Deploy Bridge-Explorer Develop/Staging #217

Workflow file for this run

.github/workflows/oicd-deploy.yml at 199392b

	name: Deploy Bridge-Explorer Develop/Staging
	# Controls when the action will run. Invokes the workflow on push events
	on:
	workflow_dispatch:
	inputs:
	environment:
	description: 'Select the deployment environment'
	required: true
	default: 'develop'
	type: choice
	options:
	- staging
	- develop
	dev_subgraph_gc:
	description: 'subgraph dev tag version for gc subgraph'
	required: true
	type: string
	default: v1.0.1-develop
	dev_subgraph_mainnet:
	description: 'subgraph dev tag version for mainnet subgraph'
	required: true
	type: string
	default: v1.0.0-develop

	env:
	AWS_REGION: 'eu-central-1'
	DEPLOYMENT_DEV: 'bridge-explorer-develop'
	DEPLOYMENT_STG: 'bridge-explorer-staging'
	NAMESPACE: 'bridges'

	# Permission can be added at job level or workflow level
	permissions:
	id-token: write # This is required for requesting the JWT
	contents: write # This is required for actions/checkout and create release
	jobs:
	validate_user:
	name: Validate Access
	runs-on: ubuntu-latest
	if: ( github.ref == 'refs/heads/develop' \|\| github.ref == 'refs/heads/staging' )
	steps:
	- name: Fetch Collaborators with Write Access
	id: fetch_collaborators
	# Users has to be explicity added, not working with teeams
	# https://docs.github.com/en/rest/actions/workflows?apiVersion=2022-11-28
	run: \|
	COLLABORATORS=$(curl -s \
	-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
	-H 'content-type: application/json' \
	"https://api.github.com/repos/${{ github.repository }}/collaborators?affiliation=direct")

	ALLOWED_USERS=$(echo "$COLLABORATORS" \| jq -r '.[] \| select(.permissions.push == true or .permissions.admin == true) \| .login')
	if ! echo "$ALLOWED_USERS" \| grep -q "${{ github.actor }}"; then
	echo "Error: User ${{ github.actor }} does not have write access."
	exit 1
	fi

	Build_and_push_image_to_ECR:
	needs: validate_user
	if: ( github.ref == 'refs/heads/develop' \|\| github.ref == 'refs/heads/staging' )
	runs-on: ubuntu-latest
	steps:
	- name: Git clone the repository
	uses: actions/checkout@v4.2.2
	with:
	fetch-depth: 0

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v2.2.0 # there's v3.2.0 version exists

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2.9.1 # latest v3.7.0

	- name: configure aws credentials
	uses: aws-actions/configure-aws-credentials@v4.0.0 # v4.0.2
	with:
	audience: sts.amazonaws.com
	role-to-assume: ${{ secrets.AWS_ECR_ROLE }}
	role-session-name: GitHub_to_AWS_via_FederatedOIDC
	aws-region: ${{ secrets.AWS_REGION }}

	- name: Login to Amazon ECR
	id: login-ecr
	uses: aws-actions/amazon-ecr-login@v2.0.1

	- name: Build, tag, and push DEVELOP docker image to Amazon ECR
	if: startsWith(github.ref, 'refs/heads/develop')
	env:
	REGISTRY: ${{ steps.login-ecr.outputs.registry }}
	IMAGE_TAG: ${{ github.sha }} # Using develop instead
	uses: docker/build-push-action@v3.3.1 # v6.9.0
	with:
	context: ./app
	file: ./app/Dockerfile
	push: true
	tags: '${{ env.REGISTRY }}/bridge-explorer:${{ inputs.environment }}'
	platforms: \|
	linux/amd64
	build-args: \|
	"NEXT_PUBLIC_APP_NAME=GnosisBridgeMonitor"
	"NEXT_PUBLIC_DEFAULT_THEME=dark"
	"NEXT_PUBLIC_DEFAULT_CHAIN_ID=1"
	"NEXT_PUBLIC_COOKIES_WARNING_ENABLED=true"
	"NEXT_PUBLIC_POLLING_INTERVAL=10000"
	"NEXT_PUBLIC_RPC_MAINNET=https://rpc.eu-central-1.gateway.fm/v4/ethereum/non-archival/mainnet?apiKey=LXyRambFCpLn3HqgKKRluyfH8RHpf_qT.xOmQXGPVWlOlaDSK"
	"NEXT_PUBLIC_RPC_GNOSIS=https://rpc.gnosischain.com"
	"NEXT_PUBLIC_RPC_CHIADO=https://rpc.chiadochain.net"
	"NEXT_PUBLIC_WALLET_CONNECT_DAPP_URL=${{ secrets.WALLET_CONNECT_URL }}"
	"NEXT_PUBLIC_WALLET_CONNECT_PROJECT_ID=${{ secrets.WALLET_CONNECT_PROJECT_ID }}"
	"NEXT_PUBLIC_SUBGRAPH_ENVIRONMENT=development"
	"NEXT_PUBLIC_SUBGRAPH_ACCESS_ID=${{ secrets.GRAPH_ORG }}"
	"NEXT_PUBLIC_SUBGRAPH_CHAINS_RESOURCE_IDS=100:${{ inputs.dev_subgraph_gc }},1:${{ inputs.dev_subgraph_mainnet }}"
	"NEXT_PUBLIC_ALCHEMY_API_KEY=${{ secrets.DEV_NEXT_PUBLIC_ALCHEMY_API_KEY }}"

	- name: Build, tag, and push STAGING to Amazon ECR
	if: startsWith(github.ref, 'refs/heads/staging')
	env:
	REGISTRY: ${{ steps.login-ecr.outputs.registry }}
	uses: docker/build-push-action@v3.3.1 # v6.9.0
	with:
	context: ./app
	file: ./app/Dockerfile
	push: true
	tags: \|
	"${{ env.REGISTRY }}/bridge-explorer:${{ inputs.environment }}"
	platforms: \|
	linux/amd64
	build-args: \|
	"NEXT_PUBLIC_APP_NAME=GnosisBridgeMonitor"
	"NEXT_PUBLIC_DEFAULT_THEME=dark"
	"NEXT_PUBLIC_DEFAULT_CHAIN_ID=1"
	"NEXT_PUBLIC_COOKIES_WARNING_ENABLED=true"
	"NEXT_PUBLIC_POLLING_INTERVAL=10000"
	"NEXT_PUBLIC_RPC_MAINNET=https://rpc.eu-central-1.gateway.fm/v4/ethereum/non-archival/mainnet?apiKey=LXyRambFCpLn3HqgKKRluyfH8RHpf_qT.xOmQXGPVWlOlaDSK"
	"NEXT_PUBLIC_RPC_GNOSIS=https://rpc.gnosischain.com"
	"NEXT_PUBLIC_RPC_CHIADO=https://rpc.chiadochain.net"
	"NEXT_PUBLIC_WALLET_CONNECT_DAPP_URL=${{ secrets.WALLET_CONNECT_URL }}"
	"NEXT_PUBLIC_WALLET_CONNECT_PROJECT_ID=${{ secrets.WALLET_CONNECT_PROJECT_ID }}"
	"NEXT_PUBLIC_SUBGRAPH_ENVIRONMENT=production"
	"NEXT_PUBLIC_SUBGRAPH_ACCESS_ID=${{ secrets.GRAPH_API_KEY }}"
	"NEXT_PUBLIC_SUBGRAPH_CHAINS_RESOURCE_IDS=100:2ths6FTZhCBggnyakh7PL5KH91zjRv8xPNfzaCRKogJ,1:9W7Ye5xFfefNYDxXD4StqAuj7TU8eLq5PLmuPUnhFbeQ"
	"NEXT_PUBLIC_ALCHEMY_API_KEY=${{ secrets.DEV_NEXT_PUBLIC_ALCHEMY_API_KEY }}"

	Get_images_and_restart_deployments:
	needs: Build_and_push_image_to_ECR
	if: ( github.ref == 'refs/heads/develop' \|\| github.ref == 'refs/heads/staging' )
	runs-on: ubuntu-latest
	steps:
	- name: configure aws credentials
	uses: aws-actions/configure-aws-credentials@v4.0.0 # v4.0.2
	with:
	audience: sts.amazonaws.com
	role-to-assume: ${{ secrets.AWS_EKS_ROLE }}
	role-session-name: GitHub_to_AWS_via_FederatedOIDC
	aws-region: ${{ secrets.AWS_REGION }}

	- name: Configure kubectl for EKS
	run: aws eks update-kubeconfig --name ${{ secrets.AWS_EKS_CLUSTER }} --region ${{ secrets.AWS_REGION }}

	- name: Restart Bridge Explorer Deployment
	run: \|
	kubectl config use-context arn:aws:eks:${{ secrets.AWS_REGION }}:${{ secrets.AWS_ACCOUNT_ID }}:cluster/${{ secrets.AWS_EKS_CLUSTER }}
	if [ "${GITHUB_REF#refs/heads/}" = "develop" ]; then
	kubectl rollout restart deploy/${{ env.DEPLOYMENT_DEV }} -n ${{ env.NAMESPACE }}
	else
	kubectl rollout restart deploy/${{ env.DEPLOYMENT_STG }} -n ${{ env.NAMESPACE }}
	fi

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Deploy Bridge-Explorer Develop/Staging #217

Workflow file

Deploy Bridge-Explorer Develop/Staging #217

Uh oh!

Workflow file for this run