feat: initial merge of ci.yml and cd.yml workflows to begin testing (no removing live CI workflows yet) #128
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened, closed] | |
| branches: | |
| - master | |
| env: | |
| AWS_REGION: "eu-central-1" | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| permissions: | |
| id-token: write | |
| contents: write | |
| jobs: | |
| build: | |
| if: github.event.action != 'closed' || github.event.pull_request.merged == true | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Earthly | |
| uses: ./.github/earthly-setup | |
| with: | |
| ssh_key: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }} | |
| config_tar: ${{ secrets.EARTHLY_TAR }} | |
| - name: Acquire AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN_SECRET }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ secrets.ECR_REGISTRY_SECRET }} | |
| - name: Build and Artifacts and Push Image | |
| env: | |
| EARTHLY_CI: true | |
| EARTHLY_OUTPUT: true | |
| EARTHLY_PUSH: true | |
| run: | | |
| earthly -P +ci --image=${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node | |
| - name: Upload partner-chains-cli artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: partner-chains-cli-artifact | |
| path: partner-chains-cli-artifact | |
| - name: Upload partner-chains-node artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: partner-chains-node-artifact | |
| path: partner-chains-node-artifact | |
| - name: Upload chain spec artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: chain-specs | |
| path: | | |
| ./devnet_chain_spec.json | |
| ./staging_preview_chain_spec.json | |
| ./staging_preprod_chain_spec.json | |
| local-environment-tests: | |
| if: github.event.pull_request.merged == false | |
| needs: build | |
| permissions: | |
| id-token: write | |
| contents: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Deploy and test against local environment | |
| uses: ./.github/actions/tests/local-environment-tests | |
| with: | |
| tag: CI | |
| image: ${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node:${{ github.sha }} | |
| sha: ${{ github.sha }} | |
| env: | |
| SUBSTRATE_REPO_SSH_KEY: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }} | |
| EARTHLY_TAR: ${{ secrets.EARTHLY_TAR }} | |
| AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }} | |
| AWS_REGION: ${{ env.AWS_REGION }} | |
| ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
| ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }} | |
| TEST_ENVIRONMENT: local | |
| deploy-argocd: | |
| if: github.event.pull_request.merged == false | |
| needs: build | |
| permissions: | |
| id-token: write | |
| contents: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Deploy ArgoCD Node | |
| uses: ./.github/actions/deploy/argocd/deploy-argocd | |
| with: | |
| sha: ${{ github.sha }} | |
| env: | |
| ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
| argocd-tests: | |
| if: github.event.pull_request.merged == false | |
| needs: deploy-argocd | |
| permissions: | |
| id-token: write | |
| contents: write | |
| runs-on: [self-hosted, eks] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Run Tests | |
| uses: ./.github/actions/tests/argocd-tests | |
| with: | |
| node-host: sha-${{ github.sha }}-service.integration-testing.svc.cluster.local | |
| node-port: 9933 | |
| ssh_key_binary_host: ${{ secrets.SSH_KEY_BINARY_HOST }} | |
| env: | |
| AWS_ROLE_ARN_: ${{ secrets.AWS_ROLE_ARN_ }} | |
| SSH_KEY_BINARY_HOST: ${{ secrets.SSH_KEY_BINARY_HOST }} | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| JIRA_URL: ${{ secrets.JIRA_URL }} | |
| ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
| teardown-argocd: | |
| if: always() | |
| needs: argocd-tests | |
| permissions: | |
| id-token: write | |
| contents: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Teardown ArgoCD Environment | |
| uses: ./.github/actions/deploy/argocd/teardown-argocd | |
| with: | |
| sha: ${{ github.sha }} | |
| env: | |
| ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
| devshell-tests: | |
| if: github.event.pull_request.merged == false | |
| needs: build | |
| permissions: | |
| id-token: write | |
| contents: write | |
| strategy: | |
| matrix: | |
| os: [nixos, macos] | |
| runs-on: | |
| - self-hosted | |
| - ${{ matrix.os }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Acquire AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN_ }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Add signing key for nix | |
| run: echo "${{ secrets.NIX_SIGNING_KEY }}" > "${{ runner.temp }}/nix-key" | |
| - name: Run nixci to build/test all outputs | |
| run: | | |
| nix run github:srid/nixci -- -v build -- --fallback > /tmp/outputs | |
| - name: Copy nix scopes to nix cache | |
| run: | | |
| nix-store --stdin -q --deriver < /tmp/outputs | nix-store --stdin -qR --include-outputs \ | |
| | nix copy --stdin --to \ | |
| "s3://cache.sc.iog.io?secret-key=${{ runner.temp }}/nix-key®ion=$AWS_DEFAULT_REGION" \ | |
| && rm /tmp/outputs | |
| pre-merge-checks-complete: | |
| if: github.event.pull_request.merged == false | |
| needs: [build, local-environment-tests, deploy-argocd, argocd-tests, teardown-argocd, devshell-tests] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Pre Merge Checks Complete | |
| run: echo "All pre-merge checks have passed. PR is ready to merge." | |
| upload-chain-specs: | |
| if: github.event.pull_request.merged == true | |
| needs: build | |
| permissions: | |
| id-token: write | |
| contents: write | |
| runs-on: [self-hosted, eks] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Upload chain spec artifacts to Kubernetes | |
| uses: ./.github/actions/deploy/upload-chain-specs | |
| with: | |
| sha: ${{ github.sha }} | |
| env: | |
| kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
| K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
| K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
| deploy-rustdoc: | |
| if: github.event.pull_request.merged == true | |
| needs: build | |
| permissions: | |
| id-token: write | |
| contents: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Deploy Rust Docs | |
| uses: ./.github/actions/deploy/deploy-rustdoc | |
| with: | |
| ssh_key: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| post-merge-actions-complete: | |
| if: github.event.pull_request.merged == true | |
| needs: [deploy-rustdoc, upload-chain-specs] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Post Merge Actions Complete | |
| run: echo "All post-merge actions have been successfully completed." |