cicd: add arbitrum deployment

JoinColony · Apr 17, 2024 · 508bd9b · 508bd9b
1 parent 5ab62fd
commit 508bd9b
Showing 1 changed file with 85 additions and 82 deletions.
diff --git a/.github/workflows/build-deploy.yaml b/.github/workflows/build-deploy.yaml
@@ -1,20 +1,21 @@
 name: Build and deploy cdapp auth-proxy docker image
 
-on: 
+on:
 
   workflow_dispatch: # Allows manual workflow trigger
   repository_dispatch: # Allows API workflow trigger
     types: [cdapp-auth-proxy]
 
   push:
-    branches:
-      - master # Automatically deploy on commits to master
+    branches: # Automatically deploy on commits to master
+    - master
+    - master-arbitrum
     paths-ignore:
-      - '.github/**'
-      - '**.md'
+    - '.github/**'
+    - '**.md'
 
 concurrency:
-  group: cdapp-auth-proxy
+  group: ${{ github.ref }}-cdapp-auth-proxy
   cancel-in-progress: true
 
 # Set global env variables
@@ -32,48 +33,48 @@ jobs:
 
     steps:
 
-      - name: Echo Env Vars through Context
-        run: |
-          echo "$GITHUB_CONTEXT"
-
-      - name: Configure AWS credentials                          
-        uses: aws-actions/configure-aws-credentials@v3           
-        with:                                                    
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_QA }}        
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_QA }}
-          aws-region: ${{ env.AWS_REGION }}
-
-      - name: Login to Amazon ECR            
-        id: login-ecr                        
-        uses: aws-actions/amazon-ecr-login@v1
-      
-      - name: Checkout                                  
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-
-      - name: Checkout relevant branch
-        run:
-          git checkout ${{ github.event.client_payload.COMMIT_HASH != null && github.event.client_payload.COMMIT_HASH || github.sha }}
-      
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-        
-      - name: Build and push
-        uses: docker/build-push-action@v3
-        with:
-          context: ${{ github.workspace }}
-          file: ./Dockerfile
-          push: true
-          tags: |
-            ${{ env.ECR_REPOSITORY }}:run-${{ github.run_number }}
-            ${{ env.ECR_REPOSITORY }}:${{ env.COMMIT_HASH }}
-      
-      - uses: sarisia/actions-status-discord@c193626e5ce172002b8161e116aa897de7ab5383
-        if: always()
-        with:
-          webhook: ${{ secrets.DISCORD_WEBHOOK }}
-          title: "Build and push cdapp auth-proxy"
+    - name: Echo Env Vars through Context
+      run: |
+        echo "$GITHUB_CONTEXT"
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v3
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_QA }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_QA }}
+        aws-region: ${{ env.AWS_REGION }}
+
+    - name: Login to Amazon ECR
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v1
+
+    - name: Checkout
+      uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+
+    - name: Checkout relevant branch
+      run: git checkout ${{ github.event.client_payload.COMMIT_HASH != null && github.event.client_payload.COMMIT_HASH || github.sha }}
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v2
+
+    - name: Build and push
+      uses: docker/build-push-action@v3
+      with:
+        context: ${{ github.workspace }}
+        file: ./Dockerfile
+        push: true
+        tags: |
+          ${{ env.ECR_REPOSITORY }}:run-${{ github.run_number }}
+          ${{ env.ECR_REPOSITORY }}:${{ (github.ref == 'refs/heads/master' && 'gnosis') || (github.ref == 'refs/heads/master-arbitrum' && 'arbitrum') }}
+          ${{ env.ECR_REPOSITORY }}:${{ env.COMMIT_HASH }}
+
+    - uses: sarisia/actions-status-discord@c193626e5ce172002b8161e116aa897de7ab5383
+      if: always()
+      with:
+        webhook: ${{ secrets.DISCORD_WEBHOOK }}
+        title: "Build and push cdapp auth-proxy"
 
   # Deploy cdapp auth-proxy to QA environment
   deployQA:
@@ -85,42 +86,43 @@ jobs:
     env:
       NAMESPACE: cdapp
       CLUSTER_NAME: qa-cluster
-      ENVIRONMENT_TAG: qa
+      # Tagging image based on whether we are deploying to gnosis or arbitrum
+      ENVIRONMENT_TAG: ${{ (github.ref == 'refs/heads/master' && 'qa') || (github.ref == 'refs/heads/master-arbitrum' && 'qa-arbitrum-sepolia') }}
       REPOSITORY_NAME: cdapp/auth-proxy
 
     steps:
 
