Skip to content

Commit

Permalink
release github workflows, modified deploy to work
Browse files Browse the repository at this point in the history
  • Loading branch information
@Ramarti
Ramarti committed Jan 9, 2023
1 parent 325f146 commit 8f425cb
Show file tree
Hide file tree
Showing 3 changed files with 292 additions and 0 deletions.
278 changes: 278 additions & 0 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,278 @@
---
name: Release

on:
pull_request:
branches:
- 'master'
- 'release/**'

defaults:
run:
shell: bash

jobs:
build:
name: Build release
if: startsWith(github.head_ref, 'release/')
runs-on: ubuntu-22.04
timeout-minutes: 10
env:
INFURA_PROJECT_ID: "${{ secrets.INFURA_PROJECT_ID }}"

steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
- uses: actions/setup-node@v3
with:
node-version: '14'
cache: 'yarn'
- run: yarn install --frozen-lockfile

- name: Compile contracts
run: yarn build

- name: Save build artifacts
uses: actions/upload-artifact@v3
with:
name: contract-artifacts
path: |
artifacts
cache/*.json
test:
name: Test release
if: startsWith(github.head_ref, 'release/')
runs-on: ubuntu-22.04
timeout-minutes: 20
needs: build
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
- uses: actions/setup-node@v3
with:
node-version: '14'
cache: 'yarn'
- run: yarn install --frozen-lockfile

- name: Get build artifacts
uses: actions/download-artifact@v3
with:
name: contract-artifacts

- name: Run unit tests
run: yarn test --no-compile

prepare:
name: Prepare release
if: startsWith(github.head_ref, 'release/')
runs-on: ubuntu-22.04
needs: test
outputs:
release_version: ${{ steps.parse.outputs.release_version }}
release_path: ${{ steps.parse.outputs.release_path }}
release_network: ${{ steps.parse.outputs.release_network }}
release_title: ${{ steps.parse.outputs.release_title }}
release_description: ${{ steps.parse.outputs.release_description }}
release_multisig: ${{ steps.parse.outputs.release_multisig }}
release_audited: ${{ steps.parse.outputs.release_audited }}
release_deploy_cmd: ${{ steps.parse.outputs.release_deploy_cmd }}
release_verify_cmd: ${{ steps.parse.outputs.release_verify_cmd }}
release_finish_cmd: ${{ steps.parse.outputs.release_finish_cmd }}
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0

- name: Parse release info
id: parse
run: |
version=${BRANCH_NAME#release\/}
path=releases/v$version
network=$(yq -r .network $path/index.yml)
echo "release_version=$version" >> $GITHUB_OUTPUT
echo "release_path=$path" >> $GITHUB_OUTPUT
echo "release_network=$network" >> $GITHUB_OUTPUT
echo "release_multisig=$(jq -r .$network multisigs.json)" >> $GITHUB_OUTPUT
echo "release_deploy_cmd=$(yq -r '.deploy // ""' $path/index.yml)" >> $GITHUB_OUTPUT
echo "release_verify_cmd=$(yq -r '.verify // ""' $path/index.yml)" >> $GITHUB_OUTPUT
echo "release_finish_cmd=$(yq -r '.finish // ""' $path/index.yml)" >> $GITHUB_OUTPUT
echo "release_audited=$(yq -r '.audited // ""' $path/index.yml)" >> $GITHUB_OUTPUT
echo "release_title=$(yq -r '.title // ""' $path/index.yml)" >> $GITHUB_OUTPUT
echo "release_description<<DESCRIPTION_DELIMITER" >> $GITHUB_OUTPUT
echo "$(yq -r '.description // ""' $path/index.yml)" >> $GITHUB_OUTPUT
echo "DESCRIPTION_DELIMITER" >> $GITHUB_OUTPUT
env:
BRANCH_NAME: ${{ github.head_ref }}

- name: Output summary
run: |
echo "## $TITLE" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Network:** $NETWORK" >> $GITHUB_STEP_SUMMARY
echo "**Commit:** [\`$COMMIT\`]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/tree/$COMMIT)" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "$DESCRIPTION" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
env:
TITLE: ${{ steps.parse.outputs.release_title }}
DESCRIPTION: ${{ steps.parse.outputs.release_description }}
NETWORK: ${{ steps.parse.outputs.release_network }}
COMMIT: ${{ github.event.pull_request.head.sha }}

- name: Output audit info
if: "steps.parse.outputs.release_audited != ''"
run: |
echo "---" >> $GITHUB_STEP_SUMMARY
echo "### Audit" >> $GITHUB_STEP_SUMMARY
echo "Audited contracts at commit [\`$AUDIT_COMMIT\`]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/tree/$AUDIT_COMMIT) :detective:" >> $GITHUB_STEP_SUMMARY
audit_diff="$(git diff $AUDIT_COMMIT *.sol)"
if [[ -z $audit_diff ]]; then
echo "Contracts have not been modified since audit :heavy_check_mark:" >> $GITHUB_STEP_SUMMARY
else
echo "Contracts have been modified since audit :warning:" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`diff" >> $GITHUB_STEP_SUMMARY
echo "$audit_diff" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
fi
env:
AUDIT_COMMIT: ${{ steps.parse.outputs.release_audited }}

deploy:
name: Deploy contracts
if: startsWith(github.head_ref, 'release/')
runs-on: ubuntu-22.04
timeout-minutes: 20
needs: prepare
environment: production
outputs:
deploy_commit: ${{ steps.commit.outputs.commit_hash }}
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
- uses: actions/setup-node@v3
with:
node-version: '14'
cache: 'yarn'
- run: yarn install --frozen-lockfile

