Mithril v2329.0 #14

Workflow file for this run

.github/workflows/release.yml at e79232f

	name: Release

	on:
	release:
	types: [released]

	jobs:
	build-push-docker:
	runs-on: ubuntu-22.04
	strategy:
	fail-fast: false
	matrix:
	project: [ mithril-aggregator, mithril-client, mithril-signer ]

	permissions:
	contents: read
	packages: write

	env:
	REGISTRY: ghcr.io
	IMAGE_NAME: ${{ github.repository_owner }}/${{ matrix.project }}
	DOCKER_FILE: ./${{ matrix.project }}/Dockerfile.ci
	CONTEXT: .
	GITHUB_REF: ${{ github.ref}}

	steps:
	- name: Checkout
	uses: actions/checkout@v3

	- name: Log in to the Container registry
	uses: docker/login-action@v2
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Extract metadata (tags, labels) for Docker
	id: meta
	uses: docker/metadata-action@v4
	with:
	images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
	tags: \|
	latest
	type=raw,value=${{ github.ref_name }}-{{sha}}

	- name: Download built artifacts (Linux-x64)
	uses: dawidd6/action-download-artifact@v2
	with:
	name: mithril-distribution-Linux-X64
	path: ${{ matrix.project }}
	commit: ${{ github.sha }}
	workflow: ci.yml
	workflow_conclusion: success

	- name: Build and push Docker image
	uses: docker/build-push-action@v3
	with:
	context: ${{ env.CONTEXT }}
	file: ${{ env.DOCKER_FILE }}
	push: true
	tags: ${{ steps.meta.outputs.tags }}

	check-deploy-crates-io:
	runs-on: ubuntu-22.04
	outputs:
	should-deploy: ${{ steps.check_version.outputs.should_deploy }}
	steps:
	- name: Checkout sources
	uses: actions/checkout@v3

	- name: Check crate latest version
	id: check_version
	run: \|
	LATEST_REMOTE_VERSION=$(wget -q -O - https://crates.io/api/v1/crates/mithril-stm \| jq -r '.crate.newest_version')
	LOCAL_VERSION=$(cargo metadata --quiet --no-deps \| jq -r '.packages[] \| select(.name=="mithril-stm") \| .version')
	echo "Latest crate.io version: $LATEST_REMOTE_VERSION"
	echo "Local version: $LOCAL_VERSION"

	if [ "$LOCAL_VERSION" != "$LATEST_REMOTE_VERSION" ]; then
	echo "Local version is newer than remote version: we will publish to crates.io"
	echo "should_deploy=true" >> $GITHUB_OUTPUT
	else
	echo "Local version and remote version are the same: no need to publish to crates.io"
	echo "should_deploy=false" >> $GITHUB_OUTPUT
	fi

	deploy-crates-io:
	runs-on: ubuntu-22.04
	needs: check-deploy-crates-io
	if: needs.check-deploy-crates-io.outputs.should-deploy == 'true'
	steps:
	- name: Checkout sources
	uses: actions/checkout@v3

	- name: Install stable toolchain
	uses: dtolnay/rust-toolchain@master
	with:
	toolchain: stable

	- name: Cargo publish dry run
	shell: bash
	run: cargo publish -p mithril-stm --dry-run

	- name: Cargo package list
	shell: bash
	run: cargo package -p mithril-stm --list

	- name: Cargo publish
	shell: bash
	run: cargo publish -p mithril-stm --token ${{ secrets.CRATES_IO_API_TOKEN }}

	deploy-release:
	strategy:
	fail-fast: false
	matrix:
	environment: [ release-preprod, release-mainnet ]
	include:
	- environment: release-preprod
	environment_prefix: release
	cardano_network: preprod
	mithril_api_domain: api.mithril.network
	mithril_protocol_parameters: \|
	{
	k = 5
	m = 100
	phi_f = 0.65
	}
	mithril_signers: \|
	{
	"2" = {
	type = "verified",
	pool_id = "",
	},
	}
	terraform_backend_bucket: hydra-terraform-admin
	google_region: europe-west1
	google_zone: europe-west1-b
	google_machine_type: e2-highmem-2
	google_compute_instance_boot_disk_size: 200
	google_compute_instance_data_disk_size: 250
	- environment: release-mainnet
	environment_prefix: release
	cardano_network: mainnet
	mithril_api_domain: api.mithril.network
	mithril_protocol_parameters: \|
	{
	k = 2422
	m = 20973
	phi_f = 0.20
	}
	mithril_signers: \|
	{}
	terraform_backend_bucket: mithril-terraform-prod
	google_region: europe-west1
	google_zone: europe-west1-b
	google_machine_type: e2-highmem-8
	google_compute_instance_boot_disk_size: 250
	google_compute_instance_data_disk_size: 1000

