A0-4615: Release 15 preparations (#1939) #46
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Push release candidate image of aleph-node to ECR and DockerHub | |
| on: | |
| push: | |
| tags: | |
| - 'r-*' | |
| jobs: | |
| check-vars-and-secrets: | |
| name: Check vars and secrets | |
| uses: ./.github/workflows/_check-vars-and-secrets.yml | |
| secrets: inherit | |
| check-node-version: | |
| needs: [check-vars-and-secrets] | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Checkout source code | |
| uses: actions/checkout@v4 | |
| - name: Call action get-ref-properties | |
| id: get-ref-properties | |
| uses: Cardinal-Cryptography/github-actions/get-ref-properties@v7 | |
| - name: Read node version | |
| id: read-node-version | |
| uses: SebRollen/[email protected] | |
| with: | |
| file: 'bin/node/Cargo.toml' | |
| field: 'package.version' | |
| - name: Check if node version matches with tag | |
| shell: bash | |
| # yamllint disable rule:line-length | |
| run: | | |
| # cut release candidate part of the tag | |
| tag=$(echo '${{ steps.get-ref-properties.outputs.tag }}' | sed 's/-rc[0-9]*$//g') | |
| # expected tag is r-<version> from Cargo.toml | |
| expected_tag=r-$(echo '${{ steps.read-node-version.outputs.value }}') | |
| if [[ ${tag} != ${expected_tag} ]]; then | |
| echo "Error: tag version does not match version in bin/node/Cargo.toml" | |
| echo "Non-release candidate part of the tag is ${tag}" | |
| echo "Expected tag from node version is ${expected_tag}" | |
| exit 1 | |
| fi | |
| # yamllint enable rule:line-length | |
| push-ecr-image: | |
| needs: [check-node-version] | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Checkout source code | |
| uses: actions/checkout@v4 | |
| - name: Get docker image names | |
| id: get-docker-image-names | |
| uses: ./.github/actions/get-docker-image-names | |
| with: | |
| ecr-repo: ${{ vars.ECR_ALEPH_NODE_REPO }} | |
| dockerhub-repo: ${{ vars.DOCKERHUB_ALEPH_NODE_REPO }} | |
| - name: Login to Public Amazon ECR | |
| id: login-public-ecr | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ vars.ECR_PUBLIC_HOST }} | |
| username: ${{ secrets.AWS_MAINNET_ACCESS_KEY_ID }} | |
| password: ${{ secrets.AWS_MAINNET_SECRET_ACCESS_KEY }} | |
| # if r-* tag was pushed on a commit that is not on main or release branch, below step would | |
| # fail, as there would be no aleph-node-<sha> image on ECR for <sha> that is not on main | |
| # or release branch, see on-main-or-release-branch-commit.yml | |
| - name: Check release candidate docker image existence | |
| uses: Cardinal-Cryptography/github-actions/check-image-existence-ecr@v7 | |
| with: | |
| ecr-image: ${{ steps.get-docker-image-names.outputs.ecr-rc-image }} | |
| - name: Tag and push image to ECR | |
| shell: bash | |
| env: | |
| RC_IMAGE: ${{ steps.get-docker-image-names.outputs.ecr-rc-image }} | |
| DEPLOY_IMAGE: ${{ steps.get-docker-image-names.outputs.ecr-deploy-image }} | |
| run: | | |
| docker pull '${{ env.RC_IMAGE }}' | |
| docker tag '${{ env.RC_IMAGE }}' '${{ env.DEPLOY_IMAGE }}' | |
| docker push '${{ env.DEPLOY_IMAGE }}' | |
| slack: | |
| name: Slack notification | |
| runs-on: ubuntu-20.04 | |
| needs: [push-ecr-image] | |
| if: always() | |
| steps: | |
| - name: Send Slack message | |
| uses: Cardinal-Cryptography/github-actions/slack-notification@v7 | |
| with: | |
| notify-on: "always" | |
| env: | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_DEV_ONDUTY }} |