Merge pull request #1142 from input-output-hk/jpraynaud/1091-clean-ss… #40
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pre-release | |
| on: | |
| push: | |
| tags: | |
| - '[0-9][0-9][0-9][0-9].[0-9]+' | |
| - '[0-9][0-9][0-9][0-9].[0-9]+-**' | |
| jobs: | |
| create-pre-release: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v3 | |
| - name: Prepare packaging | |
| run: mkdir package | |
| - name: Download built artifacts (Linux-x64) | |
| uses: dawidd6/action-download-artifact@v2 | |
| with: | |
| name: mithril-distribution-Linux-X64 | |
| path: ./package-Linux-X64 | |
| commit: ${{ github.sha }} | |
| workflow: ci.yml | |
| workflow_conclusion: success | |
| - name: Download Debian packages (Linux-X64) | |
| uses: dawidd6/action-download-artifact@v2 | |
| with: | |
| name: mithril-deb-packages-Linux-X64 | |
| path: ./package | |
| commit: ${{ github.sha }} | |
| workflow: ci.yml | |
| workflow_conclusion: success | |
| - name: Download built artifacts (macOS-x64) | |
| uses: dawidd6/action-download-artifact@v2 | |
| with: | |
| name: mithril-distribution-macOS-X64 | |
| path: ./package-macOS-X64 | |
| commit: ${{ github.sha }} | |
| workflow: ci.yml | |
| workflow_conclusion: success | |
| - name: Download built artifacts (Windows-x64) | |
| uses: dawidd6/action-download-artifact@v2 | |
| with: | |
| name: mithril-distribution-Windows-X64 | |
| path: ./package-Windows-X64 | |
| commit: ${{ github.sha }} | |
| workflow: ci.yml | |
| workflow_conclusion: success | |
| - name: Append VERSION file | |
| run: | | |
| echo ${{ github.ref_name }} >> ./package/VERSION | |
| - name: Prepare distribution package | |
| uses: ./.github/workflows/actions/prepare-distribution | |
| with: | |
| version-name: ${{ github.ref_name }} | |
| download-url-base: ${{ github.server_url }}/${{ github.repository }}/releases/download/${{ github.ref_name }} | |
| gpg-secret-key: ${{ secrets.GPG_SECRET_KEY }} | |
| - name: Create pre-release ${{ github.ref_name }} | |
| uses: marvinpinto/action-automatic-releases@latest | |
| with: | |
| repo_token: ${{ secrets.GITHUB_TOKEN }} | |
| automatic_release_tag: ${{ github.ref_name }} | |
| prerelease: true | |
| title: Mithril v${{ github.ref_name }} | |
| files: package/* | |
| - name: Update release body with release notes addon | |
| uses: tubone24/update_release@v1.3.1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| TAG_NAME: ${{ github.ref_name }} | |
| with: | |
| is_append_body: true | |
| body_path: ./release-notes-addon.txt | |
| build-push-docker: | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| project: [ mithril-aggregator, mithril-client, mithril-signer ] | |
| permissions: | |
| contents: read | |
| packages: write | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository_owner }}/${{ matrix.project }} | |
| DOCKER_FILE: ./${{ matrix.project }}/Dockerfile.ci | |
| CONTEXT: . | |
| GITHUB_REF: ${{ github.ref}} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| pre-release | |
| type=raw,value=${{ github.ref_name }}-{{sha}} | |
| - name: Download built artifacts (Linux-x64) | |
| uses: dawidd6/action-download-artifact@v2 | |
| with: | |
| name: mithril-distribution-Linux-X64 | |
| path: ${{ matrix.project }} | |
| commit: ${{ github.sha }} | |
| workflow: ci.yml | |
| workflow_conclusion: success | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v3 | |
| with: | |
| context: ${{ env.CONTEXT }} | |
| file: ${{ env.DOCKER_FILE }} | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| deploy-pre-release: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| environment: [ pre-release-preview ] | |
| include: | |
| - environment: pre-release-preview | |
| environment_prefix: pre-release | |
| cardano_network: preview | |
| mithril_api_domain: api.mithril.network | |
| mithril_protocol_parameters: | | |
| { | |
| k = 5 | |
| m = 100 | |
| phi_f = 0.65 | |
| } | |
| mithril_signers: | | |
| { | |
| "2" = { | |
| type = "verified", | |
| pool_id = "", | |
| }, | |
| } | |
| terraform_backend_bucket: hydra-terraform-admin | |
| google_region: europe-west1 | |
| google_zone: europe-west1-b | |
| google_machine_type: e2-highmem-2 | |
| google_compute_instance_data_disk_size: 250 | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - build-push-docker | |
| environment: ${{ matrix.environment }} | |
| env: | |
| GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }} | |
| GENESIS_SECRET_KEY: ${{ secrets.GENESIS_SECRET_KEY }} | |
