-
Notifications
You must be signed in to change notification settings - Fork 186
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Start using Artifactory for CI/CD in favour of Docker Registry (#1917)
Due security reasons, we had to stop using the dispatch token and start using the GitHub App in order to trigger the deployment in argo. Because argo is a private repository, we can't trigger from a public one (juno), so then we start to change the approach to first push the docker images to jFrog Artifactory, then argo will be notified that a new image was pushed, then it will trigger the deployment Extra Tasks: - Run YAML formatter on build-and-deploy workflow: Having a well formated file makes it easier to read and for people to contribute - Remove unnecessary IMAGE_TAG from build-and-deploy.yml: Instead of using both env.DOCKER_IMAGE_TAG and output.IMAGE_TAG, only use one of them. - Improve readability of stages in build-and-deploy.yml: Rename stages to make it easier to understand what's going on. For example from 'deploy_to_dev' to 'validate_dev' in order to include that some tests will be run on the environment - Set common env var in the root of the file: Some of the env vars are being used in multiple stages, so instead of having to hard-code some small differences in multiple places, bring it all back to a root level where it's easier to see what changes for what environment.
- Loading branch information
Showing
1 changed file
with
63 additions
and
91 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,166 +1,138 @@ | ||
name: Docker Build, Publish and Deploy | ||
|
||
env: | ||
DOCKER_REGISTRY: nethermind.jfrog.io | ||
|
||
REPO_DEV: angkor-docker-local-dev | ||
REPO_STAGING: angkor-docker-local-staging | ||
REPO_PROD: angkor-docker-local-prod | ||
|
||
|
||
on: | ||
push: | ||
branches: [main] | ||
tags: ['v*'] | ||
tags: ["v*"] | ||
workflow_dispatch: | ||
|
||
permissions: | ||
id-token: write | ||
contents: write | ||
|
||
jobs: | ||
docker_build_and_publish: | ||
build_docker_image: | ||
runs-on: ubuntu-latest | ||
outputs: | ||
IMAGE_TAG: ${{ steps.image_tag.outputs.IMAGE_TAG }} | ||
|
||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
|
||
- name: Define_docker_image_tag | ||
id: image_tag | ||
|
||
- name: Define image tag | ||
run: | | ||
echo "DOCKER_IMAGE_TAG=$(git describe --tags)" >> $GITHUB_ENV | ||
echo "IMAGE_TAG=$(git describe --tags)" >> "$GITHUB_OUTPUT" | ||
- name: Setup Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
|
||
- name: Login to Docker Hub | ||
uses: docker/login-action@v3 | ||
with: | ||
username: ${{ secrets.DOCKER_USERNAME }} | ||
password: ${{ secrets.DOCKER_PASSWORD }} | ||
|
||
|
||
- name: Login to registry | ||
run: | | ||
docker login ${{ env.DOCKER_REGISTRY }} -u ${{ vars.ARTIFACTORY_ANGKOR_USER }} -p ${{ secrets.ARTIFACTORY_ANGKOR_CONTRIBUTOR }} | ||
- name: Build and Push | ||
uses: docker/build-push-action@v5 | ||
with: | ||
context: . | ||
platforms: 'linux/amd64' | ||
platforms: "linux/amd64" | ||
push: true | ||
tags: nethermindeth/juno:${{ env.DOCKER_IMAGE_TAG }} | ||
|
||
deploy_to_dev: | ||
