From b9b2935ca3b8057f469e4cccf22b1522f932c3a1 Mon Sep 17 00:00:00 2001 From: Luis Helder Date: Thu, 8 Aug 2024 10:58:53 -0300 Subject: [PATCH] refactor: add a reusable workflow --- .github/reusable-workflows/deploy.yml | 139 +++++++++++++ .github/workflows/deploy.yml | 280 +++++++++++--------------- 2 files changed, 253 insertions(+), 166 deletions(-) create mode 100644 .github/reusable-workflows/deploy.yml diff --git a/.github/reusable-workflows/deploy.yml b/.github/reusable-workflows/deploy.yml new file mode 100644 index 0000000..f882fad --- /dev/null +++ b/.github/reusable-workflows/deploy.yml @@ -0,0 +1,139 @@ +# .github/workflows/deploy.yml +name: Deploy + +permissions: + id-token: write + contents: read + +env: + ELASTIC_SEARCH_TIMEOUT: 25 + ELASTIC_RESULTS_PER_PAGE: 10 + NODE_CACHE_TTL: 30 + +on: + workflow_call: + inputs: + aws_region: + description: 'AWS Region' + required: true + type: string + aws_iam_role: + description: 'AWS IAM Role' + required: true + type: string + aws_secret_arn: + description: 'AWS Secret ARN' + required: true + type: string + serverless_stage: + description: 'Serverless Stage' + required: true + type: string + docker_image_tag: + description: 'Docker Image Tag' + required: false + default: '' + type: string + api_port: + description: 'API Port' + required: true + type: string + hathor_core_url: + description: 'Hathor Core URL' + required: true + type: string + hathor_nodes: + description: 'Hathor Nodes' + required: true + type: string + redis_key_prefix: + description: 'Redis Key Prefix' + required: true + type: string + redis_port: + description: 'Redis Port' + required: true + type: string + redis_db: + description: 'Redis DB' + required: true + type: string + metadata_bucket: + description: 'Metadata Bucket' + required: true + type: string + cors_allowed_regex: + description: 'CORS Allowed Regex' + required: true + type: string + elastic_index: + description: 'Elastic Index' + required: true + type: string + elastic_tx_index: + description: 'Elastic TX Index' + required: true + type: string + elastic_token_balances_index: + description: 'Elastic Token Balances Index' + required: true + type: string + healthcheck_hathor_core_enabled: + description: 'Healthcheck Hathor Core Enabled' + required: true + type: boolean + healthcheck_wallet_service_db_enabled: + description: 'Healthcheck Wallet Service DB Enabled' + required: true + type: boolean + healthcheck_elasticsearch_enabled: + description: 'Healthcheck Elasticsearch Enabled' + required: true + type: boolean + healthcheck_redis_enabled: + description: 'Healthcheck Redis Enabled' + required: true + type: boolean + +jobs: + deploy: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + + - name: Prepare deploy + uses: ./.github/actions/prepare-deploy + with: + aws_region: ${{ inputs.aws_region }} + aws_iam_role: ${{ inputs.aws_iam_role }} + aws_secret_arn: ${{ inputs.aws_secret_arn }} + + - name: Deploy Lambdas + run: | + make deploy-lambdas-ci stage=${{ inputs.serverless_stage }} + env: + AWS_DEFAULT_REGION: ${{ inputs.aws_region }} + API_PORT: ${{ inputs.api_port }} + HATHOR_CORE_URL: ${{ inputs.hathor_core_url }} + HATHOR_NODES: ${{ inputs.hathor_nodes }} + REDIS_KEY_PREFIX: ${{ inputs.redis_key_prefix }} + REDIS_PORT: ${{ inputs.redis_port }} + REDIS_DB: ${{ inputs.redis_db }} + METADATA_BUCKET: ${{ inputs.metadata_bucket }} + CORS_ALLOWED_REGEX: ${{ inputs.cors_allowed_regex }} + ELASTIC_INDEX: ${{ inputs.elastic_index }} + ELASTIC_TX_INDEX: ${{ inputs.elastic_tx_index }} + ELASTIC_TOKEN_BALANCES_INDEX: ${{ inputs.elastic_token_balances_index }} + HEALTHCHECK_HATHOR_CORE_ENABLED: ${{ inputs.healthcheck_hathor_core_enabled }} + HEALTHCHECK_WALLET_SERVICE_DB_ENABLED: ${{ inputs.healthcheck_wallet_service_db_enabled }} + HEALTHCHECK_ELASTICSEARCH_ENABLED: ${{ inputs.healthcheck_elasticsearch_enabled }} + HEALTHCHECK_REDIS_ENABLED: ${{ inputs.healthcheck_redis_enabled }} + + - name: Deploy Daemons + # Deploy only if the inputs.docker_image_tag is not empty + if: ${{ inputs.docker_image_tag != '' }} + run: | + export DOCKER_IMAGE_TAG=${{ inputs.docker_image_tag }} + make deploy-daemons + rm /home/runner/.docker/config.json \ No newline at end of file diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 57df42b..94e7d63 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -2,19 +2,9 @@ name: deploy on: push: - branches: [main, dev] + branches: [main, dev, ci/iam-roles-and-aws-secrets-sub-accounts] tags: ['v*.*.*'] -env: - AWS_DEFAULT_REGION: 'eu-central-1' - ELASTIC_SEARCH_TIMEOUT: 25 - ELASTIC_RESULTS_PER_PAGE: 10 - NODE_CACHE_TTL: 30 - -permissions: - id-token: write - contents: read - jobs: init: runs-on: ubuntu-latest @@ -36,6 +26,8 @@ jobs: echo "environment=dev" >> $GITHUB_OUTPUT fi + echo "timestamp=`date +%s`" >> $GITHUB_OUTPUT + dependencies: runs-on: ubuntu-latest @@ -80,40 +72,30 @@ jobs: if: ${{ needs.init.outputs.environment == 'dev' }} steps: - # https://github.com/actions/checkout/releases/tag/v3.5.3 - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 - - name: Prepare deploy - uses: ./.github/actions/prepare-deploy + - name: Call reusable deploy workflow + uses: ./.github/workflows/deploy.yml with: aws_region: eu-central-1 aws_iam_role: arn:aws:iam::769498303037:role/ExplorerServiceGitHubActionsRole aws_secret_arn: arn:aws:secretsmanager:eu-central-1:769498303037:secret:ExplorerService/dev-0ikehC - - name: Deploy Lambdas Dev - run: | - make deploy-lambdas-ci stage=dev - env: + serverless_stage: dev + docker_image_tag: dev-${{ github.sha }}-${{ needs.init.outputs.timestamp }} # XXX: Some env vars come from the secret https://eu-central-1.console.aws.amazon.com/secretsmanager/secret?name=ExplorerService%2Fdev®ion=eu-central-1 - API_PORT: 3001 - HATHOR_CORE_URL: https://node.explorer.testnet.hathor.network - HATHOR_NODES: https://node1.testnet.hathor.network,https://node.explorer.testnet.hathor.network - REDIS_KEY_PREFIX: hathor-explorer-service-dev - REDIS_PORT: 6379 - REDIS_DB: 0 - METADATA_BUCKET: hathor-explorer-metadata-dev - CORS_ALLOWED_REGEX: .