From a0f62e597e15708305bdec268b9d8ee2fc9e1b91 Mon Sep 17 00:00:00 2001 From: Assem Date: Wed, 11 Oct 2023 15:49:34 +0200 Subject: [PATCH 1/2] =?UTF-8?q?chore:=20Berghain=20`apt`=20CI=20=E2=9D=A4?= =?UTF-8?q?=EF=B8=8F=E2=80=8D=F0=9F=94=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/aptly_mainnet_s3.json | 18 ++++++++++ .github/workflows/_30_publish.yml | 41 ++++++++++++++++++---- .github/workflows/ci-development.yml | 1 + .github/workflows/ci-main.yml | 1 + .github/workflows/ci-nightly.yml | 1 + .github/workflows/release-berghain.yml | 38 ++++++++++++++++++++ .github/workflows/release-kitkat.yml | 3 +- .github/workflows/release-partnernet.yml | 3 +- .github/workflows/release-perseverance.yml | 3 +- .github/workflows/release-sisyphos.yml | 1 + 10 files changed, 100 insertions(+), 10 deletions(-) create mode 100644 .github/aptly_mainnet_s3.json create mode 100644 .github/workflows/release-berghain.yml diff --git a/.github/aptly_mainnet_s3.json b/.github/aptly_mainnet_s3.json new file mode 100644 index 0000000000..92446aa799 --- /dev/null +++ b/.github/aptly_mainnet_s3.json @@ -0,0 +1,18 @@ +{ + "chainflip-prod": { + "region": "eu-central-1", + "bucket": "pkgs.chainflip.io", + "endpoint": "", + "awsAccessKeyID": "", + "awsSecretAccessKey": "", + "awsSessionToken": "", + "prefix": "", + "acl": "public-read", + "storageClass": "", + "encryptionMethod": "", + "plusWorkaround": false, + "disableMultiDel": false, + "forceSigV2": false, + "debug": false + } + } diff --git a/.github/workflows/_30_publish.yml b/.github/workflows/_30_publish.yml index 2e72c6b5a9..429c7154de 100644 --- a/.github/workflows/_30_publish.yml +++ b/.github/workflows/_30_publish.yml @@ -6,6 +6,10 @@ on: description: Release version required: true type: string + network: + description: mainnet or testnet + required: true + type: string environment: description: prod or dev repo required: true @@ -50,19 +54,29 @@ jobs: sudo dpkg -i /tmp/aptly_${APTLY_VERSION}_amd64.deb - name: Configure AWS credentials using OIDC + if: inputs.network != 'mainnet' uses: aws-actions/configure-aws-credentials@v2 with: aws-region: eu-central-1 role-to-assume: arn:aws:iam::962042992619:role/chainflip-github-bot - - name: Configure aptly - run: | - aptly config show - jq --argjson S3PublishEndpoints "$(<.github/aptly_${{ inputs.environment }}_s3.json)" '.S3PublishEndpoints += $S3PublishEndpoints' ~/.aptly.conf | sponge ~/.aptly.conf + - name: Configure Mainnet AWS credentials using OIDC + if: inputs.network == 'mainnet' + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-region: eu-central-1 + role-to-assume: arn:aws:iam::875562862093:role/chainflip-github-bot - - name: Import prod GPG package signing key + - name: Import mainnet GPG package signing key id: import_gpg_prod - if: inputs.environment == 'prod' + if: inputs.network == 'mainnet' + uses: crazy-max/ghaction-import-gpg@v5 + with: + gpg_private_key: ${{ secrets.CF_MAINNET_PGP_KEY }} + + - name: Import prod GPG package signing key + id: import_gpg_mainnet + if: inputs.environment == 'prod' && inputs.network != 'mainnet' uses: crazy-max/ghaction-import-gpg@v5 