CD #151
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CD" | |
on: | |
workflow_dispatch: | |
inputs: | |
sha: | |
description: "partner-chains commit SHA to build from" | |
required: true | |
type: string | |
tag: | |
description: "partner-chains release tag" | |
required: true | |
type: string | |
no-build: | |
description: "Skip build and use previously artifacts built in a past run" | |
required: false | |
type: boolean | |
default: false | |
no-public: | |
description: "Skip steps to publish public release and public GHCR image" | |
required: false | |
type: boolean | |
default: true | |
no-release: | |
description: "Skip creating draft release page" | |
required: false | |
type: boolean | |
default: false | |
no-deploy: | |
description: "Skip deployment to staging environment" | |
required: false | |
type: boolean | |
default: false | |
no-wipe: | |
description: "Skip staging environment chain wipe and keep volumes" | |
required: false | |
type: boolean | |
default: false | |
no-tests: | |
description: "Skip all test steps against staging environment" | |
required: false | |
type: boolean | |
default: false | |
permissions: | |
id-token: write | |
contents: write | |
packages: write | |
env: | |
AWS_REGION: "eu-central-1" | |
SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
STAGING_PREVIEW_SERVICES_HOST: staging-preview-services-service.staging-preview.svc.cluster.local | |
STAGING_PREVIEW_VALIDATOR_1_HOST: staging-preview-validator-1-service.staging-preview.svc.cluster.local | |
STAGING_PREVIEW_VALIDATOR_1_PORT: 9933 | |
jobs: | |
build-linux: | |
if: ${{ github.event.inputs.no-build != 'true' }} | |
permissions: | |
id-token: write | |
contents: write | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Build and Upload for Linux | |
uses: ./.github/actions/artifacts/build-pc-artifacts | |
with: | |
sha: ${{ inputs.sha }} | |
tag: ${{ inputs.tag }} | |
os: linux | |
build-macos-x86_64: | |
if: ${{ github.event.inputs.no-build != 'true' }} | |
permissions: | |
id-token: write | |
contents: write | |
runs-on: macos-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Build and Upload for macOS x86_64 | |
uses: ./.github/actions/artifacts/build-pc-artifacts | |
with: | |
sha: ${{ inputs.sha }} | |
tag: ${{ inputs.tag }} | |
os: macos-x86_64 | |
build-macos-arm64: | |
if: ${{ github.event.inputs.no-build != 'true' }} | |
permissions: | |
id-token: write | |
contents: write | |
runs-on: macos-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Build and Upload for macOS arm64 | |
uses: ./.github/actions/artifacts/build-pc-artifacts | |
with: | |
sha: ${{ inputs.sha }} | |
tag: ${{ inputs.tag }} | |
os: macos-arm64 | |
upload-to-s3: | |
if: ${{ github.event.inputs.no-build != 'true' }} | |
needs: | |
- build-linux | |
- build-macos-x86_64 | |
- build-macos-arm64 | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
contents: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Upload Artifacts to S3 | |
uses: ./.github/actions/artifacts/upload-to-s3 | |
with: | |
sha: ${{ inputs.sha }} | |
bucket-name: ${{ secrets.AWS_CD_ARTIFACT_S3_BUCKET }} | |
env: | |
AWS_REGION: ${{ env.AWS_REGION }} | |
AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_S3_ROLE_ARN_SECRET }} | |
download-from-s3: | |
if: ${{ github.event.inputs.no-build == 'true' }} | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
contents: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Download Artifacts from S3 | |
uses: ./.github/actions/artifacts/download-from-s3 | |
with: | |
sha: ${{ inputs.sha }} | |
bucket-name: ${{ secrets.AWS_CD_ARTIFACT_S3_BUCKET }} | |
env: | |
AWS_REGION: ${{ env.AWS_REGION }} | |
AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_S3_ROLE_ARN_SECRET }} | |
artifacts-ready: | |
needs: | |
- upload-to-s3 | |
- download-from-s3 | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
contents: write | |
if: ${{ needs.upload-to-s3.result == 'success' || needs.download-from-s3.result == 'success' }} | |
steps: | |
- name: Artifacts Ready | |
run: | | |
if [[ "${{ needs.upload-to-s3.result }}" == "success" ]]; then | |