| GENESIS_VERIFICATION_KEY_URL: ${{ vars.GENESIS_VERIFICATION_KEY_URL }} | |
| ERA_READER_ADDRESS_URL: ${{ vars.ERA_READER_ADDRESS_URL }} | |
| ERA_READER_VERIFICATION_KEY_URL: ${{ vars.ERA_READER_VERIFICATION_KEY_URL }} | |
| ERA_READER_SECRET_KEY: ${{ secrets.ERA_READER_SECRET_KEY }} | |
| PROMETHEUS_AUTH_USERNAME: ${{ secrets.PROMETHEUS_AUTH_USERNAME }} | |
| PROMETHEUS_AUTH_PASSWORD: ${{ secrets.PROMETHEUS_AUTH_PASSWORD }} | |
| PROMETHEUS_INGEST_HOST: ${{ vars.PROMETHEUS_INGEST_HOST }} | |
| PROMETHEUS_INGEST_USERNAME: ${{ secrets.PROMETHEUS_INGEST_USERNAME }} | |
| PROMETHEUS_INGEST_PASSWORD: ${{ secrets.PROMETHEUS_INGEST_PASSWORD }} | |
| LOKI_AUTH_USERNAME: ${{ secrets.LOKI_AUTH_USERNAME }} | |
| LOKI_AUTH_PASSWORD: ${{ secrets.LOKI_AUTH_PASSWORD }} | |
| LOKI_INGEST_HOST: ${{ vars.LOKI_INGEST_HOST }} | |
| LOKI_INGEST_USERNAME: ${{ secrets.LOKI_INGEST_USERNAME }} | |
| LOKI_INGEST_PASSWORD: ${{ secrets.LOKI_INGEST_PASSWORD }} | |
| defaults: | |
| run: | |
| working-directory: mithril-infra | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v3 | |
| - name: Get Docker image id | |
| run: echo "DOCKER_IMAGE_ID=${{ github.ref_name }}-$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_ENV | |
| - name: Prepare service account credentials | |
| run: | | |
| echo '${{ env.GOOGLE_APPLICATION_CREDENTIALS}}' > ./google-application-credentials.json | |
| chmod u+x ./assets/tools/utils/google-credentials-public-key.sh | |
| ./assets/tools/utils/google-credentials-public-key.sh ./google-application-credentials.json ./assets/ssh_keys curry | |
| - name: Prepare terraform variables | |
| run: | | |
| cat > ./env.variables.tfvars << EOF | |
| environment_prefix = "${{ matrix.environment_prefix }}" | |
| cardano_network = "${{ matrix.cardano_network }}" | |
| google_region = "${{ matrix.google_region }}" | |
| google_zone = "${{ matrix.google_zone }}" | |
| google_machine_type = "${{ matrix.google_machine_type }}" | |
| google_compute_instance_data_disk_size = "${{ matrix.google_compute_instance_data_disk_size }}" | |
| google_service_credentials_json_file = "./google-application-credentials.json" | |
| mithril_api_domain = "${{ matrix.mithril_api_domain }}" | |
| mithril_image_id = "${{ env.DOCKER_IMAGE_ID }}" | |
| mithril_genesis_verification_key_url = "${{ env.GENESIS_VERIFICATION_KEY_URL }}" | |
| mithril_genesis_secret_key = "${{ env.GENESIS_SECRET_KEY }}" | |
| mithril_protocol_parameters = ${{ matrix.mithril_protocol_parameters }} | |
| mithril_era_reader_adapter_type = "cardano-chain" | |
| mithril_era_reader_address_url = "${{ env.ERA_READER_ADDRESS_URL }}" | |
| mithril_era_reader_verification_key_url = "${{ env.ERA_READER_VERIFICATION_KEY_URL }}" | |
| mithril_era_reader_secret_key = "${{ env.ERA_READER_SECRET_KEY }}" | |
| mithril_signers = ${{ matrix.mithril_signers }} | |
| prometheus_auth_username = "${{ env.PROMETHEUS_AUTH_USERNAME }}" | |
| prometheus_auth_password = "${{ env.PROMETHEUS_AUTH_PASSWORD }}" | |
| prometheus_ingest_host = "${{ env.PROMETHEUS_INGEST_HOST }}" | |
| prometheus_ingest_username = "${{ env.PROMETHEUS_INGEST_USERNAME }}" | |
| prometheus_ingest_password = "${{ env.PROMETHEUS_INGEST_PASSWORD }}" | |
| loki_auth_username = "${{ env.LOKI_AUTH_USERNAME }}" | |
| loki_auth_password = "${{ env.LOKI_AUTH_PASSWORD }}" | |
| loki_ingest_host = "${{ env.LOKI_INGEST_HOST }}" | |
| loki_ingest_username = "${{ env.LOKI_INGEST_USERNAME }}" | |
| loki_ingest_password = "${{ env.LOKI_INGEST_PASSWORD }}" | |
| EOF | |
| terraform fmt ./env.variables.tfvars | |
| cat ./env.variables.tfvars | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| with: | |
| terraform_wrapper: false | |
| - name: Init Terraform | |
| run: | | |
| GOOGLE_APPLICATION_CREDENTIALS=./google-application-credentials.json terraform init -backend-config="bucket=${{ matrix.terraform_backend_bucket }}" -backend-config="prefix=terraform/mithril-${{ matrix.environment }}" | |
| - name: Check Terraform | |
| run: terraform fmt -check | |
| - name: Terraform Plan | |
| run: | | |
| GOOGLE_APPLICATION_CREDENTIALS=./google-application-credentials.json terraform plan --var-file=./env.variables.tfvars | |
| - name: Terraform Apply | |
| run: | | |
| GOOGLE_APPLICATION_CREDENTIALS=./google-application-credentials.json terraform apply -auto-approve --var-file=./env.variables.tfvars | |
| - name: Cleanup | |
| run: | | |
| rm -f ./env.variables.tfvars | |
| rm -f ./google-application-credentials.json |