-
Notifications
You must be signed in to change notification settings - Fork 305
116 lines (105 loc) · 3.68 KB
/
deploy-preview.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
---
# Deploys the latest changes on 'main' branch, via a container
# image tagged with 'main', to testnet-preview.penumbra.zone.
name: Deploy testnet-preview.penumbra.zone
on:
workflow_dispatch:
inputs:
image_tag:
description: 'Docker image tag to deploy'
# The container tag "main" comes from the name of the main branch.
# It's important we deploy this tag for preview, rather than "latest",
# as "latest" maps to the most recent tag (i.e. weekly testnet).
default: "main"
required: true
push:
branches:
- main
# Cancel any pending preview deploys, in favor of a newer PR
# that was just merged.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
# Don't cancel mid-run, as an interrupted `helmfile sync` can create broken release
# states in the kube API server that require manual cleanup.
cancel-in-progress: false
jobs:
build-container:
name: Build container for preview
uses: ./.github/workflows/containers.yml
secrets: inherit
deploy:
name: Deploy preview to cluster
permissions:
contents: 'read'
id-token: 'write'
needs:
- build-container
runs-on: ubuntu-latest
timeout-minutes: 30
environment: testnet-preview
steps:
- name: checkout
uses: actions/checkout@v4
- id: gcloudauth
uses: google-github-actions/auth@v2
with:
workload_identity_provider: 'projects/1006847873719/locations/global/workloadIdentityPools/gh-runner-pool/providers/my-provider'
service_account: '[email protected]'
- name: get gke credentials
uses: google-github-actions/get-gke-credentials@v2
with:
cluster_name: testnet
project_id: penumbra-sl-testnet
location: us-central1
- name: install helmfile
uses: mamezou-tech/[email protected]
with:
helmfile-version: "v0.157.0"
- name: deploy
run: |-
export PATH="$HOME/bin:$PATH"
cd deployments/
export PENUMBRA_VERSION='main'
export HELM_RELEASE='penumbra-preview'
./ci.sh
- name: bounce metrics
run: kubectl rollout restart deployment penumbra-preview-metrics
- name: bounce grpcui
run: kubectl rollout restart deployment grpcui-preview
# Deploys a standalone instance of pd,
# specifically to exercise the auto-https direct-serve logic.
standalone:
name: deploy standalone pd node, preview
permissions:
contents: 'read'
id-token: 'write'
needs:
- deploy
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v4
- name: configure ssh identity
run: |-
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "$SSH_PRIVKEY" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
echo "$SSH_HOSTKEYS" > ~/.ssh/known_hosts
env:
# In order to generate the hostkey material:
#
# echo > hostkeys.txt
# ssh-keyscan -H solo-pd.testnet-preview.plinfra.net | tee -a hostkeys.txt
# ssh-keyscan -H solo-pd.testnet.plinfra.net | tee -a hostkeys.txt
#
# Then paste the contents of that file into `secrets.CI_RUNNER_SSH_HOSTKEYS`,
# so it's consumable via this step.
SSH_PRIVKEY: ${{ secrets.CI_RUNNER_SSH_PRIVKEY }}
SSH_HOSTKEYS: ${{ secrets.CI_RUNNER_SSH_HOSTKEYS }}
- name: deploy
shell: bash
run: |-
export PENUMBRA_VERSION="main"
export PENUMBRA_ENVIRONMENT="penumbra-preview"
./deployments/scripts/redeploy-ci-fullnode-via-runner