Skip to content

chore(deps): bump docker/setup-buildx-action from 2.9.1 to 2.10.0 (#911) #423

chore(deps): bump docker/setup-buildx-action from 2.9.1 to 2.10.0 (#911)

chore(deps): bump docker/setup-buildx-action from 2.9.1 to 2.10.0 (#911) #423

Workflow file for this run

name: CI/CD
on:
pull_request:
branches:
- main
push:
branches:
- main
permissions:
contents: read
concurrency:
group: ci-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
test:
if: ${{ github.event_name == 'pull_request' }}
strategy:
fail-fast: false
matrix:
command:
- 'build'
- 'lint:check'
- 'format:check'
- 'test:unit'
- 'test:integration'
- 'test:acceptance'
runs-on: ubuntu-20.04
name: Test on Node.js 16 ( ${{ matrix.command }} )
steps:
- name: Checkout Repository
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
with:
fetch-depth: 0
- name: Set Up Node.js
uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d
with:
node-version: 16
cache: yarn
- name: Install Dependencies
run: yarn install --frozen-lockfile
- name: Run ${{ matrix.command }}
run: yarn ${{ matrix.command }}
build:
if: ${{ github.event_name == 'push' && github.ref_type == 'branch' }}
runs-on: ubuntu-20.04
name: Build
steps:
- name: Checkout Repository
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
with:
fetch-depth: 0
- name: Set Up QEMU
uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7
- name: Set Up Docker Buildx
id: set-up-buildx
uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55
with:
install: true
- name: Cache Docker Layers
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Build Docker
uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825
with:
builder: ${{ steps.set-up-buildx.outputs.name }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
context: .
file: .maintain/docker/Dockerfile
tags: ${{ github.repository }}:${{ github.sha }}
outputs: type=docker,dest=/tmp/docker_image.tar
- name: Move Cache Docker Layers
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Upload Build to Artifact
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
with:
name: build_${{ github.sha }}
path: |
/tmp/docker_image.tar
retention-days: 5
release-please:
needs:
- build
runs-on: ubuntu-20.04
name: Release Please
steps:
- name: Checkout Repository
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
with:
fetch-depth: 0
- name: Release
id: release
uses: google-github-actions/release-please-action@ca6063f4ed81b55db15b8c42d1b6f7925866342d
with:
token: ${{ secrets.PAT }}
fork: true
release-type: node
package-name: ${{ github.event.repository.name }}
include-v-in-tag: false
outputs:
release_created: ${{ steps.release.outputs.release_created }}
tag_name: ${{ steps.release.outputs.tag_name }}
publish-docker:
needs:
- release-please
runs-on: ubuntu-20.04
name: Publish Docker
steps:
- name: Login to DockerHub
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Download Build from Artifact
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
with:
name: build_${{ github.sha }}
path: /tmp
- name: Load Downloaded Image
run: |
docker load --input /tmp/docker_image.tar
docker images --no-trunc --digests ${{ github.repository }}
- name: Tag as Release Version
if: ${{ needs.release-please.outputs.release_created }}
run: |
docker tag ${{ github.repository }}:${{ github.sha }} ${{ github.repository }}:${{ needs.release-please.outputs.tag_name }}
docker tag ${{ github.repository }}:${{ github.sha }} ${{ github.repository }}:latest
docker images --no-trunc --digests ${{ github.repository }}
- name: Push
run: docker image push -a ${{ github.repository }}
deploy:
needs:
- release-please
- publish-docker
permissions:
contents: read
id-token: write
strategy:
max-parallel: 1
matrix:
is_release:
- ${{ needs.release-please.outputs.release_created || false }}
environment:
- TESTNET
- MAINNET
exclude:
- is_release: false
environment: MAINNET
environment: ${{ matrix.environment }}
runs-on: ubuntu-20.04
name: Deploy to ${{ matrix.environment }}
steps:
- name: Checkout Repository
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
with:
