Skip to content
Deploy

Deploy #291

Sign in to view logs

Deploy

Deploy #291

Workflow file for this run

.github/workflows/deploy.yml at 42a8e1b
name: Deploy
on:
workflow_dispatch:
inputs:
dry-run:
type: choice
required: false
default: "false"
options:
- "true"
- "false"
regions:
type: string
required: false
default: "all"
description: >
Comma-separated list of regions to deploy to (e.g.,
"us-east-1,eu-central-1"). Use "all" to deploy to all regions.
jobs:
docker:
strategy:
fail-fast: false
matrix:
include:
- context: .
file: docker/Dockerfile
endpoint: cardano-scaling/hydra-control-plane
continue-on-error: true
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/[email protected]
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v2
with:
context: ${{ matrix.context }}
file: ${{ matrix.file }}
platforms: linux/amd64
push: true
tags:
ghcr.io/${{ matrix.endpoint }},ghcr.io/${{ matrix.endpoint }}:${{
github.sha }}
terraform:
runs-on: ubuntu-latest
needs: [docker]
strategy:
matrix:
include:
- region: us-east-1
region_prefix: a
autoscaler_high_watermark: 50
autoscaler_low_watermark: 1
autoscaler_max_batch: 0
ssl_cert_arn: arn:aws:acm:us-east-1:509399595051:certificate/6ab8319d-1dec-494f-b71c-3a4132e42a5e
- region: eu-central-1
region_prefix: b
autoscaler_high_watermark: 50
autoscaler_low_watermark: 1
autoscaler_max_batch: 0
ssl_cert_arn: arn:aws:acm:eu-central-1:509399595051:certificate/f69f5c80-9eb9-41fc-9133-5d72ecb223d3
- region: us-west-2
region_prefix: c
autoscaler_high_watermark: 50
autoscaler_low_watermark: 1
autoscaler_max_batch: 0
ssl_cert_arn: arn:aws:acm:us-west-2:509399595051:certificate/2587017b-119b-41ae-8d76-c4b1a20d53e5
# - region: ap-southeast-1
# region_prefix: d
# autoscaler_high_watermark: 50
# autoscaler_low_watermark: 1
# autoscaler_max_batch: 0
# ssl_cert_arn: arn:aws:acm:ap-southeast-1:509399595051:certificate/0e596d0c-ec2d-4b94-bc49-9460798a2734
# - region: sa-east-1
# region_prefix: e
# autoscaler_high_watermark: 50
# autoscaler_low_watermark: 1
# autoscaler_max_batch: 0
# ssl_cert_arn: arn:aws:acm:sa-east-1:509399595051:certificate/d5fc1098-bf1b-4e88-916d-ce4c4dd5942b
# - region: af-south-1
# region_prefix: f
# autoscaler_high_watermark: 50
# autoscaler_low_watermark: 1
# autoscaler_max_batch: 0
# ssl_cert_arn: arn:aws:acm:af-south-1:509399595051:certificate/349c46d7-ad77-43c0-8a88-a5712ef5d653
env:
# Secrets
TF_VAR_blockfrost_key: ${{ secrets.DEV_BLOCKFROST_KEY }}
TF_VAR_dmtr_api_key: ${{ secrets.DEV_DMTR_API_KEY }}
TF_VAR_admin_key: ${{ secrets.DEV_HYDRA_ADMIN_KEY }}
TF_VAR_snapshot_aws_access_key_id: ${{ secrets.SNAPSHOT_AWS_ACCESS_KEY_ID }}
TF_VAR_snapshot_aws_secret_access_key: ${{ secrets.SNAPSHOT_AWS_SECRET_ACCESS_KEY }}
# Vars
TF_VAR_network_id: 1
TF_VAR_dmtr_port_name: mainnet-mqgv9w
TF_VAR_dmtr_project_id: b55545f5-31e7-4e6b-81d6-22f4e6b5a144
TF_VAR_external_domain: ${{ matrix.region }}.hydra-doom.sundae.fi
TF_VAR_hydra_node_image: ghcr.io/cardano-scaling/hydra-node:0.19.0
