.github/workflows/deploy-to-devnet.yml

---
name: Deploy to Devnet

# This workflow performs automatic deployment of aleph-node to the Devnet environment
# It does it from the scratch, ie it
#   1) syncs the validators keys from S3,
#   2) generates raw chainspec from the deployed aleph-node binary,
#   3) restart nodes with cleaned db

on:
  workflow_dispatch:
  schedule:
    - cron: '00 00 * * *'

concurrency:
  group: ${{ github.ref }}-${{ github.workflow }}

jobs:
  check-vars-and-secrets:
    name: Check vars and secrets
    uses: ./.github/workflows/_check-vars-and-secrets.yml
    secrets: inherit

  deploy-devnet:
    needs: [check-vars-and-secrets]
    name: Deploy new aleph-node image to EKS
    environment:
      name: devnet
    runs-on: ubuntu-20.04
    env:
      AWS_REGION: eu-central-1
    steps:
      - name: GIT | Checkout
        uses: actions/checkout@v4

      - name: GIT | Get branch info & current commit sha.
        id: vars
        shell: bash
        run: |
          echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_DEVNET_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_DEVNET_SECRET_ACCESS_KEY }}
          aws-region: ${{ env.AWS_REGION }}

      - name: GIT | Checkout argocd apps repo
        uses: actions/checkout@v4
        with:
          repository: Cardinal-Cryptography/${{ secrets.REPO_ARGOCD_APPS_NAME }}
          token: ${{ secrets.CI_GH_TOKEN }}
          path: ${{ secrets.REPO_ARGOCD_APPS_NAME }}

      - name: Init kustomize
        uses: imranismail/setup-kustomize@v2
        with:
          kustomize-version: ${{ vars.KUSTOMIZE_VERSION }}

      - name: Setup kubectl
        uses: azure/setup-kubectl@v3.2
        with:
          version: 'v1.23.6'

      - name: Sync all validator's keystores from S3
        run: |
          #!/bin/bash
          aws s3 cp s3://${{ secrets.DEVNET_KEYS_S3BUCKET_NAME }}/data data --recursive
          # rename validator paths
          declare -A \
            NAMES=([aleph-node-validator-0]=5D34dL5prEUaGNQtPPZ3yN5Y6BnkfXunKXXz6fo7ZJbLwRRH \
              [aleph-node-validator-1]=5GBNeWRhZc2jXu7D55rBimKYDk8PGk8itRYFTPfC8RJLKG5o \
              [aleph-node-validator-2]=5Dfis6XL8J2P6JHUnUtArnFWndn62SydeP8ee8sG2ky9nfm9 \
              [aleph-node-validator-3]=5F4H97f7nQovyrbiq4ZetaaviNwThSVcFobcA5aGab6167dK \
              [aleph-node-validator-4]=5DiDShBWa1fQx6gLzpf3SFBhMinCoyvHM1BWjPNsmXS8hkrW \
              [aleph-node-validator-5]=5EFb84yH9tpcFuiKUcsmdoF7xeeY3ajG1ZLQimxQoFt9HMKR \
              [aleph-node-validator-6]=5DZLHESsfGrJ5YzT3HuRPXsSNb589xQ4Unubh1mYLodzKdVY \
              [aleph-node-validator-7]=5GHJzqvG6tXnngCpG7B12qjUvbo5e4e9z8Xjidk3CQZHxTPZ \
              [aleph-node-validator-8]=5CUnSsgAyLND3bxxnfNhgWXSe9Wn676JzLpGLgyJv858qhoX \
              [aleph-node-validator-9]=5CVKn7HAZW1Ky4r7Vkgsr7VEW88C2sHgUNDiwHY9Ct2hjU8q)
          for NAME in "${!NAMES[@]}"; do
            mv -v data/$NAME data/${NAMES[$NAME]}
          done

      - name: Generate chainspec
        env:
          RELEASE_TAG: ${{ steps.vars.outputs.sha_short }}
        # yamllint disable rule:line-length
        run: |
          #!/bin/bash
          aws s3 cp 's3://${{ secrets.DEVNET_KEYS_S3BUCKET_NAME }}/data' data --recursive

