Remove read environment variable (#403) #2031
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| - release/** | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| - ready_for_review | |
| - labeled | |
| - unlabeled | |
| push: | |
| branches: | |
| - main | |
| release: | |
| types: | |
| - released | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: "Select environment to deploy" | |
| required: true | |
| type: choice | |
| options: | |
| - perftest | |
| permissions: | |
| id-token: write | |
| pull-requests: write | |
| contents: read | |
| deployments: write | |
| packages: write | |
| issues: write | |
| jobs: | |
| setup-tags: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: RDXWorks-actions/checkout@main | |
| with: | |
| fetch-depth: 0 | |
| - name: Determine environment and extract DAPP_DEFINITION_ADDRESS | |
| id: extract-dapp-address | |
| run: | | |
| # Determine environment based on event type | |
| if [[ "${{ github.event_name }}" == "pull_request" ]]; then | |
| ENV_NAME="pr" | |
| elif [[ "${{ github.event_name }}" == "release" ]]; then | |
| ENV_NAME="prod" | |
| elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then | |
| ENV_NAME="${{ github.event.inputs.environment }}" | |
| else | |
| ENV_NAME="dev" | |
| fi | |
| echo "environment=$ENV_NAME" >> $GITHUB_OUTPUT | |
| # Extract DAPP_DEFINITION_ADDRESS from the helm file | |
| HELM_FILE="deploy/helm/environments/${ENV_NAME}/incentives.yaml.gotmpl" | |
| DAPP_ADDRESS=$(grep 'DAPP_DEFINITION_ADDRESS:' "$HELM_FILE" | sed 's/.*DAPP_DEFINITION_ADDRESS:[[:space:]]*"\(.*\)"/\1/') | |
| echo "dapp-definition-address=$DAPP_ADDRESS" >> $GITHUB_OUTPUT | |
| - name: Docker tags for incentives | |
| id: incentives-tags | |
| uses: RDXWorks-actions/metadata-action@master | |
| with: | |
| images: | | |
| docker.io/radixdlt/incentives | |
| tags: | | |
| type=sha,event=pr | |
| type=sha,event=branch | |
| type=semver,pattern={{version}} | |
| - name: Docker tags for admin | |
| id: admin-tags | |
| uses: RDXWorks-actions/metadata-action@master | |
| with: | |
| images: | | |
| docker.io/radixdlt/incentives-admin | |
| tags: | | |
| type=sha,event=pr | |
| type=sha,event=branch | |
| type=semver,pattern={{version}} | |
| - name: Docker tags for transaction | |
| id: transaction-stream-tags | |
| uses: RDXWorks-actions/metadata-action@master | |
| with: | |
| images: | | |
| docker.io/radixdlt/incentives-transaction-stream | |
| tags: | | |
| type=sha,event=pr | |
| type=sha,event=branch | |
| type=semver,pattern={{version}} | |
| - name: Docker tags for worker | |
| id: worker-tags | |
| uses: RDXWorks-actions/metadata-action@master | |
| with: | |
| images: | | |
| docker.io/radixdlt/incentives-worker | |
| tags: | | |
| type=sha,event=pr | |
| type=sha,event=branch | |
| type=semver,pattern={{version}} | |
| outputs: | |
| incentives-tags: ${{ steps.incentives-tags.outputs.tags }} | |
| incentives-labels: ${{ steps.incentives-tags.outputs.labels }} | |
| incentives-json: ${{ steps.incentives-tags.outputs.json }} | |
| admin-tags: ${{ steps.admin-tags.outputs.tags }} | |
| admin-labels: ${{ steps.admin-tags.outputs.labels }} | |
| admin-json: ${{ steps.admin-tags.outputs.json }} | |
| transaction-stream-tags: ${{ steps.transaction-stream-tags.outputs.tags }} | |
| transaction-stream-labels: ${{ steps.transaction-stream-tags.outputs.labels }} | |
| transaction-stream-json: ${{ steps.transaction-stream-tags.outputs.json }} | |
| worker-tags: ${{ steps.worker-tags.outputs.tags }} | |
| worker-labels: ${{ steps.worker-tags.outputs.labels }} | |
