-
Notifications
You must be signed in to change notification settings - Fork 92
100 lines (88 loc) · 3.41 KB
/
on-push-release-tag.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
---
name: Push release candidate image of aleph-node to ECR and DockerHub
on:
push:
tags:
- 'r-*'
jobs:
check-vars-and-secrets:
name: Check vars and secrets
uses: ./.github/workflows/_check-vars-and-secrets.yml
secrets: inherit
check-node-version:
needs: [check-vars-and-secrets]
runs-on: ubuntu-20.04
steps:
- name: Checkout source code
uses: actions/checkout@v4
- name: Call action get-ref-properties
id: get-ref-properties
uses: Cardinal-Cryptography/github-actions/get-ref-properties@v7
- name: Read node version
id: read-node-version
uses: SebRollen/[email protected]
with:
file: 'bin/node/Cargo.toml'
field: 'package.version'
- name: Check if node version matches with tag
shell: bash
# yamllint disable rule:line-length
run: |
# cut release candidate part of the tag
tag=$(echo '${{ steps.get-ref-properties.outputs.tag }}' | sed 's/-rc[0-9]*$//g')
# expected tag is r-<version> from Cargo.toml
expected_tag=r-$(echo '${{ steps.read-node-version.outputs.value }}')
if [[ ${tag} != ${expected_tag} ]]; then
echo "Error: tag version does not match version in bin/node/Cargo.toml"
echo "Non-release candidate part of the tag is ${tag}"
echo "Expected tag from node version is ${expected_tag}"
exit 1
fi
# yamllint enable rule:line-length
push-ecr-image:
needs: [check-node-version]
runs-on: ubuntu-20.04
steps:
- name: Checkout source code
uses: actions/checkout@v4
- name: Get docker image names
id: get-docker-image-names
uses: ./.github/actions/get-docker-image-names
with:
ecr-repo: ${{ vars.ECR_ALEPH_NODE_REPO }}
dockerhub-repo: ${{ vars.DOCKERHUB_ALEPH_NODE_REPO }}
- name: Login to Public Amazon ECR
id: login-public-ecr
uses: docker/login-action@v3
with:
registry: ${{ vars.ECR_PUBLIC_HOST }}
username: ${{ secrets.AWS_MAINNET_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_MAINNET_SECRET_ACCESS_KEY }}
# if r-* tag was pushed on a commit that is not on main or release branch, below step would
# fail, as there would be no aleph-node-<sha> image on ECR for <sha> that is not on main
# or release branch, see on-main-or-release-branch-commit.yml
- name: Check release candidate docker image existence
uses: Cardinal-Cryptography/github-actions/check-image-existence-ecr@v7
with:
ecr-image: ${{ steps.get-docker-image-names.outputs.ecr-rc-image }}
- name: Tag and push image to ECR
shell: bash
env:
RC_IMAGE: ${{ steps.get-docker-image-names.outputs.ecr-rc-image }}
DEPLOY_IMAGE: ${{ steps.get-docker-image-names.outputs.ecr-deploy-image }}
run: |
docker pull '${{ env.RC_IMAGE }}'
docker tag '${{ env.RC_IMAGE }}' '${{ env.DEPLOY_IMAGE }}'
docker push '${{ env.DEPLOY_IMAGE }}'
slack:
name: Slack notification
runs-on: ubuntu-20.04
needs: [push-ecr-image]
if: always()
steps:
- name: Send Slack message
uses: Cardinal-Cryptography/github-actions/slack-notification@v7
with:
notify-on: "always"
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_DEV_ONDUTY }}