diff --git a/.github/workflows/ci-run.yml b/.github/workflows/ci-run.yml new file mode 100644 index 0000000000..e01b1d208d --- /dev/null +++ b/.github/workflows/ci-run.yml @@ -0,0 +1,467 @@ +--- +name: ♻ CI Run +on: + pull_request: +env: + # ---------------------------------------------------------------------------- + # CI/CD + HOUSEKEEPER_NAME: "${{ vars.HOUSEKEEPER_NAME }}" + HOUSEKEEPER_EMAIL: "${{ secrets.HOUSEKEEPER_EMAIL }}" + HOUSEKEEPER_CI_TOKEN: "${{ secrets.HOUSEKEEPER_CI_TOKEN }}" + HOUSEKEEPER_GPG_KEY: "${{ secrets.HOUSEKEEPER_GPG_KEY }}" + HOUSEKEEPER_GPG_KEY_ID: "${{ secrets.HOUSEKEEPER_GPG_KEY_ID }}" + ARGOCD_URL: "${{ secrets.ARGOCD_URL }}" + ARGOCD_ACCESS_TOKEN: "${{ secrets.ARGOCD_ACCESS_TOKEN }}" + +jobs: + stop-e2e-env: + name: Stop E2E Env + needs: + - start-e2e-env + - run-e2e-tests + if: always() && (needs.start-e2e-env.result == 'success') + uses: ./.github/workflows/tpl-destroy-env.yml + secrets: inherit + with: + env-type: e2e + delete-env: true + pull-request-id: ${{ github.event.pull_request.number }} + workflow-id: ${{ github.run_id }} + + stop-api-env: + name: Stop APITest Env + needs: + - start-apitest-env + - run-api-tests + if: always() && (needs.start-apitest-env.result == 'success') + uses: ./.github/workflows/tpl-destroy-env.yml + secrets: inherit + with: + env-type: apitest + delete-env: true + pull-request-id: ${{ github.event.pull_request.number }} + workflow-id: ${{ github.run_id }} + + run-e2e-tests: + name: Run E2E Tests + needs: + - deploy-e2e-env + runs-on: + - metal + container: + image: registry.gitlab.com/golemfoundation/devops/container-builder/octant/synpress-arch:5dc8b447 + credentials: + username: "doesnt-matter" + password: "${{ secrets.GITLAB_PAT_CONTAINER_BUILDER_DOCKER_IMAGES_READ }}" + env: + ENV_TYPE: e2e + CI_MERGE_REQUEST_IID: ${{ github.event.pull_request.number }} + CI_PIPELINE_ID: ${{ github.run_id }} + CYPRESS_DOCKER_RUN: true + CI: true + METAMASK_VERSION: 10.25.0 + SECRET_WORDS: test test test test test test test test test test test junk + steps: + - uses: actions/checkout@v4.1.0 + - uses: actions/cache/restore@v4 + with: + path: |- + ${{ matrix.SERVICE }}/.yarn + ${{ matrix.SERVICE }}/node-modules + key: "${{ github.sha }}-yarn-client" + - uses: actions/cache/restore@v4 + with: + path: |- + ${{ matrix.SERVICE }}/.yarn + ${{ matrix.SERVICE }}/node-modules + key: "${{ github.sha }}-yarn-root" + - name: Run E2E tests + run: | + set -ex + + exit 0 + + export CI_PROJECT_DIR="${GITHUB_WORKSPACE}" + source ${CI_PROJECT_DIR}/ci/argocd/resolve_env.sh $ENV_TYPE + + # Setup NVM to use Node version 16 + source /usr/share/nvm/init-nvm.sh + nvm install 16 + nvm use 16 + npm i -g yarn + + pushd client + yarn install --cache-folder .yarn --frozen-lockfile --prefer-offline --no-audit + + bash ${CI_PROJECT_DIR}/ci/argocd/wait_for_app.sh + export OCTANT_BASE_URL; OCTANT_BASE_URL=https://$(bash ${CI_PROJECT_DIR}/ci/argocd/get_web_client_url.sh) + + yarn synpress:run + shell: bash + - uses: actions/upload-artifact@v4.0.0 + if: failure() + with: + name: "${{ github.job }}" + retention-days: 3 + path: |- + client/cypress/videos + client/cypress/screenshots + + run-api-tests: + name: Run API Tests + needs: + - deploy-apitest-env + runs-on: + - metal + container: + image: registry.gitlab.com/golemfoundation/devops/container-builder/octant/python-poetry-ext:ad1d9179 + credentials: + username: "doesnt-matter" + password: "${{ secrets.GITLAB_PAT_CONTAINER_BUILDER_DOCKER_IMAGES_READ }}" + env: + ENV_TYPE: apitest + CI_MERGE_REQUEST_IID: ${{ github.event.pull_request.number }} + CI_PIPELINE_ID: ${{ github.run_id }} + steps: + - uses: actions/checkout@v4.1.0 + - uses: actions/cache/restore@v4 + with: + path: backend/.venv + key: "${{ github.sha }}-poetry-backend" + - uses: actions/download-artifact@v4 + with: + name: ${{ needs.deploy-apitest-env.outputs.contracts-env-artifact-id }} + - name: Run API tests + run: | + set -ex + + export CI_PROJECT_DIR="${GITHUB_WORKSPACE}" + export $(grep -v '^#' ${CI_PROJECT_DIR}/contracts.env | xargs) + + source ${CI_PROJECT_DIR}/ci/argocd/resolve_env.sh $ENV_TYPE + + pushd backend + + poetry config virtualenvs.in-project true + poetry install + + bash ${CI_PROJECT_DIR}/ci/argocd/wait_for_app.sh + export ETH_RPC_PROVIDER_URL; ETH_RPC_PROVIDER_URL=https://$(bash ${CI_PROJECT_DIR}/ci/argocd/get_rpc_url.sh) + export SUBGRAPH_ENDPOINT; SUBGRAPH_ENDPOINT=https://$(bash ${CI_PROJECT_DIR}/ci/argocd/get_graph_url.sh)/subgraphs/name/octant + + poetry run pytest --onlyapi + shell: bash + + deploy-e2e-env: + name: Deploy E2E Env + needs: + - docker + - start-e2e-env + uses: ./.github/workflows/tpl-deploy-app.yml + with: + # --- + env-type: e2e + image-tag: ${{ github.sha }} + pull-request-id: ${{ github.event.pull_request.number }} + workflow-id: ${{ github.run_id }} + env-id: ${{ needs.start-e2e-env.outputs.env-id }} + deployment-id: ${{ needs.start-e2e-env.outputs.deployment-id }} + # --- + deploy-contracts: true + forward-first-epoch: true + chain-id: 1337 + network-name: local + chain-name: localhost + snapshotter-enabled: true + scheduler-enabled: true + glm-claim-enabled: true + vault-confirm-withdrawals-enabled: true + secrets: inherit + + deploy-apitest-env: + name: Deploy APITest Env + needs: + - docker + - start-apitest-env + uses: ./.github/workflows/tpl-deploy-app.yml + with: + # --- + env-type: apitest + image-tag: ${{ github.sha }} + pull-request-id: ${{ github.event.pull_request.number }} + workflow-id: ${{ github.run_id }} + env-id: ${{ needs.start-apitest-env.outputs.env-id }} + deployment-id: ${{ needs.start-apitest-env.outputs.deployment-id }} + # --- + deploy-contracts: true + chain-id: 1337 + network-name: local + chain-name: localhost + web-client-replicas: 0 + coin-prices-server-replicas: 0 + backend-server-replicas: 0 + secrets: inherit + + start-e2e-env: + name: Start E2E Env + uses: ./.github/workflows/tpl-start-env.yml + secrets: inherit + with: + env-type: e2e + git-ref: ${{ github.ref }} + pull-request-id: ${{ github.event.pull_request.number }} + workflow-id: ${{ github.run_id }} + + start-apitest-env: + name: Start APITest Env + uses: ./.github/workflows/tpl-start-env.yml + secrets: inherit + with: + env-type: apitest + git-ref: ${{ github.ref }} + pull-request-id: ${{ github.event.pull_request.number }} + workflow-id: ${{ github.run_id }} + + docker: + name: Docker + uses: ./.github/workflows/tpl-images.yml + secrets: inherit + with: + image-tag: ${{ github.sha }} + # +------------------------- + # | Tests: NodeJS + # +------------------------- + nodejs-tests: + name: NodeJS Tests + needs: + - lint-and-typecheck-yarn + runs-on: + - metal + container: + image: registry.gitlab.com/golemfoundation/devops/container-builder/octant/node-extended:bdda411c + credentials: + username: "doesnt-matter" + password: "${{ secrets.GITLAB_PAT_CONTAINER_BUILDER_DOCKER_IMAGES_READ }}" + strategy: + matrix: + SERVICE: + - contracts-v1 + - client + - coin-prices-server + - subgraph + steps: + - uses: actions/checkout@v4.1.0 + - uses: actions/cache/restore@v4 + with: + path: |- + node_modules + .yarn + key: "${{ github.sha }}-yarn-root" + - uses: actions/cache/restore@v4 + with: + path: |- + ${{ matrix.SERVICE }}/.yarn + ${{ matrix.SERVICE }}/node-modules + key: "${{ github.sha }}-yarn-${{ matrix.SERVICE }}" + - uses: actions/cache/restore@v4 + with: + path: |- + contracts-v1/artifacts + contracts-v1/typechain + key: "${{ github.sha }}-yarn-contracts-v1-extras" + - run: | + cd ${{ matrix.SERVICE }} + yarn install --cache-folder .yarn --non-interactive --frozen-lockfile + yarn test + shell: bash + # +------------------------- + # | Tests: Backend + # +------------------------- + backend-tests: + name: Backend Tests + needs: + - lint-and-typecheck-poetry + runs-on: + - metal + container: + image: registry.gitlab.com/golemfoundation/devops/container-builder/octant/python-poetry-ext:ad1d9179 + credentials: + username: "doesnt-matter" + password: "${{ secrets.GITLAB_PAT_CONTAINER_BUILDER_DOCKER_IMAGES_READ }}" + steps: + - uses: actions/checkout@v4.1.0 + - uses: actions/cache/restore@v4 + with: + path: backend/.venv + key: "${{ github.sha }}-poetry-backend" + - run: | + pushd backend + poetry config virtualenvs.in-project true + poetry install + poetry run pytest + shell: bash + # +------------------------- + # | Lint: poetry + # +------------------------- + lint-and-typecheck-poetry: + name: Lint and Typecheck Poetry + needs: + - build-backend + runs-on: + - metal + container: + image: registry.gitlab.com/golemfoundation/devops/container-builder/octant/python-poetry-ext:ad1d9179 + credentials: + username: "doesnt-matter" + password: "${{ secrets.GITLAB_PAT_CONTAINER_BUILDER_DOCKER_IMAGES_READ }}" + steps: + - uses: actions/checkout@v4.1.0 + - uses: actions/cache/restore@v4 + with: + path: backend/.venv + key: "${{ github.sha }}-poetry-backend" + - run: | + pushd backend + poetry config virtualenvs.in-project true + poetry install + poetry run black --check --extend-exclude .venv . + poetry run flake8 + shell: bash + # +------------------------- + # | Lint: yarn + # +------------------------- + lint-and-typecheck-yarn: + name: Lint and Typecheck Yarn + needs: + - build-contracts + - build-services + runs-on: + - metal + container: + image: registry.gitlab.com/golemfoundation/devops/container-builder/octant/node-extended:bdda411c + credentials: + username: "doesnt-matter" + password: "${{ secrets.GITLAB_PAT_CONTAINER_BUILDER_DOCKER_IMAGES_READ }}" + strategy: + matrix: + SERVICE: + - contracts-v1 + - client + - coin-prices-server + - subgraph + steps: + - uses: actions/checkout@v4.1.0 + - uses: actions/cache/restore@v4 + with: + path: |- + node_modules + .yarn + key: "${{ github.sha }}-yarn-root" + - uses: actions/cache/restore@v4 + with: + path: |- + ${{ matrix.SERVICE }}/.yarn + ${{ matrix.SERVICE }}/node-modules + key: "${{ github.sha }}-yarn-${{ matrix.SERVICE }}" + - uses: actions/cache/restore@v4 + with: + path: |- + contracts-v1/artifacts + contracts-v1/typechain + key: "${{ github.sha }}-yarn-contracts-v1-extras" + - run: | + pushd ${{ matrix.SERVICE }} + yarn install --cache-folder .yarn --non-interactive --frozen-lockfile + yarn eslint + yarn type-check + shell: bash + # +------------------------- + # | Build + # | client + # | cps + # | subgraph + # +------------------------- + build-services: + name: Build Services + needs: + - build-contracts + runs-on: + - metal + container: + image: registry.gitlab.com/golemfoundation/devops/container-builder/octant/node-extended:bdda411c + credentials: + username: "doesnt-matter" + password: "${{ secrets.GITLAB_PAT_CONTAINER_BUILDER_DOCKER_IMAGES_READ }}" + strategy: + matrix: + SERVICE: + - client + - coin-prices-server + - subgraph + steps: + - uses: actions/checkout@v4.1.0 + - uses: actions/cache/restore@v4 + with: + path: |- + node_modules + .yarn + key: "${{ github.sha }}-yarn-root" + - run: ci/build_${{ matrix.SERVICE }}.sh + - uses: actions/cache/save@v4 + with: + path: |- + ${{ matrix.SERVICE }}/.yarn + ${{ matrix.SERVICE }}/node-modules + key: "${{ github.sha }}-yarn-${{ matrix.SERVICE }}" + # +------------------------- + # | Build backend + # +------------------------- + build-backend: + name: Build Services + runs-on: + - metal + container: + image: registry.gitlab.com/golemfoundation/devops/container-builder/octant/python-poetry-ext:ad1d9179 + credentials: + username: "doesnt-matter" + password: "${{ secrets.GITLAB_PAT_CONTAINER_BUILDER_DOCKER_IMAGES_READ }}" + steps: + - uses: actions/checkout@v4.1.0 + - run: ci/build_backend.sh + - uses: actions/cache/save@v4 + with: + path: backend/.venv + key: "${{ github.sha }}-poetry-backend" + # +------------------------- + # | Build contracts + # +------------------------- + build-contracts: + name: Build Contracts + runs-on: + - metal + container: + image: registry.gitlab.com/golemfoundation/devops/container-builder/octant/node-extended:bdda411c + credentials: + username: "doesnt-matter" + password: "${{ secrets.GITLAB_PAT_CONTAINER_BUILDER_DOCKER_IMAGES_READ }}" + steps: + - uses: actions/checkout@v4.1.0 + - run: ci/build_contracts_v1.sh + - uses: actions/cache/save@v4 + with: + path: |- + node_modules + .yarn + key: "${{ github.sha }}-yarn-root" + - uses: actions/cache/save@v4 + with: + path: |- + contracts-v1/.yarn + contracts-v1/node_modules + key: "${{ github.sha }}-yarn-contracts-v1" + - uses: actions/cache/save@v4 + with: + path: |- + contracts-v1/artifacts + contracts-v1/typechain + key: "${{ github.sha }}-yarn-contracts-v1-extras" diff --git a/.github/workflows/deploy-master.yml b/.github/workflows/deploy-master.yml new file mode 100644 index 0000000000..d8b2932e6c --- /dev/null +++ b/.github/workflows/deploy-master.yml @@ -0,0 +1,41 @@ +--- +name: ▶️ Deploy Master +on: + workflow_dispatch: + +jobs: + build: + name: Build + uses: ./.github/workflows/tpl-images.yml + secrets: inherit + with: + image-tag: ${{ github.sha }} + run: + name: Run + uses: ./.github/workflows/tpl-start-env.yml + secrets: inherit + with: + git-ref: ${{ github.ref }} + env-type: master + workflow-id: ${{ github.run_id }} + deploy: + name: Deploy + needs: + - build + - run + uses: ./.github/workflows/tpl-deploy-app.yml + with: + env-type: master + env-id: ${{ needs.run.outputs.env-id }} + deployment-id: ${{ needs.run.outputs.deployment-id }} + image-tag: ${{ github.sha }} + workflow-id: ${{ github.run_id }} + # --- + chain-id: 11155111 + network-name: sepolia + chain-name: sepolia + snapshotter-enabled: true + scheduler-enabled: true + vault-confirm-withdrawals-enabled: true + glm-claim-enabled: true + secrets: inherit diff --git a/.github/workflows/deploy-pr.yml b/.github/workflows/deploy-pr.yml new file mode 100644 index 0000000000..3fd8df0353 --- /dev/null +++ b/.github/workflows/deploy-pr.yml @@ -0,0 +1,104 @@ +--- +name: ♻ PR Deployment +on: + issue_comment: + types: [created] + +jobs: + build: + name: Build + needs: + - run + uses: ./.github/workflows/tpl-images.yml + secrets: inherit + with: + image-tag: ${{ needs.run.outputs.sha }} + + deploy: + name: Deploy + needs: + - run + - build + uses: ./.github/workflows/tpl-deploy-app.yml + with: + # --- + env-type: pr + image-tag: ${{ needs.run.outputs.sha }} + pull-request-id: ${{ needs.run.outputs.pr_id }} + workflow-id: ${{ github.run_id }} + env-id: ${{ needs.run.outputs.env }} + deployment-id: ${{ needs.run.outputs.deployment }} + # --- + deploy-contracts: true + chain-id: 1337 + network-name: local + chain-name: localhost + snapshotter-enabled: true + scheduler-enabled: true + vault-confirm-withdrawals-enabled: true + glm-claim-enabled: true + secrets: inherit + + run: + name: Run + if: github.event.issue.pull_request && contains(github.event.comment.body, '/deploy') + runs-on: + - metal + outputs: + sha: ${{ steps.comment-branch.outputs.head_sha }} + ref: ${{ steps.comment-branch.outputs.head_ref }} + pr_id: ${{ steps.get-pr-number.outputs.result }} + env: ${{ steps.start-deployment.outputs.env }} + deployment: ${{ steps.start-deployment.outputs.deployment_id }} + steps: + - name: Get PR branch + uses: xt0rted/pull-request-comment-branch@v2 + id: comment-branch + + - uses: actions/github-script@v7 + id: get-pr-number + with: + result-encoding: string + script: | + return ( + await github.rest.repos.listPullRequestsAssociatedWithCommit({ + commit_sha: '${{ steps.comment-branch.outputs.head_sha }}', + owner: context.repo.owner, + repo: context.repo.repo, + }) + ).data[0].number; + + - uses: actions/checkout@v4.1.0 + with: + path: __local + ref: ${{ steps.comment-branch.outputs.head_ref }} + + - name: Get environment name + id: env-name + env: + CI_MERGE_REQUEST_IID: ${{ steps.get-pr-number.outputs.result }} + CI_PIPELINE_ID: ${{ github.run_id }} + run: | + set -ex + + export CI_PROJECT_DIR="${GITHUB_WORKSPACE}/__local" + + source ${CI_PROJECT_DIR}/ci/argocd/resolve_env.sh $ENV_TYPE + echo "DEPLOYMENT_ID=$DEPLOYMENT_ID" >> $GITHUB_OUTPUT + shell: bash + + - name: (debug) + run: | + echo ${{ steps.get-pr-number.outputs.result }} + echo ${{ steps.env-name.outputs.DEPLOYMENT_ID }} + echo ${{ github.run_id }} + + - name: start deployment + uses: bobheadxi/deployments@v1 + id: start-deployment + with: + step: start + token: ${{ secrets.GH_BOT_TOKEN }} + env: ${{ steps.env-name.outputs.DEPLOYMENT_ID }} + ref: ${{ steps.comment-branch.outputs.head_ref }} + override: true diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml new file mode 100644 index 0000000000..558bf7786d --- /dev/null +++ b/.github/workflows/deploy-prod.yml @@ -0,0 +1,35 @@ +--- +name: ▶️ Deploy Production +on: + push: + tags: + - v[0-9]+.