Manual Deployment #13
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Manual Deployment | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| network_name: | |
| description: "Network to deploy (e.g., devnet-cobblet, testnet)" | |
| required: true | |
| type: string | |
| deploy_tag: | |
| description: "Ansible tag to run (e.g., full_deploy, platform_update)" | |
| required: true | |
| type: string | |
| jobs: | |
| deploy: | |
| name: Deploy Dash Network | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Fail if unauthorized user | |
| if: ${{ github.actor != 'vivekgsharma' && github.actor != 'ktechmidas' }} | |
| run: | | |
| echo "Unauthorized user: ${{ github.actor }}" | |
| exit 1 | |
| - name: Checkout dash-network-deploy | |
| uses: actions/checkout@v4 | |
| # Setup SSH key to pull private dash-network-configs repo | |
| - name: Set up GitHub SSH Key | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "${{ secrets.EVO_APP_DEPLOY_KEY }}" > ~/.ssh/id_ed25519 | |
| chmod 600 ~/.ssh/id_ed25519 | |
| ssh-keyscan github.com >> ~/.ssh/known_hosts | |
| # Setup SSH key to connect to deployment servers | |
| - name: Set up Server SSH Key | |
| run: | | |
| echo "${{ secrets.DEPLOY_SERVER_KEY }}" > ~/.ssh/id_rsa_server | |
| chmod 600 ~/.ssh/id_rsa_server | |
| # Set up Node.js first (needed for firstRun.js) | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '18' | |
| # Install Node.js dependencies | |
| - name: Install Node.js dependencies | |
| run: npm ci | |
| # Clone network configs | |
| - name: Clone dash-network-configs | |
| run: | | |
| rm -rf networks | |
| git clone [email protected]:dashpay/dash-network-configs.git networks | |
| # Create root .env file | |
| - name: Create root .env file | |
| run: | | |
| cat > .env << EOL | |
| NETWORK=${{ github.event.inputs.network_name }} | |
| COMPOSE_PROJECT_NAME=${{ github.event.inputs.network_name }} | |
| PRESET=${{ github.event.inputs.network_name }} | |
| NODE_ENV=development | |
| NETWORK_PATH=networks/${{ github.event.inputs.network_name }}.yml | |
| PRESETS_PATH=configs/presets | |
| COMPOSE_FILE=docker-compose.yml | |
| DRIVE_BRANCH=master | |
| DAPI_BRANCH=master | |
| DASHMATE_BRANCH=master | |
| EOL | |
| # Create networks/.env file | |
| - name: Create networks .env file | |
| run: | | |
| cat > networks/.env << EOL | |
| TERRAFORM_S3_BUCKET="dash-networks-deploy-state" | |
| TERRAFORM_S3_KEY="terraform/state" | |
| TERRAFORM_DYNAMODB_TABLE="dash-networks-deploy-terraform-lock" | |
| # AWS Region for both Terraform and Ansible | |
| AWS_REGION="us-west-2" | |
| EOL | |
| # Install Python and Ansible | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y python3-pip python3-netaddr sshpass | |
| sudo pip3 install --upgrade pip | |
| sudo pip3 install ansible==7.7.0 | |
| # Install Ansible roles with retry | |
| - name: Install Ansible roles | |
| run: | | |
| for i in {1..3}; do | |
| ansible-galaxy install -r ansible/requirements.yml --ignore-errors && break || { | |
| if [ $i -lt 3 ]; then | |
| echo "Retry $i..." | |
| sleep 5 | |
| else | |
| echo "Failed after 3 attempts!" | |
| exit 1 | |
| fi | |
| } | |
| done | |
| # Configure SSH for Ansible | |
| - name: Configure SSH | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "Host *" > ~/.ssh/config | |
| echo " StrictHostKeyChecking no" >> ~/.ssh/config | |
| echo " UserKnownHostsFile=/dev/null" >> ~/.ssh/config | |
| chmod 600 ~/.ssh/config | |
| # Run deploy script exactly like on server | |
| - name: Run Deploy Script | |
| env: | |
| ANSIBLE_HOST_KEY_CHECKING: "False" | |
| ANSIBLE_DEPRECATION_WARNINGS: "False" | |
| ANSIBLE_PYTHON_INTERPRETER: /usr/bin/python3 | |
| run: | | |
| chmod +x ./bin/deploy | |
| ./bin/deploy -p ${{ github.event.inputs.network_name }} --tags=${{ github.event.inputs.deploy_tag }} |