CI #1389
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
pull_request: | |
types: [opened, synchronize, reopened, closed] | |
branches: | |
- master | |
workflow_dispatch: | |
env: | |
AWS_REGION: "eu-central-1" | |
SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
permissions: | |
id-token: write | |
contents: write | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && (github.event.pull_request.merged || github.event.action != 'closed')) | |
outputs: | |
sha: ${{ steps.get_sha.outputs.sha }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
- name: Get current commit SHA | |
id: get_sha | |
run: echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
- name: Setup Earthly | |
uses: ./.github/earthly-setup | |
with: | |
ssh_key: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }} | |
config_tar: ${{ secrets.EARTHLY_TAR }} | |
- name: Acquire AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.AWS_ROLE_ARN_SECRET }} | |
aws-region: ${{ env.AWS_REGION }} | |
- name: Login to container registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ secrets.ECR_REGISTRY_SECRET }} | |
- name: Build and Artifacts and Push Image | |
env: | |
EARTHLY_CI: true | |
EARTHLY_OUTPUT: true | |
EARTHLY_PUSH: true | |
run: | | |
earthly -P +ci --image=${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node | |
- name: Upload partner-chains-cli artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: partner-chains-cli-artifact | |
path: partner-chains-cli-artifact | |
- name: Upload partner-chains-node artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: partner-chains-node-artifact | |
path: partner-chains-node-artifact | |
- name: Upload chain spec artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: chain-specs | |
path: | | |
./devnet_chain_spec.json | |
./staging_preview_chain_spec.json | |
./staging_preprod_chain_spec.json | |
local-environment-tests: | |
if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged == false) | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
- name: Deploy and test against local environment | |
uses: ./.github/actions/tests/local-environment-tests | |
with: | |
tag: CI | |
image: ${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node:${{ needs.build.outputs.sha }} | |
sha: ${{ needs.build.outputs.sha }} | |
tests: premerge | |
env: | |
SUBSTRATE_REPO_SSH_KEY: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }} | |
EARTHLY_TAR: ${{ secrets.EARTHLY_TAR }} | |
AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }} | |
AWS_REGION: ${{ env.AWS_REGION }} | |
ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }} | |
TEST_ENVIRONMENT: local | |
local-environment-tests-alert: | |
needs: local-environment-tests | |
if: always() && needs.local-environment-tests.result != 'skipped' | |
runs-on: ubuntu-latest | |
steps: | |
- name: checkout pc-tests master | |
uses: actions/checkout@v4 | |
with: | |
repository: input-output-hk/sidechains-tests | |
token: ${{ secrets.ACTIONS_PAT }} | |
ref: master | |
- name: Download test report | |
uses: actions/download-artifact@v4 | |
with: | |
name: test-results | |
- name: Report to slack | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
JIRA_URL: ${{ secrets.JIRA_URL }} | |
repository: ${{ github.repository }} | |
slack_ref_name: ${{ github.ref_name }} | |
job_url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
github_actor_username: ${{ github.actor }} | |
env: local-pre-merge | |
run: | | |
./report_slack.sh $repository $slack_ref_name $job_url $env $github_actor_username null | |
shell: bash | |
deploy-argocd: | |
if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged == false) | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
- name: Deploy ArgoCD Node | |
uses: ./.github/actions/deploy/argocd/deploy-argocd | |
with: | |
sha: ${{ needs.build.outputs.sha }} | |
env: | |
ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
argocd-tests: | |
continue-on-error: true | |
if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged == false) | |
needs: [build, deploy-argocd] | |
runs-on: eks | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
- name: Run Tests | |
uses: ./.github/actions/tests/argocd-tests | |
with: | |
sha: ${{ needs.build.outputs.sha }} | |
node-host: sha-${{ needs.build.outputs.sha }}-service.integration-testing.svc.cluster.local | |
node-port: 9933 | |
ssh_key_binary_host: ${{ secrets.SSH_KEY_BINARY_HOST }} | |
env: | |
AWS_ROLE_ARN_: ${{ secrets.AWS_ROLE_ARN_ }} | |
SSH_KEY_BINARY_HOST: ${{ secrets.SSH_KEY_BINARY_HOST }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
