Skip to content
CI

feat: initial merge of ci.yml and cd.yml workflows to begin testing (no removing live CI workflows yet) #25

Sign in to view logs

feat: initial merge of ci.yml and cd.yml workflows to begin testing (no removing live CI workflows yet)

feat: initial merge of ci.yml and cd.yml workflows to begin testing (no removing live CI workflows yet) #25

Workflow file for this run

.github/workflows/ci.yml at 4fc3f35
name: CI
on:
pull_request:
types: [opened, synchronize, reopened, closed]
branches:
- master
workflow_dispatch:
inputs:
upload:
description: "Upload the container to our registry"
default: false
type: boolean
repository:
description: "GitHub repository name (e.g., username/repo)"
required: false
default: 'input-output-hk/partner-chains'
branch:
description: "Branch name to build"
required: false
default: 'master'
env:
AWS_REGION: "eu-central-1"
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
permissions:
id-token: write
contents: write
jobs:
earthly-build-and-push:
runs-on: ubuntu-latest
if: github.event.action != 'closed' || github.event.pull_request.merged == true
permissions:
id-token: write
contents: write
steps:
- name: Checkout
uses: actions/checkout@v4
with:
repository: ${{ inputs.repository || github.repository }}
ref: ${{ inputs.branch || github.event.pull_request.head.ref || github.ref }}
- name: Setup Earthly
uses: ./.github/earthly-setup
if: ${{ !contains(github.event.pull_request.labels.*.name, 'ci-off') }}
with:
ssh_key: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }}
config_tar: ${{ secrets.EARTHLY_TAR }}
- name: Acquire AWS credentials
uses: aws-actions/configure-aws-credentials@v4
if: ${{ !contains(github.event.pull_request.labels.*.name, 'ci-off') }}
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN_SECRET }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to container registry
uses: docker/login-action@v3
if: ${{ !contains(github.event.pull_request.labels.*.name, 'ci-off') }}
with:
registry: ${{ secrets.ECR_REGISTRY_SECRET }}
- name: Main Build
env:
EARTHLY_CI: true
if: ${{ !contains(github.event.pull_request.labels.*.name, 'ci-off') }}
run: |
ref=${{ github.ref_name }}
type=${{ github.ref_type }}
args=("--image=${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node")
event_name="${{ github.event_name }}"
if [[ "$type" == "tag" && "$ref" =~ ^v ]]; then
export EARTHLY_PUSH=true
args+=("--tags=$ref")
elif [[ \
"${{ github.event.pull_request.merged }}" == 'true' \
&& "$ref" == 'master' \
|| "${{ inputs.upload }}" == 'true' \
]]; then
export EARTHLY_PUSH=true
fi
if [[ "$EARTHLY_PUSH" == true ]]; then
args+=(--PROFILE=production)
fi
export EARTHLY_OUTPUT=true
earthly -P +ci ${args[@]}
- name: Upload chain spec artifacts
uses: actions/upload-artifact@v4
if: ${{ !contains(github.event.pull_request.labels.*.name, 'ci-off') && (github.ref_name == 'master' || inputs.upload == true) }}
with:
name: chain-specs
path: |
./devnet_chain_spec.json
./staging_preview_chain_spec.json
./staging_preprod_chain_spec.json}
devshell-tests:
permissions:
id-token: write
contents: write
strategy:
matrix:
os: [nixos, macos]
runs-on: ${{ matrix.os }}
steps:
- name: Nix Devshells Tests
uses: ./.github/actions/tests/devshell-tests
env:
AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN }}
NIX_SIGNING_KEY: ${{ secrets.NIX_SIGNING_KEY }}
AWS_REGION: "eu-central-1"
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }}
deploy-argocd:
permissions:
id-token: write
contents: write
needs: earthly-build-and-push
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
steps:
- name: Deploy ArgoCD Node
uses: ./.github/actions/deploy/argocd/deploy-argocd
with:
sha: ${{ github.sha }}
env:
ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
argocd-tests:
permissions:
id-token: write
contents: write
needs: deploy-argocd
runs-on: [self-hosted, eks]
steps:
- name: Run Tests
uses: ./.github/actions/tests/run-k8-tests
with:
node-host: sha-${{ github.sha }}-service.integration-testing.svc.cluster.local
node-port: 9933
env:
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
AWS_ROLE_ARN_: ${{ secrets.AWS_ROLE_ARN_ }}
SSH_KEY_BINARY_HOST: ${{ secrets.SSH_KEY_BINARY_HOST }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
JIRA_URL: ${{ secrets.JIRA_URL }}
ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
teardown-argocd:
permissions:
id-token: write
contents: write
needs: [earthly-build-and-push, deploy-argocd, argocd-tests]
runs-on: ubuntu-latest
steps:
- name: Teardown ArgoCD Environment
uses: ./.github/actions/deploy/argocd/teardown-argocd
with:
sha: ${{ github.sha }}
env:
ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
upload-chain-specs:
permissions:
id-token: write
contents: write
needs: [earthly-build-and-push]
if: github.event.pull_request.merged == true
runs-on: [self-hosted, eks]
steps:
- name: Upload chain spec artifacts to Kubernetes
uses: ./.github/actions/upload-chain-specs
with:
sha: ${{ github.sha }}
env:
kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
K8S_SERVER: ${{ secrets.K8S_SERVER }}
K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}
deploy-rustdoc:
permissions:
id-token: write
contents: write
runs-on: ubuntu-latest
if: github.event.pull_request.merged == true
steps:
- name: Deploy Rust Docs
uses: ./.github/actions/deploy/deploy-rustdoc
with:
ssh_key: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SSH_AUTH_SOCK: /tmp/ssh_agent.sock