| worker-json: ${{ steps.worker-tags.outputs.json }} | |
| dapp-definition-address: ${{ steps.extract-dapp-address.outputs.dapp-definition-address }} | |
| push-incentives: | |
| name: Docker incentives | |
| needs: | |
| - setup-tags | |
| uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main | |
| with: | |
| runs_on: ubuntu-latest | |
| image_registry: 'docker.io' | |
| image_organization: 'radixdlt' | |
| target: 'runner' | |
| image_name: 'incentives' | |
| tags: ${{ github.sha }} | |
| context: '.' | |
| dockerfile: './dockerfiles/incentives.Dockerfile' | |
| platforms: 'linux/amd64' | |
| use_gh_remote_cache: true | |
| scan_image: false | |
| provenance: false | |
| with_sbom: false | |
| build-args: | | |
| NEXT_PUBLIC_DAPP_DEFINITION_ADDRESS=${{ needs.setup-tags.outputs.dapp-definition-address }} | |
| push-admin: | |
| name: Docker admin | |
| needs: | |
| - setup-tags | |
| uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main | |
| with: | |
| runs_on: ubuntu-latest | |
| image_registry: 'docker.io' | |
| image_organization: 'radixdlt' | |
| target: 'runner' | |
| image_name: 'incentives-admin' | |
| tags: ${{ github.sha }} | |
| context: '.' | |
| dockerfile: './dockerfiles/admin.Dockerfile' | |
| platforms: 'linux/amd64' | |
| use_gh_remote_cache: true | |
| scan_image: false | |
| provenance: false | |
| with_sbom: false | |
| push-worker: | |
| name: Docker worker | |
| needs: | |
| - setup-tags | |
| uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main | |
| with: | |
| runs_on: ubuntu-latest | |
| image_registry: 'docker.io' | |
| image_organization: 'radixdlt' | |
| target: 'runner' | |
| image_name: 'incentives-worker' | |
| tag: ${{ github.sha }} | |
| context: '.' | |
| dockerfile: './dockerfiles/workers.Dockerfile' | |
| platforms: 'linux/amd64' | |
| use_gh_remote_cache: true | |
| scan_image: false | |
| provenance: false | |
| with_sbom: false | |
| push-transaction-stream: | |
| name: Docker transaction-stream | |
| needs: | |
| - setup-tags | |
| uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main | |
| with: | |
| runs_on: ubuntu-latest | |
| image_registry: 'docker.io' | |
| image_organization: 'radixdlt' | |
| target: 'runner' | |
| image_name: 'incentives-transaction-stream' | |
| tag: ${{ github.sha }} | |
| context: '.' | |
| dockerfile: './dockerfiles/streamer.Dockerfile' | |
| platforms: 'linux/amd64' | |
| use_gh_remote_cache: true | |
| scan_image: false | |
| provenance: false | |
| with_sbom: false | |
| check-gateway-label: | |
| if: github.event_name == 'pull_request' || github.event_name == 'push' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check for 'set-gateway' label | |
| id: check_label | |
| run: | | |
| if [[ "${{ contains(github.event.pull_request.labels.*.name, 'set-gateway') }}" == "true" ]]; then | |
| echo "gateway_url=https://private-link-active-mainnet.rtlj-prod.extratools.works" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "gateway_url=http://localhost" >> "$GITHUB_OUTPUT" | |
| fi | |
| outputs: | |
| gateway_url: ${{ steps.check_label.outputs.gateway_url }} | |
| check-install-connector-label: | |
| if: github.event_name == 'pull_request' || github.event_name == 'push' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check for 'install-connector' label | |
| id: check_label | |
| run: | | |
| if [[ "${{ contains(github.event.pull_request.labels.*.name, 'install-connector') }}" == "true" ]]; then | |
| echo "install_connector=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "install_connector=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| outputs: | |