[0-9]+.[0-9]+ + +env: + IMAGE_TAG: "${{ github.sha }}" + GIT_TAG: "${{ github.ref }}" + +jobs: + build: + name: Build + uses: ./.github/workflows/tpl-images.yml + secrets: inherit + with: + image-tag: ${{ github.sha }} + output: + name: Output Variables + needs: + - build + runs-on: + - metal + steps: + - name: Show variables for the CI pipeline + run : | + echo '================================' + echo ' Use the following variables' + echo '' + echo "CI_PIPELINE_SOURCE: pipeline" + echo "DEV_IMAGE_TAG: ${{ github.sha }}" + echo "PROD_IMAGE_TAG: ${GIT_TAG##*/}" + shell: bash + diff --git a/.github/workflows/deploy-rc.yml b/.github/workflows/deploy-rc.yml new file mode 100644 index 0000000000..78cb6ef7bb --- /dev/null +++ b/.github/workflows/deploy-rc.yml @@ -0,0 +1,54 @@ +--- +name: ▶️ Deploy Release Candidate +on: + workflow_dispatch: + +env: + ARGO_REPOSITORY: "https://wildland-bot:${{ secrets.HOUSEKEEPER_CI_TOKEN }}@gitlab.com/golemfoundation/devops/iac/k8s/wildland-k8s-devops.git" + ARGO_REPOSITORY_BRANCH: "github/octant-release-candidate" + IMAGE_TAG: "${{ github.sha }}" + HOUSEKEEPER_GPG_KEY: "${{ secrets.HOUSEKEEPER_GPG_KEY }}" + HOUSEKEEPER_GPG_KEY_ID: "${{ secrets.HOUSEKEEPER_GPG_KEY_ID }}" + HOUSEKEEPER_NAME: "${{ vars.HOUSEKEEPER_NAME }}" + HOUSEKEEPER_EMAIL: "${{ secrets.HOUSEKEEPER_EMAIL }}" + +jobs: + build: + name: Build + uses: ./.github/workflows/tpl-images.yml + secrets: inherit + with: + image-tag: ${{ github.sha }} + deploy: + name: Deploy + needs: + - build + runs-on: + - metal + container: + image: registry.gitlab.com/golemfoundation/devops/container-builder/gitops-builder:2ea6d57c + credentials: + username: "doesnt-matter" + password: "${{ secrets.GITLAB_PAT_CONTAINER_BUILDER_DOCKER_IMAGES_READ }}" + steps: + - uses: actions/checkout@v4.1.0 + - run : | + set -ex + + gpg --import <(echo $HOUSEKEEPER_GPG_KEY | base64 -d) + git config --global user.name "$HOUSEKEEPER_NAME" + git config --global user.email "$HOUSEKEEPER_EMAIL" + git config --global user.signingkey $HOUSEKEEPER_GPG_KEY_ID + + GIT_DIR=`mktemp -d` + git clone -b $ARGO_REPOSITORY_BRANCH $ARGO_REPOSITORY $GIT_DIR + + pushd $GIT_DIR + + yq -y -i -e ".[].value.value = \"$IMAGE_TAG\"" mainnet/octant-image.values.yaml + + git add mainnet/octant-image.values.yaml + git commit -S -m "Changed octant image tag to $IMAGE_TAG at $(date +%Y-%m-%d)" || true + + git push + shell: bash diff --git a/.github/workflows/deploy-uat.yml b/.github/workflows/deploy-uat.yml new file mode 100644 index 0000000000..c834f6b4be --- /dev/null +++ b/.github/workflows/deploy-uat.yml @@ -0,0 +1,41 @@ +--- +name: ▶️ Deploy UAT +on: + workflow_dispatch: + +jobs: + build: + name: Build + uses: ./.github/workflows/tpl-images.yml + secrets: inherit + with: + image-tag: ${{ github.sha }} + run: + name: Run + uses: ./.github/workflows/tpl-start-env.yml + secrets: inherit + with: + git-ref: ${{ github.ref }} + env-type: uat + workflow-id: ${{ github.run_id }} + deploy: + name: Deploy + needs: + - build + - run + uses: ./.github/workflows/tpl-deploy-app.yml + with: + env-type: uat + env-id: ${{ needs.run.outputs.env-id }} + deployment-id: ${{ needs.run.outputs.deployment-id }} + image-tag: ${{ github.sha }} + workflow-id: ${{ github.run_id }} + # --- + chain-id: 11155111 + network-name: sepolia + chain-name: sepolia + snapshotter-enabled: true + scheduler-enabled: true + vault-confirm-withdrawals-enabled: true + glm-claim-enabled: true + secrets: inherit diff --git a/.github/workflows/destroy-master.yml b/.github/workflows/destroy-master.yml new file mode 100644 index 0000000000..058c471668 --- /dev/null +++ b/.github/workflows/destroy-master.yml @@ -0,0 +1,12 @@ +--- +name: 🔻 Stop Master +on: + workflow_dispatch: + +jobs: + run: + name: Run + uses: ./.github/workflows/tpl-destroy-env.yml + secrets: inherit + with: + env-type: master diff --git a/.github/workflows/destroy-uat.yml b/.github/workflows/destroy-uat.yml new file mode 100644 index 0000000000..ec5540a469 --- /dev/null +++ b/.github/workflows/destroy-uat.yml @@ -0,0 +1,12 @@ +--- +name: 🔻 Stop UAT +on: + workflow_dispatch: + +jobs: + run: + name: Run + uses: ./.github/workflows/tpl-destroy-env.yml + secrets: inherit + with: + env-type: uat diff --git a/.github/workflows/tpl-deploy-app.yml b/.github/workflows/tpl-deploy-app.yml new file mode 100644 index 0000000000..2cb9b01f8b --- /dev/null +++ b/.github/workflows/tpl-deploy-app.yml @@ -0,0 +1,325 @@ +--- +name: 🔒 Deploy Application +on: + workflow_call: + outputs: + contracts-env-artifact-id: + value: ${{ inputs.env-type }}-contracts-env + inputs: + env-type: + required: true + type: string + image-tag: + required: true + type: string + pull-request-id: + required: false + type: string + env-id: + required: true + type: string + deployment-id: + required: true + type: string + workflow-id: + required: true + type: string + deploy-contracts: + required: false + default: false + type: boolean + chain-id: + required: true + type: number + chain-name: + required: true + type: string + network-name: + required: true + type: string + snapshotter-enabled: + required: false + default: false + type: boolean + scheduler-enabled: + required: false + default: false + type: boolean + glm-claim-enabled: + required: false + default: false + type: boolean + vault-confirm-withdrawals-enabled: + required: false + default: false + type: boolean + backend-server-pgsql: + required: false + default: true + type: boolean + forward-first-epoch: + required: false + default: false + type: boolean + skip-local-subgraph-update: + required: false + default: true + type: boolean + octant-env: + required: false + default: production + type: string + anvil-block-time: + required: false + default: 0 + type: number + decision-window: + required: false + default: 1209600 + type: number + epoch-duration: + required: false + default: 7776000 + type: number + web-client-replicas: + required: false + default: 1 + type: number + coin-prices-server-replicas: + required: false + default: 2 + type: number + backend-server-replicas: + required: false + default: 3 + type: number + +env: + ENV_TYPE: ${{ inputs.env-type }} + IMAGE_TAG: "${{ inputs.image-tag }}" + CI_MERGE_REQUEST_IID: "${{ inputs.pull-request-id }}" + CI_PIPELINE_ID: "${{ inputs.workflow-id }}" + # ---------------------------------------------------------------------------- + # BACKEND + CHAIN_ID: ${{ inputs.chain-id }} + CHAIN_NAME: ${{ inputs.chain-name }} + OCTANT_BACKEND_SECRET_KEY: some-random-key + SNAPSHOTTER_ENABLED: ${{ inputs.snapshotter-enabled }} + SCHEDULER_ENABLED: ${{ inputs.scheduler-enabled }} + GLM_CLAIM_ENABLED: ${{ inputs.glm-claim-enabled }} + VAULT_CONFIRM_WITHDRAWALS_ENABLED: ${{ inputs.vault-confirm-withdrawals-enabled }} + BACKEND_SERVER_PGSQL: ${{ inputs.backend-server-pgsql }} + WEB_CLIENT_REPLICAS: ${{ inputs.web-client-replicas }} + COIN_PRICES_SERVER_REPLICAS: ${{ inputs.coin-prices-server-replicas }} + BACKEND_SERVER_REPLICAS: ${{ inputs.backend-server-replicas }} + OCTANT_ENV: ${{ inputs.octant-env }} + GLM_SENDER_NONCE: ${{ vars.GLM_SENDER_NONCE }} + # ---------------------------------------------------------------------------- + # CONTRACTS / ANVIL / SUBGRAPH / SYNPRESS + NETWORK: ${{ inputs.chain-name }} + NETWORK_NAME: ${{ inputs.network-name }} + NETWORK_ID: ${{ inputs.chain-id }} + FORWARD_FIRST_EPOCH: ${{ inputs.forward-first-epoch }} + DECISION_WINDOW: ${{ inputs.decision-window }} + EPOCH_DURATION: ${{ inputs.epoch-duration }} + SKIP_LOCAL_SUBGRAPH_UPDATE: ${{ inputs.skip-local-subgraph-update }} + ANVIL_BLOCK_TIME: ${{ inputs.anvil-block-time }} + SECRET_WORDS: test test test test test test test test test test test junk + PROPOSALS_ADDRESSES: 0x1c01595f9534E33d411035AE99a4317faeC4f6Fe,0x02Cb3C150BEdca124d0aE8CcCb72fefbe705c953,0x6e8873085530406995170Da467010565968C7C62,0x7DAC9Fc15C1Db4379D75A6E3f330aE849dFfcE18,0xAb6D6a37c5110d1377832c451C33e4fA16A9BA05,0xcC7d34C76A9d08aa0109F7Bae35f29C1CE35355A,0xD165df4296C85e780509fa1eace0150d945d49Fd,0xde21F729137C5Af1b01d73aF1dC21eFfa2B8a0d6,0xF6CBDd6Ea6EC3C4359e33de0Ac823701Cc56C6c4,0x0B7246eF74Ca7b37Fdc3D15be4f0b49876622F95,0x2DCDF80f439843D7E0aD1fEF9E7a439B7917eAc9,0x4A9a27d614a74Ee5524909cA27bdBcBB7eD3b315,0x8c89a6bf53cCF63e7B4465Cc1b1330723B4BdcB7,0x78e084445C3F1006617e1f36794dd2261ecE4AE3,0x15c941a44a343B8c46a28F2BB9aFc7a54E255A4f,0x3455FbB4D34C6b47999B66c83aA7BD8FDDade638,0x9531C059098e3d194fF87FebB587aB07B30B1306,0xd1B8dB70Ded72dB850713b2ce7e1A4FfAfAD95d1,0x0cbF31Ef6545EE30f47651D1A991Bf0aeB03DF29,0x87fEEd6162CB7dFe6B62F64366742349bF4D1B05,0x576edCed7475D8F64a5e2D5227c93Ca57d7f5d20,0xB476Ee7D610DAe7B23B671EBC7Bd6112E9772969,0xE2f413190Bb5D6AAcB4A056F1B5E1fD5B8141045,0xe126b3E5d052f1F575828f61fEBA4f4f2603652a + PROPOSALS_CID: Qmds9N5y2vkMuPTD6M4EBxNXnf3bjTDmzWBGnCkQGsMMGe + TESTNET_DEPLOYER_PRIVATE_KEY: "${{ secrets.TESTNET_DEPLOYER_PRIVATE_KEY }}" + TESTNET_MULTISIG_PRIVATE_KEY: "${{ secrets.TESTNET_MULTISIG_PRIVATE_KEY }}" + TESTNET_RPC_URL: "${{ secrets.TESTNET_RPC_URL }}" + ETHERSCAN_API_KEY: "${{ secrets.ETHERSCAN_API_KEY }}" + VITE_ALCHEMY_ID: "${{ secrets.VITE_ALCHEMY_ID }}" + # ---------------------------------------------------------------------------- + # CI/CD + GCP_DOCKER_IMAGES_REGISTRY_SERVICE_ACCOUNT: "${{ secrets.GCP_DOCKER_IMAGES_REGISTRY_SERVICE_ACCOUNT }}" + KANIKO_CACHE_CONFIG: "${{ secrets.KANIKO_CACHE_CONFIG }}" + KANIKO_CACHE_REPO: "${{ secrets.KANIKO_CACHE_REPO }}" + HOUSEKEEPER_NAME: "${{ vars.HOUSEKEEPER_NAME }}" + HOUSEKEEPER_EMAIL: "${{ secrets.HOUSEKEEPER_EMAIL }}" + HOUSEKEEPER_CI_TOKEN: "${{ secrets.HOUSEKEEPER_CI_TOKEN }}" + HOUSEKEEPER_GPG_KEY: "${{ secrets.HOUSEKEEPER_GPG_KEY }}" + HOUSEKEEPER_GPG_KEY_ID: "${{ secrets.HOUSEKEEPER_GPG_KEY_ID }}" + ARGOCD_URL: "${{ secrets.ARGOCD_URL }}" + ARGOCD_ACCESS_TOKEN: "${{ secrets.ARGOCD_ACCESS_TOKEN }}" + +jobs: + start-anvil: + name: Start Anvil + if: ${{ inputs.deploy-contracts }} + runs-on: + - metal + container: + image: registry.gitlab.com/golemfoundation/devops/container-builder/gitops-builder:2ea6d57c + credentials: + username: "doesnt-matter" + password: "${{ secrets.GITLAB_PAT_CONTAINER_BUILDER_DOCKER_IMAGES_READ }}" + steps: + - uses: actions/checkout@v4.1.0 + + - name: (debug) + run: | + set -ex + + env + + echo ${{ inputs.env-type }} + echo ${{ inputs.image-tag }} + echo ${{ inputs.pull-request-id }} + echo ${{ inputs.workflow-id }} + shell: bash + + - name: Set up Gitops mutex + uses: ben-z/gh-action-mutex@v1.0-alpha-8 + with: + branch: gitops-mutex + + - name: Deploy Anvil Argo application + run: | + set -ex + + export CI_PROJECT_DIR="${GITHUB_WORKSPACE}" + + source ${CI_PROJECT_DIR}/ci/argocd/resolve_env.sh $ENV_TYPE + bash ${CI_PROJECT_DIR}/ci/argocd/application.sh create + shell: bash + + deploy-contracts: + name: Deploy Contracts + needs: + - start-anvil + if: ${{ inputs.deploy-contracts }} + runs-on: + - metal + container: + image: ${{ vars.GCP_DOCKER_IMAGE_REGISTRY }}/contracts-v1:${{ inputs.image-tag }} + credentials: + username: "_json_key_base64" + password: "${{ secrets.GCP_DOCKER_IMAGES_REGISTRY_SERVICE_ACCOUNT }}" + steps: + - uses: actions/checkout@v4.1.0 + - name: Deploy contracts + run: | + set -ex + + export CI_PROJECT_DIR="${GITHUB_WORKSPACE}" + export EPOCHS_START=$(date +%s) + + source ${CI_PROJECT_DIR}/ci/argocd/resolve_env.sh $ENV_TYPE + bash ${CI_PROJECT_DIR}/ci/argocd/wait_for_app.sh + + export LOCAL_RPC_URL; LOCAL_RPC_URL=https://$(bash ${CI_PROJECT_DIR}/ci/argocd/get_rpc_url.sh) + + yarn install + + /app/entrypoint.sh $NETWORK ${CI_PROJECT_DIR}/contracts.env + shell: bash + - uses: actions/upload-artifact@v4 + if: success() + with: + name: ${{ env.ENV_TYPE }}-contracts-env + retention-days: 1 + if-no-files-found: error + compression-level: 0 + overwrite: true + path: |- + contracts.env + + start-application-stack: + name: Start Application Stack + needs: + - deploy-contracts + runs-on: + - metal + if: always() + container: + image: registry.gitlab.com/golemfoundation/devops/container-builder/gitops-builder:2ea6d57c + credentials: + username: "doesnt-matter" + password: "${{ secrets.GITLAB_PAT_CONTAINER_BUILDER_DOCKER_IMAGES_READ }}" + steps: + - uses: actions/checkout@v4.1.0 + - uses: actions/download-artifact@v4 + if: ${{ inputs.deploy-contracts }} + with: + name: ${{ env.ENV_TYPE }}-contracts-env + - name: Set up Gitops mutex + uses: ben-z/gh-action-mutex@v1.0-alpha-8 + with: + branch: gitops-mutex + - name: Deploy Complete Argo application + run: | + set -ex + + export CI_PROJECT_DIR="${GITHUB_WORKSPACE}" + + if [[ "${{ inputs.deploy-contracts }}" == "true" ]]; then + export $(grep -v '^#' ${CI_PROJECT_DIR}/contracts.env | xargs) + fi + + source ${CI_PROJECT_DIR}/ci/argocd/resolve_env.sh $ENV_TYPE + bash ${CI_PROJECT_DIR}/ci/argocd/application.sh update + shell: bash + + wait-for-app: + name: Wait for Application Readiness + needs: + - start-application-stack + runs-on: + - metal + if: always() && (needs.start-application-stack.result == 'success') + container: + image: registry.gitlab.com/golemfoundation/devops/container-builder/gitops-builder:2ea6d57c + credentials: + username: "doesnt-matter" + password: "${{ secrets.GITLAB_PAT_CONTAINER_BUILDER_DOCKER_IMAGES_READ }}" + steps: + - name: Wait for application ready + id: app + run: | + set -ex + + export CI_PROJECT_DIR="${GITHUB_WORKSPACE}" + + source ${CI_PROJECT_DIR}/ci/argocd/resolve_env.sh $ENV_TYPE + bash ${CI_PROJECT_DIR}/ci/argocd/wait_for_app.sh + + export OCTANT_WEB_URL; OCTANT_WEB_URL=https://$(bash ${CI_PROJECT_DIR}/ci/argocd/get_web_client_url.sh) + + echo "OCTANT_WEB_URL=$OCTANT_WEB_URL" >> $GITHUB_OUTPUT + shell: bash + + update-deployment: + name: Set deployment status + needs: + # We need to explicitly set all jobs for `needs.*` array to have all workflow jobs + - start-anvil + - deploy-contracts + - start-application-stack + - wait-for-app + runs-on: + - metal + if: always() + steps: + - name: Compute workflow status + id: workflow-status + run: | + if [[ "${{ contains(join(needs.*.result, ' '), 'failure') }}" == "true" ]]; then + STATUS='failure' + else + STATUS='success' + fi + + echo "STATUS=$STATUS" >> $GITHUB_OUTPUT + + - name: Update deployment status + uses: bobheadxi/deployments@v1 + with: + step: finish + auto_inactive: true + status: ${{ steps.workflow-status.outputs.STATUS }} + token: ${{ secrets.GH_BOT_TOKEN }} + env: ${{ inputs.env-id }} + deployment_id: ${{ inputs.deployment-id }} diff --git a/.github/workflows/tpl-destroy-env.yml b/.github/workflows/tpl-destroy-env.yml new file mode 100644 index 0000000000..469ce12a8a --- /dev/null +++ b/.github/workflows/tpl-destroy-env.yml @@ -0,0 +1,85 @@ +--- +name: 🔒 Destroy Environment +on: + workflow_call: + inputs: + env-type: + required: true + type: string + pull-request-id: + required: false + type: string + workflow-id: + required: false + type: string + delete-env: + required: false + type: boolean + pull_request: + types: [ closed ] +env: + # ---------------------------------------------------------------------------- + # CI/CD + HOUSEKEEPER_NAME: "${{ vars.HOUSEKEEPER_NAME }}" + HOUSEKEEPER_EMAIL: "${{ secrets.HOUSEKEEPER_EMAIL }}" + HOUSEKEEPER_CI_TOKEN: "${{ secrets.HOUSEKEEPER_CI_TOKEN }}" + HOUSEKEEPER_GPG_KEY: "${{ secrets.HOUSEKEEPER_GPG_KEY }}" + HOUSEKEEPER_GPG_KEY_ID: "${{ secrets.HOUSEKEEPER_GPG_KEY_ID }}" + ARGOCD_URL: "${{ secrets.ARGOCD_URL }}" + ARGOCD_ACCESS_TOKEN: "${{ secrets.ARGOCD_ACCESS_TOKEN }}" + +jobs: + destroy: + name: Destroy Environment + runs-on: + - metal + container: + image: registry.gitlab.com/golemfoundation/devops/container-builder/gitops-builder:2ea6d57c + credentials: + username: "doesnt-matter" + password: "${{ secrets.GITLAB_PAT_CONTAINER_BUILDER_DOCKER_IMAGES_READ }}" + steps: + - uses: actions/checkout@v4.1.0 + + - name: Set up Gitops mutex + uses: ben-z/gh-action-mutex@v1.0-alpha-8 + with: + branch: gitops-mutex + + - name: Destroy application + id: destroy-env + run: | + set -ex + + export CI_PROJECT_DIR="${GITHUB_WORKSPACE}" + export ENV_TYPE=${{ inputs.env-type }} + + if [[ "${{ github.event_name }}" == "pull_request" ]]; then + export CI_MERGE_REQUEST_IID=${{ github.event.number }} + export CI_PIPELINE_ID=${{ github.run_id }} + else + export CI_MERGE_REQUEST_IID=${{ inputs.pull-request-id }} + export CI_PIPELINE_ID=${{ inputs.workflow-id }} + fi + + source ${CI_PROJECT_DIR}/ci/argocd/resolve_env.sh $ENV_TYPE + bash ${CI_PROJECT_DIR}/ci/argocd/application.sh destroy + + echo "DEPLOYMENT_ID=$DEPLOYMENT_ID" >> $GITHUB_OUTPUT + shell: bash + + - name: Delete Environment + uses: bobheadxi/deployments@v1 + if: always() && ${{ inputs.delete-env }} + with: + step: delete-env + token: ${{ secrets.GH_BOT_TOKEN }} + env: ${{ steps.destroy-env.outputs.DEPLOYMENT_ID }} + + - name: Deactivate Environment + uses: bobheadxi/deployments@v1 + if: always() && ${{ !inputs.delete-env }} + with: + step: deactivate-env + token: ${{ secrets.GH_BOT_TOKEN }} + env: ${{ steps.destroy-env.outputs.DEPLOYMENT_ID }} diff --git a/.github/workflows/tpl-images.yml b/.github/workflows/tpl-images.yml new file mode 100644 index 0000000000..51195474e7 --- /dev/null +++ b/.github/workflows/tpl-images.yml @@ -0,0 +1,50 @@ +--- +name: 🔒 Docker Images +on: + workflow_call: + inputs: + image-tag: + required: true + type: string +concurrency: + group: "${{ github.ref }}-images" + cancel-in-progress: true + +jobs: + build-images: + name: Build Docker Image + runs-on: + - metal + strategy: + matrix: + SERVICE: + - contracts-v1 + - coin-prices-server + - client + - subgraph + - backend + steps: + - uses: actions/checkout@v4 + with: + # use some obscure path to checkout the code with service account perms + # this is possible as $GITHUB_WORKSPACE is owned by the same service + # account + # see: https://github.com/actions/checkout/issues/211 + path: __local + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to Docker registry + uses: docker/login-action@v3 + with: + registry: europe-docker.pkg.dev + username: _json_key_base64 + password: ${{ secrets.GCP_DOCKER_IMAGES_REGISTRY_SERVICE_ACCOUNT }} + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: __local/${{ matrix.SERVICE }} + file: __local/ci/Dockerfile.${{ matrix.SERVICE }} + push: true + tags: ${{ vars.GCP_DOCKER_IMAGE_REGISTRY }}/${{ matrix.SERVICE }}:${{ inputs.image-tag }} + # cache-from: type=local,src=/mnt/storage/kaniko-cache + # cache-to: type=local,dest=/mnt/storage/kaniko-cache diff --git a/.github/workflows/tpl-start-env.yml b/.github/workflows/tpl-start-env.yml new file mode 100644 index 0000000000..7d5cd4cfbf --- /dev/null +++ b/.github/workflows/tpl-start-env.yml @@ -0,0 +1,74 @@ +--- +name: 🔒 Start Environment +on: + workflow_call: + inputs: + git-ref: + required: true + type: string + env-type: + required: true + type: string + pull-request-id: + required: false + type: string + workflow-id: + required: true + type: string + outputs: + env-id: + value: ${{ jobs.start.outputs.env }} + deployment-id: + value: ${{ jobs.start.outputs.deployment }} +env: + ENV_TYPE: ${{ inputs.env-type }} + CI_MERGE_REQUEST_IID: "${{ inputs.pull-request-id }}" + CI_PIPELINE_ID: "${{ inputs.workflow-id }}" + # ---------------------------------------------------------------------------- + # CI/CD + HOUSEKEEPER_NAME: "${{ vars.HOUSEKEEPER_NAME }}" + HOUSEKEEPER_EMAIL: "${{ secrets.HOUSEKEEPER_EMAIL }}" + HOUSEKEEPER_CI_TOKEN: "${{ secrets.HOUSEKEEPER_CI_TOKEN }}" + HOUSEKEEPER_GPG_KEY: "${{ secrets.HOUSEKEEPER_GPG_KEY }}" + HOUSEKEEPER_GPG_KEY_ID: "${{ secrets.HOUSEKEEPER_GPG_KEY_ID }}" + ARGOCD_URL: "${{ secrets.ARGOCD_URL }}" + ARGOCD_ACCESS_TOKEN: "${{ secrets.ARGOCD_ACCESS_TOKEN }}" + +jobs: + start: + name: Start GitHub Environment + runs-on: + - metal + outputs: + env: ${{ steps.start-deployment.outputs.env }} + deployment: ${{ steps.start-deployment.outputs.deployment_id }} + steps: + - uses: actions/checkout@v4.1.0 + with: + path: __local + ref: ${{ inputs.git-ref }} + + - name: Get environment name + id: env-name + run: | + set -ex + + export CI_PROJECT_DIR="${GITHUB_WORKSPACE}/__local" + + source ${CI_PROJECT_DIR}/ci/argocd/resolve_env.sh $ENV_TYPE + echo "DEPLOYMENT_ID=$DEPLOYMENT_ID" >> $GITHUB_OUTPUT + shell: bash + + - name: (debug) + run: | + echo ${{ steps.env-name.outputs.DEPLOYMENT_ID }} + + - name: start deployment + uses: bobheadxi/deployments@v1 + id: start-deployment + with: + step: start + token: ${{ secrets.GH_BOT_TOKEN }} + env: ${{ steps.env-name.outputs.DEPLOYMENT_ID }} + ref: ${{ inputs.git-ref }} + override: true diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 7cbbd84ba4..0000000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,809 +0,0 @@ -variables: - KANIKO_VERSION: v1.16.0 - FF_USE_FASTZIP: "true" - CACHE_COMPRESSION_LEVEL: "fast" - TRANSFER_METER_FREQUENCY: "2s" - MASTER_BRANCH: "master" - IMAGE_TAG: $CI_COMMIT_SHA - SECRET_WORDS: test test test test test test test test test test test junk - IPFS_GATEWAY: https://octant.infura-ipfs.io/ipfs/ - -stages: - - build - - lint_and_typecheck - - test - - docker - - deploy - - application - - env_test - - status - - cleanup - -default: - tags: - - metal - interruptible: true - -.images: - python: - name: registry.gitlab.com/golemfoundation/devops/container-builder/octant/python-poetry-ext:42c80766 - pull_policy: if-not-present - node: - name: registry.gitlab.com/golemfoundation/devops/container-builder/octant/node-extended:5dc8b447 - pull_policy: if-not-present - kaniko: - name: gcr.io/kaniko-project/executor:$KANIKO_VERSION-debug - pull_policy: if-not-present - entrypoint: [""] - git_improved: - name: registry.gitlab.com/golemfoundation/devops/container-builder/gitops-builder:2ea6d57c - pull_policy: if-not-present - synpress: - name: registry.gitlab.com/golemfoundation/devops/container-builder/octant/synpress-arch:5dc8b447 - pull_policy: if-not-present - alpine_git: - name: alpine/git - pull_policy: if-not-present - entrypoint: [""] - -.rules: - on_mr: - - if: $CI_PIPELINE_SOURCE == "merge_request_event" - on_push_to_default_branch: - - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH - on_push_to_default_branch_manual: - - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH - when: manual - allow_failure: true - on_push_to_master_branch: - - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $MASTER_BRANCH - on_push_to_master_branch_manual: - - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $MASTER_BRANCH - when: manual - allow_failure: true - on_release_branch_manual: - - if: $CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME =~ /^release\/.+/ - when: manual - allow_failure: true - on_mr_manual: - - if: $CI_PIPELINE_SOURCE == "merge_request_event" - when: manual - allow_failure: true - on_version_tag: - - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+$/' - -.scripts: - yarn_install: - - yarn install --cache-folder .yarn --non-interactive --frozen-lockfile - poetry_install: - - poetry config virtualenvs.in-project true - - poetry install - jq_install: - - curl -sSfL https://github.com/jqlang/jq/releases/download/jq-1.7/jq-linux-amd64 -o/usr/local/bin/jq - - chmod +x /usr/local/bin/jq - -Build backend: - stage: build - image: !reference [.images, python ] - rules: - - !reference [.rules, on_mr ] - - !reference [.rules, on_push_to_default_branch ] - - !reference [.rules, on_push_to_master_branch ] - script: - - ci/build_backend.sh - cache: - - key: $CI_COMMIT_REF_SLUG-poetry-backend - policy: push - paths: - - backend/.venv - -Build contracts: - stage: build - image: !reference [.images, node ] - rules: - - !reference [.rules, on_mr ] - - !reference [.rules, on_push_to_default_branch ] - - !reference [.rules, on_push_to_master_branch ] - script: - - ci/build_contracts_v1.sh - cache: - - key: $CI_COMMIT_REF_SLUG-yarn-root - paths: - - node_modules - - .yarn - - key: $CI_COMMIT_REF_SLUG-yarn-contracts - paths: - - contracts-v1/.yarn - - contracts-v1/node_modules - artifacts: - name: contracts - paths: - - contracts-v1/artifacts - - contracts-v1/typechain - expire_in: 3 days - -Build services: - stage: build - image: !reference [.images, node ] - parallel: - matrix: - - SERVICE: - - client - - coin-prices-server - - subgraph - rules: - - !reference [.rules, on_mr ] - - !reference [.rules, on_push_to_default_branch ] - - !reference [.rules, on_push_to_master_branch ] - dependencies: - - Build contracts - needs: - - Build contracts - script: - - ci/build_$SERVICE.sh - cache: - - key: $CI_COMMIT_REF_SLUG-yarn-root - paths: - - node_modules - - .yarn - policy: pull - - key: $CI_COMMIT_REF_SLUG-yarn-$SERVICE - paths: - - $SERVICE/.yarn - - $SERVICE/node-modules - -Lint and typecheck yarn: - stage: lint_and_typecheck - image: !reference [.images, node ] - parallel: - matrix: - - SERVICE: - - contracts-v1 - - client - - coin-prices-server - - subgraph - rules: - - !reference [.rules, on_mr ] - - !reference [.rules, on_push_to_default_branch ] - - !reference [.rules, on_push_to_master_branch ] - script: - - cd $SERVICE - - !reference [ .scripts, yarn_install ] - - yarn eslint - - yarn type-check - cache: - - key: $CI_COMMIT_REF_SLUG-yarn-root - paths: - - node_modules - - .yarn - policy: pull - - key: $CI_COMMIT_REF_SLUG-yarn-$SERVICE - paths: - - $SERVICE/.yarn - - $SERVICE/node-modules - policy: pull - -Lint and typecheck poetry: - stage: lint_and_typecheck - image: !reference [.images, python ] - rules: - - !reference [.rules, on_mr ] - - !reference [.rules, on_push_to_default_branch ] - - !reference [.rules, on_push_to_master_branch ] - script: - - cd backend - - !reference [ .scripts, poetry_install ] - - poetry run black --check --extend-exclude .venv . - - poetry run flake8 - cache: - - key: $CI_COMMIT_REF_SLUG-poetry-backend-lint - paths: - - backend/.venv - policy: pull - -Backend tests: - stage: test - image: !reference [.images, python ] - rules: - - !reference [.rules, on_mr ] - - !reference [.rules, on_push_to_default_branch ] - - !reference [.rules, on_push_to_master_branch ] - dependencies: - - Build backend - script: - - cd backend - - !reference [ .scripts, poetry_install ] - - poetry run pytest - cache: - - key: $CI_COMMIT_REF_SLUG-poetry-backend - policy: pull - paths: - - backend/.venv - -Unit tests: - stage: test - image: !reference [.images, node ] - parallel: - matrix: - - SERVICE: - - contracts-v1 - - client - - coin-prices-server - - subgraph - rules: - - !reference [.rules, on_mr ] - - !reference [.rules, on_push_to_default_branch ] - - !reference [.rules, on_push_to_master_branch ] - script: - - cd $SERVICE - - !reference [ .scripts, yarn_install ] - - yarn test - cache: - - key: $CI_COMMIT_REF_SLUG-yarn-root - paths: - - node_modules - - .yarn - policy: pull - - key: $CI_COMMIT_REF_SLUG-yarn-$SERVICE - paths: - - $SERVICE/.yarn - - $SERVICE/node-modules - policy: pull - -Documentation: - stage: test - image: !reference [.images, node ] - parallel: - matrix: - - SERVICE: - - contracts-v1 - rules: - - !reference [.rules, on_mr ] - - !reference [.rules, on_push_to_default_branch ] - - !reference [.rules, on_push_to_master_branch ] - script: - - cd $SERVICE - - !reference [ .scripts, yarn_install ] - - yarn docs - cache: - - key: $CI_COMMIT_REF_SLUG-yarn-root - paths: - - node_modules - - .yarn - policy: pull - - key: $CI_COMMIT_REF_SLUG-yarn-$SERVICE - paths: - - $SERVICE/.yarn - - $SERVICE/node-modules - policy: pull - artifacts: - name: $SERVICE_docs - paths: - - $SERVICE/.docs/ - expire_in: 3 days - -Build images: - stage: docker - image: !reference [ .images, kaniko ] - rules: - - !reference [ .rules, on_mr ] - - !reference [ .rules, on_push_to_default_branch ] - - !reference [ .rules, on_push_to_master_branch ] - - !reference [ .rules, on_version_tag ] - parallel: - matrix: - - SERVICE: - - contracts-v1 - - coin-prices-server - - client - - subgraph - - backend - variables: - IMAGE_NAME: $SERVICE - GOOGLE_APPLICATION_CREDENTIALS: /kaniko/config.json - script: - - echo $KANIKO_CACHE_CONFIG > /kaniko/.docker/config.json - - echo "$GCP_REGISTRY_PUSHER_SERVICE_ACCOUNT" | base64 -d > /kaniko/config.json - - chmod 400 /kaniko/config.json - - /kaniko/executor - --context "$CI_PROJECT_DIR/$SERVICE" - --dockerfile "$CI_PROJECT_DIR/ci/Dockerfile.$SERVICE" - --destination "${GCP_DOCKER_IMAGE_REGISTRY}/$IMAGE_NAME:$IMAGE_TAG" - --build-arg VERSION_TAG=$CI_COMMIT_SHORT_SHA - --cache=true - --cache-repo=$KANIKO_CACHE_REPO - --insecure-pull - -.env_resolve: &env_resolve_init - before_script: - - set -ex - - source $CI_PROJECT_DIR/ci/argocd/resolve_env.sh $ENV_TYPE - -.deploy_anvil: - stage: deploy - image: !reference [.images, git_improved ] - <<: *env_resolve_init - resource_group: gitops - script: - - set -ex - - bash $CI_PROJECT_DIR/ci/argocd/application.sh create - environment: - action: start - -.deploy_app: - stage: application - image: !reference [.images, git_improved ] - <<: *env_resolve_init - resource_group: gitops - script: - - set -ex - - bash $CI_PROJECT_DIR/ci/argocd/application.sh update - -.deploy_anvil_contracts: - stage: application - image: - name: ${GCP_DOCKER_IMAGE_REGISTRY}/contracts-v1:${IMAGE_TAG} - entrypoint: [""] - <<: *env_resolve_init - artifacts: - reports: - dotenv: build.env - variables: - NETWORK: 'localhost' - SKIP_LOCAL_SUBGRAPH_UPDATE: 'true' - PROPOSALS_ADDRESSES: '0x1c01595f9534E33d411035AE99a4317faeC4f6Fe,0x02Cb3C150BEdca124d0aE8CcCb72fefbe705c953,0x6e8873085530406995170Da467010565968C7C62,0x7DAC9Fc15C1Db4379D75A6E3f330aE849dFfcE18,0xAb6D6a37c5110d1377832c451C33e4fA16A9BA05,0xcC7d34C76A9d08aa0109F7Bae35f29C1CE35355A,0xD165df4296C85e780509fa1eace0150d945d49Fd,0xde21F729137C5Af1b01d73aF1dC21eFfa2B8a0d6,0xF6CBDd6Ea6EC3C4359e33de0Ac823701Cc56C6c4,0x0B7246eF74Ca7b37Fdc3D15be4f0b49876622F95,0x2DCDF80f439843D7E0aD1fEF9E7a439B7917eAc9,0x4A9a27d614a74Ee5524909cA27bdBcBB7eD3b315,0x8c89a6bf53cCF63e7B4465Cc1b1330723B4BdcB7,0x78e084445C3F1006617e1f36794dd2261ecE4AE3,0x15c941a44a343B8c46a28F2BB9aFc7a54E255A4f,0x3455FbB4D34C6b47999B66c83aA7BD8FDDade638,0x9531C059098e3d194fF87FebB587aB07B30B1306,0xd1B8dB70Ded72dB850713b2ce7e1A4FfAfAD95d1,0x0cbF31Ef6545EE30f47651D1A991Bf0aeB03DF29,0x87fEEd6162CB7dFe6B62F64366742349bF4D1B05,0x576edCed7475D8F64a5e2D5227c93Ca57d7f5d20,0xB476Ee7D610DAe7B23B671EBC7Bd6112E9772969,0xE2f413190Bb5D6AAcB4A056F1B5E1fD5B8141045,0xe126b3E5d052f1F575828f61fEBA4f4f2603652a' - PROPOSALS_CID: Qmds9N5y2vkMuPTD6M4EBxNXnf3bjTDmzWBGnCkQGsMMGe - DECISION_WINDOW: 1209600 # 14 days - EPOCH_DURATION: 7776000 # 90 days - FORWARD_FIRST_EPOCH: 'false' - script: - - set -ex - - bash $CI_PROJECT_DIR/ci/argocd/wait_for_app.sh - - export EPOCHS_START=$(date +%s) - - export LOCAL_RPC_URL=https://$(bash $CI_PROJECT_DIR/ci/argocd/get_rpc_url.sh) - - /app/entrypoint.sh $NETWORK $CI_PROJECT_DIR/build.env - -Run E2E App: - extends: - - .deploy_anvil - rules: - - !reference [.rules, on_mr ] - - !reference [.rules, on_push_to_default_branch ] - - !reference [.rules, on_push_to_master_branch ] - variables: - ENV_TYPE: "e2e" - environment: - name: e2e/$CI_PIPELINE_IID - url: https://mr-$CI_MERGE_REQUEST_IID-e2e-$CI_PIPELINE_ID-client.octant.wildland.dev - deployment_tier: development - on_stop: Destroy E2E App - auto_stop_in: 6 hours - -Run API Test App: - extends: - - .deploy_anvil - rules: - - !reference [.rules, on_mr ] - - !reference [.rules, on_push_to_default_branch ] - - !reference [.rules, on_push_to_master_branch ] - variables: - ENV_TYPE: "apitest" - ANVIL_BLOCK_TIME: "0" - environment: - name: apitest/$CI_PIPELINE_IID - deployment_tier: development - on_stop: Destroy API Test App - auto_stop_in: 2 hours - -Run MR App: - extends: - - .deploy_anvil - rules: - - !reference [.rules, on_mr_manual ] - variables: - ENV_TYPE: "mr" - environment: - name: mr/$CI_MERGE_REQUEST_IID - url: https://mr-$CI_MERGE_REQUEST_IID-client.octant.wildland.dev - deployment_tier: development - on_stop: Destroy MR App - -E2E contracts: - extends: - - .deploy_anvil_contracts - needs: ["Run E2E App"] - rules: - - !reference [.rules, on_mr ] - - !reference [.rules, on_push_to_default_branch ] - - !reference [.rules, on_push_to_master_branch ] - variables: - ENV_TYPE: "e2e" - FORWARD_FIRST_EPOCH: 'true' - -API Test contracts: - extends: - - .deploy_anvil_contracts - needs: ["Run API Test App"] - rules: - - !reference [.rules, on_mr ] - - !reference [.rules, on_push_to_default_branch ] - - !reference [.rules, on_push_to_master_branch ] - variables: - ENV_TYPE: "apitest" - -MR contracts: - extends: - - .deploy_anvil_contracts - needs: ["Run MR App"] - rules: - - !reference [.rules, on_mr ] - variables: - ENV_TYPE: "mr" - -E2E app deploy: - extends: - - .deploy_app - needs: ["E2E contracts"] - dependencies: ["E2E contracts"] - rules: - - !reference [.rules, on_mr ] - - !reference [.rules, on_push_to_default_branch ] - - !reference [.rules, on_push_to_master_branch ] - variables: - ENV_TYPE: "e2e" - NETWORK_NAME: "local" - NETWORK_ID: "1337" - SNAPSHOTTER_ENABLED: "true" - SCHEDULER_ENABLED: "true" - GLM_CLAIM_ENABLED: "true" - VAULT_CONFIRM_WITHDRAWALS_ENABLED: "true" - -API Test app deploy: - extends: - - .deploy_app - needs: ["API Test contracts"] - dependencies: ["API Test contracts"] - rules: - - !reference [.rules, on_mr ] - - !reference [.rules, on_push_to_default_branch ] - - !reference [.rules, on_push_to_master_branch ] - variables: - ENV_TYPE: "apitest" - NETWORK_NAME: "local" - NETWORK_ID: "1337" - SNAPSHOTTER_ENABLED: "false" - SCHEDULER_ENABLED: "false" - BACKEND_SERVER_PGSQL: "false" - WEB_CLIENT_REPLICAS: "0" - COIN_PRICES_SERVER_REPLICAS: "0" - BACKEND_SERVER_REPLICAS: "0" - ANVIL_BLOCK_TIME: "0" - -MR app deploy: - extends: - - .deploy_app - needs: ["MR contracts"] - dependencies: ["MR contracts"] - rules: - - !reference [.rules, on_mr ] - variables: - ENV_TYPE: "mr" - NETWORK_NAME: "local" - NETWORK_ID: "1337" - SNAPSHOTTER_ENABLED: "true" - SCHEDULER_ENABLED: "true" - GLM_CLAIM_ENABLED: "true" - VAULT_CONFIRM_WITHDRAWALS_ENABLED: "true" - IPFS_GATEWAY: https://turquoise-accused-gayal-88.mypinata.cloud/ipfs/ - -Run UAT App: - stage: deploy - extends: - - .deploy_app - rules: - - !reference [.rules, on_mr_manual ] - - !reference [.rules, on_push_to_default_branch_manual ] - - !reference [.rules, on_push_to_master_branch_manual ] - variables: - ENV_TYPE: "uat" - NETWORK_NAME: "sepolia" - NETWORK_ID: "11155111" - SNAPSHOTTER_ENABLED: "true" - SCHEDULER_ENABLED: "true" - GLM_CLAIM_ENABLED: "true" - VAULT_CONFIRM_WITHDRAWALS_ENABLED: "true" - IPFS_GATEWAY: https://turquoise-accused-gayal-88.mypinata.cloud/ipfs/ - -Run Master App: - stage: deploy - extends: - - .deploy_app - rules: - - !reference [.rules, on_mr_manual ] - - !reference [.rules, on_push_to_default_branch_manual ] - - !reference [.rules, on_push_to_master_branch_manual ] - variables: - ENV_TYPE: "master" - NETWORK_NAME: "sepolia" - NETWORK_ID: "11155111" - SNAPSHOTTER_ENABLED: "true" - SCHEDULER_ENABLED: "true" - GLM_CLAIM_ENABLED: "true" - VAULT_CONFIRM_WITHDRAWALS_ENABLED: "true" - -Wait for MR: - stage: status - needs: ["MR app deploy"] - image: !reference [.images, git_improved ] - <<: *env_resolve_init - rules: - - !reference [.rules, on_mr ] - script: - - set -ex - - bash $CI_PROJECT_DIR/ci/argocd/wait_for_app.sh - variables: - ENV_TYPE: "mr" - -Wait for UAT: - stage: status - needs: ["Run UAT App"] - image: !reference [.images, git_improved ] - <<: *env_resolve_init - rules: - - !reference [.rules, on_mr ] - - !reference [.rules, on_push_to_default_branch ] - - !reference [.rules, on_push_to_master_branch ] - script: - - set -ex - - bash $CI_PROJECT_DIR/ci/argocd/wait_for_app.sh - variables: - ENV_TYPE: "uat" - -Wait for Master: - stage: status - needs: ["Run Master App"] - image: !reference [.images, git_improved ] - <<: *env_resolve_init - rules: - - !reference [.rules, on_mr] - - !reference [.rules, on_push_to_default_branch ] - - !reference [.rules, on_push_to_master_branch ] - script: - - set -ex - - bash $CI_PROJECT_DIR/ci/argocd/wait_for_app.sh - variables: - ENV_TYPE: "master" - -.destroy_app: - stage: cleanup - image: !reference [.images, git_improved ] - resource_group: gitops - <<: *env_resolve_init - script: - - set -ex - - bash $CI_PROJECT_DIR/ci/argocd/application.sh destroy - environment: - action: stop - -Destroy E2E App: - extends: - - .destroy_app - needs: ["Run E2E App"] - variables: - ENV_TYPE: "e2e" - rules: - - !reference [.rules, on_mr_manual ] - - !reference [.rules, on_push_to_default_branch_manual ] - - !reference [.rules, on_push_to_master_branch_manual ] - environment: - name: e2e/$CI_PIPELINE_IID - deployment_tier: development - -Destroy API Test App: - extends: - - .destroy_app - needs: ["Run API Test App"] - variables: - ENV_TYPE: "apitest" - rules: - - !reference [.rules, on_mr_manual ] - - !reference [.rules, on_push_to_default_branch_manual ] - - !reference [.rules, on_push_to_master_branch_manual ] - environment: - name: apitest/$CI_PIPELINE_IID - deployment_tier: development - -Destroy MR App: - extends: - - .destroy_app - needs: ["Run MR App"] - variables: - ENV_TYPE: "mr" - rules: - - !reference [.rules, on_mr_manual ] - environment: - name: mr/$CI_MERGE_REQUEST_IID - deployment_tier: development - -Destroy UAT App: - extends: - - .destroy_app - variables: - ENV_TYPE: "uat" - rules: - - !reference [.rules, on_mr_manual ] - - !reference [.rules, on_push_to_default_branch_manual ] - - !reference [.rules, on_push_to_master_branch_manual ] - needs: [] - environment: - name: persistent/uat - deployment_tier: testing - -Destroy Master App: - extends: - - .destroy_app - variables: - ENV_TYPE: "master" - rules: - - !reference [.rules, on_mr_manual ] - - !reference [.rules, on_push_to_default_branch_manual ] - - !reference [.rules, on_push_to_master_branch_manual ] - needs: [] - environment: - name: persistent/master - deployment_tier: testing - -# API Tests: -# stage: application -# needs: ["API Test app deploy", "API Test contracts"] -# image: !reference [.images, python ] -# <<: *env_resolve_init -# rules: -# - !reference [.rules, on_mr ] -# - !reference [.rules, on_push_to_default_branch ] -# - !reference [.rules, on_push_to_master_branch ] -# dependencies: -# - API Test contracts -# script: -# - set -e -# - cd backend -# - !reference [ .scripts, poetry_install ] -# # Wait for Argo app -# - bash $CI_PROJECT_DIR/ci/argocd/wait_for_app.sh -# - export ETH_RPC_PROVIDER_URL=https://$(bash $CI_PROJECT_DIR/ci/argocd/get_rpc_url.sh) -# - export SUBGRAPH_ENDPOINT=https://$(bash $CI_PROJECT_DIR/ci/argocd/get_graph_url.sh)/subgraphs/name/octant -# # Run the API tests -# - set +e -# - poetry run pytest --onlyapi || PYTEST_EXIT_CODE=$? -# - set -e -# # Trigger the stop job -# - | -# JOB_ID=$(curl --fail -s -XGET --header "PRIVATE-TOKEN: $CI_JOB_CONTROLLER" https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs | jq '.[] | select(.name == "Destroy API Test App") | .id') - -# curl -s --fail -X POST \ -# -H "PRIVATE-TOKEN: $CI_JOB_CONTROLLER" \ -# "$CI_API_V4_URL/projects/$CI_PROJECT_ID/jobs/$JOB_ID/play" -# - exit $PYTEST_EXIT_CODE -# variables: -# ENV_TYPE: "apitest" -# CHAIN_ID: "1337" -# CHAIN_NAME: "localhost" -# OCTANT_BACKEND_SECRET_KEY: "some-random-key" -# OCTANT_ENV: "production" -# cache: -# - key: $CI_COMMIT_REF_SLUG-poetry-backend -# policy: pull -# paths: -# - backend/.venv - -E2E Epoch 2: - stage: application - needs: ["E2E app deploy"] - image: !reference [.images, synpress ] - <<: *env_resolve_init - rules: - - !reference [.rules, on_mr] - - !reference [.rules, on_push_to_default_branch ] - - !reference [.rules, on_push_to_master_branch ] - artifacts: - when: on_failure - name: cypress - paths: - - client/cypress/videos - - client/cypress/screenshots - expire_in: 3 days - cache: - - key: $CI_COMMIT_REF_SLUG-yarn-client - policy: pull - paths: - - client/.yarn - - client/node-modules - - key: $CI_COMMIT_REF_SLUG-yarn-root - policy: pull - paths: - - node_modules - - .yarn - script: - - set -e - # Setup NVM to use Node version 16 - - source /usr/share/nvm/init-nvm.sh - - nvm use 16 - - npm i -g yarn - - cd client - - yarn install --cache-folder .yarn --frozen-lockfile --prefer-offline --no-audit - # Wait for the E2E app to become ready - - bash $CI_PROJECT_DIR/ci/argocd/wait_for_app.sh - - export OCTANT_BASE_URL=https://$(bash $CI_PROJECT_DIR/ci/argocd/get_web_client_url.sh) - - set +e - - yarn synpress:run || CY_EXIT_CODE=$? - - if [[ "$CY_EXIT_CODE" == "0" ]]; then rm -r $CI_PROJECT_DIR/client/cypress/videos $CI_PROJECT_DIR/client/cypress/screenshots; fi - - set -e - # Trigger the stop job - - | - JOB_ID=$(curl --fail -s -XGET --header "PRIVATE-TOKEN: $CI_JOB_CONTROLLER" https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs | jq '.