-
Notifications
You must be signed in to change notification settings - Fork 1
134 lines (115 loc) · 4.69 KB
/
pr-pipeline.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
name: decentralized-feeder-pull-request-pipeline
on:
pull_request:
branches:
- master
workflow_dispatch: # This allows manual triggering
permissions:
contents: read
packages: write
jobs:
build_and_test:
runs-on: ubuntu-latest
steps:
# Checkout the repository
- uses: actions/checkout@v4
# Set up Go
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.22'
# Get dependencies
- name: Get dependencies
run: go mod tidy
# Build the Go application
- name: Build
run: go build -v ./...
# Test the Go application
- name: Test
run: go test -v ./...
push_image_and_deploy:
runs-on: ubuntu-latest
needs: build_and_test
environment:
name: dia-testspace # BEFORE GOING PUBLIC CHANGE THE ENV PROTENTIOC RULES TO INCLUDE THIS
steps:
# Checkout the repository
- uses: actions/checkout@v4
# Get Short Commit Hash of the Merge Commit
- name: Get Short Commit Hash
run: |
COMMIT_HASH=$(git rev-parse --short HEAD)
echo "COMMIT_HASH=$COMMIT_HASH" >> $GITHUB_ENV
# Checkout the cluster-backend repository
- name: Checkout cluster-backend repository
env:
TOKEN: ${{ secrets.PIPELINE_TOKEN }}
run: |
git clone -q https://$TOKEN@github.com/diadata-org/cluster-backend cluster-backend
# Install IBM Cloud CLI and Container Registry CLI
- name: Install IBM Cloud CLI
run: |
curl -fsSL https://clis.cloud.ibm.com/install/linux | sh
ibmcloud plugin install container-registry -f
# Log in to IBM Cloud
- name: Log in to IBM Cloud
env:
IBM_CLOUD_API_KEY: ${{ secrets.IBM_CLOUD_API_KEY }}
run: |
ibmcloud login --apikey $IBM_CLOUD_API_KEY --no-region
ibmcloud target -r us-south
ibmcloud target -g Default
# Build and Tag the Docker image with the commit hash
- name: Build and Tag Docker image
run: |
docker build -f build/Dockerfile-diaDecentralOracleService -t us.icr.io/dia-registry/oracles/diadecentraloracleservice:commit-hash-${{ env.COMMIT_HASH }} .
# Push the Docker image to IBM Cloud Container Registry
- name: Push Docker image
run: |
ibmcloud cr login
docker push us.icr.io/dia-registry/oracles/diadecentraloracleservice:commit-hash-${{ env.COMMIT_HASH }}
# Install kubectl
- name: Install kubectl
run: |
curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
- name: IBM Cluster kubectl config
env:
TOKEN: ${{ secrets.K8S_SERVICE_ACCOUNT_TOKEN }}
CLUSTER_NAME: ${{ secrets.K8s_CLUSTER_NAME_IBM }}
CONTEXT: ${{ secrets.K8s_CONTEXT_IBM }}
API_SERVER: ${{ secrets.K8S_API_SERVER_IBM }}
KUBE_CA_CERT_BASE64: ${{ secrets.KUBE_CA_CERT_BASE64_IBM }}
SERVICE_ACCOUNT: ${{ secrets.K8S_SA }}
run: |
# Ensure token does not contain unexpected newline characters
TOKEN=$(echo "$TOKEN" | tr -d '\n')
# Decode the base64-encoded CA certificate and save it to a file
echo "$KUBE_CA_CERT_BASE64" | base64 --decode > /tmp/ca.pem
# Set cluster using the CA PEM file
kubectl config set-cluster "$CLUSTER_NAME" \
--server="$API_SERVER" \
--certificate-authority=/tmp/ca.pem
# Set credentials
kubectl config set-credentials $SERVICE_ACCOUNT --token="$TOKEN"
# Set context
kubectl config set-context $CONTEXT --cluster="$CLUSTER_NAME" --user=$SERVICE_ACCOUNT
# Use context
kubectl config use-context $CONTEXT
# Helm upgrade command with the commit hash tag
- name: Helm upgrade/install conduit-node-011
run: |
cd cluster-backend/helmcharts/oracles/conduit-test/011-testspace
helm upgrade --install -n dia-testspace --set repository.tag="commit-hash-${{ env.COMMIT_HASH }}" diaoracleservice-conduit-011 .
# Clean up CA certificate immediately
if [ -f /tmp/ca.pem ]; then shred -u /tmp/ca.pem; fi
- name: Cleanup IBM Cluster CA Certificate
run: |
# Securely remove the CA certificate file
if [ -f /tmp/ca.pem ]; then shred -u /tmp/ca.pem; fi
# Cleanup the cloned repository
- name: Cleanup cloned repository and log out from IBM
run: |
rm -rf cluster-backend
ibmcloud logout