-
Notifications
You must be signed in to change notification settings - Fork 304
165 lines (157 loc) · 6.51 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
# This action acts as a signal dispatcher that fires whenever the release process has
# successfully completed. The listening workflow within the infra-k8s repository has
# a corresponding event handler to generate releases based on this signal
name: Deploy
on:
push:
branches:
- main
# The only commits that will contain changes to the masterlist will be releases
paths-ignore:
- 'MASTERLIST.md'
- 'package.json'
- '.changeset/**'
- 'packages/**/CHANGELOG.md'
- 'packages/**/README.md'
- 'packages/**/package.json'
workflow_dispatch:
inputs:
# For this workflow, BUILD_ALL will cause all adapters to have their image built and deployed
build-all:
description: whether to run steps for all adapters, regardless of whether they were changed in this event
required: false
default: 'false'
concurrency:
group: deploy-and-release
cancel-in-progress: false
jobs:
calculate-changes:
name: Compute changed adapters
runs-on: [ubuntu-latest]
outputs:
adapter-list: ${{ steps.changed-adapters.outputs.CHANGED_ADAPTERS }}
tmp-branch: ${{ steps.push-branch.outputs.TMP_BRANCH }}
steps:
- name: Checkout Repo
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 2
- name: Set up and install dependencies
uses: ./.github/actions/setup
with:
skip-setup: true
- name: Build list of changed packages and changed adapters
id: changed-adapters
env:
UPSTREAM_BRANCH: HEAD~1
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# The deployment will overwrite existing ones, so in order to calculate all adapters that have been changed,
# we can mock running the changesets version command to have them present in the diff.
# Additionally, running the changeset version will cause the images we publish here to have the proper increased version.
yarn changeset version
# If there are changes, commit them and calculate the adapters.
# If there are no changes, we don't need to deploy anything :)
if [[ `git status --porcelain` ]]; then
git commit -am "Mock changesets"
fi
./.github/scripts/changed-adapters.sh
# Since we want to publish with the versions updated, we need to store the changes we've made to a temporary branch
- name: Publish branch
id: push-branch
if: steps.changed-adapters.outputs.CHANGED_ADAPTERS != '[]'
run: |
export TMP_BRANCH="tmp-deploy-$(git rev-parse HEAD)"
git checkout -b tmp-deploy-$(git rev-parse HEAD)
git push origin tmp-deploy-$(git rev-parse HEAD)
echo "TMP_BRANCH=$TMP_BRANCH" >> $GITHUB_OUTPUT
publish-adapter-images:
name: Build and publish ${{ matrix.adapter.shortName }}
runs-on: ubuntu-latest
needs:
- calculate-changes
if: needs.calculate-changes.outputs.adapter-list != '[]'
environment: release
permissions: # These are needed for the configure-aws-credentials action
id-token: write
contents: read
strategy:
matrix: ${{fromJson(needs.calculate-changes.outputs.adapter-list)}}
env:
ECR_URL: ${{ secrets.SDLC_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION_ECR_PRIVATE }}.amazonaws.com
ECR_REPO: adapters/${{ matrix.adapter.shortName }}-adapter
IMAGE_VERSION: ${{ matrix.adapter.version }}
steps:
- name: Check out code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
ref: ${{ needs.calculate-changes.outputs.tmp-branch }}
- name: Build the adapter image
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
push: false
tags: ${{ env.ECR_URL }}/${{ env.ECR_REPO }}:${{ matrix.adapter.version }}
build-args: |
package=${{ matrix.adapter.name }}
location=${{ matrix.adapter.location }}
- name: Debug
run: docker image ls
- name: Publish adapter image
uses: ./.github/actions/publish-image
with:
image-version: ${{ matrix.adapter.version }}
aws-ecr-url: ${{ env.ECR_URL }}
aws-ecr-repo: ${{ env.ECR_REPO }}
aws-region: ${{ secrets.AWS_REGION_ECR_PRIVATE }}
aws-role: ${{ secrets.AWS_OIDC_IAM_ROLE_ARN }}
aws-ecr-account-ids: ${{ secrets.AWS_PRIVATE_ECR_SECONDARY_ACCOUNT_ACCESS_IDS }}
aws-ecr-private: true
latest: true
deploy:
name: Trigger infra deployment
permissions:
id-token: write
contents: read
runs-on: ubuntu-latest
needs:
- calculate-changes
- publish-adapter-images
if: needs.calculate-changes.outputs.adapter-list != '[]'
environment: InfraK8s
env:
ECR_URL: ${{ secrets.SDLC_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION_ECR_PRIVATE }}.amazonaws.com
CHANGED_ADAPTERS: ${{ needs.calculate-changes.outputs.adapter-list }}
steps:
- name: Setup GitHub Token
id: setup-github-token
uses: smartcontractkit/.github/actions/setup-github-token@9e7cc0779934cae4a9028b8588c9adb64d8ce68c # setup-github-token@0.1.2
with:
aws-role-arn: ${{ secrets.AWS_ROLE_ARN_FOR_INFRA_K8s_PAT }}
aws-lambda-url: ${{ secrets.GATI_LAMBDA_DATA_FEEDS_URL }}
aws-region: ${{ secrets.AWS_REGION }}
aws-role-duration-seconds: '1800' # this is optional and defaults to 900
- name: Trigger Image Dispatcher
run: >
gh workflow run
--repo smartcontractkit/infra-k8s
--ref main "Infra-k8s Image Dispatcher"
-F imageRepos="$(echo $CHANGED_ADAPTERS | jq -r "\"$ECR_URL/adapters/\" + (.adapter | .[].shortName) + \"-adapter\"" | tr '\n' ' ')"
-F gitRepo=${{ github.event.repository.name }}
env:
GITHUB_TOKEN: ${{ steps.setup-github-token.outputs.access-token }}
cleanup:
name: Clean up ephemeral items
runs-on: ubuntu-latest
needs:
- calculate-changes
- deploy
if: always() && needs.calculate-changes.outputs.adapter-list != '[]'
steps:
- name: Check out code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
ref: ${{ needs.calculate-changes.outputs.tmp-branch }}
- name: Delete ephemeral branch
run: |
git push origin --delete ${{ needs.calculate-changes.outputs.tmp-branch }}