Skip to content

chore(deps): bump docker/build-push-action from 5.0.0 to 5.1.0 #500

chore(deps): bump docker/build-push-action from 5.0.0 to 5.1.0

chore(deps): bump docker/build-push-action from 5.0.0 to 5.1.0 #500

Workflow file for this run

name: CI/CD
on:
pull_request:
branches:
- main
push:
branches:
- main
permissions:
contents: read
concurrency:
group: ci-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
test:
if: ${{ github.event_name == 'pull_request' }}
strategy:
fail-fast: false
matrix:
command:
- 'build'
- 'lint:check'
- 'format:check'
- 'test:unit'
- 'test:integration'
- 'test:acceptance'
runs-on: ubuntu-20.04
name: Test on Node.js 16 ( ${{ matrix.command }} )
steps:
- name: Checkout Repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
with:
fetch-depth: 0
- name: Set Up Node.js
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65
with:
node-version: 16
cache: yarn
- name: Install Dependencies
run: yarn install --frozen-lockfile
- name: Run ${{ matrix.command }}
run: yarn ${{ matrix.command }}
build:
if: ${{ github.event_name == 'push' && github.ref_type == 'branch' }}
runs-on: ubuntu-20.04
name: Build
steps:
- name: Checkout Repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
with:
fetch-depth: 0
- name: Set Up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3
- name: Set Up Docker Buildx
id: set-up-buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226
with:
install: true
- name: Cache Docker Layers
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Build Docker
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56
with:
builder: ${{ steps.set-up-buildx.outputs.name }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
context: .
file: .maintain/docker/Dockerfile
tags: ${{ github.repository }}:${{ github.sha }}
outputs: type=docker,dest=/tmp/docker_image.tar
- name: Move Cache Docker Layers
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Upload Build to Artifact
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32
with:
name: build_${{ github.sha }}
path: |
/tmp/docker_image.tar
retention-days: 5
release-please:
needs:
- build
runs-on: ubuntu-20.04
name: Release Please
steps:
- name: Checkout Repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
with:
fetch-depth: 0
- name: Release
id: release
uses: google-github-actions/release-please-action@db8f2c60ee802b3748b512940dde88eabd7b7e01
with:
token: ${{ secrets.PAT }}
fork: true
release-type: node
package-name: ${{ github.event.repository.name }}
include-v-in-tag: false
outputs:
release_created: ${{ steps.release.outputs.release_created }}
tag_name: ${{ steps.release.outputs.tag_name }}
publish-docker:
needs:
- release-please
runs-on: ubuntu-20.04
name: Publish Docker
steps:
- name: Login to DockerHub
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Download Build from Artifact
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
with:
name: build_${{ github.sha }}
path: /tmp
- name: Load Downloaded Image
run: |
docker load --input /tmp/docker_image.tar
docker images --no-trunc --digests ${{ github.repository }}
- name: Tag as Release Version
if: ${{ needs.release-please.outputs.release_created }}
run: |
docker tag ${{ github.repository }}:${{ github.sha }} ${{ github.repository }}:${{ needs.release-please.outputs.tag_name }}
docker tag ${{ github.repository }}:${{ github.sha }} ${{ github.repository }}:latest
docker images --no-trunc --digests ${{ github.repository }}
- name: Push
run: docker image push -a ${{ github.repository }}
deploy:
needs:
- release-please
- publish-docker
permissions:
contents: read
id-token: write
strategy:
max-parallel: 1
matrix:
is_release:
- ${{ needs.release-please.outputs.release_created || false }}
