v0.8.16 #79
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release to Prod | |
| on: | |
| release: | |
| types: [released, prereleased] | |
| jobs: | |
| go: | |
| name: Go | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - name: Setup | |
| id: setup | |
| uses: ./.github/actions/setup | |
| - name: Validate and test Go code | |
| id: go | |
| uses: ./.github/actions/go | |
| with: | |
| COVERAGE_THRESHOLD: ${{ vars.COVERAGE_THRESHOLD }} | |
| e2e: | |
| name: E2E Test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - name: Setup | |
| id: setup | |
| uses: ./.github/actions/setup | |
| with: | |
| cache: "false" | |
| - name: E2E Test | |
| id: e2e | |
| uses: ./.github/actions/e2e | |
| containers: | |
| name: Build and push containers | |
| needs: [go, e2e] | |
| runs-on: ubuntu-20.04 | |
| environment: prod | |
| outputs: | |
| node-image-ref: ${{ steps.write-output.outputs.node-image-ref }} | |
| node-release-cid: ${{ steps.write-output.outputs.node-release-cid }} | |
| strategy: | |
| matrix: | |
| image-name: ["node"] | |
| steps: | |
| - name: Clear artifacts | |
| uses: kolpav/purge-artifacts-action@v1 | |
| continue-on-error: true | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| expire-in: 7days | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - name: Build and push container | |
| id: build-and-push | |
| uses: ./.github/actions/build-push | |
| with: | |
| registry: disco.forta.network | |
| name: ${{ matrix.image-name }} | |
| version: ${{ github.ref_name }} | |
| aws_access_key: ${{ secrets.PROD_RELEASE_AWS_ACCESS_KEY }} | |
| aws_secret_key: ${{ secrets.PROD_RELEASE_AWS_SECRET_KEY }} | |
| release_artifacts_bucket_name: prod-forta-releases | |
| - name: Write image reference as output | |
| id: write-output | |
| run: | | |
| echo "::set-output name=${{ matrix.image-name }}-release-cid::${{ steps.build-and-push.outputs.release-cid }}" | |
| echo "::set-output name=${{ matrix.image-name }}-image-ref::${{ steps.build-and-push.outputs.image-reference }}" | |
| propose: | |
| name: Propose Upgrade | |
| needs: containers | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Propose Upgrade | |
| id: propose | |
| uses: ./.github/actions/propose | |
| with: | |
| api-key: ${{ secrets.DEFENDER_PROPOSAL_API_KEY }} | |
| api-secret: ${{ secrets.DEFENDER_PROPOSAL_API_SECRET }} | |
| scanner-version-contract: "0x4720c872425876B6f4b4E9130CDef667aDE553b2" | |
| network: "matic" | |
| multisig: "0xd1d4FaFd400fCD643132bb7eAF7682eE97E09C3e" | |
| version: ${{ github.ref_name }} | |
| release-cid: ${{ needs.containers.outputs.node-release-cid }} | |
| is-release: ${{ github.event.action == 'released' }} | |
| - name: Release Proposal Url | |
| run: echo "Proposal ${{ steps.propose.outputs.release-proposal-url }}" | |
| - name: Prerelease Proposal Url | |
| run: echo "Proposal ${{ steps.propose.outputs.prerelease-proposal-url }}" | |
| build: | |
| if: ${{ github.event.action == 'released' }} | |
| name: Build | |
| needs: [containers] | |
| runs-on: ubuntu-20.04 | |
| environment: prod | |
| steps: | |
| - name: Echo Image References | |
| run: | | |
| echo "node=${{ needs.containers.outputs.node-image-ref }}" | |
| - name: Clear artifacts | |
| uses: kolpav/purge-artifacts-action@v1 | |
| continue-on-error: true | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| expire-in: 7days | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - name: Set up Go | |
| uses: actions/setup-go@v2 | |
| with: | |
| go-version: 1.19 | |
| - name: Create build for revision | |
| run: | | |
| ./scripts/build.sh ${{ needs.containers.outputs.node-image-ref }} \ | |
| 'remote' ${{ needs.containers.outputs.node-release-cid }} ${{ github.sha }} ${{ github.ref_name }} | |
| chmod 755 forta | |
| - name: Configure AWS credentials (build artifact -> S3) | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.PROD_RELEASE_AWS_ACCESS_KEY }} | |
| aws-secret-access-key: ${{ secrets.PROD_RELEASE_AWS_SECRET_KEY }} | |
| aws-region: us-east-1 | |
| - name: Copy build to build artifacts bucket | |
| env: | |
| BUCKET_NAME: ${{ secrets.PROD_BUILD_ARTIFACTS_BUCKET_NAME }} | |
| REVISION: ${{ github.sha }} | |
| run: | | |
| aws s3 cp forta "s3://$BUCKET_NAME/forta-$REVISION" | |
| release: | |
| if: ${{ github.event.action == 'released' }} | |
| name: Release to prod | |
| needs: [build] | |
| runs-on: ubuntu-20.04 | |
| environment: prod | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - name: Release | |
| id: release | |
| uses: ./.github/actions/release | |
| with: | |
| version: ${{ github.ref_name }} | |
| revision: ${{ github.sha }} | |
| aws_access_key: ${{ secrets.PROD_RELEASE_AWS_ACCESS_KEY }} | |
| aws_secret_key: ${{ secrets.PROD_RELEASE_AWS_SECRET_KEY }} | |
| build_artifacts_bucket_name: prod-forta-build-artifacts | |
| release_artifacts_bucket_name: prod-forta-releases | |
| release_artifacts_url: https://dist.forta.network/artifacts | |
| dist_base_url: https://dist.forta.network | |
| pgp_key_name: ${{ secrets.PROD_PGP_KEY_NAME }} | |
| pgp_private_key: ${{ secrets.PROD_PGP_PRIVATE_KEY }} | |
| pgp_public_key: ${{ secrets.PROD_PGP_PUBLIC_KEY }} | |
| pgp_passphrase: ${{ secrets.PROD_PGP_PASSPHRASE }} |