Skip to content

CD

CD #57

Workflow file for this run

name: CD
on:
workflow_dispatch:
inputs:
sha:
description: "partner-chains commit SHA to build from"
required: true
type: string
tag:
description: "partner-chains release tag"
required: true
type: string
permissions:
id-token: write
contents: write
packages: write
env:
AWS_REGION: "eu-central-1"
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
STAGING_PREVIEW_VALIDATOR_1_HOST: staging-preview-validator-1-service.staging-preview.svc.cluster.local
STAGING_PREVIEW_VALIDATOR_1_PORT: 9933
jobs:
# build-linux:
# permissions:
# id-token: write
# contents: write
# runs-on: ubuntu-latest
# steps:
# - name: Checkout
# uses: actions/checkout@v4
# with:
# ref: ${{ inputs.sha }}
# - name: Build and Upload for Linux
# uses: ./.github/actions/artifacts/build-pc-artifacts
# with:
# tag: ${{ inputs.tag }}
# os: linux
# build-macos-x86_64:
# permissions:
# id-token: write
# contents: write
# runs-on: macos-latest
# steps:
# - name: Checkout
# uses: actions/checkout@v4
# with:
# ref: ${{ inputs.sha }}
# - name: Build and Upload for macOS x86_64
# uses: ./.github/actions/artifacts/build-pc-artifacts
# with:
# tag: ${{ inputs.tag }}
# os: macos-x86_64
# build-macos-arm64:
# permissions:
# id-token: write
# contents: write
# runs-on: macos-latest
# steps:
# - name: Checkout
# uses: actions/checkout@v4
# with:
# ref: ${{ inputs.sha }}
# - name: Build and Upload for macOS arm64
# uses: ./.github/actions/artifacts/build-pc-artifacts
# with:
# tag: ${{ inputs.tag }}
# os: macos-arm64
# build-and-publish-ecr:
# permissions:
# id-token: write
# contents: write
# needs: build-linux
# runs-on: ubuntu-latest
# steps:
# - name: Checkout
# uses: actions/checkout@v4
# - name: Build and Publish to ECR
# uses: ./.github/actions/images/build-and-publish-ecr
# with:
# sha: ${{ inputs.sha }}
# tag: ${{ inputs.tag }}
# env:
# AWS_REGION: "eu-central-1"
# ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }}
# AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }}
# SSH_KEY: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }}
# create-draft-release:
# permissions:
# id-token: write
# contents: write
# needs: [build-linux, build-macos-x86_64, build-macos-arm64]
# runs-on: ubuntu-latest
# steps:
# - name: Checkout
# uses: actions/checkout@v4
# - name: Create Draft Release
# uses: ./.github/actions/release/create-draft-release
# with:
# tag: ${{ inputs.tag }}
# env:
# GITHUB_TOKEN: ${{ github.token }}
# generate-chain-specs:
# permissions:
# id-token: write
# contents: write
# needs: build-linux
# runs-on: ubuntu-latest
# steps:
# - name: Checkout
# uses: actions/checkout@v4
# - name: Generate Chain Specs
# uses: ./.github/actions/artifacts/generate-chain-specs
# with:
# tag: ${{ inputs.tag }}
# upload-chain-specs:
# permissions:
# id-token: write
# contents: write
# needs: generate-chain-specs
# runs-on: [self-hosted, eks]
# steps:
# - name: Checkout
# uses: actions/checkout@v4
# - name: Upload chain spec artifacts to Kubernetes
# uses: ./.github/actions/deploy/upload-chain-specs
# with:
# sha: ${{ github.sha }}
# env:
# kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
# K8S_SERVER: ${{ secrets.K8S_SERVER }}
# K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}
# deploy-staging-preview:
# permissions:
# id-token: write
# contents: write
# needs: [build-and-publish-ecr, upload-chain-specs]
# runs-on: [self-hosted, eks]
# steps:
# - name: Checkout
# uses: actions/checkout@v4
# - name: Deploy staging-preview
# uses: ./.github/actions/deploy/deploy-staging-preview
# with:
# image: ${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node:${{ inputs.sha }}
# sha: ${{ github.sha }}
# env:
# AWS_REGION: "eu-central-1"
# SSH_AUTH_SOCK: /tmp/ssh_agent.sock
# ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
# AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }}
# ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }}
# kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
# K8S_SERVER: ${{ secrets.K8S_SERVER }}
# K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}
deploy-staging-preview:
runs-on: [self-hosted, eks]
steps:
- name: Deploy
run: |
echo "Deploying staging-preview... 🚀"
echo "Done! 🎉"
shell: bash
partner-chain-ready:
runs-on: [self-hosted, eks]
needs: deploy-staging-preview
steps:
- name: Check Finalization Status
run: |
FINALIZED_NUMBER=$(
curl -s -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"chain_getFinalizedHead","params":[],"id":"1"}' http://$STAGING_PREVIEW_VALIDATOR_1_HOST:$STAGING_PREVIEW_VALIDATOR_1_PORT |
jq -r ".result" |
xargs -I {} curl -s -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"chain_getHeader","params":["{}"],"id":"1"}' http://$STAGING_PREVIEW_VALIDATOR_1_HOST:$STAGING_PREVIEW_VALIDATOR_1_PORT |
jq -r ".result.number" | xargs printf "%d"
)
if [ "$FINALIZED_NUMBER" -gt 0 ]; then
echo "Blocks are being finalized. Finalized Block Number: $FINALIZED_NUMBER"
else
echo "No blocks are being finalized. Finalized Block Number: $FINALIZED_NUMBER"
exit 1
fi
shell: bash
run-smoke-tests:
permissions:
id-token: write
contents: read
needs: partner-chain-ready
runs-on: [self-hosted, eks]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Configure kubectl
uses: ./.github/actions/tests/staging-preview-tests
with:
node-host: $STAGING_PREVIEW_VALIDATOR_1_HOST
node-port: $STAGING_PREVIEW_VALIDATOR_1_PORT
env:
kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
K8S_SERVER: ${{ secrets.K8S_SERVER }}
K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}
- name: Setup tests
uses: ./.github/actions/tests/setup-python
env:
ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
- name: Run smoke tests
uses: ./.github/actions/tests/run-e2e-tests
with:
blockchain: substrate
env: staging
decrypt: true
markers: "not active_flow and not passive_flow and (CD or rpc)"
run-all-tests:
permissions:
id-token: write
contents: read
needs: partner-chain-ready
runs-on: [self-hosted, eks]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Configure kubectl
uses: ./.github/actions/tests/staging-preview-tests
with:
node-host: $STAGING_PREVIEW_VALIDATOR_1_HOST
node-port: $STAGING_PREVIEW_VALIDATOR_1_PORT
env:
kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
K8S_SERVER: ${{ secrets.K8S_SERVER }}
K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}
- name: Setup tests
uses: ./.github/actions/tests/setup-python
env:
ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
- name: Save deployment main chain epoch
run: |
echo "DEPLOYMENT_MC_EPOCH=$(curl -s http://staging-preview-services-service.staging-preview.svc.cluster.local:1337/health | jq .currentEpoch)" >> $GITHUB_ENV
shell: bash
- name: Run all tests (some skipped due to new deployment)
uses: ./.github/actions/tests/run-e2e-tests
with:
blockchain: substrate
env: staging
decrypt: true
markers: "not active_flow and not passive_flow"
deployment_mc_epoch: ${{ env.DEPLOYMENT_MC_EPOCH }}
wait-for-next-epoch:
permissions:
id-token: write
contents: read
needs: partner-chain-ready
runs-on: [self-hosted, eks]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set MC epoch to wait for
id: increment-epoch
run: |
echo "Current epoch: $DEPLOYMENT_MC_EPOCH"
incremented_epoch=$((DEPLOYMENT_MC_EPOCH + 1))
echo "Incremented epoch: $incremented_epoch"
echo "::set-output name=epoch::$incremented_epoch"
- name: Wait for next MC epoch
uses: ./.github/actions/tests/wait-for-epoch
with:
epoch: ${{ steps.increment-epoch.outputs.epoch }}"
deployment: kubernetes
node: staging-preview-validator-1
environment: staging-preview
run-all-tests-2:
permissions:
id-token: write
contents: read
needs: wait-for-next-epoch
runs-on: [self-hosted, eks]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Configure kubectl
uses: ./.github/actions/tests/staging-preview-tests
with:
node-host: $STAGING_PREVIEW_VALIDATOR_1_HOST
node-port: $STAGING_PREVIEW_VALIDATOR_1_PORT
env:
kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
K8S_SERVER: ${{ secrets.K8S_SERVER }}
K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}
- name: Setup tests
uses: ./.github/actions/tests/setup-python
env:
ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
- name: Run all tests (some skipped due to new deployment)
uses: ./.github/actions/tests/run-e2e-tests
with:
blockchain: substrate
env: staging
decrypt: true
latest_mc_epoch: true
markers: "not active_flow and not passive_flow"
deployment_mc_epoch: ${{ env.DEPLOYMENT_MC_EPOCH }}
# build-and-publish-ghcr:
# permissions:
# id-token: write
# contents: write
# packages: write
# needs: staging-preview-tests
# runs-on: ubuntu-latest
# steps:
# - name: Checkout
# uses: actions/checkout@v4
# - name: Build and Publish to GHCR
# uses: ./.github/actions/images/build-and-publish-ghcr
# with:
# sha: ${{ inputs.sha }}
# tag: ${{ inputs.tag }}
# env:
# GITHUB_ACTOR: ${{ github.actor }}
# GITHUB_TOKEN: ${{ github.token }}
#
# publish-release:
# permissions:
# id-token: write
# contents: write
# packages: write
# needs: staging-preview-tests
# runs-on: ubuntu-latest
# steps:
# - name: Checkout
# uses: actions/checkout@v4
# - name: Publish Release
# uses: ./.github/actions/release/publish-draft-release
# with:
# tag: ${{ inputs.tag }}
# env:
# GITHUB_TOKEN: ${{ github.token }}
#
# deploy-staging-preprod:
# permissions:
# id-token: write
# contents: write
# needs: staging-preview-tests
# runs-on: [self-hosted, eks]
# steps:
# - name: Checkout
# uses: actions/checkout@v4
# - name: Deploy staging-preprod
# uses: ./.github/actions/deploy-staging-preprod
# with:
# image: ${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node:${{ inputs.sha }}
# chain-spec-secret: ${{ inputs.chain-spec-secret }}
# env:
# AWS_REGION: "eu-central-1"
# SSH_AUTH_SOCK: /tmp/ssh_agent.sock
# ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
# AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }}
# ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }}
# kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
# K8S_SERVER: ${{ secrets.K8S_SERVER }}
# K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}
#
# staging-preprod-tests:
# permissions:
# id-token: write
# contents: write
# needs: deploy-staging-preprod
# runs-on: [self-hosted, eks]
# steps:
# - name: Checkout
# uses: actions/checkout@v4
# - name: Run Tests
# uses: ./.github/actions/tests/staging-preprod-tests
# with:
# node-host: staging-preprod-validator-1.staging-preprod.svc.cluster.local
# node-port: 9933
# env:
# SSH_AUTH_SOCK: /tmp/ssh_agent.sock
# AWS_ROLE_ARN_: ${{ secrets.AWS_ROLE_ARN_ }}
# SSH_KEY_BINARY_HOST: ${{ secrets.SSH_KEY_BINARY_HOST }}
# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
# JIRA_URL: ${{ secrets.JIRA_URL }}
# ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
# kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
# K8S_SERVER: ${{ secrets.K8S_SERVER }}
# K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}