From e859dd07c310929364f04a57dc4f1b8ed94f498b Mon Sep 17 00:00:00 2001 From: Guillermo Perez Date: Tue, 11 Feb 2025 16:07:31 +0100 Subject: [PATCH] ci: Review GHA pipeline (#2620) * upgrade 3rd party action versions and configure dependabot * remove catalyst and cleanup unused functions deployments * Make sure prod deploy uses the right tag to pull artifacts * Adding more owners for bus factor purposes * Simplify and fix prod deploy to allow for rollbacks * notify slack of staging failed jobs * upgrade node to v20 (v18 deprecated in April) * disable e2e tests automatic triggers * Improve PR comment adding the functions URL --------- Co-authored-by: sophian --- .github/CODEOWNERS | 9 +- .github/actions/archive-release/action.yml | 4 +- .github/actions/build-function/action.yml | 4 +- .github/actions/deploy-gcs/action.yml | 4 +- .github/actions/deploy-gfunction/action.yml | 12 +- .github/actions/deploy-ipfs/action.yml | 2 +- .github/actions/prepare-deploy/action.yml | 11 +- .github/dependabot.yml | 13 ++ .github/workflows/catalyst-deploy.yml | 31 --- .github/workflows/centrifuge-app.yml | 18 +- .github/workflows/dev-n-ffprod-deploys.yml | 8 +- .github/workflows/e2e.yml | 35 ++-- .github/workflows/fabric.yml | 8 +- .github/workflows/faucet-api.yml | 6 +- .github/workflows/manual-deploys.yml | 17 -- .github/workflows/npm-publish.yml | 14 +- .github/workflows/onboarding-api.yml | 4 +- .github/workflows/pinning-api.yml | 4 +- .github/workflows/prepare-pr.yml | 16 +- .github/workflows/prod-deploy.yml | 200 ++++++++++---------- .github/workflows/staging-deploy.yml | 35 +++- centrifuge-js/package.json | 2 +- onboarding-api/package.json | 2 +- 23 files changed, 224 insertions(+), 235 deletions(-) create mode 100644 .github/dependabot.yml delete mode 100644 .github/workflows/catalyst-deploy.yml delete mode 100644 .github/workflows/manual-deploys.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 439cce096a..3739ce6209 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -4,4 +4,11 @@ .github/actions/ @gpmayorga .github/workflows/ @sophialittlejohn -.github/actions/ @sophialittlejohn \ No newline at end of file +.github/actions/ @sophialittlejohn + +# Workflows are less sensitive than actions +.github/workflows/ @kattylucy + +# Add Jeroen for both actions and workflows +.github/workflows/ @hieronx +.github/actions/ @hieronx \ No newline at end of file diff --git a/.github/actions/archive-release/action.yml b/.github/actions/archive-release/action.yml index ccfea2d2e7..87ba860f67 100644 --- a/.github/actions/archive-release/action.yml +++ b/.github/actions/archive-release/action.yml @@ -39,13 +39,13 @@ runs: # Alernative: archive in a gcloud bucket: # - name: Auth gcloud # id: gauth - # uses: google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d # @v1 + # uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 # with: # workload_identity_provider: '${{ secrets.GWIP }}' # service_account: '${{ secrets.GSA }}' # # Install gcloud, `setup-gcloud` automatically picks up authentication from `auth`. # - name: 'Set up Cloud SDK' - # uses: google-github-actions/setup-gcloud@62d4898025f6041e16b1068643bfc5a696863587 # @v1 + # uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.2 # - name: Archive ${{ inputs.name }} in gcloud bucket # run: | diff --git a/.github/actions/build-function/action.yml b/.github/actions/build-function/action.yml index 7f117eff4e..033ae126da 100644 --- a/.github/actions/build-function/action.yml +++ b/.github/actions/build-function/action.yml @@ -13,9 +13,9 @@ runs: using: composite steps: - name: Setup Node - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c #@v3.6.0 + uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a #@v4.2.0 with: - node-version: '16' + node-version: '20' cache: yarn - name: Install Dependencies diff --git a/.github/actions/deploy-gcs/action.yml b/.github/actions/deploy-gcs/action.yml index 56ba8598e4..59028a02eb 100644 --- a/.github/actions/deploy-gcs/action.yml +++ b/.github/actions/deploy-gcs/action.yml @@ -31,7 +31,7 @@ runs: - name: Auth gcloud id: gauth - uses: google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d # @v1 + uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 env: GSA: ${{ inputs.GSA }} GWIP: ${{ inputs.GWIP }} @@ -41,7 +41,7 @@ runs: # Install gcloud, `setup-gcloud` automatically picks up authentication from `auth`. - name: 'Set up Cloud SDK' - uses: google-github-actions/setup-gcloud@62d4898025f6041e16b1068643bfc5a696863587 # @v1 + uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2 - name: Create bucket shell: sh diff --git a/.github/actions/deploy-gfunction/action.yml b/.github/actions/deploy-gfunction/action.yml index 299bd1d33a..46aef891ff 100644 --- a/.github/actions/deploy-gfunction/action.yml +++ b/.github/actions/deploy-gfunction/action.yml @@ -38,7 +38,7 @@ inputs: description: 'RAM settings for function (without unit suffix)' # https://cloud.google.com/sdk/gcloud/reference/functions/deploy#--memory # https://github.com/google-github-actions/deploy-cloud-functions?tab=readme-ov-file#inputs - default: 256 + default: "256" required: false runs: @@ -48,7 +48,7 @@ runs: # needs to be used in isolation, it won't work # unless the repo is checked out somewhere first - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + uses: actions/checkout@v4 with: path: apps # The next 3 steps use this folder @@ -106,17 +106,17 @@ runs: ## or `run` commands that we write. - name: Auth gcloud id: gauth - uses: google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d # @v1 + uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 with: workload_identity_provider: ${{ inputs.GWIP }} service_account: ${{ inputs.GSA }} - name: Deploy to google functions id: gclouddeploy - uses: google-github-actions/deploy-cloud-functions@14509ca55199d9348161571e36c48e44f855030d #@v1 + uses: google-github-actions/deploy-cloud-functions@b418957976ca9302f13bf31bd06aa0256b8263e1 #@v2.1.0 with: name: '${{ steps.prepare.outputs.function_name }}' - runtime: 'nodejs18' + runtime: 'nodejs20' region: '${{ inputs.gcloud_region }}' source_dir: '${{ steps.download.outputs.download-path }}' entry_point: '${{ inputs.target }}' @@ -133,7 +133,7 @@ runs: run: echo "::notice title=Function_URL::${{ steps.gclouddeploy.outputs.url }}" - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@d51b5346f85640ec2aa2fa057354d2b82c2fcbce # v1.0.1 + uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2 - name: Change function to allow_unathorized calls shell: sh diff --git a/.github/actions/deploy-ipfs/action.yml b/.github/actions/deploy-ipfs/action.yml index 599ca22d2f..99c782019d 100644 --- a/.github/actions/deploy-ipfs/action.yml +++ b/.github/actions/deploy-ipfs/action.yml @@ -21,7 +21,7 @@ runs: steps: - name: Setup Node id: setup_node - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c #@v3.6.0 + uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a #@v4.2.0 with: node-version: '18' # cache: yarn diff --git a/.github/actions/prepare-deploy/action.yml b/.github/actions/prepare-deploy/action.yml index 5c619b5edd..1356080ffe 100644 --- a/.github/actions/prepare-deploy/action.yml +++ b/.github/actions/prepare-deploy/action.yml @@ -60,11 +60,6 @@ runs: echo "front_url=app.staging.centrifuge.io" >> $GITHUB_OUTPUT echo "env_name=production" >> $GITHUB_OUTPUT # env_name is production because it needs to use the prod variable files inside each app - elif ${{ inputs.deploy_to == 'catalyst' }}; then - # CATALYST - echo "function_name=${{ inputs.app_base_name }}-catalyst" >> $GITHUB_OUTPUT - echo "front_url=app-catalyst.k-f.dev" >> $GITHUB_OUTPUT - echo "env_name=catalyst" >> $GITHUB_OUTPUT elif ${{ inputs.deploy_to == 'demo' }}; then # DEMO echo "function_name=${{ inputs.app_base_name }}-demo" >> $GITHUB_OUTPUT @@ -74,19 +69,19 @@ runs: if ${{ github.event_name == 'pull_request' }}; then # FF-PRODUCTION-PR # A build from the DEV env that points to prod - echo "function_name=NEVER_USED" >> $GITHUB_OUTPUT + # echo "function_name=NEVER_USED" >> $GITHUB_OUTPUT echo "front_url=pr${{ github.event.number }}-app-ff-production.k-f.dev" >> $GITHUB_OUTPUT echo "env_name=ff-prod" >> $GITHUB_OUTPUT elif ${{ github.ref == 'refs/heads/main' }}; then # FF-PRODUCTION-MAIN # A build from the DEV env that points to prod - echo "function_name=NEVER_USED" >> $GITHUB_OUTPUT + # echo "function_name=NEVER_USED" >> $GITHUB_OUTPUT echo "front_url=app-ff-production.k-f.dev" >> $GITHUB_OUTPUT echo "env_name=ff-prod" >> $GITHUB_OUTPUT fi elif ${{ github.ref == 'refs/heads/main' }}; then # DEV - echo "function_name=NEVER_USED" >> $GITHUB_OUTPUT + # echo "function_name=NEVER_USED" >> $GITHUB_OUTPUT echo "front_url=app-dev.k-f.dev" >> $GITHUB_OUTPUT echo "env_name=development" >> $GITHUB_OUTPUT elif ${{ github.event_name == 'pull_request' }}; then diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000000..6380826208 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,13 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/.github/workflows" + schedule: + interval: "monthly" + open-pull-requests-limit: 2 + assignees: + - sophialittlejohn + - gpmayorga + commit-message: + prefix: "chore" + include: "scope" \ No newline at end of file diff --git a/.github/workflows/catalyst-deploy.yml b/.github/workflows/catalyst-deploy.yml deleted file mode 100644 index 3c6d323231..0000000000 --- a/.github/workflows/catalyst-deploy.yml +++ /dev/null @@ -1,31 +0,0 @@ -name: Deploy Catalyst -on: - push: - tags: - - "centrifuge-app/v*" -concurrency: - # Cancel any staging or prod deployment on-going - # in favor of this new pre-release - group: catalyst-deployment - cancel-in-progress: true - -jobs: - app-staging: - uses: ./.github/workflows/centrifuge-app.yml - secrets: inherit - with: - deploy_env: catalyst - - - pinning-staging: - uses: ./.github/workflows/pinning-api.yml - secrets: inherit - with: - deploy_env: catalyst - - - onboarding-staging: - uses: ./.github/workflows/onboarding-api.yml - secrets: inherit - with: - deploy_env: catalyst \ No newline at end of file diff --git a/.github/workflows/centrifuge-app.yml b/.github/workflows/centrifuge-app.yml index a356331d0d..586dd3df7f 100644 --- a/.github/workflows/centrifuge-app.yml +++ b/.github/workflows/centrifuge-app.yml @@ -26,7 +26,8 @@ jobs: working-directory: centrifuge-app steps: - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + uses: actions/checkout@v4 + - name: prepare env logic id: prepare uses: ./.github/actions/prepare-deploy @@ -35,9 +36,9 @@ jobs: deploy_to: ${{ inputs.deploy_env }} - name: Setup Node - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c #@v3.6.0 + uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: - node-version: '16' + node-version: '20' cache: yarn - name: set PR function values @@ -103,7 +104,7 @@ jobs: environment: ${{ needs.build-app.outputs.gh_env }} steps: - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + uses: actions/checkout@v4 with: path: apps @@ -129,17 +130,20 @@ jobs: steps: - name: PR comment with preview URL id: prcomment - uses: thollander/actions-comment-pull-request@v2 + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 env: pull_sha: ${{ github.event.pull_request.head.sha }} + PINNING_URL: https:\/\/${{ vars.GCLOUD_REGION }}-${{ vars.GCP_DEV_PROJ }}.cloudfunctions.net\/pinning-api-pr${{ github.event.number }} + ONBOARDING_URL: https:\/\/${{ vars.GCLOUD_REGION }}-${{ vars.GCP_DEV_PROJ }}.cloudfunctions.net\/onboarding-api-pr${{ github.event.number }} with: - comment_tag: pr_preview_url${{ inputs.deploy_env }} + comment-tag: pr_preview_url${{ inputs.deploy_env }} mode: upsert message: | PR deployed in Google Cloud URL: https://${{ needs.deploy-app.outputs.bucket_url }} + PINNING_URL: ${{ env.PINNING_URL }} + ONBOARDING_URL: ${{ env.ONBOARDING_URL }} Commit #: ${{ env.pull_sha }} - To access the functions directly check the corresponding deploy Action - name: Check notify outputs run: | echo "id : ${{ steps.prcomment.outputs.id }}" diff --git a/.github/workflows/dev-n-ffprod-deploys.yml b/.github/workflows/dev-n-ffprod-deploys.yml index 927fccd13a..908bb00348 100644 --- a/.github/workflows/dev-n-ffprod-deploys.yml +++ b/.github/workflows/dev-n-ffprod-deploys.yml @@ -5,17 +5,17 @@ on: pull_request: # paths: # - '.github/workflows/main-branch-deploys.yml' - +# For FF and dev environments deploy only webApp, no functions jobs: development: if: github.ref == 'refs/heads/main' name: deploy-development - uses: ./.github/workflows/deploy_all.yml + uses: ./.github/workflows/centrifuge-app.yml secrets: inherit with: - environment: development -# For FF-PROD deploy only webApp + deploy_env: development ff-prod: + name: deploy-ff-prod uses: ./.github/workflows/centrifuge-app.yml secrets: inherit with: diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 157544c15b..2b70569479 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -1,8 +1,9 @@ name: Synpress tests on: - schedule: - - cron: '0 12 * * *' + workflow_dispatch: + # schedule: + # - cron: '0 12 * * *' jobs: cypress-run: @@ -13,6 +14,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + - name: Install linux deps run: | sudo apt-get install --no-install-recommends -y \ @@ -25,22 +27,21 @@ jobs: fluxbox & env: DISPLAY: :0.0 - - uses: iamsauravsharma/create-dotenv@v2.0.1 - with: - # input-prefix: '' # Optional (default: '') - file-path: 'centrifuge-app/.env' # Optional (default : '.env') - # output-prefix: 'OUTPUT_' # Optional (default: '') - env: # env available for only this steps - CYPRESS_PRIVATE_KEY: ${{secrets.CYPRESS_PRIVATE_KEY}} - PRIVATE_KEY: ${{secrets.CYPRESS_PRIVATE_KEY}} - NETWORK_NAME: centrifuge - RPC_URL: https://fullnode-apps.demo.k-f.dev - CHAIN_ID: 2090 - SYMBOL: DEVEL - IS_TESTNET: true - DEBUG: true + - name: Create .env file + run: | + cat << EOF > centrifuge-app/.env + CYPRESS_PRIVATE_KEY=${{secrets.CYPRESS_PRIVATE_KEY}} + PRIVATE_KEY=${{secrets.CYPRESS_PRIVATE_KEY}} + NETWORK_NAME=centrifuge + RPC_URL=https://fullnode-apps.demo.k-f.dev + CHAIN_ID=2090 + SYMBOL=DEVEL + IS_TESTNET=true + DEBUG=true + EOF + - name: Synpress run - uses: cypress-io/github-action@v6 + uses: cypress-io/github-action@7271bed2a170d73c0b08939cd192db51a1c46c50 # v6.7.10 with: working-directory: centrifuge-app install-command: yarn diff --git a/.github/workflows/fabric.yml b/.github/workflows/fabric.yml index 62875576f3..9e001499be 100644 --- a/.github/workflows/fabric.yml +++ b/.github/workflows/fabric.yml @@ -22,12 +22,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + uses: actions/checkout@v4 - name: Setup Node - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c #@v3.6.0 + uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a #@v4.2.0 with: - node-version: '16' + node-version: '20' cache: yarn - run: yarn install --immutable @@ -53,7 +53,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + uses: actions/checkout@v4 with: path: apps diff --git a/.github/workflows/faucet-api.yml b/.github/workflows/faucet-api.yml index 6eebd5c204..7f37cb79ba 100644 --- a/.github/workflows/faucet-api.yml +++ b/.github/workflows/faucet-api.yml @@ -26,14 +26,14 @@ jobs: working-directory: faucet-api steps: - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + uses: actions/checkout@v4 - name: prepare env logic id: prepare uses: ./.github/actions/prepare-deploy with: app_base_name: ${{ env.app_name }} - deploy_to: ${{ env.deploy_to }} + deploy_to: ${{ inputs.deploy_env }} - name: build function uses: ./.github/actions/build-function @@ -59,7 +59,7 @@ jobs: id-token: 'write' steps: - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + uses: actions/checkout@v4 with: path: apps diff --git a/.github/workflows/manual-deploys.yml b/.github/workflows/manual-deploys.yml deleted file mode 100644 index c7985a3b7d..0000000000 --- a/.github/workflows/manual-deploys.