fetch-depth: 0
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033
with:
workload_identity_provider: ${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_WORKLOAD_IDENTITY_PROVIDER')] }}
service_account: ${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_WORKLOAD_IDENTITY_SERVICE_ACCOUNT')] }}
- name: Set Up Google Cloud SDK
uses: google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b
- name: Get GKE Credentials
uses: google-github-actions/get-gke-credentials@35ab0d2b2d48792c19f09325413bd185c8d44394
with:
cluster_name: ${{ secrets[format('{0}_{1}', matrix.environment, 'GKE_CLUSTER_NAME')] }}
location: ${{ secrets[format('{0}_{1}', matrix.environment, 'GKE_LOCATION')] }}
use_internal_ip: true
- name: Get Secrets from Google Secret Manager
id: secrets
uses: google-github-actions/get-secretmanager-secrets@4d6d3dfd94110800dda8d84109cb6da0f6a5919d
with:
secrets: |-
ADMIN_SUBSTRATE_MNEMONIC:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/ADMIN_SUBSTRATE_MNEMONIC
ADMIN_NEAR_MNEMONIC:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/ADMIN_NEAR_MNEMONIC
JWT_TOKEN_SECRET_KEY:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/JWT_TOKEN_SECRET_KEY
JWT_TOKEN_EXPIRES_IN:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/JWT_TOKEN_EXPIRES_IN
JWT_REFRESH_TOKEN_SECRET_KEY:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/JWT_REFRESH_TOKEN_SECRET_KEY
JWT_REFRESH_TOKEN_EXPIRES_IN:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/JWT_REFRESH_TOKEN_EXPIRES_IN
MONGO_PROTOCOL:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/MONGO_PROTOCOL
MONGO_HOST:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/MONGO_HOST
MONGO_PORT:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/MONGO_PORT
MONGO_USER_API:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/MONGO_USER_API
MONGO_PASSWORD_API:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/MONGO_PASSWORD_API
MONGO_DB:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/MONGO_DB
MONGO_URL:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/MONGO_URL
REDIS_CONNECTOR:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/REDIS_CONNECTOR
REDIS_HOST:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/REDIS_HOST
REDIS_PORT:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/REDIS_PORT
REDIS_PASSWORD:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/REDIS_PASSWORD
SMTP_SERVER:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/SMTP_SERVER
SMTP_PORT:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/SMTP_PORT
SMTP_USERNAME:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/SMTP_USERNAME
SMTP_PASSWORD:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/SMTP_PASSWORD
SMTP_SENDER_ADDRESS:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/SMTP_SENDER_ADDRESS
FIREBASE_SERVICE_ACCOUNT_BASE64:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/FIREBASE_SERVICE_ACCOUNT_BASE64
FIREBASE_STORAGE_BUCKET:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/FIREBASE_STORAGE_BUCKET
API_SENTRY_DSN:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/API_SENTRY_DSN
TWITTER_API_KEY:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/TWITTER_API_KEY
COIN_MARKET_CAP_API_KEY:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/COIN_MARKET_CAP_API_KEY
API_DNS:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/API_DNS
- name: Tunneling SSH connections
run: |
gcloud compute ssh ${{ secrets[format('{0}_{1}', matrix.environment, 'GCE_BASTION_INSTANCE_NAME')] }} \
--project=${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }} \
--zone ${{ secrets[format('{0}_{1}', matrix.environment, 'GCE_BASTION_INSTANCE_ZONE')] }} \
--ssh-flag '-4 -L 8888:127.0.0.1:8888 -N -q -f' \
--tunnel-through-iap \
--quiet
- name: Set Up Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78
with:
version: v3.10.0
- name: Perform Deployment
run: |
helm repo add myriadsocial https://charts.myriad.social
helm repo update
HTTPS_PROXY=127.0.0.1:8888 helm upgrade ${{ github.event.repository.name }} myriadsocial/myriad-api \
--install \
--set-string image.tag=${{ needs.release-please.outputs.tag_name || github.sha }} \
--set-string serviceAccount.name=${{ github.event.repository.name }} \
--set-string serviceAccount.annotations.'iam\.gke\.io/gcp-service-account'=${{ github.event.repository.name }}@${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}.iam.gserviceaccount.com \
--set-string config.domain=${{ steps.secrets.outputs.API_DNS }} \
--set-string config.adminSubstrateMnemonic="${{ steps.secrets.outputs.ADMIN_SUBSTRATE_MNEMONIC }}" \
--set-string config.adminNearMnemonic="${{ steps.secrets.outputs.ADMIN_NEAR_MNEMONIC }}" \
--set-string config.jwt.tokenSecretKey=${{ steps.secrets.outputs.JWT_TOKEN_SECRET_KEY }} \
--set config.jwt.tokenExpireIn=${{ steps.secrets.outputs.JWT_TOKEN_EXPIRES_IN }} \
--set-string config.jwt.refreshTokenSecretKey=${{ steps.secrets.outputs.JWT_REFRESH_TOKEN_SECRET_KEY }} \
--set config.jwt.refreshTokenExpireIn=${{ steps.secrets.outputs.JWT_REFRESH_TOKEN_EXPIRES_IN }} \
--set-string config.mongo.protocol=${{ steps.secrets.outputs.MONGO_PROTOCOL }} \
--set-string config.mongo.host=${{ steps.secrets.outputs.MONGO_HOST }} \
--set config.mongo.port=${{ steps.secrets.outputs.MONGO_PORT }} \
--set-string config.mongo.user=${{ steps.secrets.outputs.MONGO_USER_API }} \
--set-string config.mongo.password=${{ steps.secrets.outputs.MONGO_PASSWORD_API }} \
--set-string config.mongo.database=${{ steps.secrets.outputs.MONGO_DB }} \
--set-string config.mongo.url="${{ steps.secrets.outputs.MONGO_URL }}" \
--set-string config.redis.connector=${{ steps.secrets.outputs.REDIS_CONNECTOR }} \
--set-string config.redis.host=${{ steps.secrets.outputs.REDIS_HOST }} \
--set-string config.redis.port=${{ steps.secrets.outputs.REDIS_PORT }} \
--set-string config.redis.password=${{ steps.secrets.outputs.REDIS_PASSWORD }} \
--set-string config.smtp.server=${{ steps.secrets.outputs.SMTP_SERVER }} \
--set config.smtp.port=${{ steps.secrets.outputs.SMTP_PORT }} \
--set-string config.smtp.username=${{ steps.secrets.outputs.SMTP_USERNAME }} \
--set-string config.smtp.password=${{ steps.secrets.outputs.SMTP_PASSWORD }} \
--set-string config.smtp.senderAddress=${{ steps.secrets.outputs.SMTP_SENDER_ADDRESS }} \
--set-string config.firebase.serviceAccountBase64=${{ steps.secrets.outputs.FIREBASE_SERVICE_ACCOUNT_BASE64 }} \
--set-string config.firebase.storageBucket=${{ steps.secrets.outputs.FIREBASE_STORAGE_BUCKET }} \
--set-string config.sentry.dsn=${{ steps.secrets.outputs.API_SENTRY_DSN }} \
--set-string config.twitter.apiKey=${{ steps.secrets.outputs.TWITTER_API_KEY }} \
--set-string config.coinMarketCap.apiKey=${{ steps.secrets.outputs.COIN_MARKET_CAP_API_KEY }} \
--set ingress.enabled=true \
--set-string ingress.className=nginx \
--set-string ingress.annotations."cert-manager\.io/cluster-issuer"=letsencrypt \
--set-string ingress.annotations."nginx\.ingress\.kubernetes\.io/proxy-body-size"="100m" \
--set-string ingress.annotations."nginx\.org/client-max-body-size"="100m" \
--set-string ingress.hosts[0].host=${{ steps.secrets.outputs.API_DNS }} \
--set-string ingress.hosts[0].paths[0].path=/ \
--set-string ingress.hosts[0].paths[0].pathType=ImplementationSpecific \
--set-string ingress.tls[0].secretName=${{ steps.secrets.outputs.API_DNS }}-letsencrypt-tls \
--set-string ingress.tls[0].hosts[0]=${{ steps.secrets.outputs.API_DNS }} \
--set-string resources.requests.cpu=300m \
--set-string resources.requests.memory=512Mi \
--set-string resources.limits.cpu=500m \
--set-string resources.limits.memory=1024Mi \
--set replicaCount=1 \
--set autoscaling.enabled=true \
--set autoscaling.minReplicas=1 \
--set autoscaling.maxReplicas=1 \
--set-string nodeSelector.pool=general \
--set-string nodeSelector.'iam\.gke\.io/gke-metadata-server-enabled'='true'
HTTPS_PROXY=127.0.0.1:8888 kubectl rollout status deployment/${{ github.event.repository.name }}
- name: Clean Up Tunneling SSH Connections
if: always()
run: |
kill -9 $(lsof -ti:8888)
gcloud compute os-login ssh-keys remove --key-file=/home/runner/.ssh/google_compute_engine.pub