From 1bf898686973a7338d36198ac39e292e3ff32d46 Mon Sep 17 00:00:00 2001 From: AbstractFruitFactory Date: Thu, 26 Oct 2023 11:35:35 +0100 Subject: [PATCH 1/5] chore: bump gateway sdk --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index a9be0349..0d74be6a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,7 +9,7 @@ "version": "0.0.0", "license": "SEE LICENSE IN RADIX-SOFTWARE-EULA", "dependencies": { - "@radixdlt/babylon-gateway-api-sdk": "1.1.2", + "@radixdlt/babylon-gateway-api-sdk": "1.1.3", "@radixdlt/connect-button": "1.0.0", "@radixdlt/wallet-sdk": "1.0.1", "immer": "^10.0.2", @@ -3285,9 +3285,9 @@ } }, "node_modules/@radixdlt/babylon-gateway-api-sdk": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/@radixdlt/babylon-gateway-api-sdk/-/babylon-gateway-api-sdk-1.1.2.tgz", - "integrity": "sha512-idhYYDgDNfK6OLukbdlIESUAPlHndiY6BrLVlI+trE5T35FAcNxdl1FIe2Uar/xdZI3NWlmpL8RTMYLlJy+vMQ==" + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/@radixdlt/babylon-gateway-api-sdk/-/babylon-gateway-api-sdk-1.1.3.tgz", + "integrity": "sha512-NrPn40daFh58riozx+M9Jzw5jWcltazGwGTl3f6etIjohiuzsgw+vEpd26YqfF6otzbUkzS4uZjlGQUSlI2SNA==" }, "node_modules/@radixdlt/connect-button": { "version": "1.0.0", diff --git a/package.json b/package.json index c9d17cea..1a76b718 100644 --- a/package.json +++ b/package.json @@ -52,7 +52,7 @@ "test:watch": "jest --watch" }, "dependencies": { - "@radixdlt/babylon-gateway-api-sdk": "1.1.2", + "@radixdlt/babylon-gateway-api-sdk": "1.1.3", "@radixdlt/connect-button": "1.0.0", "@radixdlt/wallet-sdk": "1.0.1", "immer": "^10.0.2", From 956f9e36a823e33d81f0e239b2186df4267731ad Mon Sep 17 00:00:00 2001 From: AbstractFruitFactory Date: Fri, 27 Oct 2023 14:15:08 +0100 Subject: [PATCH 2/5] feat: update gateway sdk --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 0d74be6a..ccd06430 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,7 +9,7 @@ "version": "0.0.0", "license": "SEE LICENSE IN RADIX-SOFTWARE-EULA", "dependencies": { - "@radixdlt/babylon-gateway-api-sdk": "1.1.3", + "@radixdlt/babylon-gateway-api-sdk": "^1.2.0", "@radixdlt/connect-button": "1.0.0", "@radixdlt/wallet-sdk": "1.0.1", "immer": "^10.0.2", @@ -3285,9 +3285,9 @@ } }, "node_modules/@radixdlt/babylon-gateway-api-sdk": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/@radixdlt/babylon-gateway-api-sdk/-/babylon-gateway-api-sdk-1.1.3.tgz", - "integrity": "sha512-NrPn40daFh58riozx+M9Jzw5jWcltazGwGTl3f6etIjohiuzsgw+vEpd26YqfF6otzbUkzS4uZjlGQUSlI2SNA==" + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/@radixdlt/babylon-gateway-api-sdk/-/babylon-gateway-api-sdk-1.2.0.tgz", + "integrity": "sha512-9pMSwNkbVN+0+y3+zcuUTOO9PGrTB7/tv0TFtRildg29YW94nR6jC9A+SLEy7ovUzPYOrjJfAv72oJOHXyfS9g==" }, "node_modules/@radixdlt/connect-button": { "version": "1.0.0", diff --git a/package.json b/package.json index 1a76b718..89dd3ddc 100644 --- a/package.json +++ b/package.json @@ -52,7 +52,7 @@ "test:watch": "jest --watch" }, "dependencies": { - "@radixdlt/babylon-gateway-api-sdk": "1.1.3", + "@radixdlt/babylon-gateway-api-sdk": "^1.2.0", "@radixdlt/connect-button": "1.0.0", "@radixdlt/wallet-sdk": "1.0.1", "immer": "^10.0.2", From e32e53eaf68dc1fe29ddf07e63f705ff73c127a1 Mon Sep 17 00:00:00 2001 From: Duje Begonja Date: Mon, 30 Oct 2023 09:01:04 -0400 Subject: [PATCH 3/5] remove build and deployment to kubernetes --- .github/workflows/build.yml | 487 ---------------------- .github/workflows/delete-release-env.yaml | 36 -- 2 files changed, 523 deletions(-) delete mode 100644 .github/workflows/build.yml delete mode 100644 .github/workflows/delete-release-env.yaml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index