From 6234bcbe030da590647bd1b24e8a595b3e6c84bb Mon Sep 17 00:00:00 2001 From: Yaroslav Grishajev Date: Fri, 11 Oct 2024 11:15:25 +0200 Subject: [PATCH] feat(deploy): implements multiple apps and sdl templating --- .akash/BLOCKLIST | 3 - .akash/DSEQ | 1 - .akash/PROVIDER | 1 - .akash/STATUS | 19 - .../actions/cleanup-stale-orders/action.yml | 4 +- .../actions/cleanup-stale-state/action.yml | 23 +- .github/actions/close-all-active/action.yml | 13 +- .../actions/close-state-deployment/action.yml | 20 +- .github/actions/deploy/action.yml | 357 ++++++++++++++++++ .github/actions/init-akash/action.yml | 70 ++-- .github/actions/restore-state/action.yml | 15 +- .github/workflows/deploy-via-action.yml | 95 +++++ .github/workflows/deploy.yml | 143 ++++--- .github/workflows/destroy.yml | 24 +- .github/workflows/nuke-all.yml | 18 +- .gitignore | 3 + README.md | 43 +-- TODO.md | 2 +- 18 files changed, 638 insertions(+), 216 deletions(-) delete mode 100644 .akash/BLOCKLIST delete mode 100644 .akash/DSEQ delete mode 100644 .akash/PROVIDER delete mode 100644 .akash/STATUS create mode 100644 .github/actions/deploy/action.yml create mode 100644 .github/workflows/deploy-via-action.yml create mode 100644 .gitignore diff --git a/.akash/BLOCKLIST b/.akash/BLOCKLIST deleted file mode 100644 index 7defe53..0000000 --- a/.akash/BLOCKLIST +++ /dev/null @@ -1,3 +0,0 @@ -# here you can specify providers you do not wish to create the lease for -akash1cx9cc98ttn92wlj8zs5vyn2u7a5t8ray25cdpc -akash1vky0uh4wayh9npd74uqesglpaxwymynnspf6a4 diff --git a/.akash/DSEQ b/.akash/DSEQ deleted file mode 100644 index 2350f50..0000000 --- a/.akash/DSEQ +++ /dev/null @@ -1 +0,0 @@ -10603285 diff --git a/.akash/PROVIDER b/.akash/PROVIDER deleted file mode 100644 index 9efcf0a..0000000 --- a/.akash/PROVIDER +++ /dev/null @@ -1 +0,0 @@ -akash19yhu3jgw8h0320av98h8n5qczje3pj3u9u2amp diff --git a/.akash/STATUS b/.akash/STATUS deleted file mode 100644 index 79e0407..0000000 --- a/.akash/STATUS +++ /dev/null @@ -1,19 +0,0 @@ -{ - "services": { - "tetris": { - "name": "tetris", - "available": 0, - "total": 1, - "uris": [ - "1nm8leauvd9jh3gac8nq9umq58.ingress.bdl.computer" - ], - "observed_generation": 1, - "replicas": 1, - "updated_replicas": 1, - "ready_replicas": 0, - "available_replicas": 0 - } - }, - "forwarded_ports": null, - "ips": null -} diff --git a/.github/actions/cleanup-stale-orders/action.yml b/.github/actions/cleanup-stale-orders/action.yml index c7add7c..59e9394 100644 --- a/.github/actions/cleanup-stale-orders/action.yml +++ b/.github/actions/cleanup-stale-orders/action.yml @@ -12,8 +12,6 @@ runs: steps: - name: Cleanup stale deployment requests - env: - PASSWORD: ${{ inputs.password }} shell: bash run: | unset AKASH_DSEQ @@ -26,7 +24,7 @@ runs: if test -z "$LEASE_STATE" || [[ "$LEASE_STATE" == "closed" ]]; then ## === broadcast tx === ## - TX=$(echo "${PASSWORD}" | ${CLIENT} tx deployment close | jq -r '.txhash') + TX=$(echo "${{ inputs.password }}" | ${CLIENT} tx deployment close | jq -r '.txhash') if test -z $TX; then echo "No TX broadcasted!" exit 1 diff --git a/.github/actions/cleanup-stale-state/action.yml b/.github/actions/cleanup-stale-state/action.yml index f93cfff..78135a1 100644 --- a/.github/actions/cleanup-stale-state/action.yml +++ b/.github/actions/cleanup-stale-state/action.yml @@ -1,19 +1,20 @@ name: Cleanup stale state -description: Cleanup state .akash/{DSEQ,PROVIDER,STATUS} if deployment is inactive +description: Cleanup state .akash/project-name if deployment is inactive inputs: password: description: 'Password to decrypt the wallet' required: true type: string - github_token: - description: 'GITHUB_TOKEN' - required: true - type: string - PROJECT_PATH: + project-path: description: 'Path to the project' required: true type: string + project-name: + description: 'Project name (will be used as prefix for state files)' + required: false + default: 'app' + type: string runs: using: "composite" @@ -21,14 +22,12 @@ runs: steps: - name: Close stale deployment id: close-stale-deployment - env: - PASSWORD: ${{ inputs.password }} shell: bash run: | echo "Closing stale deployment" ## === broadcast tx === ## - TX=$(echo "${PASSWORD}" | ${CLIENT} tx deployment close | jq -r '.txhash') + TX=$(echo "${{ inputs.password }}" | ${CLIENT} tx deployment close | jq -r '.txhash') if test -z $TX; then echo "No TX broadcasted!" exit 1 @@ -57,9 +56,5 @@ runs: run: | echo "AKASH_DSEQ=" >> $GITHUB_ENV echo "AKASH_PROVIDER=" >> $GITHUB_ENV - rm -vf ${{ inputs.PROJECT_PATH }}/.akash/DSEQ ${{ inputs.PROJECT_PATH }}/.akash/PROVIDER ${{ inputs.PROJECT_PATH }}/.akash/STATUS + rm -vrf ${{ inputs.project-path }}/.akash/${{ inputs.project-name }} - - name: Commit & Push changes - uses: actions-js/push@master - with: - github_token: ${{ inputs.github_token }} diff --git a/.github/actions/close-all-active/action.yml b/.github/actions/close-all-active/action.yml index 371b55b..28b5859 100644 --- a/.github/actions/close-all-active/action.yml +++ b/.github/actions/close-all-active/action.yml @@ -2,7 +2,7 @@ name: Close all active deployments description: Close all active deployments inputs: - project_path: + project-path: description: 'Path to the project' required: true type: string @@ -14,14 +14,17 @@ inputs: description: 'GITHUB_TOKEN' required: true type: string + project-name: + description: 'Project name (will be used as prefix for state files)' + required: false + default: 'app' + type: string runs: using: "composite" steps: - name: Close all active deployments - env: - PASSWORD: ${{ inputs.password }} shell: bash run: | unset AKASH_DSEQ @@ -32,7 +35,7 @@ runs: while read AKASH_DSEQ; do export AKASH_DSEQ ## === broadcast tx === ## - TX=$(echo "${PASSWORD}" | ${CLIENT} tx deployment close | jq -r '.txhash') + TX=$(echo "${{ inputs.password }}" | ${CLIENT} tx deployment close | jq -r '.txhash') if test -z $TX; then echo "No TX broadcasted!" exit 1 @@ -63,7 +66,7 @@ runs: run: | echo "AKASH_DSEQ=" >> $GITHUB_ENV echo "AKASH_PROVIDER=" >> $GITHUB_ENV - rm -vf ${{ inputs.project_path }}/.akash/DSEQ ${{ inputs.project_path }}/.akash/PROVIDER ${{ inputs.project_path }}/.akash/STATUS + rm -vrf ${{ inputs.project-path }}/.akash/${{ inputs.project-name }} - name: Commit & Push changes uses: actions-js/push@master diff --git a/.github/actions/close-state-deployment/action.yml b/.github/actions/close-state-deployment/action.yml index 5dc1dbd..dd7941a 100644 --- a/.github/actions/close-state-deployment/action.yml +++ b/.github/actions/close-state-deployment/action.yml @@ -1,8 +1,8 @@ name: Close state deployment -description: Close a single deployment based on the state (.akash/{DSEQ,PROVIDER}) +description: Close a single deployment based on the state (.akash/project-name) inputs: - project_path: + project-path: description: 'Path for the project to deploy' required: true type: string @@ -14,6 +14,11 @@ inputs: description: 'GITHUB_TOKEN' required: true type: string + project-name: + description: 'Project name (will be used as prefix for state files)' + required: false + default: 'app' + type: string runs: using: "composite" @@ -21,14 +26,12 @@ runs: steps: - name: Close deployment id: close-deployment - env: - PASSWORD: ${{ inputs.password }} shell: bash run: | echo "Closing deployment" ## === broadcast tx === ## - TX=$(echo "${PASSWORD}" | ${CLIENT} tx deployment close | jq -r '.txhash') + TX=$(echo "${{ inputs.password }}" | ${CLIENT} tx deployment close | jq -r '.txhash') if test -z $TX; then echo "No TX broadcasted!" exit 1 @@ -58,9 +61,4 @@ runs: run: | echo "AKASH_DSEQ=" >> $GITHUB_ENV echo "AKASH_PROVIDER=" >> $GITHUB_ENV - rm -vf ${{ inputs.project_path }}/.akash/DSEQ ${{ inputs.project_path }}/.akash/PROVIDER ${{ inputs.project_path }}/.akash/STATUS - - - name: Commit & Push changes - uses: actions-js/push@master - with: - github_token: ${{ inputs.github_token }} + rm -vrf ${{ inputs.project-path }}/.akash/${{ inputs.project-name }} diff --git a/.github/actions/deploy/action.yml b/.github/actions/deploy/action.yml new file mode 100644 index 0000000..fabf3a8 --- /dev/null +++ b/.github/actions/deploy/action.yml @@ -0,0 +1,357 @@ +name: Deploy to akash + +inputs: + project-path: + description: 'Path for the project to deploy' + required: false + default: '.' + type: string + project-name: + description: 'Project name (will be used as prefix for cache keys)' + required: false + default: 'app' + type: string + image: + description: 'Change the image tag to deploy' + required: true + type: string + provider: + description: 'Provider address to deploy the project' + type: string + github-message: + type: string + description: 'Commit message for state changes' + required: false + default: 'chore(deploy): update deployment state' + github-author-email: + type: string + description: 'Git commit author email' + required: false + github-author-name: + type: string + description: 'Git commit author name' + required: false + seed: + description: 'Seed phrase for the wallet' + required: true + password: + description: 'Password to decrypt the wallet' + required: true + github-token: + description: 'GITHUB_TOKEN' + required: true + + +runs: + using: "composite" + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Call Initialize Akash client + uses: akash-network/akash-deploy-action/.github/actions/init-akash@main + with: + seed: ${{ inputs.seed }} + password: ${{ inputs.password }} + project-name: ${{ inputs.project-name }} + + - name: Call Cleanup stale order requests + uses: akash-network/akash-deploy-action/.github/actions/cleanup-stale-orders@main + with: + password: ${{ inputs.password }} + + - name: Call Restore state + id: call-restore-state + uses: akash-network/akash-deploy-action/.github/actions/restore-state@main + with: + project-path: ${{ inputs.project-path }} + project-name: ${{ inputs.project-name }} + + - name: Call Get deployment status + id: call-get-deployment-status + if: | + steps.call-restore-state.outcome == 'success' && + ( env.AKASH_DSEQ != '' && env.AKASH_PROVIDER != '' ) + uses: akash-network/akash-deploy-action/.github/actions/get-deployment-status@main + + - name: Call Cleanup stale state + id: call-cleanup-stale-state + uses: akash-network/akash-deploy-action/.github/actions/cleanup-stale-state@main + if: steps.call-get-deployment-status.outputs.is-deployment-active == 'false' + with: + password: ${{ inputs.password }} + project-path: ${{ inputs.project-path }} + project-name: ${{ inputs.project-name }} + + - name: Interpolate SDL vars + id: interpolate-sdl-vars + shell: bash + env: + IMAGE_NAME: ${{ inputs.image }} + run: | + sudo apt-get update && sudo apt-get install -y gettext + VARS=$(sed -n 's/.*{{\s*\([A-Za-z_][A-Za-z0-9_]*\)\s*}}.*/\1/p' ${{ inputs.project-path }}/${SDL} | sort | uniq | sed 's/[^ ]* */$&/g' | tr '\n' ' ') + sed 's/{{\([A-Za-z_][A-Za-z0-9_]*\)}}/\$\1/g' ${{ inputs.project-path }}/${SDL} | envsubst "$VARS" > ${PARSED_SDL} + echo "--------------- PARSED SDL FILE ---------------" + cat ${PARSED_SDL} + echo "--------------- END OF PARSED SDL FILE ---------------" + + - name: Update existing deployment + id: update-deployment + if: steps.call-get-deployment-status.outputs.is-deployment-active == 'true' + shell: bash + env: + password: ${{ inputs.password }} + run: | + #echo "AKASH_DSEQ: $AKASH_DSEQ" + + # extract image name without version from image input + IMAGE_NAME=$(echo "${{ inputs.image }}" | cut -d':' -f1) + echo "IMAGE_NAME: $IMAGE_NAME" + echo "Changing SDL to use the new image: ${{ inputs.image }}" + + # Change the image IMAGE_NAME version from the SDL file + sed -i "s|image: $IMAGE_NAME:.*|image: ${{ inputs.image }}|g" ${PARSED_SDL} + + ## === broadcast tx === ## + TX=$(echo "${password}" | ${CLIENT} tx deployment update ${PARSED_SDL} | jq -r '.txhash') + if test -z $TX; then + echo "No TX broadcasted!" + echo "If you see \"Invalid: deployment version\" error above, it is likely because the SDL file was not changed." + exit 1 + fi + echo "TX: $TX" + sleep ${BLOCK_TIME} + RC=$(${CLIENT} query tx $TX | jq -r '.code') + case $RC in + 0) + echo "TX successful" + ;; + 11) + echo "Out of gas! Consider raising AKASH_GAS_ADJUSTMENT and trying again." + exit 1 + ;; + *) + echo "Transaction $TX failed with code: '$RC'" + exit 1 + ;; + esac + ## === broadcast tx === ## + + - name: Broadcast the deployment request + id: create-deployment + if: | + ( steps.call-get-deployment-status.outputs.is-deployment-active != 'true' || steps.call-cleanup-stale-state.outcome == 'success' ) || + steps.call-get-deployment-status.outcome == 'skipped' + shell: bash + env: + password: ${{ inputs.password }} + run: | + if test ! -z "$AKASH_DSEQ"; then + echo "Looks like there was an issue closing stale deployment: $AKASH_DSEQ/$AKASH_GSEQ/$AKASH_OSEQ" + exit 1 + fi + + ## === broadcast tx === ## + TX=$(echo "${password}" | ${CLIENT} tx deployment create ${PARSED_SDL} | jq -r '.txhash') + if test -z $TX; then + echo "No TX broadcasted!" + exit 1 + fi + echo "TX: $TX" + sleep ${BLOCK_TIME} + RC=$(${CLIENT} query tx $TX | jq -r '.code') + case $RC in + 0) + echo "TX successful" + ;; + 11) + echo "Out of gas! Consider raising AKASH_GAS_ADJUSTMENT and trying again." + exit 1 + ;; + *) + echo "Transaction $TX failed with code: '$RC'" + exit 1 + ;; + esac + ## === broadcast tx === ## + + AKASH_DSEQ=$(${CLIENT} query tx $TX | jq -r '.tx.body.messages[].id.dseq') + if test -z "$AKASH_DSEQ"; then + echo "Could not get AKASH_DSEQ, something is really wrong." + exit 1 + fi + echo "Broadcasted AKASH_DSEQ: $AKASH_DSEQ to the Akash network." + echo "AKASH_DSEQ=$AKASH_DSEQ" >> $GITHUB_ENV + + - name: Look for the bids on the Akash network + id: find-bids + if: steps.create-deployment.outcome == 'success' + shell: bash + env: + password: ${{ inputs.password }} + run: | + test ! -z "$AKASH_DSEQ" + echo "Giving providers 12 seconds to bid ..." + sleep 12 + # add "--gseq 0 --oseq 0" -- to catch all (for future placement groups support) + BID_LIST="$(${CLIENT} query market bid list --state open)" + #BID_LENGTH=$(echo "$BID_LIST" | jq -r '.bids | length') + + # Remove blocklisted providers from the BID_LIST + if [[ -f ${{ inputs.project-path }}/.akash/${{inputs.project-name}}/BLOCKLIST ]]; then + while read address; do + echo "Warning! Skipping provider $address based on the ${{ inputs.project-path }}/.akash/${{inputs.project-name}}/BLOCKLIST!" + TMP_BID_LIST="$(echo "$BID_LIST" | jq --arg address "$address" -c '.bids[] | del(select(.bid.bid_id.provider == $address))' | jq -s '{"bids": del(.. | nulls)}')" + BID_LIST="$TMP_BID_LIST" + done < <(cat ${{ inputs.project-path }}/.akash/${{inputs.project-name}}BLOCKLIST) # use process substitution to avoid subshell creation (cat file | while read ...) where variables are not preserved + fi + echo "$BID_LIST" | jq -r '.bids[].bid | {"price":.price.amount, "provider":.bid_id.provider}' | jq -s -r 'sort_by(.price | tonumber) | .[] | flatten | @tsv' + if test ! -z $PROVIDER; then + echo "PROVIDER parameter is set, locating the bid from provider: $PROVIDER ..." + AKASH_PROVIDER=$(echo "$BID_LIST" | jq -r '.bids[].bid.bid_id.provider' | grep -w "$PROVIDER") + else + echo "PROVIDER parameter was not set, locating the cheapest bid ..." + AKASH_PROVIDER=$(echo "$BID_LIST" | jq -r '.bids[].bid | {"price":.price.amount, "provider":.bid_id.provider}' | jq -s -r 'sort_by(.price | tonumber) | .[0].provider') + fi + + if test -z "$AKASH_PROVIDER" || [[ "$AKASH_PROVIDER" == "null" ]]; then + echo "Could not find bids for $AKASH_DSEQ/$AKASH_GSEQ/$AKASH_OSEQ." + echo "Try to update your SDL manifest file, probably you are requesting too much of resources or too limiting attributes." + echo "Closing the deployment ..." + + ## === broadcast tx === ## + TX=$(echo "${password}" | ${CLIENT} tx deployment close | jq -r '.txhash') + if test -z $TX; then + echo "No TX broadcasted!" + exit 1 + fi + echo "TX: $TX" + sleep ${BLOCK_TIME} + RC=$(${CLIENT} query tx $TX | jq -r '.code') + case $RC in + 0) + echo "TX successful" + ;; + 11) + echo "Out of gas! Consider raising AKASH_GAS_ADJUSTMENT and trying again." + exit 1 + ;; + *) + echo "Transaction $TX failed with code: '$RC'" + exit 1 + ;; + esac + ## === broadcast tx === ## + + exit 1 + fi + echo "AKASH_PROVIDER=$AKASH_PROVIDER" >> $GITHUB_ENV + echo "Selected AKASH_PROVIDER: $AKASH_PROVIDER" + + - name: Accept the lease + id: create-lease + if: | + steps.create-deployment.outcome == 'success' && + steps.find-bids.outcome == 'success' + shell: bash + env: + password: ${{ inputs.password }} + run: | + if test -z "$AKASH_DSEQ"; then + echo "AKASH_DSEQ is not set. Possible causes:" + echo "The client did not succeed broadcasting the deployment request. (Usually can happend due out of gas.)" + exit 1 + fi + if test -z "$AKASH_PROVIDER"; then + echo "AKASH_PROVIDER is not set." + exit 1 + fi + + echo "Going to accept the lease for: $AKASH_DSEQ/$AKASH_GSEQ/$AKASH_OSEQ on $AKASH_PROVIDER provider" + + ## === broadcast tx === ## + TX=$(echo "${password}" | ${CLIENT} tx market lease create | jq -r '.txhash') + if test -z $TX; then + echo "No TX broadcasted!" + exit 1 + fi + echo "TX: $TX" + sleep ${BLOCK_TIME} + RC=$(${CLIENT} query tx $TX | jq -r '.code') + case $RC in + 0) + echo "TX successful" + ;; + 11) + echo "Out of gas! Consider raising AKASH_GAS_ADJUSTMENT and trying again." + exit 1 + ;; + *) + echo "Transaction $TX failed with code: '$RC'" + exit 1 + ;; + esac + ## === broadcast tx === ## + + - name: Deposit additional AKT tokens to the deployment + id: deposit-deployment + env: + password: ${{ inputs.password }} + if: steps.create-lease.outcome == 'success' || steps.update-deployment.outcome == 'success' + shell: bash + run: | + test ! -z "$AKASH_DSEQ" + DAYS_LEFT=$(${CLIENT} query escrow blocks-remaining | jq -r '.estimated_time_remaining/pow(10;9)/60/60/24|round') + DEPOSIT=$(${CLIENT} query deployment get | jq -r '.escrow_account.balance.amount|tonumber / pow(10;6)') + echo "${AKASH_DSEQ} has ${DAYS_LEFT} days left with ${DEPOSIT} AKT currently deposited." + echo "Consider depositing more AKT for it to last longer." + # TODO: create a dedicated job for this task? + # TODO: see to automate the minimum deposit (in days) / or rather add a crontab job which will take care of that. + #echo "${password}" | ${CLIENT} tx deployment deposit 10000000uakt + #sleep ${BLOCK_TIME} + + - name: Send manifest to the provider + id: send-manifest + if: steps.create-lease.outcome == 'success' || steps.update-deployment.outcome == 'success' + shell: bash + env: + password: ${{ inputs.password }} + run: | + test ! -z "$AKASH_DSEQ" + test ! -z "$AKASH_PROVIDER" + echo "${password}" | ${CLIENT} send-manifest ${PARSED_SDL} + + - name: Lease status + id: lease-status + if: steps.create-lease.outcome == 'success' || steps.update-deployment.outcome == 'success' + shell: bash + env: + password: ${{ inputs.password }} + run: | + test ! -z "$AKASH_DSEQ" + mkdir -p ${{ inputs.project-path }}/.akash/${{inputs.project-name}} 2>/dev/null || : + echo "${password}" | ${CLIENT} lease-status | jq -r . > ${{ inputs.project-path }}/.akash/${{inputs.project-name}}/STATUS + cat ${{ inputs.project-path }}/.akash/${{inputs.project-name}}/STATUS + + - name: Save DSEQ and PROVIDER + if: steps.create-lease.outcome == 'success' || steps.update-deployment.outcome == 'success' + shell: bash + run: | + test ! -z "$AKASH_DSEQ" + test ! -z "$AKASH_PROVIDER" + mkdir -p ${{ inputs.project-path }}/.akash/${{inputs.project-name}} 2>/dev/null || : + echo "$AKASH_DSEQ" > ${{ inputs.project-path }}/.akash/${{inputs.project-name}}/DSEQ + echo "$AKASH_PROVIDER" > ${{ inputs.project-path }}/.akash/${{inputs.project-name}}/PROVIDER + + - name: Remove the parsed SDL file + shell: bash + run: rm -f ${PARSED_SDL} + + - name: Commit & Push changes + uses: actions-js/push@master + with: + github_token: ${{ inputs.github-token }} + author_email: ${{ inputs.github-author-email }} + author_name: ${{ inputs.github-author-name }} + message: ${{ inputs.github-message }} diff --git a/.github/actions/init-akash/action.yml b/.github/actions/init-akash/action.yml index 59f653e..cc13984 100644 --- a/.github/actions/init-akash/action.yml +++ b/.github/actions/init-akash/action.yml @@ -9,7 +9,7 @@ inputs: description: 'Password to encrypt the wallet' required: true type: string - project_name: + project-name: description: 'Project name (will be used as a prefix for cache keys)' required: true type: string @@ -21,18 +21,18 @@ runs: - name: Check required variables are set shell: bash run: | - SEED="${{ inputs.seed }}" - PASSWORD="${{ inputs.password }}" - if test -z "${SEED}"; then - echo "SEED is empty! Please add a mnemonic seed secret named SEED to this repo (under repo 'Settings' -> 'Secrets and variables' -> 'Actions')" + seed="${{ inputs.seed }}" + password="${{ inputs.password }}" + if test -z "${seed}"; then + echo "seed is empty! Please add a mnemonic seed secret named seed to this repo (under repo 'Settings' -> 'Secrets and variables' -> 'Actions')" exit 1 fi - if test -z "${PASSWORD}"; then - echo "PASSWORD is empty! Please add a secret named PASSWORD to this repo (under repo 'Settings' -> 'Secrets and variables' -> 'Actions')" + if test -z "${password}"; then + echo "password is empty! Please add a secret named password to this repo (under repo 'Settings' -> 'Secrets and variables' -> 'Actions')" exit 1 fi - PW_LEN=$(echo -n "${PASSWORD}" | wc -c) + PW_LEN=$(echo -n "${password}" | wc -c) if [[ "$PW_LEN" -lt "8" ]]; then echo "Password is too short! It must be at least 8 characters long!" exit 1 @@ -48,9 +48,9 @@ runs: with: path: | ~/cache - key: ${{ runner.os }}-${{ inputs.project_name }}-deb + key: ${{ runner.os }}-${{ inputs.project-name }}-deb restore-keys: | - ${{ runner.os }}-${{ inputs.project_name }}-deb + ${{ runner.os }}-${{ inputs.project-name }}-deb - name: Install Akash client deb shell: bash @@ -75,31 +75,31 @@ runs: ~/cache key: ${{ steps.cache-deb-restore.outputs.cache-primary-key }} - - name: Check mnemonic seed secret is present (SEED secret) + - name: Check mnemonic seed secret is present (seed secret) id: get-seed env: - SEED: ${{ inputs.seed }} + seed: ${{ inputs.seed }} shell: bash run: | - if test -z "${SEED}"; then + if test -z "${seed}"; then echo "I could not find the mnemonic seed!" - echo "Please add a mnemonic seed secret named SEED to this repo (under repo 'Settings' -> 'Secrets and variables' -> 'Actions')" + echo "Please add a mnemonic seed secret named seed to this repo (under repo 'Settings' -> 'Secrets and variables' -> 'Actions')" echo "I will generate one for you as an example, using '${CLIENT} keys mnemonic' CLI command:" - echo "============ MNEMONIC SEED ============" + echo "============ MNEMONIC seed ============" ${CLIENT} keys mnemonic - echo "============ MNEMONIC SEED ============" + echo "============ MNEMONIC seed ============" exit 1 fi - - name: Check password secret is present (PASSWORD secret) + - name: Check password secret is present (password secret) id: get-password env: - PASSWORD: ${{ inputs.password }} + password: ${{ inputs.password }} shell: bash run: | - if test -z "${PASSWORD}"; then + if test -z "${password}"; then echo "I could not find the password!" - echo "Please add a secret named PASSWORD to this repo (under repo 'Settings' -> 'Secrets and variables' -> 'Actions')" + echo "Please add a secret named password to this repo (under repo 'Settings' -> 'Secrets and variables' -> 'Actions')" echo "This password will be used to encrypt the wallet." exit 1 fi @@ -110,9 +110,9 @@ runs: with: path: | ${{ env.AKASH_HOME }}/keyring-file - key: ${{ runner.os }}-${{ inputs.project_name }}-wallet + key: ${{ runner.os }}-${{ inputs.project-name }}-wallet restore-keys: | - ${{ runner.os }}-${{ inputs.project_name }}-wallet + ${{ runner.os }}-${{ inputs.project-name }}-wallet - name: AKASH_KEYRING_BACKEND id: akash-keyring-backend @@ -124,24 +124,24 @@ runs: if: steps.cache-wallet-restore.outputs.cache-hit != 'true' && steps.akash-keyring-backend.outputs.is != 'test' id: restore-wallet env: - SEED: ${{ inputs.seed }} - PASSWORD: ${{ inputs.password }} + seed: ${{ inputs.seed }} + password: ${{ inputs.password }} shell: bash run: | - ( echo "${SEED}"; echo "${PASSWORD}"; echo "${PASSWORD}"; ) | ${CLIENT} keys add default --recover + ( echo "${seed}"; echo "${password}"; echo "${password}"; ) | ${CLIENT} keys add default --recover # let's only use a "file" keyring backend which is safe