[] | select(.name == "Destroy E2E App") | .id') - - curl -s --fail -X POST \ - -H "PRIVATE-TOKEN: $CI_JOB_CONTROLLER" \ - "$CI_API_V4_URL/projects/$CI_PROJECT_ID/jobs/$JOB_ID/play" - - exit $CY_EXIT_CODE - variables: - ENV_TYPE: "e2e" - CYPRESS_DOCKER_RUN: "true" - CI: "true" - METAMASK_VERSION: "10.25.0" - -Deploy Release Candidate app: - stage: deploy - image: !reference [.images, alpine_git] - rules: - - !reference [.rules, on_push_to_master_branch_manual] - - !reference [.rules, on_release_branch_manual] - resource_group: production - variables: - ARGO_REPOSITORY: "https://wildland-bot:${HOUSEKEEPER_CI_TOKEN}@gitlab.com/golemfoundation/devops/iac/k8s/wildland-k8s-devops.git" - ARGO_REPOSITORY_BRANCH: "gitlab/octant-testing" - script: | - set -ex - apk add gpg-agent yq - gpg --import <(echo $HOUSEKEEPER_GPG_KEY | base64 -d) - git config --global user.name "Wildland Housekeeper" - git config --global user.email "$HOUSEKEEPER_EMAIL" - git config --global user.signingkey $HOUSEKEEPER_GPG_KEY_ID - - GIT_DIR=`mktemp -d` - git clone -b $ARGO_REPOSITORY_BRANCH $ARGO_REPOSITORY $GIT_DIR - - cd $GIT_DIR - - echo '(debug) before update ===' - cat mainnet/octant-image.values.yaml - cat testnet/octant-image.values.yaml - echo '(end debug) ===' - - yq -i -e ".[].value.value = \"$IMAGE_TAG\"" mainnet/octant-image.values.yaml - yq -i -e ".[].value.value = \"$IMAGE_TAG\"" testnet/octant-image.values.yaml - - echo '(debug) after update ===' - cat mainnet/octant-image.values.yaml - cat testnet/octant-image.values.yaml - echo '(end debug) ===' - - git add mainnet/octant-image.values.yaml - git add testnet/octant-image.values.yaml - git commit -S -m "Changed octant image tag to $IMAGE_TAG at $(date +%Y-%m-%d)" || true - - git push - environment: - name: persistent/prod - url: https://client.testnet.octant.wildland.dev - -Deploy production app: - stage: deploy - rules: - - !reference [.rules, on_version_tag] - variables: - DEV_IMAGE_TAG: $CI_COMMIT_SHA - PROD_IMAGE_TAG: $CI_COMMIT_TAG - trigger: - project: golemfoundation/devops/pipelines/octant-production - branch: master diff --git a/ci/Dockerfile.backend b/ci/Dockerfile.backend index cc1916ad88..9951b2cdd3 100644 --- a/ci/Dockerfile.backend +++ b/ci/Dockerfile.backend @@ -1,4 +1,4 @@ -FROM local-docker-registry.wildland.dev/acidrain/python-poetry:3.11-slim-1.5.1 +FROM acidrain/python-poetry:3.11-slim-1.5.1 WORKDIR /app diff --git a/ci/Dockerfile.client b/ci/Dockerfile.client index 6e9129cb26..484b2a954d 100644 --- a/ci/Dockerfile.client +++ b/ci/Dockerfile.client @@ -1,4 +1,4 @@ -FROM local-docker-registry.wildland.dev/library/node:16-alpine +FROM node:16-alpine WORKDIR /app COPY package.json yarn.lock ./ RUN yarn install --ignore-scripts --frozen-lockfile && yarn cache clean diff --git a/ci/Dockerfile.coin-prices-server b/ci/Dockerfile.coin-prices-server index 782ac58a1d..46da6a2a86 100644 --- a/ci/Dockerfile.coin-prices-server +++ b/ci/Dockerfile.coin-prices-server @@ -1,4 +1,4 @@ -FROM local-docker-registry.wildland.dev/library/node:16-alpine AS root +FROM node:16-alpine AS root WORKDIR /app COPY package.json yarn.lock ./ diff --git a/ci/Dockerfile.contracts-v1 b/ci/Dockerfile.contracts-v1 index 73c9a0f753..74539d8ae2 100644 --- a/ci/Dockerfile.contracts-v1 +++ b/ci/Dockerfile.contracts-v1 @@ -1,4 +1,4 @@ -FROM local-docker-registry.wildland.dev/library/node:16-alpine AS root +FROM node:16-alpine AS root WORKDIR /app FROM root AS build diff --git a/ci/Dockerfile.subgraph b/ci/Dockerfile.subgraph index 032b1b0354..064fe454cc 100644 --- a/ci/Dockerfile.subgraph +++ b/ci/Dockerfile.subgraph @@ -1,4 +1,4 @@ -FROM local-docker-registry.wildland.dev/library/node:16-alpine AS root +FROM node:16-alpine AS root WORKDIR /app FROM root AS build diff --git a/ci/argocd/application.sh b/ci/argocd/application.sh index 34d8a842df..c7ba677ef3 100644 --- a/ci/argocd/application.sh +++ b/ci/argocd/application.sh @@ -5,7 +5,7 @@ set -exa ACTION=$1 ARGO_REPOSITORY="https://wildland-bot:${HOUSEKEEPER_CI_TOKEN}@gitlab.com/golemfoundation/devops/iac/k8s/wildland-k8s-devops.git" -ARGO_REPOSITORY_BRANCH="octant" +ARGO_REPOSITORY_BRANCH="github/octant-ci-cd" set +a @@ -64,7 +64,7 @@ if [[ "$ACTION" == "create" ]]; then elif [[ "$ACTION" == "update" ]]; then if [[ "$NETWORK_NAME" == "local" || "$NETWORK_NAME" == "localhost" ]]; then - export FRONTEND_RPC_URL=https://$(bash $CI_PROJECT_DIR/ci/argocd/get_rpc_url.sh) + export FRONTEND_RPC_URL; FRONTEND_RPC_URL=https://$(bash $CI_PROJECT_DIR/ci/argocd/get_rpc_url.sh) export BACKEND_RPC_URL=http://anvil:8545 else # This will make webclient use default (wagmi) endpoint diff --git a/ci/argocd/get_graph_url.sh b/ci/argocd/get_graph_url.sh index 0d978d2c09..c50eaa0390 100644 --- a/ci/argocd/get_graph_url.sh +++ b/ci/argocd/get_graph_url.sh @@ -8,7 +8,7 @@ URL=$(curl -s -H "Authorization: Bearer ${ARGOCD_ACCESS_TOKEN}" \ "${ARGOCD_URL}/api/v1/applications/${DEPLOYMENT_ID}/resource?namespace=${DEPLOYMENT_ID}&resourceName=graph-node-fake&version=v1&kind=Ingress&group=networking.k8s.io" \ | jq -r .manifest | jq -r '.spec.rules[0].host') -timeout --foreground -s TERM 180 bash -c \ +timeout --foreground -s TERM 300 bash -c \ 'until [[ "$(dig +short -t A ${0}.)" != "" ]]; do\ >&2 echo "[-] Waiting for ${0} nslookup" && sleep 10;\ done' $URL diff --git a/ci/argocd/get_rpc_url.sh b/ci/argocd/get_rpc_url.sh index 262659d756..27c87fcc0f 100644 --- a/ci/argocd/get_rpc_url.sh +++ b/ci/argocd/get_rpc_url.sh @@ -8,7 +8,7 @@ URL=$(curl -s -H "Authorization: Bearer ${ARGOCD_ACCESS_TOKEN}" \ "${ARGOCD_URL}/api/v1/applications/${DEPLOYMENT_ID}/resource?namespace=${DEPLOYMENT_ID}&resourceName=anvil-fake&version=v1&kind=Ingress&group=networking.k8s.io" \ | jq -r .manifest | jq -r '.spec.rules[0].host') -timeout --foreground -s TERM 180 bash -c \ +timeout --foreground -s TERM 300 bash -c \ 'until [[ "$(dig +short -t A ${0}.)" != "" ]]; do\ >&2 echo "[-] Waiting for ${0} nslookup" && sleep 10;\ done' $URL diff --git a/ci/argocd/get_web_client_url.sh b/ci/argocd/get_web_client_url.sh index 6a15fc8514..10ee1b9ae3 100644 --- a/ci/argocd/get_web_client_url.sh +++ b/ci/argocd/get_web_client_url.sh @@ -8,7 +8,7 @@ URL=$(curl -s -H "Authorization: Bearer ${ARGOCD_ACCESS_TOKEN}" \ "${ARGOCD_URL}/api/v1/applications/${DEPLOYMENT_ID}/resource?namespace=${DEPLOYMENT_ID}&resourceName=web-client-fake&version=v1&kind=Ingress&group=networking.k8s.io" \ | jq -r .manifest | jq -r '.spec.rules[0].host') -timeout --foreground -s TERM 180 bash -c \ +timeout --foreground -s TERM 300 bash -c \ 'until [[ "$(dig +short -t A ${0}.)" != "" ]]; do\ >&2 echo "[-] Waiting for ${0} nslookup" && sleep 10;\ done' $URL diff --git a/ci/argocd/resolve_env.sh b/ci/argocd/resolve_env.sh index c9754867b0..df33ec6b63 100644 --- a/ci/argocd/resolve_env.sh +++ b/ci/argocd/resolve_env.sh @@ -5,9 +5,9 @@ set -ex TYPE=$1 if [[ $CI_MERGE_REQUEST_IID ]]; then - CI_PREFIX="mr-${CI_MERGE_REQUEST_IID}" + APP_PREFIX="pr-${CI_MERGE_REQUEST_IID}" else - CI_PREFIX="app-${CI_PIPELINE_ID}" + APP_PREFIX="app-${CI_PIPELINE_ID}" fi export DEPLOYMENT_TYPE=$TYPE @@ -15,15 +15,15 @@ export DEPLOYMENT_TYPE=$TYPE if [[ "$TYPE" =~ ^(e2e|apitest)$ ]]; then ## E2E tests deployment ## the environment will be removed when after E2E tests are finished - export DEPLOYMENT_ID="${CI_PREFIX}-${TYPE}-${CI_PIPELINE_ID}" + export DEPLOYMENT_ID="${APP_PREFIX}-${TYPE}-${CI_PIPELINE_ID}" elif [[ "$TYPE" =~ ^(uat|master)$ ]]; then ## MASTER/UAT/other-persistent-envs ## contracts are never taken from a pre-defined, manually deployed set export DEPLOYMENT_ID="${TYPE}" export ENV_FILE="${TYPE}.env" -else # (assume mr/app) +else # (assume pr/app) ## Regular app deployment - ## the environment will be removed when MR is closed - ## the app- (non-mr) deployment may linger around if job fails to complete. - export DEPLOYMENT_ID="${CI_PREFIX}" + ## the environment will be removed when PR is closed + ## the app- (non-pr) deployment may linger around if job fails to complete. + export DEPLOYMENT_ID="${APP_PREFIX}" fi