Deploy #294
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| dry-run: | |
| type: choice | |
| required: false | |
| default: "false" | |
| options: | |
| - "true" | |
| - "false" | |
| regions: | |
| type: string | |
| required: false | |
| default: "all" | |
| description: > | |
| Comma-separated list of regions to deploy to (e.g., | |
| "us-east-1,eu-central-1"). Use "all" to deploy to all regions. | |
| jobs: | |
| docker: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - context: . | |
| file: docker/Dockerfile | |
| endpoint: cardano-scaling/hydra-control-plane | |
| continue-on-error: true | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/[email protected] | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push | |
| uses: docker/build-push-action@v2 | |
| with: | |
| context: ${{ matrix.context }} | |
| file: ${{ matrix.file }} | |
| platforms: linux/amd64 | |
| push: true | |
| tags: | |
| ghcr.io/${{ matrix.endpoint }},ghcr.io/${{ matrix.endpoint }}:${{ | |
| github.sha }} | |
| terraform: | |
| runs-on: ubuntu-latest | |
| needs: [docker] | |
| strategy: | |
| matrix: | |
| include: | |
| - region: us-east-1 | |
| region_prefix: a | |
| autoscaler_high_watermark: 50 | |
| autoscaler_low_watermark: 1 | |
| autoscaler_max_batch: 0 | |
| ssl_cert_arn: arn:aws:acm:us-east-1:509399595051:certificate/6ab8319d-1dec-494f-b71c-3a4132e42a5e | |
| - region: eu-central-1 | |
| region_prefix: b | |
| autoscaler_high_watermark: 50 | |
| autoscaler_low_watermark: 1 | |
| autoscaler_max_batch: 0 | |
| ssl_cert_arn: arn:aws:acm:eu-central-1:509399595051:certificate/f69f5c80-9eb9-41fc-9133-5d72ecb223d3 | |
| - region: us-west-2 | |
| region_prefix: c | |
| autoscaler_high_watermark: 50 | |
| autoscaler_low_watermark: 1 | |
| autoscaler_max_batch: 0 | |
| ssl_cert_arn: arn:aws:acm:us-west-2:509399595051:certificate/2587017b-119b-41ae-8d76-c4b1a20d53e5 | |
| # - region: ap-southeast-1 | |
| # region_prefix: d | |
| # autoscaler_high_watermark: 50 | |
| # autoscaler_low_watermark: 1 | |
| # autoscaler_max_batch: 0 | |
| # ssl_cert_arn: arn:aws:acm:ap-southeast-1:509399595051:certificate/0e596d0c-ec2d-4b94-bc49-9460798a2734 | |
| # - region: sa-east-1 | |
| # region_prefix: e | |
| # autoscaler_high_watermark: 50 | |
| # autoscaler_low_watermark: 1 | |
| # autoscaler_max_batch: 0 | |
| # ssl_cert_arn: arn:aws:acm:sa-east-1:509399595051:certificate/d5fc1098-bf1b-4e88-916d-ce4c4dd5942b | |
| # - region: af-south-1 | |
| # region_prefix: f | |
| # autoscaler_high_watermark: 50 | |
| # autoscaler_low_watermark: 1 | |
| # autoscaler_max_batch: 0 | |
| # ssl_cert_arn: arn:aws:acm:af-south-1:509399595051:certificate/349c46d7-ad77-43c0-8a88-a5712ef5d653 | |
| env: | |
| # Secrets | |
| TF_VAR_blockfrost_key: ${{ secrets.DEV_BLOCKFROST_KEY }} | |
| TF_VAR_dmtr_api_key: ${{ secrets.DEV_DMTR_API_KEY }} | |
| TF_VAR_admin_key: ${{ secrets.DEV_HYDRA_ADMIN_KEY }} | |
| TF_VAR_snapshot_aws_access_key_id: ${{ secrets.SNAPSHOT_AWS_ACCESS_KEY_ID }} | |
| TF_VAR_snapshot_aws_secret_access_key: ${{ secrets.SNAPSHOT_AWS_SECRET_ACCESS_KEY }} | |
| # Vars | |
| TF_VAR_network_id: 1 | |
| TF_VAR_dmtr_port_name: mainnet-mqgv9w | |
| TF_VAR_dmtr_project_id: b55545f5-31e7-4e6b-81d6-22f4e6b5a144 | |
| TF_VAR_external_domain: ${{ matrix.region }}.hydra-doom.sundae.fi | |
| TF_VAR_hydra_node_image: ghcr.io/cardano-scaling/hydra-node:0.19.0 | |