with: gpg_private_key: ${{ secrets.CF_PROD_PGP_KEY }} @@ -76,18 +90,31 @@ jobs: - name: Set environment run: | - if [[ '${{ inputs.environment }}' == 'prod' ]]; then + if [[ '${{ inputs.network }}' == 'mainnet' ]]; then + echo "REPO_BUCKET=pkgs.chainflip.io" >> $GITHUB_ENV + echo "USER_PASS_PREFIX=" >> $GITHUB_ENV + echo "REPO_BASIC_AUTH=" >> $GITHUB_ENV + echo "GPG_KEY_ID=${{ steps.import_gpg_mainnet.outputs.keyid }}" >> $GITHUB_ENV + echo "APTLY_CONFIG_FILE=aptly_mainnet_s3.json" >> $GITHUB_ENV + elif [[ '${{ inputs.environment }}' == 'prod' ]]; then echo "REPO_BUCKET=repo.chainflip.io" >> $GITHUB_ENV echo "USER_PASS_PREFIX=" >> $GITHUB_ENV echo "REPO_BASIC_AUTH=" >> $GITHUB_ENV echo "GPG_KEY_ID=${{ steps.import_gpg_prod.outputs.keyid }}" >> $GITHUB_ENV + echo "APTLY_CONFIG_FILE=aptly_prod_s3.json" >> $GITHUB_ENV else echo "REPO_BUCKET=apt.aws.chainflip.xyz" >> $GITHUB_ENV echo "USER_PASS_PREFIX={user}:{pass}@" >> $GITHUB_ENV echo "REPO_BASIC_AUTH=flip:${{ secrets.CF_APT_REPO_BASIC_AUTH_PASSWORD }}" >> $GITHUB_ENV echo "GPG_KEY_ID=${{ steps.import_gpg_dev.outputs.keyid }}" >> $GITHUB_ENV + echo "APTLY_CONFIG_FILE=aptly_dev_s3.json" >> $GITHUB_ENV fi + - name: Configure aptly + run: | + aptly config show + jq --argjson S3PublishEndpoints "$(<.github/${APTLY_CONFIG_FILE})" '.S3PublishEndpoints += $S3PublishEndpoints' ~/.aptly.conf | sponge ~/.aptly.conf + - name: List keys run: gpg -K diff --git a/.github/workflows/ci-development.yml b/.github/workflows/ci-development.yml index 0c7f682d8d..b99ccf5120 100644 --- a/.github/workflows/ci-development.yml +++ b/.github/workflows/ci-development.yml @@ -47,6 +47,7 @@ jobs: with: version: ci/${{ github.sha }}/ environment: dev + network: development secrets: inherit merge-commit-summary: needs: [publish] diff --git a/.github/workflows/ci-main.yml b/.github/workflows/ci-main.yml index 348b62ee79..879d880026 100644 --- a/.github/workflows/ci-main.yml +++ b/.github/workflows/ci-main.yml @@ -44,4 +44,5 @@ jobs: with: version: ci/${{ github.sha }}/ environment: dev + network: development secrets: inherit diff --git a/.github/workflows/ci-nightly.yml b/.github/workflows/ci-nightly.yml index 59e296ab7d..fa929841e6 100644 --- a/.github/workflows/ci-nightly.yml +++ b/.github/workflows/ci-nightly.yml @@ -43,4 +43,5 @@ jobs: with: version: nightly/ environment: dev + network: development secrets: inherit diff --git a/.github/workflows/release-berghain.yml b/.github/workflows/release-berghain.yml new file mode 100644 index 0000000000..efa9ff97af --- /dev/null +++ b/.github/workflows/release-berghain.yml @@ -0,0 +1,38 @@ +name: Release Chainflip Mainnet +on: + workflow_dispatch: + +concurrency: + group: ${{ github.ref }}-release-mainnet + cancel-in-progress: true + +jobs: + check-versions: + uses: ./.github/workflows/_03_check_versions.yml + bins: + needs: [check-versions] + uses: ./.github/workflows/_02_retrieve-bins.yml + secrets: inherit + docker: + needs: [bins] + uses: ./.github/workflows/_24_docker.yml + with: + network: berghain + environment: prod + publish_public_images: true + secrets: inherit + package: + needs: [bins] + uses: ./.github/workflows/_25_package.yml + with: + network: "berghain" + environment: prod + secrets: inherit + publish: + needs: [package] + uses: ./.github/workflows/_30_publish.yml + with: + version: "mainnet/" + environment: prod + network: berghain + secrets: inherit diff --git a/.github/workflows/release-kitkat.yml b/.github/workflows/release-kitkat.yml index 9723558970..76eb89f242 100644 --- a/.github/workflows/release-kitkat.yml +++ b/.github/workflows/release-kitkat.yml @@ -34,4 +34,5 @@ jobs: with: version: "kitkat/" environment: prod - secrets: inherit \ No newline at end of file + network: kitkat + secrets: inherit diff --git a/.github/workflows/release-partnernet.yml b/.github/workflows/release-partnernet.yml index 92397b0f3e..0f5bc82e84 100644 --- a/.github/workflows/release-partnernet.yml +++ b/.github/workflows/release-partnernet.yml @@ -45,4 +45,5 @@ jobs: with: version: "partnernet/" environment: prod - secrets: inherit \ No newline at end of file + network: partnernet + secrets: inherit diff --git a/.github/workflows/release-perseverance.yml b/.github/workflows/release-perseverance.yml index e7b88862fd..16e904192a 100644 --- a/.github/workflows/release-perseverance.yml +++ b/.github/workflows/release-perseverance.yml @@ -35,10 +35,11 @@ jobs: with: version: "perseverance/" environment: prod + network: perseverance secrets: inherit release: needs: [publish] uses: ./.github/workflows/_50_release.yml secrets: inherit with: - network: perseverance \ No newline at end of file + network: perseverance diff --git a/.github/workflows/release-sisyphos.yml b/.github/workflows/release-sisyphos.yml index 14f71b1575..33e64ab1b5 100644 --- a/.github/workflows/release-sisyphos.yml +++ b/.github/workflows/release-sisyphos.yml @@ -45,4 +45,5 @@ jobs: with: version: "sisyphos/" environment: dev + network: sisyphos secrets: inherit From 34b508f53e87eddbea653980abe5db45d48a0a93 Mon Sep 17 00:00:00 2001 From: Assem Date: Wed, 11 Oct 2023 15:52:23 +0200 Subject: [PATCH 2/2] =?UTF-8?q?fix:=20conditionals=20=F0=9F=90=9B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/_30_publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/_30_publish.yml b/.github/workflows/_30_publish.yml index 429c7154de..f8a4d6c4b5 100644 --- a/.github/workflows/_30_publish.yml +++ b/.github/workflows/_30_publish.yml @@ -90,13 +90,13 @@ jobs: - name: Set environment run: | - if [[ '${{ inputs.network }}' == 'mainnet' ]]; then + if [[ '${{ inputs.environment }}' == 'prod' && '${{ inputs.network }}' == 'mainnet' ]]; then echo "REPO_BUCKET=pkgs.chainflip.io" >> $GITHUB_ENV echo "USER_PASS_PREFIX=" >> $GITHUB_ENV echo "REPO_BASIC_AUTH=" >> $GITHUB_ENV echo "GPG_KEY_ID=${{ steps.import_gpg_mainnet.outputs.keyid }}" >> $GITHUB_ENV echo "APTLY_CONFIG_FILE=aptly_mainnet_s3.json" >> $GITHUB_ENV - elif [[ '${{ inputs.environment }}' == 'prod' ]]; then + elif [[ '${{ inputs.environment }}' == 'prod' && '${{ inputs.network }}' != 'mainnet' ]]; then echo "REPO_BUCKET=repo.chainflip.io" >> $GITHUB_ENV echo "USER_PASS_PREFIX=" >> $GITHUB_ENV echo "REPO_BASIC_AUTH=" >> $GITHUB_ENV