diff --git a/.envrc b/.envrc
index 6606bfc11..b52eebfa6 100755
--- a/.envrc
+++ b/.envrc
@@ -9,7 +9,7 @@ export CARDANO_CONFIG_DIR="$(pwd)/docker/config"
export KUPO_WORKDIR="$RUN_DIR/kupo-db"
mkdir -p $KUPO_WORKDIR
-source devnet/.envrc
+source envs/devnet/.envrc
if [[ -f "$PWD/.envrc.local" ]]; then
echo using local envrc
diff --git a/.github/actions/artifacts/build-pc-artifacts/action.yml b/.github/actions/artifacts/build-pc-artifacts/action.yml
new file mode 100644
index 000000000..a551c689f
--- /dev/null
+++ b/.github/actions/artifacts/build-pc-artifacts/action.yml
@@ -0,0 +1,106 @@
+name: "Build and Upload PC Artifacts"
+description: "Build and upload partner-chains artifacts for Linux, macOS x86_64, and macOS arm64"
+inputs:
+ sha:
+ description: "partner-chains commit SHA or branch to build from"
+ required: true
+ tag:
+ description: "partner-chains release tag to append to artifact name"
+ required: true
+ os:
+ description: "Operating system for the build (linux, macos-x86_64, macos-arm64)"
+ required: true
+
+runs:
+ using: "composite"
+ steps:
+ - name: Set filename variables
+ shell: bash
+ run: |
+ if [[ "${{ inputs.os }}" == "linux" ]]; then
+ echo "PARTNER_CHAINS_CLI=partner-chains-cli-${{ inputs.tag }}-x86_64-linux" >> $GITHUB_ENV
+ echo "PARTNER_CHAINS_NODE=partner-chains-node-${{ inputs.tag }}-x86_64-linux" >> $GITHUB_ENV
+ elif [[ "${{ inputs.os }}" == "macos-x86_64" ]]; then
+ echo "PARTNER_CHAINS_CLI=partner-chains-cli-${{ inputs.tag }}-x86_64-apple-darwin" >> $GITHUB_ENV
+ echo "PARTNER_CHAINS_NODE=partner-chains-node-${{ inputs.tag }}-x86_64-apple-darwin" >> $GITHUB_ENV
+ elif [[ "${{ inputs.os }}" == "macos-arm64" ]]; then
+ echo "PARTNER_CHAINS_CLI=partner-chains-cli-${{ inputs.tag }}-aarch64-apple-darwin" >> $GITHUB_ENV
+ echo "PARTNER_CHAINS_NODE=partner-chains-node-${{ inputs.tag }}-aarch64-apple-darwin" >> $GITHUB_ENV
+ fi
+
+ - name: Checkout code
+ uses: actions/checkout@v4
+ with:
+ ref: ${{ inputs.sha }}
+
+ - name: Install protoc
+ shell: bash
+ run: |
+ if [[ "${{ inputs.os }}" == "linux" ]]; then
+ sudo apt-get install -y protobuf-compiler
+ elif [[ "${{ inputs.os }}" == "macos-x86_64" ]]; then
+ curl -LO https://github.com/protocolbuffers/protobuf/releases/download/v21.3/protoc-21.3-osx-x86_64.zip
+ unzip protoc-21.3-osx-x86_64.zip -d $HOME/protoc
+ sudo mv $HOME/protoc/bin/protoc /usr/local/bin/protoc
+ elif [[ "${{ inputs.os }}" == "macos-arm64" ]]; then
+ curl -LO https://github.com/protocolbuffers/protobuf/releases/download/v21.3/protoc-21.3-osx-aarch_64.zip
+ unzip protoc-21.3-osx-aarch_64.zip -d $HOME/protoc
+ sudo mv $HOME/protoc/bin/protoc /usr/local/bin/protoc
+ fi
+
+ - name: Build partner-chains-node
+ run: |
+ if [[ "${{ inputs.os }}" == "linux" ]]; then
+ rustup target add x86_64-unknown-linux-gnu
+ cargo build -p partner-chains-node --locked --release --target x86_64-unknown-linux-gnu
+ cp target/x86_64-unknown-linux-gnu/release/partner-chains-node $PARTNER_CHAINS_NODE
+ elif [[ "${{ inputs.os }}" == "macos-x86_64" ]]; then
+ rustup target add x86_64-apple-darwin
+ cargo build -p partner-chains-node --locked --release --target x86_64-apple-darwin
+ cp target/x86_64-apple-darwin/release/partner-chains-node $PARTNER_CHAINS_NODE
+ elif [[ "${{ inputs.os }}" == "macos-arm64" ]]; then
+ rustup target add aarch64-apple-darwin
+ cargo build -p partner-chains-node --locked --release --target aarch64-apple-darwin
+ cp target/aarch64-apple-darwin/release/partner-chains-node $PARTNER_CHAINS_NODE
+ fi
+ shell: bash
+
+ - name: Test partner-chains-node
+ shell: bash
+ run: |
+ if [[ "${{ inputs.os }}" == "linux" ]]; then
+ cargo test --locked --release --target x86_64-unknown-linux-gnu
+ elif [[ "${{ inputs.os }}" == "macos-x86_64" ]]; then
+ cargo test --locked --release --target x86_64-apple-darwin
+ elif [[ "${{ inputs.os }}" == "macos-arm64" ]]; then
+ cargo test --locked --release --target aarch64-apple-darwin
+ fi
+
+ - name: Build partner-chains-cli
+ shell: bash
+ run: |
+ if [[ "${{ inputs.os }}" == "linux" ]]; then
+ rustup target add x86_64-unknown-linux-gnu
+ cargo build -p partner-chains-cli --locked --release --target x86_64-unknown-linux-gnu
+ cp target/x86_64-unknown-linux-gnu/release/partner-chains-cli $PARTNER_CHAINS_CLI
+ elif [[ "${{ inputs.os }}" == "macos-x86_64" ]]; then
+ rustup target add x86_64-apple-darwin
+ cargo build -p partner-chains-cli --locked --release --target x86_64-apple-darwin
+ cp target/x86_64-apple-darwin/release/partner-chains-cli $PARTNER_CHAINS_CLI
+ elif [[ "${{ inputs.os }}" == "macos-arm64" ]]; then
+ rustup target add aarch64-apple-darwin
+ cargo build -p partner-chains-cli --locked --release --target aarch64-apple-darwin
+ cp target/aarch64-apple-darwin/release/partner-chains-cli $PARTNER_CHAINS_CLI
+ fi
+
+ - name: Upload partner-chains-cli artifact
+ uses: actions/upload-artifact@v4
+ with:
+ name: partner-chains-cli-${{ inputs.os }}-artifact
+ path: ${{ env.PARTNER_CHAINS_CLI }}
+
+ - name: Upload partner-chains-node artifact
+ uses: actions/upload-artifact@v4
+ with:
+ name: partner-chains-node-${{ inputs.os }}-artifact
+ path: ${{ env.PARTNER_CHAINS_NODE }}
\ No newline at end of file
diff --git a/.github/actions/artifacts/download-pcsc-artifact/action.yml b/.github/actions/artifacts/download-pcsc-artifact/action.yml
new file mode 100644
index 000000000..64a08264a
--- /dev/null
+++ b/.github/actions/artifacts/download-pcsc-artifact/action.yml
@@ -0,0 +1,55 @@
+name: "Parse Flake and Download PCSC Release"
+description: "Extracts PCSC release info from flake.nix, constructs an artifact name, downloads, and uploads the artifact"
+inputs:
+ sha:
+ description: "SHA or branch to checkout"
+ required: true
+
+runs:
+ using: "composite"
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v4
+ with:
+ ref: ${{ inputs.sha }}
+
+ - name: Extract PCSC Release Info from flake.nix
+ shell: bash
+ id: extract-release
+ run: |
+ echo "Extracting PCSC release version from flake.nix..."
+ release=$(grep -Po 'url = "github:input-output-hk/partner-chains-smart-contracts/v\K[0-9.]+(?=";)' flake.nix)
+ echo "Release version: v$release"
+ echo "::set-output name=release::v$release"
+
+ - name: Construct Artifact Name
+ shell: bash
+ id: construct-artifact
+ run: |
+ version_without_v=${{ steps.extract-release.outputs.release#v }}
+ artifact="trustless-sidechain-cli-${version_without_v}-x86_64-linux.zip"
+ echo "Constructed artifact name: $artifact"
+ echo "::set-output name=artifact::$artifact"
+
+ - name: Download Artifact as zipped.zip
+ shell: bash
+ run: |
+ wget -O zipped.zip "https://github.com/input-output-hk/partner-chains-smart-contracts/releases/download/${{ steps.extract-release.outputs.release }}/${{ steps.construct-artifact.outputs.artifact }}"
+
+ - name: Extract zipped.zip to a temporary directory
+ shell: bash
+ run: |
+ mkdir temp_dir
+ unzip zipped.zip -d temp_dir
+
+ - name: Rename extracted directory to partner-chains-smart-contracts
+ shell: bash
+ run: |
+ original_dir=$(ls temp_dir)
+ mv "temp_dir/$original_dir" partner-chains-smart-contracts
+
+ - name: Upload Extracted Artifact
+ uses: actions/upload-artifact@v4
+ with:
+ name: partner-chains-smart-contracts-artifact
+ path: partner-chains-smart-contracts
\ No newline at end of file
diff --git a/.github/actions/artifacts/generate-chain-specs/action.yml b/.github/actions/artifacts/generate-chain-specs/action.yml
new file mode 100644
index 000000000..53d6e6263
--- /dev/null
+++ b/.github/actions/artifacts/generate-chain-specs/action.yml
@@ -0,0 +1,35 @@
+name: "Generate Chain Specs from Node Binary"
+description: "Downloads the partner-chains node binary, generates chain specs for different environments, and uploads them."
+inputs:
+ sha:
+ description: "Commit SHA to append to chain spec secret name"
+ required: true
+
+runs:
+ using: "composite"
+ steps:
+ - name: Download Linux partner-chains-node artifact
+ uses: actions/download-artifact@v4
+ with:
+ name: partner-chains-node-x86_64-linux-artifact-artifact
+ path: ./
+
+ - name: Generate Chain Specs
+ shell: bash
+ run: |
+ chmod +x ./partner-chains-node
+ source ./envs/devnet/.envrc
+ ./partner-chains-node build-spec --chain local --disable-default-bootnode --raw > devnet_chain_spec.json
+ source ./envs/staging-preview/.envrc
+ ./partner-chains-node build-spec --chain staging --disable-default-bootnode --raw > staging_preview_chain_spec.json
+ source ./envs/staging-preprod/.envrc
+ ./partner-chains-node build-spec --chain staging --disable-default-bootnode --raw > staging_preprod_chain_spec.json
+
+ - name: Upload Chain Specs
+ uses: actions/upload-artifact@v4
+ with:
+ name: chain-specs
+ path: |
+ devnet_chain_spec.json
+ staging_preview_chain_spec.json
+ staging_preprod_chain_spec.json
\ No newline at end of file
diff --git a/.github/actions/deploy/argocd/deploy-argocd/action.yml b/.github/actions/deploy/argocd/deploy-argocd/action.yml
new file mode 100644
index 000000000..f2b58efde
--- /dev/null
+++ b/.github/actions/deploy/argocd/deploy-argocd/action.yml
@@ -0,0 +1,26 @@
+name: "Deploy ArgoCD Node"
+description: "Deploys an ArgoCD node using a specified commit SHA."
+inputs:
+ sha:
+ description: "Commit SHA"
+ required: true
+
+outputs: {}
+
+runs:
+ using: "composite"
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v4
+
+ - name: Create and Push Manifest
+ env:
+ GH_TOKEN: ${{ env.ACTIONS_PAT }}
+ run: |
+ cd .github/actions/deploy/argocd/
+ bash generate-manifest.sh ${{ inputs.sha }}
+ shell: bash
+
+ - name: Wait for 8.5 minutes (ArgoCD refresh interval is 15s + 15s to build + 60s for node to start producing blocks)
+ run: sleep 90
+ shell: bash
\ No newline at end of file
diff --git a/.github/workflows/argocd/generate-manifest.sh b/.github/actions/deploy/argocd/generate-manifest.sh
similarity index 97%
rename from .github/workflows/argocd/generate-manifest.sh
rename to .github/actions/deploy/argocd/generate-manifest.sh
index dc8c06899..32bede618 100755
--- a/.github/workflows/argocd/generate-manifest.sh
+++ b/.github/actions/deploy/argocd/generate-manifest.sh
@@ -30,4 +30,4 @@ gh api "$ARGOCD_REPO_API_ENDPOINT" \
--method PUT \
--field message="$MESSAGE" \
--field content="$CONTENT" \
- --field branch="$BRANCH_NAME"
+ --field branch="$BRANCH_NAME"
\ No newline at end of file
diff --git a/.github/workflows/argocd/manifest.yaml b/.github/actions/deploy/argocd/manifest.yaml
similarity index 100%
rename from .github/workflows/argocd/manifest.yaml
rename to .github/actions/deploy/argocd/manifest.yaml
diff --git a/.github/actions/deploy/argocd/teardown-argocd/action.yml b/.github/actions/deploy/argocd/teardown-argocd/action.yml
new file mode 100644
index 000000000..5a6bbc970
--- /dev/null
+++ b/.github/actions/deploy/argocd/teardown-argocd/action.yml
@@ -0,0 +1,52 @@
+name: "Teardown ArgoCD Environment"
+description: "Tears down an ArgoCD environment by removing an ephemeral environment file."
+inputs:
+ sha:
+ description: "SHA of the commit"
+ required: true
+
+outputs: {}
+
+runs:
+ using: "composite"
+ steps:
+ - name: Checkout ArgoCD Repository
+ uses: actions/checkout@v4
+ with:
+ repository: input-output-hk/sidechains-argocd
+ token: ${{ env.ACTIONS_PAT }}
+ path: sidechains-argocd
+
+ - name: Delete Ephemeral Environment File
+ uses: actions/github-script@v7
+ with:
+ github-token: ${{ env.ACTIONS_PAT }}
+ script: |
+ const fs = require('fs');
+ const path = require('path');
+
+ const directory = 'sidechains-argocd/integration-testing';
+ const targetFile = `manifest-sha-${{ inputs.sha }}.yaml`;
+ const filePath = path.join(directory, targetFile);
+
+ if (fs.existsSync(filePath)) {
+ console.log(`Deleting file: ${targetFile}`);
+
+ const shaResponse = await github.rest.repos.getContent({
+ owner: 'input-output-hk',
+ repo: 'sidechains-argocd',
+ path: `integration-testing/${targetFile}`,
+ });
+ const fileSha = shaResponse.data.sha;
+
+ await github.rest.repos.deleteFile({
+ owner: 'input-output-hk',
+ repo: 'sidechains-argocd',
+ path: `integration-testing/${targetFile}`,
+ message: `ci: Tear down integration-testing environment for SHA ${{ inputs.sha }}`,
+ sha: fileSha,
+ branch: 'main'
+ });
+ } else {
+ console.log(`File not found: ${targetFile}`);
+ }
diff --git a/.github/actions/deploy/deploy-rustdoc/action.yml b/.github/actions/deploy/deploy-rustdoc/action.yml
new file mode 100644
index 000000000..2cdb1f926
--- /dev/null
+++ b/.github/actions/deploy/deploy-rustdoc/action.yml
@@ -0,0 +1,51 @@
+name: "Deploy Rust Docs"
+description: "Installs necessary tooling, generates Rust documentation, and deploys it to GitHub Pages."
+inputs:
+ ssh_key:
+ description: "SSH key to read Substrate Repo"
+ required: true
+
+outputs: {}
+
+runs:
+ using: "composite"
+ steps:
+ - name: Install tooling
+ run: |
+ sudo apt-get update
+ sudo apt-get install -y protobuf-compiler
+ protoc --version
+ shell: bash
+
+ - name: Checkout repository
+ uses: actions/checkout@v4
+
+ - name: Add SSH key to read Substrate Repo
+ run: |
+ mkdir -p ~/.ssh
+ ssh-keyscan github.com >> ~/.ssh/known_hosts
+ ssh-agent -a /tmp/ssh_agent.sock > /dev/null
+ ssh-add - <<< "${{ inputs.ssh_key }}"
+ shell: bash
+
+ - name: Rust versions
+ run: rustup show
+ shell: bash
+
+ - name: Rust cache
+ uses: Swatinem/rust-cache@v2.6.2
+
+ - name: Build rustdocs
+ run: SKIP_WASM_BUILD=1 cargo doc --all --no-deps
+ shell: bash
+
+ - name: Make index.html
+ run: echo "" > ./target/doc/index.html
+ shell: bash
+
+ - name: Deploy documentation
+ if: ${{ github.ref_name == 'master' }}
+ uses: peaceiris/actions-gh-pages@v3.9.3
+ with:
+ publish_branch: gh-pages
+ publish_dir: ./target/doc
\ No newline at end of file
diff --git a/.github/actions/deploy/deploy-staging-preprod/action.yml b/.github/actions/deploy/deploy-staging-preprod/action.yml
new file mode 100644
index 000000000..a166925db
--- /dev/null
+++ b/.github/actions/deploy/deploy-staging-preprod/action.yml
@@ -0,0 +1,110 @@
+name: "Deploy staging-preprod"
+description: "Deploys the staging-preprod environment with chain-spec and image override using Kubernetes and Helm."
+inputs:
+ image:
+ description: "Node Image"
+ required: true
+ chain-spec-secret:
+ description: "Chain Spec Secret Name"
+ required: true
+
+outputs: {}
+
+runs:
+ using: "composite"
+ steps:
+ - name: Checkout sidechains-infra-priv repo
+ uses: actions/checkout@v4
+ with:
+ repository: input-output-hk/sidechains-infra-priv
+ token: ${{ env.ACTIONS_PAT }}
+ path: sidechains-infra-priv
+
+ - name: Acquire AWS credentials
+ uses: aws-actions/configure-aws-credentials@v4
+ with:
+ role-to-assume: ${{ env.AWS_ROLE_ARN_SECRET }}
+ aws-region: eu-central-1
+
+ - name: Login to ECR
+ uses: docker/login-action@v3
+ with:
+ registry: ${{ env.ECR_REGISTRY_SECRET }}
+
+ - name: Install kubectl, kubernetes-helm, and awscli
+ run: |
+ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+ chmod +x ./kubectl
+ sudo mv ./kubectl /usr/local/bin/kubectl
+ curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null
+ sudo apt-get install apt-transport-https --yes
+ echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
+ sudo apt-get update
+ sudo apt-get install helm
+ shell: bash
+
+ - name: Configure kubectl
+ run: |
+ echo "${{ env.kubeconfig_base64 }}" | base64 --decode > ${{ runner.temp }}/kubeconfig.yaml
+ kubectl config set-cluster my-cluster --server=${{ env.K8S_SERVER }} --insecure-skip-tls-verify=true
+ kubectl config set-credentials github-actions --token=${{ env.K8S_SA_TOKEN }}
+ kubectl config set-context my-context --cluster=my-cluster --user=github-actions --namespace=default
+ kubectl config use-context my-context
+ shell: bash
+
+ - name: Delete pods
+ continue-on-error: true
+ run: |
+ kubectl delete pod staging-preprod-validator-1 -n staging-preprod || true
+ kubectl delete pod staging-preprod-validator-2 -n staging-preprod || true
+ kubectl delete pod staging-preprod-validator-3 -n staging-preprod || true
+ kubectl delete pod staging-preprod-validator-4 -n staging-preprod || true
+ echo "Waiting for pods to delete..."