cfedb836..00000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,487 +0,0 @@ -name: Build - -on: - workflow_dispatch: - inputs: - ENVIRONMENT_NAME: - description: 'Environment Name' - required: true - default: Stokenet - type: choice - options: - - Mainnet - - Stokenet - - push: - branches: - - develop - - release/* - pull_request: - branches: - - develop - - release/** - release: - types: [published] - -jobs: - snyk-scan-deps-licences: - runs-on: ubuntu-latest - permissions: - id-token: write - pull-requests: read - contents: read - deployments: write - steps: - - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b - - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main - with: - role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }} - app_name: 'radix-dapp-toolkit' - step_name: 'snyk-scan-deps-licenses' - secret_prefix: 'SNYK' - secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }} - parse_json: true - - name: Run Snyk to check for deps vulnerabilities - uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0 - with: - args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --severity-threshold=critical - - snyk-scan-code: - runs-on: ubuntu-latest - permissions: - id-token: write - pull-requests: read - contents: read - deployments: write - steps: - - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b - - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main - with: - role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }} - app_name: 'radix-dapp-toolkit' - step_name: 'snyk-scan-code' - secret_prefix: 'SNYK' - secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }} - parse_json: true - - name: Run Snyk to check for code vulnerabilities - uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0 - with: - args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --severity-threshold=high - command: code test - - snyk-sbom: - runs-on: ubuntu-latest - permissions: - id-token: write - pull-requests: read - contents: read - deployments: write - needs: - - snyk-scan-deps-licences - - snyk-scan-code - steps: - - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b - - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main - with: - role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }} - app_name: 'radix-dapp-toolkit' - step_name: 'snyk-sbom' - secret_prefix: 'SNYK' - secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }} - parse_json: true - - name: Generate SBOM # check SBOM can be generated but nothing is done with it - uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0 - with: - args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --format=cyclonedx1.4+json --json-file-output sbom.json - command: sbom - - build: - runs-on: ubuntu-latest - needs: - - snyk-scan-deps-licences - - snyk-scan-code - outputs: - tag: ${{ steps.setup_tags.outputs.tag }} - steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c - - - name: Setup tags for docker image - id: setup_tags - run: echo "tag=sha-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT - - - name: Use Node.js - uses: actions/setup-node@7c29869aec4da703a571b27bcd84d4f15af0b56e - with: - node-version: '18.x' - - - name: Authenticate with private NPM package - run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPMJS_TOKEN }}" > ~/.npmrc - - - name: Install dependencies - run: npm ci - - - name: Run tests - run: npm run test - - - name: Build - run: npm run build - - - name: Dump context - uses: crazy-max/ghaction-dump-context@v2 - - setup-build-args: - runs-on: ubuntu-latest - name: Setup build argument values for docker - outputs: - network: ${{ steps.network_name_step.outputs.network_name }} - is_public: ${{ steps.network_name_step.outputs.is_public }} - steps: - - name: Dump context - uses: crazy-max/ghaction-dump-context@v2 - - name: Info - run: | - echo "This is triggered by: ${{ github.event_name }}" >> $GITHUB_STEP_SUMMARY - - name: Define network name - id: network_name_step - run: | - if [ "${{ github.event_name}}" = 'release' -a ${{!github.event.release.prerelease}} ] || [ ${{github.event_name }} = 'workflow_dispatch' -a "${{github.event.inputs.ENVIRONMENT_NAME}}" = 'Mainnet' ]; then - echo "is_public=true" >> $GITHUB_OUTPUT - echo "network_name=Mainnet" >> $GITHUB_OUTPUT - elif [ ${{github.event_name }} = 'workflow_dispatch' -a "${{github.event.inputs.ENVIRONMENT_NAME}}" = 'Stokenet' ]; then - echo "is_public=true" >> $GITHUB_OUTPUT - echo "network_name=Stokenet" >> $GITHUB_OUTPUT - else - echo "is_public=false" >> $GITHUB_OUTPUT - echo "network_name=" >> $GITHUB_OUTPUT - fi - - push-docker-image: - name: (PRIVATE) Docker AMD - needs: - - setup-build-args - - build - uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main - with: - runs_on: ubuntu-latest - image_registry: "docker.io" - image_organization: "radixdlt" - image_name: "private-radix-dapp-toolkit" - tag: ${{ needs.build.outputs.tag }} - tags: | - type=semver,pattern={{version}} - context: "./" - dockerfile: "./Dockerfile" - platforms: "linux/amd64" - scan_image: true - snyk_target_ref: ${{ github.ref_name }} - build-args: | - NETWORK_NAME=${{needs.setup-build-args.outputs.network}} - IS_PUBLIC=${{needs.setup-build-args.outputs.is_public}} - - snyk-monitor: - runs-on: ubuntu-latest - if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop') - needs: - - push-docker-image - permissions: - id-token: write - pull-requests: read - contents: read - deployments: write - steps: - - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b - - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main - with: - role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }} - app_name: 'radix-dapp-toolkit' - step_name: 'snyk-monitor' - secret_prefix: 'SNYK' - secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }} - parse_json: true - - name: Enable Snyk online monitoring to check for vulnerabilities - uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0 - with: - args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --target-reference=${{ github.ref_name }} - command: monitor - - snyk-container-monitor: - runs-on: ubuntu-latest - if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop') - needs: - - push-docker-image - permissions: - id-token: write - pull-requests: read - contents: read - deployments: write - steps: - - uses: radixdlt/public-iac-resuable-artifacts/snyk-container-monitor@main - with: - role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }} - app_name: 'radix-dapp-toolkit' - step_name: 'snyk-container-monitor' - dockerhub_secret_name: ${{ secrets.AWS_SECRET_NAME_DOCKERHUB }} - snyk_secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }} - parse_json: true - snyk_org_id: ${{ secrets.SNYK_ORG_ID }} - image: docker.io/radixdlt/private-radix-dapp-toolkit:${{ fromJSON(needs.push-docker-image.outputs.json).labels['org.opencontainers.image.version'] }} - target_ref: ${{ github.ref_name }} - - deploy-pr: - if: ${{ github.event_name == 'pull_request' }} - runs-on: ubuntu-latest - needs: - - push-docker-image - permissions: - id-token: write - contents: read - pull-requests: read - steps: - - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b - - uses: unfor19/install-aws-cli-action@457b7980b125044247e455d87b9a26fc2299b787 - with: - version: 2 - - name: Setup helmfile and helm - uses: mamezou-tech/setup-helmfile@55ae2a66c5af4883148b7a50cc6ddc9b61042184 - with: - helm-diff-plugin-version: 'v3.1.3' - helmfile-version: 'v0.144.0' - helm-version: 'v3.11.0' - install-kubectl: no - - name: Install kubectl - uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8 #v3.2 - with: - version: 'v1.25.6' - - name: Configure AWS credentials for deployment - uses: aws-actions/configure-aws-credentials@bab55d3830fe69833c9fecaa51fe2c829a7508f3 - with: - role-to-assume: ${{ secrets.DEPLOY_PR_IAM_ROLE }} - aws-region: eu-west-2 - - name: Deploy application - working-directory: deploy/helm - run: | - cat < namespace.yaml - apiVersion: hnc.x-k8s.io/v1alpha2 - kind: SubnamespaceAnchor - metadata: - name: radix-dapp-toolkit-pr-${{ github.event.number }} - namespace: radix-dapp-toolkit-ci-pr - DOC - - aws eks update-kubeconfig --name ${{ secrets.CLUSTER_NAME }} \ - --alias ${{ secrets.CLUSTER_NAME }} \ - --region eu-west-2 - - kubectl apply -f namespace.yaml - - helmfile --environment pr --namespace radix-dapp-toolkit-pr-${{ github.event.number }} \ - --state-values-set "ci.tag=${{ env.CI_TAG }}" \ - --state-values-set "ci.ingressDomain=${{ env.INGRESS_DOMAIN }}" \ - apply - env: - CI_TAG: ${{ fromJSON(needs.push-docker-image.outputs.json).labels['org.opencontainers.image.version'] }} - INGRESS_DOMAIN: radix-dapp-toolkit-pr-${{ github.event.number}}.${{ secrets.INGRESS_DOMAIN }} - HELM_GH_USER: ${{ secrets.HELM_GH_USER }} - HELM_GH_PASS: ${{ secrets.HELM_GH_PASS }} - - deploy-dev: - if: github.ref == 'refs/heads/develop' && github.event_name == 'push' - runs-on: ubuntu-latest - needs: - - push-docker-image - permissions: - id-token: write - contents: read - pull-requests: read - steps: - - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b - - uses: unfor19/install-aws-cli-action@457b7980b125044247e455d87b9a26fc2299b787 - with: - version: 2 - - name: Setup helmfile and helm - uses: mamezou-tech/setup-helmfile@55ae2a66c5af4883148b7a50cc6ddc9b61042184 - with: - helm-diff-plugin-version: 'v3.1.3' - helmfile-version: 'v0.144.0' - helm-version: 'v3.11.0' - install-kubectl: no - - name: Install kubectl - uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8 #v3.2 - with: - version: 'v1.25.6' - - name: Configure AWS credentials for deployment - uses: aws-actions/configure-aws-credentials@bab55d3830fe69833c9fecaa51fe2c829a7508f3 - with: - role-to-assume: ${{ secrets.DEPLOY_DEV_IAM_ROLE }} - aws-region: eu-west-2 - - name: Deploy application - working-directory: deploy/helm - run: | - aws eks update-kubeconfig --name ${{ secrets.CLUSTER_NAME }} \ - --alias ${{ secrets.CLUSTER_NAME }} \ - --region eu-west-2 - - helmfile --environment dev --namespace radix-dapp-toolkit-dev \ - --state-values-set "ci.tag=${{ env.CI_TAG }}" \ - --state-values-set "ci.ingressDomain=${{ env.INGRESS_DOMAIN }}" \ - apply - env: - CI_TAG: ${{ fromJSON(needs.push-docker-image.outputs.json).labels['org.opencontainers.image.version'] }} - INGRESS_DOMAIN: radix-dapp-toolkit-dev.${{ secrets.INGRESS_DOMAIN }} - HELM_GH_USER: ${{ secrets.HELM_GH_USER }} - HELM_GH_PASS: ${{ secrets.HELM_GH_PASS }} - - deploy-release: - if: startsWith(github.ref_name,'release/') - runs-on: ubuntu-latest - needs: - - push-docker-image - permissions: - id-token: write - contents: read - pull-requests: read - steps: - - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b - - uses: unfor19/install-aws-cli-action@457b7980b125044247e455d87b9a26fc2299b787 - with: - version: 2 - - name: Setup helmfile and helm - uses: mamezou-tech/setup-helmfile@55ae2a66c5af4883148b7a50cc6ddc9b61042184 - with: - helm-diff-plugin-version: 'v3.1.3' - helmfile-version: 'v0.144.0' - helm-version: 'v3.11.0' - install-kubectl: no - - name: Install kubectl - uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8 #v3.2 - with: - version: 'v1.25.6' - - name: Configure AWS credentials for deployment - uses: aws-actions/configure-aws-credentials@bab55d3830fe69833c9fecaa51fe2c829a7508f3 - with: - role-to-assume: ${{ secrets.DEPLOY_RELEASES_IAM_ROLE }} - aws-region: eu-west-2 - - name: Deploy application - working-directory: deploy/helm - run: | - aws eks update-kubeconfig --name ${{ secrets.CLUSTER_NAME }} \ - --alias ${{ secrets.CLUSTER_NAME }} \ - --region eu-west-2 - - BRANCH_NAME=${{ github.ref_name }} - NORMALIZED_BRANCH_NAME=${BRANCH_NAME/\//-} - - cat < subns-manifest.yaml - apiVersion: hnc.x-k8s.io/v1alpha2 - kind: SubnamespaceAnchor - metadata: - name: radix-dapp-toolkit-$NORMALIZED_BRANCH_NAME - namespace: radix-dapp-toolkit-ci-releases - DOC - - kubectl apply -f subns-manifest.yaml - - helmfile --environment dev --namespace radix-dapp-toolkit-$NORMALIZED_BRANCH_NAME \ - --state-values-set "ci.tag=${{ env.CI_TAG }}" \ - --state-values-set "ci.ingressDomain=radix-dapp-toolkit-${NORMALIZED_BRANCH_NAME}.${{ env.INGRESS_DOMAIN }}" \ - apply - env: - CI_TAG: ${{ fromJSON(needs.push-docker-image.outputs.json).labels['org.opencontainers.image.version'] }} - INGRESS_DOMAIN: ${{ secrets.INGRESS_DOMAIN }} - HELM_GH_USER: ${{ secrets.HELM_GH_USER }} - HELM_GH_PASS: ${{ secrets.HELM_GH_PASS }} - - deploy-stokenet: - if: ( github.event.inputs.ENVIRONMENT_NAME == 'Stokenet' && github.event_name == 'workflow_dispatch' ) - runs-on: ubuntu-latest - environment: stokenet - needs: - - push-docker-image - permissions: - id-token: write - contents: read - pull-requests: read - steps: - - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b - - uses: unfor19/install-aws-cli-action@457b7980b125044247e455d87b9a26fc2299b787 - with: - version: 2 - - name: Setup helmfile and helm - uses: mamezou-tech/setup-helmfile@55ae2a66c5af4883148b7a50cc6ddc9b61042184 - with: - helm-diff-plugin-version: 'v3.1.3' - helmfile-version: 'v0.144.0' - helm-version: 'v3.11.0' - install-kubectl: no - - name: Install kubectl - uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8 #v3.2 - with: - version: 'v1.25.6' - - name: Configure AWS credentials for deployment - uses: aws-actions/configure-aws-credentials@bab55d3830fe69833c9fecaa51fe2c829a7508f3 - with: - role-to-assume: ${{ secrets.DEPLOY_STOKENET_IAM_ROLE }} - aws-region: eu-west-2 - - name: Deploy application - working-directory: deploy/helm - run: | - aws eks update-kubeconfig --name ${{ secrets.STOKENET_CLUSTER_NAME }} \ - --alias ${{ secrets.STOKENET_CLUSTER_NAME }} \ - --region eu-west-2 - - helmfile --environment stokenet --namespace radix-dapp-toolkit-stokenet \ - --state-values-set "ci.tag=${{ env.CI_TAG }}" \ - --state-values-set "ci.ingressDomain=${{ env.INGRESS_DOMAIN }}" \ - apply - env: - CI_TAG: ${{ fromJSON(needs.push-docker-image.outputs.json).labels['org.opencontainers.image.version'] }} - INGRESS_DOMAIN: ${{ secrets.STOKENET_INGRESS_DOMAIN }} - HELM_GH_USER: ${{ secrets.HELM_GH_USER }} - HELM_GH_PASS: ${{ secrets.HELM_GH_PASS }} - - deploy-mainnet: - if: github.event_name == 'release' && !github.event.release.prerelease || ( github.event.inputs.ENVIRONMENT_NAME == 'Mainnet' && github.event_name == 'workflow_dispatch' ) - runs-on: ubuntu-latest - needs: - - push-docker-image - permissions: - id-token: write - contents: read - pull-requests: read - steps: - - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b - - uses: unfor19/install-aws-cli-action@457b7980b125044247e455d87b9a26fc2299b787 - with: - version: 2 - - name: Setup helmfile and helm - uses: mamezou-tech/setup-helmfile@55ae2a66c5af4883148b7a50cc6ddc9b61042184 - with: - helm-diff-plugin-version: 'v3.1.3' - helmfile-version: 'v0.144.0' - helm-version: 'v3.11.0' - install-kubectl: no - - name: Install kubectl - uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8 #v3.2 - with: - version: 'v1.25.6' - - name: Configure AWS credentials for deployment - uses: aws-actions/configure-aws-credentials@bab55d3830fe69833c9fecaa51fe2c829a7508f3 - with: - role-to-assume: ${{ secrets.DEPLOY_MAINNET_IAM_ROLE }} - aws-region: eu-west-2 - - name: Deploy application - working-directory: deploy/helm - run: | - aws eks update-kubeconfig --name ${{ secrets.MAINNET_CLUSTER_NAME }} \ - --alias ${{ secrets.MAINNET_CLUSTER_NAME }} \ - --region eu-west-2 - - helmfile --environment mainnet --namespace radix-dapp-toolkit-mainnet \ - --state-values-set "ci.tag=${{ env.CI_TAG }}" \ - --state-values-set "ci.ingressDomain=${{ env.INGRESS_DOMAIN }}" \ - apply - env: - CI_TAG: ${{ fromJSON(needs.push-docker-image.outputs.json).labels['org.opencontainers.image.version'] }} - INGRESS_DOMAIN: ${{ secrets.MAINNET_INGRESS_DOMAIN }} - HELM_GH_USER: ${{ secrets.HELM_GH_USER }} - HELM_GH_PASS: ${{ secrets.HELM_GH_PASS }} diff --git a/.github/workflows/delete-release-env.yaml b/.github/workflows/delete-release-env.yaml deleted file mode 100644 index 6a3d9b00..00000000 --- a/.github/workflows/delete-release-env.yaml +++ /dev/null @@ -1,36 +0,0 @@ -name: Delete release environment - -on: delete - -jobs: - delete-release-env: - if: github.event.ref_type == 'branch' && contains(github.event.ref, 'release') - runs-on: ubuntu-latest - permissions: - id-token: write - contents: read - pull-requests: read - steps: - - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b - - uses: unfor19/install-aws-cli-action@v1 - with: - version: 2 - - name: Install kubectl - uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8 #v3.2 - with: - version: "v1.25.6" - - name: Configure AWS credentials for deployment - uses: aws-actions/configure-aws-credentials@v1 - with: - role-to-assume: ${{ secrets.DEPLOY_RELEASES_IAM_ROLE }} - aws-region: eu-west-2 - - name: Delete PR - run: | - aws eks update-kubeconfig --name ${{ secrets.CLUSTER_NAME }} \ - --alias ${{ secrets.CLUSTER_NAME }} \ - --region eu-west-2 - - BRANCH_NAME=${{ github.ref_name }} - NORMALIZED_BRANCH_NAME=${BRANCH_NAME/\//-} - - kubectl delete subns radix-dapp-toolkit-$NORMALIZED_BRANCH_NAME -n radix-dapp-toolkit-ci-releases From e7f5462714be531f4ea12677ac9a40da59ec118b Mon Sep 17 00:00:00 2001 From: Duje Begonja Date: Mon, 30 Oct 2023 09:13:26 -0400 Subject: [PATCH 4/5] return build.yml --- .github/workflows/build.yml | 130 ++++++++++++++++++++++++++++++++++++ 1 file changed, 130 insertions(+) create mode 100644 .github/workflows/build.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 00000000..11500242 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,130 @@ +name: Build + +on: + workflow_dispatch: + inputs: + ENVIRONMENT_NAME: + description: 'Environment Name' + required: true + default: Stokenet + type: choice + options: + - Mainnet + - Stokenet + + push: + branches: + - develop + - release/* + pull_request: + branches: + - develop + - release/** + release: + types: [published] + +jobs: + snyk-scan-deps-licences: + runs-on: ubuntu-latest + permissions: + id-token: write + pull-requests: read + contents: read + deployments: write + steps: + - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b + - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main + with: + role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }} + app_name: 'radix-dapp-toolkit' + step_name: 'snyk-scan-deps-licenses' + secret_prefix: 'SNYK' + secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }} + parse_json: true + - name: Run Snyk to check for deps vulnerabilities + uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0 + with: + args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --severity-threshold=critical + + snyk-scan-code: + runs-on: ubuntu-latest + permissions: + id-token: write + pull-requests: read + contents: read + deployments: write + steps: + - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b + - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main + with: + role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }} + app_name: 'radix-dapp-toolkit' + step_name: 'snyk-scan-code' + secret_prefix: 'SNYK' + secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }} + parse_json: true + - name: Run Snyk to check for code vulnerabilities + uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0 + with: + args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --severity-threshold=high + command: code test + + snyk-sbom: + runs-on: ubuntu-latest + permissions: + id-token: write + pull-requests: read + contents: read + deployments: write + needs: + - snyk-scan-deps-licences + - snyk-scan-code + steps: + - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b + - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main + with: + role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }} + app_name: 'radix-dapp-toolkit' + step_name: 'snyk-sbom' + secret_prefix: 'SNYK' + secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }} + parse_json: true + - name: Generate SBOM # check SBOM can be generated but nothing is done with it + uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0 + with: + args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --format=cyclonedx1.4+json --json-file-output sbom.json + command: sbom + + build: + runs-on: ubuntu-latest + needs: + - snyk-scan-deps-licences + - snyk-scan-code + outputs: + tag: ${{ steps.setup_tags.outputs.tag }} + steps: + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c + + - name: Setup tags for docker image + id: setup_tags + run: echo "tag=sha-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + + - name: Use Node.js + uses: actions/setup-node@7c29869aec4da703a571b27bcd84d4f15af0b56e + with: + node-version: '18.x' + + - name: Authenticate with private NPM package + run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPMJS_TOKEN }}" > ~/.npmrc + + - name: Install dependencies + run: npm ci + + - name: Run tests + run: npm run test + + - name: Build + run: npm run build + + - name: Dump context + uses: crazy-max/ghaction-dump-context@v2 \ No newline at end of file From 81fbdb64c170db3972e73963051a81ad7ff90308 Mon Sep 17 00:00:00 2001 From: Duje Begonja Date: Mon, 30 Oct 2023 09:19:40 -0400 Subject: [PATCH 5/5] remove step and output for docker tags --- .github/workflows/build.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 11500242..6aabe6cd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -100,15 +100,9 @@ jobs: needs: - snyk-scan-deps-licences - snyk-scan-code - outputs: - tag: ${{ steps.setup_tags.outputs.tag }} steps: - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c - - name: Setup tags for docker image - id: setup_tags - run: echo "tag=sha-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT - - name: Use Node.js uses: actions/setup-node@7c29869aec4da703a571b27bcd84d4f15af0b56e with: