feat: initial merge of ci.yml and cd.yml workflows to begin testing (no removing live CI workflows yet) #38
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened, closed] | |
| branches: | |
| - master | |
| env: | |
| AWS_REGION: "eu-central-1" | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| permissions: | |
| id-token: write | |
| contents: write | |
| jobs: | |
| earthly-build-and-push: | |
| runs-on: ubuntu-latest | |
| if: github.event.action != 'closed' || github.event.pull_request.merged == true | |
| permissions: | |
| id-token: write | |
| contents: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Earthly | |
| uses: ./.github/earthly-setup | |
| with: | |
| ssh_key: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }} | |
| config_tar: ${{ secrets.EARTHLY_TAR }} | |
| - name: Acquire AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN_SECRET }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ secrets.ECR_REGISTRY_SECRET }} | |
| # - name: Build (PR only) | |
| # env: | |
| # EARTHLY_CI: true | |
| # EARTHLY_OUTPUT: true | |
| # EARTHLY_PUSH: false | |
| # if: github.event.pull_request.merged != true | |
| # run: | | |
| # earthly -P +ci --image=${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node | |
| - name: Build and Push (On-merge) | |
| env: | |
| EARTHLY_CI: true | |
| EARTHLY_OUTPUT: true | |
| EARTHLY_PUSH: true | |
| # if: github.event.pull_request.merged == true | |
| run: | | |
| earthly -P +ci --image=${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node --PROFILE=production | |
| - name: Upload chain spec artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: chain-specs | |
| path: | | |
| ./devnet_chain_spec.json | |
| ./staging_preview_chain_spec.json | |
| ./staging_preprod_chain_spec.json | |
| devshell-tests: | |
| permissions: | |
| id-token: write | |
| contents: write | |
| strategy: | |
| matrix: | |
| os: [nixos, macos] | |
| runs-on: | |
| - self-hosted | |
| - ${{ matrix.os }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Acquire AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN_ }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Add signing key for nix | |
| run: echo "${{ secrets.NIX_SIGNING_KEY }}" > "${{ runner.temp }}/nix-key" | |
| - name: Run nixci to build/test all outputs | |
| run: | | |
| nix run github:srid/nixci -- -v build -- --fallback > /tmp/outputs | |
| - name: Copy nix scopes to nix cache | |
| run: | | |
| nix-store --stdin -q --deriver < /tmp/outputs | nix-store --stdin -qR --include-outputs \ | |
| | nix copy --stdin --to \ | |
| "s3://cache.sc.iog.io?secret-key=${{ runner.temp }}/nix-key®ion=$AWS_DEFAULT_REGION" \ | |
| && rm /tmp/outputs | |
| deploy-argocd: | |
| needs: earthly-build-and-push | |
| permissions: | |
| id-token: write | |
| contents: write | |
| # if: github.event.pull_request.merged == true | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Deploy ArgoCD Node | |
| uses: ./.github/actions/deploy/argocd/deploy-argocd | |
| with: | |
| sha: ${{ github.sha }} | |
| env: | |
| ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
| argocd-tests: | |
| needs: deploy-argocd | |
| permissions: | |
| id-token: write | |
| contents: write | |
| runs-on: [self-hosted, eks] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Run Tests | |
| uses: ./.github/actions/tests/run-k8-tests | |
| with: | |
| node-host: sha-${{ github.sha }}-service.integration-testing.svc.cluster.local | |
| node-port: 9933 | |
| env: | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| AWS_ROLE_ARN_: ${{ secrets.AWS_ROLE_ARN_ }} | |
| SSH_KEY_BINARY_HOST: ${{ secrets.SSH_KEY_BINARY_HOST }} | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| JIRA_URL: ${{ secrets.JIRA_URL }} | |
| ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
| teardown-argocd: | |
| needs: argocd-tests | |
| permissions: | |
| id-token: write | |
| contents: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Teardown ArgoCD Environment | |
| uses: ./.github/actions/deploy/argocd/teardown-argocd | |
| with: | |
| sha: ${{ github.sha }} | |
| env: | |
| ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
| upload-chain-specs: | |
| permissions: | |
| id-token: write | |
| contents: write | |
| needs: [earthly-build-and-push] | |
| # if: github.event.pull_request.merged == true | |
| runs-on: [self-hosted, eks] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Upload chain spec artifacts to Kubernetes | |
| uses: ./.github/actions/upload-chain-specs | |
| with: | |
| sha: ${{ github.sha }} | |
| env: | |
| kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
| K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
| K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
| deploy-rustdoc: | |
| permissions: | |
| id-token: write | |
| contents: write | |
| runs-on: ubuntu-latest | |
| if: github.event.pull_request.merged == true | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Deploy Rust Docs | |
| uses: ./.github/actions/deploy/deploy-rustdoc | |
| with: | |
| ssh_key: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |