-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Loading status checks…
cicd: add changes to dockerfile and new proxy build workflow
1 parent
f814e03
commit da41920
Showing
2 changed files
with
223 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,220 @@ | ||
| name: Build and deploy cdapp block-ingestor docker image | ||
|
|
||
| on: | ||
|
|
||
| workflow_dispatch: # Allows manual workflow trigger | ||
| repository_dispatch: # Allows API workflow trigger | ||
| types: [cdapp-block-ingestor-proxy-chain] | ||
|
|
||
| # push: | ||
| # branches: | ||
| # - master # Automatically deploy on commits to master | ||
| # paths-ignore: | ||
| # - '.github/**' | ||
| # - '**.md' | ||
|
|
||
| concurrency: | ||
| group: cdapp-block-ingestor-proxy-chain | ||
| cancel-in-progress: true | ||
|
|
||
| # Set global env variables | ||
| env: | ||
| AWS_REGION: eu-west-2 | ||
| ECR_REPOSITORY: ${{ secrets.AWS_ACCOUNT_ID_QA }}.dkr.ecr.eu-west-2.amazonaws.com/cdapp/block-ingestor-proxy-chain | ||
| COMMIT_HASH: ${{ github.event.client_payload.COMMIT_HASH != null && github.event.client_payload.COMMIT_HASH || github.sha }} | ||
|
|
||
| jobs: | ||
|
|
||
| # Build cdapp block-ingestor and push to AWS ECR | ||
| buildAndPush: | ||
|
|
||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
|
|
||
| - name: Echo Env Vars through Context | ||
| run: | | ||
| echo "$GITHUB_CONTEXT" | ||
| - name: Configure AWS credentials | ||
| uses: aws-actions/configure-aws-credentials@v2 | ||
| with: | ||
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_QA }} | ||
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_QA }} | ||
| aws-region: ${{ env.AWS_REGION }} | ||
|
|
||
| - name: Login to Amazon ECR | ||
| id: login-ecr | ||
| uses: aws-actions/amazon-ecr-login@v1 | ||
|
|
||
| - name: Checkout | ||
| uses: actions/checkout@v2 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Checkout relevant branch | ||
| run: | ||
| git checkout ${{ github.event.client_payload.COMMIT_HASH != null && github.event.client_payload.COMMIT_HASH || github.sha }} | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v2 | ||
|
|
||
| - name: Build and push | ||
| uses: docker/build-push-action@v3 | ||
| with: | ||
| context: ${{ github.workspace }} | ||
| file: ./Dockerfile | ||
| push: true | ||
| build-args: | | ||
| BUILD_TARGET=proxy-chain | ||
| tags: | | ||
| ${{ env.ECR_REPOSITORY }}:run-${{ github.run_number }} | ||
| ${{ env.ECR_REPOSITORY }}:${{ env.COMMIT_HASH }} | ||
| - uses: sarisia/actions-status-discord@c193626e5ce172002b8161e116aa897de7ab5383 | ||
| if: always() | ||
| with: | ||
| webhook: ${{ secrets.DISCORD_WEBHOOK }} | ||
| title: "Build and push cdapp block-ingestor" | ||
|
|
||
| # Deploy cdapp block-ingestor to QA environment | ||
| deployQA: | ||
|
|
||
| needs: buildAndPush | ||
|
|
||
| runs-on: ubuntu-latest | ||
|
|
||
| env: | ||
| NAMESPACE: cdapp | ||
| CLUSTER_NAME: qa-cluster | ||
| ENVIRONMENT_TAG: qa | ||
| REPOSITORY_NAME: cdapp/block-ingestor | ||
|
|
||
| steps: | ||
|
|
||
| - name: Configure AWS credentials for ECR | ||
| uses: aws-actions/configure-aws-credentials@v2 | ||
| with: | ||
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_QA }} | ||
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_QA }} | ||
| aws-region: ${{ env.AWS_REGION }} | ||
|
|
||
| - name: Login to Amazon ECR | ||
| id: login-ecr | ||
| uses: aws-actions/amazon-ecr-login@v1 | ||
|
|
||
| - name: Echo current image and tag new image | ||
| run: | | ||
| echo -e "Getting image info...\n" | ||
| echo -e "###### Current image being used ######\n" | ||
| SHA256=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag=${{ env.ENVIRONMENT_TAG }} --output json | jq '.images[].imageId.imageDigest') | ||
| aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageDigest=$SHA256 --output json | jq '.images[].imageId' | ||
| echo -e "\n###### Tagging new image with environment tag ######" | ||
| MANIFEST=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag=${{ env.COMMIT_HASH }} --output json | jq --raw-output --join-output '.images[0].imageManifest') | ||
| aws ecr put-image --repository-name ${{ env.REPOSITORY_NAME }} --image-tag ${{ env.ENVIRONMENT_TAG }} --image-manifest "$MANIFEST" | ||
| echo -e "\n###### New image being used ######\n" | ||
| SHA256=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag=${{ env.ENVIRONMENT_TAG }} --output json | jq '.images[].imageId.imageDigest') | ||
| aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageDigest=$SHA256 --output json | jq '.images[].imageId' | ||
| - name: Configure AWS credentials for EKS | ||
| uses: aws-actions/configure-aws-credentials@v2 | ||
| with: | ||
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_QA }} | ||
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_QA }} | ||
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID_QA }}:role/eks-admin | ||
| role-session-name: github-cicd | ||
| role-duration-seconds: 1200 | ||
| aws-region: ${{ env.AWS_REGION }} | ||
|
|
||
| - name: Configure AWS EKS | ||
| run: | | ||
| aws eks --region ${{ env.AWS_REGION }} update-kubeconfig --name ${{ env.CLUSTER_NAME }} | ||
| - name: Deploy to Kubernetes cluster | ||
| run: | | ||
| kubectl rollout restart deployment/cdapp-block-ingestor-${{ env.ENVIRONMENT_TAG }}-polygon-amoy -n ${{ env.NAMESPACE }} | ||
| - name: Validate Kubernetes deployment | ||
| run: | | ||
| kubectl rollout status deployment/cdapp-block-ingestor-${{ env.ENVIRONMENT_TAG }}-polygon-amoy -n ${{ env.NAMESPACE }} | ||
| - uses: sarisia/actions-status-discord@c193626e5ce172002b8161e116aa897de7ab5383 | ||
| if: always() | ||
| with: | ||
| webhook: ${{ secrets.DISCORD_WEBHOOK }} | ||
| title: "Deploy cdapp block-ingestor to ${{ env.ENVIRONMENT_TAG }}-polygon-amoy" | ||
|
|
||
| # Deploy cdapp block-ingestor to Prod environment | ||
| deployProd: | ||
|
|
||
| needs: deployQA | ||
|
|
||
| environment: prod | ||
|
|
||
| runs-on: ubuntu-latest | ||
|
|
||
| env: | ||
| NAMESPACE: cdapp | ||
| CLUSTER_NAME: prod-cluster | ||
| ENVIRONMENT_TAG: prod | ||
| REPOSITORY_NAME: cdapp/block-ingestor | ||
|
|
||
| steps: | ||
|
|
||
| - name: Configure AWS credentials for ECR | ||
| uses: aws-actions/configure-aws-credentials@v2 | ||
| with: | ||
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_QA }} | ||
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_QA }} | ||
| aws-region: ${{ env.AWS_REGION }} | ||
|
|
||
| - name: Login to Amazon ECR | ||
| id: login-ecr | ||
| uses: aws-actions/amazon-ecr-login@v1 | ||
|
|
||
| - name: Echo current image and tag new image | ||
| run: | | ||
| echo -e "Getting image info...\n" | ||
| echo -e "###### Current image being used ######\n" | ||
| SHA256=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag=${{ env.ENVIRONMENT_TAG }} --output json | jq '.images[].imageId.imageDigest') | ||
| aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageDigest=$SHA256 --output json | jq '.images[].imageId' | ||
| echo -e "\n###### Tagging new image with environment tag ######" | ||
| MANIFEST=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag=${{ env.COMMIT_HASH }} --output json | jq --raw-output --join-output '.images[0].imageManifest') | ||
| aws ecr put-image --repository-name ${{ env.REPOSITORY_NAME }} --image-tag ${{ env.ENVIRONMENT_TAG }} --image-manifest "$MANIFEST" | ||
| echo -e "\n###### New image being used ######\n" | ||
| SHA256=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag=${{ env.ENVIRONMENT_TAG }} --output json | jq '.images[].imageId.imageDigest') | ||
| aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageDigest=$SHA256 --output json | jq '.images[].imageId' | ||
| - name: Configure AWS credentials for EKS | ||
| uses: aws-actions/configure-aws-credentials@v2 | ||
| with: | ||
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_PROD }} | ||
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_PROD }} | ||
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID_PROD }}:role/eks-admin | ||
| role-session-name: github-cicd | ||
| role-duration-seconds: 1200 | ||
| aws-region: ${{ env.AWS_REGION }} | ||
|
|
||
| - name: Configure AWS EKS | ||
| run: | | ||
| aws eks --region ${{ env.AWS_REGION }} update-kubeconfig --name ${{ env.CLUSTER_NAME }} | ||
| - name: Deploy to Kubernetes cluster | ||
| run: | | ||
| kubectl rollout restart deployment/cdapp-block-ingestor-${{ env.ENVIRONMENT_TAG }}-polygon-mainnet -n ${{ env.NAMESPACE }} | ||
| - name: Validate Kubernetes deployment | ||
| run: | | ||
| kubectl rollout status deployment/cdapp-block-ingestor-${{ env.ENVIRONMENT_TAG }}-polygon-mainnet -n ${{ env.NAMESPACE }} | ||
| - uses: sarisia/actions-status-discord@c193626e5ce172002b8161e116aa897de7ab5383 | ||
| if: always() | ||
| with: | ||
| webhook: ${{ secrets.DISCORD_WEBHOOK }} | ||
| title: "Deploy cdapp block-ingestor to ${{ env.ENVIRONMENT_TAG }}-polygon-mainnet" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters