private-key", | |
| "publicKeyPem": "$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' public-key.pem)" | |
| }, | |
| "serviceEndpoints": [ | |
| { | |
| "id": "credential-service-url", | |
| "type": "CredentialService", | |
| "serviceEndpoint": "$IH_RESOLUTION_URL/v1/participants/$didBase64Url" | |
| }, | |
| { | |
| "id": "dsp-url", | |
| "type": "DSPMessaging", | |
| "serviceEndpoint": "$CP_DSP_URL" | |
| } | |
| ] | |
| } | |
| EOF | |
| )" http://localhost/ih/identity/v1alpha/participants | |
| - name: 'Add membership VC' | |
| shell: bash | |
| run: | | |
| didBase64Url=$(echo -n "$DID_WEB" | base64 | tr '+/' '-_' | tr -d '=') | |
| curl -X POST -H "Content-Type: application/json" -d "$(cat <<EOF | |
| { | |
| "participantId": "${{ env.DID_WEB }}", | |
| "verifiableCredentialContainer": { | |
| "rawVc": "eyJraWQiOiJkaWQ6d2ViOmF1dGhvcml0eS1pZGVudGl0eWh1YiUzQTgzODM6YXBpOmRpZCNteS1rZXkiLCJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJkaWQ6d2ViOmF1dGhvcml0eS1pZGVudGl0eWh1YiUzQTgzODM6YXBpOmRpZCIsInN1YiI6ImRpZDp3ZWI6cHJvdmlkZXItaWRlbnRpdHlodWIlM0E4MzgzOmFwaTpkaWQiLCJ2YyI6eyJjcmVkZW50aWFsU3ViamVjdCI6W3siaWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBODM4MzphcGk6ZGlkIiwibmFtZSI6InByb3ZpZGVyIiwibWVtYmVyc2hpcCI6eyJtZW1iZXJzaGlwVHlwZSI6IkZ1bGxNZW1iZXIiLCJzaW5jZSI6IjIwMjMtMDEtMDFUMDA6MDA6MDBaIn19XSwiaWQiOiIzMTkxNWJjOC0wODhjLTQwZDYtYTAxNC03YTk4YmNkNzBiY2IiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjp7ImlkIjoiZGlkOndlYjphdXRob3JpdHktaWRlbnRpdHlodWIlM0E4MzgzOmFwaTpkaWQiLCJhZGRpdGlvbmFsUHJvcGVydGllcyI6e319LCJpc3N1YW5jZURhdGUiOiIyMDI0LTA4LTE0VDE0OjMzOjQwWiIsImV4cGlyYXRpb25EYXRlIjpudWxsLCJjcmVkZW50aWFsU3RhdHVzIjpbXSwiZGVzY3JpcHRpb24iOm51bGwsIm5hbWUiOm51bGx9LCJpYXQiOjE3MjM2NDYwMjB9.FD4vjPomuKusPdyWlMRcOgbzUhGC7kyliw6My6HFrQzdAcKGC6N_BW-Cg4pHAX4f2O4EhFn5WJr-uB2UaZOHlQ", | |
| "format": "JWT", | |
| "credential": { | |
| "credentialSubject": [ | |
| { | |
| "id": "${{ env.DID_WEB }}", | |
| "name": "provider", | |
| "membership": { | |
| "membershipType": "FullMember", | |
| "since": "2023-01-01T00:00:00Z" | |
| } | |
| } | |
| ], | |
| "id": "31915bc8-088c-40d6-a014-7a98bcd70bcb", | |
| "type": [ | |
| "VerifiableCredential", | |
| "MembershipCredential" | |
| ], | |
| "issuer": { | |
| "id": "did:web:eonax-authority-url:api:did", | |
| "additionalProperties": {} | |
| }, | |
| "issuanceDate": "2024-08-14T14:33:40Z", | |
| "expirationDate": null, | |
| "credentialStatus": [], | |
| "description": null, | |
| "name": null | |
| } | |
| } | |
| } | |
| EOF | |
| )" http://localhost/ih/identity/v1alpha/participants/$didBase64Url/credentials |