From 042ea9b27c131828edf6f3c84809e53b3ad1a375 Mon Sep 17 00:00:00 2001 From: Serhii Varakuta Date: Thu, 25 Jul 2024 11:04:35 +0300 Subject: [PATCH 1/5] ATOR-179 Sign windows binaries --- .github/workflows/build-packages.yml | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 4ffc801343..c10140bf8c 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -418,6 +418,26 @@ jobs: name: anon-${{ env.PKG_ENV }}-windows-amd64 path: package/ + sign-windows-64-binary: + runs-on: windows-latest + needs: build-windows-64-binary + steps: + - name: Download raw artifacts + uses: actions/download-artifact@v4 + with: + name: anon-${{ env.PKG_ENV }}-windows-amd64 + path: build/ + - name: Sign + run: | + dotnet tool install --global AzureSignTool + AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v "build/anon.exe" + AzureSignTool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v "build/anon-gencert.exe" + - name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: anon-${{ env.PKG_ENV }}-windows-signed-amd64 + path: build/ + # # Release # @@ -465,7 +485,7 @@ jobs: release-github: runs-on: ubuntu-latest - needs: [build-deb-package, build-macos-binary, build-windows-64-binary] + needs: [build-deb-package, build-macos-binary, sign-windows-64-binary] if: startsWith(github.ref, 'refs/tags/') steps: - name: Download raw artifacts @@ -484,7 +504,7 @@ jobs: zip -j release-artifacts/anon-${{ env.PKG_ENV }}-linux-arm64.zip raw-artifacts/anon-${{ env.PKG_ENV }}-linux-arm64/* zip -j release-artifacts/anon-${{ env.PKG_ENV }}-macos-amd64.zip raw-artifacts/anon-${{ env.PKG_ENV }}-macos-amd64/* zip -j release-artifacts/anon-${{ env.PKG_ENV }}-macos-arm64.zip raw-artifacts/anon-${{ env.PKG_ENV }}-macos-arm64/* - zip -j release-artifacts/anon-${{ env.PKG_ENV }}-windows-amd64.zip raw-artifacts/anon-${{ env.PKG_ENV }}-windows-amd64/* + zip -j release-artifacts/anon-${{ env.PKG_ENV }}-windows-signed-amd64.zip raw-artifacts/anon-${{ env.PKG_ENV }}-windows-signed-amd64/* ls -la -R release-artifacts/ - name: Checkout Repository uses: actions/checkout@v4 From 4d3fa9cf138dc2b74ae74417f79022b190c45c06 Mon Sep 17 00:00:00 2001 From: Serhii Varakuta Date: Wed, 31 Jul 2024 11:35:44 +0300 Subject: [PATCH 2/5] Update docker registry and deploy process --- .github/actions/build-and-push/action.yml | 1 + .github/actions/multiarch-push/action.yml | 1 + .github/workflows/build.yml | 6 +- .github/workflows/dev-build-and-push.yml | 12 +- .github/workflows/dev-deploy.yml | 2 +- .github/workflows/live-build-and-push.yml | 12 +- .github/workflows/live-deploy.yml | 2 +- .github/workflows/stage-build-and-push.yml | 12 +- .github/workflows/stage-deploy.yml | 2 +- operations/anon-da-node-dev.hcl | 4 +- operations/anon-da-node-live.hcl | 4 +- operations/anon-da-node-stage.hcl | 4 +- operations/anon-debian-repo.hcl | 2 +- operations/ator-da-node-dev.hcl | 190 --------------------- 14 files changed, 36 insertions(+), 218 deletions(-) delete mode 100644 operations/ator-da-node-dev.hcl diff --git a/.github/actions/build-and-push/action.yml b/.github/actions/build-and-push/action.yml index e84e9f4172..dd84d3b009 100644 --- a/.github/actions/build-and-push/action.yml +++ b/.github/actions/build-and-push/action.yml @@ -29,6 +29,7 @@ runs: - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: + registry: ghcr.io username: ${{ inputs.docker-username }} password: ${{ inputs.docker-password }} diff --git a/.github/actions/multiarch-push/action.yml b/.github/actions/multiarch-push/action.yml index a0b9e68d9d..957d776f64 100644 --- a/.github/actions/multiarch-push/action.yml +++ b/.github/actions/multiarch-push/action.yml @@ -20,6 +20,7 @@ runs: - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: + registry: ghcr.io username: ${{ inputs.docker-username }} password: ${{ inputs.docker-password }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f3417206df..d065e8142b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,9 +25,9 @@ jobs: - name: Build and push uses: ./.github/actions/build-and-push with: - docker-username: ${{ secrets.DOCKER_USERNAME }} - docker-password: ${{ secrets.DOCKER_PASSWORD }} - docker-base-repo: ${{ secrets.DOCKER_BASE_REPO_DEV }}-${{ matrix.platform.image-suffix }} + docker-username: ${{ secrets.CR_USERNAME }} + docker-password: ${{ secrets.CR_PAT }} + docker-base-repo: ghcr.io/ator-development/ator-protocol-dev-${{ matrix.platform.image-suffix }} docker-tag: latest-pr docker-platform: ${{ matrix.platform.name }} version: ${{ github.sha }} diff --git a/.github/workflows/dev-build-and-push.yml b/.github/workflows/dev-build-and-push.yml index 0780b2f8e9..4f0782ab42 100644 --- a/.github/workflows/dev-build-and-push.yml +++ b/.github/workflows/dev-build-and-push.yml @@ -27,9 +27,9 @@ jobs: - name: Build and push uses: ./.github/actions/build-and-push with: - docker-username: ${{ secrets.DOCKER_USERNAME }} - docker-password: ${{ secrets.DOCKER_PASSWORD }} - docker-base-repo: ${{ secrets.DOCKER_BASE_REPO_DEV }}-${{ matrix.platform.image-suffix }} + docker-username: ${{ secrets.CR_USERNAME }} + docker-password: ${{ secrets.CR_PAT }} + docker-base-repo: ghcr.io/ator-development/ator-protocol-dev-${{ matrix.platform.image-suffix }} docker-tag: ${{ env.image-tag }} docker-platform: ${{ matrix.platform.name }} version: ${{ github.sha }} @@ -45,9 +45,9 @@ jobs: - name: Multiarch push uses: ./.github/actions/multiarch-push with: - docker-username: ${{ secrets.DOCKER_USERNAME }} - docker-password: ${{ secrets.DOCKER_PASSWORD }} - docker-base-repo: ${{ secrets.DOCKER_BASE_REPO_DEV }} + docker-username: ${{ secrets.CR_USERNAME }} + docker-password: ${{ secrets.CR_PAT }} + docker-base-repo: ghcr.io/ator-development/ator-protocol-dev docker-tag: ${{ env.image-tag }} event-name: ${{ github.event_name }} deploy: diff --git a/.github/workflows/dev-deploy.yml b/.github/workflows/dev-deploy.yml index 7daaf08183..d0cc7c9bc0 100644 --- a/.github/workflows/dev-deploy.yml +++ b/.github/workflows/dev-deploy.yml @@ -5,7 +5,7 @@ on: workflow_call: env: - image-name: ${{ secrets.DOCKER_BASE_REPO_DEV }} + image-name: ghcr.io/ator-development/ator-protocol-dev image-tag: ${{ github.event_name == 'workflow_call' && 'latest' || github.sha }} da-1-hc-url: http://49.13.145.234:9030/tor/status-vote/current/consensus da-2-hc-url: http://5.161.108.187:9030/tor/status-vote/current/consensus diff --git a/.github/workflows/live-build-and-push.yml b/.github/workflows/live-build-and-push.yml index 92abfac8d7..d4c389859d 100644 --- a/.github/workflows/live-build-and-push.yml +++ b/.github/workflows/live-build-and-push.yml @@ -27,9 +27,9 @@ jobs: - name: Build and push uses: ./.github/actions/build-and-push with: - docker-username: ${{ secrets.DOCKER_USERNAME }} - docker-password: ${{ secrets.DOCKER_PASSWORD }} - docker-base-repo: ${{ secrets.DOCKER_BASE_REPO_LIVE }}-${{ matrix.platform.image-suffix }} + docker-username: ${{ secrets.CR_USERNAME }} + docker-password: ${{ secrets.CR_PAT }} + docker-base-repo: ghcr.io/ator-development/ator-protocol-${{ matrix.platform.image-suffix }} docker-tag: ${{ env.image-tag }} docker-platform: ${{ matrix.platform.name }} version: ${{ github.sha }} @@ -45,9 +45,9 @@ jobs: - name: Multiarch push uses: ./.github/actions/multiarch-push with: - docker-username: ${{ secrets.DOCKER_USERNAME }} - docker-password: ${{ secrets.DOCKER_PASSWORD }} - docker-base-repo: ${{ secrets.DOCKER_BASE_REPO_LIVE }} + docker-username: ${{ secrets.CR_USERNAME }} + docker-password: ${{ secrets.CR_PAT }} + docker-base-repo: ghcr.io/ator-development/ator-protocol docker-tag: ${{ env.image-tag }} event-name: ${{ github.event_name }} diff --git a/.github/workflows/live-deploy.yml b/.github/workflows/live-deploy.yml index acc4e8fb28..f6a379c778 100644 --- a/.github/workflows/live-deploy.yml +++ b/.github/workflows/live-deploy.yml @@ -5,7 +5,7 @@ on: workflow_call: env: - image-name: ${{ secrets.DOCKER_BASE_REPO_LIVE }} + image-name: ghcr.io/ator-development/ator-protocol image-tag: ${{ github.event_name == 'workflow_call' && github.ref_name || 'latest' }} da-1-hc-url: http://49.13.145.234:9230/tor/status-vote/current/consensus da-2-hc-url: http://5.161.108.187:9230/tor/status-vote/current/consensus diff --git a/.github/workflows/stage-build-and-push.yml b/.github/workflows/stage-build-and-push.yml index 5f576a0650..0c036975e0 100644 --- a/.github/workflows/stage-build-and-push.yml +++ b/.github/workflows/stage-build-and-push.yml @@ -27,9 +27,9 @@ jobs: - name: Build and push uses: ./.github/actions/build-and-push with: - docker-username: ${{ secrets.DOCKER_USERNAME }} - docker-password: ${{ secrets.DOCKER_PASSWORD }} - docker-base-repo: ${{ secrets.DOCKER_BASE_REPO_STAGE }}-${{ matrix.platform.image-suffix }} + docker-username: ${{ secrets.CR_USERNAME }} + docker-password: ${{ secrets.CR_PAT }} + docker-base-repo: ghcr.io/ator-development/ator-protocol-stage-${{ matrix.platform.image-suffix }} docker-tag: ${{ env.image-tag }} docker-platform: ${{ matrix.platform.name }} version: ${{ github.sha }} @@ -45,9 +45,9 @@ jobs: - name: Multiarch push uses: ./.github/actions/multiarch-push with: - docker-username: ${{ secrets.DOCKER_USERNAME }} - docker-password: ${{ secrets.DOCKER_PASSWORD }} - docker-base-repo: ${{ secrets.DOCKER_BASE_REPO_STAGE }} + docker-username: ${{ secrets.CR_USERNAME }} + docker-password: ${{ secrets.CR_PAT }} + docker-base-repo: ghcr.io/ator-development/ator-protocol-stage docker-tag: ${{ env.image-tag }} event-name: ${{ github.event_name }} deploy: diff --git a/.github/workflows/stage-deploy.yml b/.github/workflows/stage-deploy.yml index 79ccab4ac0..15460129e5 100644 --- a/.github/workflows/stage-deploy.yml +++ b/.github/workflows/stage-deploy.yml @@ -5,7 +5,7 @@ on: workflow_call: env: - image-name: ${{ secrets.DOCKER_BASE_REPO_STAGE }} + image-name: ghcr.io/ator-development/ator-protocol-stage image-tag: ${{ github.event_name == 'workflow_call' && 'latest' || github.sha }} da-1-hc-url: http://49.13.145.234:9130/tor/status-vote/current/consensus da-2-hc-url: http://5.161.108.187:9130/tor/status-vote/current/consensus diff --git a/operations/anon-da-node-dev.hcl b/operations/anon-da-node-dev.hcl index 948a533769..931c3547db 100644 --- a/operations/anon-da-node-dev.hcl +++ b/operations/anon-da-node-dev.hcl @@ -57,7 +57,7 @@ job "ator-dir-auth-dev" { } config { - image = "svforte/anon-dev:PLACEIMAGETAGHERE" + image = "ghcr.io/ator-development/ator-protocol-dev:PLACEIMAGETAGHERE" ports = ["orport", "dirport"] volumes = [ "local/anonrc:/etc/anon/anonrc", @@ -129,6 +129,8 @@ job "ator-dir-auth-dev" { User anond DataDirectory /var/lib/anon +AgreeToTerms 1 + AuthoritativeDirectory 1 V3AuthoritativeDirectory 1 diff --git a/operations/anon-da-node-live.hcl b/operations/anon-da-node-live.hcl index 635398de57..674438a438 100644 --- a/operations/anon-da-node-live.hcl +++ b/operations/anon-da-node-live.hcl @@ -72,7 +72,7 @@ job "ator-dir-auth-live" { } config { - image = "svforte/anon:PLACEIMAGETAGHERE" + image = "ghcr.io/ator-development/ator-protocol-live:PLACEIMAGETAGHERE" ports = ["orport", "dirport"] volumes = [ "local/anonrc:/etc/anon/anonrc", @@ -146,6 +146,8 @@ job "ator-dir-auth-live" { User anond DataDirectory /var/lib/anon +AgreeToTerms 1 + AuthoritativeDirectory 1 V3AuthoritativeDirectory 1 diff --git a/operations/anon-da-node-stage.hcl b/operations/anon-da-node-stage.hcl index 0190b7b01f..35772c2809 100644 --- a/operations/anon-da-node-stage.hcl +++ b/operations/anon-da-node-stage.hcl @@ -60,7 +60,7 @@ job "ator-dir-auth-stage" { } config { - image = "svforte/anon-stage:PLACEIMAGETAGHERE" + image = "ghcr.io/ator-development/ator-protocol-stage:PLACEIMAGETAGHERE" ports = ["orport", "dirport"] volumes = [ "local/anonrc:/etc/anon/anonrc", @@ -134,6 +134,8 @@ job "ator-dir-auth-stage" { User anond DataDirectory /var/lib/anon +AgreeToTerms 1 + AuthoritativeDirectory 1 V3AuthoritativeDirectory 1 diff --git a/operations/anon-debian-repo.hcl b/operations/anon-debian-repo.hcl index 30b5b68e11..325557e1c4 100644 --- a/operations/anon-debian-repo.hcl +++ b/operations/anon-debian-repo.hcl @@ -120,7 +120,7 @@ server { driver = "docker" config { - image = "svforte/package-exporter:v0.0.3" + image = "ghcr.io/ator-development/package-exporter:v0.0.4" ports = ["exporter-http"] volumes = [ "local/exporter.yml:/app/config.yml:ro", diff --git a/operations/ator-da-node-dev.hcl b/operations/ator-da-node-dev.hcl deleted file mode 100644 index 5f83ba8a65..0000000000 --- a/operations/ator-da-node-dev.hcl +++ /dev/null @@ -1,190 +0,0 @@ -job "ator-dir-auth-dev" { - datacenters = ["ator-fin"] - type = "service" - namespace = "ator-network" - - group "dir-auth-dev-group" { - count = 3 - - spread { - attribute = "${node.unique.id}" - weight = 100 - target "067a42a8-d8fe-8b19-5851-43079e0eabb4" { - percent = 34 - } - target "16be0723-edc1-83c4-6c02-193d96ec308a" { - percent = 33 - } - target "e6e0baed-8402-fd5c-7a15-8dd49e7b60d9" { - percent = 33 - } - } - - network { - port "orport" { - static = 9001 - } - port "dirport" { - static = 9030 - } - - } - - volume "dir-auth-dev" { - type = "host" - read_only = false - source = "dir-auth-dev" - } - - task "dir-auth-dev-task" { - driver = "docker" - - volume_mount { - volume = "dir-auth-dev" - destination = "/var/lib/tor/" - read_only = false - } - - config { - image = "svforte/anon-dev:PLACEIMAGETAGHERE" - ports = ["orport", "dirport"] - volumes = [ - "local/torrc:/etc/tor/torrc", - "secrets/tor/keys:/var/lib/tor/keys" - ] - } - - vault { - policies = ["ator-network-read"] - } - - resources { - cpu = 256 - memory = 256 - } - - template { - change_mode = "noop" - data = "{{ key (env `node.unique.id` | printf `ator-network/dev/dir-auth-%s/authority_certificate`) }}" - destination = "secrets/tor/keys/authority_certificate" - } - - template { - change_mode = "noop" - data = "{{ with secret (env `node.unique.id` | printf `kv/ator-network/dev/dir-auth-%s`) }}{{ .Data.data.authority_identity_key}}{{end}}" - destination = "secrets/tor/keys/authority_identity_key" - } - - template { - change_mode = "noop" - data = "{{ with secret (env `node.unique.id` | printf `kv/ator-network/dev/dir-auth-%s`) }}{{.Data.data.authority_signing_key}}{{end}}" - destination = "secrets/tor/keys/authority_signing_key" - } - - template { - change_mode = "noop" - data = "{{ with secret (env `node.unique.id` | printf `kv/ator-network/dev/dir-auth-%s`) }}{{ base64Decode .Data.data.ed25519_master_id_secret_key_base64}}{{end}}" - destination = "secrets/tor/keys/ed25519_master_id_secret_key" - } - - template { - change_mode = "noop" - data = "{{ with secret (env `node.unique.id` | printf `kv/ator-network/dev/dir-auth-%s`) }}{{ base64Decode .Data.data.ed25519_signing_secret_key_base64}}{{end}}" - destination = "secrets/tor/keys/ed25519_signing_secret_key" - } - - template { - change_mode = "noop" - data = "{{ with secret (env `node.unique.id` | printf `kv/ator-network/dev/dir-auth-%s`) }}{{ base64Decode .Data.data.secret_id_key_base64}}{{end}}" - destination = "secrets/tor/keys/secret_id_key" - } - - template { - change_mode = "noop" - data = "{{ with secret (env `node.unique.id` | printf `kv/ator-network/dev/dir-auth-%s`) }}{{ base64Decode .Data.data.secret_onion_key_base64}}{{end}}" - destination = "secrets/tor/keys/secret_onion_key" - } - - template { - change_mode = "noop" - data = "{{ with secret (env `node.unique.id` | printf `kv/ator-network/dev/dir-auth-%s`) }}{{ base64Decode .Data.data.secret_onion_key_ntor_base64}}{{end}}" - destination = "secrets/tor/keys/secret_onion_key_ntor" - } - - template { - change_mode = "noop" - data = < Date: Thu, 1 Aug 2024 11:25:49 +0300 Subject: [PATCH 3/5] Deployment improvements --- ...-and-push.yml => dev-build-and-deploy.yml} | 24 +++++++++---- .github/workflows/dev-deploy.yml | 34 ------------------- ...and-push.yml => live-build-and-deploy.yml} | 23 +++++++++---- .github/workflows/live-deploy.yml | 34 ------------------- ...nd-push.yml => stage-build-and-deploy.yml} | 24 +++++++++---- 5 files changed, 53 insertions(+), 86 deletions(-) rename .github/workflows/{dev-build-and-push.yml => dev-build-and-deploy.yml} (61%) delete mode 100644 .github/workflows/dev-deploy.yml rename .github/workflows/{live-build-and-push.yml => live-build-and-deploy.yml} (61%) delete mode 100644 .github/workflows/live-deploy.yml rename .github/workflows/{stage-build-and-push.yml => stage-build-and-deploy.yml} (61%) diff --git a/.github/workflows/dev-build-and-push.yml b/.github/workflows/dev-build-and-deploy.yml similarity index 61% rename from .github/workflows/dev-build-and-push.yml rename to .github/workflows/dev-build-and-deploy.yml index 4f0782ab42..d856a6c4e8 100644 --- a/.github/workflows/dev-build-and-push.yml +++ b/.github/workflows/dev-build-and-deploy.yml @@ -1,4 +1,4 @@ -name: Dev Build and Push Docker Images +name: Dev Build Image and Deploy on: push: @@ -7,7 +7,11 @@ on: workflow_dispatch: env: + image-name: ghcr.io/ator-development/ator-protocol-dev image-tag: ${{ github.sha }} + da-1-hc-url: http://49.13.145.234:9030/tor/status-vote/current/consensus + da-2-hc-url: http://5.161.108.187:9030/tor/status-vote/current/consensus + da-3-hc-url: http://5.78.90.106:9030/tor/status-vote/current/consensus jobs: build-and-push: @@ -37,7 +41,7 @@ jobs: event-name: ${{ github.event_name }} multiarch-push: - runs-on: arm64 + runs-on: ubuntu-latest needs: build-and-push steps: - name: Check out the repo @@ -50,12 +54,20 @@ jobs: docker-base-repo: ghcr.io/ator-development/ator-protocol-dev docker-tag: ${{ env.image-tag }} event-name: ${{ github.event_name }} + deploy: needs: multiarch-push runs-on: ubuntu-latest steps: - - name: Invoke workflow without inputs - uses: benc-uk/workflow-dispatch@v1 + - name: Deploy new version + uses: ./.github/actions/deploy with: - workflow: Dev Deploy - ref: refs/heads/development + image-tag: ${{ env.image-tag }} + nomad-job-file: anon-da-node-dev.hcl + health-checks: "${{ env.da-1-hc-url }}|${{ env.da-2-hc-url }}|${{ env.da-3-hc-url }}" + nomad-cacert: operations/admin-ui-ca.crt + nomad-token: ${{ secrets.NOMAD_TOKEN_ATOR_NETWORK_DEPLOY }} + nomad-addr: ${{ secrets.NOMAD_DEPLOY_ADDR }} + consul-cacert: operations/admin-ui-ca.crt + consul-http-token: ${{ secrets.CONSUL_HTTP_TOKEN_ATOR_NETWORK_DEPLOY }} + consul-addr: ${{ secrets.CONSUL_DEPLOY_ADDR }} diff --git a/.github/workflows/dev-deploy.yml b/.github/workflows/dev-deploy.yml deleted file mode 100644 index d0cc7c9bc0..0000000000 --- a/.github/workflows/dev-deploy.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: Dev Deploy - -on: - workflow_dispatch: - workflow_call: - -env: - image-name: ghcr.io/ator-development/ator-protocol-dev - image-tag: ${{ github.event_name == 'workflow_call' && 'latest' || github.sha }} - da-1-hc-url: http://49.13.145.234:9030/tor/status-vote/current/consensus - da-2-hc-url: http://5.161.108.187:9030/tor/status-vote/current/consensus - da-3-hc-url: http://5.78.90.106:9030/tor/status-vote/current/consensus - -jobs: - push: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Deploy new version - uses: ./.github/actions/deploy - with: - image-tag: ${{ env.image-tag }} - nomad-job-file: anon-da-node-dev.hcl - health-checks: "${{ env.da-1-hc-url }}|${{ env.da-2-hc-url }}|${{ env.da-3-hc-url }}" - nomad-cacert: operations/admin-ui-ca.crt - nomad-token: ${{ secrets.NOMAD_TOKEN_ATOR_NETWORK_DEPLOY }} - nomad-addr: ${{ secrets.NOMAD_DEPLOY_ADDR }} - consul-cacert: operations/admin-ui-ca.crt - consul-http-token: ${{ secrets.CONSUL_HTTP_TOKEN_ATOR_NETWORK_DEPLOY }} - consul-addr: ${{ secrets.CONSUL_DEPLOY_ADDR }} diff --git a/.github/workflows/live-build-and-push.yml b/.github/workflows/live-build-and-deploy.yml similarity index 61% rename from .github/workflows/live-build-and-push.yml rename to .github/workflows/live-build-and-deploy.yml index d4c389859d..558662b051 100644 --- a/.github/workflows/live-build-and-push.yml +++ b/.github/workflows/live-build-and-deploy.yml @@ -1,4 +1,4 @@ -name: Live Build and Push Docker Images +name: Live Build Image and Deploy on: push: @@ -8,6 +8,10 @@ on: env: image-tag: ${{ github.ref_name }} + image-name: ghcr.io/ator-development/ator-protocol + da-1-hc-url: http://49.13.145.234:9230/tor/status-vote/current/consensus + da-2-hc-url: http://5.161.108.187:9230/tor/status-vote/current/consensus + da-3-hc-url: http://5.78.90.106:9230/tor/status-vote/current/consensus jobs: build-and-push: @@ -37,7 +41,7 @@ jobs: event-name: ${{ github.event_name }} multiarch-push: - runs-on: arm64 + runs-on: ubuntu-latest needs: build-and-push steps: - name: Check out the repo @@ -55,8 +59,15 @@ jobs: needs: multiarch-push runs-on: ubuntu-latest steps: - - name: Invoke workflow without inputs - uses: benc-uk/workflow-dispatch@v1 + - name: Deploy new version + uses: ./.github/actions/deploy with: - workflow: Live Deploy - ref: ${{ github.ref_name }} + image-tag: ${{ env.image-tag }} + nomad-job-file: anon-da-node-live.hcl + health-checks: "${{ env.da-1-hc-url }}|${{ env.da-2-hc-url }}|${{ env.da-3-hc-url }}" + nomad-cacert: operations/admin-ui-ca.crt + nomad-token: ${{ secrets.NOMAD_TOKEN_ATOR_NETWORK_DEPLOY }} + nomad-addr: ${{ secrets.NOMAD_DEPLOY_ADDR }} + consul-cacert: operations/admin-ui-ca.crt + consul-http-token: ${{ secrets.CONSUL_HTTP_TOKEN_ATOR_NETWORK_DEPLOY }} + consul-addr: ${{ secrets.CONSUL_DEPLOY_ADDR }} diff --git a/.github/workflows/live-deploy.yml b/.github/workflows/live-deploy.yml deleted file mode 100644 index f6a379c778..0000000000 --- a/.github/workflows/live-deploy.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: Live Deploy - -on: - workflow_dispatch: - workflow_call: - -env: - image-name: ghcr.io/ator-development/ator-protocol - image-tag: ${{ github.event_name == 'workflow_call' && github.ref_name || 'latest' }} - da-1-hc-url: http://49.13.145.234:9230/tor/status-vote/current/consensus - da-2-hc-url: http://5.161.108.187:9230/tor/status-vote/current/consensus - da-3-hc-url: http://5.78.90.106:9230/tor/status-vote/current/consensus - -jobs: - push: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Deploy new version - uses: ./.github/actions/deploy - with: - image-tag: ${{ env.image-tag }} - nomad-job-file: anon-da-node-live.hcl - health-checks: "${{ env.da-1-hc-url }}|${{ env.da-2-hc-url }}|${{ env.da-3-hc-url }}" - nomad-cacert: operations/admin-ui-ca.crt - nomad-token: ${{ secrets.NOMAD_TOKEN_ATOR_NETWORK_DEPLOY }} - nomad-addr: ${{ secrets.NOMAD_DEPLOY_ADDR }} - consul-cacert: operations/admin-ui-ca.crt - consul-http-token: ${{ secrets.CONSUL_HTTP_TOKEN_ATOR_NETWORK_DEPLOY }} - consul-addr: ${{ secrets.CONSUL_DEPLOY_ADDR }} diff --git a/.github/workflows/stage-build-and-push.yml b/.github/workflows/stage-build-and-deploy.yml similarity index 61% rename from .github/workflows/stage-build-and-push.yml rename to .github/workflows/stage-build-and-deploy.yml index 0c036975e0..cf03cbc05d 100644 --- a/.github/workflows/stage-build-and-push.yml +++ b/.github/workflows/stage-build-and-deploy.yml @@ -1,4 +1,4 @@ -name: Stage Build and Push Docker Images +name: Stage Build Image and Deploy on: push: @@ -8,6 +8,10 @@ on: env: image-tag: ${{ github.sha }} + image-name: ghcr.io/ator-development/ator-protocol-stage + da-1-hc-url: http://49.13.145.234:9130/tor/status-vote/current/consensus + da-2-hc-url: http://5.161.108.187:9130/tor/status-vote/current/consensus + da-3-hc-url: http://5.78.90.106:9130/tor/status-vote/current/consensus jobs: build-and-push: @@ -37,7 +41,7 @@ jobs: event-name: ${{ github.event_name }} multiarch-push: - runs-on: arm64 + runs-on: ubuntu-latest needs: build-and-push steps: - name: Check out the repo @@ -50,12 +54,20 @@ jobs: docker-base-repo: ghcr.io/ator-development/ator-protocol-stage docker-tag: ${{ env.image-tag }} event-name: ${{ github.event_name }} + deploy: needs: multiarch-push runs-on: ubuntu-latest steps: - - name: Invoke workflow without inputs - uses: benc-uk/workflow-dispatch@v1 + - name: Deploy new version + uses: ./.github/actions/deploy with: - workflow: Stage Deploy - ref: refs/heads/main + image-tag: ${{ env.image-tag }} + nomad-job-file: anon-da-node-stage.hcl + health-checks: "${{ env.da-1-hc-url }}|${{ env.da-2-hc-url }}|${{ env.da-3-hc-url }}" + nomad-cacert: operations/admin-ui-ca.crt + nomad-token: ${{ secrets.NOMAD_TOKEN_ATOR_NETWORK_DEPLOY }} + nomad-addr: ${{ secrets.NOMAD_DEPLOY_ADDR }} + consul-cacert: operations/admin-ui-ca.crt + consul-http-token: ${{ secrets.CONSUL_HTTP_TOKEN_ATOR_NETWORK_DEPLOY }} + consul-addr: ${{ secrets.CONSUL_DEPLOY_ADDR }} From e1101359951a904fc4c0e17fc7068fef2b5622f2 Mon Sep 17 00:00:00 2001 From: Serhii Varakuta Date: Thu, 1 Aug 2024 11:29:20 +0300 Subject: [PATCH 4/5] Fix build --- .github/workflows/dev-build-and-deploy.yml | 4 ++-- .github/workflows/live-build-and-deploy.yml | 6 +++--- .github/workflows/stage-build-and-deploy.yml | 6 +++--- operations/anon-da-node-live.hcl | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/dev-build-and-deploy.yml b/.github/workflows/dev-build-and-deploy.yml index d856a6c4e8..dd4598bcb9 100644 --- a/.github/workflows/dev-build-and-deploy.yml +++ b/.github/workflows/dev-build-and-deploy.yml @@ -33,7 +33,7 @@ jobs: with: docker-username: ${{ secrets.CR_USERNAME }} docker-password: ${{ secrets.CR_PAT }} - docker-base-repo: ghcr.io/ator-development/ator-protocol-dev-${{ matrix.platform.image-suffix }} + docker-base-repo: ${{ env.image-name }}-${{ matrix.platform.image-suffix }} docker-tag: ${{ env.image-tag }} docker-platform: ${{ matrix.platform.name }} version: ${{ github.sha }} @@ -51,7 +51,7 @@ jobs: with: docker-username: ${{ secrets.CR_USERNAME }} docker-password: ${{ secrets.CR_PAT }} - docker-base-repo: ghcr.io/ator-development/ator-protocol-dev + docker-base-repo: ${{ env.image-name }} docker-tag: ${{ env.image-tag }} event-name: ${{ github.event_name }} diff --git a/.github/workflows/live-build-and-deploy.yml b/.github/workflows/live-build-and-deploy.yml index 558662b051..2ff3bf6402 100644 --- a/.github/workflows/live-build-and-deploy.yml +++ b/.github/workflows/live-build-and-deploy.yml @@ -7,8 +7,8 @@ on: workflow_dispatch: env: - image-tag: ${{ github.ref_name }} image-name: ghcr.io/ator-development/ator-protocol + image-tag: ${{ github.ref_name }} da-1-hc-url: http://49.13.145.234:9230/tor/status-vote/current/consensus da-2-hc-url: http://5.161.108.187:9230/tor/status-vote/current/consensus da-3-hc-url: http://5.78.90.106:9230/tor/status-vote/current/consensus @@ -33,7 +33,7 @@ jobs: with: docker-username: ${{ secrets.CR_USERNAME }} docker-password: ${{ secrets.CR_PAT }} - docker-base-repo: ghcr.io/ator-development/ator-protocol-${{ matrix.platform.image-suffix }} + docker-base-repo: ${{ env.image-name }}-${{ matrix.platform.image-suffix }} docker-tag: ${{ env.image-tag }} docker-platform: ${{ matrix.platform.name }} version: ${{ github.sha }} @@ -51,7 +51,7 @@ jobs: with: docker-username: ${{ secrets.CR_USERNAME }} docker-password: ${{ secrets.CR_PAT }} - docker-base-repo: ghcr.io/ator-development/ator-protocol + docker-base-repo: ${{ env.image-name }} docker-tag: ${{ env.image-tag }} event-name: ${{ github.event_name }} diff --git a/.github/workflows/stage-build-and-deploy.yml b/.github/workflows/stage-build-and-deploy.yml index cf03cbc05d..4c80c5929d 100644 --- a/.github/workflows/stage-build-and-deploy.yml +++ b/.github/workflows/stage-build-and-deploy.yml @@ -7,8 +7,8 @@ on: workflow_dispatch: env: - image-tag: ${{ github.sha }} image-name: ghcr.io/ator-development/ator-protocol-stage + image-tag: ${{ github.sha }} da-1-hc-url: http://49.13.145.234:9130/tor/status-vote/current/consensus da-2-hc-url: http://5.161.108.187:9130/tor/status-vote/current/consensus da-3-hc-url: http://5.78.90.106:9130/tor/status-vote/current/consensus @@ -33,7 +33,7 @@ jobs: with: docker-username: ${{ secrets.CR_USERNAME }} docker-password: ${{ secrets.CR_PAT }} - docker-base-repo: ghcr.io/ator-development/ator-protocol-stage-${{ matrix.platform.image-suffix }} + docker-base-repo: ${{ env.image-name }}-${{ matrix.platform.image-suffix }} docker-tag: ${{ env.image-tag }} docker-platform: ${{ matrix.platform.name }} version: ${{ github.sha }} @@ -51,7 +51,7 @@ jobs: with: docker-username: ${{ secrets.CR_USERNAME }} docker-password: ${{ secrets.CR_PAT }} - docker-base-repo: ghcr.io/ator-development/ator-protocol-stage + docker-base-repo: ${{ env.image-name }} docker-tag: ${{ env.image-tag }} event-name: ${{ github.event_name }} diff --git a/operations/anon-da-node-live.hcl b/operations/anon-da-node-live.hcl index 674438a438..b663dd9053 100644 --- a/operations/anon-da-node-live.hcl +++ b/operations/anon-da-node-live.hcl @@ -72,7 +72,7 @@ job "ator-dir-auth-live" { } config { - image = "ghcr.io/ator-development/ator-protocol-live:PLACEIMAGETAGHERE" + image = "ghcr.io/ator-development/ator-protocol:PLACEIMAGETAGHERE" ports = ["orport", "dirport"] volumes = [ "local/anonrc:/etc/anon/anonrc", From 58846aab2872f1cf759cc467f56322e96b18afc1 Mon Sep 17 00:00:00 2001 From: Serhii Varakuta Date: Fri, 2 Aug 2024 11:47:08 +0300 Subject: [PATCH 5/5] Fix deploy --- .github/workflows/dev-build-and-deploy.yml | 2 ++ .github/workflows/live-build-and-deploy.yml | 2 ++ .github/workflows/stage-build-and-deploy.yml | 2 ++ 3 files changed, 6 insertions(+) diff --git a/.github/workflows/dev-build-and-deploy.yml b/.github/workflows/dev-build-and-deploy.yml index dd4598bcb9..55a4ab4f51 100644 --- a/.github/workflows/dev-build-and-deploy.yml +++ b/.github/workflows/dev-build-and-deploy.yml @@ -59,6 +59,8 @@ jobs: needs: multiarch-push runs-on: ubuntu-latest steps: + - name: Check out the repo + uses: actions/checkout@v4 - name: Deploy new version uses: ./.github/actions/deploy with: diff --git a/.github/workflows/live-build-and-deploy.yml b/.github/workflows/live-build-and-deploy.yml index 2ff3bf6402..389259034e 100644 --- a/.github/workflows/live-build-and-deploy.yml +++ b/.github/workflows/live-build-and-deploy.yml @@ -59,6 +59,8 @@ jobs: needs: multiarch-push runs-on: ubuntu-latest steps: + - name: Check out the repo + uses: actions/checkout@v4 - name: Deploy new version uses: ./.github/actions/deploy with: diff --git a/.github/workflows/stage-build-and-deploy.yml b/.github/workflows/stage-build-and-deploy.yml index 4c80c5929d..dc89ed9eaa 100644 --- a/.github/workflows/stage-build-and-deploy.yml +++ b/.github/workflows/stage-build-and-deploy.yml @@ -59,6 +59,8 @@ jobs: needs: multiarch-push runs-on: ubuntu-latest steps: + - name: Check out the repo + uses: actions/checkout@v4 - name: Deploy new version uses: ./.github/actions/deploy with: