build(deps): update dependencies (#532) #465
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build images and deploy | |
| on: | |
| push: | |
| branches: [develop, gp4btc-stg, gp4btc-release] | |
| paths-ignore: | |
| - 'devops/**' | |
| workflow_dispatch: | |
| jobs: | |
| cancel-previous: | |
| name: 'Cancel Previous Runs' | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 3 | |
| steps: | |
| - uses: styfle/[email protected] | |
| with: | |
| access_token: ${{ github.token }} | |
| unique_id: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Generate unique id | |
| id: unique_id | |
| run: echo "::set-output name=id::$(uuidgen)" | |
| outputs: | |
| unique_id: ${{ steps.unique_id.outputs.id }} | |
| install-build-and-push: | |
| runs-on: ubuntu-latest | |
| needs: [cancel-previous, unique_id] | |
| steps: | |
| - name: Get GHA environment name | |
| id: env_vars | |
| run: | | |
| echo "Running on branch ${{ github.ref }}" | |
| if [ "${{ github.ref }}" = "refs/heads/develop" ]; then | |
| echo "::set-output name=aws_access_key_id::${{ secrets.DEV_AWS_ACCESS_KEY_ID }}" | |
| echo "::set-output name=aws_secret_key::${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}" | |
| echo "::set-output name=aws_region::${{ secrets.DEV_AWS_REGION }}" | |
| echo "::set-output name=aws_ecr_repository::${{ secrets.DEV_ECR_REPOSITORY }}" | |
| echo "::set-output name=argocd_url::${{ secrets.DEV_ARGOCD_URL }}" | |
| echo "::set-output name=argocd_username::${{ secrets.DEV_ARGOCD_USERNAME }}" | |
| echo "::set-output name=argocd_password::${{ secrets.DEV_ARGOCD_PASS }}" | |
| elif [ "${{ github.ref }}" = "refs/heads/gp4btc-stg" ]; then | |
| echo "::set-output name=aws_access_key_id::${{ secrets.STAGING_AWS_ACCESS_KEY_ID }}" | |
| echo "::set-output name=aws_secret_key::${{ secrets.STAGING_AWS_SECRET_ACCESS_KEY }}" | |
| echo "::set-output name=aws_region::${{ secrets.STAGING_AWS_REGION }}" | |
| echo "::set-output name=aws_ecr_repository::${{ secrets.STAGING_ECR_REPOSITORY }}" | |
| echo "::set-output name=argocd_url::${{ secrets.STAGING_ARGOCD_URL }}" | |
| echo "::set-output name=argocd_username::${{ secrets.STAGING_ARGOCD_USERNAME }}" | |
| echo "::set-output name=argocd_password::${{ secrets.STAGING_ARGOCD_PASS }}" | |
| elif [ "${{ github.ref }}" = "refs/heads/gp4btc-release" ]; then | |
| echo "::set-output name=aws_access_key_id::${{ secrets.PROD_AWS_ACCESS_KEY_ID }}" | |
| echo "::set-output name=aws_secret_key::${{ secrets.PROD_AWS_SECRET_ACCESS_KEY }}" | |
| echo "::set-output name=aws_region::${{ secrets.PROD_AWS_REGION }}" | |
| echo "::set-output name=aws_ecr_repository::${{ secrets.PROD_ECR_REPOSITORY }}" | |
| echo "::set-output name=argocd_url::${{ secrets.PROD_ARGOCD_URL }}" | |
| echo "::set-output name=argocd_username::${{ secrets.PROD_ARGOCD_USERNAME }}" | |
| echo "::set-output name=argocd_password::${{ secrets.PROD_ARGOCD_PASS }}" | |
| else | |
| echo "Branch ${{ github.ref }} is not configured for deployment" | |
| exit 1 | |
| fi | |
| - uses: actions/checkout@v3 | |
| - name: Setup app dependencies | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version-file: '.nvmrc' | |
| - uses: actions/cache@v3 | |
| id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`) | |
| with: | |
| path: | | |
| authorization-server/node_modules | |
| backend-server/node_modules | |
| generate-identity-cli/node_modules | |
| key: ${{ runner.os }}-node_modules-${{ hashFiles('**/yarn.lock') }} | |
