ci: update CD process #908
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
- develop | |
paths-ignore: | |
- '**/CHANGELOG.md' | |
pull_request: | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
test: | |
runs-on: ubuntu-latest | |
outputs: | |
docker_image_digest: ${{ steps.docker_push.outputs.digest }} | |
new_release_published: ${{ steps.semantic.outputs.new_release_published }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Install redis | |
run: sudo apt-get install -y redis-server | |
- name: Cache cargo | |
uses: actions/cache@v3 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
target/ | |
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
- name: Cargo test | |
run: | | |
rustup update | |
RUST_BACKTRACE=1 cargo test --all --features redis_tests -- --test-threads=1 | |
build-publish: | |
runs-on: ubuntu-latest | |
outputs: | |
docker_image_digest: ${{ steps.docker_push.outputs.digest }} | |
new_release_published: ${{ steps.semantic.outputs.new_release_published }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Semantic Release | |
uses: cycjimmy/semantic-release-action@v4 | |
id: semantic | |
# Only run on non-PR events or only PRs that aren't from forks | |
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SEMANTIC_RELEASE_PACKAGE: ${{ github.event.repository.name }} | |
with: | |
semantic_version: 19 | |
extra_plugins: | | |
@semantic-release/[email protected] | |
@semantic-release/[email protected] | |
[email protected] | |
- name: Checkout tag | |
if: steps.semantic.outputs.new_release_version != '' | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
ref: v${{ steps.semantic.outputs.new_release_version }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Docker Meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
hirosystems/${{ github.event.repository.name }} | |
tags: | | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern={{version}},value=${{ steps.semantic.outputs.new_release_version }},enable=${{ steps.semantic.outputs.new_release_version != '' }} | |
type=semver,pattern={{major}}.{{minor}},value=${{ steps.semantic.outputs.new_release_version }},enable=${{ steps.semantic.outputs.new_release_version != '' }} | |
type=raw,value=latest,enable={{is_default_branch}} | |
- name: Log in to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- name: Build/Push Image | |
uses: docker/build-push-action@v5 | |
id: docker_push | |
with: | |
context: . | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
file: ./dockerfiles/components/chainhook-node.dockerfile | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
# Only push if (there's a new release on main branch, or if building a non-main branch) and (Only run on non-PR events or only PRs that aren't from forks) | |
push: ${{ (github.ref != 'refs/heads/main' || steps.semantic.outputs.new_release_version != '') && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) }} | |
deploy-dev-mainnet: | |
runs-on: ubuntu-latest | |
needs: | |
- build-publish | |
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository | |
env: | |
DEPLOY_ENV: dev | |
DEPLOY_NETWORK: mainnet | |
environment: | |
name: Development-mainnet | |
url: https://platform.dev.hiro.so/ | |
steps: | |
- name: Checkout actions repo | |
uses: actions/checkout@v4 | |
with: | |
ref: main | |
token: ${{ secrets.GH_TOKEN }} | |
repository: ${{ secrets.DEVOPS_ACTIONS_REPO }} | |
- name: Deploy Chainhook build to Dev ${{ env.DEPLOY_NETWORK }} | |
uses: ./actions/deploy | |
with: | |
docker_tag: ${{ needs.build-publish.outputs.docker_image_digest }} | |
k8s_repo: k8s | |
k8s_branch: next | |
file_pattern: manifests/chainhooks/${{ env.DEPLOY_NETWORK }}/chainhook-node/${{ env.DEPLOY_ENV }}/base/kustomization.yaml | |
gh_token: ${{ secrets.GH_TOKEN }} | |
deploy-dev-testnet: | |
runs-on: ubuntu-latest | |
needs: | |
- build-publish | |
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository | |
env: | |
DEPLOY_ENV: dev | |
DEPLOY_NETWORK: testnet | |
environment: | |
name: Development-testnet | |
url: https://platform.dev.hiro.so/ | |
steps: | |
- name: Checkout actions repo | |
uses: actions/checkout@v4 | |
with: | |
ref: main | |
token: ${{ secrets.GH_TOKEN }} | |
repository: ${{ secrets.DEVOPS_ACTIONS_REPO }} | |
- name: Deploy Chainhook build to Dev ${{ env.DEPLOY_NETWORK }} | |
uses: ./actions/deploy | |
with: | |
docker_tag: ${{ needs.build-publish.outputs.docker_image_digest }} | |
k8s_repo: k8s | |
k8s_branch: next | |
file_pattern: manifests/chainhooks/${{ env.DEPLOY_NETWORK }}/chainhook-node/${{ env.DEPLOY_ENV }}/base/kustomization.yaml | |
gh_token: ${{ secrets.GH_TOKEN }} | |
auto-approve-dev: | |
runs-on: ubuntu-latest | |
if: needs.build-publish.outputs.new_release_published == 'true' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) | |
needs: | |
- build-publish | |
steps: | |
- name: Approve pending deployments | |
run: | | |
sleep 5 | |
ENV_IDS=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -H "Accept: application/vnd.github.v3+json" "https://api.github.com/repos/hirosystems/chainhook/actions/runs/${{ github.run_id }}/pending_deployments" | jq -r '[.[].environment.id // empty]') | |