+ kubectl wait --for=delete pod/staging-preprod-validator-1 pod/staging-preprod-validator-2 pod/staging-preprod-validator-3 pod/staging-preprod-validator-4 -n staging-preprod --timeout=120s || true
+ shell: bash
+
+ - name: Delete substrate PVCs
+ continue-on-error: true
+ run: |
+ kubectl delete pvc staging-preprod-validator-1-claim-substrate-node-data -n staging-preprod
+ kubectl delete pvc staging-preprod-validator-2-claim-substrate-node-data -n staging-preprod
+ kubectl delete pvc staging-preprod-validator-3-claim-substrate-node-data -n staging-preprod
+ kubectl delete pvc staging-preprod-validator-4-claim-substrate-node-data -n staging-preprod
+ echo "Waiting for PVCs to delete..."
+ kubectl wait --for=delete pvc/staging-preprod-validator-1-claim-substrate-node-data pvc/staging-preprod-validator-2-claim-substrate-node-data pvc/staging-preprod-validator-3-claim-substrate-node-data pvc/staging-preprod-validator-4-claim-substrate-node-data -n staging-preprod --timeout=120s
+ shell: bash
+
+ - name: Deploy with chain-spec and image override
+ run: |
+ cd sidechains-infra-priv/src/kube/substrate-poc/environments/helm/substrate-node-stack-chart/
+ helm upgrade --install staging-preprod-validator-1 . -f values/chains/staging-preprod.yaml -f values/nodes/staging-preprod/validator/staging-preprod-validator-1 --set images.substrateNode="${{ inputs.image }}" --set chain.chainspec_secretName="${{ inputs.chain-spec-secret }}"
+ helm upgrade --install staging-preprod-validator-2 . -f values/chains/staging-preprod.yaml -f values/nodes/staging-preprod/validator/staging-preprod-validator-2 --set images.substrateNode="${{ inputs.image }}" --set chain.chainspec_secretName="${{ inputs.chain-spec-secret }}"
+ helm upgrade --install staging-preprod-validator-3 . -f values/chains/staging-preprod.yaml -f values/nodes/staging-preprod/validator/staging-preprod-validator-3 --set images.substrateNode="${{ inputs.image }}" --set chain.chainspec_secretName="${{ inputs.chain-spec-secret }}"
+ helm upgrade --install staging-preprod-validator-4 . -f values/chains/staging-preprod.yaml -f values/nodes/staging-preprod/validator/staging-preprod-validator-4 --set images.substrateNode="${{ inputs.image }}" --set chain.chainspec_secretName="${{ inputs.chain-spec-secret }}"
+ shell: bash
+
+ - name: Wait
+ run: |
+ echo "Waiting for staging-preprod-validator-1..."
+ kubectl wait --for=condition=ready pod staging-preprod-validator-1 -n staging-preprod --timeout=300s
+ echo "Waiting for staging-preprod-validator-2..."
+ kubectl wait --for=condition=ready pod staging-preprod-validator-2 -n staging-preprod --timeout=300s
+ echo "Waiting for staging-preprod-validator-3..."
+ kubectl wait --for=condition=ready pod staging-preprod-validator-3 -n staging-preprod --timeout=300s
+ echo "Waiting for staging-preprod-validator-4..."
+ kubectl wait --for=condition=ready pod staging-preprod-validator-4 -n staging-preprod --timeout=300s
+ shell: bash
+
+ - name: Validate
+ run: |
+ echo "Checking staging-preprod-validator-1..."
+ kubectl get pod staging-preprod-validator-1 -n staging-preprod -o jsonpath="{.status.containerStatuses[*].ready}"
+ echo "Checking staging-preprod-validator-2..."
+ kubectl get pod staging-preprod-validator-2 -n staging-preprod -o jsonpath="{.status.containerStatuses[*].ready}"
+ echo "Checking staging-preprod-validator-3..."
+ kubectl get pod staging-preprod-validator-3 -n staging-preprod -o jsonpath="{.status.containerStatuses[*].ready}"
+ echo "Checking staging-preprod-validator-4..."
+ kubectl get pod staging-preprod-validator-4 -n staging-preprod -o jsonpath="{.status.containerStatuses[*].ready}"
+ kubectl get pods -n sc -o custom-columns='NAME:.metadata.name,READY:.status.containerStatuses[*].ready' | grep -E '^(staging-preprod-validator-1|staging-preprod-validator-2|staging-preprod-validator-3|staging-preprod-validator-4)' | awk '{if ($2 != "true,true,true,true") exit 1}'
+ echo "All pods are 4/4 up and ready"
+ shell: bash
\ No newline at end of file
diff --git "a/.github/actions/deploy/deploy-staging-preview\302\264/action.yml" "b/.github/actions/deploy/deploy-staging-preview\302\264/action.yml"
new file mode 100644
index 000000000..113c68281
--- /dev/null
+++ "b/.github/actions/deploy/deploy-staging-preview\302\264/action.yml"
@@ -0,0 +1,110 @@
+name: "Deploy staging-preview"
+description: "Deploys the staging-preview environment with chain-spec and image override using Kubernetes and Helm."
+inputs:
+ image:
+ description: "Node Image"
+ required: true
+ chain-spec-secret:
+ description: "Chain Spec Secret Name"
+ required: true
+
+outputs: {}
+
+runs:
+ using: "composite"
+ steps:
+ - name: Checkout sidechains-infra-priv repo
+ uses: actions/checkout@v4
+ with:
+ repository: input-output-hk/sidechains-infra-priv
+ token: ${{ env.ACTIONS_PAT }}
+ path: sidechains-infra-priv
+
+ - name: Acquire AWS credentials
+ uses: aws-actions/configure-aws-credentials@v4
+ with:
+ role-to-assume: ${{ env.AWS_ROLE_ARN_SECRET }}
+ aws-region: eu-central-1
+
+ - name: Login to ECR
+ uses: docker/login-action@v3
+ with:
+ registry: ${{ env.ECR_REGISTRY_SECRET }}
+
+ - name: Install kubectl, kubernetes-helm, and awscli
+ run: |
+ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+ chmod +x ./kubectl
+ sudo mv ./kubectl /usr/local/bin/kubectl
+ curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null
+ sudo apt-get install apt-transport-https --yes
+ echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
+ sudo apt-get update
+ sudo apt-get install helm
+ shell: bash
+
+ - name: Configure kubectl
+ run: |
+ echo "${{ env.kubeconfig_base64 }}" | base64 --decode > ${{ runner.temp }}/kubeconfig.yaml
+ kubectl config set-cluster my-cluster --server=${{ env.K8S_SERVER }} --insecure-skip-tls-verify=true
+ kubectl config set-credentials github-actions --token=${{ env.K8S_SA_TOKEN }}
+ kubectl config set-context my-context --cluster=my-cluster --user=github-actions --namespace=default
+ kubectl config use-context my-context
+ shell: bash
+
+ - name: Delete pods
+ continue-on-error: true
+ run: |
+ kubectl delete pod staging-preview-validator-1 -n staging-preview || true
+ kubectl delete pod staging-preview-validator-2 -n staging-preview || true
+ kubectl delete pod staging-preview-validator-3 -n staging-preview || true
+ kubectl delete pod staging-preview-validator-4 -n staging-preview || true
+ echo "Waiting for pods to delete..."
+ kubectl wait --for=delete pod/staging-preview-validator-1 pod/staging-preview-validator-2 pod/staging-preview-validator-3 pod/staging-preview-validator-4 -n staging-preview --timeout=120s || true
+ shell: bash
+
+ - name: Delete substrate PVCs
+ continue-on-error: true
+ run: |
+ kubectl delete pvc staging-preview-validator-1-claim-substrate-node-data -n staging-preview
+ kubectl delete pvc staging-preview-validator-2-claim-substrate-node-data -n staging-preview
+ kubectl delete pvc staging-preview-validator-3-claim-substrate-node-data -n staging-preview
+ kubectl delete pvc staging-preview-validator-4-claim-substrate-node-data -n staging-preview
+ echo "Waiting for PVCs to delete..."
+ kubectl wait --for=delete pvc/staging-preview-validator-1-claim-substrate-node-data pvc/staging-preview-validator-2-claim-substrate-node-data pvc/staging-preview-validator-3-claim-substrate-node-data pvc/staging-preview-validator-4-claim-substrate-node-data -n staging-preview --timeout=120s
+ shell: bash
+
+ - name: Deploy with chain-spec and image override
+ run: |
+ cd sidechains-infra-priv/src/kube/substrate-poc/environments/helm/substrate-node-stack-chart/
+ helm upgrade --install staging-preview-validator-1 . -f values/chains/staging-preview.yaml -f values/nodes/staging-preview/validator/staging-preview-validator-1 --set images.substrateNode="${{ inputs.image }}" --set chain.chainspec_secretName="${{ inputs.chain-spec-secret }}"
+ helm upgrade --install staging-preview-validator-2 . -f values/chains/staging-preview.yaml -f values/nodes/staging-preview/validator/staging-preview-validator-2 --set images.substrateNode="${{ inputs.image }}" --set chain.chainspec_secretName="${{ inputs.chain-spec-secret }}"
+ helm upgrade --install staging-preview-validator-3 . -f values/chains/staging-preview.yaml -f values/nodes/staging-preview/validator/staging-preview-validator-3 --set images.substrateNode="${{ inputs.image }}" --set chain.chainspec_secretName="${{ inputs.chain-spec-secret }}"
+ helm upgrade --install staging-preview-validator-4 . -f values/chains/staging-preview.yaml -f values/nodes/staging-preview/validator/staging-preview-validator-4 --set images.substrateNode="${{ inputs.image }}" --set chain.chainspec_secretName="${{ inputs.chain-spec-secret }}"
+ shell: bash
+
+ - name: Wait
+ run: |
+ echo "Waiting for staging-preview-validator-1..."
+ kubectl wait --for=condition=ready pod staging-preview-validator-1 -n staging-preview --timeout=300s
+ echo "Waiting for staging-preview-validator-2..."
+ kubectl wait --for=condition=ready pod staging-preview-validator-2 -n staging-preview --timeout=300s
+ echo "Waiting for staging-preview-validator-3..."
+ kubectl wait --for=condition=ready pod staging-preview-validator-3 -n staging-preview --timeout=300s
+ echo "Waiting for staging-preview-validator-4..."
+ kubectl wait --for=condition=ready pod staging-preview-validator-4 -n staging-preview --timeout=300s
+ shell: bash
+
+ - name: Validate
+ run: |
+ echo "Checking staging-preview-validator-1..."
+ kubectl get pod staging-preview-validator-1 -n staging-preview -o jsonpath="{.status.containerStatuses[*].ready}"
+ echo "Checking staging-preview-validator-2..."
+ kubectl get pod staging-preview-validator-2 -n staging-preview -o jsonpath="{.status.containerStatuses[*].ready}"
+ echo "Checking staging-preview-validator-3..."
+ kubectl get pod staging-preview-validator-3 -n staging-preview -o jsonpath="{.status.containerStatuses[*].ready}"
+ echo "Checking staging-preview-validator-4..."
+ kubectl get pod staging-preview-validator-4 -n staging-preview -o jsonpath="{.status.containerStatuses[*].ready}"
+ kubectl get pods -n sc -o custom-columns='NAME:.metadata.name,READY:.status.containerStatuses[*].ready' | grep -E '^(staging-preview-validator-1|staging-preview-validator-2|staging-preview-validator-3|staging-preview-validator-4)' | awk '{if ($2 != "true,true,true,true") exit 1}'
+ echo "All pods are 4/4 up and ready"
+ shell: bash
\ No newline at end of file
diff --git a/.github/actions/deploy/upload-chain-specs/action.yml b/.github/actions/deploy/upload-chain-specs/action.yml
new file mode 100644
index 000000000..87409d2ad
--- /dev/null
+++ b/.github/actions/deploy/upload-chain-specs/action.yml
@@ -0,0 +1,64 @@
+name: "Upload Chain Spec Artifacts to Kubernetes"
+description: "Uploads chain spec artifacts to Kubernetes secrets for devnet, staging-preview, and staging-preprod environments."
+inputs:
+ sha:
+ description: "Commit SHA to append to chain spec secret name"
+ required: true
+
+outputs: {}
+
+runs:
+ using: "composite"
+ steps:
+ - name: Install kubectl and awscli
+ run: |
+ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+ chmod +x ./kubectl
+ sudo mv ./kubectl /usr/local/bin/kubectl
+ sudo apt update && sudo apt install -y awscli
+ shell: bash
+
+ - name: Configure kubectl
+ env:
+ KUBECONFIG_BASE64: ${{ env.kubeconfig_base64 }}
+ K8S_SERVER: ${{ env.K8S_SERVER }}
+ K8S_SA_TOKEN: ${{ env.K8S_SA_TOKEN }}
+ run: |
+ echo "${KUBECONFIG_BASE64}" | base64 --decode > ${{ runner.temp }}/kubeconfig.yaml
+ kubectl config set-cluster my-cluster --server=${K8S_SERVER} --insecure-skip-tls-verify=true
+ kubectl config set-credentials github-actions --token=${K8S_SA_TOKEN}
+ kubectl config set-context my-context --cluster=my-cluster --user=github-actions --namespace=default
+ kubectl config use-context my-context
+ shell: bash
+
+ - name: Download chain spec artifacts
+ uses: actions/download-artifact@v4
+ with:
+ name: chain-specs
+
+ - name: Update Kubernetes secret for devnet chain spec
+ run: |
+ SECRET_NAME="devnet-chain-spec-${{ inputs.sha }}"
+ kubectl delete secret "$SECRET_NAME" --namespace=sc --ignore-not-found
+ kubectl create secret generic "$SECRET_NAME" \
+ --from-file=devnet_chain_spec.json=./devnet_chain_spec.json \
+ --namespace=sc
+ shell: bash
+
+ - name: Update Kubernetes secret for staging-preview chain spec
+ run: |
+ SECRET_NAME="staging-preview-chain-spec-${{ inputs.sha }}"
+ kubectl delete secret "$SECRET_NAME" --namespace=staging-preview --ignore-not-found
+ kubectl create secret generic "$SECRET_NAME" \
+ --from-file=staging_preview_chain_spec.json=./staging_preview_chain_spec.json \
+ --namespace=staging-preview
+ shell: bash
+
+ - name: Update Kubernetes secret for staging-preprod chain spec
+ run: |
+ SECRET_NAME="staging-preprod-chain-spec-${{ inputs.sha }}"
+ kubectl delete secret "$SECRET_NAME" --namespace=staging-preprod --ignore-not-found
+ kubectl create secret generic "$SECRET_NAME" \
+ --from-file=staging_preprod_chain_spec.json=./staging_preprod_chain_spec.json \
+ --namespace=staging-preprod
+ shell: bash
\ No newline at end of file
diff --git a/.github/actions/images/build-and-publish-ecr/action.yml b/.github/actions/images/build-and-publish-ecr/action.yml
new file mode 100644
index 000000000..4de24bc3b
--- /dev/null
+++ b/.github/actions/images/build-and-publish-ecr/action.yml
@@ -0,0 +1,56 @@
+name: "Build and Publish to ECR"
+description: "Builds the partner-chains-node Docker image and pushes it to ECR."
+inputs:
+ sha:
+ description: "Commit SHA"
+ required: true
+ tag:
+ description: "Release Tag"
+ required: true
+
+outputs: {}
+
+runs:
+ using: "composite"
+ steps:
+ - name: Download partner-chains-node-x86_64-linux-artifact
+ uses: actions/download-artifact@v4
+ with:
+ name: partner-chains-node-x86_64-linux-artifact
+
+ - name: Create and Configure Docker Container
+ id: create-container
+ run: |
+ container_id=$(docker run -d debian:bullseye-slim sleep infinity)
+ echo "container_id=$container_id" >> $GITHUB_ENV
+ docker exec $container_id useradd -m -u 1000 -U -s /bin/sh -d /substrate substrate
+ docker exec $container_id mkdir -p /data /substrate/.local/share/partner-chains-node
+ docker exec $container_id chown -R substrate:substrate /data /substrate
+ docker exec $container_id rm -rf /usr/bin/apt* /usr/bin/dpkg*
+ docker exec $container_id ln -s /data /substrate/.local/share/partner-chains-node
+ docker cp ./partner-chains-node-${{ inputs.tag }}-x86_64-linux $container_id:/usr/local/bin/partner-chains-node
+ docker commit --change='EXPOSE 30333 9615 9933 9944' --change='ENTRYPOINT ["/usr/local/bin/partner-chains-node"]' $container_id substrate-node:${{ inputs.sha }}
+ shell: bash
+
+ - name: Cleanup Docker Container
+ if: always()
+ run: |
+ docker rm -f ${{ env.container_id }}
+ shell: bash
+
+ - name: Acquire AWS credentials
+ uses: aws-actions/configure-aws-credentials@v4
+ with:
+ role-to-assume: ${{ env.AWS_ROLE_ARN_SECRET }}
+ aws-region: ${{ env.AWS_REGION }}
+
+ - name: Login to ECR
+ uses: docker/login-action@v3
+ with:
+ registry: ${{ env.ECR_REGISTRY_SECRET }}
+
+ - name: Push to ECR
+ run: |
+ docker tag substrate-node:${{ inputs.sha }} ${{ env.ECR_REGISTRY_SECRET }}/substrate-node:${{ inputs.sha }}
+ docker push ${{ env.ECR_REGISTRY_SECRET }}/substrate-node:${{ inputs.sha }}
+ shell: bash
\ No newline at end of file
diff --git a/.github/actions/images/build-and-publish-ghcr/action.yml b/.github/actions/images/build-and-publish-ghcr/action.yml
new file mode 100644
index 000000000..c6a1ee2c0
--- /dev/null
+++ b/.github/actions/images/build-and-publish-ghcr/action.yml
@@ -0,0 +1,135 @@
+name: "Build and Publish to GHCR"
+description: "Builds the Docker image using Earthly and pushes it to GHCR."
