Skip to content

Merge pull request #1509 from 0chain/feat/encryption-key #5499

Merge pull request #1509 from 0chain/feat/encryption-key

Merge pull request #1509 from 0chain/feat/encryption-key #5499

name: "Build & Publish Docker Image"
concurrency:
group: "publish-${{ github.ref }}"
cancel-in-progress: true
on:
push:
branches: [ master,staging, sprint* ]
tags:
- '*'
pull_request:
workflow_dispatch:
env:
BLOBBER_REGISTRY: ${{ secrets.BLOBBER_REGISTRY }}
VALIDATOR_REGISTRY: ${{ secrets.VALIDATOR_REGISTRY }}
DOCKER_CLI_EXPERIMENTAL: enabled
BLOBBER_BUILDBASE: blobber_base
BLOBBER_BUILD_BASE_REGISTRY: ${{ secrets.BLOBBER_BUILD_BASE_REGISTRY }}
jobs:
blobber:
timeout-minutes: 30
runs-on: [blobber-runner]
steps:
- name: Cleanup before restarting conductor tests.
run: |
echo 'y' | docker system prune -a || true
cd /tmp
sudo rm -rf ./*
- name: Set docker image tag
run: |
if [[ "${{github.ref}}" == refs/pull/* ]]; then
tag=${GITHUB_REF/\/merge/}
echo "TAG=$(echo pr-${tag:10})" >> $GITHUB_ENV
else
echo "TAG=$(echo ${GITHUB_REF#refs/*/} | sed 's/\//-/g')" >> $GITHUB_ENV
fi
echo "BRANCH=$([ -z '${{ github.event.pull_request.head.sha }}' ] && echo ${GITHUB_REF#refs/*/} || echo $GITHUB_HEAD_REF)" >> $GITHUB_ENV
echo "SHA=$([ -z '${{ github.event.pull_request.head.sha }}' ] && echo $GITHUB_SHA || echo '${{ github.event.pull_request.head.sha }}')" >> $GITHUB_ENV
# - name: Setup go
# uses: actions/setup-go@v4
# with:
# go-version: ^1.21 # The Go version to download (if necessary) and use.
- name: Clone blobber
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# - name: Login to Docker Hub
# uses: docker/login-action@v1
# with:
# username: ${{ secrets.DOCKERHUB_USERNAME }}
# password: ${{ secrets.DOCKERHUB_PASSWORD }}
# - name: Get changed files using defaults
# id: changed-files
# uses: tj-actions/[email protected]
- name: Pull Build Base
env:
DOCKER_CONFIG: /tmp/docker-config-${{ github.run_id }}
run: |
docker login -u ${{ secrets.DOCKERHUB_USERNAME }} -p ${{ secrets.DOCKERHUB_PASSWORD }}
docker pull $BLOBBER_BUILD_BASE_REGISTRY:staging
docker tag $BLOBBER_BUILD_BASE_REGISTRY:staging $BLOBBER_BUILDBASE
- name: Build Base image
# if: contains(steps.changed-files.outputs.modified_files, 'docker.local/base.Dockerfile')
env:
DOCKER_CONFIG: /tmp/docker-config-${{ github.run_id }}
run: |
docker login -u ${{ secrets.DOCKERHUB_USERNAME }} -p ${{ secrets.DOCKERHUB_PASSWORD }}
SHORT_SHA=$(echo ${{ env.SHA }} | head -c 8)
./docker.local/bin/build.base.sh &&
docker tag $BLOBBER_BUILDBASE $BLOBBER_BUILD_BASE_REGISTRY:$TAG
docker tag $BLOBBER_BUILDBASE $BLOBBER_BUILD_BASE_REGISTRY:$TAG-$SHORT_SHA
docker push $BLOBBER_BUILD_BASE_REGISTRY:$TAG
docker push $BLOBBER_BUILD_BASE_REGISTRY:$TAG-$SHORT_SHA
- name: Build blobber
env:
DOCKER_CONFIG: /tmp/docker-config-${{ github.run_id }}
run: |
docker login -u ${{ secrets.DOCKERHUB_USERNAME }} -p ${{ secrets.DOCKERHUB_PASSWORD }}
