-
Notifications
You must be signed in to change notification settings - Fork 30
150 lines (126 loc) · 6.71 KB
/
dev-otc.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
name: Build, Test, and Deploy otc (DEV env) services for specific partner
on:
# push:
# branches:
# - dev
workflow_dispatch:
inputs:
partner_name:
type: string
description: 'The name of the partner (provided during workflow execution)'
required: true
default: default
jobs:
build:
runs-on: ubuntu-20.04
strategy:
matrix:
java: [ 17 ]
name: Build OPEX and run tests with java ${{ matrix.java }} (otc)
env:
TAG: otc-dev
PARTNER: ${{ github.event.inputs.partner_name || 'default' }}
steps:
- name: Checkout Source Code
uses: actions/checkout@v2
- name: Setup Java
uses: actions/setup-java@v2
with:
distribution: 'adopt'
java-package: jdk
java-version: ${{ matrix.java }}
- name: Fetch partners config
id: download_partners_data
run: |
curl -L -o partner_mappings.yml -H "Authorization: token ${{secrets.PARTNERS_ACCESS_TOKEN}} " https://raw.githubusercontent.com/opexdev/partners/main/partner_mappings.yml
- name: Pars partners config file
id: read_partners_data
run: |
yaml() {
python3 -c "import yaml;print(yaml.safe_load(open('$1'))$2)"
}
export SSH_HOST=$(yaml partner_mappings.yml "['partners']['${{env.PARTNER}}']['SSH_HOST']")
export SSH_DIR=$(yaml partner_mappings.yml "['partners']['${{env.PARTNER}}']['SSH_DIR']")
export SSH_PRIVATE_KEY=$(yaml partner_mappings.yml "['partners']['${{env.PARTNER}}']['SSH_PRIVATE_KEY']")
export SSH_USER=$(yaml partner_mappings.yml "['partners']['${{env.PARTNER}}']['SSH_USER']")
export PASSWORD=$(yaml partner_mappings.yml "['partners']['${{env.PARTNER}}']['PASSWORD']")
export ENV_PATH=$(yaml partner_mappings.yml "['partners']['${{env.PARTNER}}']['ENV_PATH']")
export SSH_PORT=$(yaml partner_mappings.yml "['partners']['${{env.PARTNER}}']['SSH_PORT']")
echo "::add-mask::$SSH_HOST"
echo "::add-mask::$SSH_DIR"
echo "::add-mask::$SSH_PRIVATE_KEY"
echo "::add-mask::$SSH_USER"
echo "::add-mask::$PASSWORD"
echo "::add-mask::$ENV_PATH"
echo "::add-mask::$SSH_PORT"
echo "SSH_HOST=$SSH_HOST" >> $GITHUB_OUTPUT
echo "SSH_DIR=$SSH_DIR" >> $GITHUB_OUTPUT
echo "SSH_PRIVATE_KEY=$SSH_PRIVATE_KEY" >> $GITHUB_OUTPUT
echo "SSH_USER=$SSH_USER" >> $GITHUB_OUTPUT
echo "PASSWORD=$PASSWORD" >> $GITHUB_OUTPUT
echo "ENV_PATH=$ENV_PATH" >> $GITHUB_OUTPUT
echo "SSH_PORT=$SSH_PORT" >> $GITHUB_OUTPUT
- name: Decrypt data
id: decrypt_data
run: |
echo ${{ steps.read_partners_data.outputs.SSH_HOST }} | openssl aes-256-cbc -d -a -pass pass:${{secrets.PARTNERS_KEY }} > decrypted_ssh_host.txt
echo ${{ steps.read_partners_data.outputs.SSH_DIR }} | openssl aes-256-cbc -d -a -pass pass:${{secrets.PARTNERS_KEY }} > decrypted_dir.txt
echo ${{ steps.read_partners_data.outputs.SSH_USER }} | openssl aes-256-cbc -d -a -pass pass:${{secrets.PARTNERS_KEY }} > decrypted_user.txt
echo ${{ steps.read_partners_data.outputs.PASSWORD }} | openssl aes-256-cbc -d -a -pass pass:${{secrets.PARTNERS_KEY }} > decrypted_password.txt
curl -L -o priv_file.txt -H "Authorization: token ${{secrets.PARTNERS_ACCESS_TOKEN}} " https://raw.githubusercontent.com/opexdev/partners/main/${{ steps.read_partners_data.outputs.SSH_PRIVATE_KEY }}
cat priv_file.txt | openssl aes-256-cbc -d -a -pass pass:${{secrets.PARTNERS_KEY }} > decrypted_private_key.txt
export SSH_SECRET_NN=$( cat decrypted_private_key.txt | tr -s '\r\n' '#')
export user_ssh=$(cat decrypted_user.txt)
export ssh_dir=$(cat decrypted_dir.txt)
export ssh_host=$(cat decrypted_ssh_host.txt)
export env_path=${{ steps.read_partners_data.outputs.ENV_PATH }}
export ssh_port=${{ steps.read_partners_data.outputs.SSH_PORT}}
export server_pass=$(cat decrypted_password.txt)
echo "::add-mask::$ssh_dir"
echo "::add-mask::$SSH_SECRET_NN"
echo "::add-mask::$ssh_host"
echo "::add-mask::$env_path"
echo "::add-mask::$server_pass"
echo "::add-mask::$user_ssh"
echo "::add-mask::$ssh_port"
echo "ssh_user=$user_ssh" >> $GITHUB_OUTPUT
echo "ssh_dir=$ssh_dir" >> $GITHUB_OUTPUT
echo "ssh_host=$ssh_host" >> $GITHUB_OUTPUT
echo "ssh_secret=$SSH_SECRET_NN" >> $GITHUB_OUTPUT
echo "env_path=$env_path" >> $GITHUB_OUTPUT
echo "ssh_port=$ssh_port" >> $GITHUB_OUTPUT
echo "password=$server_pass" >> $GITHUB_OUTPUT
- name: Build
run: |
mvn -pl common -am -B -T 1C clean install -Potc
mvn -pl wallet,bc-gateway -amd -B -T 1C clean install -Potc
- name: Run Tests
run: |
mvn -pl common -am -B -T 1C -Dskip.unit.tests=false surefire:test
mvn -pl wallet,bc-gateway -amd -B -T 1C -Dskip.unit.tests=false surefire:test
- name: Build Docker images
run: docker compose -f docker-compose-otc.build.yml build
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push images to GitHub Container Registry
run: docker compose -f docker-compose-otc.build.yml push
- name: Pull docker images in dest server
env:
token: ${{secrets.PARTNERS_ACCESS_TOKEN}}
run: |
export SSH_USER=${{steps.decrypt_data.outputs.ssh_user }}
export SSH_DIR=${{ steps.decrypt_data.outputs.ssh_dir }}
export SSH_HOST=${{ steps.decrypt_data.outputs.ssh_host }}
export SERVER_PASSWORD='${{ steps.decrypt_data.outputs.password }}'
export ENV_PATH=${{ steps.decrypt_data.outputs.env_path }}
export SSH_PORT=${{ steps.decrypt_data.outputs.ssh_port }}
sshpass -p $SERVER_PASSWORD ssh -o StrictHostKeyChecking=no "$SSH_USER"@"$SSH_HOST" -p "$SSH_PORT" " \
cd "$SSH_DIR"; \
curl https://raw.githubusercontent.com/opexdev/partners/main/"$ENV_PATH" -L -o .env -H 'Authorization:token $token' ; \
echo '$SERVER_PASSWORD' | sudo -S docker compose -f docker-compose-otc.yml pull; \
echo '$SERVER_PASSWORD' | sudo -S docker network create --driver bridge otc-network || true; \
echo '$SERVER_PASSWORD' | sudo -S docker compose -f docker-compose-otc.yml -f docker-compose-otc.local.yml up -d && exit "