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: Deploy to Catalyst and demo -on: - workflow_dispatch: - inputs: - environment: - type: choice - description: where to deploy - options: - - demo - - catalyst -jobs: - deploy: - name: deploy-${{ inputs.environment }} - uses: ./.github/workflows/deploy_all.yml - secrets: inherit - with: - environment: ${{ inputs.environment }} \ No newline at end of file diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml index 55aa475110..7282decdb5 100644 --- a/.github/workflows/npm-publish.yml +++ b/.github/workflows/npm-publish.yml @@ -10,7 +10,7 @@ on: - centrifuge-js - centrifuge-react concurrency: - group: '${{ github.workflow }}-${{ inputs.app_name || github.event.inputs.app_name }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}' + group: '${{ github.workflow }}-${{ inputs.app_name || github.event.inputs.app_name }} @ ${{ github.head_ref || github.ref }}' cancel-in-progress: true jobs: publish-npm: @@ -22,12 +22,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + uses: actions/checkout@v4 - name: Setup Node - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c #@v3.6.0 + uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a #@v4.2.0 with: - node-version: '16' + node-version: '20' cache: yarn registry-url: 'https://registry.npmjs.org' @@ -43,15 +43,15 @@ jobs: - name: Publish id: publish - uses: JS-DevTools/npm-publish@v3.1.1 + uses: JS-DevTools/npm-publish@19c28f1ef146469e409470805ea4279d47c3d35c # v3.1.1 with: token: ${{secrets.NPM_TOKEN}} package: './${{ inputs.app_name }}/package.json' - - uses: actions-ecosystem/action-push-tag@v1 + - uses: actions-ecosystem/action-push-tag@6e82caefe706f5a729e354df7443dc82f98a414f # v1.0.0 if: steps.publish.outputs.type with: - tag: ${{ inputs.appname }}/v${{ steps.publish.outputs.version }} + tag: ${{ inputs.app_name }}/v${{ steps.publish.outputs.version }} message: auto-created from GHActions after publishing npm package - if: steps.publish.outputs.type diff --git a/.github/workflows/onboarding-api.yml b/.github/workflows/onboarding-api.yml index ef7214b08d..44b132869f 100644 --- a/.github/workflows/onboarding-api.yml +++ b/.github/workflows/onboarding-api.yml @@ -30,7 +30,7 @@ jobs: working-directory: onboarding-api steps: - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + uses: actions/checkout@v4 - name: prepare env logic id: prepare @@ -71,7 +71,7 @@ jobs: id-token: 'write' steps: - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + uses: actions/checkout@v4 with: path: apps diff --git a/.github/workflows/pinning-api.yml b/.github/workflows/pinning-api.yml index 5ade412031..3185079001 100644 --- a/.github/workflows/pinning-api.yml +++ b/.github/workflows/pinning-api.yml @@ -30,7 +30,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + uses: actions/checkout@v4 - name: prepare env logic id: prepare @@ -70,7 +70,7 @@ jobs: id-token: 'write' steps: - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + uses: actions/checkout@v4 with: path: apps diff --git a/.github/workflows/prepare-pr.yml b/.github/workflows/prepare-pr.yml index 5d5d2cfe4e..84743ae5fe 100644 --- a/.github/workflows/prepare-pr.yml +++ b/.github/workflows/prepare-pr.yml @@ -24,13 +24,13 @@ jobs: steps: - name: Auth gcloud id: gauth - uses: google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d # @v1 + uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 with: workload_identity_provider: '${{ secrets.GWIP }}' service_account: '${{ secrets.GSA }}' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@d51b5346f85640ec2aa2fa057354d2b82c2fcbce # v1.0.1 + uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2 - name: Give time to avoid racing conditions uses: whatnick/wait-action@71008d68ab3939de1475f4938583e4480b5d09a6 @@ -72,13 +72,13 @@ jobs: steps: - name: Auth gcloud id: gauth - uses: google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d # @v1 + uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 with: workload_identity_provider: '${{ secrets.GWIP }}' service_account: '${{ secrets.GSA }}' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@d51b5346f85640ec2aa2fa057354d2b82c2fcbce # v1.0.1 + uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2 - name: Give time for other jobs to finish uses: whatnick/wait-action@71008d68ab3939de1475f4938583e4480b5d09a6 @@ -118,13 +118,13 @@ jobs: steps: - name: Auth gcloud