+inputs:
+ sha:
+ description: "Commit SHA to build from"
+ required: true
+ tag:
+ description: "Tag for GHCR image"
+ required: true
+ ssh_key_earthly:
+ description: "SSH key for Earthly"
+ required: true
+ config_tar:
+ description: "Tarball containing earthly certs and configuration"
+ required: true
+
+outputs: {}
+
+runs:
+ using: "composite"
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ with:
+ ref: ${{ inputs.sha }}
+
+ - name: Setup earthly
+ uses: earthly/actions-setup@v1
+ with:
+ github-token: ${{ github.token }}
+ use-cache: false
+ version: ^0.8.0
+
+ - name: Configure Secrets
+ shell: bash
+ env:
+ EARTHLY_TAR: ${{ inputs.config_tar }}
+ run: |
+ if [[ "${{ inputs.config_tar }}" != "" ]]; then
+ mkdir -p ~/.earthly
+ printf "%s" "$EARTHLY_TAR" | base64 -d | tar -C ~/.earthly --zstd -x
+ fi
+ if [[ "${{ inputs.ssh_key_earthly }}" != "" ]]; then
+ mkdir -p ~/.ssh
+ ssh-keyscan github.com >> ~/.ssh/known_hosts
+ ssh-agent -a "$SSH_AUTH_SOCK" > /dev/null || true
+ ssh-add - <<< "${{ inputs.ssh_key_earthly }}"
+ fi
+
+ - name: Build and Benchmark
+ env:
+ EARTHLY_CI: true
+ run: |
+ export EARTHLY_OUTPUT=true
+ earthly -P +build --PROFILE=production --FEATURES=runtime-benchmarks
+ shell: bash
+
+ - name: Generate and Extract Weights
+ continue-on-error: true
+ run: |
+ repository_name="${GITHUB_REPOSITORY##*/}"
+ ls -la /home/runner/work/${repository_name}/${repository_name}
+ docker pull ubuntu:22.04
+ mkdir -p weights
+ docker run -d --name weight_generation \
+ --memory=4096m \
+ --cpus=1 \
+ -v /home/runner/work/${repository_name}/${repository_name}:/workspace \
+ ubuntu:22.04 \
+ /bin/bash -c "sleep infinity"
+ docker exec weight_generation bash -c "\
+ apt-get update && \
+ apt-get install -y jq curl build-essential && \
+ ls -la /workspace && \
+ mkdir -p /workspace/target/production && \
+ cp /workspace/sidechains-substrate-node /workspace/target/production/sidechains-substrate-node && \
+ ls -la /workspace/target/production && \
+ cd /workspace && \
+ chmod +x scripts/run_all_pallet_overhead_and_machine_benchmarks.sh && \
+ chmod +x scripts/run_storage_benchmarks.sh && \
+ source .envrc || true && \
+ ./scripts/run_all_pallet_overhead_and_machine_benchmarks.sh -b && \
+ ./scripts/run_storage_benchmarks.sh -b || true"
+ weight_files=$(docker exec weight_generation find /workspace/runtime/src/weights -name '*.rs')
+ echo "$weight_files" | while read weight_file; do
+ weight_file_name=$(basename "$weight_file")
+ docker cp "weight_generation:$weight_file" "weights/${weight_file_name}"
+ done
+ docker stop weight_generation
+ docker rm weight_generation
+ shell: bash
+
+ - name: Overwrite Weights in Runtime Directory
+ continue-on-error: true
+ run: |
+ sudo chmod -R a+rwx ./runtime/src/weights
+ for weight_file in weights/*.rs
+ do
+ cp "$weight_file" "./runtime/src/weights/$(basename "$weight_file")"
+ done
+ shell: bash
+
+ - name: Main Build
+ env:
+ EARTHLY_CI: true
+ EARTHLY_PUSH: false
+ EARTHLY_OUTPUT: true
+ run: earthly -P +docker --image="ghcr-image" --tags="latest" --PROFILE=production
+ shell: bash
+
+ - name: Login to GitHub Container Registry
+ uses: docker/login-action@v3
+ with:
+ registry: ghcr.io
+ username: ${{ github.actor }}
+ password: ${{ secrets.GITHUB_TOKEN }}
+ env:
+ SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+ FORCE_COLOR: 1
+
+ - name: Tag and Push Image to GHCR
+ run: |
+ repository_name="${GITHUB_REPOSITORY##*/}"
+ target_image="ghcr.io/${{ github.repository }}/$repository_name-node"
+ commit_sha="${{ inputs.sha }}"
+ custom_tag="${{ inputs.tag }}"
+
+ docker tag ghcr-image:latest $target_image:latest
+ docker tag ghcr-image:latest $target_image:$commit_sha
+ docker tag ghcr-image:latest $target_image:$custom_tag
+
+ docker push $target_image:latest
+ docker push $target_image:$commit_sha
+ docker push $target_image:$custom_tag
+ shell: bash
\ No newline at end of file
diff --git a/.github/actions/release/create-draft-release/action.yml b/.github/actions/release/create-draft-release/action.yml
new file mode 100644
index 000000000..0f7f0b082
--- /dev/null
+++ b/.github/actions/release/create-draft-release/action.yml
@@ -0,0 +1,110 @@
+name: "Create Draft Release"
+description: "Creates a draft release and uploads partner-chains artifacts to GitHub."
+inputs:
+ tag:
+ description: "Tag for the release"
+ required: true
+
+outputs: {}
+
+runs:
+ using: "composite"
+ steps:
+ - name: Set filename variables
+ id: set-filenames
+ run: |
+ echo "PARTNER_CHAINS_CLI_X86_64_LINUX=partner-chains-cli-${{ inputs.tag }}-x86_64-linux" >> $GITHUB_ENV
+ echo "PARTNER_CHAINS_NODE_X86_64_LINUX=partner-chains-node-${{ inputs.tag }}-x86_64-linux" >> $GITHUB_ENV
+ echo "PARTNER_CHAINS_CLI_X86_64_APPLE_DARWIN=partner-chains-cli-${{ inputs.tag }}-x86_64-apple-darwin" >> $GITHUB_ENV
+ echo "PARTNER_CHAINS_NODE_X86_64_APPLE_DARWIN=partner-chains-node-${{ inputs.tag }}-x86_64-apple-darwin" >> $GITHUB_ENV
+ echo "PARTNER_CHAINS_CLI_AARCH64_APPLE_DARWIN=partner-chains-cli-${{ inputs.tag }}-aarch64-apple-darwin" >> $GITHUB_ENV
+ echo "PARTNER_CHAINS_NODE_AARCH64_APPLE_DARWIN=partner-chains-node-${{ inputs.tag }}-aarch64-apple-darwin" >> $GITHUB_ENV
+ shell: bash
+
+ - name: Download Linux CLI artifact
+ uses: actions/download-artifact@v4
+ with:
+ name: ${{ env.PARTNER_CHAINS_CLI_X86_64_LINUX }}
+ path: artifact-linux/
+
+ - name: Download Linux NODE artifact
+ uses: actions/download-artifact@v4
+ with:
+ name: ${{ env.PARTNER_CHAINS_NODE_X86_64_LINUX }}
+ path: artifact-linux/
+
+ - name: Download macOS x86_64 CLI artifact
+ uses: actions/download-artifact@v4
+ with:
+ name: ${{ env.PARTNER_CHAINS_CLI_X86_64_APPLE_DARWIN }}
+ path: artifact-macos-x86_64/
+
+ - name: Download macOS x86_64 NODE artifact
+ uses: actions/download-artifact@v4
+ with:
+ name: ${{ env.PARTNER_CHAINS_NODE_X86_64_APPLE_DARWIN }}
+ path: artifact-macos-x86_64/
+
+ - name: Download macOS ARM64 CLI artifact
+ uses: actions/download-artifact@v4
+ with:
+ name: ${{ env.PARTNER_CHAINS_CLI_AARCH64_APPLE_DARWIN }}
+ path: artifact-macos-arm64/
+
+ - name: Download macOS ARM64 NODE artifact
+ uses: actions/download-artifact@v4
+ with:
+ name: ${{ env.PARTNER_CHAINS_NODE_AARCH64_APPLE_DARWIN }}
+ path: artifact-macos-arm64/
+
+ - name: Check if release already exists
+ id: check_release
+ run: |
+ tag="${{ inputs.tag }}"
+ release_response=$(curl -s -H "Authorization: token ${{ env.GITHUB_TOKEN }}" \
+ "https://api.github.com/repos/${{ github.repository }}/releases/tags/$tag")
+ if echo "$release_response" | grep -q '"message": "Not Found"'; then
+ echo "release_exists=false" >> $GITHUB_ENV
+ echo "::set-output name=release_exists::false"
+ else
+ echo "release_exists=true" >> $GITHUB_ENV
+ echo "::set-output name=release_exists::true"
+ echo "release_id=$(echo $release_response | jq -r .id)" >> $GITHUB_ENV
+ echo "::set-output name=release_id::$(echo $release_response | jq -r .id)"
+ fi
+ shell: bash
+
+ - name: Create draft release
+ id: create_release
+ if: ${{ steps.check_release.outputs.release_exists == 'false' }}
+ run: |
+ tag="${{ inputs.tag }}"
+ release_response=$(curl -s -X POST -H "Authorization: token ${{ env.GITHUB_TOKEN }}" \
+ -d '{"tag_name": "'$tag'", "name": "'$tag'", "body": "Draft release for '$tag'", "draft": true}' \
+ "https://api.github.com/repos/${{ github.repository }}/releases")
+ echo "release_id=$(echo $release_response | jq -r .id)" >> $GITHUB_ENV
+ echo "::set-output name=release_id::$(echo $release_response | jq -r .id)"
+ shell: bash
+
+ - name: Upload artifacts to release
+ if: ${{ steps.check_release.outputs.release_exists == 'true' || steps.create_release.outputs.release_id != '' }}
+ run: |
+ release_id="${{ steps.create_release.outputs.release_id }}"
+ if [ -z "$release_id" ]; then
+ release_id="${{ steps.check_release.outputs.release_id }}"
+ fi
+
+ for artifact in "artifact-linux/${{ env.PARTNER_CHAINS_CLI_X86_64_LINUX }}" \
+ "artifact-linux/${{ env.PARTNER_CHAINS_NODE_X86_64_LINUX }}" \
+ "artifact-macos-x86_64/${{ env.PARTNER_CHAINS_CLI_X86_64_APPLE_DARWIN }}" \
+ "artifact-macos-x86_64/${{ env.PARTNER_CHAINS_NODE_X86_64_APPLE_DARWIN }}" \
+ "artifact-macos-arm64/${{ env.PARTNER_CHAINS_CLI_AARCH64_APPLE_DARWIN }}" \
+ "artifact-macos-arm64/${{ env.PARTNER_CHAINS_NODE_AARCH64_APPLE_DARWIN }}"; do
+ chmod +x "$artifact"
+ curl -s -X POST \
+ -H "Authorization: token ${{ env.GITHUB_TOKEN }}" \
+ -H "Content-Type: application/octet-stream" \
+ --data-binary @"$artifact" \
+ "https://uploads.github.com/repos/${{ github.repository }}/releases/$release_id/assets?name=$(basename $artifact)"
+ done
+ shell: bash
\ No newline at end of file
diff --git a/.github/actions/release/publish-draft-release/action.yml b/.github/actions/release/publish-draft-release/action.yml
new file mode 100644
index 000000000..fc23c44cb
--- /dev/null
+++ b/.github/actions/release/publish-draft-release/action.yml
@@ -0,0 +1,37 @@
+name: "Publish Release"
+description: "Publishes a GitHub release from draft status."
+inputs:
+ tag:
+ description: "Tag for the release"
+ required: true
+
+outputs: {}
+
+runs:
+ using: "composite"
+ steps:
+ - name: Check if release exists
+ id: check_release
+ run: |
+ tag="${{ inputs.tag }}"
+ release_response=$(curl -s -H "Authorization: token ${{ env.GITHUB_TOKEN }}" \
+ "https://api.github.com/repos/${{ github.repository }}/releases/tags/$tag")
+ if echo "$release_response" | grep -q '"message": "Not Found"'; then
+ echo "release_exists=false" >> $GITHUB_ENV
+ echo "::set-output name=release_exists::false"
+ else
+ echo "release_exists=true" >> $GITHUB_ENV
+ echo "::set-output name=release_exists::true"
+ echo "release_id=$(echo $release_response | jq -r .id)" >> $GITHUB_ENV
+ echo "::set-output name=release_id::$(echo $release_response | jq -r .id)"
+ fi
+ shell: bash
+
+ - name: Publish release
+ if: ${{ steps.check_release.outputs.release_exists == 'true' }}
+ run: |
+ release_id="${{ steps.check_release.outputs.release_id }}"
+ curl -s -X PATCH -H "Authorization: token ${{ env.GITHUB_TOKEN }}" \
+ -d '{"draft": false}' \
+ "https://api.github.com/repos/${{ github.repository }}/releases/$release_id"
+ shell: bash
\ No newline at end of file
diff --git a/.github/actions/tests/argocd-tests/action.yml b/.github/actions/tests/argocd-tests/action.yml
new file mode 100644
index 000000000..1b83311bd
--- /dev/null
+++ b/.github/actions/tests/argocd-tests/action.yml
@@ -0,0 +1,97 @@
+name: "Run Tests against ArgoCD Node"
+description: "Run end-to-end tests against the ArgoCD node"
+inputs:
+ node-host:
+ description: "Host for the node"
+ required: true
+ node-port:
+ description: "Port for the node"
+ required: true
+ ssh_key_binary_host:
+ description: "SSH key for binary host"
+ required: true
+
+outputs: {}
+
+runs:
+ using: "composite"
+ steps:
+ - name: Health Check Integration Env
+ run: |
+ curl --request POST \
+ --url "http://${{ inputs.node-host }}:${{ inputs.node-port }}" \
+ --header 'Content-Type: application/json' \
+ --data '{
+ "jsonrpc": "2.0",
+ "method": "sidechain_getStatus",
+ "params": [],
+ "id": 1
+ }'
+ shell: bash
+
+ - name: Set SSH-Agent to Binary Host
+ uses: webfactory/ssh-agent@v0.9.0
+ with:
+ ssh-private-key: ${{ env.SSH_KEY_BINARY_HOST }}
+
+ - name: Acquire AWS Credentials
+ uses: aws-actions/configure-aws-credentials@v4
+ with:
+ role-to-assume: ${{ env.AWS_ROLE_ARN_ }}
+ aws-region: "eu-central-1"
+
+ - name: checkout pc-tests ref_name branch
+ id: pc-tests
+ uses: actions/checkout@v4
+ continue-on-error: true
+ with:
+ repository: input-output-hk/sidechains-tests
+ token: ${{ env.ACTIONS_PAT }}
+ ref: ${{ github.head_ref || github.ref_name }}
+ path: e2e-tests
+
+ - name: checkout pc-tests master (fallback)
+ if: steps.pc-tests.outcome == 'failure'
+ uses: actions/checkout@v4
+ with:
+ repository: input-output-hk/sidechains-tests
+ token: ${{ env.ACTIONS_PAT }}
+ ref: master
+ path: e2e-tests
+
+ - name: Setup earthly
+ uses: earthly/actions-setup@v1
+ with:
+ github-token: ${{ github.token }}
+ use-cache: false
+ version: ^0.8.0
+
+ - name: Run Tests
+ env:
+ EARTHLY_BUILD_ARGS: "CI_RUN=true"
+ FORCE_COLOR: 1
+ SLACK_WEBHOOK_URL: ${{ env.SLACK_WEBHOOK_URL }}
+ JIRA_URL: ${{ env.JIRA_URL }}
+ JOB_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+ run: |
+ cd e2e-tests
+ earthly --secret AWS_SESSION_TOKEN="$AWS_SESSION_TOKEN" \
+ --secret AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \
+ --secret AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \
+ --secret SLACK_WEBHOOK_URL="$SLACK_WEBHOOK_URL" \
+ --secret JIRA_URL="$JIRA_URL" \
+ --ssh-auth-sock="$SSH_AUTH_SOCK" \
+ +report \
+ --markers=CD \
+ --node_host="${{ inputs.node-host }}" \
+ --node_port="${{ inputs.node-port }}" \
+ --log_level=debug \
+ --report_to_slack=true \
+ --slack_ref_name ${{ github.ref_name }} \
+ --github_actor_username "${{ github.actor }}" \
+ --repository "${{ github.repository }}" \
+ --job_url="$JOB_URL" \
+ --env="ci" \
+ --stack="ci" \
+ --decrypt=true
+ shell: bash
diff --git a/.github/actions/tests/devshell-tests/action.yml b/.github/actions/tests/devshell-tests/action.yml
new file mode 100644
index 000000000..62d9dad4c
--- /dev/null
+++ b/.github/actions/tests/devshell-tests/action.yml
@@ -0,0 +1,42 @@
+name: "Nix Devshells Tests"
+description: "Builds and tests Nix Devshells with AWS credentials and Nix signing key."
+inputs: {}
+
+outputs: {}
+
+runs:
+ using: "composite"
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v4
+
+ - name: Update flake.lock with calling PR
+ if: ${{ github.event_name == 'repository_dispatch' }}
+ run: |
+ nix flake lock --update-input trustless-sidechain \
+ --override-input trustless-sidechain \
+ github:input-output-hk/partner-chains-smart-contracts/${{ github.event.client_payload.ref }}
+ shell: bash
+
+ - name: Acquire AWS credentials
+ uses: aws-actions/configure-aws-credentials@v4
+ with:
+ role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+ aws-region: ${{ env.AWS_REGION }}
+
+ - name: Add signing key for Nix
+ run: echo "${{ secrets.NIX_SIGNING_KEY }}" > "${{ runner.temp }}/nix-key"
+ shell: bash
+
+ - name: Run nixci to build/test all outputs
+ run: |
+ nix run github:srid/nixci -- -v build -- --fallback > /tmp/outputs
+ shell: bash
+
+ - name: Copy nix scopes to nix cache
+ run: |
+ nix-store --stdin -q --deriver < /tmp/outputs | nix-store --stdin -qR --include-outputs \
+ | nix copy --stdin --to \
+ "s3://cache.sc.iog.io?secret-key=${{ runner.temp }}/nix-key®ion=$AWS_REGION" \
+ && rm /tmp/outputs
+ shell: bash
\ No newline at end of file
diff --git a/.github/actions/tests/local-environment-tests/action.yml b/.github/actions/tests/local-environment-tests/action.yml
new file mode 100644
index 000000000..168f934f2
--- /dev/null
+++ b/.github/actions/tests/local-environment-tests/action.yml
@@ -0,0 +1,147 @@
+name: "Deploy and Test Against Local Environment"
+description: "Deploys a local environment and runs end-to-end tests."
+inputs:
+ sha:
+ description: "SHA to checkout"
+ required: true
+ image:
+ description: "Node Image"
+ required: true
+ tag:
+ description: "PC Artifact Tag"
+ required: true
+
+outputs: {}
+
+runs:
+ using: "composite"
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v4
+ with:
+ ref: ${{ inputs.sha }}
+ - name: Acquire AWS credentials
+ uses: aws-actions/configure-aws-credentials@v4
+ with:
+ role-to-assume: ${{ env.AWS_ROLE_ARN_SECRET }}
+ aws-region: ${{ env.AWS_REGION }}
+ - name: Login to ECR
+ uses: docker/login-action@v3
+ with:
+ registry: ${{ env.ECR_REGISTRY_SECRET }}
+ - name: Download partner-chains-cli artifact
+ uses: actions/download-artifact@v4
+ with:
+ name: partner-chains-cli-artifact
+ path: dev/local-environment/configurations/pc-contracts-cli/overrides/
+ - name: Download partner-chains-node artifact
+ uses: actions/download-artifact@v4
+ with:
+ name: partner-chains-node-artifact
+ path: dev/local-environment/configurations/pc-contracts-cli/overrides/
+ - name: Deploy local environment with overrides
+ run: |
+ mv dev/local-environment/configurations/pc-contracts-cli/overrides/partner-chains-cli-artifact dev/local-environment/configurations/pc-contracts-cli/overrides/partner-chains-cli
+ mv dev/local-environment/configurations/pc-contracts-cli/overrides/partner-chains-node-artifact dev/local-environment/configurations/pc-contracts-cli/overrides/partner-chains-node
+ cd dev/local-environment
+ bash setup.sh --non-interactive --overrides --postgres-password azMpOp4mTqhlKDmgCVQr --node-image ${{ inputs.image }}
+ docker compose up -d
+ cd ../../
+ shell: bash
+ - name: checkout pc-tests ref_name branch
+ id: pc-tests
+ uses: actions/checkout@v4
+ continue-on-error: true
+ with:
+ repository: input-output-hk/sidechains-tests
+ token: ${{ env.ACTIONS_PAT }}
+ ref: ${{ github.head_ref || github.ref_name }}
+ path: e2e-tests
+ - name: checkout pc-tests master (fallback)
+ if: steps.pc-tests.outcome == 'failure'
+ uses: actions/checkout@v4
+ with:
+ repository: input-output-hk/sidechains-tests
+ token: ${{ env.ACTIONS_PAT }}
+ ref: master
+ path: e2e-tests
+ - name: Setup python and dependencies
+ run: |
+ cd e2e-tests
+ sudo apt update
+ sudo apt install -y software-properties-common
+ sudo add-apt-repository ppa:deadsnakes/ppa
+ sudo apt update
+ sudo apt install -y python3.10 python3.10-venv python3.10-dev
+ sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 1
+ curl -L --silent https://github.com/getsops/sops/releases/download/v3.7.3/sops_3.7.3_amd64.deb > sops.deb && sudo dpkg -i sops.deb && rm sops.deb
+ python -m venv venv
+ source venv/bin/activate
+ pip install -r requirements.txt
+ cd ..