JIRA_URL: ${{ secrets.JIRA_URL }} | |
ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
teardown-argocd: | |
needs: [build, argocd-tests] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
- name: Teardown ArgoCD Environment | |
uses: ./.github/actions/deploy/argocd/teardown-argocd | |
with: | |
sha: ${{ needs.build.outputs.sha }} | |
env: | |
ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
devshell-tests: | |
needs: build | |
strategy: | |
matrix: | |
os: [nixos, macos] | |
runs-on: | |
- self-hosted | |
- ${{ matrix.os }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
- name: Acquire AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.AWS_ROLE_ARN_ }} | |
aws-region: ${{ env.AWS_REGION }} | |
- name: Add signing key for nix | |
run: echo "${{ secrets.NIX_SIGNING_KEY }}" > "${{ runner.temp }}/nix-key" | |
- name: Run nixci to build/test all outputs | |
run: | | |
nix run github:srid/nixci -- -v build -- --fallback > /tmp/outputs | |
- name: Copy nix scopes to nix cache | |
run: | | |
nix-store --stdin -q --deriver < /tmp/outputs | nix-store --stdin -qR --include-outputs \ | |
| nix copy --stdin --to \ | |
"s3://cache.sc.iog.io?secret-key=${{ runner.temp }}/nix-key®ion=$AWS_DEFAULT_REGION" \ | |
&& rm /tmp/outputs | |
pre-merge-checks-complete: | |
if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged == false) | |
needs: [build, local-environment-tests, deploy-argocd, teardown-argocd, devshell-tests] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Pre Merge Checks Complete | |
run: echo "All pre-merge checks have passed. PR is ready to merge." | |
upload-chain-specs: | |
if: github.event_name == 'pull_request' && github.event.pull_request.merged == true | |
needs: build | |
runs-on: eks | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
- name: Upload chain spec artifacts to Kubernetes | |
uses: ./.github/actions/deploy/upload-chain-specs | |
with: | |
sha: ${{ needs.build.outputs.sha }} | |
env: | |
kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
deploy-rustdoc: | |
if: github.event_name == 'pull_request' && github.event.pull_request.merged == true | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
- name: Deploy Rust Docs | |
uses: ./.github/actions/deploy/deploy-rustdoc | |
with: | |
ssh_key: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
local-environment-tests-post-merge: | |
if: github.event_name == 'pull_request' && github.event.pull_request.merged == true | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
# Use the merge commit SHA for post-merge testing | |
ref: ${{ github.event.pull_request.merge_commit_sha || github.sha }} | |
- name: Deploy and test against local environment | |
uses: ./.github/actions/tests/local-environment-tests | |
with: | |
tag: CI | |
image: ${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node:${{ needs.build.outputs.sha }} | |
sha: ${{ needs.build.outputs.sha }} | |
tests: postmerge | |
env: | |
SUBSTRATE_REPO_SSH_KEY: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }} | |
EARTHLY_TAR: ${{ secrets.EARTHLY_TAR }} | |
AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }} | |
AWS_REGION: ${{ env.AWS_REGION }} | |
ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }} | |
TEST_ENVIRONMENT: local | |
local-environment-tests-post-merge-alert: | |
needs: local-environment-tests-post-merge | |
if: always() && needs.local-environment-tests-post-merge.result != 'skipped' | |
runs-on: ubuntu-latest | |
steps: | |
- name: checkout pc-tests master | |
uses: actions/checkout@v4 | |
with: | |
repository: input-output-hk/sidechains-tests | |
token: ${{ secrets.ACTIONS_PAT }} | |
ref: master | |
- name: Download test report | |
uses: actions/download-artifact@v4 | |
with: | |
name: test-results | |
- name: Report to slack | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
JIRA_URL: ${{ secrets.JIRA_URL }} | |
repository: ${{ github.repository }} | |
slack_ref_name: ${{ github.ref_name }} | |
job_url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
github_actor_username: ${{ github.actor }} | |
env: local-post-merge | |
run: | | |
./report_slack.sh $repository $slack_ref_name $job_url $env $github_actor_username null | |
shell: bash | |
post-merge-actions-complete: | |
if: github.event_name == 'pull_request' && github.event.pull_request.merged == true | |
needs: [deploy-rustdoc, upload-chain-specs, local-environment-tests-post-merge] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Post Merge Actions Complete | |
run: echo "All post-merge actions have been successfully completed." |