-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #374 from near/develop
Co-authored-by: Daniyar Itegulov <[email protected]> Co-authored-by: kmaus-near <[email protected]> Co-authored-by: kmaus-near <[email protected]> Co-authored-by: Phuong Nguyen <[email protected]> Co-authored-by: Serhii Volovyk <[email protected]> Co-authored-by: DavidM-D <[email protected]> Fix docker image name (#304) fix: integration test not showing up (#312) fix: nonce issues (#310) Fixed the nix deps (#339) Fixed relayer version (#349) fix: address Beaver triple generation comments (#348) fix mainnet and testnet infra (#365) fix: use bigger runner for multichain (#370)
- Loading branch information
Showing
114 changed files
with
11,494 additions
and
3,334 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,152 @@ | ||
| name: Deploy to Prod environments. | ||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| network: | ||
| type: choice | ||
| options: | ||
| - mainnet | ||
| - testnet | ||
| description: mainnet or testnet network | ||
| required: true | ||
| version: | ||
| description: What mainnet version number is this deployment? (e.g. v0.1.0) | ||
| required: true | ||
|
|
||
|
|
||
| env: | ||
| PROJECT_PROD: "pagoda-discovery-platform-prod" | ||
| REGION: "us-east1" | ||
| IMAGE: us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery:${{ github.sha }} | ||
|
|
||
| jobs: | ||
| build-mpc-recovery: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| name: "Checkout mpc-recovery" | ||
|
|
||
| - name: Login to Artifact Registry | ||
| uses: docker/login-action@v2 | ||
| with: | ||
| registry: ${{ env.REGION }}-docker.pkg.dev | ||
| username: _json_key | ||
| password: ${{ secrets.GCP_CREDENTIALS_DEV }} | ||
|
|
||
| - name: Build Docker image and push to Google Artifact Registry | ||
| id: docker-push-tagged | ||
| uses: docker/build-push-action@v4 | ||
| with: | ||
| push: true | ||
| file: ./Dockerfile | ||
| tags: "${{ env.IMAGE }}:${{ github.sha }}" | ||
|
|
||
| deploy-mpc-recovery-testnet: | ||
| runs-on: ubuntu-latest | ||
| if: github.event.inputs.network == 'testnet' | ||
| needs: build-mpc-recovery | ||
| env: | ||
| name: PROD | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| name: "Checkout mpc-recovery" | ||
|
|
||
| - name: "Authenticate to GCloud" | ||
| uses: "google-github-actions/auth@v1" | ||
| with: | ||
| credentials_json: "${{ secrets.GCP_CREDENTIALS_DEV }}" | ||
|
|
||
| - name: Deploy leader to Cloud Run Testnet | ||
| id: deploy-leader | ||
| uses: google-github-actions/deploy-cloudrun@v1 | ||
| with: | ||
| image: "${{ env.IMAGE }}:${{ github.sha }}" | ||
| service: mpc-recovery-leader-testnet | ||
| region: us-east1 | ||
| project_id: "${{ env.PROJECT_PROD }}" | ||
| tag: "${{ github.event.inputs.version }}" | ||
|
|
||
| - name: Deploy signer to Cloud Run testnet | ||
| id: deploy-signer-0-testnet | ||
| uses: google-github-actions/deploy-cloudrun@v1 | ||
| with: | ||
| image: "${{ env.IMAGE }}:${{ github.sha }}" | ||
| service: mpc-recovery-signer-0-testnet | ||
| region: us-east1 | ||
| project_id: "${{ env.PROJECT_PROD }}" | ||
| tag: "${{ github.event.inputs.version }}" | ||
|
|
||
| - name: Deploy signer to Cloud Run testnet | ||
| id: deploy-signer-1-testnet | ||
| uses: google-github-actions/deploy-cloudrun@v1 | ||
| with: | ||
| image: "${{ env.IMAGE }}:${{ github.sha }}" | ||
| service: mpc-recovery-signer-1-testnet | ||
| region: us-east1 | ||
| project_id: "${{ env.PROJECT_PROD }}" | ||
| tag: "${{ github.event.inputs.version }}" | ||
|
|
||
| - name: Deploy signer to Cloud Run testnet | ||
| id: deploy-signer-2-testnet | ||
| uses: google-github-actions/deploy-cloudrun@v1 | ||
| with: | ||
| image: "${{ env.IMAGE }}:${{ github.sha }}" | ||
| service: mpc-recovery-signer-2-testnet | ||
| region: us-east1 | ||
| project_id: "${{ env.PROJECT_PROD }}" | ||
| tag: "${{ github.event.inputs.version }}" | ||
|
|
||
| deploy-mpc-recovery-mainnet: | ||
| runs-on: ubuntu-latest | ||
| if: github.event.inputs.network == 'mainnet' | ||