if [[ "${ENV_IDS}" != "[]" ]]; then | |
curl -s -X POST -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -H "Accept: application/vnd.github.v3+json" "https://api.github.com/repos/hirosystems/chainhook/actions/runs/${{ github.run_id }}/pending_deployments" -d "{\"environment_ids\":${ENV_IDS},\"state\":\"approved\",\"comment\":\"auto approve\"}" | |
fi | |
deploy-staging-mainnet: | |
runs-on: ubuntu-latest | |
needs: | |
- build-publish | |
- deploy-dev-mainnet | |
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository | |
env: | |
DEPLOY_ENV: stg | |
DEPLOY_NETWORK: mainnet | |
environment: | |
name: Staging-mainnet | |
url: https://platform.stg.hiro.so/ | |
steps: | |
- name: Checkout actions repo | |
uses: actions/checkout@v4 | |
with: | |
ref: main | |
token: ${{ secrets.GH_TOKEN }} | |
repository: ${{ secrets.DEVOPS_ACTIONS_REPO }} | |
- name: Deploy Chainhook build to Stg ${{ env.DEPLOY_NETWORK }} | |
uses: ./actions/deploy | |
with: | |
docker_tag: ${{ needs.build-publish.outputs.docker_image_digest }} | |
k8s_repo: k8s | |
k8s_branch: next | |
file_pattern: manifests/chainhooks/${{ env.DEPLOY_NETWORK }}/chainhook-node/${{ env.DEPLOY_ENV }}/base/kustomization.yaml | |
gh_token: ${{ secrets.GH_TOKEN }} | |
deploy-staging-testnet: | |
runs-on: ubuntu-latest | |
needs: | |
- build-publish | |
- deploy-dev-testnet | |
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository | |
env: | |
DEPLOY_ENV: stg | |
DEPLOY_NETWORK: testnet | |
environment: | |
name: Staging-testnet | |
url: https://platform.stg.hiro.so/ | |
steps: | |
- name: Checkout actions repo | |
uses: actions/checkout@v4 | |
with: | |
ref: main | |
token: ${{ secrets.GH_TOKEN }} | |
repository: ${{ secrets.DEVOPS_ACTIONS_REPO }} | |
- name: Deploy Chainhook build to Stg ${{ env.DEPLOY_NETWORK }} | |
uses: ./actions/deploy | |
with: | |
docker_tag: ${{ needs.build-publish.outputs.docker_image_digest }} | |
k8s_repo: k8s | |
k8s_branch: next | |
file_pattern: manifests/chainhooks/${{ env.DEPLOY_NETWORK }}/chainhook-node/${{ env.DEPLOY_ENV }}/base/kustomization.yaml | |
gh_token: ${{ secrets.GH_TOKEN }} | |
auto-approve-stg: | |
runs-on: ubuntu-latest | |
if: needs.build-publish.outputs.new_release_published == 'true' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) | |
needs: | |
- build-publish | |
- deploy-dev-mainnet | |
- deploy-dev-testnet | |
steps: | |
- name: Approve pending deployments | |
run: | | |
sleep 5 | |
ENV_IDS=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -H "Accept: application/vnd.github.v3+json" "https://api.github.com/repos/hirosystems/chainhook/actions/runs/${{ github.run_id }}/pending_deployments" | jq -r '[.[].environment.id // empty]') | |
if [[ "${ENV_IDS}" != "[]" ]]; then | |
curl -s -X POST -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -H "Accept: application/vnd.github.v3+json" "https://api.github.com/repos/hirosystems/chainhook/actions/runs/${{ github.run_id }}/pending_deployments" -d "{\"environment_ids\":${ENV_IDS},\"state\":\"approved\",\"comment\":\"auto approve\"}" | |
fi | |
deploy-prod-mainnet: | |
runs-on: ubuntu-latest | |
needs: | |
- build-publish | |
- deploy-staging-mainnet | |
if: needs.build-publish.outputs.new_release_published == 'true' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) | |
env: | |
DEPLOY_ENV: prd | |
DEPLOY_NETWORK: mainnet | |
environment: | |
name: Production-mainnet | |
url: https://platform.hiro.so/ | |
steps: | |
- name: Checkout actions repo | |
uses: actions/checkout@v4 | |
with: | |
ref: main | |
token: ${{ secrets.GH_TOKEN }} | |
repository: ${{ secrets.DEVOPS_ACTIONS_REPO }} | |
- name: Deploy Chainhook build to Prd ${{ env.DEPLOY_NETWORK }} | |
uses: ./actions/deploy | |
with: | |
docker_tag: ${{ needs.build-publish.outputs.docker_image_digest }} | |
k8s_repo: k8s | |
k8s_branch: next | |
file_pattern: manifests/chainhooks/${{ env.DEPLOY_NETWORK }}/chainhook-node/${{ env.DEPLOY_ENV }}/base/kustomization.yaml | |
gh_token: ${{ secrets.GH_TOKEN }} | |
deploy-prod-testnet: | |
runs-on: ubuntu-latest | |
needs: | |
- build-publish | |
- deploy-staging-testnet | |
if: needs.build-publish.outputs.new_release_published == 'true' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) | |
env: | |
DEPLOY_ENV: prd | |
DEPLOY_NETWORK: testnet | |
environment: | |
name: Production-testnet | |
url: https://platform.hiro.so/ | |
steps: | |
- name: Checkout actions repo | |
uses: actions/checkout@v4 | |
with: | |
ref: main | |
token: ${{ secrets.GH_TOKEN }} | |
repository: ${{ secrets.DEVOPS_ACTIONS_REPO }} | |
- name: Deploy Chainhook build to Prd ${{ env.DEPLOY_NETWORK }} | |
uses: ./actions/deploy | |
with: | |
docker_tag: ${{ needs.build-publish.outputs.docker_image_digest }} | |
k8s_repo: k8s | |
k8s_branch: next | |
file_pattern: manifests/chainhooks/${{ env.DEPLOY_NETWORK }}/chainhook-node/${{ env.DEPLOY_ENV }}/base/kustomization.yaml | |
gh_token: ${{ secrets.GH_TOKEN }} |