+ shell: bash
+ - name: Wait for the PC node 1 to start
+ run: |
+ while ! docker exec cardano-node-1 [ -e /shared/cardano.ready ]; do sleep 1; done
+ echo "Cardano network is ready! Waiting for Partner Chain first node to start..."
+ INIT_TIMESTAMP=$(docker exec cardano-node-1 cat /shared/cardano.start)
+ echo "INIT_TIMESTAMP=$INIT_TIMESTAMP" >> $GITHUB_ENV
+ while ! docker exec partner-chains-node-1 [ -e /shared/partner-chains-node-1.ready ]; do \
+ epoch=$(docker exec cardano-node-1 cardano-cli query tip --testnet-magic 42 | jq -r .epoch) && \
+ echo "Epoch: $epoch" && \
+ sleep 10; \
+ done
+ shell: bash
+ - name: Run smoke tests
+ uses: ./.github/actions/tests/run-e2e-tests
+ with:
+ env: ${{ env.TEST_ENVIRONMENT }}
+ keyword: "test_get_status or test_get_params"
+ blockchain: substrate
+ - name: Wait for epoch 2
+ uses: ./.github/actions/tests/wait-for-epoch
+ with:
+ epoch: 2
+ deployment: docker
+ node: cardano-node-1
+ environment:
+ - name: Run registration tests
+ uses: ./.github/actions/tests/run-e2e-tests
+ with:
+ env: ${{ env.TEST_ENVIRONMENT }}
+ keyword: "test_register_candidate or test_deregister_candidate or test_add_permissioned_candidate or test_remove_permissioned_candidate"
+ init_timestamp: ${{ env.INIT_TIMESTAMP }}
+ blockchain: substrate
+ - name: Wait for epoch 3
+ uses: ./.github/actions/tests/wait-for-epoch
+ with:
+ epoch: 3
+ deployment: docker
+ node: cardano-node-1
+ environment:
+ - name: Run registration tests
+ uses: ./.github/actions/tests/run-e2e-tests
+ with:
+ env: ${{ env.TEST_ENVIRONMENT }}
+ keyword: "test_register_candidate or test_deregister_candidate or test_add_permissioned_candidate or test_remove_permissioned_candidate"
+ init_timestamp: ${{ env.INIT_TIMESTAMP }}
+ blockchain: substrate
+ - name: Wait for epoch 4
+ uses: ./.github/actions/tests/wait-for-epoch
+ with:
+ epoch: 4
+ deployment: docker
+ node: cardano-node-1
+ environment:
+ - name: Run all tests
+ uses: ./.github/actions/tests/run-e2e-tests
+ with:
+ env: ${{ env.TEST_ENVIRONMENT }}
+ mc_epoch: 3
+ init_timestamp: ${{ env.INIT_TIMESTAMP }}
+ blockchain: substrate
+ - name: Stop partner-chains-demo
+ run: |
+ cd dev/local-environment
+ docker compose down --volumes
+ shell: bash
\ No newline at end of file
diff --git a/.github/actions/tests/run-e2e-tests/action.yml b/.github/actions/tests/run-e2e-tests/action.yml
new file mode 100644
index 000000000..c3cef31f5
--- /dev/null
+++ b/.github/actions/tests/run-e2e-tests/action.yml
@@ -0,0 +1,53 @@
+name: 'Run Pytest Tests'
+description: 'Activate python venv and run e2e tests'
+
+inputs:
+ env:
+ description: 'Test environment'
+ required: true
+ keyword:
+ description: 'Run tests by keyword (-k)'
+ required: false
+ default: 'test_'
+ markers:
+ description: 'Run tests by markers (-m)'
+ required: false
+ default: 'not active_flow and not passive_flow and not probability'
+ mc_epoch:
+ description: 'MC epoch to test (committee tests)'
+ required: false
+ log_level:
+ description: 'Log CLI level'
+ required: false
+ default: 'info'
+ init_timestamp:
+ description: 'MC initialization timestamp in seconds'
+ required: false
+ default: '0'
+ blockchain:
+ description: 'Blockchain to test'
+ required: true
+
+runs:
+ using: composite
+ steps:
+ - name: Run tests
+ shell: bash
+ run: |
+ if [ -n "${{ inputs.mc_epoch }}" ]; then
+ mc_epoch_switch="--mc-epoch ${{ inputs.mc_epoch }}"
+ fi
+
+ cd e2e-tests
+ source venv/bin/activate
+ pytest --blockchain ${{ inputs.blockchain }}\
+ --env ${{ inputs.env }} \
+ --stack ${{ inputs.env }} \
+ --log-cli-level ${{ inputs.log_level }} \
+ -k "${{ inputs.keyword }}" \
+ -m "${{ inputs.markers }}" \
+ --init-timestamp ${{ inputs.init_timestamp }} \
+ $mc_epoch_switch \
+ --json-report \
+ --json-report-summary \
+ --junitxml=junit_report.xml
diff --git a/.github/actions/tests/staging-preprod-tests/action.yml b/.github/actions/tests/staging-preprod-tests/action.yml
new file mode 100644
index 000000000..1e8febd6e
--- /dev/null
+++ b/.github/actions/tests/staging-preprod-tests/action.yml
@@ -0,0 +1,42 @@
+name: "Test Against Staging Preprod Environment"
+description: "Tests against Staging Preprod Environment"
+inputs:
+ node-host:
+ description: "Host for the node"
+ required: true
+ node-port:
+ description: "Port for the node"
+ required: true
+
+outputs: {}
+
+runs:
+ using: "composite"
+ steps:
+ - name: Install kubectl and awscli
+ run: |
+ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+ chmod +x ./kubectl
+ sudo mv ./kubectl /usr/local/bin/kubectl
+ sudo apt update && sudo apt install -y awscli
+ shell: bash
+ - name: Configure kubectl
+ run: |
+ echo "${{ env.kubeconfig_base64 }}" | base64 --decode > ${{ runner.temp }}/kubeconfig.yaml
+ kubectl config set-cluster my-cluster --server=${{ env.K8S_SERVER }} --insecure-skip-tls-verify=true
+ kubectl config set-credentials github-actions --token=${{ env.K8S_SA_TOKEN }}
+ kubectl config set-context my-context --cluster=my-cluster --user=github-actions --namespace=default
+ kubectl config use-context my-context
+ shell: bash
+ - name: Health check integration env
+ run: |
+ curl --request POST \
+ --url "http://${{ inputs['node-host'] }}:${{ inputs['node-port'] }}" \
+ --header 'Content-Type: application/json' \
+ --data '{
+ "jsonrpc": "2.0",
+ "method": "sidechain_getStatus",
+ "params": [],
+ "id": 1
+ }'
+ shell: bash
diff --git a/.github/actions/tests/staging-preview-tests/action.yml b/.github/actions/tests/staging-preview-tests/action.yml
new file mode 100644
index 000000000..f72699ee8
--- /dev/null
+++ b/.github/actions/tests/staging-preview-tests/action.yml
@@ -0,0 +1,42 @@
+name: "Test Against Staging Preview Environment"
+description: "Tests against Staging Preview Environment"
+inputs:
+ node-host:
+ description: "Host for the node"
+ required: true
+ node-port:
+ description: "Port for the node"
+ required: true
+
+outputs: {}
+
+runs:
+ using: "composite"
+ steps:
+ - name: Install kubectl and awscli
+ run: |
+ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+ chmod +x ./kubectl
+ sudo mv ./kubectl /usr/local/bin/kubectl
+ sudo apt update && sudo apt install -y awscli
+ shell: bash
+ - name: Configure kubectl
+ run: |
+ echo "${{ env.kubeconfig_base64 }}" | base64 --decode > ${{ runner.temp }}/kubeconfig.yaml
+ kubectl config set-cluster my-cluster --server=${{ env.K8S_SERVER }} --insecure-skip-tls-verify=true
+ kubectl config set-credentials github-actions --token=${{ env.K8S_SA_TOKEN }}
+ kubectl config set-context my-context --cluster=my-cluster --user=github-actions --namespace=default
+ kubectl config use-context my-context
+ shell: bash
+ - name: Health check integration env
+ run: |
+ curl --request POST \
+ --url "http://${{ inputs['node-host'] }}:${{ inputs['node-port'] }}" \
+ --header 'Content-Type: application/json' \
+ --data '{
+ "jsonrpc": "2.0",
+ "method": "sidechain_getStatus",
+ "params": [],
+ "id": 1
+ }'
+ shell: bash
diff --git a/.github/actions/tests/wait-for-epoch/action.yml b/.github/actions/tests/wait-for-epoch/action.yml
new file mode 100644
index 000000000..7501c5491
--- /dev/null
+++ b/.github/actions/tests/wait-for-epoch/action.yml
@@ -0,0 +1,54 @@
+name: 'Wait for epoch'
+description: 'Wait for epoch in specified environment'
+
+inputs:
+ epoch:
+ description: 'Expected epoch'
+ required: true
+ deployment:
+ description: 'Deployment type (docker or kubernetes)'
+ required: true
+ node:
+ description: 'Node name'
+ required: true
+ environment:
+ description: 'Environment (optional for kubernetes)'
+ required: false
+
+runs:
+ using: "composite"
+ steps:
+ - name: Wait for epoch
+ shell: bash
+ run: |
+ if [ "${{ inputs.deployment }}" == "docker" ]; then
+ epoch=$(docker exec ${{ inputs.node }} cardano-cli query tip --testnet-magic 42 | jq -r .epoch)
+ while [ $epoch -lt ${{ inputs.epoch }} ]; do
+ echo "Epoch: $epoch"
+ sleep 10
+ epoch=$(docker exec ${{ inputs.node }} cardano-cli query tip --testnet-magic 42 | jq -r .epoch)
+ done
+ echo "Epoch: $epoch"
+
+ elif [ "${{ inputs.deployment }}" == "kubernetes" ]; then
+ if [ "${{ inputs.environment }}" == "staging-preview" ]; then
+ testnet_magic=1
+ elif [ "${{ inputs.environment }}" == "staging-preprod" ]; then
+ testnet_magic=2
+ else
+ echo "Invalid environment for Kubernetes deployment"
+ exit 1
+ fi
+
+ epoch=$(kubectl exec ${{ inputs.node }} -c cardano-node -n ${{ inputs.environment }} -- cardano-cli query tip --testnet-magic $testnet_magic | jq -r .epoch)
+ while [ $epoch -lt ${{ inputs.epoch }} ]; do
+ echo "Epoch: $epoch"
+ sleep 10
+ epoch=$(kubectl exec ${{ inputs.node }} -c cardano-node -n ${{ inputs.environment }} -- cardano-cli query tip --testnet-magic $testnet_magic | jq -r .epoch)
+ done
+ echo "Epoch: $epoch"
+
+ else
+ echo "Invalid deployment type"
+ exit 1
+ fi
\ No newline at end of file
diff --git a/.github/earthly-setup/action.yml b/.github/earthly-setup/action.yml
index 0c62d5b9c..019cc5b9b 100644
--- a/.github/earthly-setup/action.yml
+++ b/.github/earthly-setup/action.yml
@@ -33,4 +33,4 @@ runs:
ssh-keyscan github.com >> ~/.ssh/known_hosts
ssh-agent -a "$SSH_AUTH_SOCK" > /dev/null || true
ssh-add - <<< "${{ inputs.ssh_key }}"
- fi
+ fi
\ No newline at end of file
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
new file mode 100644
index 000000000..6d9b0fe18
--- /dev/null
+++ b/.github/workflows/cd.yml
@@ -0,0 +1,351 @@
+name: CD
+
+on:
+ workflow_dispatch:
+ inputs:
+ sha:
+ description: "partner-chains commit SHA to build from"
+ required: true
+ type: string
+ tag:
+ description: "partner-chains release tag"
+ required: true
+ type: string
+
+permissions:
+ id-token: write
+ contents: write
+
+env:
+ AWS_REGION: "eu-central-1"
+ SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+
+jobs:
+ build-linux:
+ permissions:
+ id-token: write
+ contents: write
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ with:
+ ref: master
+ - name: Build and Upload for Linux
+ uses: ./.github/actions/artifacts/build-pc-artifacts
+ with:
+ sha: ${{ inputs.sha }}
+ tag: ${{ inputs.tag }}
+ os: linux
+
+ build-macos-x86_64:
+ permissions:
+ id-token: write
+ contents: write
+ runs-on: macos-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ with:
+ ref: master
+ - name: Build and Upload for macOS x86_64
+ uses: ./.github/actions/artifacts/build-pc-artifacts
+ with:
+ sha: ${{ inputs.sha }}
+ tag: ${{ inputs.tag }}
+ os: macos-x86_64
+
+ build-macos-arm64:
+ permissions:
+ id-token: write
+ contents: write
+ runs-on: macos-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ with:
+ ref: master
+ - name: Build and Upload for macOS arm64
+ uses: ./.github/actions/artifacts/build-pc-artifacts
+ with:
+ sha: ${{ inputs.sha }}
+ tag: ${{ inputs.tag }}
+ os: macos-arm64
+
+ build-and-publish-ecr:
+ permissions:
+ id-token: write
+ contents: write
+ needs: build-linux
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Build and Publish to ECR
+ uses: ./.github/actions/images/build-and-publish-ecr
+ with:
+ sha: ${{ inputs.sha }}
+ tag: ${{ inputs.tag }}
+ env:
+ AWS_REGION: "eu-central-1"
+ ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }}
+ AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }}
+ SSH_KEY: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }}
+ CONFIG_TAR: ${{ secrets.EARTHLY_TAR }}
+
+ local-environment-tests:
+ permissions:
+ id-token: write
+ contents: write
+ runs-on: ubuntu-latest
+ needs: [build-linux]
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Deploy and test against local environment
+ uses: ./.github/actions/tests/local-environment-tests
+ with:
+ tag: ${{ inputs.tag }}
+ image: ${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node:${{ inputs.sha }}
+
+ deploy-argocd:
+ needs: local-environment-tests
+ permissions:
+ id-token: write
+ contents: write
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+
+ - name: Deploy ArgoCD Node
+ uses: ./.github/actions/deploy/argocd/deploy-argocd
+ with:
+ sha: ${{ inputs.sha }}
+ env:
+ ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
+
+ argocd-tests:
+ needs: deploy-argocd
+ permissions:
+ id-token: write
+ contents: write
+ runs-on: [self-hosted, eks]
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Run Tests
+ uses: ./.github/actions/tests/argocd-tests
+ with:
+ node-host: sha-${{ inputs.sha }}-service.integration-testing.svc.cluster.local
+ node-port: 9933
+ ssh_key_earthly: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }}
+ config_tar: ${{ secrets.EARTHLY_TAR }}
+ ssh_key_binary_host: ${{ secrets.SSH_KEY_BINARY_HOST }}
+ env:
+ SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+ AWS_ROLE_ARN_: ${{ secrets.AWS_ROLE_ARN_ }}
+ SSH_KEY_BINARY_HOST: ${{ secrets.SSH_KEY_BINARY_HOST }}
+ SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+ JIRA_URL: ${{ secrets.JIRA_URL }}
+ ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
+
+ teardown-argocd:
+ needs: argocd-tests
+ permissions:
+ id-token: write
+ contents: write
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Teardown ArgoCD Environment
+ uses: ./.github/actions/deploy/argocd/teardown-argocd
+ with:
+ sha: ${{ inputs.sha }}
+ env:
+ ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
+
+ create-draft-release:
+ permissions:
+ id-token: write
+ contents: write
+ needs: [local-environment-tests, argocd-tests, teardown-argocd]
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Create Draft Release
+ uses: ./.github/actions/release/create-draft-release
+ with:
+ tag: ${{ inputs.tag }}
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+ generate-chain-specs:
+ permissions:
+ id-token: write
+ contents: write
+ needs: local-environment-tests
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Generate Chain Specs
+ uses: ./.github/actions/artifacts/generate-chain-specs
+ with:
+ sha: ${{ inputs.sha }}
+
+ upload-chain-specs:
+ permissions:
+ id-token: write
+ contents: write
+ needs: generate-chain-specs
+ runs-on: [self-hosted, eks]
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Upload chain spec artifacts to Kubernetes
+ uses: ./.github/actions/upload-chain-specs
+ with:
+ sha: ${{ github.sha }}
+ env:
+ kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
+ K8S_SERVER: ${{ secrets.K8S_SERVER }}
+ K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}
+
+ deploy-staging-preview:
+ permissions:
+ id-token: write
+ contents: write
+ needs: upload-chain-specs
+ runs-on: [self-hosted, eks]
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Deploy staging-preview
+ uses: ./.github/actions/deploy/deploy-staging-preview
+ with:
+ image: ${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node:${{ inputs.sha }}
+ chain-spec-secret: ${{ inputs.chain-spec-secret }}
+ env:
+ AWS_REGION: "eu-central-1"
+ SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+ ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
+ AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }}
+ ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }}
+ kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
+ K8S_SERVER: ${{ secrets.K8S_SERVER }}
+ K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}
+
+ staging-preview-tests:
+ permissions:
+ id-token: write
+ contents: write
+ needs: deploy-staging-preview
+ runs-on: [self-hosted, eks]
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Run Tests
+ uses: ./.github/actions/tests/staging-preview-tests
+ with:
+ node-host: staging-preview-validator-1.staging-preview.svc.cluster.local
+ node-port: 9933
+ env:
+ SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+ AWS_ROLE_ARN_: ${{ secrets.AWS_ROLE_ARN_ }}
+ SSH_KEY_BINARY_HOST: ${{ secrets.SSH_KEY_BINARY_HOST }}
+ SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+ JIRA_URL: ${{ secrets.JIRA_URL }}
+ ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
+ kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
+ K8S_SERVER: ${{ secrets.K8S_SERVER }}