tags: ${{ env.DOCKER_REGISTRY }}/${{ env.REPO_DEV }}/juno:${{ env.DOCKER_IMAGE_TAG }} | ||
|
||
|
||
validate_dev: | ||
permissions: | ||
id-token: write | ||
contents: write | ||
needs: [docker_build_and_publish] | ||
needs: [build_docker_image] | ||
runs-on: ubuntu-latest | ||
environment: | ||
environment: | ||
name: Development | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
|
||
- name: Repository Dispatch Dev | ||
env: | ||
EVENT_NAME: juno-dev | ||
IMAGE_TAG: ${{ needs.docker_build_and_publish.outputs.IMAGE_TAG }} | ||
SEPOLIA: apps/juno-dev/overlays/dev-sepolia/config.yaml | ||
run: | | ||
curl -L \ | ||
-X POST \ | ||
-H "Accept: application/vnd.github+json" \ | ||
-H "Authorization: token ${{ secrets.ACCESS_TOKEN }}" \ | ||
-H "X-GitHub-Api-Version: 2022-11-28" \ | ||
https://api.github.com/repos/NethermindEth/argo/dispatches \ | ||
-d '{"event_type": "${{ env.EVENT_NAME }}", "client_payload":{"name": "${{ env.EVENT_NAME }}", "sepolia_config": "${{ env.SEPOLIA }}", "tag": "${{ env.IMAGE_TAG }}"}}' | ||
- name: Verify Deployment Version (Dev) | ||
run: bash .github/workflow-scripts/verify_deployment.sh ${{ secrets.DEV_SEPOLIA_URL }} ${{ needs.docker_build_and_publish.outputs.IMAGE_TAG }} | ||
run: bash .github/workflow-scripts/verify_deployment.sh ${{ secrets.DEV_SEPOLIA_URL }} ${{ env.DOCKER_IMAGE_TAG }} | ||
|
||
dev-starknet-rs-tests: | ||
needs: [deploy_to_dev] | ||
needs: [validate_dev] | ||
uses: ./.github/workflows/starknet-rs-tests.yml | ||
secrets: | ||
STARKNET_RPC: ${{ secrets.DEV_SEPOLIA_URL }}/v0_6 | ||
|
||
dev-starknet-js-tests: | ||
needs: [deploy_to_dev] | ||
needs: [validate_dev] | ||
uses: ./.github/workflows/starknet-js-tests.yml | ||
secrets: | ||
TEST_RPC_URL: ${{ secrets.DEV_SEPOLIA_URL }}/v0_7 | ||
TEST_ACCOUNT_ADDRESS: ${{ secrets.TEST_ACCOUNT_ADDRESS }} | ||
TEST_ACCOUNT_PRIVATE_KEY: ${{ secrets.TEST_ACCOUNT_PRIVATE_KEY }} | ||
deploy_to_staging: | ||
needs: [docker_build_and_publish, deploy_to_dev] | ||
|
||
promote_to_staging: | ||
needs: [build_docker_image, validate_dev] | ||
runs-on: ubuntu-latest | ||
environment: | ||
environment: | ||
name: Staging | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
|
||
- name: Repository Dispatch Staging | ||
env: | ||
EVENT_NAME: juno-staging | ||
IMAGE_TAG: ${{ needs.docker_build_and_publish.outputs.IMAGE_TAG }} | ||
MAINNET: apps/juno-staging/overlays/staging-mainnet/config.yaml | ||
SEPOLIA: apps/juno-staging/overlays/staging-sepolia/config.yaml | ||
SEPOLIA_INTEGRATION: apps/juno-staging/overlays/staging-sepolia-integration/config.yaml | ||
run: | | ||
curl -L \ | ||
-X POST \ | ||
-H "Accept: application/vnd.github+json" \ | ||
-H "Authorization: token ${{ secrets.ACCESS_TOKEN }}" \ | ||
-H "X-GitHub-Api-Version: 2022-11-28" \ | ||
https://api.github.com/repos/NethermindEth/argo/dispatches \ | ||
-d '{"event_type": "${{ env.EVENT_NAME }}", "client_payload":{"name": "${{ env.EVENT_NAME }}", "mainnet_config": "${{ env.MAINNET }}", "sepolia_config": "${{ env.SEPOLIA }}", "sepolia_integration_config": "${{ env.SEPOLIA_INTEGRATION}}", "tag": "${{ env.IMAGE_TAG }}"}}' | ||
- name: Verify Deployment Version (Staging) | ||
run: bash .github/workflow-scripts/verify_deployment.sh ${{ secrets.STAGING_SEPOLIA_URL }} ${{ needs.docker_build_and_publish.outputs.IMAGE_TAG }} | ||
steps: | ||
- name: Setup JFrog CLI | ||
uses: jfrog/setup-jfrog-cli@v4 | ||
env: | ||
JF_URL: ${{ vars.JFROG_URL}} | ||
JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ANGKOR_CONTRIBUTOR }} | ||
|
||
- name: Promote to Staging | ||
run: | | ||
jf rt dpr juno/${{ env.DOCKER_IMAGE_TAG }} ${{ env.REPO_DEV }} ${{ env.REPO_STAGING }} | ||
staging-starknet-rs-tests: | ||
needs: [deploy_to_staging] | ||
needs: [promote_to_staging] | ||
uses: ./.github/workflows/starknet-rs-tests.yml | ||
secrets: | ||
STARKNET_RPC: ${{ secrets.STAGING_SEPOLIA_URL }}/v0_6 | ||
|
||
staging-starknet-js-tests: | ||
needs: [deploy_to_staging] | ||
needs: [promote_to_staging] | ||
uses: ./.github/workflows/starknet-js-tests.yml | ||
secrets: | ||
TEST_RPC_URL: ${{ secrets.STAGING_SEPOLIA_URL }}/v0_7 | ||
TEST_ACCOUNT_ADDRESS: ${{ secrets.TEST_ACCOUNT_ADDRESS }} | ||
TEST_ACCOUNT_PRIVATE_KEY: ${{ secrets.TEST_ACCOUNT_PRIVATE_KEY }} | ||
|
||
deploy_to_production: | ||
needs: [docker_build_and_publish, deploy_to_staging] | ||
promote_to_production: | ||
needs: [build_docker_image, promote_to_staging] | ||
runs-on: ubuntu-latest | ||
environment: | ||
name: Production | ||
steps: | ||
- name: Repository Dispatch Prod | ||
env: | ||
EVENT_NAME: juno-prod | ||
IMAGE_TAG: ${{ needs.docker_build_and_publish.outputs.IMAGE_TAG }} | ||
MAINNET: apps/juno-prod/overlays/prod-mainnet/config.yaml | ||
SEPOLIA: apps/juno-prod/overlays/prod-sepolia/config.yaml | ||
SEPOLIA_INTEGRATION: apps/juno-prod/overlays/prod-sepolia-integration/config.yaml | ||
- name: Setup JFrog CLI | ||
uses: jfrog/setup-jfrog-cli@v4 | ||
env: | ||
JF_URL: ${{ vars.JFROG_URL}} | ||
JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ANGKOR_CONTRIBUTOR }} | ||
|
||
- name: Promote to Production | ||
run: | | ||
curl -L \ | ||
-X POST \ | ||
-H "Accept: application/vnd.github+json" \ | ||
-H "Authorization: token ${{ secrets.ACCESS_TOKEN }}" \ | ||
-H "X-GitHub-Api-Version: 2022-11-28" \ | ||
https://api.github.com/repos/NethermindEth/argo/dispatches \ | ||
-d '{"event_type": "${{ env.EVENT_NAME }}", "client_payload":{"name": "${{ env.EVENT_NAME }}", "mainnet_config": "${{ env.MAINNET }}", "sepolia_config": "${{ env.SEPOLIA }}", "sepolia_integration_config": "${{ env.SEPOLIA_INTEGRATION }}", "tag": "${{ env.IMAGE_TAG }}"}}' | ||
jf rt dpr juno/${{ env.DOCKER_IMAGE_TAG }} ${{ env.REPO_STAGING }} ${{ env.REPO_PROD }} | ||
prod-starknet-rs-tests: | ||
needs: [deploy_to_production] | ||
needs: [promote_to_production] | ||
uses: ./.github/workflows/starknet-rs-tests.yml | ||
secrets: | ||
STARKNET_RPC: ${{ secrets.PROD_SEPOLIA_URL }}/v0_6 | ||
|
||
prod-starknet-js-tests: | ||
needs: [deploy_to_production] | ||
needs: [promote_to_production] | ||
uses: ./.github/workflows/starknet-js-tests.yml | ||
secrets: | ||
TEST_RPC_URL: ${{ secrets.PROD_SEPOLIA_URL }}/v0_7 | ||
TEST_ACCOUNT_ADDRESS: ${{ secrets.TEST_ACCOUNT_ADDRESS }} | ||
TEST_ACCOUNT_PRIVATE_KEY: ${{ secrets.TEST_ACCOUNT_PRIVATE_KEY }} | ||
TEST_ACCOUNT_PRIVATE_KEY: ${{ secrets.TEST_ACCOUNT_PRIVATE_KEY }} |