echo "Artifacts have been compiled and uploaded to S3" | |
elif [[ "${{ needs.download-from-s3.result }}" == "success" ]]; then | |
echo "Previously built artifacts were downloaded from S3." | |
fi | |
build-and-publish-ecr: | |
permissions: | |
id-token: write | |
contents: write | |
needs: artifacts-ready | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Build and Publish to ECR | |
uses: ./.github/actions/images/build-and-publish-ecr | |
with: | |
sha: ${{ inputs.sha }} | |
tag: ${{ inputs.tag }} | |
env: | |
AWS_REGION: "eu-central-1" | |
ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }} | |
AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }} | |
create-draft-release: | |
if: ${{ github.event.inputs.no-release != 'true' }} | |
permissions: | |
id-token: write | |
contents: write | |
needs: artifacts-ready | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Create Draft Release | |
uses: ./.github/actions/release/create-draft-release | |
with: | |
tag: ${{ inputs.tag }} | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
generate-chain-specs: | |
permissions: | |
id-token: write | |
contents: write | |
needs: artifacts-ready | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Generate Chain Specs | |
uses: ./.github/actions/artifacts/generate-chain-specs | |
with: | |
tag: ${{ inputs.tag }} | |
upload-chain-specs: | |
permissions: | |
id-token: write | |
contents: write | |
needs: generate-chain-specs | |
runs-on: eks | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Upload chain spec artifacts to Kubernetes | |
uses: ./.github/actions/deploy/upload-chain-specs | |
with: | |
sha: ${{ github.sha }} | |
env: | |
kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
deploy-staging-preview: | |
if: ${{ github.event.inputs.no-deploy != 'true' }} | |
permissions: | |
id-token: write | |
contents: write | |
needs: | |
- build-and-publish-ecr | |
- upload-chain-specs | |
runs-on: eks | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Deploy staging-preview | |
uses: ./.github/actions/deploy/deploy-staging-preview | |
with: | |
image: ${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node:${{ inputs.sha }} | |
sha: ${{ github.sha }} | |
no-wipe: ${{ github.event.inputs.no-wipe || 'false' }} | |
env: | |
AWS_REGION: "eu-central-1" | |
SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }} | |
ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }} | |
kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
partner-chain-ready: | |
if: ${{ github.event.inputs.no-tests != 'true' && (needs.deploy-staging-preview.result == 'success' || needs.deploy-staging-preview.result == 'skipped') }} | |
runs-on: eks | |
needs: deploy-staging-preview | |
outputs: | |
deployment_mc_epoch: ${{ steps.mc-epoch.outputs.deployment_mc_epoch }} | |
steps: | |
- name: Set deployment main chain epoch | |
id: mc-epoch | |
run: echo "deployment_mc_epoch=$(curl -s http://$STAGING_PREVIEW_SERVICES_HOST:1337/health | jq .currentEpoch)" >> $GITHUB_OUTPUT | |
shell: bash | |
- name: Check Finalization Status | |
run: | | |
FINALIZED_NUMBER=$( | |
curl -s -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"chain_getFinalizedHead","params":[],"id":"1"}' http://$STAGING_PREVIEW_VALIDATOR_1_HOST:$STAGING_PREVIEW_VALIDATOR_1_PORT | | |
jq -r ".result" | | |
xargs -I {} curl -s -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"chain_getHeader","params":["{}"],"id":"1"}' http://$STAGING_PREVIEW_VALIDATOR_1_HOST:$STAGING_PREVIEW_VALIDATOR_1_PORT | | |
jq -r ".result.number" | xargs printf "%d" | |
) | |
timeout=300 # Timeout in seconds | |
interval=10 # Interval in seconds | |
elapsed=0 | |
while [ "$FINALIZED_NUMBER" -le 0 ]; do | |
if [ $elapsed -ge $timeout ]; then | |
echo "Timeout reached: $timeout seconds" | |
exit 1 | |
fi | |
echo "Waiting for blocks to be finalized..." | |
sleep $interval | |
elapsed=$((elapsed + interval)) | |
FINALIZED_NUMBER=$( | |
curl -s -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"chain_getFinalizedHead","params":[],"id":"1"}' http://$STAGING_PREVIEW_VALIDATOR_1_HOST:$STAGING_PREVIEW_VALIDATOR_1_PORT | | |