+ K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}
+
+ build-and-publish-ghcr:
+ permissions:
+ id-token: write
+ contents: write
+ needs: staging-preview-tests
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Build and Publish to GHCR
+ uses: ./.github/actions/images/build-and-publish-ghcr
+ with:
+ sha: ${{ inputs.sha }}
+ tag: ${{ inputs.tag }}
+ ssh_key_earthly: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }}
+ config_tar: ${{ secrets.EARTHLY_TAR }}
+ env:
+ SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ SUBSTRATE_REPO_SSH_KEY: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }}
+ EARTHLY_TAR: ${{ secrets.EARTHLY_TAR }}
+
+ publish-release:
+ permissions:
+ id-token: write
+ contents: write
+ needs: staging-preview-tests
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Publish Release
+ uses: ./.github/actions/publish-release
+ with:
+ tag: ${{ inputs.tag }}
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+ deploy-staging-preprod:
+ permissions:
+ id-token: write
+ contents: write
+ needs: staging-preview-tests
+ runs-on: [self-hosted, eks]
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Deploy staging-preprod
+ uses: ./.github/actions/deploy-staging-preprod
+ with:
+ image: ${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node:${{ inputs.sha }}
+ chain-spec-secret: ${{ inputs.chain-spec-secret }}
+ env:
+ AWS_REGION: "eu-central-1"
+ SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+ ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
+ AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }}
+ ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }}
+ kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
+ K8S_SERVER: ${{ secrets.K8S_SERVER }}
+ K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}
+
+ staging-preprod-tests:
+ permissions:
+ id-token: write
+ contents: write
+ needs: deploy-staging-preprod
+ runs-on: [self-hosted, eks]
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Run Tests
+ uses: ./.github/actions/tests/staging-preprod-tests
+ with:
+ node-host: staging-preprod-validator-1.staging-preprod.svc.cluster.local
+ node-port: 9933
+ env:
+ SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+ AWS_ROLE_ARN_: ${{ secrets.AWS_ROLE_ARN_ }}
+ SSH_KEY_BINARY_HOST: ${{ secrets.SSH_KEY_BINARY_HOST }}
+ SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+ JIRA_URL: ${{ secrets.JIRA_URL }}
+ ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
+ kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
+ K8S_SERVER: ${{ secrets.K8S_SERVER }}
+ K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 000000000..99806f076
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,232 @@
+name: CI
+
+on:
+ pull_request:
+ types: [opened, synchronize, reopened, closed]
+ branches:
+ - master
+env:
+ AWS_REGION: "eu-central-1"
+ SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+
+permissions:
+ id-token: write
+ contents: write
+
+jobs:
+ build:
+ if: github.event.action != 'closed' || github.event.pull_request.merged == true
+ runs-on: ubuntu-latest
+ permissions:
+ id-token: write
+ contents: write
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Setup Earthly
+ uses: ./.github/earthly-setup
+ with:
+ ssh_key: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }}
+ config_tar: ${{ secrets.EARTHLY_TAR }}
+ - name: Acquire AWS credentials
+ uses: aws-actions/configure-aws-credentials@v4
+ with:
+ role-to-assume: ${{ secrets.AWS_ROLE_ARN_SECRET }}
+ aws-region: ${{ env.AWS_REGION }}
+ - name: Login to container registry
+ uses: docker/login-action@v3
+ with:
+ registry: ${{ secrets.ECR_REGISTRY_SECRET }}
+ - name: Build and Artifacts and Push Image
+ env:
+ EARTHLY_CI: true
+ EARTHLY_OUTPUT: true
+ EARTHLY_PUSH: true
+ run: |
+ earthly -P +ci --image=${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node
+ - name: Upload partner-chains-cli artifact
+ uses: actions/upload-artifact@v4
+ with:
+ name: partner-chains-cli-artifact
+ path: partner-chains-cli-artifact
+ - name: Upload partner-chains-node artifact
+ uses: actions/upload-artifact@v4
+ with:
+ name: partner-chains-node-artifact
+ path: partner-chains-node-artifact
+ - name: Upload chain spec artifacts
+ uses: actions/upload-artifact@v4
+ with:
+ name: chain-specs
+ path: |
+ ./devnet_chain_spec.json
+ ./staging_preview_chain_spec.json
+ ./staging_preprod_chain_spec.json
+
+ local-environment-tests:
+ if: github.event.pull_request.merged == false
+ needs: build
+ permissions:
+ id-token: write
+ contents: write
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Deploy and test against local environment
+ uses: ./.github/actions/tests/local-environment-tests
+ with:
+ tag: CI
+ image: ${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node:${{ github.sha }}
+ sha: ${{ github.sha }}
+ env:
+ SUBSTRATE_REPO_SSH_KEY: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }}
+ EARTHLY_TAR: ${{ secrets.EARTHLY_TAR }}
+ AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }}
+ AWS_REGION: ${{ env.AWS_REGION }}
+ ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
+ ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }}
+ TEST_ENVIRONMENT: local
+
+ deploy-argocd:
+ if: github.event.pull_request.merged == false
+ needs: build
+ permissions:
+ id-token: write
+ contents: write
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Deploy ArgoCD Node
+ uses: ./.github/actions/deploy/argocd/deploy-argocd
+ with:
+ sha: ${{ github.sha }}
+ env:
+ ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
+
+ argocd-tests:
+ if: github.event.pull_request.merged == false
+ needs: deploy-argocd
+ permissions:
+ id-token: write
+ contents: write
+ runs-on: [self-hosted, eks]
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Run Tests
+ uses: ./.github/actions/tests/argocd-tests
+ with:
+ node-host: sha-${{ github.sha }}-service.integration-testing.svc.cluster.local
+ node-port: 9933
+ ssh_key_binary_host: ${{ secrets.SSH_KEY_BINARY_HOST }}
+ env:
+ AWS_ROLE_ARN_: ${{ secrets.AWS_ROLE_ARN_ }}
+ SSH_KEY_BINARY_HOST: ${{ secrets.SSH_KEY_BINARY_HOST }}
+ SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+ JIRA_URL: ${{ secrets.JIRA_URL }}
+ ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
+
+ teardown-argocd:
+ if: always()
+ needs: argocd-tests
+ permissions:
+ id-token: write
+ contents: write
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Teardown ArgoCD Environment
+ uses: ./.github/actions/deploy/argocd/teardown-argocd
+ with:
+ sha: ${{ github.sha }}
+ env:
+ ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
+
+ devshell-tests:
+ if: github.event.pull_request.merged == false
+ needs: build
+ permissions:
+ id-token: write
+ contents: write
+ strategy:
+ matrix:
+ os: [nixos, macos]
+ runs-on:
+ - self-hosted
+ - ${{ matrix.os }}
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v4
+ - name: Acquire AWS credentials
+ uses: aws-actions/configure-aws-credentials@v4
+ with:
+ role-to-assume: ${{ secrets.AWS_ROLE_ARN_ }}
+ aws-region: ${{ env.AWS_REGION }}
+ - name: Add signing key for nix
+ run: echo "${{ secrets.NIX_SIGNING_KEY }}" > "${{ runner.temp }}/nix-key"
+ - name: Run nixci to build/test all outputs
+ run: |
+ nix run github:srid/nixci -- -v build -- --fallback > /tmp/outputs
+ - name: Copy nix scopes to nix cache
+ run: |
+ nix-store --stdin -q --deriver < /tmp/outputs | nix-store --stdin -qR --include-outputs \
+ | nix copy --stdin --to \
+ "s3://cache.sc.iog.io?secret-key=${{ runner.temp }}/nix-key®ion=$AWS_DEFAULT_REGION" \
+ && rm /tmp/outputs
+
+ pre-merge-checks-complete:
+ if: github.event.pull_request.merged == false
+ needs: [build, local-environment-tests, deploy-argocd, argocd-tests, teardown-argocd, devshell-tests]
+ runs-on: ubuntu-latest
+ steps:
+ - name: Pre Merge Checks Complete
+ run: echo "All pre-merge checks have passed. PR is ready to merge."
+
+ upload-chain-specs:
+ if: github.event.pull_request.merged == true
+ needs: build
+ permissions:
+ id-token: write
+ contents: write
+ runs-on: [self-hosted, eks]
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Upload chain spec artifacts to Kubernetes
+ uses: ./.github/actions/deploy/upload-chain-specs
+ with:
+ sha: ${{ github.sha }}
+ env:
+ kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
+ K8S_SERVER: ${{ secrets.K8S_SERVER }}
+ K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}
+
+ deploy-rustdoc:
+ if: github.event.pull_request.merged == true
+ needs: build
+ permissions:
+ id-token: write
+ contents: write
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Deploy Rust Docs
+ uses: ./.github/actions/deploy/deploy-rustdoc
+ with:
+ ssh_key: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }}
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+
+
+ post-merge-actions-complete:
+ if: github.event.pull_request.merged == true
+ needs: [deploy-rustdoc, upload-chain-specs]
+ runs-on: ubuntu-latest
+ steps:
+ - name: Post Merge Actions Complete
+ run: echo "All post-merge actions have been successfully completed."
\ No newline at end of file
diff --git a/.github/workflows/devnet-deploy.yml b/.github/workflows/deploy-devnet.yml
similarity index 99%
rename from .github/workflows/devnet-deploy.yml
rename to .github/workflows/deploy-devnet.yml
index 9fd0bb874..130d26eb7 100644
--- a/.github/workflows/devnet-deploy.yml
+++ b/.github/workflows/deploy-devnet.yml
@@ -232,4 +232,4 @@ jobs:
kubectl get pod henry -n sc -o jsonpath="{.status.containerStatuses[*].ready}"
kubectl get pods -n sc -o custom-columns='NAME:.metadata.name,READY:.status.containerStatuses[*].ready' | grep -E '^(alice|bob|charlie|dave|eve|ferdie|greg|henry)' | awk '{if ($2 != "true,true,true,true") exit 1}'
- echo "All pods are 4/4 up and ready"
+ echo "All pods are 4/4 up and ready"
\ No newline at end of file
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
deleted file mode 100644
index 3e2c31f07..000000000
--- a/.github/workflows/e2e.yml
+++ /dev/null
@@ -1,100 +0,0 @@
-name: e2e tests
-
-on:
-
- workflow_call:
- inputs:
- node-host:
- required: true
- type: string
- node-port:
- required: true
- type: string
-
-jobs:
- run:
- permissions:
- id-token: write
- contents: read
-
- runs-on: [self-hosted, eks]
-
- steps:
- - name: health check integration env
- run: |
- curl --request POST \
- --url "http://${{ inputs.node-host }}:${{ inputs.node-port }}" \
- --header 'Content-Type: application/json' \
- --data '{
- "jsonrpc": "2.0",
- "method": "sidechain_getStatus",
- "params": [],
- "id": 1
- }'
-
- - name: set ssh-agent to binary host
- uses: webfactory/ssh-agent@v0.9.0
- with:
- ssh-private-key: ${{ secrets.SSH_KEY_BINARY_HOST }}
-
- - name: Acquire AWS Credentials
- uses: aws-actions/configure-aws-credentials@v4
- with:
- role-to-assume: ${{ secrets.AWS_ROLE_ARN_ }}
- aws-region: "eu-central-1"
-
- - name: checkout sidechains-tests develop
- id: tests-develop
- uses: actions/checkout@v4
- continue-on-error: true
- with:
- repository: input-output-hk/sidechains-tests
- ref: develop
- path: sidechains-tests
- token: ${{ secrets.ACTIONS_PAT }}
-
- - name: checkout sidechains-tests master (fallback)
- if: steps.tests-develop.outcome == 'failure'
- uses: actions/checkout@v4
- with:
- repository: input-output-hk/sidechains-tests
- ref: master
- path: sidechains-tests
- token: ${{ secrets.ACTIONS_PAT }}
-
- - name: install earthly
- uses: earthly/actions-setup@v1
- with:
- github-token: ${{ github.token }}
- use-cache: true
- version: ^0.8.0
-
- - name: run
- env:
- EARTHLY_BUILD_ARGS: "CI_RUN=true"
- FORCE_COLOR: 1
- SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
- JIRA_URL: ${{ secrets.JIRA_URL }}
- JOB_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
- run: |
- cd sidechains-tests
- earthly --secret AWS_SESSION_TOKEN="$AWS_SESSION_TOKEN" \
- --secret AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \
- --secret AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \
- --secret SLACK_WEBHOOK_URL="$SLACK_WEBHOOK_URL" \
- --secret JIRA_URL="$JIRA_URL" \
- --ssh-auth-sock="$SSH_AUTH_SOCK" \
- +report \
- --markers=CD \
- --node_host="${{ inputs.node-host }}" \
- --node_port="${{ inputs.node-port }}" \
- --log_level=debug \
- --allure_project_id ${{ github.ref_name }} \
- --report_to_slack=true \
- --github_actor_username ${{ github.actor }} \
- --repository ${{ github.repository }} \
- --job_url="$JOB_URL" \
- --env="ci" \
- --stack="ci" \
- --test_environment=CI \
- --decrypt=true
diff --git a/.github/workflows/earthly.yml b/.github/workflows/earthly.yml
deleted file mode 100644
index c75c7b69c..000000000
--- a/.github/workflows/earthly.yml
+++ /dev/null
@@ -1,281 +0,0 @@
-name: earthly ci
-
-on:
- pull_request:
- types: [opened, synchronize, reopened, closed]
- branches:
- - master
- workflow_dispatch:
- inputs:
- upload:
- description: "Upload the container to our registry"
- default: false
- type: boolean
- repository:
- description: "GitHub repository name (e.g., username/repo)"
- required: true
- default: 'input-output-hk/partner-chains'
- branch:
- description: "Branch name to build"
- required: true
- default: 'master'
-env:
- AWS_REGION: "eu-central-1"
- SSH_AUTH_SOCK: /tmp/ssh_agent.sock
-
-jobs:
- build-and-push:
- runs-on: ubuntu-latest
- if: github.event.action != 'closed' || github.event.pull_request.merged == true
- concurrency:
- group: pr-${{ github.event.pull_request.number }}-author-${{ github.event.pull_request.user.login }}
- cancel-in-progress: true
- permissions:
- id-token: write
- contents: write
- steps:
- - name: Checkout
- uses: actions/checkout@v2
- with:
- repository: ${{ github.event.inputs.repository }}
- ref: ${{ github.event.inputs.branch }}
-
- - name: Setup Earthly
- uses: ./.github/earthly-setup
- if: ${{ !contains(github.event.pull_request.labels.*.name, 'ci-off') }}
- with:
- ssh_key: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }}
- config_tar: ${{ secrets.EARTHLY_TAR }}
-
- - name: Build With Benchmarking Features Enabled
- if: ${{ !contains(github.event.pull_request.labels.*.name, 'ci-off') && (github.ref_name == 'master' || inputs.upload == 'true') }}
- env:
- EARTHLY_CI: true
- run: |
- export EARTHLY_OUTPUT=true
- earthly -P +build --PROFILE=production --FEATURES=runtime-benchmarks
-
- - name: Generate and Extract Weights
- if: ${{ !contains(github.event.pull_request.labels.*.name, 'ci-off') && (github.ref_name == 'master' || inputs.upload == 'true') }}
- continue-on-error: true
- run: |
- repository_name="${GITHUB_REPOSITORY##*/}"
- echo "Listing contents on the runner host in /home/runner/work/${repository_name}/${repository_name}:"
- ls -la /home/runner/work/${repository_name}/${repository_name}
- echo "Pulling Docker image..."
- docker pull ubuntu:22.04
- mkdir -p weights
- echo "Running Docker container..."
- docker run -d --name weight_generation \
- --memory=4096m \
- --cpus=1 \
- -v /home/runner/work/${repository_name}/${repository_name}:/workspace \
- ubuntu:22.04 \
- /bin/bash -c "sleep infinity"
- echo "Installing necessary packages inside the container..."
- docker exec weight_generation bash -c "\
- apt-get update && \
- apt-get install -y jq curl build-essential && \
- echo 'Checking files in workspace...' && \
- ls -la /workspace && \
- mkdir -p /workspace/target/production && \
- cp /workspace/sidechains-substrate-node /workspace/target/production/sidechains-substrate-node && \
- echo 'Verifying the binary is in the expected path...' && \
- ls -la /workspace/target/production && \
- cd /workspace && \
- echo 'Setting the current working directory to /workspace...' && \
- chmod +x scripts/run_all_pallet_overhead_and_machine_benchmarks.sh && \
- chmod +x scripts/run_storage_benchmarks.sh && \
- source .envrc || true && \
- ./scripts/run_all_pallet_overhead_and_machine_benchmarks.sh -b && \
- ./scripts/run_storage_benchmarks.sh -b || true"
- echo "Finding and copying weight files..."