          # well-known accounts
          ALICE=5GrwvaEF5zXb26Fz9rcQpDWS57CtERHpNehXCPcNoHGKutQY
          BOB=5FHneW46xGXgs5mUiveU4sbTyGBzmstUspZC92UhjJM694ty
          CHARLIE=5FLSigC9HGRKVhB9FiEo4Y3koPsNmBmLJbpXg2mp1hXcS59Y
          EVE=5HGjWAeFDfFCWPsjFQdVV2Msvz2XtMktvgocEZcCj68kUMaw

          docker run -i -v $(pwd)/data:/data --env RUST_BACKTRACE=1 --entrypoint \
            '/usr/local/bin/aleph-node' '${{ vars.ECR_PUBLIC_REGISTRY }}aleph-node:${{ env.RELEASE_TAG }}' \
            bootstrap-chain --raw --base-path /data --chain-id a0dnet1 \
            --account-ids 5D34dL5prEUaGNQtPPZ3yN5Y6BnkfXunKXXz6fo7ZJbLwRRH,5GBNeWRhZc2jXu7D55rBimKYDk8PGk8itRYFTPfC8RJLKG5o,5Dfis6XL8J2P6JHUnUtArnFWndn62SydeP8ee8sG2ky9nfm9,5F4H97f7nQovyrbiq4ZetaaviNwThSVcFobcA5aGab6167dK,5DiDShBWa1fQx6gLzpf3SFBhMinCoyvHM1BWjPNsmXS8hkrW,5EFb84yH9tpcFuiKUcsmdoF7xeeY3ajG1ZLQimxQoFt9HMKR,5DZLHESsfGrJ5YzT3HuRPXsSNb589xQ4Unubh1mYLodzKdVY,5GHJzqvG6tXnngCpG7B12qjUvbo5e4e9z8Xjidk3CQZHxTPZ,5CUnSsgAyLND3bxxnfNhgWXSe9Wn676JzLpGLgyJv858qhoX,5CVKn7HAZW1Ky4r7Vkgsr7VEW88C2sHgUNDiwHY9Ct2hjU8q \
            --sudo-account-id 5F4SvwaUEQubiqkPF8YnRfcN77cLsT2DfG4vFeQmSXNjR7hD \
            --rich-account-ids $ALICE,$BOB,$CHARLIE,$EVE > chainspec.json
          aws s3 cp chainspec.json 's3://${{ secrets.DEVNET_KEYS_S3BUCKET_NAME }}/chainspec.json'
        # yamllint enable rule:line-length

      - name: Stop and purge db Devnet
        run: |
          #!/bin/bash
          aws eks --region eu-central-1 update-kubeconfig --name alephzero-devnet-eu-central-1-eks

          kubectl delete sts aleph-node-validator -n devnet --ignore-not-found=true
          kubectl delete pvc -l app=aleph-node-validator -n devnet --ignore-not-found=true

      - name: Start Devnet
        # yamllint disable rule:line-length
        env:
          IMAGE_PLACEHOLDER: ${{ vars.ECR_PUBLIC_REGISTRY }}aleph-node:${{ steps.vars.outputs.sha_short }}
        run: |
          #!/bin/bash
          cd '${{ secrets.REPO_ARGOCD_APPS_NAME }}/aleph-node-validators/overlays/devnet/eu-central-1'
          kustomize edit set image \
            'aleph-node-validator-image-placeholder=${{ env.IMAGE_PLACEHOLDER }}'
          kustomize build . | kubectl apply -f -
          sleep 2
          kubectl rollout status --watch --timeout=3600s statefulset/aleph-node-validator -n devnet
        # yamllint enable rule:line-length

      - name: Waiting 5 minutes for validators to boot
        run: |
          #!/bin/bash
          sleep 300

      - name: GIT | Commit changes to argocd apps repository.
        uses: EndBug/add-and-commit@v9.1.3
        with:
          author_name: ${{ secrets.AUTOCOMMIT_AUTHOR }}
          author_email: ${{ secrets.AUTOCOMMIT_EMAIL }}
          message: "Update Devnet docker image tag to: ${{ steps.vars.outputs.sha_short }}"
          add: "*.yaml"
          cwd: ${{ secrets.REPO_ARGOCD_APPS_NAME }}

  slack:
    name: Slack notification
    runs-on: ubuntu-20.04
    needs: [deploy-devnet]
    if: always()
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Send Slack message
        uses: ./.github/actions/slack-notification
        with:
          notify-on: "failure"
        env:
          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_DEV_ONDUTY }}