From a7aba9809d4f9fc17d56d8f55e5d842052397069 Mon Sep 17 00:00:00 2001 From: Bogdan Date: Wed, 10 Apr 2024 12:36:15 +0100 Subject: [PATCH] cicd: add arbitrum deployment --- .github/workflows/build-deploy.yaml | 167 ++++++++++++++-------------- 1 file changed, 85 insertions(+), 82 deletions(-) diff --git a/.github/workflows/build-deploy.yaml b/.github/workflows/build-deploy.yaml index b7fdf1a..bdcad27 100644 --- a/.github/workflows/build-deploy.yaml +++ b/.github/workflows/build-deploy.yaml @@ -1,20 +1,21 @@ name: Build and deploy cdapp auth-proxy docker image -on: +on: workflow_dispatch: # Allows manual workflow trigger repository_dispatch: # Allows API workflow trigger types: [cdapp-auth-proxy] push: - branches: - - master # Automatically deploy on commits to master + branches: # Automatically deploy on commits to master + - master + - master-arbitrum paths-ignore: - - '.github/**' - - '**.md' + - '.github/**' + - '**.md' concurrency: - group: cdapp-auth-proxy + group: ${{ github.ref }}-cdapp-auth-proxy cancel-in-progress: true # Set global env variables @@ -32,48 +33,48 @@ jobs: steps: - - name: Echo Env Vars through Context - run: | - echo "$GITHUB_CONTEXT" - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v3 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_QA }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_QA }} - aws-region: ${{ env.AWS_REGION }} - - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 - - - name: Checkout - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - - name: Checkout relevant branch - run: - git checkout ${{ github.event.client_payload.COMMIT_HASH != null && github.event.client_payload.COMMIT_HASH || github.sha }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Build and push - uses: docker/build-push-action@v3 - with: - context: ${{ github.workspace }} - file: ./Dockerfile - push: true - tags: | - ${{ env.ECR_REPOSITORY }}:run-${{ github.run_number }} - ${{ env.ECR_REPOSITORY }}:${{ env.COMMIT_HASH }} - - - uses: sarisia/actions-status-discord@c193626e5ce172002b8161e116aa897de7ab5383 - if: always() - with: - webhook: ${{ secrets.DISCORD_WEBHOOK }} - title: "Build and push cdapp auth-proxy" + - name: Echo Env Vars through Context + run: | + echo "$GITHUB_CONTEXT" + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v3 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_QA }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_QA }} + aws-region: ${{ env.AWS_REGION }} + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Checkout relevant branch + run: git checkout ${{ github.event.client_payload.COMMIT_HASH != null && github.event.client_payload.COMMIT_HASH || github.sha }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Build and push + uses: docker/build-push-action@v3 + with: + context: ${{ github.workspace }} + file: ./Dockerfile + push: true + tags: | + ${{ env.ECR_REPOSITORY }}:run-${{ github.run_number }} + ${{ env.ECR_REPOSITORY }}:${{ (github.ref == 'refs/heads/master' && 'gnosis') || (github.ref == 'refs/heads/master-arbitrum' && 'arbitrum') }} + ${{ env.ECR_REPOSITORY }}:${{ env.COMMIT_HASH }} + + - uses: sarisia/actions-status-discord@c193626e5ce172002b8161e116aa897de7ab5383 + if: always() + with: + webhook: ${{ secrets.DISCORD_WEBHOOK }} + title: "Build and push cdapp auth-proxy" # Deploy cdapp auth-proxy to QA environment deployQA: @@ -85,22 +86,23 @@ jobs: env: NAMESPACE: cdapp CLUSTER_NAME: qa-cluster - ENVIRONMENT_TAG: qa + # Tagging image based on whether we are deploying to gnosis or arbitrum + ENVIRONMENT_TAG: ${{ (github.ref == 'refs/heads/master' && 'qa') || (github.ref == 'refs/heads/master-arbitrum' && 'qa-arbitrum-sepolia') }} REPOSITORY_NAME: cdapp/auth-proxy steps: - - name: Configure AWS credentials for ECR - uses: aws-actions/configure-aws-credentials@v3 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_QA }} + - name: Configure AWS credentials for ECR + uses: aws-actions/configure-aws-credentials@v3 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_QA }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_QA }} aws-region: ${{ env.AWS_REGION }} - - - name: Login to Amazon ECR - id: login-ecr + + - name: Login to Amazon ECR + id: login-ecr uses: aws-actions/amazon-ecr-login@v1 - + - name: Echo current image and tag new image run: | echo -e "Getting image info...\n" @@ -108,19 +110,19 @@ jobs: echo -e "###### Current image being used ######\n" SHA256=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag=${{ env.ENVIRONMENT_TAG }} --output json | jq '.images[].imageId.imageDigest') aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageDigest=$SHA256 --output json | jq '.images[].imageId' - + echo -e "\n###### Tagging new image with environment tag ######" MANIFEST=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag=${{ env.COMMIT_HASH }} --output json | jq --raw-output --join-output '.images[0].imageManifest') aws ecr put-image --repository-name ${{ env.REPOSITORY_NAME }} --image-tag ${{ env.ENVIRONMENT_TAG }} --image-manifest "$MANIFEST" - + echo -e "\n###### New image being used ######\n" SHA256=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag=${{ env.ENVIRONMENT_TAG }} --output json | jq '.images[].imageId.imageDigest') aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageDigest=$SHA256 --output json | jq '.images[].imageId' - - - name: Configure AWS credentials for EKS - uses: aws-actions/configure-aws-credentials@v3 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_QA }} + + - name: Configure AWS credentials for EKS + uses: aws-actions/configure-aws-credentials@v3 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_QA }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_QA }} role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID_QA }}:role/eks-admin role-session-name: github-cicd @@ -138,7 +140,7 @@ jobs: - name: Validate Kubernetes deployment run: | kubectl rollout status deployment/cdapp-auth-proxy-${{ env.ENVIRONMENT_TAG }} -n ${{ env.NAMESPACE }} - + - uses: sarisia/actions-status-discord@c193626e5ce172002b8161e116aa897de7ab5383 if: always() with: @@ -157,22 +159,23 @@ jobs: env: NAMESPACE: cdapp CLUSTER_NAME: prod-cluster - ENVIRONMENT_TAG: prod + # Tagging image based on whether we are deploying to gnosis or arbitrum + ENVIRONMENT_TAG: ${{ (github.ref == 'refs/heads/master' && 'qa') || (github.ref == 'refs/heads/master-arbitrum' && 'prod-arbitrum-one') }} REPOSITORY_NAME: cdapp/auth-proxy steps: - - name: Configure AWS credentials for ECR - uses: aws-actions/configure-aws-credentials@v3 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_QA }} + - name: Configure AWS credentials for ECR + uses: aws-actions/configure-aws-credentials@v3 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_QA }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_QA }} aws-region: ${{ env.AWS_REGION }} - - - name: Login to Amazon ECR - id: login-ecr + + - name: Login to Amazon ECR + id: login-ecr uses: aws-actions/amazon-ecr-login@v1 - + - name: Echo current image and tag new image run: | echo -e "Getting image info...\n" @@ -180,19 +183,19 @@ jobs: echo -e "###### Current image being used ######\n" SHA256=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag=${{ env.ENVIRONMENT_TAG }} --output json | jq '.images[].imageId.imageDigest') aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageDigest=$SHA256 --output json | jq '.images[].imageId' - + echo -e "\n###### Tagging new image with environment tag ######" MANIFEST=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag=${{ env.COMMIT_HASH }} --output json | jq --raw-output --join-output '.images[0].imageManifest') aws ecr put-image --repository-name ${{ env.REPOSITORY_NAME }} --image-tag ${{ env.ENVIRONMENT_TAG }} --image-manifest "$MANIFEST" - + echo -e "\n###### New image being used ######\n" SHA256=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag=${{ env.ENVIRONMENT_TAG }} --output json | jq '.images[].imageId.imageDigest') aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageDigest=$SHA256 --output json | jq '.images[].imageId' - - - name: Configure AWS credentials for EKS - uses: aws-actions/configure-aws-credentials@v3 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_PROD }} + + - name: Configure AWS credentials for EKS + uses: aws-actions/configure-aws-credentials@v3 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_PROD }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_PROD }} role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID_PROD }}:role/eks-admin role-session-name: github-cicd @@ -210,7 +213,7 @@ jobs: - name: Validate Kubernetes deployment run: | kubectl rollout status deployment/cdapp-auth-proxy-${{ env.ENVIRONMENT_TAG }} -n ${{ env.NAMESPACE }} - + - uses: sarisia/actions-status-discord@c193626e5ce172002b8161e116aa897de7ab5383 if: always() with: