feat: initial merge of ci.yml and cd.yml workflows to begin testing (no removing live CI workflows yet) #25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
pull_request: | |
types: [opened, synchronize, reopened, closed] | |
branches: | |
- master | |
workflow_dispatch: | |
inputs: | |
upload: | |
description: "Upload the container to our registry" | |
default: false | |
type: boolean | |
repository: | |
description: "GitHub repository name (e.g., username/repo)" | |
required: false | |
default: 'input-output-hk/partner-chains' | |
branch: | |
description: "Branch name to build" | |
required: false | |
default: 'master' | |
env: | |
AWS_REGION: "eu-central-1" | |
SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
permissions: | |
id-token: write | |
contents: write | |
jobs: | |
earthly-build-and-push: | |
runs-on: ubuntu-latest | |
if: github.event.action != 'closed' || github.event.pull_request.merged == true | |
permissions: | |
id-token: write | |
contents: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
repository: ${{ inputs.repository || github.repository }} | |
ref: ${{ inputs.branch || github.event.pull_request.head.ref || github.ref }} | |
- name: Setup Earthly | |
uses: ./.github/earthly-setup | |
if: ${{ !contains(github.event.pull_request.labels.*.name, 'ci-off') }} | |
with: | |
ssh_key: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }} | |
config_tar: ${{ secrets.EARTHLY_TAR }} | |
- name: Acquire AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
if: ${{ !contains(github.event.pull_request.labels.*.name, 'ci-off') }} | |
with: | |
role-to-assume: ${{ secrets.AWS_ROLE_ARN_SECRET }} | |
aws-region: ${{ env.AWS_REGION }} | |
- name: Login to container registry | |
uses: docker/login-action@v3 | |
if: ${{ !contains(github.event.pull_request.labels.*.name, 'ci-off') }} | |
with: | |
registry: ${{ secrets.ECR_REGISTRY_SECRET }} | |
- name: Main Build | |
env: | |
EARTHLY_CI: true | |
if: ${{ !contains(github.event.pull_request.labels.*.name, 'ci-off') }} | |
run: | | |
ref=${{ github.ref_name }} | |
type=${{ github.ref_type }} | |
args=("--image=${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node") | |
event_name="${{ github.event_name }}" | |
if [[ "$type" == "tag" && "$ref" =~ ^v ]]; then | |
export EARTHLY_PUSH=true | |
args+=("--tags=$ref") | |
elif [[ \ | |
"${{ github.event.pull_request.merged }}" == 'true' \ | |
&& "$ref" == 'master' \ | |
|| "${{ inputs.upload }}" == 'true' \ | |
]]; then | |
export EARTHLY_PUSH=true | |
fi | |
if [[ "$EARTHLY_PUSH" == true ]]; then | |
args+=(--PROFILE=production) | |
fi | |
export EARTHLY_OUTPUT=true | |
earthly -P +ci ${args[@]} | |
- name: Upload chain spec artifacts | |
uses: actions/upload-artifact@v4 | |
if: ${{ !contains(github.event.pull_request.labels.*.name, 'ci-off') && (github.ref_name == 'master' || inputs.upload == true) }} | |
with: | |
name: chain-specs | |
path: | | |
./devnet_chain_spec.json | |
./staging_preview_chain_spec.json | |
./staging_preprod_chain_spec.json} | |
devshell-tests: | |
permissions: | |
id-token: write | |
contents: write | |
strategy: | |
matrix: | |
os: [nixos, macos] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Nix Devshells Tests | |
uses: ./.github/actions/tests/devshell-tests | |
env: | |
AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN }} | |
NIX_SIGNING_KEY: ${{ secrets.NIX_SIGNING_KEY }} | |
AWS_REGION: "eu-central-1" | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }} | |
deploy-argocd: | |
permissions: | |
id-token: write | |
contents: write | |
needs: earthly-build-and-push | |
if: github.event.pull_request.merged == true | |
runs-on: ubuntu-latest | |
steps: | |
- name: Deploy ArgoCD Node | |
uses: ./.github/actions/deploy/argocd/deploy-argocd | |
with: | |
sha: ${{ github.sha }} | |
env: | |
ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
argocd-tests: | |
permissions: | |
id-token: write | |
contents: write | |
needs: deploy-argocd | |
runs-on: [self-hosted, eks] | |
steps: | |
- name: Run Tests | |
uses: ./.github/actions/tests/run-k8-tests | |
with: | |
node-host: sha-${{ github.sha }}-service.integration-testing.svc.cluster.local | |
node-port: 9933 | |
env: | |
SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
AWS_ROLE_ARN_: ${{ secrets.AWS_ROLE_ARN_ }} | |
SSH_KEY_BINARY_HOST: ${{ secrets.SSH_KEY_BINARY_HOST }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
JIRA_URL: ${{ secrets.JIRA_URL }} | |
ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
teardown-argocd: | |
permissions: | |
id-token: write | |
contents: write | |
needs: [earthly-build-and-push, deploy-argocd, argocd-tests] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Teardown ArgoCD Environment | |
uses: ./.github/actions/deploy/argocd/teardown-argocd | |
with: | |
sha: ${{ github.sha }} | |
env: | |
ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
upload-chain-specs: | |
permissions: | |
id-token: write | |
contents: write | |
needs: [earthly-build-and-push] | |
if: github.event.pull_request.merged == true | |
runs-on: [self-hosted, eks] | |
steps: | |
- name: Upload chain spec artifacts to Kubernetes | |
uses: ./.github/actions/upload-chain-specs | |
with: | |
sha: ${{ github.sha }} | |
env: | |
kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
deploy-rustdoc: | |
permissions: | |
id-token: write | |
contents: write | |
runs-on: ubuntu-latest | |
if: github.event.pull_request.merged == true | |
steps: | |
- name: Deploy Rust Docs | |
uses: ./.github/actions/deploy/deploy-rustdoc | |
with: | |
ssh_key: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |