Skip to content

Commit

Permalink
Start using Artifactory for CI/CD in favour of Docker Registry
Browse files Browse the repository at this point in the history
Due security reasons, we had to stop using the dispatch token and
start using the GitHub App in order to trigger the deployment in
argo.  Because argo is a private repository, we can't trigger from
a public one (juno), so then we start to change the approach to first
push the docker images to jFrog Artifactory, then argo will be notified
that a new image was pushed, then it will trigger the deployment

Extra Tasks:
- Run YAML formatter on build-and-deploy workflow:
Having a well formated file makes it easier to read and for people
to contribute

- Remove unnecessary IMAGE_TAG from build-and-deploy.yml:
Instead of using both env.DOCKER_IMAGE_TAG and output.IMAGE_TAG, only
use one of them.

- Improve readability of stages in build-and-deploy.yml:
Rename stages to make it easier to understand what's going on.
For example from 'deploy_to_dev' to 'validate_dev' in order to
include that some tests will be run on the environment

- Set common env var in the root of the file:
Some of the env vars are being used in multiple stages,
so instead of having to hard-code some small differences
in multiple places, bring it all back to a root level
where it's easier to see what changes for what environment.
  • Loading branch information
derrix060 authored and kirugan committed Jun 28, 2024
1 parent d554fbf commit dfbedca
Showing 1 changed file with 63 additions and 91 deletions.
154 changes: 63 additions & 91 deletions .github/workflows/build-and-deploy.yml
Original file line number Diff line number Diff line change
@@ -1,166 +1,138 @@
name: Docker Build, Publish and Deploy

env:
DOCKER_REGISTRY: nethermind.jfrog.io

REPO_DEV: angkor-docker-local-dev
REPO_STAGING: angkor-docker-local-staging
REPO_PROD: angkor-docker-local-prod


on:
push:
branches: [main]
tags: ['v*']
tags: ["v*"]
workflow_dispatch:

permissions:
id-token: write
contents: write

jobs:
docker_build_and_publish:
build_docker_image:
runs-on: ubuntu-latest
outputs:
IMAGE_TAG: ${{ steps.image_tag.outputs.IMAGE_TAG }}

steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Define_docker_image_tag
id: image_tag

- name: Define image tag
run: |
echo "DOCKER_IMAGE_TAG=$(git describe --tags)" >> $GITHUB_ENV
echo "IMAGE_TAG=$(git describe --tags)" >> "$GITHUB_OUTPUT"
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}


- name: Login to registry
run: |
docker login ${{ env.DOCKER_REGISTRY }} -u ${{ vars.ARTIFACTORY_ANGKOR_USER }} -p ${{ secrets.ARTIFACTORY_ANGKOR_CONTRIBUTOR }}
- name: Build and Push
uses: docker/build-push-action@v5
with:
context: .
platforms: 'linux/amd64'
platforms: "linux/amd64"
push: true
tags: nethermindeth/juno:${{ env.DOCKER_IMAGE_TAG }}

deploy_to_dev:
tags: ${{ env.DOCKER_REGISTRY }}/${{ env.REPO_DEV }}/juno:${{ env.DOCKER_IMAGE_TAG }}


validate_dev:
permissions:
id-token: write
contents: write
needs: [docker_build_and_publish]
needs: [build_docker_image]
runs-on: ubuntu-latest
environment:
environment:
name: Development
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Repository Dispatch Dev
env:
EVENT_NAME: juno-dev
IMAGE_TAG: ${{ needs.docker_build_and_publish.outputs.IMAGE_TAG }}
SEPOLIA: apps/juno-dev/overlays/dev-sepolia/config.yaml
run: |
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: token ${{ secrets.ACCESS_TOKEN }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/NethermindEth/argo/dispatches \
-d '{"event_type": "${{ env.EVENT_NAME }}", "client_payload":{"name": "${{ env.EVENT_NAME }}", "sepolia_config": "${{ env.SEPOLIA }}", "tag": "${{ env.IMAGE_TAG }}"}}'
- name: Verify Deployment Version (Dev)
run: bash .github/workflow-scripts/verify_deployment.sh ${{ secrets.DEV_SEPOLIA_URL }} ${{ needs.docker_build_and_publish.outputs.IMAGE_TAG }}
run: bash .github/workflow-scripts/verify_deployment.sh ${{ secrets.DEV_SEPOLIA_URL }} ${{ env.DOCKER_IMAGE_TAG }}

dev-starknet-rs-tests:
needs: [deploy_to_dev]
needs: [validate_dev]
uses: ./.github/workflows/starknet-rs-tests.yml
secrets:
STARKNET_RPC: ${{ secrets.DEV_SEPOLIA_URL }}/v0_6

dev-starknet-js-tests:
needs: [deploy_to_dev]
needs: [validate_dev]
uses: ./.github/workflows/starknet-js-tests.yml
secrets:
TEST_RPC_URL: ${{ secrets.DEV_SEPOLIA_URL }}/v0_7
TEST_ACCOUNT_ADDRESS: ${{ secrets.TEST_ACCOUNT_ADDRESS }}
TEST_ACCOUNT_PRIVATE_KEY: ${{ secrets.TEST_ACCOUNT_PRIVATE_KEY }}
deploy_to_staging:
needs: [docker_build_and_publish, deploy_to_dev]