- name: Get build artifacts
uses: actions/download-artifact@v3
with:
name: contract-artifacts

- name: Deploy contracts
run: eval yarn hardhat --network ${{ needs.prepare.outputs.release_network }} ${{ needs.prepare.outputs.release_deploy_cmd }}
env:
INFURA_PROJECT_ID: "${{ secrets.INFURA_PROJECT_ID }}"
PRIVATE_KEY: "${{ secrets.PRIVATE_KEY }}"
ETHERSCAN_API_KEY: "${{ secrets.ETHERSCAN_API_KEY }}"
DEFENDER_API_KEY: "${{ secrets.DEFENDER_API_KEY }}"
DEFENDER_API_SECRET: "${{ secrets.DEFENDER_API_SECRET }}"
RELEASE_PATH: "${{ needs.prepare.outputs.release_path }}"
MULTISIG_ADDRESS: "${{ needs.prepare.outputs.release_multisig }}"

- name: Commit changes
uses: stefanzweifel/git-auto-commit-action@v4
id: commit
if: always()
with:
commit_message: Update registries of deployed addresses
file_pattern: '.openzeppelin/ releases/ addresses.json'
skip_checkout: true

verify:
name: Verify contracts
if: "startsWith(github.head_ref, 'release/') && needs.prepare.outputs.release_verify_cmd != ''"
runs-on: ubuntu-22.04
timeout-minutes: 20
needs:
- prepare
- deploy
steps:
- uses: actions/checkout@v3
with:
ref: ${{ needs.deploy.outputs.deploy_commit || github.event.pull_request.head.sha }}
- uses: actions/setup-node@v3
with:
node-version: '14'
cache: 'yarn'
- run: yarn install --frozen-lockfile

- name: Get build artifacts
uses: actions/download-artifact@v3
with:
name: contract-artifacts

- name: Verify contracts
run: eval yarn hardhat --network ${{ needs.prepare.outputs.release_network }} ${{ needs.prepare.outputs.release_verify_cmd }}
env:
INFURA_PROJECT_ID: "${{ secrets.INFURA_PROJECT_ID }}"
MUMBAI_MNEMONIC: "${{ secrets.MUMBAI_MNEMONIC }}"
MUMBAI_NODE: "${{ secrets.MUMBAI_NODE }}"
# POLYGON_MNEMONIC: "${{ secrets.POLYGON_MNEMONIC }}"
# POLYGON_NODE: "${{ secrets.POLYGON_NODE }}"
# ETHERSCAN "${{ secrets.ETHERSCAN }}"
POLYSCAN: "${{ secrets.POLYSCAN }}"
DEFENDER_API_KEY: "${{ secrets.DEFENDER_API_KEY }}"
DEFENDER_API_SECRET: "${{ secrets.DEFENDER_API_SECRET }}"
RELEASE_PATH: "${{ needs.prepare.outputs.release_path }}"
ARTIFACT_REFERENCE_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"

finish-release:
name: Finish release
if: "startsWith(github.head_ref, 'release/')"
runs-on: ubuntu-22.04
timeout-minutes: 20
environment: production
needs:
- prepare
- deploy
steps:
- uses: actions/checkout@v3
with:
ref: ${{ needs.deploy.outputs.deploy_commit || github.event.pull_request.head.sha }}
- uses: actions/setup-node@v3
with:
node-version: '14'
cache: 'yarn'
- run: yarn install --frozen-lockfile

- name: Get build artifacts
uses: actions/download-artifact@v3
with:
name: contract-artifacts

- name: Complete release
if: "needs.prepare.outputs.release_finish_cmd != ''"
run: eval yarn hardhat --network ${{ needs.prepare.outputs.release_network }} ${{ needs.prepare.outputs.release_finish_cmd }}
env:
INFURA_PROJECT_ID: "${{ secrets.INFURA_PROJECT_ID }}"
MUMBAI_MNEMONIC: "${{ secrets.MUMBAI_MNEMONIC }}"
MUMBAI_NODE: "${{ secrets.MUMBAI_NODE }}"
# POLYGON_MNEMONIC: "${{ secrets.POLYGON_MNEMONIC }}"
# POLYGON_NODE: "${{ secrets.POLYGON_NODE }}"
# ETHERSCAN "${{ secrets.ETHERSCAN }}"
POLYSCAN: "${{ secrets.POLYSCAN }}"
DEFENDER_API_KEY: "${{ secrets.DEFENDER_API_KEY }}"
DEFENDER_API_SECRET: "${{ secrets.DEFENDER_API_SECRET }}"
RELEASE_PATH: "${{ needs.prepare.outputs.release_path }}"
MULTISIG_ADDRESS: "${{ needs.prepare.outputs.release_multisig }}"

- name: Link to run in PR
uses: actions/github-script@v6
env:
RUN_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `[**Deploy finished**](${process.env.RUN_URL})`,
});
10 changes: 10 additions & 0 deletions releases/1.2.0/index.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
title: Deploy 1.2.0 contracts
network: mumbai
deploy: deploy-proxy 1.2.0
# verify: verify-deployed
description: |
Deploy contracts:
- RewardsDistributor
- StakeAllocator
- ScannerPoolRegistry
- ScannerToScannerPoolMigration
4 changes: 4 additions & 0 deletions releases/deployments/multisigs.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{
"mumbai": "0x19AD705930B6695812c921f08b16F7DfAF59A536",
"polygon": "0x30ceaeC1d8Ed347B91d45077721c309242db3D6d"
}

0 comments on commit 8f425cb

Please sign in to comment.