diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml new file mode 100644 index 0000000..1439e4b --- /dev/null +++ b/.github/workflows/checks.yml @@ -0,0 +1,14 @@ +name: Checks and Linters + +on: + push: + +jobs: + security: + uses: lidofinance/linters/.github/workflows/security.yml@master + + docker: + uses: lidofinance/linters/.github/workflows/docker.yml@master + + actions: + uses: lidofinance/linters/.github/workflows/actions.yml@master diff --git a/.github/workflows/ci-dev.yml b/.github/workflows/ci-dev.yml new file mode 100644 index 0000000..8c4abaf --- /dev/null +++ b/.github/workflows/ci-dev.yml @@ -0,0 +1,26 @@ +name: CI Dev + +on: + workflow_dispatch: + push: + branches: + - develop + paths-ignore: + - ".github/**" + +permissions: + contents: read + +jobs: + deploy: + runs-on: ubuntu-latest + name: Build and deploy + steps: + - name: Testnet deploy + uses: lidofinance/dispatch-workflow@v1 + env: + APP_ID: ${{ secrets.APP_ID }} + APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }} + TARGET_REPO: "lidofinance/infra-mainnet" + TARGET_WORKFLOW: "deploy_testnet_lido_content.yaml" + TARGET: "develop" diff --git a/.github/workflows/ci-preview-demolish.yml b/.github/workflows/ci-preview-demolish.yml new file mode 100644 index 0000000..0056c15 --- /dev/null +++ b/.github/workflows/ci-preview-demolish.yml @@ -0,0 +1,27 @@ +name: CI Preview stand demolish + +on: + workflow_dispatch: + pull_request: + types: + [converted_to_draft, closed] + branches-ignore: + - main + +permissions: {} + +jobs: + deploy: + runs-on: ubuntu-latest + name: Build and deploy + steps: + - name: Preview stand deploying + uses: lidofinance/dispatch-workflow@v1 + env: + APP_ID: ${{ secrets.APP_ID }} + APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }} + TARGET_REPO: "lidofinance/infra-mainnet" + TARGET: ${{ github.head_ref }} + TARGET_WORKFLOW: "preview_stand_demolish.yaml" + INPUTS_REPO_NAME: ${{ github.repository }} + INPUTS_PR_ID: ${{ github.event.pull_request.number }} diff --git a/.github/workflows/ci-preview-deploy.yml b/.github/workflows/ci-preview-deploy.yml new file mode 100644 index 0000000..5547f7f --- /dev/null +++ b/.github/workflows/ci-preview-deploy.yml @@ -0,0 +1,67 @@ +name: CI Preview stand deploy + +on: + workflow_dispatch: + inputs: + inventory: + description: inventory to be used for preview stand deploying + default: staging-critical + required: false + type: choice + options: + - staging-critical + - testnet + + pull_request: + types: [opened, synchronize, reopened, ready_for_review] + branches-ignore: + - main + +permissions: + contents: read + pull-requests: write + +jobs: + deploy: + runs-on: ubuntu-latest + if: ${{ github.event.pull_request.draft == false }} + name: Build and deploy + outputs: + stand_url: ${{ steps.stand.outputs.url }} + steps: + - uses: lidofinance/gh-find-current-pr@v1 + id: pr + + - name: Set ref + id: ref + run: echo "short_ref=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT + + - name: Preview stand deploying + uses: lidofinance/dispatch-workflow@v1 + env: + APP_ID: ${{ secrets.APP_ID }} + APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }} + TARGET_REPO: "lidofinance/infra-mainnet" + TARGET: ${{ github.head_ref || steps.ref.outputs.short_ref }} + TARGET_WORKFLOW: "preview_stand_deploy.yaml" + INPUTS_REPO_NAME: ${{ github.repository }} + INPUTS_PR_ID: ${{ github.event.pull_request.number || steps.pr.outputs.number }} + INPUTS_INVENTORY: "${{ inputs.inventory || 'staging-critical' }}" + + - name: Define repo short name + run: echo "short_name=$(echo ${{ github.repository }} | cut -d "/" -f 2)" >> $GITHUB_OUTPUT + id: repo + + - name: Define branch hash + run: echo "hash=$(echo "$HEAD_REF" | shasum -a 256 | cut -c -10)" >> $GITHUB_OUTPUT + id: branch + env: + HEAD_REF: ${{ github.head_ref || steps.ref.outputs.short_ref }} + + - name: Extract stand url + if: always() + run: echo "url=https://$SHORT_NAME-$BRANCH_HASH.branch-preview.org" >> $GITHUB_OUTPUT + id: stand + env: + SHORT_NAME: ${{ steps.repo.outputs.short_name }} + BRANCH_HASH: ${{ steps.branch.outputs.hash }} diff --git a/.github/workflows/ci-prod.yml b/.github/workflows/ci-prod.yml new file mode 100644 index 0000000..80b9e9d --- /dev/null +++ b/.github/workflows/ci-prod.yml @@ -0,0 +1,25 @@ +name: CI Build prod image + +on: + release: + types: [released] + +permissions: {} + +jobs: + # test: + # ... + + deploy: + runs-on: ubuntu-latest + # needs: test + name: Build and deploy + steps: + - name: Build prod image + uses: lidofinance/dispatch-workflow@v1 + env: + APP_ID: ${{ secrets.APP_ID }} + APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }} + TARGET_REPO: "lidofinance/infra-mainnet" + TAG: "${{ github.event.release.tag_name }}" + TARGET_WORKFLOW: "build_critical_lido_content.yaml" diff --git a/.github/workflows/ci-staging.yml b/.github/workflows/ci-staging.yml new file mode 100644 index 0000000..6c6bcae --- /dev/null +++ b/.github/workflows/ci-staging.yml @@ -0,0 +1,26 @@ +name: CI Staging + +on: + workflow_dispatch: + push: + branches: + - main + paths-ignore: + - ".github/**" + +permissions: + contents: read + +jobs: + deploy: + runs-on: ubuntu-latest + name: Build and deploy + steps: + - name: Staging deploy + uses: lidofinance/dispatch-workflow@v1 + env: + APP_ID: ${{ secrets.APP_ID }} + APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }} + TARGET_REPO: "lidofinance/infra-mainnet" + TARGET_WORKFLOW: "deploy_staging_critical_lido_content.yaml" + TARGET: "main" diff --git a/.github/workflows/prepare-release-draft.yml b/.github/workflows/prepare-release-draft.yml new file mode 100644 index 0000000..8ea14dd --- /dev/null +++ b/.github/workflows/prepare-release-draft.yml @@ -0,0 +1,14 @@ +name: Prepare release draft +on: + push: + branches: + - main + +permissions: + contents: write + +jobs: + prepare-release-draft: + uses: lidofinance/actions/.github/workflows/prepare-release-draft.yml@main + with: + target: main diff --git a/Dockerfile b/Dockerfile index dd7d3ac..f82abfe 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM caddy:2.7-alpine as building -RUN apk update && apk upgrade && apk add bash +RUN apk update && apk upgrade && apk add --no-cache bash="5.2.15-r5" RUN mkdir /app WORKDIR /app