| - name: Install dependencies | |
| run: yarn install | |
| - name: Check linting | |
| run: yarn lint | |
| - name: Build project | |
| run: yarn build | |
| - name: Test project | |
| env: | |
| LOG_LEVEL: 'error' | |
| SELF_BASE_URL: http://127.0.0.1:3000 | |
| RPC_URL: 'https://volta-rpc-vkn5r5zx4ke71f9hcu0c.energyweb.org/' | |
| CACHE_SERVER_URL: 'https://identitycache-dev.energyweb.org/v1' | |
| CACHE_SERVER_LOGIN_PRVKEY: 'eab5e5ccb983fad7bf7f5cb6b475a7aea95eff0c6523291b0c0ae38b5855459c' | |
| DID_REGISTRY_ADDRESS: '0xc15d5a57a8eb0e1dcbe5d88b8f9a82017e5cc4af' | |
| ENS_REGISTRY_ADDRESS: '0xd7CeF70Ba7efc2035256d828d5287e2D285CD1ac' | |
| ENS_RESOLVER_ADDRESS: '0xcf72f16Ab886776232bea2fcf3689761a0b74EfE' | |
| IPFS_PROTOCOL: https | |
| IPFS_HOST: ipfs.infura.io | |
| IPFS_PORT: 5001 | |
| IPFS_PROJECTID: ${{ secrets.IPFS_PROJECTID }} | |
| IPFS_PROJECTSECRET: ${{ secrets.IPFS_PROJECTSECRET }} | |
| REDIS_HOST: 'localhost' | |
| REDIS_PORT: 61379 | |
| JWT_SECRET: 'asecret' | |
| JWT_ACCESS_TTL: 60 | |
| JWT_REFRESH_TTL: 600 | |
| SIWE_NONCE_TTL: 120 | |
| FAIL_ON_REDIS_UNAVAILABLE: true | |
| AUTH_COOKIE_ENABLED: true | |
| IDENTITY_TOKEN: ${{ secrets.IDENTITY_TOKEN }} | |
| BLOCKNUM_AUTH_ENABLED: true | |
| ACCEPTED_ROLES: '' | |
| INCLUDE_ALL_ROLES: false | |
| run: yarn test | |
| - name: Get the tag version | |
| id: get_version | |
| run: echo ::set-output name=VERSION::${GITHUB_REF#refs/tags/} | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ steps.env_vars.outputs.aws_access_key_id }} | |
| aws-secret-access-key: ${{ steps.env_vars.outputs.aws_secret_key }} | |
| aws-region: ${{ steps.env_vars.outputs.aws_region }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Build & push docker images (AWS) | |
| env: | |
| BUILD_ID: ${{needs.unique_id.outputs.unique_id}} | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| run: | | |
| docker build --build-arg GIT_SHA=${{ github.sha }} -t $ECR_REGISTRY/${{ steps.env_vars.outputs.aws_ecr_repository }}:$BUILD_ID -f authorization-server/Dockerfile ./authorization-server | |
| docker push $ECR_REGISTRY/${{ steps.env_vars.outputs.aws_ecr_repository }}:$BUILD_ID | |
| docker tag $ECR_REGISTRY/${{ steps.env_vars.outputs.aws_ecr_repository }}:$BUILD_ID $ECR_REGISTRY/${{ steps.env_vars.outputs.aws_ecr_repository }}:latest | |
| docker push $ECR_REGISTRY/${{ steps.env_vars.outputs.aws_ecr_repository }}:latest | |
| - name: Logout of Amazon ECR | |
| if: always() | |
| run: docker logout ${{ steps.login-ecr.outputs.registry }} | |
| - name: ArgoCD login | |
| uses: clowdhaus/argo-cd-action/@v1.12.1 | |
| id: argocd_login | |
| with: | |
| command: login ${{ steps.env_vars.outputs.argocd_url }} | |
| options: --insecure --password ${{ steps.env_vars.outputs.argocd_password }} --username ${{ steps.env_vars.outputs.argocd_username }} | |
| - name: ArgoCD overvrite HELM values.yaml | |
| uses: clowdhaus/argo-cd-action/@v1.12.1 | |
| id: argocd_image_helm_tag_overwrite | |
| if: ${{ github.ref == 'refs/heads/develop' }} | |
| with: | |
| command: app set did-auth-proxy | |
| options: -p did-auth-proxy-helm.image.tag=${{needs.unique_id.outputs.unique_id}} | |
| - name: ArgoCD overvrite IAM-DID-AUTH-PROXY values.yaml | |
| uses: clowdhaus/argo-cd-action/@v1.12.1 | |
| id: argocd_image_helm_tag_overwrite_iam | |
| with: | |
| command: app set iam-did-auth-proxy | |
| options: -p did-auth-proxy-helm.image.tag=${{needs.unique_id.outputs.unique_id}} |