| needs: build-mpc-recovery | ||
| env: | ||
| name: PROD | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| name: "Checkout mpc-recovery" | ||
|
|
||
| - name: "Authenticate to GCloud" | ||
| uses: "google-github-actions/auth@v1" | ||
| with: | ||
| credentials_json: "${{ secrets.GCP_CREDENTIALS_DEV }}" | ||
|
|
||
| - name: Deploy leader to Cloud Run mainnet | ||
| id: deploy-leader | ||
| uses: google-github-actions/deploy-cloudrun@v1 | ||
| with: | ||
| image: "${{ env.IMAGE }}:${{ github.sha }}" | ||
| service: mpc-recovery-leader-mainnet | ||
| region: us-east1 | ||
| project_id: "${{ env.PROJECT_PROD }}" | ||
| tag: "${{ github.event.inputs.version }}" | ||
|
|
||
| - name: Deploy signer to Cloud Run mainnet | ||
| id: deploy-signer-0 | ||
| uses: google-github-actions/deploy-cloudrun@v1 | ||
| with: | ||
| image: "${{ env.IMAGE }}:${{ github.sha }}" | ||
| service: mpc-recovery-signer-0-mainnet | ||
| region: us-east1 | ||
| project_id: "${{ env.PROJECT_PROD }}" | ||
| tag: "${{ github.event.inputs.version }}" | ||
|
|
||
| - name: Deploy signer to Cloud Run mainnet | ||
| id: deploy-signer-1 | ||
| uses: google-github-actions/deploy-cloudrun@v1 | ||
| with: | ||
| image: "${{ env.IMAGE }}:${{ github.sha }}" | ||
| service: mpc-recovery-signer-1-mainnet | ||
| region: us-east1 | ||
| project_id: "${{ env.PROJECT_PROD }}" | ||
| tag: "${{ github.event.inputs.version }}" | ||
|
|
||
| - name: Deploy signer to Cloud Run mainnet | ||
| id: deploy-signer-2 | ||
| uses: google-github-actions/deploy-cloudrun@v1 | ||
| with: | ||
| image: "${{ env.IMAGE }}:${{ github.sha }}" | ||
| service: mpc-recovery-signer-2-mainnet | ||
| region: us-east1 | ||
| project_id: "${{ env.PROJECT_PROD }}" | ||
| tag: "${{ github.event.inputs.version }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| name: Docker Image | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - develop | ||
| pull_request: | ||
|
|
||
| jobs: | ||
| build-image: | ||
| runs-on: ubuntu-latest | ||
| name: Build and Push | ||
|
|
||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Login to GCP Artifact Registry | ||
| run: echo "$GOOGLE_CREDENTIALS" | docker login -u _json_key --password-stdin https://us-east1-docker.pkg.dev | ||
| env: | ||
| GOOGLE_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS_DEV }} | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v2 | ||
|
|
||
| - name: Build Docker image | ||
| uses: docker/build-push-action@v4 | ||
| with: | ||
| context: . | ||
| tags: us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:${{ github.sha }} | ||
| load: true | ||
| cache-from: type=gha | ||
| cache-to: type=gha,mode=max | ||
|
|
||
| - name: Push Docker image | ||
| run: docker push us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/mpc-recovery/mpc-recovery-dev:${{ github.sha }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,76 @@ | ||
| name: Build Image and Test | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - develop | ||
| pull_request: | ||
| paths: | ||
| - integration-tests/** | ||
| - mpc-recovery/** | ||
| - load-tests/** | ||
| - test-oidc-provider/** | ||
|
|
||
| jobs: | ||
| integrations: | ||
| name: Integration | ||
| strategy: | ||
| matrix: | ||
| # FIXME: macos-latest-xl is disabled since colima is erroring out right now | ||
| os: [ubuntu-latest] | ||
| runs-on: ${{ matrix.os }} | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v3 | ||
|
|
||
| - name: Install Docker | ||
| if: ${{ matrix.os == 'macos-latest-xl' }} | ||
| run: | | ||
| brew install docker | ||
| colima start | ||
| # Colima does not expose the Docker socket by default, we have to symlink it | ||
| # https://github.com/abiosoft/colima/blob/main/docs/FAQ.md#cannot-connect-to-the-docker-daemon-at-unixvarrundockersock-is-the-docker-daemon-running | ||
| sudo ln -sf $HOME/.colima/default/docker.sock /var/run/docker.sock | ||
| - name: Login to GitHub Container Registry | ||
| uses: docker/login-action@v1 | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Pull Relayer & Sandbox Docker Images | ||
| run: | | ||
| docker pull ghcr.io/near/os-relayer:12ba6e35690df3979fce0b36a41d0ca0db9c0ab4 | ||
| docker pull ghcr.io/near/sandbox | ||
| - name: Build OIDC Provider Dcoker Image | ||
| run: docker build -t near/test-oidc-provider ./test-oidc-provider | ||
|
|
||
| - name: Login to GCP Artifact Registry | ||
| run: echo "$GOOGLE_CREDENTIALS" | docker login -u _json_key --password-stdin https://us-east1-docker.pkg.dev | ||
| env: | ||
| GOOGLE_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS_DEV }} | ||
|
|
||
| - name: Install stable toolchain | ||
| uses: actions-rs/toolchain@v1 | ||
| with: | ||
| profile: minimal | ||
| toolchain: stable | ||
| target: wasm32-unknown-unknown | ||
|
|
||
| - uses: Swatinem/rust-cache@v1 | ||
|
|
||
| - name: Install Protoc | ||
| uses: arduino/[email protected] | ||
| with: | ||
| repo-token: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Compile Contract | ||
| run: cargo build -p mpc-contract --target wasm32-unknown-unknown --release | ||
|
|
||
| - name: Test | ||
| run: cargo test -p mpc-recovery-integration-tests mpc --jobs 1 -- --test-threads 1 | ||
| env: | ||
| RUST_LOG: INFO | ||
| RUST_BACKTRACE: 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,22 +1,29 @@ | ||
| name: Integration | ||
| name: Integration (Multichain) | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| - develop | ||
| pull_request: | ||
| paths: | ||
| - integration-tests/** | ||
| - node/** | ||
| - contract/** | ||
|
|
||
| env: | ||
| RUSTFLAGS: -D warnings | ||
| jobs: | ||
| test: | ||
| name: Test | ||
| strategy: | ||
| matrix: | ||
| # FIXME: macos-latest-xl is disabled since colima is erroring out right now | ||
| os: [ubuntu-latest] | ||
| os: [ubuntu-22.04-4core] | ||
| runs-on: ${{ matrix.os }} | ||
| name: Test | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v3 | ||
|
|
||
| - name: Install Docker | ||
| if: ${{ matrix.os == 'macos-latest-xl' }} | ||
| run: | | ||
|
|
@@ -25,38 +32,43 @@ jobs: | |
| # Colima does not expose the Docker socket by default, we have to symlink it | ||
| # https://github.com/abiosoft/colima/blob/main/docs/FAQ.md#cannot-connect-to-the-docker-daemon-at-unixvarrundockersock-is-the-docker-daemon-running | ||
| sudo ln -sf $HOME/.colima/default/docker.sock /var/run/docker.sock | ||
| - name: Login to GitHub Container Registry | ||
| uses: docker/login-action@v1 | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Pull Relayer Docker Image | ||
|
|
||
| - name: Pull Relayer & Sandbox Docker Images | ||
| run: | | ||
| docker pull ghcr.io/near/pagoda-relayer-rs-fastauth | ||
| docker pull ghcr.io/near/sandbox | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v2 | ||
| docker pull ghcr.io/near/os-relayer:12ba6e35690df3979fce0b36a41d0ca0db9c0ab4 | ||
| docker pull ghcr.io/near/near-lake-indexer:e6519c922435f3d18b5f2ddac5d1ec171ef4dd6b | ||
| docker pull localstack/localstack:latest | ||
| - name: Install stable toolchain | ||
| uses: actions-rs/toolchain@v1 | ||
| with: | ||
| profile: minimal | ||
| toolchain: stable | ||
| target: wasm32-unknown-unknown | ||
|
|
||
| - uses: Swatinem/rust-cache@v1 | ||
|
|
||
| - name: Install Protoc | ||
| uses: arduino/[email protected] | ||
| with: | ||
| repo-token: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Build Docker image | ||
| uses: docker/build-push-action@v4 | ||
| with: | ||
| context: . | ||
| tags: near/mpc-recovery:latest | ||
| load: true | ||
| cache-from: type=gha | ||
| cache-to: type=gha,mode=max | ||
|
|
||
| - name: Compile Contract | ||
| run: cargo build -p mpc-contract --target wasm32-unknown-unknown --release | ||
|
|
||
| - name: Build MPC Recovery Binary Locally | ||
| run: | | ||
| cargo build -p mpc-recovery-node --release | ||
| - name: Test | ||
| run: cargo test -p mpc-recovery-integration-tests --jobs 1 -- --test-threads 1 | ||
| run: cargo test -p mpc-recovery-integration-tests multichain --jobs 1 -- --test-threads 1 | ||
| env: | ||
| RUST_LOG: INFO | ||
| RUST_BACKTRACE: 1 | ||
| RUST_BACKTRACE: 1 | ||
Oops, something went wrong.