promote_to_staging:
needs: [build_docker_image, validate_dev]
runs-on: ubuntu-latest
environment:
environment:
name: Staging
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Repository Dispatch Staging
env:
EVENT_NAME: juno-staging
IMAGE_TAG: ${{ needs.docker_build_and_publish.outputs.IMAGE_TAG }}
MAINNET: apps/juno-staging/overlays/staging-mainnet/config.yaml
SEPOLIA: apps/juno-staging/overlays/staging-sepolia/config.yaml
SEPOLIA_INTEGRATION: apps/juno-staging/overlays/staging-sepolia-integration/config.yaml
run: |
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: token ${{ secrets.ACCESS_TOKEN }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/NethermindEth/argo/dispatches \
-d '{"event_type": "${{ env.EVENT_NAME }}", "client_payload":{"name": "${{ env.EVENT_NAME }}", "mainnet_config": "${{ env.MAINNET }}", "sepolia_config": "${{ env.SEPOLIA }}", "sepolia_integration_config": "${{ env.SEPOLIA_INTEGRATION}}", "tag": "${{ env.IMAGE_TAG }}"}}'
- name: Verify Deployment Version (Staging)
run: bash .github/workflow-scripts/verify_deployment.sh ${{ secrets.STAGING_SEPOLIA_URL }} ${{ needs.docker_build_and_publish.outputs.IMAGE_TAG }}
steps:
- name: Setup JFrog CLI
uses: jfrog/setup-jfrog-cli@v4
env:
JF_URL: ${{ vars.JFROG_URL}}
JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ANGKOR_CONTRIBUTOR }}

- name: Promote to Staging
run: |
jf rt dpr juno/${{ env.DOCKER_IMAGE_TAG }} ${{ env.REPO_DEV }} ${{ env.REPO_STAGING }}
staging-starknet-rs-tests:
needs: [deploy_to_staging]
needs: [promote_to_staging]
uses: ./.github/workflows/starknet-rs-tests.yml
secrets:
STARKNET_RPC: ${{ secrets.STAGING_SEPOLIA_URL }}/v0_6

staging-starknet-js-tests:
needs: [deploy_to_staging]
needs: [promote_to_staging]
uses: ./.github/workflows/starknet-js-tests.yml
secrets:
TEST_RPC_URL: ${{ secrets.STAGING_SEPOLIA_URL }}/v0_7
TEST_ACCOUNT_ADDRESS: ${{ secrets.TEST_ACCOUNT_ADDRESS }}
TEST_ACCOUNT_PRIVATE_KEY: ${{ secrets.TEST_ACCOUNT_PRIVATE_KEY }}

deploy_to_production:
needs: [docker_build_and_publish, deploy_to_staging]
promote_to_production:
needs: [build_docker_image, promote_to_staging]
runs-on: ubuntu-latest
environment:
name: Production
steps:
- name: Repository Dispatch Prod
env:
EVENT_NAME: juno-prod
IMAGE_TAG: ${{ needs.docker_build_and_publish.outputs.IMAGE_TAG }}
MAINNET: apps/juno-prod/overlays/prod-mainnet/config.yaml
SEPOLIA: apps/juno-prod/overlays/prod-sepolia/config.yaml
SEPOLIA_INTEGRATION: apps/juno-prod/overlays/prod-sepolia-integration/config.yaml
- name: Setup JFrog CLI
uses: jfrog/setup-jfrog-cli@v4
env:
JF_URL: ${{ vars.JFROG_URL}}
JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ANGKOR_CONTRIBUTOR }}

- name: Promote to Production
run: |
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: token ${{ secrets.ACCESS_TOKEN }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/NethermindEth/argo/dispatches \
-d '{"event_type": "${{ env.EVENT_NAME }}", "client_payload":{"name": "${{ env.EVENT_NAME }}", "mainnet_config": "${{ env.MAINNET }}", "sepolia_config": "${{ env.SEPOLIA }}", "sepolia_integration_config": "${{ env.SEPOLIA_INTEGRATION }}", "tag": "${{ env.IMAGE_TAG }}"}}'
jf rt dpr juno/${{ env.DOCKER_IMAGE_TAG }} ${{ env.REPO_STAGING }} ${{ env.REPO_PROD }}
prod-starknet-rs-tests:
needs: [deploy_to_production]
needs: [promote_to_production]
uses: ./.github/workflows/starknet-rs-tests.yml
secrets:
STARKNET_RPC: ${{ secrets.PROD_SEPOLIA_URL }}/v0_6

prod-starknet-js-tests:
needs: [deploy_to_production]
needs: [promote_to_production]
uses: ./.github/workflows/starknet-js-tests.yml
secrets:
TEST_RPC_URL: ${{ secrets.PROD_SEPOLIA_URL }}/v0_7
TEST_ACCOUNT_ADDRESS: ${{ secrets.TEST_ACCOUNT_ADDRESS }}
TEST_ACCOUNT_PRIVATE_KEY: ${{ secrets.TEST_ACCOUNT_PRIVATE_KEY }}
TEST_ACCOUNT_PRIVATE_KEY: ${{ secrets.TEST_ACCOUNT_PRIVATE_KEY }}

0 comments on commit dfbedca

Please sign in to comment.