Deploy Bridge-Explorer Develop/Staging #256
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Bridge-Explorer Develop/Staging | |
| # Controls when the action will run. Invokes the workflow on push events | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: 'Select the deployment environment' | |
| required: true | |
| default: 'develop' | |
| type: choice | |
| options: | |
| - staging | |
| - develop | |
| dev_subgraph_gc: | |
| description: 'subgraph dev tag version for gc subgraph' | |
| required: true | |
| type: string | |
| default: version/latest | |
| dev_subgraph_mainnet: | |
| description: 'subgraph dev tag version for mainnet subgraph' | |
| required: true | |
| type: string | |
| default: version/latest | |
| env: | |
| AWS_REGION: 'eu-central-1' | |
| DEPLOYMENT_DEV: 'bridge-explorer-develop' | |
| DEPLOYMENT_STG: 'bridge-explorer-staging' | |
| NAMESPACE: 'bridges' | |
| # Permission can be added at job level or workflow level | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: write # This is required for actions/checkout and create release | |
| jobs: | |
| validate_user: | |
| name: Validate Access | |
| runs-on: ubuntu-latest | |
| if: ( github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/staging' ) | |
| steps: | |
| - name: Fetch Collaborators with Write Access | |
| id: fetch_collaborators | |
| # Users has to be explicity added, not working with teeams | |
| # https://docs.github.com/en/rest/actions/workflows?apiVersion=2022-11-28 | |
| run: | | |
| COLLABORATORS=$(curl -s \ | |
| -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
| -H 'content-type: application/json' \ | |
| "https://api.github.com/repos/${{ github.repository }}/collaborators?affiliation=direct") | |
| ALLOWED_USERS=$(echo "$COLLABORATORS" | jq -r '.[] | select(.permissions.push == true or .permissions.admin == true) | .login') | |
| if ! echo "$ALLOWED_USERS" | grep -q "${{ github.actor }}"; then | |
| echo "Error: User ${{ github.actor }} does not have write access." | |
| exit 1 | |
| fi | |
| Build_and_push_image_to_ECR: | |
| needs: validate_user | |
| if: ( github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/staging' ) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Git clone the repository | |
| uses: actions/[email protected] | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/[email protected] # there's v3.2.0 version exists | |
| - name: Set up Docker Buildx | |
| uses: docker/[email protected] # latest v3.7.0 | |
| - name: configure aws credentials | |
| uses: aws-actions/[email protected] # v4.0.2 | |
| with: | |
| audience: sts.amazonaws.com | |
| role-to-assume: ${{ secrets.AWS_ECR_ROLE }} | |
| role-session-name: GitHub_to_AWS_via_FederatedOIDC | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/[email protected] | |
| - name: Build, tag, and push DEVELOP docker image to Amazon ECR | |
| if: startsWith(github.ref, 'refs/heads/develop') | |
| env: | |
| REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| IMAGE_TAG: ${{ github.sha }} # Using develop instead | |
| uses: docker/[email protected] # v6.9.0 | |
| with: | |
| context: ./app | |
| file: ./app/Dockerfile | |
| push: true | |
| tags: '${{ env.REGISTRY }}/bridge-explorer:${{ inputs.environment }}' | |
| platforms: | | |
| linux/amd64 | |
| build-args: | | |
| "NEXT_PUBLIC_APP_NAME=GnosisBridgeMonitor" | |
| "NEXT_PUBLIC_DEFAULT_THEME=dark" | |
| "NEXT_PUBLIC_DEFAULT_CHAIN_ID=1" | |
| "NEXT_PUBLIC_COOKIES_WARNING_ENABLED=true" | |
| "NEXT_PUBLIC_POLLING_INTERVAL=10000" | |
| "NEXT_PUBLIC_RPC_MAINNET=https://rpc.eu-central-1.gateway.fm/v4/ethereum/non-archival/mainnet?apiKey=LXyRambFCpLn3HqgKKRluyfH8RHpf_qT.xOmQXGPVWlOlaDSK" | |
| "NEXT_PUBLIC_RPC_GNOSIS=https://rpc.gnosischain.com" | |
| "NEXT_PUBLIC_RPC_CHIADO=https://rpc.chiadochain.net" | |
| "NEXT_PUBLIC_WALLET_CONNECT_DAPP_URL=${{ secrets.WALLET_CONNECT_URL }}" | |
| "NEXT_PUBLIC_WALLET_CONNECT_PROJECT_ID=${{ secrets.WALLET_CONNECT_PROJECT_ID }}" | |
| "NEXT_PUBLIC_SUBGRAPH_ENVIRONMENT=development" | |
| "NEXT_PUBLIC_SUBGRAPH_ACCESS_ID=${{ secrets.GRAPH_ORG }}" | |
| "NEXT_PUBLIC_SUBGRAPH_CHAINS_RESOURCE_IDS=100:${{ inputs.dev_subgraph_gc }},1:${{ inputs.dev_subgraph_mainnet }}" | |
| "NEXT_PUBLIC_ALCHEMY_API_KEY=${{ secrets.DEV_NEXT_PUBLIC_ALCHEMY_API_KEY }}" | |
| - name: Build, tag, and push STAGING to Amazon ECR | |
| if: startsWith(github.ref, 'refs/heads/staging') | |
| env: | |
| REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| uses: docker/[email protected] # v6.9.0 | |
| with: | |
| context: ./app | |
| file: ./app/Dockerfile | |
| push: true | |
| tags: | | |
| "${{ env.REGISTRY }}/bridge-explorer:${{ inputs.environment }}" | |
| platforms: | | |
| linux/amd64 | |
| build-args: | | |
| "NEXT_PUBLIC_APP_NAME=GnosisBridgeMonitor" | |
| "NEXT_PUBLIC_DEFAULT_THEME=dark" | |
| "NEXT_PUBLIC_DEFAULT_CHAIN_ID=1" | |
| "NEXT_PUBLIC_COOKIES_WARNING_ENABLED=true" | |
| "NEXT_PUBLIC_POLLING_INTERVAL=10000" | |
| "NEXT_PUBLIC_RPC_MAINNET=https://rpc.eu-central-1.gateway.fm/v4/ethereum/non-archival/mainnet?apiKey=LXyRambFCpLn3HqgKKRluyfH8RHpf_qT.xOmQXGPVWlOlaDSK" | |
| "NEXT_PUBLIC_RPC_GNOSIS=https://rpc.gnosischain.com" | |
| "NEXT_PUBLIC_RPC_CHIADO=https://rpc.chiadochain.net" | |
| "NEXT_PUBLIC_WALLET_CONNECT_DAPP_URL=${{ secrets.WALLET_CONNECT_URL }}" | |
| "NEXT_PUBLIC_WALLET_CONNECT_PROJECT_ID=${{ secrets.WALLET_CONNECT_PROJECT_ID }}" | |
| "NEXT_PUBLIC_SUBGRAPH_ENVIRONMENT=production" | |
| "NEXT_PUBLIC_SUBGRAPH_ACCESS_ID=${{ secrets.THEGRAPH_READ_API_KEY }}" | |
| "NEXT_PUBLIC_SUBGRAPH_CHAINS_RESOURCE_IDS=100:2ths6FTZhCBggnyakh7PL5KH91zjRv8xPNfzaCRKogJ,1:9W7Ye5xFfefNYDxXD4StqAuj7TU8eLq5PLmuPUnhFbeQ" | |
| "NEXT_PUBLIC_ALCHEMY_API_KEY=${{ secrets.DEV_NEXT_PUBLIC_ALCHEMY_API_KEY }}" | |
| Get_images_and_restart_deployments: | |
| needs: Build_and_push_image_to_ECR | |
| if: ( github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/staging' ) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: configure aws credentials | |
| uses: aws-actions/[email protected] # v4.0.2 | |
| with: | |
| audience: sts.amazonaws.com | |
| role-to-assume: ${{ secrets.AWS_EKS_ROLE }} | |
| role-session-name: GitHub_to_AWS_via_FederatedOIDC | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Configure kubectl for EKS | |
| run: aws eks update-kubeconfig --name ${{ secrets.AWS_EKS_CLUSTER }} --region ${{ secrets.AWS_REGION }} | |
| - name: Restart Bridge Explorer Deployment | |
| run: | | |
| kubectl config use-context arn:aws:eks:${{ secrets.AWS_REGION }}:${{ secrets.AWS_ACCOUNT_ID }}:cluster/${{ secrets.AWS_EKS_CLUSTER }} | |
| if [ "${GITHUB_REF#refs/heads/}" = "develop" ]; then | |
| kubectl rollout restart deploy/${{ env.DEPLOYMENT_DEV }} -n ${{ env.NAMESPACE }} | |
| else | |
| kubectl rollout restart deploy/${{ env.DEPLOYMENT_STG }} -n ${{ env.NAMESPACE }} | |
| fi |