From dfbedca3b44d257eb702d1539f9e094150b38acd Mon Sep 17 00:00:00 2001 From: Mario Apra Date: Tue, 25 Jun 2024 16:12:22 +0100 Subject: [PATCH] Start using Artifactory for CI/CD in favour of Docker Registry Due security reasons, we had to stop using the dispatch token and start using the GitHub App in order to trigger the deployment in argo. Because argo is a private repository, we can't trigger from a public one (juno), so then we start to change the approach to first push the docker images to jFrog Artifactory, then argo will be notified that a new image was pushed, then it will trigger the deployment Extra Tasks: - Run YAML formatter on build-and-deploy workflow: Having a well formated file makes it easier to read and for people to contribute - Remove unnecessary IMAGE_TAG from build-and-deploy.yml: Instead of using both env.DOCKER_IMAGE_TAG and output.IMAGE_TAG, only use one of them. - Improve readability of stages in build-and-deploy.yml: Rename stages to make it easier to understand what's going on. For example from 'deploy_to_dev' to 'validate_dev' in order to include that some tests will be run on the environment - Set common env var in the root of the file: Some of the env vars are being used in multiple stages, so instead of having to hard-code some small differences in multiple places, bring it all back to a root level where it's easier to see what changes for what environment. --- .github/workflows/build-and-deploy.yml | 154 ++++++++++--------------- 1 file changed, 63 insertions(+), 91 deletions(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index cdd37ab00c..cab2c5c192 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -1,9 +1,17 @@ name: Docker Build, Publish and Deploy +env: + DOCKER_REGISTRY: nethermind.jfrog.io + + REPO_DEV: angkor-docker-local-dev + REPO_STAGING: angkor-docker-local-staging + REPO_PROD: angkor-docker-local-prod + + on: push: branches: [main] - tags: ['v*'] + tags: ["v*"] workflow_dispatch: permissions: @@ -11,156 +19,120 @@ permissions: contents: write jobs: - docker_build_and_publish: + build_docker_image: runs-on: ubuntu-latest - outputs: - IMAGE_TAG: ${{ steps.image_tag.outputs.IMAGE_TAG }} + steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - - - name: Define_docker_image_tag - id: image_tag + + - name: Define image tag run: | echo "DOCKER_IMAGE_TAG=$(git describe --tags)" >> $GITHUB_ENV - echo "IMAGE_TAG=$(git describe --tags)" >> "$GITHUB_OUTPUT" - + - name: Setup Docker Buildx uses: docker/setup-buildx-action@v3 - - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - + + - name: Login to registry + run: | + docker login ${{ env.DOCKER_REGISTRY }} -u ${{ vars.ARTIFACTORY_ANGKOR_USER }} -p ${{ secrets.ARTIFACTORY_ANGKOR_CONTRIBUTOR }} + - name: Build and Push uses: docker/build-push-action@v5 with: context: . - platforms: 'linux/amd64' + platforms: "linux/amd64" push: true - tags: nethermindeth/juno:${{ env.DOCKER_IMAGE_TAG }} - - deploy_to_dev: + tags: ${{ env.DOCKER_REGISTRY }}/${{ env.REPO_DEV }}/juno:${{ env.DOCKER_IMAGE_TAG }} + + + validate_dev: permissions: id-token: write contents: write - needs: [docker_build_and_publish] + needs: [build_docker_image] runs-on: ubuntu-latest - environment: + environment: name: Development steps: - name: Checkout uses: actions/checkout@v4 - - name: Repository Dispatch Dev - env: - EVENT_NAME: juno-dev - IMAGE_TAG: ${{ needs.docker_build_and_publish.outputs.IMAGE_TAG }} - SEPOLIA: apps/juno-dev/overlays/dev-sepolia/config.yaml - run: | - curl -L \ - -X POST \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: token ${{ secrets.ACCESS_TOKEN }}" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/repos/NethermindEth/argo/dispatches \ - -d '{"event_type": "${{ env.EVENT_NAME }}", "client_payload":{"name": "${{ env.EVENT_NAME }}", "sepolia_config": "${{ env.SEPOLIA }}", "tag": "${{ env.IMAGE_TAG }}"}}' - - name: Verify Deployment Version (Dev) - run: bash .github/workflow-scripts/verify_deployment.sh ${{ secrets.DEV_SEPOLIA_URL }} ${{ needs.docker_build_and_publish.outputs.IMAGE_TAG }} - + run: bash .github/workflow-scripts/verify_deployment.sh ${{ secrets.DEV_SEPOLIA_URL }} ${{ env.DOCKER_IMAGE_TAG }} + dev-starknet-rs-tests: - needs: [deploy_to_dev] + needs: [validate_dev] uses: ./.github/workflows/starknet-rs-tests.yml secrets: STARKNET_RPC: ${{ secrets.DEV_SEPOLIA_URL }}/v0_6 - + dev-starknet-js-tests: - needs: [deploy_to_dev] + needs: [validate_dev] uses: ./.github/workflows/starknet-js-tests.yml secrets: TEST_RPC_URL: ${{ secrets.DEV_SEPOLIA_URL }}/v0_7 TEST_ACCOUNT_ADDRESS: ${{ secrets.TEST_ACCOUNT_ADDRESS }} TEST_ACCOUNT_PRIVATE_KEY: ${{ secrets.TEST_ACCOUNT_PRIVATE_KEY }} - - deploy_to_staging: - needs: [docker_build_and_publish, deploy_to_dev] + + promote_to_staging: + needs: [build_docker_image, validate_dev] runs-on: ubuntu-latest - environment: + environment: name: Staging - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Repository Dispatch Staging - env: - EVENT_NAME: juno-staging - IMAGE_TAG: ${{ needs.docker_build_and_publish.outputs.IMAGE_TAG }} - MAINNET: apps/juno-staging/overlays/staging-mainnet/config.yaml - SEPOLIA: apps/juno-staging/overlays/staging-sepolia/config.yaml - SEPOLIA_INTEGRATION: apps/juno-staging/overlays/staging-sepolia-integration/config.yaml - run: | - curl -L \ - -X POST \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: token ${{ secrets.ACCESS_TOKEN }}" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/repos/NethermindEth/argo/dispatches \ - -d '{"event_type": "${{ env.EVENT_NAME }}", "client_payload":{"name": "${{ env.EVENT_NAME }}", "mainnet_config": "${{ env.MAINNET }}", "sepolia_config": "${{ env.SEPOLIA }}", "sepolia_integration_config": "${{ env.SEPOLIA_INTEGRATION}}", "tag": "${{ env.IMAGE_TAG }}"}}' - - - name: Verify Deployment Version (Staging) - run: bash .github/workflow-scripts/verify_deployment.sh ${{ secrets.STAGING_SEPOLIA_URL }} ${{ needs.docker_build_and_publish.outputs.IMAGE_TAG }} + steps: + - name: Setup JFrog CLI + uses: jfrog/setup-jfrog-cli@v4 + env: + JF_URL: ${{ vars.JFROG_URL}} + JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ANGKOR_CONTRIBUTOR }} + + - name: Promote to Staging + run: | + jf rt dpr juno/${{ env.DOCKER_IMAGE_TAG }} ${{ env.REPO_DEV }} ${{ env.REPO_STAGING }} staging-starknet-rs-tests: - needs: [deploy_to_staging] + needs: [promote_to_staging] uses: ./.github/workflows/starknet-rs-tests.yml secrets: STARKNET_RPC: ${{ secrets.STAGING_SEPOLIA_URL }}/v0_6 - + staging-starknet-js-tests: - needs: [deploy_to_staging] + needs: [promote_to_staging] uses: ./.github/workflows/starknet-js-tests.yml secrets: TEST_RPC_URL: ${{ secrets.STAGING_SEPOLIA_URL }}/v0_7 TEST_ACCOUNT_ADDRESS: ${{ secrets.TEST_ACCOUNT_ADDRESS }} TEST_ACCOUNT_PRIVATE_KEY: ${{ secrets.TEST_ACCOUNT_PRIVATE_KEY }} - deploy_to_production: - needs: [docker_build_and_publish, deploy_to_staging] + promote_to_production: + needs: [build_docker_image, promote_to_staging] runs-on: ubuntu-latest environment: name: Production steps: - - name: Repository Dispatch Prod - env: - EVENT_NAME: juno-prod - IMAGE_TAG: ${{ needs.docker_build_and_publish.outputs.IMAGE_TAG }} - MAINNET: apps/juno-prod/overlays/prod-mainnet/config.yaml - SEPOLIA: apps/juno-prod/overlays/prod-sepolia/config.yaml - SEPOLIA_INTEGRATION: apps/juno-prod/overlays/prod-sepolia-integration/config.yaml + - name: Setup JFrog CLI + uses: jfrog/setup-jfrog-cli@v4 + env: + JF_URL: ${{ vars.JFROG_URL}} + JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ANGKOR_CONTRIBUTOR }} + + - name: Promote to Production run: | - curl -L \ - -X POST \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: token ${{ secrets.ACCESS_TOKEN }}" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/repos/NethermindEth/argo/dispatches \ - -d '{"event_type": "${{ env.EVENT_NAME }}", "client_payload":{"name": "${{ env.EVENT_NAME }}", "mainnet_config": "${{ env.MAINNET }}", "sepolia_config": "${{ env.SEPOLIA }}", "sepolia_integration_config": "${{ env.SEPOLIA_INTEGRATION }}", "tag": "${{ env.IMAGE_TAG }}"}}' - + jf rt dpr juno/${{ env.DOCKER_IMAGE_TAG }} ${{ env.REPO_STAGING }} ${{ env.REPO_PROD }} + prod-starknet-rs-tests: - needs: [deploy_to_production] + needs: [promote_to_production] uses: ./.github/workflows/starknet-rs-tests.yml secrets: STARKNET_RPC: ${{ secrets.PROD_SEPOLIA_URL }}/v0_6 - + prod-starknet-js-tests: - needs: [deploy_to_production] + needs: [promote_to_production] uses: ./.github/workflows/starknet-js-tests.yml secrets: TEST_RPC_URL: ${{ secrets.PROD_SEPOLIA_URL }}/v0_7 TEST_ACCOUNT_ADDRESS: ${{ secrets.TEST_ACCOUNT_ADDRESS }} - TEST_ACCOUNT_PRIVATE_KEY: ${{ secrets.TEST_ACCOUNT_PRIVATE_KEY }} \ No newline at end of file + TEST_ACCOUNT_PRIVATE_KEY: ${{ secrets.TEST_ACCOUNT_PRIVATE_KEY }}