	runs-on: ubuntu-22.04

	needs:
	- build-push-docker

	environment: ${{ matrix.environment }}

	env:
	GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
	GENESIS_SECRET_KEY: ${{ secrets.GENESIS_SECRET_KEY }}
	GENESIS_VERIFICATION_KEY_URL: ${{ vars.GENESIS_VERIFICATION_KEY_URL }}
	ERA_READER_ADDRESS_URL: ${{ vars.ERA_READER_ADDRESS_URL }}
	ERA_READER_VERIFICATION_KEY_URL: ${{ vars.ERA_READER_VERIFICATION_KEY_URL }}
	ERA_READER_SECRET_KEY: ${{ secrets.ERA_READER_SECRET_KEY }}
	PROMETHEUS_AUTH_USERNAME: ${{ secrets.PROMETHEUS_AUTH_USERNAME }}
	PROMETHEUS_AUTH_PASSWORD: ${{ secrets.PROMETHEUS_AUTH_PASSWORD }}
	LOKI_AUTH_USERNAME: ${{ secrets.LOKI_AUTH_USERNAME }}
	LOKI_AUTH_PASSWORD: ${{ secrets.LOKI_AUTH_PASSWORD }}

	defaults:
	run:
	working-directory: mithril-infra

	steps:

	- name: Checkout sources
	uses: actions/checkout@v3

	- name: Get Docker image id
	run: echo "DOCKER_IMAGE_ID=${{ github.ref_name }}-$(echo ${{ github.sha }} \| cut -c1-7)" >> $GITHUB_ENV

	- name: Prepare service account credentials
	run: \|
	echo '${{ env.GOOGLE_APPLICATION_CREDENTIALS}}' > ./google-application-credentials.json
	chmod u+x ./assets/tools/utils/google-credentials-public-key.sh
	./assets/tools/utils/google-credentials-public-key.sh ./google-application-credentials.json ./assets/ssh_keys curry

	- name: Prepare terraform variables
	run: \|
	cat > ./env.variables.tfvars << EOF
	environment_prefix = "${{ matrix.environment_prefix }}"
	cardano_network = "${{ matrix.cardano_network }}"
	google_region = "${{ matrix.google_region }}"
	google_zone = "${{ matrix.google_zone }}"
	google_machine_type = "${{ matrix.google_machine_type }}"
	google_compute_instance_boot_disk_size = "${{ matrix.google_compute_instance_boot_disk_size }}"
	google_compute_instance_data_disk_size = "${{ matrix.google_compute_instance_data_disk_size }}"
	google_service_credentials_json_file = "./google-application-credentials.json"
	mithril_api_domain = "${{ matrix.mithril_api_domain }}"
	mithril_image_id = "${{ env.DOCKER_IMAGE_ID }}"
	mithril_genesis_verification_key_url = "${{ env.GENESIS_VERIFICATION_KEY_URL }}"
	mithril_genesis_secret_key = "${{ env.GENESIS_SECRET_KEY }}"
	mithril_protocol_parameters = ${{ matrix.mithril_protocol_parameters }}
	mithril_era_reader_adapter_type = "cardano-chain"
	mithril_era_reader_address_url = "${{ env.ERA_READER_ADDRESS_URL }}"
	mithril_era_reader_verification_key_url = "${{ env.ERA_READER_VERIFICATION_KEY_URL }}"
	mithril_era_reader_secret_key = "${{ env.ERA_READER_SECRET_KEY }}"
	mithril_signers = ${{ matrix.mithril_signers }}
	prometheus_auth_username = "${{ env.PROMETHEUS_AUTH_USERNAME }}"
	prometheus_auth_password = "${{ env.PROMETHEUS_AUTH_PASSWORD }}"
	loki_auth_username = "${{ env.LOKI_AUTH_USERNAME }}"
	loki_auth_password = "${{ env.LOKI_AUTH_PASSWORD }}"
	EOF
	terraform fmt ./env.variables.tfvars
	cat ./env.variables.tfvars

	- name: Setup Terraform
	uses: hashicorp/setup-terraform@v2
	with:
	terraform_wrapper: false

	- name: Init Terraform
	run: \|
	GOOGLE_APPLICATION_CREDENTIALS=./google-application-credentials.json terraform init -backend-config="bucket=${{ matrix.terraform_backend_bucket }}" -backend-config="prefix=terraform/mithril-${{ matrix.environment }}"

	- name: Check Terraform
	run: terraform fmt -check

	- name: Terraform Plan
	run: \|
	GOOGLE_APPLICATION_CREDENTIALS=./google-application-credentials.json terraform plan --var-file=./env.variables.tfvars

	- name: Terraform Apply
	run: \|
	GOOGLE_APPLICATION_CREDENTIALS=./google-application-credentials.json terraform apply -auto-approve --var-file=./env.variables.tfvars

	- name: Cleanup
	run: \|
	rm -f ./env.variables.tfvars
	rm -f ./google-application-credentials.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Mithril v2329.0 #14

Workflow file

Mithril v2329.0 #14

Jobs

Run details

Workflow file for this run