id: gauth - uses: google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d # @v1 + uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 with: workload_identity_provider: '${{ secrets.GWIP }}' service_account: '${{ secrets.GSA }}' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@d51b5346f85640ec2aa2fa057354d2b82c2fcbce # v1.0.1 + uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2 - name: Give time for other jobs to finish uses: whatnick/wait-action@71008d68ab3939de1475f4938583e4480b5d09a6 @@ -161,13 +161,13 @@ jobs: steps: - name: Auth gcloud id: gauth - uses: google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d # @v1 + uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 with: workload_identity_provider: '${{ secrets.GWIP }}' service_account: '${{ secrets.GSA }}' - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@d51b5346f85640ec2aa2fa057354d2b82c2fcbce # v1.0.1 + uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2 - name: Delete functions shell: bash diff --git a/.github/workflows/prod-deploy.yml b/.github/workflows/prod-deploy.yml index db0b77b0c0..65464b350d 100644 --- a/.github/workflows/prod-deploy.yml +++ b/.github/workflows/prod-deploy.yml @@ -4,159 +4,151 @@ on: types: - released workflow_dispatch: + inputs: + tag: + description: 'The release tag to promote (e.g. v1.2.3) do not append centrifuge-app to the tag' + required: true + type: string concurrency: group: production-deployment - cancel-in-progress: false # Wait for staging-deploy to finish + cancel-in-progress: false jobs: - sync-staging-prod: + deploy-app: + name: app-prod-deploy permissions: contents: 'read' id-token: 'write' runs-on: ubuntu-latest environment: production steps: - - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - with: - path: apps - - - name: prepare env logic - id: prepare - uses: ./apps/.github/actions/prepare-deploy + - uses: dsaltares/fetch-gh-release-asset@aa2ab1243d6e0d5b405b973c89fa4d06a2d0fff7 # v1.1.2 with: - app_base_name: app - deploy_to: 'production' + repo: 'centrifuge/apps' + version: ${{ github.event_name == 'release' && github.event.release.id || format('tags/centrifuge-app/{0}', inputs.tag) }} + file: "webpack.zip" + regex: true - - name: Auth gcloud - id: gauth - uses: google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d # @v1 + - name: Unzip release files + run: | + unzip webpack.zip -d webpack 1> /dev/null + # Unzipped folder structure is webpack/centrifuge-app/build/inde.js + + - name: Upload webpack files + uses: actions/upload-artifact@v4 with: - workload_identity_provider: '${{ secrets.GWIP }}' - service_account: '${{ secrets.GSA }}' - - - name: 'Set up Cloud SDK' - uses: google-github-actions/setup-gcloud@62d4898025f6041e16b1068643bfc5a696863587 # @v1 - - - name: Sync webpack from staging - run: gsutil -m rsync -d -r gs://app.staging.centrifuge.io gs://${{ steps.prepare.outputs.front_url }} - - retrieve-prod-assets: - runs-on: ubuntu-latest - steps: - - name: Download artifact - id: download-artifact - uses: dawidd6/action-download-artifact@v2 - with: - workflow: staging-deploy.yml - workflow_conclusion: '' # This will fail if the staging deployment isn't finished yet - # check_artifacts: true # This will search for the last available artifact, useful for testing - - # Alternative: download from the release instead of - # workflow artifacts - # - uses: dsaltares/fetch-gh-release-asset@master - # with: - # repo: 'centrifuge/apps' - # version: 'tags/${{ github.ref_name }}' - # file: ".*-api\\.zip" - # # target: "./releases/" - # regex: true - # # target: 'subdir/${{ matrix.artifact_name }}.zip' - # # token: ${{ secrets.GITHUB_TOKEN }} - # - name: Unzip release files - # run: | - # unzip pinning-api.zip -d pinning-api 1> /dev/null - # unzip onboarding-api.zip -d onboarding-api 1> /dev/null + name: webpack + path: webpack/centrifuge-app/build/ - # Debug artifacts: - # - name: list artifact files - # run: | - # ls -la ./ - # ls -la pinning-api/ - # ls -la onboarding-api/ - # echo "Workspace PATH: ${{ github.workspace }}" - # ls -la $GITHUB_WORKSPACE - - - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 #@4.6.0 - with: - name: onboarding-api - path: ${{ github.workspace }}/onboarding-api-staging/ - if-no-files-found: error - - - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 #@4.6.0 - with: - name: pinning-api - path: ${{ github.workspace }}/pinning-api-staging/ - if-no-files-found: error - - pinning-prod-deploy: - needs: retrieve-prod-assets - runs-on: ubuntu-latest - environment: production - permissions: - contents: 'read' - id-token: 'write' - env: - app_name: pinning-api - function_handler: pinningApi - steps: - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + uses: actions/checkout@v4 with: path: apps + sparse-checkout: | + .github/actions/deploy-gcs - - name: Deploy Gfunction - id: functionsdeploy - uses: ./apps/.github/actions/deploy-gfunction + - name: Deploy to GCS + uses: ./apps/.github/actions/deploy-gcs with: - app_name: ${{ env.app_name }} GWIP: ${{ secrets.GWIP }} GSA: ${{ secrets.GSA }} - target: ${{ env.function_handler }} - gcloud_region: ${{ vars.GCLOUD_REGION }} - service_account: '${{ vars.PINNING_API_FUNCT_SA }}' - deploy_env: production + bucket_url: 'app.centrifuge.io' + artifact_name: webpack - onboarding-prod-deploy: - needs: retrieve-prod-assets + + deploy-functions: + name: ${{ matrix.function.name }}-prod-deploy runs-on: ubuntu-latest environment: production permissions: contents: 'read' id-token: 'write' - env: - app_name: onboarding-api - function_handler: onboarding + strategy: + fail-fast: false + matrix: + function: + - name: pinning-api + handler: pinningApi + service_account: ${{ vars.PINNING_API_FUNCT_SA }} + - name: onboarding-api + handler: onboarding + service_account: ${{ vars.ONBOARDING_FUNCT_SA }} steps: + + - uses: dsaltares/fetch-gh-release-asset@aa2ab1243d6e0d5b405b973c89fa4d06a2d0fff7 # v1.1.2 + with: + repo: 'centrifuge/apps' + version: ${{ github.event_name == 'release' && github.event.release.id || format('tags/centrifuge-app/{0}', inputs.tag) }} + file: "${{ matrix.function.name }}.zip" + regex: true + + - name: Unzip release files + run: | + unzip ${{ matrix.function.name }}.zip 1> /dev/null + # Unzipped folder structure is ${{ matrix.function.name }}/dist/index.js + + - name: Upload function files + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.function.name }} + path: ${{ matrix.function.name }}/dist/ + - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + uses: actions/checkout@v4 with: path: apps + sparse-checkout: | + .github/actions/deploy-gfunction - name: Deploy Gfunction id: functionsdeploy uses: ./apps/.github/actions/deploy-gfunction with: - app_name: ${{ env.app_name }} + app_name: "${{ matrix.function.name }}-production" + artifact_name: ${{ matrix.function.name }} GWIP: ${{ secrets.GWIP }} GSA: ${{ secrets.GSA }} - target: ${{ env.function_handler }} - service_account: '${{ vars.ONBOARDING_FUNCT_SA }}' + target: ${{ matrix.function.handler }} gcloud_region: ${{ vars.GCLOUD_REGION }} + service_account: '${{ matrix.function.service_account }}' deploy_env: production - prod-slack-notify: - needs: [sync-staging-prod, onboarding-prod-deploy, pinning-prod-deploy] + slack-notify-success: + needs: [deploy-app, deploy-functions] + if: success() runs-on: ubuntu-latest steps: - - name: Notify prod deploy - uses: rtCamp/action-slack-notify@12e36fc18b0689399306c2e0b3e0f2978b7f1ee7 + - name: Notify prod deploy success + uses: rtCamp/action-slack-notify@c33737706dea87cd7784c687dadc9adf1be59990 # v2.3.2 env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} SLACK_MESSAGE: | + ✅ Production deployment successful! app.staging.centrifuge.io has been promoted to app.centrifuge.io and is now LIVE! Check out the new release -> https://github.com/centrifuge/apps/releases/ SLACK_USERNAME: 'Centrifuge GHA Bot' SLACK_ICON: 'https://centrifuge.io/favicon.ico' SLACK_TITLE: 'Centrifuge app has been promoted to prod.' SLACK_FOOTER: 'Automatic message from centrifuge/apps repository Actions' + MSG_MINIMAL: true + SLACK_COLOR: 'good' + + slack-notify-failure: + needs: [deploy-app, deploy-functions] + if: failure() + runs-on: ubuntu-latest + steps: + - name: Notify prod deploy failure + uses: rtCamp/action-slack-notify@c33737706dea87cd7784c687dadc9adf1be59990 # v2.3.2 + env: + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + SLACK_MESSAGE: | + ❌ Production deployment failed! + One or more jobs failed during the promotion to production. + Please check the workflow run for details -> ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + SLACK_USERNAME: 'Centrifuge GHA Bot' + SLACK_ICON: 'https://centrifuge.io/favicon.ico' + SLACK_TITLE: '⚠️ Production Deployment Failed' + SLACK_FOOTER: 'Automatic message from centrifuge/apps repository Actions' + MSG_MINIMAL: true + SLACK_COLOR: 'danger' diff --git a/.github/workflows/staging-deploy.yml b/.github/workflows/staging-deploy.yml index 4a5dfe233f..9a6a5990b9 100644 --- a/.github/workflows/staging-deploy.yml +++ b/.github/workflows/staging-deploy.yml @@ -7,7 +7,7 @@ concurrency: # Cancel any staging or prod deployment on-going # in favor of this new pre-release group: production-deployment - cancel-in-progress: true + cancel-in-progress: false jobs: app-staging: @@ -42,19 +42,44 @@ jobs: with: deploy_env: ${{ matrix.deploy_to }} - staging-slack-notify: - needs: app-staging + staging-slack-notify-success: + needs: [app-staging, onboarding-staging, pinning-staging] + if: success() runs-on: ubuntu-latest steps: - - name: Notify staging deploy + - name: Notify staging deploy success uses: rtCamp/action-slack-notify@12e36fc18b0689399306c2e0b3e0f2978b7f1ee7 env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} SLACK_MESSAGE: | + ✅ Staging deployment successful! app.altair.centrifuge.io and app.staging.centrifuge.io updated by GH actions job Check out the new pre-release -> https://github.com/centrifuge/apps/releases/ SLACK_USERNAME: "Centrifuge GHA Bot" SLACK_ICON: "https://centrifuge.io/favicon.ico" SLACK_TITLE: "Centrifuge app has been deployed in staging and Altair." - SLACK_FOOTER: "Automatic message from centrifuge/apps repository Actions" + SLACK_FOOTER: "Automatic message from centrifuge/apps repository Actions" + MSG_MINIMAL: true + SLACK_COLOR: 'good' + + staging-slack-notify-failure: + needs: [app-staging, onboarding-staging, pinning-staging] + if: failure() + runs-on: ubuntu-latest + steps: + - name: Notify staging deploy failure + uses: rtCamp/action-slack-notify@12e36fc18b0689399306c2e0b3e0f2978b7f1ee7 + env: + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + SLACK_MESSAGE: | + ❌ Staging deployment failed! + One or more jobs failed during the deployment to staging. + Prod deployments will not work until the staging deployment is successful. + Please check the workflow run for details -> ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + SLACK_USERNAME: "Centrifuge GHA Bot" + SLACK_ICON: "https://centrifuge.io/favicon.ico" + SLACK_TITLE: "⚠️ Staging Deployment Failed" + SLACK_FOOTER: "Automatic message from centrifuge/apps repository Actions" + MSG_MINIMAL: true + SLACK_COLOR: 'danger' diff --git a/centrifuge-js/package.json b/centrifuge-js/package.json index fc25bd3acd..ba7a82cd6e 100644 --- a/centrifuge-js/package.json +++ b/centrifuge-js/package.json @@ -12,7 +12,7 @@ "dist" ], "engines": { - "node": ">=14" + "node": ">=20" }, "scripts": { "start": "run-p -l start:esbuild start:types", diff --git a/onboarding-api/package.json b/onboarding-api/package.json index 27b93bf033..02b04f78f4 100644 --- a/onboarding-api/package.json +++ b/onboarding-api/package.json @@ -12,7 +12,7 @@ "deploy:dev": "gcloud functions deploy onboarding-api-dev --region=europe-central2 --source=dist --project=peak-vista-185616 --trigger-http --runtime=nodejs16 --service-account=functions-firestore@peak-vista-185616.iam.gserviceaccount.com --allow-unauthenticated --entry-point=onboarding --env-vars-file .env.yaml" }, "engines": { - "node": "16" + "node": ">=20" }, "dependencies": { "@centrifuge/centrifuge-js": "workspace:centrifuge-js",