SHORT_SHA=$(echo ${{ env.SHA }} | head -c 8)
export DOCKER_IMAGE_BASE="$BLOBBER_BUILD_BASE_REGISTRY:$TAG"
export DOCKER_IMAGE_SWAGGER="${BLOBBER_REGISTRY}:swagger_test"
# export DOCKER_BUILD="buildx build --platform linux/amd64,linux/arm64 --push"
export DOCKER_BUILD="build --push"
export DOCKER_IMAGE_BLOBBER="-t ${BLOBBER_REGISTRY}:${TAG}"
export CONTEXT_NAME="$RUNNER_NAME" && (docker context inspect "$CONTEXT_NAME" >/dev/null 2>&1 || docker context create "$CONTEXT_NAME")
docker buildx inspect "blobber-$RUNNER_NAME" || docker buildx create --name "blobber-$RUNNER_NAME" --driver-opt network=host --buildkitd-flags '--allow-insecure-entitlement security.insecure' "$CONTEXT_NAME"
docker buildx use "blobber-$RUNNER_NAME"
./docker.local/bin/build.blobber.sh
docker tag ${BLOBBER_REGISTRY}:${TAG} ${BLOBBER_REGISTRY}:${TAG}-${SHORT_SHA}
docker push ${BLOBBER_REGISTRY}:${TAG}-${SHORT_SHA}
validator:
timeout-minutes: 30
runs-on: [blobber-runner]
steps:
- name: Cleanup before restarting conductor tests.
run: |
echo 'y' | docker system prune -a || true
cd /tmp
sudo rm -rf ./*
- name: Set docker image tag
run: |
if [[ "${{github.ref}}" == refs/pull/* ]]; then
tag=${GITHUB_REF/\/merge/}
echo "TAG=$(echo pr-${tag:10})" >> $GITHUB_ENV
else
echo "TAG=$(echo ${GITHUB_REF#refs/*/} | sed 's/\//-/g')" >> $GITHUB_ENV
fi
echo "BRANCH=$([ -z '${{ github.event.pull_request.head.sha }}' ] && echo ${GITHUB_REF#refs/*/} || echo $GITHUB_HEAD_REF)" >> $GITHUB_ENV
echo "SHA=$([ -z '${{ github.event.pull_request.head.sha }}' ] && echo $GITHUB_SHA || echo '${{ github.event.pull_request.head.sha }}')" >> $GITHUB_ENV
# - name: Setup go
# uses: actions/setup-go@v4
# with:
# go-version: ^1.21 # The Go version to download (if necessary) and use.
# - name: Login to Docker Hub
# uses: docker/login-action@v1
# with:
# username: ${{ secrets.DOCKERHUB_USERNAME }}
# password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Clone blobber
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# - name: Get changed files using defaults
# id: changed-files
# uses: tj-actions/[email protected]
# with:
# fetch-depth: 0
- name: Pull Build Base
env:
DOCKER_CONFIG: /tmp/docker-config-${{ github.run_id }}
run: |
docker login -u ${{ secrets.DOCKERHUB_USERNAME }} -p ${{ secrets.DOCKERHUB_PASSWORD }}
docker pull $BLOBBER_BUILD_BASE_REGISTRY:staging
docker tag $BLOBBER_BUILD_BASE_REGISTRY:staging $BLOBBER_BUILDBASE
- name: Build Base image
# if: contains(steps.changed-files.outputs.modified_files, 'docker.local/base.Dockerfile')
env:
DOCKER_CONFIG: /tmp/docker-config-${{ github.run_id }}
run: |
docker login -u ${{ secrets.DOCKERHUB_USERNAME }} -p ${{ secrets.DOCKERHUB_PASSWORD }}
SHORT_SHA=$(echo ${{ env.SHA }} | head -c 8)
./docker.local/bin/build.base.sh
docker tag $BLOBBER_BUILDBASE $BLOBBER_BUILD_BASE_REGISTRY:$TAG
docker tag $BLOBBER_BUILDBASE $BLOBBER_BUILD_BASE_REGISTRY:$TAG-$SHORT_SHA
docker push $BLOBBER_BUILD_BASE_REGISTRY:$TAG
docker push $BLOBBER_BUILD_BASE_REGISTRY:$TAG-$SHORT_SHA
- name: Build validator
env:
DOCKER_CONFIG: /tmp/docker-config-${{ github.run_id }}
run: |
docker login -u ${{ secrets.DOCKERHUB_USERNAME }} -p ${{ secrets.DOCKERHUB_PASSWORD }}
SHORT_SHA=$(echo ${{ env.SHA }} | head -c 8)
export DOCKER_IMAGE_BASE="$BLOBBER_BUILD_BASE_REGISTRY:$TAG"
# export DOCKER_BUILD="buildx build --platform linux/amd64,linux/arm64 --push"
export DOCKER_BUILD="build --push"
export DOCKER_IMAGE_VALIDATOR="-t ${VALIDATOR_REGISTRY}:${TAG}"
export CONTEXT_NAME="$RUNNER_NAME" && (docker context inspect "$CONTEXT_NAME" >/dev/null 2>&1 || docker context create "$CONTEXT_NAME")
docker buildx inspect "validator-$RUNNER_NAME" || docker buildx create --name "validator-$RUNNER_NAME" --driver-opt network=host --buildkitd-flags '--allow-insecure-entitlement security.insecure' "$CONTEXT_NAME"
docker buildx use "validator-$RUNNER_NAME"
./docker.local/bin/build.validator.sh
docker tag ${VALIDATOR_REGISTRY}:${TAG} ${VALIDATOR_REGISTRY}:${TAG}-${SHORT_SHA}
docker push ${VALIDATOR_REGISTRY}:${TAG}-${SHORT_SHA}
system-tests:
if: github.event_name != 'workflow_dispatch'
needs: [blobber, validator]
runs-on: [ tests-suite ]
steps:
- name: "Get current PR"
uses: jwalton/gh-find-current-pr@v1
id: findPr
with:
github-token: ${{ github.token }}
- name: "Set PR status as pending"
uses: 0chain/actions/set-pr-status@master
if: steps.findPr.outputs.number
with:
pr_number: ${{ steps.findPr.outputs.pr }}
description: "System tests running with default config..."
state: "pending"
repository: ${{ github.repository }}
status_name: "0Chain System Tests"
target_url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
github_token: ${{ github.token }}
- name: "Setup"
run: |
if [[ "${{github.ref}}" == refs/pull/* ]]; then
tag=${GITHUB_REF/\/merge/}
echo "TAG=$(echo pr-${tag:10})" >> $GITHUB_ENV
else
echo "TAG=$(echo ${GITHUB_REF#refs/*/} | sed 's/\//-/g')" >> $GITHUB_ENV
fi
echo "BRANCH=$([ -z '${{ github.event.pull_request.head.sha }}' ] && echo ${GITHUB_REF#refs/*/} || echo $GITHUB_HEAD_REF)" >> $GITHUB_ENV
echo "SHORT_SHA=$(([ -z '${{ github.event.pull_request.head.sha }}' ] && echo $GITHUB_SHA || echo '${{ github.event.pull_request.head.sha }}') | head -c 8)" >> $GITHUB_ENV
echo "NETWORK_URL=$(echo dev-${RUNNER_NAME:(-1)}.devnet-0chain.net)" >> $GITHUB_ENV
echo "RUNNER_NUMBER=${RUNNER_NAME:(-1)}" >> $GITHUB_ENV
- name: 'Setup jq'
uses: dcarbone/[email protected]
with:
version: '1.7'
force: 'false'
- name: "Create Tenderly virtual testnet"
run: |
echo "TENDERLY_CREATION_INFO=$(curl -X POST \
-H "x-access-key: ${{ secrets.TENDERLY_SECRET }}" \
-H "Content-Type: application/json" \
-d '{"slug":"mainnet-dev-${{ env.RUNNER_NUMBER }}-${{ github.run_id }}","displayName":"mainnet-dev-${{ env.RUNNER_NUMBER }}-${{ github.run_id }}","description":"","visibility":"TEAM","tags":{"purpose":"development"},"networkConfig":{"networkId":"1","blockNumber":"18512782","chainConfig":{"chainId":"1"},"baseFeePerGas":"1"},"explorerConfig":{"enabled":false,"verificationVisibility":"bytecode"},"syncState":false}' \
https://api.tenderly.co/api/v1/account/zus_network/project/project/testnet/container)" >> $GITHUB_ENV
- name: "Parse Tenderly virtual testnet creation transaction result"
run: |
echo "TENDERLY_VIRTUAL_TESTNET_ID=$(echo '${{ env.TENDERLY_CREATION_INFO }}' | jq -r '.container.id')" >> $GITHUB_ENV
echo "TENDERLY_VIRTUAL_TESTNET_RPC_ID=$(echo '${{ env.TENDERLY_CREATION_INFO }}' | jq -r '.container.connectivityConfig.endpoints[0].id')" >> $GITHUB_ENV
- name: "Deploy 0Chain"
uses: 0chain/actions/deploy-0chain@master
with:
repo_snapshots_branch: "<CURRENT BRANCH WITH FALLBACK TO CURRENT_SPRINT>"
kube_config: ${{ secrets[format('DEV{0}KC', env.RUNNER_NUMBER)] }}
teardown_condition: "TESTS_PASSED"
blobber_image: ${{ env.TAG }}-${{ env.SHORT_SHA }}
validator_image: ${{ env.TAG }}-${{ env.SHORT_SHA }}
SUBGRAPH_API_URL: ${{ secrets.SUBGRAPH_API_URL }}
TENDERLY_VIRTUAL_TESTNET_RPC_ID: ${{ env.TENDERLY_VIRTUAL_TESTNET_RPC_ID }}
graphnode_sc: ${{ secrets.GRAPHNODE_SC }}
graphnode_network: ${{ secrets.GRAPHNODE_NETWORK }}
graphnode_ethereum_node_url: https://virtual.mainnet.rpc.tenderly.co/${{ env.TENDERLY_VIRTUAL_TESTNET_RPC_ID }}
svc_account_secret: ${{ secrets.SVC_ACCOUNT_SECRET }}
- name: "Run System tests"
uses: 0chain/actions/run-system-tests@master
with:
repo_snapshots_branch: "<CURRENT BRANCH WITH FALLBACK TO CURRENT_SPRINT>"
network: ${{ env.NETWORK_URL }}
svc_account_secret: ${{ secrets.SVC_ACCOUNT_SECRET }}
deploy_report_page: false
archive_results: true
run_flaky_tests: false
retry_failures: true
run_smoke_tests: ${{ github.ref != 'refs/heads/staging' && github.base_ref != 'staging' && github.ref != 'refs/heads/master' && github.base_ref != 'master' }}
TENDERLY_VIRTUAL_TESTNET_RPC_ID: ${{ env.TENDERLY_VIRTUAL_TESTNET_RPC_ID }}
DEVOPS_CHANNEL_WEBHOOK_URL: ${{ secrets.DEVOPS_CHANNEL_WEBHOOK_URL }}
S3_ACCESS_KEY: ${{ secrets.S3_ACCESS_KEY }}
S3_SECRET_KEY: ${{ secrets.S3_SECRET_KEY }}
- name: "Remove Tenderly virtual testnet"
if: always()
run: |
curl -X DELETE \
-H "x-access-key: ${{ secrets.TENDERLY_SECRET }}" \
-H "Content-Type: application/json" \
https://api.tenderly.co/api/v1/account/zus_network/project/project/testnet/container/${{ env.TENDERLY_VIRTUAL_TESTNET_ID }}
- name: "Set PR status as ${{ job.status }}"
if: ${{ (success() || failure()) && steps.findPr.outputs.number }}
uses: 0chain/actions/set-pr-status@master
with:
pr_number: ${{ steps.findPr.outputs.pr }}
description: "System tests with default config ${{ job.status }}"
state: ${{ job.status }}
repository: ${{ github.repository }}
status_name: "0Chain System Tests"
target_url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
github_token: ${{ github.token }}