environment:
- TESTNET
- MAINNET
exclude:
- is_release: false
environment: MAINNET
environment: ${{ matrix.environment }}
runs-on: ubuntu-20.04
name: Deploy to ${{ matrix.environment }}
steps:
- name: Checkout Repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
with:
fetch-depth: 0
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033
with:
workload_identity_provider: ${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_WORKLOAD_IDENTITY_PROVIDER')] }}
service_account: ${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_WORKLOAD_IDENTITY_SERVICE_ACCOUNT')] }}
- name: Set Up Google Cloud SDK
uses: google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b
- name: Get GKE Credentials
uses: google-github-actions/get-gke-credentials@35ab0d2b2d48792c19f09325413bd185c8d44394
with:
cluster_name: ${{ secrets[format('{0}_{1}', matrix.environment, 'GKE_CLUSTER_NAME')] }}
location: ${{ secrets[format('{0}_{1}', matrix.environment, 'GKE_LOCATION')] }}
use_internal_ip: true
- name: Get Secrets from Google Secret Manager
id: secrets
uses: google-github-actions/get-secretmanager-secrets@4d6d3dfd94110800dda8d84109cb6da0f6a5919d
with:
secrets: |-
ADMIN_SUBSTRATE_MNEMONIC:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/ADMIN_SUBSTRATE_MNEMONIC
ADMIN_NEAR_MNEMONIC:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/ADMIN_NEAR_MNEMONIC
JWT_TOKEN_SECRET_KEY:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/JWT_TOKEN_SECRET_KEY
JWT_TOKEN_EXPIRES_IN:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/JWT_TOKEN_EXPIRES_IN
JWT_REFRESH_TOKEN_SECRET_KEY:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/JWT_REFRESH_TOKEN_SECRET_KEY
JWT_REFRESH_TOKEN_EXPIRES_IN:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/JWT_REFRESH_TOKEN_EXPIRES_IN
MONGO_PROTOCOL:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/MONGO_PROTOCOL
MONGO_HOST:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/MONGO_HOST
MONGO_PORT:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/MONGO_PORT
MONGO_USER_API:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/MONGO_USER_API
MONGO_PASSWORD_API:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/MONGO_PASSWORD_API
MONGO_DB:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/MONGO_DB
MONGO_URL:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/MONGO_URL
REDIS_CONNECTOR:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/REDIS_CONNECTOR
REDIS_HOST:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/REDIS_HOST
REDIS_PORT:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/REDIS_PORT
REDIS_PASSWORD:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/REDIS_PASSWORD
SMTP_SERVER:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/SMTP_SERVER
SMTP_PORT:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/SMTP_PORT
SMTP_USERNAME:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/SMTP_USERNAME
SMTP_PASSWORD:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/SMTP_PASSWORD
SMTP_SENDER_ADDRESS:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/SMTP_SENDER_ADDRESS
FIREBASE_SERVICE_ACCOUNT_BASE64:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/FIREBASE_SERVICE_ACCOUNT_BASE64
FIREBASE_STORAGE_BUCKET:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/FIREBASE_STORAGE_BUCKET
API_SENTRY_DSN:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/API_SENTRY_DSN
TWITTER_API_KEY:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/TWITTER_API_KEY
COIN_MARKET_CAP_API_KEY:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/COIN_MARKET_CAP_API_KEY
API_DNS:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/API_DNS
- name: Tunneling SSH connections
run: |
