feat: upgrade sns canisters for entire network (#101) #172
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to Fly on push to main | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| build_check: | |
| uses: ./.github/workflows/build-check.yml | |
| with: | |
| publish-artifact: true | |
| deploy: | |
| name: Deploy | |
| needs: build_check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Download build | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build-musl | |
| - name: Setup dfx | |
| uses: dfinity/setup-dfx@main | |
| - name: Test pem file | |
| run: | | |
| touch actions_identity.pem | |
| echo "$RECLAIM_CANISTER_PEM" > actions_identity.pem | |
| dfx identity import --storage-mode=plaintext actions actions_identity.pem | |
| dfx identity use actions | |
| dfx identity list | |
| env: | |
| RECLAIM_CANISTER_PEM: | | |
| ${{ secrets.HOT_OR_NOT_OFF_CHAIN_AGENT_CANISTER_PRIVILEGED_IDENTITY_SECRET_KEY }} | |
| - run: chmod +x target/x86_64-unknown-linux-musl/release/icp-off-chain-agent | |
| - uses: superfly/flyctl-actions/setup-flyctl@master | |
| - name: Set cloudflare token | |
| run: | | |
| flyctl secrets set "CF_R2_ACCESS_KEY_TEMP=$CF_R2_ACCESS_KEY_TEMP" --app "icp-off-chain-agent" --stage | |
| flyctl secrets set "CF_R2_SECRET_ACCESS_KEY_TEMP=$CF_R2_SECRET_ACCESS_KEY_TEMP" --app "icp-off-chain-agent" --stage | |
| flyctl secrets set "CF_WORKER_ACCESS_OFF_CHAIN_AGENT_KEY=$CF_WORKER_ACCESS_OFF_CHAIN_AGENT_KEY" --app "icp-off-chain-agent" --stage | |
| flyctl secrets set "RECLAIM_CANISTER_PEM=$RECLAIM_CANISTER_PEM" --app "icp-off-chain-agent" --stage | |
| flyctl secrets set "GOOGLE_SA_KEY=$GOOGLE_SA_KEY" --app "icp-off-chain-agent" --stage | |
| flyctl secrets set "GRPC_AUTH_TOKEN=$GRPC_AUTH_TOKEN" --app "icp-off-chain-agent" --stage | |
| flyctl secrets set "YRAL_METADATA_TOKEN=$YRAL_METADATA_TOKEN" --app "icp-off-chain-agent" --stage | |
| flyctl secrets set "UPSTASH_VECTOR_READ_WRITE_TOKEN=$UPSTASH_VECTOR_READ_WRITE_TOKEN" --app "icp-off-chain-agent" --stage | |
| flyctl secrets set "ML_SERVER_JWT_TOKEN=$ML_SERVER_JWT_TOKEN" --app "icp-off-chain-agent" --stage | |
| flyctl secrets set "CLOUDFLARE_STREAM_READ_AND_LIST_ACCESS_TOKEN=$CLOUDFLARE_STREAM_READ_AND_LIST_ACCESS_TOKEN" --app "icp-off-chain-agent" --stage | |
| flyctl secrets set HOTORNOT_CF_ACCOUNT_ID="a209c523d2d9646cc56227dbe6ce3ede" --app "icp-off-chain-agent" --stage | |
| flyctl secrets set MLFEED_JWT_PUBLIC_KEY="MCowBQYDK2VwAyEA1Lpv21H9dsqetmqzeNunPvCNLZM4XpsZPSquHSO7OYw=" --app "icp-off-chain-agent" --stage | |
| flyctl secrets set QSTASH_CURRENT_SIGNING_KEY="$QSTASH_CURRENT_SIGNING_KEY" --app "icp-off-chain-agent" --stage | |
| flyctl secrets set CF_IMAGES_API_TOKEN="$CF_IMAGES_API_TOKEN" --app "icp-off-chain-agent" --stage | |
| flyctl secrets set NSFW_GRPC_TOKEN="$NSFW_GRPC_TOKEN" --app "icp-off-chain-agent" --stage | |
| flyctl secrets set QSTASH_AUTH_TOKEN="$QSTASH_AUTH_TOKEN" --app "icp-off-chain-agent" --stage | |
| env: | |
| FLY_API_TOKEN: ${{ secrets.HOT_OR_NOT_OFF_CHAIN_AGENT_FLY_IO_GITHUB_ACTION }} | |
| CF_R2_ACCESS_KEY_TEMP: ${{ secrets.HOT_OR_NOT_OFF_CHAIN_AGENT_CLOUDFLARE_R2_ACCESS_KEY_ID }} | |
| CF_R2_SECRET_ACCESS_KEY_TEMP: ${{ secrets.HOT_OR_NOT_OFF_CHAIN_AGENT_CLOUDFLARE_R2_SECRET_ACCESS_KEY }} | |
| CF_WORKER_ACCESS_OFF_CHAIN_AGENT_KEY: ${{ secrets.CF_WORKER_ACCESS_OFF_CHAIN_AGENT_KEY }} | |
| RECLAIM_CANISTER_PEM: ${{ secrets.HOT_OR_NOT_OFF_CHAIN_AGENT_CANISTER_PRIVILEGED_IDENTITY_SECRET_KEY }} | |
| GOOGLE_SA_KEY: ${{ secrets.YRAL_OFF_CHAIN_AGENT_GOOGLE_CLOUD_SERVICE_ACCOUNT_JSON_KEY }} | |
| GRPC_AUTH_TOKEN: ${{ secrets.OFF_CHAIN_AGENT_GRPC_AUTH_TOKEN }} | |
| YRAL_METADATA_TOKEN: ${{ secrets.YRAL_AUTH_METADATA_SERVICE_ACCESS_JWT_TOKEN_FOR_OFFCHAIN_AGENT }} | |
| UPSTASH_VECTOR_READ_WRITE_TOKEN: ${{ secrets.UPSTASH_VECTOR_READ_WRITE_TOKEN }} | |
| ML_SERVER_JWT_TOKEN: ${{ secrets.ML_SERVER_JWT_TOKEN }} | |
| CLOUDFLARE_STREAM_READ_AND_LIST_ACCESS_TOKEN: ${{ secrets.CLOUDFLARE_STREAM_READ_AND_LIST_ACCESS_TOKEN }} | |
| QSTASH_CURRENT_SIGNING_KEY: ${{ secrets.QSTASH_CURRENT_SIGNING_KEY }} | |
| CF_IMAGES_API_TOKEN: ${{ secrets.CLOUDFLARE_IMAGES_READ_AND_WRITE_API_TOKEN }} | |
| NSFW_GRPC_TOKEN: ${{ secrets.TOKEN_TO_SIGN_OUTGOING_CALLS_TO_NSFW_DETECT_SERVICE }} | |
| QSTASH_AUTH_TOKEN: ${{ secrets.QSTASH_TOKEN }} | |
| - name: Deploy a docker container to fly.io | |
| run: flyctl deploy --remote-only -c fly-prod.toml | |
| env: | |
| FLY_API_TOKEN: ${{ secrets.HOT_OR_NOT_OFF_CHAIN_AGENT_FLY_IO_GITHUB_ACTION }} |