to use with public github repos #if [[ ${AKASH_KEYRING_BACKEND} == "test" ]]; then - # echo "${SEED}" | ${CLIENT} keys add default --recover + # echo "${seed}" | ${CLIENT} keys add default --recover #fi - name: Set AKASH_OWNER id: set-akash-owner env: - PASSWORD: ${{ inputs.password }} + password: ${{ inputs.password }} shell: bash run: | unset AKASH_OUTPUT - AKASH_OWNER=$(echo "${PASSWORD}" | ${CLIENT} keys show default -a) + AKASH_OWNER=$(echo "${password}" | ${CLIENT} keys show default -a) echo "AKASH_OWNER=$AKASH_OWNER" >> $GITHUB_ENV echo "AKASH_OWNER: $AKASH_OWNER" # Abort if AKASH_OWNER is empty @@ -162,9 +162,13 @@ runs: with: path: | ${{ env.AKASH_HOME }}/*.pem - key: ${{ runner.os }}-${{ inputs.project_name }}-client-certs + key: ${{ runner.os }}-${{ inputs.project-name }}-client-certs restore-keys: | - ${{ runner.os }}-${{ inputs.project_name }}-client-certs + ${{ runner.os }}-${{ inputs.project-name }}-client-certs + + - name: Install bc + shell: bash + run: sudo apt-get update && sudo apt-get install -y bc - name: Configure the network shell: bash @@ -220,7 +224,7 @@ runs: - name: Create client certificate env: - PASSWORD: ${{ inputs.password }} + password: ${{ inputs.password }} shell: bash run: | CLIENT_CERT_PATH="${AKASH_HOME}/${AKASH_OWNER}.pem" @@ -268,9 +272,9 @@ runs: if [[ "$GEN_NEW_CERT" -eq "0" ]]; then echo "Generating a new client certificate..." - echo "${PASSWORD}" | ${CLIENT} tx cert generate client + echo "${password}" | ${CLIENT} tx cert generate client echo "Broadcasting the certificate to the chain..." - echo "${PASSWORD}" | ${CLIENT} tx cert publish client + echo "${password}" | ${CLIENT} tx cert publish client sleep ${BLOCK_TIME} else echo "Client certificate is valid and present on the chain. No further actions required." diff --git a/.github/actions/restore-state/action.yml b/.github/actions/restore-state/action.yml index afa2f29..fa80c2c 100644 --- a/.github/actions/restore-state/action.yml +++ b/.github/actions/restore-state/action.yml @@ -1,10 +1,15 @@ name: Restore the state inputs: - PROJECT_PATH: + project-path: description: 'Path to the project' required: true type: string + project-name: + description: 'Project name (will be used as prefix for cache keys)' + required: false + default: 'app' + type: string runs: using: "composite" @@ -15,13 +20,15 @@ runs: continue-on-error: true shell: bash run: | - if [[ -f ${{ inputs.PROJECT_PATH }}/.akash/DSEQ && -f ${{ inputs.PROJECT_PATH }}/.akash/PROVIDER ]]; then - AKASH_DSEQ=$(cat ${{ inputs.PROJECT_PATH }}/.akash/DSEQ) - AKASH_PROVIDER=$(cat ${{ inputs.PROJECT_PATH }}/.akash/PROVIDER) + base_path=${{ inputs.project-path }}/.akash/${{inputs.project-name}} + if [[ -f $base_path/DSEQ && -f $base_path/PROVIDER ]]; then + AKASH_DSEQ=$(cat $base_path/DSEQ) + AKASH_PROVIDER=$(cat $base_path/PROVIDER) fi test ! -z "$AKASH_DSEQ" test ! -z "$AKASH_PROVIDER" echo "Expecting $AKASH_DSEQ/$AKASH_GSEQ/$AKASH_OSEQ deployment on $AKASH_PROVIDER provider." echo "Going to verify whether it is alive." + echo "Going to verify whether it is alive." echo "AKASH_DSEQ=$AKASH_DSEQ" >> $GITHUB_ENV echo "AKASH_PROVIDER=$AKASH_PROVIDER" >> $GITHUB_ENV diff --git a/.github/workflows/deploy-via-action.yml b/.github/workflows/deploy-via-action.yml new file mode 100644 index 0000000..4d2883e --- /dev/null +++ b/.github/workflows/deploy-via-action.yml @@ -0,0 +1,95 @@ +name: Deploy me + +on: + workflow_call: + inputs: + project-path: + description: 'Path for the project to deploy' + required: false + default: '.' + type: string + project-name: + description: 'Project name (will be used as prefix for cache keys)' + required: false + default: 'app' + type: string + image: + description: 'Change the image tag to deploy' + required: true + type: string + provider: + description: 'Provider address to deploy the project' + type: string + github-message: + type: string + description: 'Commit message for state changes' + required: false + default: 'chore(deploy): update deployment state' + github-author-email: + type: string + description: 'Git commit author email' + required: false + github-author-name: + type: string + description: 'Git commit author name' + required: false + secrets: + seed: + description: 'Seed phrase for the wallet' + required: true + password: + description: 'Password to decrypt the wallet' + required: true + github-token: + description: 'GITHUB_TOKEN' + required: true + +jobs: + deploy: + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Deploy + uses: akash-network/akash-deploy-action/.github/actions/deploy@main + env: + ORG: akash-network + REPO: provider + CLIENT: provider-services + CLIENT_VERSION: 0.6.4 + ARCH: linux_amd64 + # Akash Network + NET: mainnet + #BLOCK_TIME: 6s + BLOCK_TIME: 1s + # Quit if chain is running 30 seconds behind + CHAIN_LATENCY: 30 + # Akash Client parameters + AKASH_KEYRING_BACKEND: file + AKASH_BROADCAST_MODE: block + #AKASH_BROADCAST_MODE: async + AKASH_YES: 1 + AKASH_GAS_PRICES: 0.025uakt + AKASH_GAS: auto + AKASH_GAS_ADJUSTMENT: 1.5 + AKASH_HOME: /home/runner/.akash + AKASH_FROM: default + AKASH_OUTPUT: json + # Minimum balance on the wallet in AKT + MIN_BALANCE: 10 + AKASH_GSEQ: 1 + AKASH_OSEQ: 1 + SDL: deploy.yaml + PARSED_SDL: ${{ inputs.project-path }}/deploy-parsed.yaml + PROVIDER: ${{inputs.provider}} + with: + project-path: ${{ inputs.project-path }} + project-name: ${{ inputs.project-name }} + image: ${{ inputs.image }} + provider: ${{ inputs.provider }} + github-author-email: "developer@akash.network" + github-author-name: "Akash Network Team" + seed: ${{ secrets.seed }} + password: ${{ secrets.password }} + github-token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 0723069..690a45c 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -3,12 +3,12 @@ name: Deploy me on: workflow_call: inputs: - PROJECT_PATH: + project-path: description: 'Path for the project to deploy' required: false default: '.' type: string - project_name: + project-name: description: 'Project name (will be used as prefix for cache keys)' required: false default: 'app' @@ -17,14 +17,30 @@ on: description: 'Change