- weight_files=$(docker exec weight_generation find /workspace/runtime/src/weights -name '*.rs')
- echo "$weight_files" | while read weight_file; do
- weight_file_name=$(basename "$weight_file")
- echo "Copying ${weight_file_name}"
- docker cp "weight_generation:$weight_file" "weights/${weight_file_name}"
- done
- docker stop weight_generation
- docker rm weight_generation
-
- - name: Upload Weights
- if: ${{ !contains(github.event.pull_request.labels.*.name, 'ci-off') && (github.ref_name == 'master' || inputs.upload == 'true') }}
- continue-on-error: true
- uses: actions/upload-artifact@v4
- with:
- name: weights
- path: weights/
-
- - name: Overwrite Weights in Runtime Directory
- continue-on-error: true
- if: ${{ !contains(github.event.pull_request.labels.*.name, 'ci-off') && (github.ref_name == 'master' || inputs.upload == 'true') }}
- run: |
- pwd
- ls -la
- sudo chmod -R a+rwx ./runtime/src/weights
- for weight_file in weights/*.rs
- do
- cp "$weight_file" "./runtime/src/weights/$(basename "$weight_file")"
- done
-
- - name: Acquire AWS credentials
- uses: aws-actions/configure-aws-credentials@v4
- if: ${{ !contains(github.event.pull_request.labels.*.name, 'ci-off') }}
- with:
- role-to-assume: ${{ secrets.AWS_ROLE_ARN_SECRET }}
- aws-region: ${{ env.AWS_REGION }}
-
- - name: Login to container registry
- uses: docker/login-action@v3
- if: ${{ !contains(github.event.pull_request.labels.*.name, 'ci-off') }}
- with:
- registry: ${{ secrets.ECR_REGISTRY_SECRET }}
-
- - name: Main Build
- env:
- EARTHLY_CI: true
- if: ${{ !contains(github.event.pull_request.labels.*.name, 'ci-off') }}
- run: |
- ref=${{ github.ref_name }}
- type=${{ github.ref_type }}
- args=("--image=${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node")
- event_name="${{ github.event_name }}"
- if [[ "$type" == "tag" && "$ref" =~ ^v ]]; then
- export EARTHLY_PUSH=true
- args+=("--tags=$ref")
- elif [[ \
- "${{ github.event.pull_request.merged }}" == 'true' \
- && "$ref" == 'master' \
- || "${{ inputs.upload }}" == 'true' \
- ]]; then
- export EARTHLY_PUSH=true
- export EARTHLY_OUTPUT=true
- fi
- if [[ "$EARTHLY_PUSH" == true ]]; then
- args+=(--PROFILE=production)
- fi
- earthly -P +ci ${args[@]}
-
- - name: Upload chain spec artifacts
- uses: actions/upload-artifact@v4
- if: ${{ !contains(github.event.pull_request.labels.*.name, 'ci-off') && (github.ref_name == 'master' || inputs.upload == true) }}
- with:
- name: chain-specs
- path: |
- ./devnet_chain_spec.json
- ./staging_chain_spec.json
-
- generate-manifest:
- needs: build-and-push
- if: ${{ github.event.pull_request.merged == true && !contains(github.event.pull_request.labels.*.name, 'ci-off') }}
- runs-on: ubuntu-latest
- steps:
- - name: Checkout code
- uses: actions/checkout@v4
-
- - name: Create and Push Manifest
- env:
- GH_TOKEN: ${{ secrets.ACTIONS_PAT }}
- run: |
- cd .github/workflows/argocd
- bash generate-manifest.sh ${{ github.sha }}
-
- - name: Wait for 12 minutes (ArgoCD refresh interval is 3 minutes + 1 minute to build + 8 minutes for node to start producing blocks)
- run: sleep 720s
-
- run-e2e-tests:
- needs: generate-manifest
- uses: ./.github/workflows/e2e.yml
- with:
- node-host: sha-${{ github.sha }}-service.integration-testing.svc.cluster.local
- node-port: 9933
- secrets: inherit
-
- teardown:
- runs-on: ubuntu-latest
- needs: [build-and-push, generate-manifest, run-e2e-tests]
- if: always() && needs.generate-manifest.result == 'success'
- steps:
- - name: Checkout ArgoCD Repository
- uses: actions/checkout@v4
- with:
- repository: input-output-hk/sidechains-argocd
- token: ${{ secrets.ACTIONS_PAT }}
- path: sidechains-argocd
-
- - name: Delete Ephemeral Environment Files
- uses: actions/github-script@v7
- with:
- github-token: ${{ secrets.ACTIONS_PAT }}
- script: |
- const fs = require('fs');
- const path = require('path');
-
- const directory = 'sidechains-argocd/integration-testing';
- const files = fs.readdirSync(directory);
-
- for (const file of files) {
- if (file.startsWith('manifest-sha-')) {
- console.log(`Deleting file: ${file}`);
-
- // Fetch the SHA of the file
- const shaResponse = await github.rest.repos.getContent({
- owner: 'input-output-hk',
- repo: 'sidechains-argocd',
- path: `integration-testing/${file}`,
- });
- const sha = shaResponse.data.sha;
-
- // GitHub API request to delete the file
- await github.rest.repos.deleteFile({
- owner: 'input-output-hk',
- repo: 'sidechains-argocd',
- path: `integration-testing/${file}`,
- message: `ci: Tear down integration-testing environment for SHA #${file.split('-').pop().split('.')[0]}`,
- sha: sha,
- branch: 'main'
- });
- }
- }
-
- chain-specs:
- runs-on: [self-hosted, eks]
- needs: [build-and-push]
- if: github.ref_name == 'master' || inputs.upload == true
- permissions:
- id-token: write
- contents: write
- steps:
- - name: Install kubectl and awscli
- run: |
- curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
- chmod +x ./kubectl
- sudo mv ./kubectl /usr/local/bin/kubectl
- sudo apt update && sudo apt install -y awscli
-
- - name: Configure kubectl
- run: |
- echo "${{ secrets.kubeconfig_base64 }}" | base64 --decode > ${{ runner.temp }}/kubeconfig.yaml
- kubectl config set-cluster my-cluster --server=${{ secrets.K8S_SERVER }} --insecure-skip-tls-verify=true
- kubectl config set-credentials github-actions --token=${{ secrets.K8S_SA_TOKEN }}
- kubectl config set-context my-context --cluster=my-cluster --user=github-actions --namespace=default
- kubectl config use-context my-context
-
- - name: Download chain spec artifacts
- uses: actions/download-artifact@v4
- with:
- name: chain-specs
- path: ./artifacts
-
- - name: Update Kubernetes secret for devnet chain spec
- run: |
- TIMESTAMP=$(date +%Y%m%d%H%M)
- SHA=${{ github.sha }}
- kubectl create secret generic "devnet-chain-spec-${TIMESTAMP}-${SHA}" --from-file=devnet_chain_spec.json=./artifacts/devnet_chain_spec.json --namespace=sc
-
- - name: Update Kubernetes secret for staging chain spec
- run: |
- TIMESTAMP=$(date +%Y%m%d%H%M)
- SHA=${{ github.sha }}
- kubectl create secret generic "staging-chain-spec-${TIMESTAMP}-${SHA}" --from-file=staging_chain_spec.json=./artifacts/staging_chain_spec.json --namespace=staging
diff --git a/.github/workflows/ghcr.yml b/.github/workflows/ghcr.yml
index 6aa69b61c..59166bddf 100644
--- a/.github/workflows/ghcr.yml
+++ b/.github/workflows/ghcr.yml
@@ -130,4 +130,4 @@ jobs:
docker push $target_image:latest
docker push $target_image:$commit_sha
- docker push $target_image:$custom_tag
+ docker push $target_image:$custom_tag
\ No newline at end of file
diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml
deleted file mode 100644
index 201a8acf6..000000000
--- a/.github/workflows/nix.yml
+++ /dev/null
@@ -1,46 +0,0 @@
-name: "Nix Devshells CI"
-on:
- pull_request:
- push:
- branches:
- - master
- workflow_dispatch:
- repository_dispatch:
- types: [test-run-pr]
-
-env:
- AWS_DEFAULT_REGION: eu-central-1
-
-jobs:
- build-and-test:
- permissions:
- id-token: write
- contents: read
- strategy:
- matrix:
- os: [nixos, macos]
- runs-on:
- - self-hosted
- - ${{ matrix.os }}
- steps:
- - name: Checkout code
- uses: actions/checkout@v4
- with:
- token: ${{ github.token }}
- - name: Acquire AWS credentials
- uses: aws-actions/configure-aws-credentials@v4
- with:
- role-to-assume: ${{ secrets.AWS_ROLE_ARN_ }}
- aws-region: ${{ env.AWS_DEFAULT_REGION }}
-
- - name: Add signing key for nix
- run: echo "${{ secrets.NIX_SIGNING_KEY }}" > "${{ runner.temp }}/nix-key"
- - name: Run nixci to build/test all outputs
- run: |
- nix run github:srid/nixci -- -v build -- --fallback > /tmp/outputs
- - name: Copy nix scopes to nix cache
- run: |
- nix-store --stdin -q --deriver < /tmp/outputs | nix-store --stdin -qR --include-outputs \
- | nix copy --stdin --to \
- "s3://cache.sc.iog.io?secret-key=${{ runner.temp }}/nix-key®ion=$AWS_DEFAULT_REGION" \
- && rm /tmp/outputs
diff --git a/.github/workflows/not-earthly.yml b/.github/workflows/not-earthly.yml
deleted file mode 100644
index 026c69609..000000000
--- a/.github/workflows/not-earthly.yml
+++ /dev/null
@@ -1,210 +0,0 @@
-name: Not earthly ci
-
-on:
- pull_request:
- types: [opened, synchronize, reopened, closed]
- branches:
- - master
- workflow_dispatch:
- inputs:
- upload:
- description: "Upload the container to our registry"
- default: false
- type: boolean
-
-env:
- AWS_REGION: "eu-central-1"
- SSH_AUTH_SOCK: /tmp/ssh_agent.sock
-
-jobs:
- build-and-push-without-earthly:
- runs-on: ubuntu-latest
- if: github.event.action != 'closed' || github.event.pull_request.merged == true
- permissions:
- id-token: write
- contents: write
- steps:
- - name: Checkout partner-chains
- uses: actions/checkout@v4
-
- - name: Acquire AWS credentials
- uses: aws-actions/configure-aws-credentials@v4
- with:
- role-to-assume: ${{ secrets.AWS_ROLE_ARN_SECRET }}
- aws-region: ${{ env.AWS_REGION }}
-
- - name: Login to ECR
- uses: docker/login-action@v3
- with:
- registry: ${{ secrets.ECR_REGISTRY_SECRET }}
-
- - name: Install dependencies
- run: |
- sudo apt-get update
- sudo apt-get install -y protobuf-compiler
- curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
- source $HOME/.cargo/env
- rustup target add x86_64-unknown-linux-gnu
-
- - name: Build partner-chains-node
- run: |
- cargo build -p partner-chains-node --locked --release --target x86_64-unknown-linux-gnu
- chmod +x target/x86_64-unknown-linux-gnu/release/partner-chains-node
- cp target/x86_64-unknown-linux-gnu/release/partner-chains-node ./partner-chains-node
-
- - name: Run tests
- run: cargo test --locked --release --target x86_64-unknown-linux-gnu
-
- - name: Generate Chain Specs
- run: |
- chmod +x ./partner-chains-node
- source ./devnet/.envrc
- ./partner-chains-node build-spec --chain local --disable-default-bootnode --raw > devnet_chain_spec.json
- source ./staging/.envrc
- ./partner-chains-node build-spec --chain staging --disable-default-bootnode --raw > staging_chain_spec.json
-
- - name: Create and Configure Docker Container
- id: create-container
- run: |
- container_id=$(docker run -d debian:bullseye-slim sleep infinity)
- echo "container_id=$container_id" >> $GITHUB_ENV
- docker exec $container_id useradd -m -u 1000 -U -s /bin/sh -d /substrate substrate
- docker exec $container_id mkdir -p /data /substrate/.local/share/partner-chains-node
- docker exec $container_id chown -R substrate:substrate /data /substrate
- docker exec $container_id rm -rf /usr/bin/apt* /usr/bin/dpkg*
- docker exec $container_id ln -s /data /substrate/.local/share/partner-chains-node
- docker cp ./partner-chains-node $container_id:/usr/local/bin/partner-chains-node
- docker commit --change='EXPOSE 30333 9615 9933 9944' --change='ENTRYPOINT ["/usr/local/bin/partner-chains-node"]' $container_id substrate-node:${{ github.sha }}
-
- - name: Push to ECR
- run: |
- docker tag substrate-node:${{ github.sha }} ${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node:${{ github.sha }}
- docker push ${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node:${{ github.sha }}
-
- - name: Cleanup Docker Container
- if: always()
- run: |
- docker rm -f ${{ env.container_id }}
-
- - name: Upload chain spec artifacts
- uses: actions/upload-artifact@v4
- if: ${{ github.event.pull_request.merged == true && !contains(github.event.pull_request.labels.*.name, 'ci-off') }}
- with:
- name: chain-specs
- path: |
- ./devnet_chain_spec.json
- ./staging_chain_spec.json
-
- generate-manifest:
- needs: build-and-push-without-earthly
- if: ${{ github.event.pull_request.merged == true && !contains(github.event.pull_request.labels.*.name, 'ci-off') }}
- runs-on: ubuntu-latest
- steps:
- - name: Checkout code
- uses: actions/checkout@v4
-
- - name: Create and Push Manifest
- env:
- GH_TOKEN: ${{ secrets.ACTIONS_PAT }}
- run: |
- cd .github/workflows/argocd
- bash generate-manifest.sh ${{ github.sha }}
-
- - name: Wait for 12 minutes (ArgoCD refresh interval is 3 minutes + 1 minute to build + 8 minutes for node to start producing blocks)
- run: sleep 720s
-
- run-e2e-tests:
- needs: generate-manifest
- uses: ./.github/workflows/e2e.yml
- with:
- node-host: sha-${{ github.sha }}-service.integration-testing.svc.cluster.local
- node-port: 9933
- secrets: inherit
-
- teardown:
- runs-on: ubuntu-latest
- needs: [build-and-push-without-earthly, generate-manifest, run-e2e-tests]
- if: always() && needs.generate-manifest.result == 'success'
- steps:
- - name: Checkout ArgoCD Repository
- uses: actions/checkout@v4
- with:
- repository: input-output-hk/sidechains-argocd
- token: ${{ secrets.ACTIONS_PAT }}
- path: sidechains-argocd
-
- - name: Delete Ephemeral Environment Files
- uses: actions/github-script@v7
- with:
- github-token: ${{ secrets.ACTIONS_PAT }}
- script: |
- const fs = require('fs');
- const path = require('path');
-
- const directory = 'sidechains-argocd/integration-testing';
- const files = fs.readdirSync(directory);
-
- for (const file of files) {
- if (file.startsWith('manifest-sha-')) {
- console.log(`Deleting file: ${file}`);
-
- // Fetch the SHA of the file
- const shaResponse = await github.rest.repos.getContent({
- owner: 'input-output-hk',
- repo: 'sidechains-argocd',
- path: `integration-testing/${file}`,
- });
- const sha = shaResponse.data.sha;
-
- // GitHub API request to delete the file
- await github.rest.repos.deleteFile({
- owner: 'input-output-hk',
- repo: 'sidechains-argocd',
- path: `integration-testing/${file}`,
- message: `ci: Tear down integration-testing environment for SHA #${file.split('-').pop().split('.')[0]}`,
- sha: sha,
- branch: 'main'
- });
- }
- }
-
- chain-specs:
- runs-on: [self-hosted, eks]
- needs: [build-and-push-without-earthly]
- if: ${{ github.event.pull_request.merged == true && !contains(github.event.pull_request.labels.*.name, 'ci-off') }}
- permissions:
- id-token: write
- contents: write
- steps:
- - name: Install kubectl and awscli
- run: |
- curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
- chmod +x ./kubectl
- sudo mv ./kubectl /usr/local/bin/kubectl
- sudo apt update && sudo apt install -y awscli
-
- - name: Configure kubectl
- run: |
- echo "${{ secrets.kubeconfig_base64 }}" | base64 --decode > ${{ runner.temp }}/kubeconfig.yaml
- kubectl config set-cluster my-cluster --server=${{ secrets.K8S_SERVER }} --insecure-skip-tls-verify=true
- kubectl config set-credentials github-actions --token=${{ secrets.K8S_SA_TOKEN }}
- kubectl config set-context my-context --cluster=my-cluster --user=github-actions --namespace=default
- kubectl config use-context my-context
-
- - name: Download chain spec artifacts
- uses: actions/download-artifact@v4
- with:
- name: chain-specs
- path: ./artifacts
-
- - name: Update Kubernetes secret for devnet chain spec
- run: |
- TIMESTAMP=$(date +%Y%m%d%H%M)
- SHA=${{ github.sha }}
- kubectl create secret generic "devnet-chain-spec-${TIMESTAMP}-${SHA}" --from-file=devnet_chain_spec.json=./artifacts/devnet_chain_spec.json --namespace=sc
-
- - name: Update Kubernetes secret for staging chain spec
- run: |
- TIMESTAMP=$(date +%Y%m%d%H%M)
- SHA=${{ github.sha }}
- kubectl create secret generic "staging-chain-spec-${TIMESTAMP}-${SHA}" --from-file=staging_chain_spec.json=./artifacts/staging_chain_spec.json --namespace=staging
diff --git a/.github/workflows/partner-chains-node-binary-host.yml b/.github/workflows/partner-chains-node-binary-host.yml
deleted file mode 100644
index b6e9acaf2..000000000
--- a/.github/workflows/partner-chains-node-binary-host.yml
+++ /dev/null
@@ -1,85 +0,0 @@
-name: Build partner-chains-node and partner-chains-cli and push to binary-host
-
-on:
-
- workflow_dispatch:
- inputs:
- push_to_binary_host:
- description: "Push to binary-host"
- type: boolean
- required: true
-
-env:
- SSH_AUTH_SOCK: /tmp/ssh_agent.sock
-
-jobs:
- build-and-upload:
- runs-on: ubuntu-latest
- permissions:
- id-token: write
- contents: write
- steps:
- - name: Checkout code
- uses: actions/checkout@v4
-
- - name: Setup Earthly
- uses: ./.github/earthly-setup
- with:
- ssh_key: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }}
- config_tar: ${{ secrets.EARTHLY_TAR }}
-
- - name: Run Earthly build
- run: |
- export EARTHLY_OUTPUT=true
- earthly +build
-
- - name: Extract partner-chains-node and partner-chains-cli
- run: |
- mkdir -p artifact
- cp ./partner-chains-node ./partner-chains-cli-artifact artifact/
-
- - name: Upload binaries
- uses: actions/upload-artifact@v4
- with:
- name: substrate-binaries
- path: artifact/
-
- - name: Download binaries
- uses: actions/download-artifact@v4
- with:
- name: substrate-binaries
- path: artifact/
-
- kubectl-cp-to-binary-host:
- runs-on: [self-hosted, eks]
- needs: build-and-upload
- if: ${{ github.event.inputs.push_to_binary_host == 'true' }}
- permissions:
- id-token: write
- contents: write
- steps:
- - name: Install kubectl and awscli
- run: |
- curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
- chmod +x ./kubectl
- sudo mv ./kubectl /usr/local/bin/kubectl
- sudo apt update && sudo apt install -y awscli
-
- - name: Configure kubectl
- run: |
- echo "${{ secrets.kubeconfig_base64 }}" | base64 --decode > ${{ runner.temp }}/kubeconfig.yaml
- kubectl config set-cluster my-cluster --server=${{ secrets.K8S_SERVER }} --insecure-skip-tls-verify=true
- kubectl config set-credentials github-actions --token=${{ secrets.K8S_SA_TOKEN }}
- kubectl config set-context my-context --cluster=my-cluster --user=github-actions --namespace=default
- kubectl config use-context my-context
-
- - name: Download binaries
- uses: actions/download-artifact@v4
- with:
- name: substrate-binaries
- path: artifact/
-
- - name: Copy binaries to binary-host
- run: |
- kubectl cp ./artifact/partner-chains-node binary-host:/tools/partner-chains-node -c binary-host -n sc
- kubectl cp ./artifact/partner-chains-cli-artifact binary-host:/tools/partner-chains-cli -c binary-host -n sc
diff --git a/.github/workflows/publish-doc.yml b/.github/workflows/publish-doc.yml
deleted file mode 100644
index 2ab7fb521..000000000
--- a/.github/workflows/publish-doc.yml
+++ /dev/null
@@ -1,63 +0,0 @@
-name: Publish Documentation
-
-on:
-
- push:
- branches:
- - master
- pull_request:
- branches:
- - master
- workflow_dispatch:
- inputs:
- rustdoc:
- description: "Build and publish the rustdoc"
- default: false
- type: boolean
-
-env:
- SSH_AUTH_SOCK: /tmp/ssh_agent.sock
-
-jobs:
- deploy-rustdoc:
- if: github.event_name != 'workflow_dispatch' || inputs.rustdoc
- name: Deploy Rust Docs
- runs-on: ubuntu-latest
-
- steps:
- - name: Install tooling
- run: |
- sudo apt-get install -y protobuf-compiler
- protoc --version
-
- - name: Checkout repository
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-
- - name: Add SSH key to read Substrate Repo
- run: |
- mkdir ~/.ssh
- ssh-keyscan github.com >> ~/.ssh/known_hosts
- ssh-agent -a "$SSH_AUTH_SOCK" > /dev/null
- ssh-add - <<< "${{ secrets.SUBSTRATE_REPO_SSH_KEY }}"
-
- # With rustup's nice new toml format, we just need to run rustup show to install the toolchain
- # https://github.com/actions-rs/toolchain/issues/126#issuecomment-782989659
- - name: Rust versions
- run: rustup show
-
- - name: Rust cache
- uses: Swatinem/rust-cache@e207df5d269b42b69c8bc5101da26f7d31feddb4 # v2.6.2
-
- - name: Build rustdocs
- run: SKIP_WASM_BUILD=1 cargo doc --all --no-deps
-
- - name: Make index.html
- run: echo "" > ./target/doc/index.html
-
- - name: Deploy documentation
- if: github.ref_name == 'master'
- uses: peaceiris/actions-gh-pages@373f7f263a76c20808c831209c920827a82a2847 # v3.9.3
- with:
- github_token: ${{ secrets.GITHUB_TOKEN }}
- publish_branch: gh-pages
- publish_dir: ./target/doc
diff --git a/.github/workflows/artifact.yml b/.github/workflows/release.yml
similarity index 99%
rename from .github/workflows/artifact.yml
rename to .github/workflows/release.yml
index 490b4d127..a09dace78 100644
--- a/.github/workflows/artifact.yml
+++ b/.github/workflows/release.yml
@@ -247,4 +247,4 @@ jobs:
-H "Content-Type: application/octet-stream" \
--data-binary @"$artifact" \
"https://uploads.github.com/repos/${{ github.repository }}/releases/$release_id/assets?name=$(basename $artifact)"
- done
+ done
\ No newline at end of file
diff --git a/.github/workflows/sidechain-main-cli-binary-host.yml b/.github/workflows/sidechain-main-cli-binary-host.yml
deleted file mode 100644
index cdaa32d30..000000000
--- a/.github/workflows/sidechain-main-cli-binary-host.yml
+++ /dev/null
@@ -1,105 +0,0 @@
-name: Build pc-contracts-cli and Push to EKS binary-host (optional)
-
-on:
- workflow_dispatch:
- inputs:
- commit_sha:
- description: "Commit SHA to build from"
- required: true
- default: ""
- push_to_binary_host:
- description: "Push to binary-host"
- required: true
- type: boolean
-
-jobs:
- build-and-upload:
- runs-on: [self-hosted, nixos]
- steps:
- - name: Checkout repository
- uses: actions/checkout@v4
- with:
- repository: input-output-hk/partner-chains-smart-contracts
- token: ${{ secrets.ACTIONS_PAT }}
- ref: ${{ github.event.inputs.commit_sha }}
- path: partner-chains-smart-contracts
-
- - name: Build
- run: nix build ./partner-chains-smart-contracts#pc-contracts-release-bundle
-
- - name: Prepare Artifact
- run: |
- mkdir -p partner-chains-smart-contracts-artifact
- cp result/* partner-chains-smart-contracts-artifact
-
- - name: Upload Directory as Artifact
- uses: actions/upload-artifact@v4
- with:
- name: partner-chains-smart-contracts-artifact
- path: partner-chains-smart-contracts-artifact/
-
- - name: Post-build Cleanup
- run: rm -rf partner-chains-smart-contracts-artifact
-
- unzip-and-rename-artifact:
- runs-on: ubuntu-latest
- needs: build-and-upload
- steps:
- - name: Download pc-contracts-cli Artifact
- uses: actions/download-artifact@v4
- with:
- name: partner-chains-smart-contracts-artifact
- path: artifact/
-
- - name: Unzip Artifact
- run: |
- mkdir -p artifact/unzipped
- unzip artifact/release.zip -d artifact/unzipped
-
- - name: Upload Unzipped Artifact
- uses: actions/upload-artifact@v4
- with:
- name: unzipped
- path: artifact/unzipped
-
- kubectl-cp-to-binary-host:
- runs-on: [self-hosted, eks]
- needs: unzip-and-rename-artifact
- if: ${{ github.event.inputs.push_to_binary_host }} == 'true'
- permissions:
- id-token: write
- contents: write
- steps:
- - name: Install kubectl and awscli
- run: |
- curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
- chmod +x ./kubectl
- sudo mv ./kubectl /usr/local/bin/kubectl
- sudo apt update && sudo apt install -y awscli
-
- - name: Configure kubectl
- run: |
- echo "${{ secrets.kubeconfig_base64 }}" | base64 --decode > ${{ runner.temp }}/kubeconfig.yaml
- kubectl config set-cluster my-cluster --server=${{ secrets.K8S_SERVER }} --insecure-skip-tls-verify=true
- kubectl config set-credentials github-actions --token=${{ secrets.K8S_SA_TOKEN }}
- kubectl config set-context my-context --cluster=my-cluster --user=github-actions --namespace=default
- kubectl config use-context my-context
-
- - name: Download Unzipped Artifact
- uses: actions/download-artifact@v4
- with:
- name: unzipped
- path: artifact/unzipped
-
- - name: Create SHA directory on binary-host
- run: |
- kubectl exec binary-host -c binary-host -n sc -- mkdir -p /tools/pc-contracts-cli/${{ github.event.inputs.commit_sha }}
-
- - name: Copy to binary-host
- run: |
- kubectl cp artifact/unzipped/pc-contracts-cli binary-host:/tools/pc-contracts-cli/${{ github.event.inputs.commit_sha }} -c binary-host -n sc
- kubectl cp artifact/unzipped/node_modules binary-host:/tools/pc-contracts-cli/${{ github.event.inputs.commit_sha }} -c binary-host -n sc
-
- - name: Make binary executable
- run: |
- kubectl exec binary-host -c binary-host -n sc -- chmod +x /tools/pc-contracts-cli/${{ github.event.inputs.commit_sha }}/pc-contracts-cli
diff --git a/.github/workflows/staging-deploy.yml b/.github/workflows/staging-deploy.yml
deleted file mode 100644
index b17abe311..000000000
--- a/.github/workflows/staging-deploy.yml
+++ /dev/null
@@ -1,211 +0,0 @@
-name: Deploy Staging
-
-on:
-
- workflow_dispatch:
- inputs:
- terms1:
- description: "I acknowledge that running this workflow will make changes to the state of our EKS environments..."
- type: boolean
- required: true
- terms2:
- description: "I understand that an updated chain-spec from the same CI Run as the Substrate image must be provided if Substrate PVCs are being wiped"
- type: boolean
- required: true
- terms3:
- description: "I have made the Team aware that this deployment is about to occur"
- type: boolean
- required: true
- substrate-node-image:
- description: "Substrate Node ECR Image (Leave blank to use value from master)"
- required: false
- chain-spec-secret-name:
- description: "Chain Spec Secret Name (Leave blank to use value from master, or if 'Wipe Substrate PVCs' is not selected)"
- required: false
- wipe:
- description: "Wipe Substrate PVCs?"
- type: boolean
- required: true
- rolling:
- description: "Rolling Upgrade without deleting pods or PVCs?"
- type: boolean
- required: true
-
-jobs:
- deploy:
- runs-on: [self-hosted, eks]
- permissions:
- id-token: write
- contents: write
- steps:
- - name: Validate Terms and Conditions
- run: |
- echo "Validating terms and conditions..."
- if [[ "${{ github.event.inputs.terms1 }}" != 'true' || "${{ github.event.inputs.terms2 }}" != 'true' || "${{ github.event.inputs.terms3 }}" != 'true' ]]; then
- echo "Please read and accept all Terms before running the deployment. Exiting..."
- exit 1
- fi
- echo "All terms and conditions accepted."
-
- - name: Confirm Inputs and Evaluate Conditions
- id: evaluate-conditions
- run: |
- echo "Confirming inputs..."
- echo
- echo "substrate-node-image: ${{ github.event.inputs.substrate-node-image }}"
- echo "chain-spec-secret-name: ${{ github.event.inputs.chain-spec-secret-name }}"
- echo "wipe: ${{ github.event.inputs.wipe }}"
- echo "rolling: ${{ github.event.inputs.rolling }}"
- echo "Evaluating Deployment Type..."
-
- if [[ "${{ github.event.inputs.wipe }}" == 'true' ]]; then
- echo "wipe=true" >> $GITHUB_ENV
- else
- echo "wipe=false" >> $GITHUB_ENV
- fi
-
- if [[ "${{ github.event.inputs.rolling }}" == 'true' ]]; then
- echo "rolling=true" >> $GITHUB_ENV
- else
- echo "rolling=false" >> $GITHUB_ENV
- fi
-
- if [[ "${{ github.event.inputs.wipe }}" == 'true' && "${{ github.event.inputs.chain-spec-secret-name }}" != '' && "${{ github.event.inputs.substrate-node-image }}" != '' ]]; then
- echo "deployment_type=1" >> $GITHUB_ENV
- echo "Step: Deploy with chain-spec and image override will be run"
- elif [[ "${{ github.event.inputs.wipe }}" == 'false' && "${{ github.event.inputs.substrate-node-image }}" != '' ]]; then
- echo "deployment_type=2" >> $GITHUB_ENV
- echo "Step: Deploy with image override will be run"
- elif [[ "${{ github.event.inputs.substrate-node-image }}" == '' ]]; then
- echo "deployment_type=3" >> $GITHUB_ENV
- echo "Step: Deploy from master with no value overrides will be run"
- else
- echo "No matching condition for deployment"
- exit 1
- fi
-
- - name: Checkout sidechains-infra-priv repo
- uses: actions/checkout@v4
- with:
- repository: input-output-hk/sidechains-infra-priv
- token: ${{ secrets.ACTIONS_PAT }}
- path: sidechains-infra-priv
-
- - name: Install kubectl, kubernetes-helm and awscli
- run: |
- curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
- chmod +x ./kubectl
- sudo mv ./kubectl /usr/local/bin/kubectl
- curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null
- sudo apt-get install apt-transport-https --yes
- echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
- sudo apt-get update
- sudo apt-get install helm
-
- - name: Configure kubectl
- run: |
- echo "${{ secrets.kubeconfig_base64 }}" | base64 --decode > ${{ runner.temp }}/kubeconfig.yaml
- kubectl config set-cluster my-cluster --server=${{ secrets.K8S_SERVER }} --insecure-skip-tls-verify=true
- kubectl config set-credentials github-actions --token=${{ secrets.K8S_SA_TOKEN }}
- kubectl config set-context my-context --cluster=my-cluster --user=github-actions --namespace=default
- kubectl config use-context my-context
-
- - name: Delete pods
- if: env.rolling != 'true'
- continue-on-error: true
- run: |
- kubectl delete pod validator-1 -n staging || true
- kubectl delete pod validator-2 -n staging || true
- kubectl delete pod validator-3 -n staging || true
- kubectl delete pod validator-4 -n staging || true
- kubectl delete pod validator-5 -n staging || true
- kubectl delete pod validator-6 -n staging || true
- kubectl delete pod validator-7 -n staging || true
- echo "Waiting for pods to delete..."
- kubectl wait --for=delete pod/validator-1 pod/validator-2 pod/validator-3 pod/validator-4 pod/validator-5 pod/validator-6 pod/validator-7 -n staging --timeout=120s || true
-
- - name: Delete substrate PVCs
- if: env.wipe == 'true' && github.event.inputs.rolling != 'true'
- continue-on-error: true
- run: |
- kubectl delete pvc validator-1-claim-substrate-node-data -n staging
- kubectl delete pvc validator-2-claim-substrate-node-data -n staging
- kubectl delete pvc validator-3-claim-substrate-node-data -n staging
- kubectl delete pvc validator-4-claim-substrate-node-data -n staging
- kubectl delete pvc validator-5-claim-substrate-node-data -n staging
- kubectl delete pvc validator-6-claim-substrate-node-data -n staging
- kubectl delete pvc validator-7-claim-substrate-node-data -n staging
- echo "Waiting for PVCs to delete..."
- kubectl wait --for=delete pvc/validator-1-claim-substrate-node-data pvc/validator-2-claim-substrate-node-data pvc/validator-3-claim-substrate-node-data pvc/validator-4-claim-substrate-node-data pvc/validator-5-claim-substrate-node-data pvc/validator-6-claim-substrate-node-data pvc/validator-7-claim-substrate-node-data -n staging --timeout=120s
-
- - name: Deploy with chain-spec and image override
- if: env.deployment_type == 1
- run: |
- cd sidechains-infra-priv/src/kube/substrate-poc/environments/helm/substrate-node-stack-chart/
- helm upgrade --install validator-1 . -f values/chains/staging.yaml -f values/nodes/staging/validator/validator-1 --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}" --set chain.chainspec_secretName="${{ github.event.inputs.chain-spec-secret-name }}"
- helm upgrade --install validator-2 . -f values/chains/staging.yaml -f values/nodes/staging/validator/validator-2 --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}" --set chain.chainspec_secretName="${{ github.event.inputs.chain-spec-secret-name }}"
- helm upgrade --install validator-3 . -f values/chains/staging.yaml -f values/nodes/staging/validator/validator-3 --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}" --set chain.chainspec_secretName="${{ github.event.inputs.chain-spec-secret-name }}"
- helm upgrade --install validator-4 . -f values/chains/staging.yaml -f values/nodes/staging/validator/validator-4 --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}" --set chain.chainspec_secretName="${{ github.event.inputs.chain-spec-secret-name }}"
- helm upgrade --install validator-5 . -f values/chains/staging.yaml -f values/nodes/staging/validator/validator-5 --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}" --set chain.chainspec_secretName="${{ github.event.inputs.chain-spec-secret-name }}"
- helm upgrade --install validator-6 . -f values/chains/staging.yaml -f values/nodes/staging/validator/validator-6 --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}" --set chain.chainspec_secretName="${{ github.event.inputs.chain-spec-secret-name }}"
- helm upgrade --install validator-7 . -f values/chains/staging.yaml -f values/nodes/staging/validator/validator-7 --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}" --set chain.chainspec_secretName="${{ github.event.inputs.chain-spec-secret-name }}"
-
- - name: Deploy with image override
- if: env.deployment_type == 2
- run: |
- cd sidechains-infra-priv/src/kube/substrate-poc/environments/helm/substrate-node-stack-chart/
- helm upgrade --install validator-1 . -f values/chains/staging.yaml -f values/nodes/staging/validator/validator-1 --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}"
- helm upgrade --install validator-2 . -f values/chains/staging.yaml -f values/nodes/staging/validator/validator-2 --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}"
- helm upgrade --install validator-3 . -f values/chains/staging.yaml -f values/nodes/staging/validator/validator-3 --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}"
- helm upgrade --install validator-4 . -f values/chains/staging.yaml -f values/nodes/staging/validator/validator-4 --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}"
- helm upgrade --install validator-5 . -f values/chains/staging.yaml -f values/nodes/staging/validator/validator-5 --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}"
- helm upgrade --install validator-6 . -f values/chains/staging.yaml -f values/nodes/staging/validator/validator-6 --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}"
- helm upgrade --install validator-7 . -f values/chains/staging.yaml -f values/nodes/staging/validator/validator-7 --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}"
-
- - name: Deploy from master with no value overrides
- if: env.deployment_type == 3
- run: |
- cd sidechains-infra-priv/src/kube/substrate-poc/environments/helm/substrate-node-stack-chart/
- helm upgrade --install validator-1 . -f values/chains/staging.yaml -f values/nodes/staging/validator/validator-1
- helm upgrade --install validator-2 . -f values/chains/staging.yaml -f values/nodes/staging/validator/validator-2
- helm upgrade --install validator-3 . -f values/chains/staging.yaml -f values/nodes/staging/validator/validator-3
- helm upgrade --install validator-4 . -f values/chains/staging.yaml -f values/nodes/staging/validator/validator-4
- helm upgrade --install validator-5 . -f values/chains/staging.yaml -f values/nodes/staging/validator/validator-5
- helm upgrade --install validator-6 . -f values/chains/staging.yaml -f values/nodes/staging/validator/validator-6
- helm upgrade --install validator-7 . -f values/chains/staging.yaml -f values/nodes/staging/validator/validator-7
-
- - name: Wait
- run: |
- echo "Waiting for validator-1..."
- kubectl wait --for=condition=ready pod validator-1 -n staging --timeout=300s
- echo "Waiting for validator-2..."
- kubectl wait --for=condition=ready pod validator-2 -n staging --timeout=300s
- echo "Waiting for validator-3..."
- kubectl wait --for=condition=ready pod validator-3 -n staging --timeout=300s
- echo "Waiting for validator-4..."
- kubectl wait --for=condition=ready pod validator-4 -n staging --timeout=300s
- echo "Waiting for validator-5..."
- kubectl wait --for=condition=ready pod validator-5 -n staging --timeout=300s
- echo "Waiting for validator-6..."
- kubectl wait --for=condition=ready pod validator-6 -n staging --timeout=300s
- echo "Waiting for validator-7..."
- kubectl wait --for=condition=ready pod validator-7 -n staging --timeout=300s
-
- - name: Validate
- run: |
- echo "Checking validator-1..."
- kubectl get pod validator-1 -n staging -o jsonpath="{.status.containerStatuses[*].ready}"
- echo "Checking validator-2..."
- kubectl get pod validator-2 -n staging -o jsonpath="{.status.containerStatuses[*].ready}"
- echo "Checking validator-3..."
- kubectl get pod validator-3 -n staging -o jsonpath="{.status.containerStatuses[*].ready}"
- echo "Checking validator-4..."
- kubectl get pod validator-4 -n staging -o jsonpath="{.status.containerStatuses[*].ready}"
- echo "Checking validator-5..."
- kubectl get pod validator-5 -n staging -o jsonpath="{.status.containerStatuses[*].ready}"
- echo "Checking validator-6..."
- kubectl get pod validator-6 -n staging -o jsonpath="{.status.containerStatuses[*].ready}"
- echo "Checking validator-7..."
- kubectl get pod validator-7 -n staging -o jsonpath="{.status.containerStatuses[*].ready}"
- kubectl get pods -n sc -o custom-columns='NAME:.metadata.name,READY:.status.containerStatuses[*].ready' | grep -E '^(validator-1|validator-2|validator-3|validator-4|validator-5|validator-6|validator-7)' | awk '{if ($2 != "true,true,true,true") exit 1}'
- echo "All pods are 4/4 up and ready"
diff --git a/Earthfile b/Earthfile
index 5b41247d8..aa060dd41 100644
--- a/Earthfile
+++ b/Earthfile
@@ -46,6 +46,8 @@ build:
ARG EARTHLY_GIT_HASH
RUN cargo build --locked --profile=$PROFILE --features=$FEATURES
SAVE ARTIFACT target/*/partner-chains-node AS LOCAL partner-chains-node
+ SAVE ARTIFACT target/*/partner-chains-node AS LOCAL partner-chains-node-artifact
+ SAVE ARTIFACT target/*/partner-chains-cli AS LOCAL partner-chains-cli-artifact
test:
FROM +build
@@ -142,14 +144,24 @@ INSTALL:
chainspecs:
FROM +setup
DO +INSTALL
- COPY devnet/.envrc devnet/.envrc
- COPY devnet/addresses.json devnet/addresses.json
- COPY staging/.envrc staging/.envrc
- COPY staging/addresses.json staging/addresses.json
- # `.` (dot) is equivalent of `source` in /bin/sh
- RUN . ./devnet/.envrc \
+
+ COPY envs/devnet/.envrc envs/devnet/.envrc
+ COPY envs/devnet/addresses.json envs/devnet/addresses.json
+
+ COPY envs/staging-preview/.envrc envs/staging-preview/.envrc
+ COPY envs/staging-preview/addresses.json envs/staging-preview/addresses.json
+
+ COPY envs/staging-preprod/.envrc envs/staging-preprod/.envrc
+ COPY envs/staging-preprod/addresses.json envs/staging-preprod/addresses.json
+
+ RUN . ./envs/devnet/.envrc \
&& partner-chains-node build-spec --chain local --disable-default-bootnode --raw > devnet_chain_spec.json
- RUN. ./staging/.envrc \
- && partner-chains-node build-spec --chain staging --disable-default-bootnode --raw > staging_chain_spec.json
+ RUN . ./envs/staging-preview/.envrc \
+ && partner-chains-node build-spec --chain staging --disable-default-bootnode --raw > staging_preview_chain_spec.json
+ RUN . ./envs/staging-preprod/.envrc \
+ && partner-chains-node build-spec --chain staging --disable-default-bootnode --raw > staging_preprod_chain_spec.json
+
SAVE ARTIFACT devnet_chain_spec.json AS LOCAL devnet_chain_spec.json
- SAVE ARTIFACT staging_chain_spec.json AS LOCAL staging_chain_spec.json
+ SAVE ARTIFACT staging_preview_chain_spec.json AS LOCAL staging_preview_chain_spec.json
+ SAVE ARTIFACT staging_preprod_chain_spec.json AS LOCAL staging_preprod_chain_spec.json
+
\ No newline at end of file
diff --git a/dev/local-environment/configurations/partner-chains-nodes/partner-chains-node-1/entrypoint.sh b/dev/local-environment/configurations/partner-chains-nodes/partner-chains-node-1/entrypoint.sh
index eb09cf2b3..9507e0ab6 100644
--- a/dev/local-environment/configurations/partner-chains-nodes/partner-chains-node-1/entrypoint.sh
+++ b/dev/local-environment/configurations/partner-chains-nodes/partner-chains-node-1/entrypoint.sh
@@ -10,17 +10,7 @@ while true; do
fi
done
-echo "pc-contracts-cli configuration complete. Waiting 2 epochs to start..."
-
-while true; do
- if [ -f "/shared/2-epochs.ready" ]; then
- break
- else
- sleep 10
- fi
-done
-
-echo "2 mainchain epochs passed, starting node..."
+echo "pc-contracts-cli configuration complete. Starting node..."
export MC__FIRST_EPOCH_TIMESTAMP_MILLIS=$(cat /shared/MC__FIRST_EPOCH_TIMESTAMP_MILLIS)
export COMMITTEE_CANDIDATE_ADDRESS=$(cat /shared/COMMITTEE_CANDIDATE_ADDRESS)
diff --git a/dev/local-environment/configurations/pc-contracts-cli/entrypoint.sh b/dev/local-environment/configurations/pc-contracts-cli/entrypoint.sh
index 505da794c..eed441e4e 100644
--- a/dev/local-environment/configurations/pc-contracts-cli/entrypoint.sh
+++ b/dev/local-environment/configurations/pc-contracts-cli/entrypoint.sh
@@ -104,6 +104,11 @@ export PERMISSIONED_CANDIDATES_POLICY_ID=$(jq -r '.mintingPolicies.PermissionedC
echo "Permissioned candidates policy ID: $PERMISSIONED_CANDIDATES_POLICY_ID"
echo PERMISSIONED_CANDIDATES_POLICY_ID=$PERMISSIONED_CANDIDATES_POLICY_ID > /shared/PERMISSIONED_CANDIDATES_POLICY_ID
+echo "Importing environment variables from shared files..."
+export NATIVE_TOKEN_POLICY_ID=$(cat /shared/NATIVE_TOKEN_POLICY_ID)
+export NATIVE_TOKEN_ASSET_NAME=$(cat /shared/NATIVE_TOKEN_ASSET_NAME)
+export ILLIQUID_SUPPLY_VALIDATOR_ADDRESS=$(cat /shared/ILLIQUID_SUPPLY_VALIDATOR_ADDRESS)
+
echo "Inserting D parameter..."
./pc-contracts-cli insert-d-parameter \
@@ -273,10 +278,22 @@ echo -e "\n===== Partnerchain Configuration Complete =====\n"
echo -e "Container will now idle, but will remain available for accessing the pc-contracts-cli utility as follows:\n"
echo "docker exec pc-contracts-cli /pc-contracts-cli/pc-contracts-cli --help"
-epoch_length=$(cat /shared/mc-epoch-length)
-slot_length=$(cat /shared/mc-slot-length)
-sleep_time=$((2 * epoch_length * slot_length))
-sleep $sleep_time
+echo "Waiting 2 epochs for DParam to become active..."
+epoch=$(curl -s --request POST \
+ --url "http://ogmios:1337" \
+ --header 'Content-Type: application/json' \
+ --data '{"jsonrpc": "2.0", "method": "queryLedgerState/epoch"}' | jq .result)
+n_2_epoch=$((epoch + 2))
+echo "Current epoch: $epoch"
+while [ $epoch -lt $n_2_epoch ]; do
+ sleep 10
+ epoch=$(curl -s --request POST \
+ --url "http://ogmios:1337" \
+ --header 'Content-Type: application/json' \
+ --data '{"jsonrpc": "2.0", "method": "queryLedgerState/epoch"}' | jq .result)
+ echo "Current epoch: $epoch"
+done
+echo "DParam is now active!"
touch /shared/2-epochs.ready
tail -f /dev/null
diff --git a/dev/local-environment/configurations/pc-contracts-cli/overrides/OVERRIDES.md b/dev/local-environment/configurations/pc-contracts-cli/overrides/OVERRIDES.md
new file mode 100644
index 000000000..5c846bfe9
--- /dev/null
+++ b/dev/local-environment/configurations/pc-contracts-cli/overrides/OVERRIDES.md
@@ -0,0 +1,13 @@
+# Overrides
+
+Place one or more override artifacts in this directory, named as the below:
+
+- partner-chains-node
+- partner-chains-cli
+- pc-contracts-cli
+
+And enable overrides with the `--overrides` flag. For example:
+
+```
+bash setup.sh --non-interactive --overrides
+```
diff --git a/dev/local-environment/setup.sh b/dev/local-environment/setup.sh
index 07187b143..78deee8dc 100755
--- a/dev/local-environment/setup.sh
+++ b/dev/local-environment/setup.sh
@@ -156,11 +156,10 @@ configure_artifact_overrides() {
if [ "$overrides" == "yes" ]; then
echo -e "Artifact overrides enabled. \n"
- artifact_override=yes
else
read -p "Do you want to override artifacts from local paths? (Y/N): " override_artifact
if [[ $override_artifact == [Yy]* ]]; then
- artifact_override=yes
+ overrides=yes
echo -e "Artifact overrides enabled. \n"
echo "To override pc-contracts-cli artifact, copy artifacts to path:"
echo -e "./configurations/pc-contracts-cli/overrides/pc-contracts-cli and ./configurations/pc-contracts-cli/overrides/node_modules \n"
@@ -169,7 +168,6 @@ configure_artifact_overrides() {
echo "To override the partner-chains-cli artifact, copy artifact to path:"
echo -e "./configurations/pc-contracts-cli/overrides/partner-chains-cli \n"
else
- artifact_override=no
echo -e "Artifact overrides disabled. Stable versions will be automatically downloaded within the container from Github Releases. \n"
fi
fi
@@ -177,14 +175,11 @@ configure_artifact_overrides() {
# Non-interactive mode
if [ "$overrides" == "yes" ]; then
echo -e "Artifact overrides enabled. \n"
- artifact_override=yes
- else
- artifact_override=no
fi
fi
# Check for the existence of the artifact paths
- if [ "$artifact_override" == "yes" ]; then
+ if [ "$overrides" == "yes" ]; then
# Check for pc-contracts-cli artifact
if [[ -f "./configurations/pc-contracts-cli/overrides/pc-contracts-cli" && -d "./configurations/pc-contracts-cli/overrides/node_modules" ]]; then
echo -e "pc-contracts-cli and node_modules found. Override enabled. \n"
@@ -341,7 +336,7 @@ CPU_OGMIOS=0.000
MEM_OGMIOS=1000G
CPU_KUPO=0.000
MEM_KUPO=1000G
-ARTIFACT_OVERRIDE=$artifact_override
+ARTIFACT_OVERRIDE=$overrides
EOF
else
cat <.env
@@ -361,7 +356,7 @@ CPU_OGMIOS=$cpu_ogmios
MEM_OGMIOS=$mem_ogmios
CPU_KUPO=$cpu_kupo
MEM_KUPO=$mem_kupo
-ARTIFACT_OVERRIDE=$artifact_override
+ARTIFACT_OVERRIDE=$overrides
EOF
fi
diff --git a/docker/chain-spec/README.md b/docker/chain-spec/README.md
index a21534cf2..a6076267d 100644
--- a/docker/chain-spec/README.md
+++ b/docker/chain-spec/README.md
@@ -71,8 +71,7 @@ Cache cargo home for faster builds.
-e CARGO_HOME=/cargo-home \
```
-Set an env variable to specify which chain to use. Currently, we only have "local" (devnet) and
-"staging". These IDs are used in `build-spec` command and pattern matched in `command.rs`, `SubstrateCli impl` `load_spec` function.
+Set an env variable to specify which chain to use. Currently, we only have "local" (devnet) and "staging". These IDs are used in `build-spec` command and pattern matched in `command.rs`, `SubstrateCli impl` `load_spec` function.
Omit, if `--chain` option should not be used for the build-spec command.
```
-e CHAIN=staging \
diff --git a/devnet/.envrc b/envs/devnet/.envrc
similarity index 94%
rename from devnet/.envrc
rename to envs/devnet/.envrc
index 75bbf9cc9..d02e1eb53 100644
--- a/devnet/.envrc
+++ b/envs/devnet/.envrc
@@ -11,9 +11,9 @@ export SIDECHAIN_BLOCK_BENEFICIARY="0x000000000000000000000000000000000000000000
# below exports parse config/addresses.json file, which needs to regenerated for each new sidechain by running
# pc-contracts-cli addresses ... > config/addresses.json
-export COMMITTEE_CANDIDATE_ADDRESS=$(jq -r '.addresses.CommitteeCandidateValidator' devnet/addresses.json)
-export D_PARAMETER_POLICY_ID=$(jq -r '.mintingPolicies.DParameterPolicy' devnet/addresses.json)
-export PERMISSIONED_CANDIDATES_POLICY_ID=$(jq -r '.mintingPolicies.PermissionedCandidatesPolicy' devnet/addresses.json)
+export COMMITTEE_CANDIDATE_ADDRESS=$(jq -r '.addresses.CommitteeCandidateValidator' envs/devnet/addresses.json)
+export D_PARAMETER_POLICY_ID=$(jq -r '.mintingPolicies.DParameterPolicy' envs/devnet/addresses.json)
+export PERMISSIONED_CANDIDATES_POLICY_ID=$(jq -r '.mintingPolicies.PermissionedCandidatesPolicy' envs/devnet/addresses.json)
# native token observability
export NATIVE_TOKEN_POLICY_ID='ada83ddd029614381f00e28de0922ab0dec6983ea9dd29ae20eef9b4'
diff --git a/devnet/addresses.json b/envs/devnet/addresses.json
similarity index 100%
rename from devnet/addresses.json
rename to envs/devnet/addresses.json
diff --git a/staging/.envrc b/envs/staging-preprod/.envrc
similarity index 93%
rename from staging/.envrc
rename to envs/staging-preprod/.envrc
index f51b010ce..4a1c21a25 100644
--- a/staging/.envrc
+++ b/envs/staging-preprod/.envrc
@@ -11,9 +11,9 @@ export SIDECHAIN_BLOCK_BENEFICIARY="0x000000000000000000000000000000000000000000
# below exports parse config/addresses.json file, which needs to regenerated for each new sidechain by running
# pc-contracts-cli addresses ... > config/addresses.json
-export COMMITTEE_CANDIDATE_ADDRESS=$(jq -r '.addresses.CommitteeCandidateValidator' staging/addresses.json)
-export D_PARAMETER_POLICY_ID=$(jq -r '.mintingPolicies.DParameterPolicy' staging/addresses.json)
-export PERMISSIONED_CANDIDATES_POLICY_ID=$(jq -r '.mintingPolicies.PermissionedCandidatesPolicy' staging/addresses.json)
+export COMMITTEE_CANDIDATE_ADDRESS=$(jq -r '.addresses.CommitteeCandidateValidator' envs/staging-preprod/addresses.json)
+export D_PARAMETER_POLICY_ID=$(jq -r '.mintingPolicies.DParameterPolicy' envs/staging-preprod/addresses.json)
+export PERMISSIONED_CANDIDATES_POLICY_ID=$(jq -r '.mintingPolicies.PermissionedCandidatesPolicy' envs/staging-preprod/addresses.json)
# native token observability
export NATIVE_TOKEN_POLICY_ID='ada83ddd029614381f00e28de0922ab0dec6983ea9dd29ae20eef9b4'
diff --git a/staging/addresses.json b/envs/staging-preprod/addresses.json
similarity index 100%
rename from staging/addresses.json
rename to envs/staging-preprod/addresses.json
diff --git a/envs/staging-preview/.envrc b/envs/staging-preview/.envrc
new file mode 100644
index 000000000..e73a39752
--- /dev/null
+++ b/envs/staging-preview/.envrc
@@ -0,0 +1,44 @@
+export CHAIN_ID=1
+export THRESHOLD_NUMERATOR=2
+export THRESHOLD_DENOMINATOR=3
+export GENESIS_COMMITTEE_UTXO="4e65eddc6132c1b9891d43f9d67a4a0a7b6e614b648f59dc97538f3f23eb96bf#1"
+# cardano-cli address key-hash --payment-verification-key-file
+export GOVERNANCE_AUTHORITY=1f0977bc0f57c67ca6d77296c1b575fe05a6dc2c5fa38056ba63c50c
+
+# unique identifier of the beneficiary that will be credited
+# producer rewards for blocks produced by this node
+export SIDECHAIN_BLOCK_BENEFICIARY="0x0000000000000000000000000000000000000000000000000000000000000201"
+
+# below exports parse config/addresses.json file, which needs to regenerated for each new sidechain by running
+# sidechain-main-cli addresses ... > config/addresses.json
+export COMMITTEE_CANDIDATE_ADDRESS=$(jq -r '.addresses.CommitteeCandidateValidator' envs/staging-preview/addresses.json)
+export D_PARAMETER_POLICY_ID=$(jq -r '.mintingPolicies.DParameterPolicy' envs/staging-preview/addresses.json)
+export PERMISSIONED_CANDIDATES_POLICY_ID=$(jq -r '.mintingPolicies.PermissionedCandidatesPolicy' envs/staging-preview/addresses.json)
+
+# native token observability
+export NATIVE_TOKEN_POLICY_ID='ada83ddd029614381f00e28de0922ab0dec6983ea9dd29ae20eef9b4'
+export NATIVE_TOKEN_ASSET_NAME='5043546f6b656e44656d6f'
+export ILLIQUID_SUPPLY_VALIDATOR_ADDRESS='addr_test1wrhvtvx3f0g9wv9rx8kfqc60jva3e07nqujk2cspekv4mqs9rjdvz'
+
+# Preview parameters
+export CARDANO_SECURITY_PARAMETER=432
+export CARDANO_ACTIVE_SLOTS_COEFF=0.05
+export DB_SYNC_POSTGRES_CONNECTION_STRING="postgres://postgres:password123@localhost/cexplorer"
+
+# A minimum block distance from the most recent MC stable block.
+# Used by block producers to select the stable block to include in the block header.
+export BLOCK_STABILITY_MARGIN=0
+
+# Timestamp for the MC_FIRST_EPOCH_NUMBER
+# Genesis should not have a timestamp before this one, this should be divisible by both sidechain slot and epoch durations
+export MC__FIRST_EPOCH_TIMESTAMP_MILLIS=1666656000000
+# First Shelley epoch number on Cardano
+export MC__FIRST_EPOCH_NUMBER=0
+# Should be divisible by Sidechain epoch duration (which is SlotDuration * SlotsPerEpoch and those params can be found in runtime/src/lib.rs)
+export MC__EPOCH_DURATION_MILLIS=86400000
+# First Shelley slot number on Cardano
+export MC__FIRST_SLOT_NUMBER=0
+
+# When true, node will use the mock implementation of main chain follower. Overrides USE_INTERNAL_MAIN_CHAIN_FOLLOWER if true.
+export USE_MAIN_CHAIN_FOLLOWER_MOCK=false
+export MAIN_CHAIN_FOLLOWER_MOCK_REGISTRATIONS_FILE=res/bb-mock/default-registrations.json
diff --git a/envs/staging-preview/addresses.json b/envs/staging-preview/addresses.json
new file mode 100644
index 000000000..50f86294b
--- /dev/null
+++ b/envs/staging-preview/addresses.json
@@ -0,0 +1,47 @@
+{
+ "endpoint": "GetAddrs",
+ "addresses": {
+ "CommitteeCandidateValidator": "addr_test1wqczxu6fnkg22mswwf36dgav02d7fqut2qmxqxe9waf3hzqet7k08",
+ "DsConfValidator": "addr_test1wrs3x229t9wvzshcrq2sadngnh2p8aaxnzl538ptm6kfy7s722s0h",
+ "DsInsertValidator": "addr_test1wpcck855nef0era6mkk7eqfjtajm0nwz8wjmlwtq5zsy7fsqht257",
+ "VersionOracleValidator": "addr_test1wpfw535nn36x896pjtl3fc7t3axphpvgzmwvvf5ydlgw2cqfr4gts",
+ "PermissionedCandidatesValidator": "addr_test1wzhqyt2qsq3p43y2qkp6w47at38k4059hj0n8rysfhm2dyc5grwmv",
+ "DParameterValidator": "addr_test1wpt60cg7n4hp2u6djszjm744fprh8fhm4w5rqsrr4ax4tgshxjylr",
+ "CommitteeHashValidator": "addr_test1wztj2gjtnmt8p5593q4w2tcd0548r6u3s2uc7sjkrq8qp8shre8s9",
+ "CheckpointValidator": "addr_test1wr973hn59t44nvn6dsn5uge6lh9955uplpgw8s2pu6p70hcuhvhmt",
+ "MerkleRootTokenValidator": "addr_test1wrt7mljzzmtjpttu0ffzqp20xf2ctalffreywe755fwg6nc8kl20c",
+ "ReserveValidator": "addr_test1wpgffwhq7470l5wvyt4p7lxrnktwdsqzmprul7hjtnrs4sqh4flz3",
+ "IlliquidCirculationSupplyValidator": "addr_test1wqn2pkvvmesmxtfa4tz7w8gh8vumr52lpkrhcs4dkg30uqq77h5z4"
+ },
+ "validatorHashes": {
+ "CommitteeCandidateValidator": "302373499d90a56e0e7263a6a3ac7a9be4838b5036601b2577531b88",
+ "DsConfValidator": "e1132945595cc142f818150eb6689dd413f7a698bf489c2bdeac927a",
+ "DsInsertValidator": "718b1e949e52fc8fbaddadec81325f65b7cdc23ba5bfb960a0a04f26",
+ "VersionOracleValidator": "52ea46939c7463974192ff14e3cb8f4c1b858816dcc626846fd0e560",
+ "PermissionedCandidatesValidator": "ae022d4080221ac48a0583a757dd5c4f6abe85bc9f338c904df6a693",
+ "DParameterValidator": "57a7e11e9d6e15734d94052dfab5484773a6fbaba8304063af4d55a2",
+ "CommitteeHashValidator": "9725224b9ed670d285882ae52f0d7d2a71eb9182b98f4256180e009e",
+ "CheckpointValidator": "cbe8de742aeb59b27a6c274e233afdca5a5381f850e3c141e683e7df",
+ "MerkleRootTokenValidator": "d7edfe4216d720ad7c7a5220054f325585f7e948f24767d4a25c8d4f",
+ "ReserveValidator": "5094bae0f57cffd1cc22ea1f7cc39d96e6c002d847cffaf25cc70ac0",
+ "IlliquidCirculationSupplyValidator": "26a0d98cde61b32d3daac5e71d173b39b1d15f0d877c42adb222fe00"
+ },
+ "mintingPolicies": {
+ "DsConfPolicy": "cb9876d9ec40cc69adb42eba509244d5142048ebbc7326bad3124efa",
+ "CheckpointPolicy": "5a1d5ee6f5bd2a3856fbe44b59586babdf10b9ee1396473ee895f18f",
+ "FUELProxyPolicy": "51c738b499f9214329e9ec655d49cb5bb3bb19c0842998cb31d1224f",
+ "VersionOraclePolicy": "03031996a95b3fd511c5bae760bb185606e73af756421fe1fe83a2d8",
+ "PermissionedCandidatesPolicy": "e44f6251de81f6e572d8bb324dd955962a96b10da09e7abe5a7995ce",
+ "DParameterPolicy": "aca33dbecba1698ceb122a5a213fa7fb3d12fc7efd932117943d9f58",
+ "InitTokenPolicy": "0b2f719ae2b706c468808af38d62c4eda0d948ec3d04d0f916659019",
+ "CommitteeCertificateVerificationPolicy": "1c29334562bfc2bde51af1b02a1cc9bc8c5e944c4070b283ab420504",
+ "CommitteeOraclePolicy": "c62fb4be7a7e8a33aab734acc4c8eec7c594a570f721617170a377e0",
+ "FUELMintingPolicy": "d113a51cc9d9c02a06cf8985cd0570d3082e32f0f905851bfea8b711",
+ "FUELBurningPolicy": "0d6e224f7d25c9ed97143112b198bd8a60a76811a489b2160e57ae97",
+ "DsKeyPolicy": "5b7f2ef0de5553d125fadf364f8809098b9586197f703aab1410cc5f",
+ "MerkleRootTokenPolicy": "eb9e5f48ab84ef79c57620cb0ad8fc11a4c8f0a16679a4e5fce03ce7",
+ "ReserveAuthPolicy": "64eb1d817d6ca2b2a77dbf95e32a8da9abdb53b18de7d4e1c801345c",
+ "GovernancePolicy": "1ace0495e5f8f15703af7627904aa0842bbe8429c348b6606b4e0d0d",
+ "CommitteePlainEcdsaSecp256k1ATMSPolicy": "1c29334562bfc2bde51af1b02a1cc9bc8c5e944c4070b283ab420504"
+ }
+}
\ No newline at end of file