TF_VAR_eks_cluster_arn: arn:aws:eks:${{ matrix.region
}}:509399595051:cluster/hydra-doom-dev-cluster
TF_VAR_hydra_scripts_tx_id: ab1d9f8cca896bca06b70df74860deecf20774e03d8562aecaed37525f6ebead # TODO: Mainnet transaction id
TF_VAR_admin_addr: addr1v9gcjapuwl7gfnzhzg6svtj0ph3gxu8kyuadudmf0kzsksqcpg5xa
TF_VAR_frontend_image: ghcr.io/cardano-scaling/hydra-doom-frontend:sha-d4ea435
TF_VAR_referee_image: ghcr.io/cardano-scaling/hydra-doom-referee:sha-a6988a7 # latest?
TF_VAR_ai_image: ghcr.io/cardano-scaling/hydra-doom-ai:sha-d4ea435 # latest?
TF_VAR_autoscaler_high_watermark: ${{ matrix.autoscaler_high_watermark }}
TF_VAR_autoscaler_low_watermark: ${{ matrix.autoscaler_low_watermark }}
TF_VAR_autoscaler_region_prefix: ${{ matrix.region_prefix }}
TF_VAR_autoscaler_max_batch: ${{ matrix.autoscaler_max_batch }}
TF_VAR_available_snapshot_prefix: mainnet/snapshots
TF_VAR_init_image: ghcr.io/cardano-scaling/hydra-control-plane-init:6f21e1f60bc695df4ce97e3fd9159906dd7d617e
TF_VAR_proxy_replicas: "3"
TF_VAR_ssl_cert_arn: ${{ matrix.ssl_cert_arn }}
TF_VAR_image: ghcr.io/cardano-scaling/hydra-control-plane:${{ github.sha }}
steps:
- name: Filter regions
id: filter
run: |
selected_regions=$(echo "${{ github.event.inputs.regions }}" | tr -d ' ')
if [[ "$selected_regions" != "all" ]]; then
if [[ ! "$selected_regions" =~ (^|,)(${{ matrix.region }})(,|$) ]]; then
echo "Skipping region ${{ matrix.region }}"
echo "should_skip=true" >> $GITHUB_OUTPUT
exit 0
else
echo "should_skip=false" >> $GITHUB_OUTPUT
fi
else
echo "should_skip=false" >> $GITHUB_OUTPUT
fi
- uses: actions/checkout@v2
if: steps.filter.outputs.should_skip == 'false'
- uses: aws-actions/configure-aws-credentials@v1
if: steps.filter.outputs.should_skip == 'false'
with:
aws-region: ${{ matrix.region }}
aws-access-key-id: ${{ secrets.DEPLOY_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.DEPLOY_AWS_SECRET_ACCESS_KEY }}
role-to-assume: arn:aws:iam::509399595051:role/ClusterAdminRole
role-session-name: Github-Actions
role-duration-seconds: 1200
- name: setup kubeconfig
if: steps.filter.outputs.should_skip == 'false'
run: aws eks update-kubeconfig --name hydra-doom-dev-cluster
- name: setup terraform
uses: hashicorp/setup-terraform@v3
if: steps.filter.outputs.should_skip == 'false'
- name: init terraform
if: steps.filter.outputs.should_skip == 'false'
working-directory: playbook/doom-dev
run: terraform init -backend-config=backend.${{ matrix.region }}.conf
- name: validate terraform
if: steps.filter.outputs.should_skip == 'false'
working-directory: playbook/doom-dev
run: terraform validate
- name: plan terraform
working-directory: playbook/doom-dev
if: inputs.dry-run == 'true' && steps.filter.outputs.should_skip ==
'false'
run: terraform plan -input=false
- name: apply terraform
working-directory: playbook/doom-dev
if: inputs.dry-run == 'false' && steps.filter.outputs.should_skip ==
'false'
run: terraform apply -auto-approve -input=false