chore(deps): bump actions/checkout from 3.6.0 to 4.0.0 #136
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD | |
on: | |
pull_request: | |
branches: | |
- main | |
push: | |
branches: | |
- main | |
permissions: | |
contents: read | |
concurrency: | |
group: ci-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
jobs: | |
test: | |
if: ${{ github.event_name == 'pull_request' }} | |
strategy: | |
fail-fast: false | |
matrix: | |
command: | |
- 'build' | |
- 'lint:check' | |
- 'format:check' | |
runs-on: ubuntu-20.04 | |
name: Test on Node.js 16 ( ${{ matrix.command }} ) | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac | |
with: | |
fetch-depth: 0 | |
- name: Set Up Node.js | |
uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d | |
with: | |
node-version: 16 | |
cache: yarn | |
- name: Install Dependencies | |
run: yarn install --frozen-lockfile | |
- name: Run ${{ matrix.command }} | |
run: yarn ${{ matrix.command }} | |
build: | |
if: ${{ github.event_name == 'push' && github.ref_type == 'branch' }} | |
runs-on: ubuntu-20.04 | |
name: Build | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac | |
with: | |
fetch-depth: 0 | |
- name: Set Up QEMU | |
uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 | |
- name: Set Up Docker Buildx | |
id: set-up-buildx | |
uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 | |
with: | |
install: true | |
- name: Cache Docker Layers | |
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx- | |
- name: Build Docker | |
uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 | |
with: | |
builder: ${{ steps.set-up-buildx.outputs.name }} | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max | |
context: . | |
file: .maintain/docker/Dockerfile | |
build-args: VCS_REF=${{ github.sha }} | |
tags: ${{ github.repository }}:${{ github.sha }} | |
outputs: type=docker,dest=/tmp/docker_image.tar | |
- name: Move Cache Docker Layers | |
run: | | |
rm -rf /tmp/.buildx-cache | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
- name: Upload Build to Artifact | |
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce | |
with: | |
name: build_${{ github.sha }} | |
path: | | |
/tmp/docker_image.tar | |
retention-days: 5 | |
release-please: | |
needs: | |
- build | |
runs-on: ubuntu-20.04 | |
name: Release Please | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac | |
with: | |
fetch-depth: 0 | |
- name: Release | |
id: release | |
uses: google-github-actions/release-please-action@ca6063f4ed81b55db15b8c42d1b6f7925866342d | |
with: | |
token: ${{ secrets.PAT }} | |
fork: true | |
release-type: node | |
package-name: ${{ github.event.repository.name }} | |
include-v-in-tag: false | |
outputs: | |
release_created: ${{ steps.release.outputs.release_created }} | |
tag_name: ${{ steps.release.outputs.tag_name }} | |
publish-docker: | |
needs: | |
- release-please | |
runs-on: ubuntu-20.04 | |
name: Publish Docker | |
steps: | |
- name: Login to DockerHub | |
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Download Build from Artifact | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a | |
with: | |
name: build_${{ github.sha }} | |
path: /tmp | |
- name: Load Downloaded Image | |
run: | | |
docker load --input /tmp/docker_image.tar | |
docker images --no-trunc --digests ${{ github.repository }} | |
- name: Tag as Release Version | |
if: ${{ needs.release-please.outputs.release_created }} | |
run: | | |
docker tag ${{ github.repository }}:${{ github.sha }} ${{ github.repository }}:${{ needs.release-please.outputs.tag_name }} | |
docker tag ${{ github.repository }}:${{ github.sha }} ${{ github.repository }}:latest | |
docker images --no-trunc --digests ${{ github.repository }} | |
- name: Push | |
run: docker image push -a ${{ github.repository }} | |
deploy: | |
needs: | |
- release-please | |
- publish-docker | |
permissions: | |
contents: read | |
id-token: write | |
strategy: | |
max-parallel: 1 | |
matrix: | |
is_release: | |
- ${{ needs.release-please.outputs.release_created || false }} | |
environment: | |
- TESTNET | |
- MAINNET | |
exclude: | |
- is_release: false | |
environment: MAINNET | |
environment: ${{ matrix.environment }} | |
runs-on: ubuntu-20.04 | |
name: Deploy to ${{ matrix.environment }} | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac | |
with: | |
fetch-depth: 0 | |
- name: Authenticate to Google Cloud | |
uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033 | |
with: | |
workload_identity_provider: ${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_WORKLOAD_IDENTITY_PROVIDER')] }} | |
service_account: ${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_WORKLOAD_IDENTITY_SERVICE_ACCOUNT')] }} | |
- name: Set Up Google Cloud SDK | |
uses: google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b | |