-    - name: Configure AWS credentials for ECR                          
-      uses: aws-actions/configure-aws-credentials@v3           
-      with:                                                    
-        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_QA }}        
+    - name: Configure AWS credentials for ECR
+      uses: aws-actions/configure-aws-credentials@v3
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_QA }}
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_QA }}
         aws-region: ${{ env.AWS_REGION }}
-    
-    - name: Login to Amazon ECR            
-      id: login-ecr                        
+
+    - name: Login to Amazon ECR
+      id: login-ecr
       uses: aws-actions/amazon-ecr-login@v1
-    
+
     - name: Echo current image and tag new image
       run: |
         echo -e "Getting image info...\n"
 
         echo -e "###### Current image being used ######\n"
         SHA256=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag=${{ env.ENVIRONMENT_TAG }} --output json | jq '.images[].imageId.imageDigest')
         aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageDigest=$SHA256 --output json | jq '.images[].imageId'
-        
+
         echo -e "\n###### Tagging new image with environment tag ######"
         MANIFEST=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag=${{ env.COMMIT_HASH }} --output json | jq --raw-output --join-output '.images[0].imageManifest')
         aws ecr put-image --repository-name ${{ env.REPOSITORY_NAME }} --image-tag ${{ env.ENVIRONMENT_TAG }} --image-manifest "$MANIFEST"
-        
+
         echo -e "\n###### New image being used ######\n"
         SHA256=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag=${{ env.ENVIRONMENT_TAG }} --output json | jq '.images[].imageId.imageDigest')
         aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageDigest=$SHA256 --output json | jq '.images[].imageId'
-    
-    - name: Configure AWS credentials for EKS                         
-      uses: aws-actions/configure-aws-credentials@v3           
-      with:                                                    
-        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_QA }}        
+
+    - name: Configure AWS credentials for EKS
+      uses: aws-actions/configure-aws-credentials@v3
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_QA }}
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_QA }}
         role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID_QA }}:role/eks-admin
         role-session-name: github-cicd
@@ -138,7 +140,7 @@ jobs:
     - name: Validate Kubernetes deployment
       run: |
         kubectl rollout status deployment/cdapp-auth-proxy-${{ env.ENVIRONMENT_TAG }} -n ${{ env.NAMESPACE }}
-    
+
     - uses: sarisia/actions-status-discord@c193626e5ce172002b8161e116aa897de7ab5383
       if: always()
       with:
@@ -157,42 +159,43 @@ jobs:
     env:
       NAMESPACE: cdapp
       CLUSTER_NAME: prod-cluster
-      ENVIRONMENT_TAG: prod
+      # Tagging image based on whether we are deploying to gnosis or arbitrum
+      ENVIRONMENT_TAG: ${{ (github.ref == 'refs/heads/master' && 'qa') || (github.ref == 'refs/heads/master-arbitrum' && 'prod-arbitrum-one') }}
       REPOSITORY_NAME: cdapp/auth-proxy
 
     steps:
 
-    - name: Configure AWS credentials for ECR                          
-      uses: aws-actions/configure-aws-credentials@v3          
-      with:                                                    
-        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_QA }}        
+    - name: Configure AWS credentials for ECR
+      uses: aws-actions/configure-aws-credentials@v3
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_QA }}
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_QA }}
         aws-region: ${{ env.AWS_REGION }}
-    
-    - name: Login to Amazon ECR            
-      id: login-ecr                        
+
+    - name: Login to Amazon ECR
+      id: login-ecr
       uses: aws-actions/amazon-ecr-login@v1
-    
+
     - name: Echo current image and tag new image
       run: |
         echo -e "Getting image info...\n"
 
         echo -e "###### Current image being used ######\n"
         SHA256=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag=${{ env.ENVIRONMENT_TAG }} --output json | jq '.images[].imageId.imageDigest')
         aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageDigest=$SHA256 --output json | jq '.images[].imageId'
-        
+
         echo -e "\n###### Tagging new image with environment tag ######"
         MANIFEST=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag=${{ env.COMMIT_HASH }} --output json | jq --raw-output --join-output '.images[0].imageManifest')
         aws ecr put-image --repository-name ${{ env.REPOSITORY_NAME }} --image-tag ${{ env.ENVIRONMENT_TAG }} --image-manifest "$MANIFEST"
-        
+
         echo -e "\n###### New image being used ######\n"
         SHA256=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag=${{ env.ENVIRONMENT_TAG }} --output json | jq '.images[].imageId.imageDigest')
         aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageDigest=$SHA256 --output json | jq '.images[].imageId'
-    
-    - name: Configure AWS credentials for EKS                         
-      uses: aws-actions/configure-aws-credentials@v3           
-      with:                                                    
-        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_PROD }}        
+
+    - name: Configure AWS credentials for EKS
+      uses: aws-actions/configure-aws-credentials@v3
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_PROD }}
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_PROD }}
         role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID_PROD }}:role/eks-admin
         role-session-name: github-cicd
@@ -210,7 +213,7 @@ jobs:
     - name: Validate Kubernetes deployment
       run: |
         kubectl rollout status deployment/cdapp-auth-proxy-${{ env.ENVIRONMENT_TAG }} -n ${{ env.NAMESPACE }}
-    
+
     - uses: sarisia/actions-status-discord@c193626e5ce172002b8161e116aa897de7ab5383
       if: always()
       with: