Merge pull request #162 from radixdlt/develop

v1.3.1
radixdlt · Nov 14, 2023 · 608f371 · 608f371
2 parents 8040f72 + 00034cd
commit 608f371
Show file tree

Hide file tree

Showing 123 changed files with 68 additions and 8,356 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 3
+    reviewers:
+      - "radixdlt/devops"
+      - "radixdlt/projects"
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -100,15 +100,9 @@ jobs:
     needs:
       - snyk-scan-deps-licences
       - snyk-scan-code
-    outputs:
-      tag: ${{ steps.setup_tags.outputs.tag }}
     steps:
       - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
 
-      - name: Setup tags for docker image
-        id: setup_tags
-        run: echo "tag=sha-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
-
       - name: Use Node.js
         uses: actions/setup-node@7c29869aec4da703a571b27bcd84d4f15af0b56e
         with:
@@ -127,361 +121,4 @@ jobs:
         run: npm run build
 
       - name: Dump context
-        uses: crazy-max/ghaction-dump-context@v2
-
-  setup-build-args:
-    runs-on: ubuntu-latest
-    name: Setup build argument values for docker
-    outputs:
-      network: ${{ steps.network_name_step.outputs.network_name }}
-      is_public: ${{ steps.network_name_step.outputs.is_public }}
-    steps:
-      - name: Dump context
-        uses: crazy-max/ghaction-dump-context@v2
-      - name: Info
-        run: |
-          echo "This is triggered by: ${{ github.event_name }}" >> $GITHUB_STEP_SUMMARY
-      - name: Define network name
-        id: network_name_step
-        run: |
-          if [ "${{ github.event_name}}" = 'release' -a ${{!github.event.release.prerelease}} ] || [ ${{github.event_name }} = 'workflow_dispatch' -a "${{github.event.inputs.ENVIRONMENT_NAME}}" = 'Mainnet' ]; then
-            echo "is_public=true" >> $GITHUB_OUTPUT
-            echo "network_name=Mainnet" >> $GITHUB_OUTPUT
-          elif [ ${{github.event_name }} = 'workflow_dispatch' -a "${{github.event.inputs.ENVIRONMENT_NAME}}" = 'Stokenet' ]; then
-            echo "is_public=true" >> $GITHUB_OUTPUT
-            echo "network_name=Stokenet" >> $GITHUB_OUTPUT
-          else
-            echo "is_public=false" >> $GITHUB_OUTPUT
-            echo "network_name=" >> $GITHUB_OUTPUT
-          fi
-
-  push-docker-image:
-    name: (PRIVATE) Docker AMD
-    needs:
-      - setup-build-args
-      - build
-    uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main
-    with:
-      runs_on: ubuntu-latest
-      image_registry: "docker.io"
-      image_organization: "radixdlt"
-      image_name: "private-radix-dapp-toolkit"
-      tag: ${{ needs.build.outputs.tag }}
-      tags: |
-        type=semver,pattern={{version}}
-      context: "./"
-      dockerfile: "./Dockerfile"
-      platforms: "linux/amd64"
-      scan_image: true
-      snyk_target_ref: ${{ github.ref_name }}
-      build-args: |
-        NETWORK_NAME=${{needs.setup-build-args.outputs.network}}
-        IS_PUBLIC=${{needs.setup-build-args.outputs.is_public}}
-
-  snyk-monitor:
-    runs-on: ubuntu-latest
-    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop')
-    needs:
-      - push-docker-image
-    permissions:
-      id-token: write
-      pull-requests: read
-      contents: read
-      deployments: write
-    steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
-      - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
-        with:
-          role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
-          app_name: 'radix-dapp-toolkit'
-          step_name: 'snyk-monitor'
-          secret_prefix: 'SNYK'
-          secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
-          parse_json: true
-      - name: Enable Snyk online monitoring to check for vulnerabilities
-        uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0
-        with:
-          args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --target-reference=${{ github.ref_name }}
-          command: monitor