- name: Get GKE Credentials | |
uses: google-github-actions/get-gke-credentials@35ab0d2b2d48792c19f09325413bd185c8d44394 | |
with: | |
cluster_name: ${{ secrets[format('{0}_{1}', matrix.environment, 'GKE_CLUSTER_NAME')] }} | |
location: ${{ secrets[format('{0}_{1}', matrix.environment, 'GKE_LOCATION')] }} | |
use_internal_ip: true | |
- name: Get Secrets from Google Secret Manager | |
id: secrets | |
uses: google-github-actions/get-secretmanager-secrets@4d6d3dfd94110800dda8d84109cb6da0f6a5919d | |
with: | |
secrets: |- | |
WEB_FEDERATED_ENVIRONMENT:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/WEB_FEDERATED_ENVIRONMENT | |
WEB_FEDERATED_NAME:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/WEB_FEDERATED_NAME | |
WEB_FEDERATED_SECRET:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/WEB_FEDERATED_SECRET | |
WEBSITE_URL:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/WEBSITE_URL | |
SUPPORT_MAIL:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/SUPPORT_MAIL | |
WEB_FEDERATED_SENTRY_DSN:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/WEB_FEDERATED_SENTRY_DSN | |
WEB_FEDERATED_DNS:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/WEB_FEDERATED_DNS | |
WEB_DNS:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/WEB_DNS | |
NODE_RPC_WS_DNS:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/NODE_RPC_WS_DNS | |
- name: Tunneling SSH connections | |
run: | | |
gcloud compute ssh ${{ secrets[format('{0}_{1}', matrix.environment, 'GCE_BASTION_INSTANCE_NAME')] }} \ | |
--project=${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }} \ | |
--zone ${{ secrets[format('{0}_{1}', matrix.environment, 'GCE_BASTION_INSTANCE_ZONE')] }} \ | |
--ssh-flag '-4 -L 8888:127.0.0.1:8888 -N -q -f' \ | |
--tunnel-through-iap \ | |
--quiet | |
- name: Set Up Helm | |
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 | |
with: | |
version: v3.10.0 | |
- name: Perform Deployment | |
run: | | |
helm repo add myriadsocial https://charts.myriad.social | |
helm repo update | |
HTTPS_PROXY=127.0.0.1:8888 helm upgrade ${{ github.event.repository.name }} myriadsocial/myriad-federated \ | |
--install \ | |
--set-string image.tag=${{ needs.release-please.outputs.tag_name || github.sha }} \ | |
--set-string serviceAccount.name=${{ github.event.repository.name }} \ | |
--set-string serviceAccount.annotations.'iam\.gke\.io/gcp-service-account'=${{ github.event.repository.name }}@${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}.iam.gserviceaccount.com \ | |
--set-string config.app.environment=${{ steps.secrets.outputs.WEB_FEDERATED_ENVIRONMENT }} \ | |
--set-string config.app.name="${{ steps.secrets.outputs.WEB_FEDERATED_NAME }}" \ | |
--set-string config.app.version=${{ needs.release-please.outputs.tag_name || github.sha }} \ | |
--set-string config.app.authURL=https://${{ steps.secrets.outputs.WEB_FEDERATED_DNS }} \ | |
--set-string config.app.secret=${{ steps.secrets.outputs.WEB_FEDERATED_SECRET }} \ | |
--set-string config.websiteURL=https://${{ steps.secrets.outputs.WEB_DNS }} \ | |
--set-string config.supportMail=${{ steps.secrets.outputs.SUPPORT_MAIL }} \ | |
--set-string config.rpcURL=wss://${{ steps.secrets.outputs.NODE_RPC_WS_DNS }} \ | |
--set-string config.sentry.dsn=${{ steps.secrets.outputs.WEB_FEDERATED_SENTRY_DSN }} \ | |
--set ingress.enabled=true \ | |
--set-string ingress.className=nginx \ | |
--set-string ingress.annotations."cert-manager\.io/cluster-issuer"=letsencrypt \ | |
--set-string ingress.annotations."nginx\.ingress\.kubernetes\.io/proxy-body-size"="100m" \ | |
--set-string ingress.annotations."nginx\.org/client-max-body-size"="100m" \ | |
--set-string ingress.hosts[0].host=${{ steps.secrets.outputs.WEB_FEDERATED_DNS }} \ | |
--set-string ingress.hosts[0].paths[0].path=/ \ | |
--set-string ingress.hosts[0].paths[0].pathType=ImplementationSpecific \ | |
--set-string ingress.tls[0].secretName=${{ steps.secrets.outputs.WEB_FEDERATED_DNS }}-letsencrypt-tls \ | |
--set-string ingress.tls[0].hosts[0]=${{ steps.secrets.outputs.WEB_FEDERATED_DNS }} \ | |
--set-string resources.requests.cpu=300m \ | |
--set-string resources.requests.memory=512Mi \ | |
--set-string resources.limits.cpu=500m \ | |
--set-string resources.limits.memory=1024Mi \ | |
--set replicaCount=1 \ | |
--set autoscaling.enabled=true \ | |
--set autoscaling.minReplicas=1 \ | |
--set autoscaling.maxReplicas=1 \ | |
--set-string nodeSelector.pool=general \ | |
--set-string nodeSelector.'iam\.gke\.io/gke-metadata-server-enabled'='true' | |
HTTPS_PROXY=127.0.0.1:8888 kubectl rollout status deployment/${{ github.event.repository.name }} | |
- name: Clean Up Tunneling SSH Connections | |
if: always() | |
run: | | |
kill -9 $(lsof -ti:8888) | |
gcloud compute os-login ssh-keys remove --key-file=/home/runner/.ssh/google_compute_engine.pub |