the image tag to deploy' required: true type: string + provider: + description: 'Provider address to deploy the project' + type: string + github-message: + type: string + description: 'Commit message for state changes' + required: false + default: 'chore(deploy): update deployment state' + github-author-email: + type: string + description: 'Git commit author email' + required: false + github-author-name: + type: string + description: 'Git commit author name' + required: false secrets: - SEED: + seed: description: 'Seed phrase for the wallet' required: true - PASSWORD: + password: description: 'Password to decrypt the wallet' required: true - ghcr-token: + github-token: description: 'GITHUB_TOKEN' required: true @@ -32,7 +48,7 @@ env: ORG: akash-network REPO: provider CLIENT: provider-services - CLIENT_VERSION: 0.4.6 + CLIENT_VERSION: 0.6.4 ARCH: linux_amd64 # Akash Network NET: mainnet @@ -56,7 +72,8 @@ env: AKASH_GSEQ: 1 AKASH_OSEQ: 1 SDL: deploy.yaml - #PROVIDER: akash18ga02jzaq8cw52anyhzkwta5wygufgu6zsz6xc + PARSED_SDL: ${{ inputs.project-path }}/deploy-parsed.yaml + PROVIDER: ${{inputs.provider}} jobs: @@ -70,55 +87,61 @@ jobs: uses: actions/checkout@v4 - name: Call Initialize Akash client - uses: TedcryptoOrg/akash-deploy-action/.github/actions/init-akash@main + uses: akash-network/akash-deploy-action/.github/actions/init-akash@main with: - seed: ${{ secrets.SEED }} - password: ${{ secrets.PASSWORD }} - project_name: ${{ inputs.project_name }} + seed: ${{ secrets.seed }} + password: ${{ secrets.password }} + project-name: ${{ inputs.project-name }} - # Cleanup stale order (aka deployment) requests - name: Call Cleanup stale order requests - uses: TedcryptoOrg/akash-deploy-action/.github/actions/cleanup-stale-orders@main + uses: akash-network/akash-deploy-action/.github/actions/cleanup-stale-orders@main with: - password: ${{ secrets.PASSWORD }} + password: ${{ secrets.password }} - # Restore .akash/{DSEQ,PROVIDER} state - name: Call Restore state id: call-restore-state - uses: TedcryptoOrg/akash-deploy-action/.github/actions/restore-state@main + uses: akash-network/akash-deploy-action/.github/actions/restore-state@main with: - PROJECT_PATH: ${{ inputs.PROJECT_PATH }} + project-path: ${{ inputs.project-path }} + project-name: ${{ inputs.project-name }} - name: Call Get deployment status id: call-get-deployment-status if: | steps.call-restore-state.outcome == 'success' && ( env.AKASH_DSEQ != '' && env.AKASH_PROVIDER != '' ) - uses: TedcryptoOrg/akash-deploy-action/.github/actions/get-deployment-status@main - - ## Debug contexts: https://docs.github.com/en/actions/learn-github-actions/contexts#example-printing-context-information-to-the-log - #- name: Dump steps context - # shell: bash - # run: | - # echo '${{ toJSON(steps) }}' - # echo '${{ steps.call-get-deployment-status.outputs.is-deployment-active }}' - # exit 1 + uses: akash-network/akash-deploy-action/.github/actions/get-deployment-status@main - # close old deployment and remove it from .akash/{DSEQ,PROVIDER} - name: Call Cleanup stale state id: call-cleanup-stale-state - uses: TedcryptoOrg/akash-deploy-action/.github/actions/cleanup-stale-state@main + uses: akash-network/akash-deploy-action/.github/actions/cleanup-stale-state@main if: steps.call-get-deployment-status.outputs.is-deployment-active == 'false' with: - password: ${{ secrets.PASSWORD }} - github_token: ${{ secrets.ghcr-token }} - PROJECT_PATH: ${{ inputs.PROJECT_PATH }} + password: ${{ secrets.password }} + project-path: ${{ inputs.project-path }} + project-name: ${{ inputs.project-name }} + + - name: Interpolate SDL vars + id: interpolate-sdl-vars + env: + DOPPLER_TOKEN: ${{ secrets.DOPPLER_TOKEN }} + SENTRY_SERVER_NAME: ${{ secrets.SENTRY_SERVER_NAME }} + IMAGE_NAME: ${{ inputs.image }} + CLOUD_SQL_TOKEN: ${{ secrets.CLOUD_SQL_TOKEN }} + run: | +# sudo apt-get update && sudo apt-get install -y gettext + VARS=$(sed -n 's/.*{{\s*\([A-Za-z_][A-Za-z0-9_]*\)\s*}}.*/\1/p' ${{ inputs.project-path }}/${SDL} | sort | uniq | sed 's/[^ ]* */$&/g' | tr '\n' ' ') + cat ${{ inputs.project-path }}/${SDL} + sed 's/{{\([A-Za-z_][A-Za-z0-9_]*\)}}/\$\1/g' ${{ inputs.project-path }}/${SDL} | envsubst "$VARS" > ${PARSED_SDL} + echo "--------------- PARSED SDL FILE ---------------" + cat ${PARSED_SDL} + echo "--------------- END OF PARSED SDL FILE ---------------" - name: Update existing deployment id: update-deployment if: steps.call-get-deployment-status.outputs.is-deployment-active == 'true' env: - PASSWORD: ${{ secrets.PASSWORD }} + password: ${{ secrets.password }} run: | #echo "AKASH_DSEQ: $AKASH_DSEQ" @@ -128,10 +151,10 @@ jobs: echo "Changing SDL to use the new image: ${{ inputs.image }}" # Change the image IMAGE_NAME version from the SDL file - sed -i "s|image: $IMAGE_NAME:.*|image: ${{ inputs.image }}|g" ${{ inputs.PROJECT_PATH }}/${SDL} + sed -i "s|image: $IMAGE_NAME:.*|image: ${{ inputs.image }}|g" ${PARSED_SDL} ## === broadcast tx === ## - TX=$(echo "${PASSWORD}" | ${CLIENT} tx deployment update ${{ inputs.PROJECT_PATH }}/${SDL} | jq -r '.txhash') + TX=$(echo "${password}" | ${CLIENT} tx deployment update ${PARSED_SDL} | jq -r '.txhash') if test -z $TX; then echo "No TX broadcasted!" echo "If you see \"Invalid: deployment version\" error above, it is likely because the SDL file was not changed." @@ -161,19 +184,15 @@ jobs: ( steps.call-get-deployment-status.outputs.is-deployment-active != 'true' || steps.call-cleanup-stale-state.outcome == 'success' ) || steps.call-get-deployment-status.outcome == 'skipped' env: - PASSWORD: ${{ secrets.PASSWORD }} + password: ${{ secrets.password }} run: | - #echo "AKASH_DSEQ: $AKASH_DSEQ" - #echo "AKASH_GSEQ: $AKASH_GSEQ" - #echo "AKASH_OSEQ: $AKASH_OSEQ" - #echo "AKASH_PROVIDER: $AKASH_PROVIDER" if test ! -z "$AKASH_DSEQ"; then echo "Looks like there was an issue closing stale deployment: $AKASH_DSEQ/$AKASH_GSEQ/$AKASH_OSEQ" exit 1 fi - + ## === broadcast tx === ## - TX=$(echo "${PASSWORD}" | ${CLIENT} tx deployment create ${{ inputs.PROJECT_PATH }}/${SDL} | jq -r '.txhash') + TX=$(echo "${password}" | ${CLIENT} tx deployment create ${PARSED_SDL} | jq -r '.txhash') if test -z $TX; then echo "No TX broadcasted!" exit 1 @@ -208,7 +227,7 @@ jobs: id: find-bids if: steps.create-deployment.outcome == 'success' env: - PASSWORD: ${{ secrets.PASSWORD }} + password: ${{ secrets.password }} run: | test ! -z "$AKASH_DSEQ" echo "Giving providers 12 seconds to bid ..." @@ -218,12 +237,12 @@ jobs: #BID_LENGTH=$(echo "$BID_LIST" | jq -r '.bids | length') # Remove blocklisted providers from the BID_LIST - if [[ -f ${{ inputs.PROJECT_PATH }}/.akash/BLOCKLIST ]]; then + if [[ -f ${{ inputs.project-path }}/.akash/${{inputs.project-name}}/BLOCKLIST ]]; then while read address; do - echo "Warning! Skipping provider $address based on the ${{ inputs.PROJECT_PATH }}/.akash/BLOCKLIST!" + echo "Warning! Skipping provider $address based on the ${{ inputs.project-path }}/.akash/${{inputs.project-name}}/BLOCKLIST!" TMP_BID_LIST="$(echo "$BID_LIST" | jq --arg address "$address" -c '.bids[] | del(select(.bid.bid_id.provider == $address))' | jq -s '{"bids": del(.. | nulls)}')" BID_LIST="$TMP_BID_LIST" - done < <(cat ${{ inputs.PROJECT_PATH }}/.akash/BLOCKLIST) # use process substitution to avoid subshell creation (cat file | while read ...) where variables are not preserved + done < <(cat ${{ inputs.project-path }}/.akash/${{inputs.project-name}}BLOCKLIST) # use process substitution to avoid subshell creation (cat file | while read ...) where variables are not preserved fi echo "$BID_LIST" | jq -r '.bids[].bid | {"price":.price.amount, "provider":.bid_id.provider}' | jq -s -r 'sort_by(.price | tonumber) | .[] | flatten | @tsv' if test ! -z $PROVIDER; then @@ -240,7 +259,7 @@ jobs: echo "Closing the deployment ..." ## === broadcast tx === ## - TX=$(echo "${PASSWORD}" | ${CLIENT} tx deployment close | jq -r '.txhash') + TX=$(echo "${password}" | ${CLIENT} tx deployment close | jq -r '.txhash') if test -z $TX; then echo "No TX broadcasted!" exit 1 @@ -274,7 +293,7 @@ jobs: steps.create-deployment.outcome == 'success' && steps.find-bids.outcome == 'success' env: - PASSWORD: ${{ secrets.PASSWORD }} + password: ${{ secrets.password }} run: | if test -z "$AKASH_DSEQ"; then echo "AKASH_DSEQ is not set. Possible causes:" @@ -289,7 +308,7 @@ jobs: echo "Going to accept the lease for: $AKASH_DSEQ/$AKASH_GSEQ/$AKASH_OSEQ on $AKASH_PROVIDER provider" ## === broadcast tx === ## - TX=$(echo "${PASSWORD}" | ${CLIENT} tx market lease create | jq -r '.txhash') + TX=$(echo "${password}" | ${CLIENT} tx market lease create | jq -r '.txhash') if test -z $TX; then echo "No TX broadcasted!" exit 1 @@ -315,7 +334,7 @@ jobs: - name: Deposit additional AKT tokens to the deployment id: deposit-deployment env: - PASSWORD: ${{ secrets.PASSWORD }} + password: ${{ secrets.password }} if: steps.create-lease.outcome == 'success' || steps.update-deployment.outcome == 'success' run: | test ! -z "$AKASH_DSEQ" @@ -325,40 +344,46 @@ jobs: echo "Consider depositing more AKT for it to last longer." # TODO: create a dedicated job for this task? # TODO: see to automate the minimum deposit (in days) / or rather add a crontab job which will take care of that. - #echo "${PASSWORD}" | ${CLIENT} tx deployment deposit 10000000uakt + #echo "${password}" | ${CLIENT} tx deployment deposit 10000000uakt #sleep ${BLOCK_TIME} - name: Send manifest to the provider id: send-manifest if: steps.create-lease.outcome == 'success' || steps.update-deployment.outcome == 'success' env: - PASSWORD: ${{ secrets.PASSWORD }} + password: ${{ secrets.password }} run: | test ! -z "$AKASH_DSEQ" test ! -z "$AKASH_PROVIDER" - echo "${PASSWORD}" | ${CLIENT} send-manifest ${{ inputs.PROJECT_PATH }}/${SDL} + echo "${password}" | ${CLIENT} send-manifest ${PARSED_SDL} - name: Lease status id: lease-status if: steps.create-lease.outcome == 'success' || steps.update-deployment.outcome == 'success' env: - PASSWORD: ${{ secrets.PASSWORD }} + password: ${{ secrets.password }} run: | test ! -z "$AKASH_DSEQ" - mkdir ${{ inputs.PROJECT_PATH }}/.akash 2>/dev/null || : - echo "${PASSWORD}" | ${CLIENT} lease-status | jq -r . > ${{ inputs.PROJECT_PATH }}/.akash/STATUS - cat ${{ inputs.PROJECT_PATH }}/.akash/STATUS + mkdir -p ${{ inputs.project-path }}/.akash/${{inputs.project-name}} 2>/dev/null || : + echo "${password}" | ${CLIENT} lease-status | jq -r . > ${{ inputs.project-path }}/.akash/${{inputs.project-name}}/STATUS + cat ${{ inputs.project-path }}/.akash/${{inputs.project-name}}/STATUS - name: Save DSEQ and PROVIDER if: steps.create-lease.outcome == 'success' || steps.update-deployment.outcome == 'success' run: | test ! -z "$AKASH_DSEQ" test ! -z "$AKASH_PROVIDER" - mkdir ${{ inputs.PROJECT_PATH }}/.akash 2>/dev/null || : - echo "$AKASH_DSEQ" > ${{ inputs.PROJECT_PATH }}/.akash/DSEQ - echo "$AKASH_PROVIDER" > ${{ inputs.PROJECT_PATH }}/.akash/PROVIDER + mkdir -p ${{ inputs.project-path }}/.akash/${{inputs.project-name}} 2>/dev/null || : + echo "$AKASH_DSEQ" > ${{ inputs.project-path }}/.akash/${{inputs.project-name}}/DSEQ + echo "$AKASH_PROVIDER" > ${{ inputs.project-path }}/.akash/${{inputs.project-name}}/PROVIDER + + - name: Remove the parsed SDL file + run: rm -f ${PARSED_SDL} - name: Commit & Push changes uses: actions-js/push@master with: github_token: ${{ secrets.ghcr-token }} + author_email: ${{ inputs.github-author-email }} + author_name: ${{ inputs.github-author-name }} + message: ${{ inputs.github-message }} diff --git a/.github/workflows/destroy.yml b/.github/workflows/destroy.yml index ce319dd..bc4a4bd 100644 --- a/.github/workflows/destroy.yml +++ b/.github/workflows/destroy.yml @@ -1,24 +1,24 @@ name: Destroy me -#description: Close a single deployment based on the state (.akash/{DSEQ,PROVIDER}) +#description: Close a single deployment based on the state (.akash/project-name) on: workflow_call: inputs: - PROJECT_PATH: + project-path: description: 'Path for the project to deploy' required: false default: '.' type: string - project_name: + project-name: description: 'Project name (will be used as prefix for cache keys)' required: false default: 'app' type: string secrets: - SEED: + seed: description: 'Seed phrase for the wallet' required: true - PASSWORD: + password: description: 'Password to decrypt the wallet' required: true ghcr-token: @@ -66,16 +66,16 @@ jobs: - name: Call Initialize Akash client uses: TedcryptoOrg/akash-deploy-action/.github/actions/init-akash@main with: - seed: ${{ secrets.SEED }} - password: ${{ secrets.PASSWORD }} - project_name: ${{ inputs.project_name }} + seed: ${{ secrets.seed }} + password: ${{ secrets.password }} + project-name: ${{ inputs.project-name }} - # Restore .akash/{DSEQ,PROVIDER} state + # Restore .akash/project-name state - name: Call Restore state id: call-restore-state uses: TedcryptoOrg/akash-deploy-action/.github/actions/restore-state@main with: - PROJECT_PATH: ${{ inputs.PROJECT_PATH }} + project-path: ${{ inputs.project-path }} - name: Call Get deployment status id: call-get-deployment-status @@ -88,6 +88,6 @@ jobs: uses: TedcryptoOrg/akash-deploy-action/.github/actions/close-state-deployment@main if: steps.call-get-deployment-status.outputs.is-deployment-active == 'true' with: - password: ${{ secrets.PASSWORD }} + password: ${{ secrets.password }} github_token: ${{ secrets.ghcr-token }} - PROJECT_PATH: ${{ inputs.PROJECT_PATH }} + project-path: ${{ inputs.project-path }} diff --git a/.github/workflows/nuke-all.yml b/.github/workflows/nuke-all.yml index 3a7b0f6..2405552 100644 --- a/.github/workflows/nuke-all.yml +++ b/.github/workflows/nuke-all.yml @@ -4,21 +4,21 @@ name: Nuke all deployments (releases all deposited AKT) on: workflow_call: inputs: - PROJECT_PATH: + project-path: description: 'Path for the project to deploy' required: false default: '.' type: string - project_name: + project-name: description: 'Project name (will be used as prefix for cache keys)' required: false default: 'app' type: string secrets: - SEED: + seed: description: 'Seed phrase for the wallet' required: true - PASSWORD: + password: description: 'Password to decrypt the wallet' required: true ghcr-token: @@ -69,13 +69,13 @@ jobs: - name: Call Initialize Akash client uses: TedcryptoOrg/akash-deploy-action/.github/actions/init-akash@main with: - seed: ${{ secrets.SEED }} - password: ${{ secrets.PASSWORD }} - project_name: ${{ inputs.project_name }} + seed: ${{ secrets.seed }} + password: ${{ secrets.password }} + project-name: ${{ inputs.project-name }} - name: Call Close all active uses: TedcryptoOrg/akash-deploy-action/.github/actions/close-all-active@main with: - password: ${{ secrets.PASSWORD }} + password: ${{ secrets.password }} github_token: ${{ secrets.ghcr-token }} - PROJECT_PATH: ${{ inputs.PROJECT_PATH }} + project-path: ${{ inputs.project-path }} diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..095f5a8 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +.idea +deploy-event.json +.secrets \ No newline at end of file diff --git a/README.md b/README.md index 84a3636..07b83b1 100644 --- a/README.md +++ b/README.md @@ -1,44 +1,5 @@ -# deploy-me +### Akash Deploy Action This repository deploys [deploy.yaml](deploy.yaml) in [Akash Network](https://akash.network) using GitHub Actions workflow. -# How does it work? - -[![Youtube video](https://img.youtube.com/vi/E2MzjNfEIPw/0.jpg)](https://www.youtube.com/watch?v=E2MzjNfEIPw) - -# How to use it? - -- Fork it. -- Get Keplr wallet https://wallet.keplr.app -- Buy some [AKT](https://www.coingecko.com/en/coins/akash-network) tokens on https://app.osmosis.zone (buy OSMO, exchange them to AKT, Withdraw AKT to your Keplr wallet) -- Create two secrets (see below) in your Github repo, under repo `Settings` -> `Secrets and variables` -> `Actions`. -- Top-up your wallet used in the GitHub Actions (20 AKT is enough to start); -- Update [deploy.yaml](deploy.yaml), you can find more examples in the [awesome-akash](https://github.com/akash-network/awesome-akash) repo. - -The deployment workflow will run automatically as you push to this repo. -You can also run it manually from the `Actions` tab. - -# Secrets - -## PASSWORD - -The password is used to encrypt your wallet. - -NOTE: password must be at least 8 characters long! - -## SEED - -A mnemonic seed derives a wallet address (Looking like this `akash1wy05zjnfha8zl5fzvgshdyhw89ndkpwdtt3sp7`) and has complete control over that address (issue transactions, send funds, create/close deployments, etc.). - -This GitHub Actions workflow will generate a new mnemonic seed named `SEED` if it does not find one. Create it in this repo (`Settings` -> `Secrets and variables` -> `Actions`). - -[![Github Actions secrets](./gh-secrets.png)](https://github.com/andy108369/deploy-me) - -It is up to you to use it, but I suggest you generate it by running Akash client on your local computer. (CLI command: `provider-services keys mnemonic`) -It is a MUST if you use a public repo where everyone can look up your workflow, including the mnemonic seed generated by this workflow. - -If you do not have an Akash client, you can install it by following this procedure https://docs.akash.network/guides/cli/detailed-steps/part-1.-install-akash - -# Blocklists - -You can specify a list of providers you do not wish to deploy at in [.akash/BLOCKLIST](.akash/BLOCKLIST) +Note, this is a fork intended to improve deployment process and add more features. All workflows besides deployment are not tested. \ No newline at end of file diff --git a/TODO.md b/TODO.md index 1e9b24a..2dad721 100644 --- a/TODO.md +++ b/TODO.md @@ -3,7 +3,7 @@ - security: encrypt the .pem files before storing them into GH actions cache - add a GH action cronjob that would be accessing the GH actions cache every once a week so the cache won't expire, thus not causing the client create a new client cert each time the cache is missing; - address TODO found in this repo; -- display deployments which aren't part of the state (`.akash/{DSEQ,PROVIDER}`); +- display deployments which aren't part of the state (`.akash/${{inputs.project-name}}/{DSEQ,PROVIDER}`); - add a workflow for sending AKT tokens to akash1... address; - add a workflow for displaying akash1... address (+QR); - add a GH action cronjob to monitor the docker image (on docker hub / ghcr.io / ...) and update+deploy the deploy.sdl