docs: re-add priv val state munging for upgrades #2251
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# Deploys the latest changes on 'main' branch, via a container | |
# image tagged with 'main', to testnet-preview.penumbra.zone. | |
name: Deploy testnet-preview.penumbra.zone | |
on: | |
workflow_dispatch: | |
inputs: | |
image_tag: | |
description: 'Docker image tag to deploy' | |
# The container tag "main" comes from the name of the main branch. | |
# It's important we deploy this tag for preview, rather than "latest", | |
# as "latest" maps to the most recent tag (i.e. weekly testnet). | |
default: "main" | |
required: true | |
push: | |
branches: | |
- main | |
# Cancel any pending preview deploys, in favor of a newer PR | |
# that was just merged. | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
# Don't cancel mid-run, as an interrupted `helmfile sync` can create broken release | |
# states in the kube API server that require manual cleanup. | |
cancel-in-progress: false | |
jobs: | |
build-container: | |
name: Build container for preview | |
uses: ./.github/workflows/containers.yml | |
secrets: inherit | |
deploy: | |
name: Deploy preview to cluster | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
needs: | |
- build-container | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
environment: testnet-preview | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
- id: gcloudauth | |
uses: google-github-actions/auth@v2 | |
with: | |
workload_identity_provider: 'projects/1006847873719/locations/global/workloadIdentityPools/gh-runner-pool/providers/my-provider' | |
service_account: '[email protected]' | |
- name: get gke credentials | |
uses: google-github-actions/get-gke-credentials@v2 | |
with: | |
cluster_name: testnet | |
project_id: penumbra-sl-testnet | |
location: us-central1 | |
- name: install helmfile | |
uses: mamezou-tech/[email protected] | |
with: | |
helmfile-version: "v0.157.0" | |
- name: deploy | |
run: |- | |
export PATH="$HOME/bin:$PATH" | |
cd deployments/ | |
export PENUMBRA_VERSION='main' | |
export HELM_RELEASE='penumbra-preview' | |
./ci.sh | |
- name: bounce metrics | |
run: kubectl rollout restart deployment penumbra-preview-metrics | |
- name: bounce grpcui | |
run: kubectl rollout restart deployment grpcui-preview | |
# Deploys a standalone instance of pd, | |
# specifically to exercise the auto-https direct-serve logic. | |
standalone: | |
name: deploy standalone pd node, preview | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
needs: | |
- deploy | |
runs-on: ubuntu-latest | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
- name: configure ssh identity | |
run: |- | |
mkdir -p ~/.ssh | |
chmod 700 ~/.ssh | |
echo "$SSH_PRIVKEY" > ~/.ssh/id_ed25519 | |
chmod 600 ~/.ssh/id_ed25519 | |
echo "$SSH_HOSTKEYS" > ~/.ssh/known_hosts | |
env: | |
# In order to generate the hostkey material: | |
# | |
# echo > hostkeys.txt | |
# ssh-keyscan -H solo-pd.testnet-preview.plinfra.net | tee -a hostkeys.txt | |
# ssh-keyscan -H solo-pd.testnet.plinfra.net | tee -a hostkeys.txt | |
# | |
# Then paste the contents of that file into `secrets.CI_RUNNER_SSH_HOSTKEYS`, | |
# so it's consumable via this step. | |
SSH_PRIVKEY: ${{ secrets.CI_RUNNER_SSH_PRIVKEY }} | |
SSH_HOSTKEYS: ${{ secrets.CI_RUNNER_SSH_HOSTKEYS }} | |
- name: deploy | |
shell: bash | |
run: |- | |
export PENUMBRA_VERSION="main" | |
export PENUMBRA_ENVIRONMENT="penumbra-preview" | |
./deployments/scripts/redeploy-ci-fullnode-via-runner |