CD #23
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CD | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| sha: | |
| description: "partner-chains commit SHA to build from" | |
| required: true | |
| type: string | |
| tag: | |
| description: "partner-chains release tag" | |
| required: true | |
| type: string | |
| permissions: | |
| id-token: write | |
| contents: write | |
| env: | |
| AWS_REGION: "eu-central-1" | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| jobs: | |
| build-linux: | |
| permissions: | |
| id-token: write | |
| contents: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.sha }} | |
| - name: Build and Upload for Linux | |
| uses: ./.github/actions/artifacts/build-pc-artifacts | |
| with: | |
| tag: ${{ inputs.tag }} | |
| os: linux | |
| build-macos-x86_64: | |
| permissions: | |
| id-token: write | |
| contents: write | |
| runs-on: macos-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.sha }} | |
| - name: Build and Upload for macOS x86_64 | |
| uses: ./.github/actions/artifacts/build-pc-artifacts | |
| with: | |
| tag: ${{ inputs.tag }} | |
| os: macos-x86_64 | |
| build-macos-arm64: | |
| permissions: | |
| id-token: write | |
| contents: write | |
| runs-on: macos-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.sha }} | |
| - name: Build and Upload for macOS arm64 | |
| uses: ./.github/actions/artifacts/build-pc-artifacts | |
| with: | |
| tag: ${{ inputs.tag }} | |
| os: macos-arm64 | |
| build-and-publish-ecr: | |
| permissions: | |
| id-token: write | |
| contents: write | |
| needs: build-linux | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Build and Publish to ECR | |
| uses: ./.github/actions/images/build-and-publish-ecr | |
| with: | |
| sha: ${{ inputs.sha }} | |
| tag: ${{ inputs.tag }} | |
| env: | |
| AWS_REGION: "eu-central-1" | |
| ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }} | |
| AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }} | |
| SSH_KEY: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }} | |
| CONFIG_TAR: ${{ secrets.EARTHLY_TAR }} | |
| create-draft-release: | |
| permissions: | |
| id-token: write | |
| contents: write | |
| needs: [build-linux, build-macos-x86_64, build-macos-arm64] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Create Draft Release | |
| uses: ./.github/actions/release/create-draft-release | |
| with: | |
| tag: ${{ inputs.tag }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| generate-chain-specs: | |
| permissions: | |
| id-token: write | |
| contents: write | |
| needs: build-linux | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Generate Chain Specs | |
| uses: ./.github/actions/artifacts/generate-chain-specs | |
| with: | |
| tag: ${{ inputs.tag }} | |
| upload-chain-specs: | |
| permissions: | |
| id-token: write | |
| contents: write | |
| needs: generate-chain-specs | |
| runs-on: [self-hosted, eks] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Upload chain spec artifacts to Kubernetes | |
| uses: ./.github/actions/deploy/upload-chain-specs | |
| with: | |
| sha: ${{ github.sha }} | |
| env: | |
| kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
| K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
| K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
| deploy-staging-preview: | |
| permissions: | |
| id-token: write | |
| contents: write | |
| needs: [build-and-publish-ecr, upload-chain-specs] | |
| runs-on: [self-hosted, eks] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Deploy staging-preview | |
| uses: ./.github/actions/deploy/deploy-staging-preview | |
| with: | |
| image: ${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node:${{ inputs.sha }} | |
| chain-spec-secret: ${{ inputs.chain-spec-secret }} | |
| env: | |
| AWS_REGION: "eu-central-1" | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
| AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }} | |
| ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }} | |
| kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
| K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
| K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
| staging-preview-tests: | |
| permissions: | |
| id-token: write | |
| contents: write | |
| needs: deploy-staging-preview | |
| runs-on: [self-hosted, eks] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Run Tests | |
| uses: ./.github/actions/tests/staging-preview-tests | |
| with: | |
| node-host: staging-preview-validator-1.staging-preview.svc.cluster.local | |
| node-port: 9933 | |
| env: | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| AWS_ROLE_ARN_: ${{ secrets.AWS_ROLE_ARN_ }} | |
| SSH_KEY_BINARY_HOST: ${{ secrets.SSH_KEY_BINARY_HOST }} | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| JIRA_URL: ${{ secrets.JIRA_URL }} | |
| ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
| kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
| K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
| K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
| build-and-publish-ghcr: | |
| permissions: | |
| id-token: write | |
| contents: write | |
| needs: staging-preview-tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Build and Publish to GHCR | |
| uses: ./.github/actions/images/build-and-publish-ghcr | |
| with: | |
| sha: ${{ inputs.sha }} | |
| tag: ${{ inputs.tag }} | |
| ssh_key_earthly: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }} | |
| config_tar: ${{ secrets.EARTHLY_TAR }} | |
| env: | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SUBSTRATE_REPO_SSH_KEY: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }} | |
| EARTHLY_TAR: ${{ secrets.EARTHLY_TAR }} | |
| publish-release: | |
| permissions: | |
| id-token: write | |
| contents: write | |
| needs: staging-preview-tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Publish Release | |
| uses: ./.github/actions/publish-release | |
| with: | |
| tag: ${{ inputs.tag }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| deploy-staging-preprod: | |
| permissions: | |
| id-token: write | |
| contents: write | |
| needs: staging-preview-tests | |
| runs-on: [self-hosted, eks] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Deploy staging-preprod | |
| uses: ./.github/actions/deploy-staging-preprod | |
| with: | |
| image: ${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node:${{ inputs.sha }} | |
| chain-spec-secret: ${{ inputs.chain-spec-secret }} | |
| env: | |
| AWS_REGION: "eu-central-1" | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
| AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }} | |
| ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }} | |
| kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
| K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
| K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
| staging-preprod-tests: | |
| permissions: | |
| id-token: write | |
| contents: write | |
| needs: deploy-staging-preprod | |
| runs-on: [self-hosted, eks] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Run Tests | |
| uses: ./.github/actions/tests/staging-preprod-tests | |
| with: | |
| node-host: staging-preprod-validator-1.staging-preprod.svc.cluster.local | |
| node-port: 9933 | |
| env: | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| AWS_ROLE_ARN_: ${{ secrets.AWS_ROLE_ARN_ }} | |
| SSH_KEY_BINARY_HOST: ${{ secrets.SSH_KEY_BINARY_HOST }} | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| JIRA_URL: ${{ secrets.JIRA_URL }} | |
| ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
| kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
| K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
| K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} |