gcloud compute ssh ${{ secrets[format('{0}_{1}', matrix.environment, 'GCE_BASTION_INSTANCE_NAME')] }} \
--project=${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }} \
--zone ${{ secrets[format('{0}_{1}', matrix.environment, 'GCE_BASTION_INSTANCE_ZONE')] }} \
--ssh-flag '-4 -L 8888:127.0.0.1:8888 -N -q -f' \
--tunnel-through-iap \
--quiet
- name: Set Up Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78
with:
version: v3.10.0
- name: Perform Deployment
run: |
helm repo add myriadsocial https://charts.myriad.social
helm repo update
HTTPS_PROXY=127.0.0.1:8888 helm upgrade ${{ github.event.repository.name }} myriadsocial/myriad-api \
--install \
--set-string image.tag=${{ needs.release-please.outputs.tag_name || github.sha }} \
--set-string serviceAccount.name=${{ github.event.repository.name }} \
--set-string serviceAccount.annotations.'iam\.gke\.io/gcp-service-account'=${{ github.event.repository.name }}@${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}.iam.gserviceaccount.com \
--set-string config.domain=${{ steps.secrets.outputs.API_DNS }} \
--set-string config.adminSubstrateMnemonic="${{ steps.secrets.outputs.ADMIN_SUBSTRATE_MNEMONIC }}" \
--set-string config.adminNearMnemonic="${{ steps.secrets.outputs.ADMIN_NEAR_MNEMONIC }}" \
--set-string config.jwt.tokenSecretKey=${{ steps.secrets.outputs.JWT_TOKEN_SECRET_KEY }} \
--set config.jwt.tokenExpireIn=${{ steps.secrets.outputs.JWT_TOKEN_EXPIRES_IN }} \
--set-string config.jwt.refreshTokenSecretKey=${{ steps.secrets.outputs.JWT_REFRESH_TOKEN_SECRET_KEY }} \
--set config.jwt.refreshTokenExpireIn=${{ steps.secrets.outputs.JWT_REFRESH_TOKEN_EXPIRES_IN }} \
--set-string config.mongo.protocol=${{ steps.secrets.outputs.MONGO_PROTOCOL }} \
--set-string config.mongo.host=${{ steps.secrets.outputs.MONGO_HOST }} \
--set config.mongo.port=${{ steps.secrets.outputs.MONGO_PORT }} \
--set-string config.mongo.user=${{ steps.secrets.outputs.MONGO_USER_API }} \
--set-string config.mongo.password=${{ steps.secrets.outputs.MONGO_PASSWORD_API }} \
--set-string config.mongo.database=${{ steps.secrets.outputs.MONGO_DB }} \
--set-string config.mongo.url="${{ steps.secrets.outputs.MONGO_URL }}" \
--set-string config.redis.connector=${{ steps.secrets.outputs.REDIS_CONNECTOR }} \
--set-string config.redis.host=${{ steps.secrets.outputs.REDIS_HOST }} \
--set-string config.redis.port=${{ steps.secrets.outputs.REDIS_PORT }} \
--set-string config.redis.password=${{ steps.secrets.outputs.REDIS_PASSWORD }} \
--set-string config.smtp.server=${{ steps.secrets.outputs.SMTP_SERVER }} \
--set config.smtp.port=${{ steps.secrets.outputs.SMTP_PORT }} \
--set-string config.smtp.username=${{ steps.secrets.outputs.SMTP_USERNAME }} \
--set-string config.smtp.password=${{ steps.secrets.outputs.SMTP_PASSWORD }} \
--set-string config.smtp.senderAddress=${{ steps.secrets.outputs.SMTP_SENDER_ADDRESS }} \
--set-string config.firebase.serviceAccountBase64=${{ steps.secrets.outputs.FIREBASE_SERVICE_ACCOUNT_BASE64 }} \
--set-string config.firebase.storageBucket=${{ steps.secrets.outputs.FIREBASE_STORAGE_BUCKET }} \
--set-string config.sentry.dsn=${{ steps.secrets.outputs.API_SENTRY_DSN }} \
--set-string config.twitter.apiKey=${{ steps.secrets.outputs.TWITTER_API_KEY }} \
--set-string config.coinMarketCap.apiKey=${{ steps.secrets.outputs.COIN_MARKET_CAP_API_KEY }} \
--set-string nodeSelector.node_pool=general \
--set-string nodeSelector.'iam\.gke\.io/gke-metadata-server-enabled'='true'
HTTPS_PROXY=127.0.0.1:8888 kubectl rollout status deployment/${{ github.event.repository.name }}
- name: Clean Up Tunneling SSH Connections
if: always()
run: |
kill -9 $(lsof -ti:8888)
gcloud compute os-login ssh-keys remove --key-file=/home/runner/.ssh/google_compute_engine.pub