-
Notifications
You must be signed in to change notification settings - Fork 21
357 lines (320 loc) · 12.8 KB
/
dev-cd.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
# Copyright (c) 2018-2022 The MobileCoin Foundation
#
# MobileCoin full-service: Deploy and run integration tests.
name: Development CD
env:
CHART_REPO: https://harbor.mobilecoin.com/chartrepo/mobilecoinofficial-public
DOCKER_ORG: mobilecoin
on:
pull_request:
branches:
- main
- release/**
concurrency:
group: full-service-dev-cd-${{ github.head_ref || github.ref }}
cancel-in-progress: true
jobs:
build:
strategy:
matrix:
network:
- chain_id: test
# - chain_id: main
runs-on: [self-hosted, Linux, large-cd]
container:
image: mobilecoin/rust-sgx-base:v0.0.27
steps:
- name: Checkout
uses: mobilecoinofficial/gh-actions/checkout@v0
- name: Cache rust build binaries
id: rust_artifact_cache
uses: mobilecoinofficial/gh-actions/cache-rust-binaries@v0
with:
cache_buster: ${{ vars.CACHE_BUSTER }}
additional_keys: ${{ matrix.network.chain_id }}
# Skip the following steps if we already have binaries.
- name: Cache cargo packages
if: "! steps.rust_artifact_cache.outputs.cache-hit"
uses: mobilecoinofficial/gh-actions/cache-cargo-packages@v0
with:
cache_buster: ${{ vars.CACHE_BUSTER }}
additional_keys: ${{ matrix.network.chain_id }}
- name: Build all binaries
if: "! steps.rust_artifact_cache.outputs.cache-hit"
env:
BUILD_OPTIONS: "--locked"
run: |
tools/build-fs.sh ${{ matrix.network.chain_id }}
- name: Copy artifacts to cache
if: "! steps.rust_artifact_cache.outputs.cache-hit"
run: |
mkdir -p rust_build_artifacts/${{ matrix.network.chain_id }}
find target/release -maxdepth 1 -executable -type f -exec cp "{}" rust_build_artifacts/${{ matrix.network.chain_id }} \;
find target/release -maxdepth 1 -name "*.css" -exec cp "{}" rust_build_artifacts/${{ matrix.network.chain_id }} \;
publish:
strategy:
matrix:
network:
- chain_id: test
peer: mc://node1.test.mobilecoin.com/,mc://node2.test.mobilecoin.com/
tx_source_url: https://s3-us-west-1.amazonaws.com/mobilecoin.chain/node1.test.mobilecoin.com/,https://s3-us-west-1.amazonaws.com/mobilecoin.chain/node2.test.mobilecoin.com/
# - chain_id: main
# peer: mc://node1.prod.mobilecoinww.com/,mc://node2.prod.mobilecoinww.com/
# tx_source_url: https://ledger.mobilecoinww.com/node1.prod.mobilecoinww.com/,https://ledger.mobilecoinww.com/node2.prod.mobilecoinww.com/
runs-on: [self-hosted, Linux, small]
needs:
- build
steps:
- name: Checkout
uses: mobilecoinofficial/gh-actions/checkout@v0
- name: Generate version metadata
uses: mobilecoinofficial/gha-k8s-toolbox@v1
id: meta
with:
action: generate-metadata
prefix: fs
- name: Cache rust build binaries
id: rust_artifact_cache
uses: mobilecoinofficial/gh-actions/cache-rust-binaries@v0
with:
cache_buster: ${{ vars.CACHE_BUSTER }}
additional_keys: ${{ matrix.network.chain_id }}
- name: Generate Docker Tags
id: docker_meta
uses: docker/metadata-action@v4
with:
flavor: |
latest=false
suffix=-${{ matrix.network.chain_id }}
images: ${{ env.DOCKER_ORG }}/full-service
tags: ${{ steps.meta.outputs.docker_tag }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Publish to DockerHub
uses: docker/build-push-action@v4
with:
build-args: |
RUST_BIN_PATH=rust_build_artifacts/${{ matrix.network.chain_id }}
MC_CHAIN_ID=${{ matrix.network.chain_id }}
MC_PEER=${{ matrix.network.peer }}
MC_TX_SOURCE_URL=${{ matrix.network.tx_source_url }}
context: .