* - ELASTIC_INDEX: dev-token - ELASTIC_TX_INDEX: dev-tx - ELASTIC_TOKEN_BALANCES_INDEX: dev-token-balance - HEALTHCHECK_HATHOR_CORE_ENABLED: True - HEALTHCHECK_WALLET_SERVICE_DB_ENABLED: True - HEALTHCHECK_ELASTICSEARCH_ENABLED: True - HEALTHCHECK_REDIS_ENABLED: True - - name: Deploy Daemons Dev - run: | - timestamp=`date +%s`; \ - export DOCKER_IMAGE_TAG=dev-${{ github.sha }}-$timestamp - make deploy-daemons - rm /home/runner/.docker/config.json + api_port: 3001 + hathor_core_url: https://node.explorer.testnet.hathor.network + hathor_nodes: https://node1.testnet.hathor.network,https://node.explorer.testnet.hathor.network + redis_key_prefix: hathor-explorer-service-dev + redis_port: 6379 + redis_db: 0 + metadata_bucket: hathor-explorer-metadata-dev + cors_allowed_regex: .* + elastic_index: dev-token + elastic_tx_index: dev-tx + elastic_token_balances_index: dev-token-balance + healthcheck_hathor_core_enabled: true + healthcheck_wallet_service_db_enabled: true + healthcheck_elasticsearch_enabled: true + healthcheck_redis_enabled: true deploy-testnet: runs-on: ubuntu-latest needs: [init, dependencies] @@ -121,40 +103,30 @@ jobs: if: ${{ needs.init.outputs.environment == 'testnet' }} steps: - # https://github.com/actions/checkout/releases/tag/v3.5.3 - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 - - name: Prepare deploy - uses: ./.github/actions/prepare-deploy + - name: Call reusable deploy workflow + uses: ./.github/workflows/deploy.yml with: aws_region: eu-central-1 aws_iam_role: arn:aws:iam::769498303037:role/ExplorerServiceGitHubActionsRole aws_secret_arn: arn:aws:secretsmanager:eu-central-1:769498303037:secret:ExplorerService/testnet-lcBuyc - - name: Deploy Lambdas Testnet - run: | - make deploy-lambdas-ci stage=testnet - env: + serverless_stage: testnet + docker_image_tag: testnet-${{ github.sha }}-${{ needs.init.outputs.timestamp }} # XXX: Some env vars come from the secret https://eu-central-1.console.aws.amazon.com/secretsmanager/secret?name=ExplorerService%2Ftestnet®ion=eu-central-1 - API_PORT: 3001 - HATHOR_CORE_URL: https://node.explorer.testnet.hathor.network - HATHOR_NODES: https://node1.testnet.hathor.network,https://node.explorer.testnet.hathor.network - REDIS_KEY_PREFIX: hathor-explorer-service-testnet - REDIS_PORT: 6379 - REDIS_DB: 0 - METADATA_BUCKET: hathor-explorer-metadata-testnet - CORS_ALLOWED_REGEX: https?:\/\/([a-z0-9]*\.){0,5}hathor\.network - ELASTIC_INDEX: testnet-token - ELASTIC_TX_INDEX: testnet-tx - ELASTIC_TOKEN_BALANCES_INDEX: testnet-token-balance - HEALTHCHECK_HATHOR_CORE_ENABLED: True - HEALTHCHECK_WALLET_SERVICE_DB_ENABLED: True - HEALTHCHECK_ELASTICSEARCH_ENABLED: True - HEALTHCHECK_REDIS_ENABLED: True - - name: Deploy Daemons Testnet - run: | - timestamp=`date +%s`; \ - export DOCKER_IMAGE_TAG=testnet-${{ github.sha }}-$timestamp - make deploy-daemons - rm /home/runner/.docker/config.json + api_port: 3001 + hathor_core_url: https://node.explorer.testnet.hathor.network + hathor_nodes: https://node1.testnet.hathor.network,https://node.explorer.testnet.hathor.network + redis_key_prefix: hathor-explorer-service-testnet + redis_port: 6379 + redis_db: 0 + metadata_bucket: hathor-explorer-metadata-testnet + cors_allowed_regex: https?:\/\/([a-z0-9]*\.){0,5}hathor\.network + elastic_index: testnet-token + elastic_tx_index: testnet-tx + elastic_token_balances_index: testnet-token-balance + healthcheck_hathor_core_enabled: true + healthcheck_wallet_service_db_enabled: true + healthcheck_elasticsearch_enabled: true + healthcheck_redis_enabled: true deploy-nano-testnet: runs-on: ubuntu-latest needs: [init, dependencies] @@ -162,34 +134,29 @@ jobs: if: ${{ needs.init.outputs.environment == 'testnet' }} steps: - # https://github.com/actions/checkout/releases/tag/v3.5.3 - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 - - name: Prepare deploy - uses: ./.github/workflows/lib/prepare-deploy + - name: Call reusable deploy workflow + uses: ./.github/workflows/deploy.yml with: aws_region: eu-central-1 aws_iam_role: arn:aws:iam::471112952246:role/ExplorerServiceGitHubActionsRole aws_secret_arn: arn:aws:secretsmanager:eu-central-1:471112952246:secret:ExplorerService/nano-testnet-MWxHpF - - name: Deploy Lambdas Nano Testnet - run: | - make deploy-lambdas-ci stage=nano - env: + serverless_stage: nano # XXX: Some env vars come from the secret https://eu-central-1.console.aws.amazon.com/secretsmanager/secret?name=ExplorerService%2Fnano-testnet®ion=eu-central-1 - API_PORT: 3001 - HATHOR_CORE_URL: https://node1.nano-testnet.hathor.network - HATHOR_NODES: https://node1.nano-testnet.hathor.network - REDIS_KEY_PREFIX: hathor-explorer-service-nano - REDIS_PORT: 6379 - REDIS_DB: 1 - METADATA_BUCKET: hathor-explorer-metadata-nano-testnet - CORS_ALLOWED_REGEX: https?:\/\/([a-z0-9]*\.){0,5}hathor\.network - ELASTIC_INDEX: nano-testnet-token - ELASTIC_TX_INDEX: nano-testnet-tx - ELASTIC_TOKEN_BALANCES_INDEX: nano-testnet-token-balance - HEALTHCHECK_HATHOR_CORE_ENABLED: True - HEALTHCHECK_WALLET_SERVICE_DB_ENABLED: True - HEALTHCHECK_ELASTICSEARCH_ENABLED: True - HEALTHCHECK_REDIS_ENABLED: True + api_port: 3001 + hathor_core_url: https://node1.nano-testnet.hathor.network + hathor_nodes: https://node1.nano-testnet.hathor.network + redis_key_prefix: hathor-explorer-service-nano-testnet + redis_port: 6379 + redis_db: 1 + metadata_bucket: hathor-explorer-metadata-nano-testnet + cors_allowed_regex: https?:\/\/([a-z0-9]*\.){0,5}hathor\.network + elastic_index: nano-testnet-token + elastic_tx_index: nano-testnet-tx + elastic_token_balances_index: nano-testnet-token-balance + healthcheck_hathor_core_enabled: true + healthcheck_wallet_service_db_enabled: true + healthcheck_elasticsearch_enabled: true + healthcheck_redis_enabled: true deploy-ekvilibro-testnet: runs-on: ubuntu-latest needs: [init, dependencies] @@ -197,34 +164,29 @@ jobs: if: ${{ needs.init.outputs.environment == 'testnet' }} steps: - # https://github.com/actions/checkout/releases/tag/v3.5.3 - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 - - name: Prepare deploy - uses: ./.github/workflows/lib/prepare-deploy + - name: Call reusable deploy workflow + uses: ./.github/workflows/deploy.yml with: aws_region: eu-central-1 aws_iam_role: arn:aws:iam::730335348496:role/ExplorerServiceGitHubActionsRole aws_secret_arn: arn:aws:secretsmanager:eu-central-1:730335348496:secret:ExplorerService/ekvilibro-testnet-DaDPgT - - name: Deploy Lambdas Ekvilibro Testnet - run: | - make deploy-lambdas-ci stage=ekvilibro - env: + serverless_stage: ekvilibro # XXX: Some env vars come from the secret https://eu-central-1.console.aws.amazon.com/secretsmanager/secret?name=ExplorerService%2Fekvilibro-testnet®ion=eu-central-1 - API_PORT: 3001 - HATHOR_CORE_URL: https://node-side-dag.ekvilibro-testnet.hathor.network - HATHOR_NODES: https://node-side-dag.ekvilibro-testnet.hathor.network - REDIS_KEY_PREFIX: hathor-explorer-service-ekvilibro - REDIS_PORT: 6379 - REDIS_DB: 0 - METADATA_BUCKET: hathor-explorer-metadata-ekvilibro-testnet - CORS_ALLOWED_REGEX: https?:\/\/([a-z0-9]*\.){0,5}hathor\.network - ELASTIC_INDEX: ekvilibro-testnet-token - ELASTIC_USER: explorer-service - ELASTIC_TX_INDEX: ekvilibro-testnet-tx - HEALTHCHECK_HATHOR_CORE_ENABLED: True - HEALTHCHECK_WALLET_SERVICE_DB_ENABLED: True - HEALTHCHECK_ELASTICSEARCH_ENABLED: True - HEALTHCHECK_REDIS_ENABLED: True + api_port: 3001 + hathor_core_url: https://node-side-dag.ekvilibro-testnet.hathor.network + hathor_nodes: https://node-side-dag.ekvilibro-testnet.hathor.network + redis_key_prefix: hathor-explorer-service-ekvilibro-testnet + redis_port: 6379 + redis_db: 0 + metadata_bucket: hathor-explorer-metadata-ekvilibro-testnet + cors_allowed_regex: https?:\/\/([a-z0-9]*\.){0,5}hathor\.network + elastic_index: ekvilibro-testnet-token + elastic_tx_index: ekvilibro-testnet-tx + elastic_token_balances_index: ekvilibro-testnet-token-balance + healthcheck_hathor_core_enabled: true + healthcheck_wallet_service_db_enabled: true + healthcheck_elasticsearch_enabled: true + healthcheck_redis_enabled: true deploy-ekvilibro-mainnet: runs-on: ubuntu-latest needs: [init, dependencies] @@ -232,34 +194,29 @@ jobs: if: ${{ needs.init.outputs.environment == 'mainnet' }} steps: - # https://github.com/actions/checkout/releases/tag/v3.5.3 - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 - - name: Prepare deploy - uses: ./.github/workflows/lib/prepare-deploy + - name: Call reusable deploy workflow + uses: ./.github/workflows/deploy.yml with: aws_region: eu-central-1 aws_iam_role: arn:aws:iam::730335348496:role/ExplorerServiceGitHubActionsRole aws_secret_arn: arn:aws:secretsmanager:eu-central-1:730335348496:secret:ExplorerService/ekvilibro-mainnet-yvc3s2 - - name: Deploy Lambdas Ekvilibro Mainnet - run: | - make deploy-lambdas-ci stage=ekvi-main - env: + serverless_stage: ekvi-main # XXX: Some env vars come from the secret https://eu-central-1.console.aws.amazon.com/secretsmanager/secret?name=ExplorerService%2Fekvilibro-mainnet®ion=eu-central-1 - API_PORT: 3001 - HATHOR_CORE_URL: https://node-side-dag.ekvilibro-mainnet.hathor.network - HATHOR_NODES: https://node-side-dag.ekvilibro-mainnet.hathor.network - REDIS_KEY_PREFIX: hathor-explorer-service-ekvilibro-mainnet - REDIS_PORT: 6379 - REDIS_DB: 0 - METADATA_BUCKET: hathor-explorer-metadata-ekvilibro-mainnet - CORS_ALLOWED_REGEX: https?:\/\/([a-z0-9]*\.){0,5}hathor\.network - ELASTIC_INDEX: ekvilibro-mainnet-token - ELASTIC_USER: explorer-service - ELASTIC_TX_INDEX: ekvilibro-mainnet-tx - HEALTHCHECK_HATHOR_CORE_ENABLED: True - HEALTHCHECK_WALLET_SERVICE_DB_ENABLED: True - HEALTHCHECK_ELASTICSEARCH_ENABLED: True - HEALTHCHECK_REDIS_ENABLED: True + api_port: 3001 + hathor_core_url: https://node-side-dag.ekvilibro-mainnet.hathor.network + hathor_nodes: https://node-side-dag.ekvilibro-mainnet.hathor.network + redis_key_prefix: hathor-explorer-service-ekvilibro-mainnet + redis_port: 6379 + redis_db: 0 + metadata_bucket: hathor-explorer-metadata-ekvilibro-mainnet + cors_allowed_regex: https?:\/\/([a-z0-9]*\.){0,5}hathor\.network + elastic_index: ekvilibro-mainnet-token + elastic_tx_index: ekvilibro-mainnet-tx + elastic_token_balances_index: ekvilibro-mainnet-token-balance + healthcheck_hathor_core_enabled: true + healthcheck_wallet_service_db_enabled: true + healthcheck_elasticsearch_enabled: true + healthcheck_redis_enabled: true deploy-mainnet: runs-on: ubuntu-latest needs: [init, dependencies] @@ -267,36 +224,27 @@ jobs: if: ${{ needs.init.outputs.environment == 'mainnet' }} steps: - # https://github.com/actions/checkout/releases/tag/v3.5.3 - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 - - name: Prepare deploy - uses: ./.github/actions/prepare-deploy + - name: Call reusable deploy workflow + uses: ./.github/workflows/deploy.yml with: aws_region: eu-central-1 aws_iam_role: arn:aws:iam::769498303037:role/ExplorerServiceGitHubActionsRole aws_secret_arn: arn:aws:secretsmanager:eu-central-1:769498303037:secret:ExplorerService/mainnet-DYYHfn - - name: Deploy Lambdas Mainnet - run: | - make deploy-lambdas-ci stage=mainnet - env: + serverless_stage: mainnet + docker_image_tag: ${GITHUB_REF#refs/*/} # XXX: Some env vars come from the secret https://eu-central-1.console.aws.amazon.com/secretsmanager/secret?name=ExplorerService%2Fmainnet®ion=eu-central-1 - API_PORT: 3001 - HATHOR_CORE_URL: https://node.explorer.hathor.network - HATHOR_NODES: https://node.explorer.hathor.network,https://node1.mainnet.hathor.network,https://node2.mainnet.hathor.network - REDIS_KEY_PREFIX: hathor-explorer-service-mainnet - REDIS_PORT: 6379 - REDIS_DB: 0 - METADATA_BUCKET: hathor-explorer-metadata-mainnet - CORS_ALLOWED_REGEX: https?:\/\/([a-z0-9]*\.){0,5}hathor\.network - ELASTIC_INDEX: mainnet-token - ELASTIC_TX_INDEX: mainnet-tx - ELASTIC_TOKEN_BALANCES_INDEX: mainnet-token-balance - HEALTHCHECK_HATHOR_CORE_ENABLED: True - HEALTHCHECK_WALLET_SERVICE_DB_ENABLED: True - HEALTHCHECK_ELASTICSEARCH_ENABLED: True - HEALTHCHECK_REDIS_ENABLED: True - - name: Deploy Daemons Mainnet - run: | - export DOCKER_IMAGE_TAG=${GITHUB_REF#refs/*/} - make deploy-daemons - rm /home/runner/.docker/config.json + api_port: 3001 + hathor_core_url: https://node.explorer.hathor.network + hathor_nodes: https://node.explorer.hathor.network,https://node1.mainnet.hathor.network,https://node2.mainnet.hathor.network + redis_key_prefix: hathor-explorer-service-mainnet + redis_port: 6379 + redis_db: 0 + metadata_bucket: hathor-explorer-metadata-mainnet + cors_allowed_regex: https?:\/\/([a-z0-9]*\.){0,5}hathor\.network + elastic_index: mainnet-token + elastic_tx_index: mainnet-tx + elastic_token_balances_index: mainnet-token-balance + healthcheck_hathor_core_enabled: true + healthcheck_wallet_service_db_enabled: true + healthcheck_elasticsearch_enabled: true + healthcheck_redis_enabled: true