-
-  snyk-container-monitor:
-    runs-on: ubuntu-latest
-    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop')
-    needs:
-      - push-docker-image
-    permissions:
-      id-token: write
-      pull-requests: read
-      contents: read
-      deployments: write
-    steps:
-      - uses: radixdlt/public-iac-resuable-artifacts/snyk-container-monitor@main
-        with:
-          role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
-          app_name: 'radix-dapp-toolkit'
-          step_name: 'snyk-container-monitor'
-          dockerhub_secret_name: ${{ secrets.AWS_SECRET_NAME_DOCKERHUB }}
-          snyk_secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
-          parse_json: true
-          snyk_org_id: ${{ secrets.SNYK_ORG_ID }}
-          image: docker.io/radixdlt/private-radix-dapp-toolkit:${{ fromJSON(needs.push-docker-image.outputs.json).labels['org.opencontainers.image.version'] }}
-          target_ref: ${{ github.ref_name }}
-
-  deploy-pr:
-    if: ${{ github.event_name == 'pull_request' }}
-    runs-on: ubuntu-latest
-    needs:
-      - push-docker-image
-    permissions:
-      id-token: write
-      contents: read
-      pull-requests: read
-    steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
-      - uses: unfor19/install-aws-cli-action@457b7980b125044247e455d87b9a26fc2299b787
-        with:
-          version: 2
-      - name: Setup helmfile and helm
-        uses: mamezou-tech/setup-helmfile@55ae2a66c5af4883148b7a50cc6ddc9b61042184
-        with:
-          helm-diff-plugin-version: 'v3.1.3'
-          helmfile-version: 'v0.144.0'
-          helm-version: 'v3.11.0'
-          install-kubectl: no
-      - name: Install kubectl
-        uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8 #v3.2
-        with:
-          version: 'v1.25.6'
-      - name: Configure AWS credentials for deployment
-        uses: aws-actions/configure-aws-credentials@bab55d3830fe69833c9fecaa51fe2c829a7508f3
-        with:
-          role-to-assume: ${{ secrets.DEPLOY_PR_IAM_ROLE }}
-          aws-region: eu-west-2
-      - name: Deploy application
-        working-directory: deploy/helm
-        run: |
-          cat <<DOC > namespace.yaml
-          apiVersion: hnc.x-k8s.io/v1alpha2
-          kind: SubnamespaceAnchor
-          metadata:
-            name: radix-dapp-toolkit-pr-${{ github.event.number }}
-            namespace: radix-dapp-toolkit-ci-pr
-          DOC
-
-          aws eks update-kubeconfig --name ${{ secrets.CLUSTER_NAME }} \
-                                    --alias ${{ secrets.CLUSTER_NAME }} \
-                                    --region eu-west-2
-
-          kubectl apply -f namespace.yaml
-
-          helmfile --environment pr --namespace radix-dapp-toolkit-pr-${{ github.event.number }} \
-                   --state-values-set "ci.tag=${{ env.CI_TAG }}" \
-                   --state-values-set "ci.ingressDomain=${{ env.INGRESS_DOMAIN }}" \
-                   apply
-        env:
-          CI_TAG: ${{ fromJSON(needs.push-docker-image.outputs.json).labels['org.opencontainers.image.version'] }}
-          INGRESS_DOMAIN: radix-dapp-toolkit-pr-${{ github.event.number}}.${{ secrets.INGRESS_DOMAIN }}
-          HELM_GH_USER: ${{ secrets.HELM_GH_USER }}
-          HELM_GH_PASS: ${{ secrets.HELM_GH_PASS }}
-
-  deploy-dev:
-    if: github.ref == 'refs/heads/develop' && github.event_name == 'push'
-    runs-on: ubuntu-latest
-    needs:
-      - push-docker-image
-    permissions:
-      id-token: write
-      contents: read
-      pull-requests: read
-    steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
-      - uses: unfor19/install-aws-cli-action@457b7980b125044247e455d87b9a26fc2299b787
-        with:
-          version: 2
-      - name: Setup helmfile and helm
-        uses: mamezou-tech/setup-helmfile@55ae2a66c5af4883148b7a50cc6ddc9b61042184
-        with:
-          helm-diff-plugin-version: 'v3.1.3'
-          helmfile-version: 'v0.144.0'
-          helm-version: 'v3.11.0'
-          install-kubectl: no
-      - name: Install kubectl
-        uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8 #v3.2
-        with:
-          version: 'v1.25.6'
-      - name: Configure AWS credentials for deployment
-        uses: aws-actions/configure-aws-credentials@bab55d3830fe69833c9fecaa51fe2c829a7508f3
-        with:
-          role-to-assume: ${{ secrets.DEPLOY_DEV_IAM_ROLE }}
-          aws-region: eu-west-2
-      - name: Deploy application
-        working-directory: deploy/helm
-        run: |
-          aws eks update-kubeconfig --name ${{ secrets.CLUSTER_NAME }} \
-                                    --alias ${{ secrets.CLUSTER_NAME }} \
-                                    --region eu-west-2
-
-          helmfile --environment dev --namespace radix-dapp-toolkit-dev \
-                   --state-values-set "ci.tag=${{ env.CI_TAG }}" \
-                   --state-values-set "ci.ingressDomain=${{ env.INGRESS_DOMAIN }}" \
-                   apply
-        env:
-          CI_TAG: ${{ fromJSON(needs.push-docker-image.outputs.json).labels['org.opencontainers.image.version'] }}
-          INGRESS_DOMAIN: radix-dapp-toolkit-dev.${{ secrets.INGRESS_DOMAIN }}
-          HELM_GH_USER: ${{ secrets.HELM_GH_USER }}
-          HELM_GH_PASS: ${{ secrets.HELM_GH_PASS }}
-
-  deploy-release:
-    if: startsWith(github.ref_name,'release/')
-    runs-on: ubuntu-latest
-    needs:
-      - push-docker-image
-    permissions:
-      id-token: write
-      contents: read
-      pull-requests: read
-    steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
-      - uses: unfor19/install-aws-cli-action@457b7980b125044247e455d87b9a26fc2299b787
-        with:
-          version: 2
-      - name: Setup helmfile and helm
-        uses: mamezou-tech/setup-helmfile@55ae2a66c5af4883148b7a50cc6ddc9b61042184
-        with:
-          helm-diff-plugin-version: 'v3.1.3'
-          helmfile-version: 'v0.144.0'
-          helm-version: 'v3.11.0'
-          install-kubectl: no
-      - name: Install kubectl
-        uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8 #v3.2
-        with:
-          version: 'v1.25.6'
-      - name: Configure AWS credentials for deployment
-        uses: aws-actions/configure-aws-credentials@bab55d3830fe69833c9fecaa51fe2c829a7508f3
-        with:
-          role-to-assume: ${{ secrets.DEPLOY_RELEASES_IAM_ROLE }}
-          aws-region: eu-west-2
-      - name: Deploy application
-        working-directory: deploy/helm
-        run: |
-          aws eks update-kubeconfig --name ${{ secrets.CLUSTER_NAME }} \
-                                    --alias ${{ secrets.CLUSTER_NAME }} \
-                                    --region eu-west-2
-
-          BRANCH_NAME=${{ github.ref_name }}
-          NORMALIZED_BRANCH_NAME=${BRANCH_NAME/\//-}
-
-          cat <<DOC > subns-manifest.yaml
-          apiVersion: hnc.x-k8s.io/v1alpha2
-          kind: SubnamespaceAnchor
-          metadata:
-            name: radix-dapp-toolkit-$NORMALIZED_BRANCH_NAME
-            namespace: radix-dapp-toolkit-ci-releases
-          DOC
-
-          kubectl apply -f subns-manifest.yaml
-
-          helmfile --environment dev --namespace radix-dapp-toolkit-$NORMALIZED_BRANCH_NAME \
-                   --state-values-set "ci.tag=${{ env.CI_TAG }}" \
-                   --state-values-set "ci.ingressDomain=radix-dapp-toolkit-${NORMALIZED_BRANCH_NAME}.${{ env.INGRESS_DOMAIN }}" \
-                   apply
-        env:
-          CI_TAG: ${{ fromJSON(needs.push-docker-image.outputs.json).labels['org.opencontainers.image.version'] }}
-          INGRESS_DOMAIN: ${{ secrets.INGRESS_DOMAIN }}
-          HELM_GH_USER: ${{ secrets.HELM_GH_USER }}
-          HELM_GH_PASS: ${{ secrets.HELM_GH_PASS }}
-
-  deploy-stokenet:
-    if: ( github.event.inputs.ENVIRONMENT_NAME == 'Stokenet' && github.event_name == 'workflow_dispatch' )
-    runs-on: ubuntu-latest
-    environment: stokenet
-    needs:
-      - push-docker-image
-    permissions:
-      id-token: write
-      contents: read
-      pull-requests: read
-    steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
-      - uses: unfor19/install-aws-cli-action@457b7980b125044247e455d87b9a26fc2299b787
-        with:
-          version: 2
-      - name: Setup helmfile and helm
-        uses: mamezou-tech/setup-helmfile@55ae2a66c5af4883148b7a50cc6ddc9b61042184
-        with:
-          helm-diff-plugin-version: 'v3.1.3'
-          helmfile-version: 'v0.144.0'
-          helm-version: 'v3.11.0'
-          install-kubectl: no
-      - name: Install kubectl
-        uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8 #v3.2
-        with:
-          version: 'v1.25.6'
-      - name: Configure AWS credentials for deployment
-        uses: aws-actions/configure-aws-credentials@bab55d3830fe69833c9fecaa51fe2c829a7508f3
-        with:
-          role-to-assume: ${{ secrets.DEPLOY_STOKENET_IAM_ROLE }}
-          aws-region: eu-west-2
-      - name: Deploy application
-        working-directory: deploy/helm
-        run: |
-          aws eks update-kubeconfig --name ${{ secrets.STOKENET_CLUSTER_NAME }} \
-                                    --alias ${{ secrets.STOKENET_CLUSTER_NAME }} \
-                                    --region eu-west-2
-
-          helmfile --environment stokenet --namespace radix-dapp-toolkit-stokenet \
-                    --state-values-set "ci.tag=${{ env.CI_TAG }}" \
-                    --state-values-set "ci.ingressDomain=${{ env.INGRESS_DOMAIN }}" \
-                    apply
-        env:
-          CI_TAG: ${{ fromJSON(needs.push-docker-image.outputs.json).labels['org.opencontainers.image.version'] }}
-          INGRESS_DOMAIN: ${{ secrets.STOKENET_INGRESS_DOMAIN }}
-          HELM_GH_USER: ${{ secrets.HELM_GH_USER }}
-          HELM_GH_PASS: ${{ secrets.HELM_GH_PASS }}
-
-  deploy-mainnet:
-    if: github.event_name == 'release' && !github.event.release.prerelease || ( github.event.inputs.ENVIRONMENT_NAME == 'Mainnet' && github.event_name == 'workflow_dispatch' )
-    runs-on: ubuntu-latest
-    needs:
-      - push-docker-image
-    permissions:
-      id-token: write
-      contents: read
-      pull-requests: read
-    steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
-      - uses: unfor19/install-aws-cli-action@457b7980b125044247e455d87b9a26fc2299b787
-        with:
-          version: 2
-      - name: Setup helmfile and helm
-        uses: mamezou-tech/setup-helmfile@55ae2a66c5af4883148b7a50cc6ddc9b61042184
-        with:
-          helm-diff-plugin-version: 'v3.1.3'
-          helmfile-version: 'v0.144.0'
-          helm-version: 'v3.11.0'
-          install-kubectl: no
-      - name: Install kubectl
-        uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8 #v3.2
-        with:
-          version: 'v1.25.6'
-      - name: Configure AWS credentials for deployment
-        uses: aws-actions/configure-aws-credentials@bab55d3830fe69833c9fecaa51fe2c829a7508f3
-        with:
-          role-to-assume: ${{ secrets.DEPLOY_MAINNET_IAM_ROLE }}
-          aws-region: eu-west-2
-      - name: Deploy application
-        working-directory: deploy/helm
-        run: |
-          aws eks update-kubeconfig --name ${{ secrets.MAINNET_CLUSTER_NAME }} \
-                                    --alias ${{ secrets.MAINNET_CLUSTER_NAME }} \
-                                    --region eu-west-2
-
-          helmfile --environment mainnet --namespace radix-dapp-toolkit-mainnet \
-                    --state-values-set "ci.tag=${{ env.CI_TAG }}" \
-                    --state-values-set "ci.ingressDomain=${{ env.INGRESS_DOMAIN }}" \
-                    apply
-        env:
-          CI_TAG: ${{ fromJSON(needs.push-docker-image.outputs.json).labels['org.opencontainers.image.version'] }}
-          INGRESS_DOMAIN: ${{ secrets.MAINNET_INGRESS_DOMAIN }}
-          HELM_GH_USER: ${{ secrets.HELM_GH_USER }}
-          HELM_GH_PASS: ${{ secrets.HELM_GH_PASS }}
+        uses: crazy-max/ghaction-dump-context@v2