file: .internal-ci/docker/Dockerfile.full-service
labels: ${{ steps.docker_meta.outputs.labels }}
push: true
tags: ${{ steps.docker_meta.outputs.tags }}
- name: Package and publish "full-service" chart
uses: mobilecoinofficial/gha-k8s-toolbox@v1
with:
action: helm-publish
chart_repo_username: ${{ secrets.HARBOR_USERNAME }}
chart_repo_password: ${{ secrets.HARBOR_PASSWORD }}
chart_repo: ${{ env.CHART_REPO }}
chart_app_version: ${{ steps.meta.outputs.tag }}-${{ matrix.network.chain_id }}
chart_version: ${{ steps.meta.outputs.tag }}-${{ matrix.network.chain_id }}
chart_path: .internal-ci/helm/full-service
# - name: Package and publish "full-service-mirror" chart
# uses: mobilecoinofficial/gha-k8s-toolbox@v1
# with:
# action: helm-publish
# chart_repo_username: ${{ secrets.HARBOR_USERNAME }}
# chart_repo_password: ${{ secrets.HARBOR_PASSWORD }}
# chart_repo: ${{ env.CHART_REPO }}
# chart_app_version: ${{ steps.meta.outputs.tag }}-${{ matrix.network.chain_id }}
# chart_version: ${{ steps.meta.outputs.tag }}-${{ matrix.network.chain_id }}
# chart_path: .internal-ci/helm/full-service-mirror
deploy:
strategy:
matrix:
network:
- chain_id: test
# - chain_id: main
chart:
- full-service
# - full-service-mirror
runs-on: [self-hosted, Linux, small]
needs:
- publish
env:
BASE_PATH: .tmp/
steps:
- name: Checkout
uses: mobilecoinofficial/gh-actions/checkout@v0
- name: Generate version metadata
uses: mobilecoinofficial/gha-k8s-toolbox@v1
id: meta
with:
action: generate-metadata
prefix: ${{ matrix.chart }}-${{ matrix.network.chain_id }}
- name: Clean namespace
uses: mobilecoinofficial/gha-k8s-toolbox@v1
with:
action: namespace-delete
namespace: ${{ steps.meta.outputs.namespace }}
rancher_cluster: ${{ secrets.DEV_RANCHER_CLUSTER }}
rancher_url: ${{ secrets.DEV_RANCHER_URL }}
rancher_token: ${{ secrets.DEV_RANCHER_TOKEN }}
- name: Create namespace
uses: mobilecoinofficial/gha-k8s-toolbox@v1
with:
action: namespace-create
namespace: ${{ steps.meta.outputs.namespace }}
rancher_cluster: ${{ secrets.DEV_RANCHER_CLUSTER }}
rancher_url: ${{ secrets.DEV_RANCHER_URL }}
rancher_token: ${{ secrets.DEV_RANCHER_TOKEN }}
- name: Generate secrets files
run: |
mkdir -p "${BASE_PATH}/secrets"
echo -n "${{ secrets.MIRROR_PRIVATE_PEM }}" > "${BASE_PATH}/secrets/mirror-private.pem"
- name: Create mirror-private secrets
uses: mobilecoinofficial/gha-k8s-toolbox@v1
with:
action: secrets-create-from-file
namespace: ${{ steps.meta.outputs.namespace }}
rancher_cluster: ${{ secrets.DEV_RANCHER_CLUSTER }}
rancher_url: ${{ secrets.DEV_RANCHER_URL }}
rancher_token: ${{ secrets.DEV_RANCHER_TOKEN }}
object_name: private-client-msg-encryption
src: "${{ env.BASE_PATH }}/secrets"
- name: Generate full-service values file
run: |
mkdir -p "${BASE_PATH}"
cat <<EOF > "${BASE_PATH}/values.yaml"
fullService:
persistence:
enabled: false
validator:
persistence:
enabled: false
config:
ledgerDbURL: https://mcdeveu1ledger.blob.core.windows.net/${{ matrix.network.chain_id }}/data.mdb
EOF
- name: Deploy chart
uses: mobilecoinofficial/gha-k8s-toolbox@v1
with:
action: helm-deploy
chart_repo: ${{ env.CHART_REPO }}
chart_name: ${{ matrix.chart }}
chart_version: ${{ steps.meta.outputs.tag }}-${{ matrix.network.chain_id }}
chart_values: ${{ env.BASE_PATH }}/values.yaml
release_name: ${{ matrix.chart }}
namespace: ${{ steps.meta.outputs.namespace }}
rancher_cluster: ${{ secrets.DEV_RANCHER_CLUSTER }}
rancher_url: ${{ secrets.DEV_RANCHER_URL }}
rancher_token: ${{ secrets.DEV_RANCHER_TOKEN }}
# This will need to run on our self-hosted so it can connect to the privately deployed full-service.
integration-test:
strategy:
fail-fast: false
matrix:
network:
- chain_id: test
chart: full-service
fog_report_url: fog://fog.test.mobilecoin.com
mnemonic_secret: TEST_ACCOUNT_MNEMONIC_1
account_first_block_var: TEST_ACCOUNT_FIRST_BLOCK_INDEX_1
fog_authority_spki_var: TEST_FOG_AUTHORITY_SPKI
# - chain_id: test
# chart: full-service-mirror
# fog_report_url: fog://fog.test.mobilecoin.com
# mnemonic_secret: TEST_ACCOUNT_MNEMONIC_2
# account_first_block_var: TEST_ACCOUNT_FIRST_BLOCK_INDEX_2
# fog_authority_spki_var: TEST_FOG_AUTHORITY_SPKI
# - chain_id: main
# fog_report_url: fog://fog.prod.mobilecoinww.com
# mnemonic_secret: MAIN_ACCOUNT_MNEMONIC
# account_first_block_var: MAIN_ACCOUNT_FIRST_BLOCK_INDEX
# fog_authority_spki_var: MAIN_FOG_AUTHORITY_SPKI
runs-on: [self-hosted, Linux, small]
needs:
- deploy
container:
image: python:3.11
env:
POETRY_HOME: /opt/poetry
MC_WALLET_FILE: ${{ github.workspace }}/.tmp/wallet.json
steps:
- name: "Network: ${{ matrix.network.chain_id }} Chart: ${{ matrix.network.chart }}"
run: |
true
- name: Checkout
uses: mobilecoinofficial/gh-actions/checkout@v0
- name: Generate version metadata
uses: mobilecoinofficial/gha-k8s-toolbox@v1
id: meta
with:
action: generate-metadata
prefix: ${{ matrix.network.chart }}-${{ matrix.network.chain_id }}
- name: Setup wallet file
run: |
mkdir -p "$(dirname "${MC_WALLET_FILE}")"
cat << EOF > "${MC_WALLET_FILE}"
{
"name": "${{ matrix.network.mnemonic_secret }}",
"mnemonic": "${{ secrets[matrix.network.mnemonic_secret] }}",
"key_derivation_version": "2",
"first_block_index": ${{ vars[matrix.network.account_first_block_var] }},
"account_key": {
"fog_report_url": "${{ matrix.network.fog_report_url }}",
"fog_authority_spki": "${{ vars[matrix.network.fog_authority_spki_var] }}"
}
}
EOF
- name: Install Python Poetry env/package manager
run: |
curl -sSL https://install.python-poetry.org | python3 -
- name: Test full-service
env:
MC_FULL_SERVICE_HOST: http://full-service.${{ steps.meta.outputs.namespace }}.svc.cluster.local
MC_FULL_SERVICE_PORT: "9090"
MC_FOG_REPORT_URL: ${{ matrix.network.fog_report_url }}
MC_FOG_AUTHORITY_SPKI: ${{ vars[matrix.network.fog_authority_spki_var] }}
shell: bash
run: |
echo "MC_FULL_SERVICE_URL ${MC_FULL_SERVICE_URL}"
echo "MC_FOG_REPORT_URL ${MC_FOG_REPORT_URL}"
echo "MC_FOG_AUTHORITY_SPKI ${MC_FOG_AUTHORITY_SPKI}"
# Switch to testing directory and install dependencies.
pushd python || exit 1
"${POETRY_HOME}/bin/poetry" install
# Run tests.
"${POETRY_HOME}/bin/poetry" run pytest -v
popd || exit 0
# remove the testing environment after all tests are run successfully when this
# is triggered from a PR. For a feature branch, see dev-delete-cd.yaml
cleanup-after-run:
if: github.event_name == 'pull_request'
strategy:
fail-fast: false
matrix:
network:
- chain_id: test
# - chain_id: main
chart:
- full-service
# - full-service-mirror
runs-on: [self-hosted, Linux, small]
needs:
- integration-test
steps:
- name: Checkout
uses: mobilecoinofficial/gh-actions/checkout@v0
- name: Generate version metadata
uses: mobilecoinofficial/gha-k8s-toolbox@v1
id: meta
with:
action: generate-metadata
prefix: ${{ matrix.chart }}-${{ matrix.network.chain_id }}
- name: Delete namespace
uses: mobilecoinofficial/gha-k8s-toolbox@v1
with:
action: namespace-delete
namespace: ${{ steps.meta.outputs.namespace }}
rancher_cluster: ${{ secrets.DEV_RANCHER_CLUSTER }}
rancher_url: ${{ secrets.DEV_RANCHER_URL }}
rancher_token: ${{ secrets.DEV_RANCHER_TOKEN }}