| TF_VAR_eks_cluster_arn: arn:aws:eks:${{ matrix.region | |
| }}:509399595051:cluster/hydra-doom-dev-cluster | |
| TF_VAR_hydra_scripts_tx_id: ab1d9f8cca896bca06b70df74860deecf20774e03d8562aecaed37525f6ebead # TODO: Mainnet transaction id | |
| TF_VAR_admin_addr: addr1v9gcjapuwl7gfnzhzg6svtj0ph3gxu8kyuadudmf0kzsksqcpg5xa | |
| TF_VAR_frontend_image: ghcr.io/cardano-scaling/hydra-doom-frontend:sha-e1ac451 | |
| TF_VAR_referee_image: ghcr.io/cardano-scaling/hydra-doom-referee:sha-e1ac451 # latest? | |
| TF_VAR_ai_image: ghcr.io/cardano-scaling/hydra-doom-ai:sha-e1ac451 # latest? | |
| TF_VAR_autoscaler_high_watermark: ${{ matrix.autoscaler_high_watermark }} | |
| TF_VAR_autoscaler_low_watermark: ${{ matrix.autoscaler_low_watermark }} | |
| TF_VAR_autoscaler_region_prefix: ${{ matrix.region_prefix }} | |
| TF_VAR_autoscaler_max_batch: ${{ matrix.autoscaler_max_batch }} | |
| TF_VAR_available_snapshot_prefix: mainnet/snapshots | |
| TF_VAR_init_image: ghcr.io/cardano-scaling/hydra-control-plane-init:6f21e1f60bc695df4ce97e3fd9159906dd7d617e | |
| TF_VAR_proxy_replicas: "3" | |
| TF_VAR_ssl_cert_arn: ${{ matrix.ssl_cert_arn }} | |
| TF_VAR_image: ghcr.io/cardano-scaling/hydra-control-plane:${{ github.sha }} | |
| steps: | |
| - name: Filter regions | |
| id: filter | |
| run: | | |
| selected_regions=$(echo "${{ github.event.inputs.regions }}" | tr -d ' ') | |
| if [[ "$selected_regions" != "all" ]]; then | |
| if [[ ! "$selected_regions" =~ (^|,)(${{ matrix.region }})(,|$) ]]; then | |
| echo "Skipping region ${{ matrix.region }}" | |
| echo "should_skip=true" >> $GITHUB_OUTPUT | |
| exit 0 | |
| else | |
| echo "should_skip=false" >> $GITHUB_OUTPUT | |
| fi | |
| else | |
| echo "should_skip=false" >> $GITHUB_OUTPUT | |
| fi | |
| - uses: actions/checkout@v2 | |
| if: steps.filter.outputs.should_skip == 'false' | |
| - uses: aws-actions/configure-aws-credentials@v1 | |
| if: steps.filter.outputs.should_skip == 'false' | |
| with: | |
| aws-region: ${{ matrix.region }} | |
| aws-access-key-id: ${{ secrets.DEPLOY_AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.DEPLOY_AWS_SECRET_ACCESS_KEY }} | |
| role-to-assume: arn:aws:iam::509399595051:role/ClusterAdminRole | |
| role-session-name: Github-Actions | |
| role-duration-seconds: 1200 | |
| - name: setup kubeconfig | |
| if: steps.filter.outputs.should_skip == 'false' | |
| run: aws eks update-kubeconfig --name hydra-doom-dev-cluster | |
| - name: setup terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| if: steps.filter.outputs.should_skip == 'false' | |
| - name: init terraform | |
| if: steps.filter.outputs.should_skip == 'false' | |
| working-directory: playbook/doom-dev | |
| run: terraform init -backend-config=backend.${{ matrix.region }}.conf | |
| - name: validate terraform | |
| if: steps.filter.outputs.should_skip == 'false' | |
| working-directory: playbook/doom-dev | |
| run: terraform validate | |
| - name: plan terraform | |
| working-directory: playbook/doom-dev | |
| if: inputs.dry-run == 'true' && steps.filter.outputs.should_skip == | |
| 'false' | |
| run: terraform plan -input=false | |
| - name: apply terraform | |
| working-directory: playbook/doom-dev | |
| if: inputs.dry-run == 'false' && steps.filter.outputs.should_skip == | |
| 'false' | |
| run: terraform apply -auto-approve -input=false |