forked from dfinity/internet-identity
-
Notifications
You must be signed in to change notification settings - Fork 0
100 lines (88 loc) · 3.97 KB
/
deploy-rc.yml
File metadata and controls
100 lines (88 loc) · 3.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# A workflow run regularly to deploy the scheduled release candidate
name: Deploy Release Candidate
on:
schedule:
# Run every Tuesday:
# summer: 7pm Zurich time
# winter: 8pm Zurich time
- cron: "0 18 * * 2"
workflow_dispatch:
jobs:
deploy-rc:
runs-on: ubuntu-latest
env:
ii_canister_id: y2aaj-miaaa-aaaad-aacxq-cai
testnet_app_canister_id: jlfvx-nqaaa-aaaad-aab7a-cai
wallet_canister_id: cvthj-wyaaa-aaaad-aaaaq-cai
steps:
- uses: actions/checkout@v4
- name: "Download build for Release Candidate"
uses: actions/github-script@v7
with:
script: |
// Find all artifacts for the backend build, and filter for non-expired main artifacts
const allArtifacts = await github.paginate(github.rest.actions.listArtifactsForRepo, {
owner: context.repo.owner,
repo: context.repo.repo,
name: "internet_identity_backend.wasm.gz",
});
const artifactsByBranch = {};
const mainArtifacts = allArtifacts
.filter(artifact => !artifact.expired)
.filter(artifact => artifact.workflow_run.head_branch === "main");
// Grab the latest artifact
mainArtifacts.sort((a,b) => new Date(b.updated_at) - new Date(a.updated_at));
const latestMainArtifact = mainArtifacts[0];
if(!latestMainArtifact) {
const message = "Could not find an artifact to deploy from branch main, are artifacts expired?";
console.error(message);
throw new Error(message);
}
console.log("found artifact for commit", latestMainArtifact.workflow_run.head_sha);
// Download and unzip artifact
const { url } = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: latestMainArtifact.id,
archive_format: "zip",
});
await exec.exec('curl', ['-sSL', url, '-o', "artifact.zip"]);
await exec.exec('unzip', ["artifact.zip" ]);
await exec.exec('rm', ["artifact.zip" ]);
- name: "Print shasum of found build"
run: shasum -a 256 ./internet_identity_backend.wasm.gz
- name: Install icp-cli
run: npm install -g @icp-sdk/icp-cli@$(cat .icp-cli-version | tr -d '[:space:]')
- name: "Install key"
env:
ICP_DEPLOY_KEY: ${{ secrets.DFX_DEPLOY_KEY }}
run: |
key_pem=$(mktemp)
printenv "ICP_DEPLOY_KEY" > "$key_pem"
icp identity import --disable-encryption --force default "$key_pem"
rm "$key_pem"
- name: "Deploy Release Candidate"
run: |
wallet="${{ env.wallet_canister_id }}"
# Needed to suppress icp-cli warning about insecure plaintext identity
export ICP_WARNING=-mainnet_plaintext_identity
icp canister install ${{ env.ii_canister_id }} \
-e ic --proxy "$wallet" --mode upgrade \
--wasm internet_identity_backend.wasm.gz
- name: Send RC link to slack
uses: ./.github/actions/slack
with:
WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
MESSAGE: |
Internet Identity release candidate
RC link: https://${{ env.ii_canister_id }}.ic0.app
test app: https://${{ env.testnet_app_canister_id }}.ic0.app
https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
# Since the this is a scheduled job, a failure won't be shown on any
# PR status. To notify the team, we send a message to our Slack channel on failure.
- name: Notify Slack on failure
uses: ./.github/actions/slack
if: ${{ failure() }}
with:
WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
MESSAGE: "RC deployment failed: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"