jq -r ".result" | | |
xargs -I {} curl -s -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"chain_getHeader","params":["{}"],"id":"1"}' http://$STAGING_PREVIEW_VALIDATOR_1_HOST:$STAGING_PREVIEW_VALIDATOR_1_PORT | | |
jq -r ".result.number" | xargs printf "%d" | |
) | |
done | |
echo "Blocks are being finalized. Finalized Block Number: $FINALIZED_NUMBER" | |
shell: bash | |
run-smoke-tests: | |
if: ${{ github.event.inputs.no-tests != 'true' }} | |
permissions: | |
id-token: write | |
contents: read | |
needs: partner-chain-ready | |
runs-on: eks | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup tests | |
uses: ./.github/actions/tests/setup-python | |
env: | |
ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
- name: Run smoke tests | |
uses: ./.github/actions/tests/run-e2e-tests | |
with: | |
blockchain: substrate | |
env: staging | |
decrypt: true | |
markers: "not active_flow and not passive_flow and (CD or rpc)" | |
threads: 1 | |
run-all-tests: | |
if: ${{ github.event.inputs.no-tests != 'true' }} | |
permissions: | |
id-token: write | |
contents: read | |
needs: run-smoke-tests | |
runs-on: eks | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup tests | |
uses: ./.github/actions/tests/setup-python | |
env: | |
ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
- name: Run all tests (some skipped due to new deployment) | |
uses: ./.github/actions/tests/run-e2e-tests | |
env: | |
DEPLOYMENT_MC_EPOCH: ${{ needs.partner-chain-ready.outputs.deployment_mc_epoch }} | |
with: | |
blockchain: substrate | |
env: staging | |
decrypt: true | |
markers: "not active_flow and not passive_flow" | |
deployment_mc_epoch: $DEPLOYMENT_MC_EPOCH | |
threads: 1 | |
wait-for-n1-epoch: | |
if: ${{ github.event.inputs.no-tests != 'true' }} | |
permissions: | |
id-token: write | |
contents: read | |
needs: partner-chain-ready | |
runs-on: eks | |
timeout-minutes: 1440 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Configure kubectl | |
uses: ./.github/actions/tests/configure-kubectl | |
env: | |
kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
- name: Set MC epoch to wait for | |
id: increment-epoch | |
env: | |
DEPLOYMENT_MC_EPOCH: ${{ needs.partner-chain-ready.outputs.deployment_mc_epoch }} | |
run: | | |
echo "Current epoch: $DEPLOYMENT_MC_EPOCH" | |
incremented_epoch=$((DEPLOYMENT_MC_EPOCH + 1)) | |
echo "Incremented epoch: $incremented_epoch" | |
echo "mc_epoch_to_wait_for=$incremented_epoch" >> $GITHUB_OUTPUT | |
- name: Wait for next MC epoch | |
uses: ./.github/actions/tests/wait-for-epoch | |
with: | |
epoch: ${{ steps.increment-epoch.outputs.mc_epoch_to_wait_for }} | |
deployment: kubernetes | |
node: staging-preview-validator-1 | |
environment: staging-preview | |
run-all-tests-on-n1-epoch: | |
if: ${{ github.event.inputs.no-tests != 'true' }} | |
permissions: | |
id-token: write | |
contents: read | |
needs: wait-for-n1-epoch | |
runs-on: eks | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup tests | |
uses: ./.github/actions/tests/setup-python | |
env: | |
ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
- name: Run all tests (some skipped due to new deployment) | |
uses: ./.github/actions/tests/run-e2e-tests | |
env: | |
DEPLOYMENT_MC_EPOCH: ${{ needs.partner-chain-ready.outputs.deployment_mc_epoch }} | |
with: | |
blockchain: substrate | |
env: staging | |
decrypt: true | |
latest_mc_epoch: true | |
markers: "not active_flow and not passive_flow" | |
deployment_mc_epoch: $DEPLOYMENT_MC_EPOCH | |
threads: 1 | |
wait-for-n2-epoch: | |
if: ${{ github.event.inputs.no-tests != 'true' }} | |
permissions: | |
id-token: write | |
contents: read | |
needs: | |
- partner-chain-ready | |
- wait-for-n1-epoch | |
runs-on: eks | |
timeout-minutes: 1450 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Configure kubectl | |
uses: ./.github/actions/tests/configure-kubectl | |
env: | |
kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
- name: Set MC epoch to wait for | |
id: increment-epoch | |
env: | |
DEPLOYMENT_MC_EPOCH: ${{ needs.partner-chain-ready.outputs.deployment_mc_epoch }} | |
run: | | |
echo "Current epoch: $DEPLOYMENT_MC_EPOCH" | |
incremented_epoch=$((DEPLOYMENT_MC_EPOCH + 2)) | |
echo "Incremented epoch: $incremented_epoch" | |
echo "mc_epoch_to_wait_for=$incremented_epoch" >> $GITHUB_OUTPUT | |
- name: Wait for next MC epoch | |
uses: ./.github/actions/tests/wait-for-epoch | |
with: | |
epoch: ${{ steps.increment-epoch.outputs.mc_epoch_to_wait_for }} | |
deployment: kubernetes | |
node: staging-preview-validator-1 | |
environment: staging-preview | |
run-all-tests-on-n2-epoch: | |
if: ${{ github.event.inputs.no-tests != 'true' }} | |
permissions: | |
id-token: write | |
contents: read | |
needs: wait-for-n2-epoch | |
runs-on: eks | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup tests | |
uses: ./.github/actions/tests/setup-python | |
env: | |
ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
- name: Run all tests (no skipped tests) | |
uses: ./.github/actions/tests/run-e2e-tests | |
env: | |
DEPLOYMENT_MC_EPOCH: ${{ needs.partner-chain-ready.outputs.deployment_mc_epoch }} | |
with: | |
blockchain: substrate | |
env: staging | |
decrypt: true | |
latest_mc_epoch: true | |
markers: "not active_flow and not passive_flow" | |
deployment_mc_epoch: $DEPLOYMENT_MC_EPOCH | |
threads: 1 | |
publish: | |
if: ${{ always() && github.event.inputs.no-release != 'true' && github.event.inputs.no-public != 'true' && (github.event.inputs.no-tests == 'true' || needs.run-all-tests-on-n2-epoch.result == 'success') }} | |
permissions: | |
id-token: write | |
contents: write | |
packages: write | |
needs: | |
- artifacts-ready | |
- run-all-tests-on-n2-epoch | |
runs-on: ubuntu-latest | |
steps: | |
- name: Trigger Publish Workflow | |
run: | | |
curl -X POST \ | |
-H "Authorization: token ${{ secrets.ACTIONS_PUBLISH_PAT }}" \ | |
-H "Accept: application/vnd.github.v3+json" \ | |
https://api.github.com/repos/${{ github.repository }}/actions/workflows/publish.yml/dispatches \ | |
-d '{"ref": "${{ github.ref_name }}", "inputs": {"sha": "${{ inputs.sha }}", "tag": "${{ inputs.tag }}"}}' | |
# deploy-staging-preprod: | |
# if: ${{ github.event.inputs.no-deploy != 'true' }} | |
# permissions: | |
# id-token: write | |
# contents: write | |
# needs: run-all-tests-on-n2-epoch | |
# runs-on: eks | |
# steps: | |
# - name: Checkout | |
# uses: actions/checkout@v4 | |
# - name: Deploy staging-preprod | |
# uses: ./.github/actions/deploy-staging-preprod | |
# with: | |
# image: ${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node:${{ inputs.sha }} | |
# chain-spec-secret: ${{ inputs.chain-spec-secret }} | |
# no-wipe: ${{ github.event.inputs.no-wipe || 'false' }} | |
# env: | |
# AWS_REGION: "eu-central-1" | |
# SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
# ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
# AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }} | |
# ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }} | |
# kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
# K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
# K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
# | |
# staging-preprod-tests: | |
# if: ${{ github.event.inputs.no-tests != 'true' }} | |
# permissions: | |
# id-token: write | |
# contents: write | |
# needs: deploy-staging-preprod | |
# runs-on: eks | |
# steps: | |
# - name: Checkout | |
# uses: actions/checkout@v4 | |
# - name: Run Tests | |
# uses: ./.github/actions/tests/staging-preprod-tests | |
# with: | |
# node-host: staging-preprod-validator-1.staging-preprod.svc.cluster.local | |
# node-port: 9933 | |
# env: | |
# SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
# AWS_ROLE_ARN_: ${{ secrets.AWS_ROLE_ARN_ }} | |
# SSH_KEY_BINARY_HOST: ${{ secrets.SSH_KEY_BINARY_HOST }} | |
# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
# JIRA_URL: ${{ secrets.JIRA_URL }} | |
# ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
# kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
# K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
# K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} |