| install_connector: ${{ steps.check_label.outputs.install_connector }} | |
| deploy_pull_request: | |
| if: ( (github.event_name == 'pull_request' || github.event_name == 'push') && contains(github.event.pull_request.labels.*.name, 'deploy-pr') ) | |
| name: Deploy PR | |
| needs: | |
| - push-incentives | |
| - push-admin | |
| - push-worker | |
| - push-transaction-stream | |
| - check-gateway-label | |
| - check-install-connector-label | |
| uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main | |
| with: | |
| jenkins_job_name: 'kubernetes-deployments/job/incentives' | |
| github_branch: '${{ github.head_ref }}' | |
| application_name: 'incentives' | |
| hierarchical_namespace: 'incentives-ci-pr' | |
| create_subnamespace: 'true' | |
| kubernetes_namespace: 'incentives-pr-${{ github.event.number }}' | |
| aws_eks_cluster: 'rdx-works-main-dev' | |
| aws_iam_role_name: 'jenkins-incentives-pr-deployer' | |
| helmfile_environment: 'pr' | |
| helmfile_extra_vars: 'ci.tag=${{ github.sha }},ci.prNumber=${{ github.event.number }},ci.gateway_url=${{ needs.check-gateway-label.outputs.gateway_url }},ci.install_connector=${{ needs.check-install-connector-label.outputs.install_connector }}' | |
| secrets: | |
| aws_deployment_account_id: ${{ secrets.AWS_DEV_ACCOUNT_ID }} | |
| secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }} | |
| deploy_dev: | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| name: Deploy DEV | |
| needs: | |
| - push-incentives | |
| - push-admin | |
| - push-worker | |
| - push-transaction-stream | |
| uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main | |
| with: | |
| github_environment: 'dev' | |
| github_branch: '${{ github.ref }}' | |
| jenkins_job_name: 'kubernetes-deployments/job/incentives' | |
| application_name: 'incentives' | |
| kubernetes_namespace: 'incentives-dev' | |
| aws_eks_cluster: 'rdx-works-main-dev' | |
| aws_iam_role_name: 'jenkins-incentives-dev-deployer' | |
| helmfile_environment: 'dev' | |
| helmfile_extra_vars: 'ci.tag=${{ github.sha }},ci.install_connector=true' | |
| secrets: | |
| aws_deployment_account_id: ${{ secrets.AWS_DEV_ACCOUNT_ID }} | |
| secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }} | |
| deploy_perftest: | |
| if: github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'perftest' | |
| name: Deploy PERFTEST | |
| needs: | |
| - push-incentives | |
| - push-admin | |
| - push-worker | |
| - push-transaction-stream | |
| uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main | |
| with: | |
| github_environment: 'perftest' | |
| github_branch: '${{ github.ref }}' | |
| jenkins_job_name: 'kubernetes-deployments/job/incentives' | |
| application_name: 'incentives' | |
| kubernetes_namespace: 'incentives-perftest' | |
| aws_eks_cluster: 'rdx-works-main-dev' | |
| aws_iam_role_name: 'jenkins-incentives-perftest-deployer' | |
| helmfile_environment: 'perftest' | |
| helmfile_extra_vars: 'ci.tag=${{ github.sha }},ci.install_connector=true' | |
| secrets: | |
| aws_deployment_account_id: ${{ secrets.AWS_DEV_ACCOUNT_ID }} | |
| secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }} | |
| deploy_prod: | |
| if: github.event_name == 'release' && github.event.action == 'released' | |
| name: Deploy PROD | |
| needs: | |
| - push-incentives | |
| - push-admin | |
| - push-worker | |
| - push-transaction-stream | |
| uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main | |
| with: | |
| github_environment: 'prod' | |
| github_branch: '${{ github.ref }}' | |
| jenkins_job_name: 'kubernetes-deployments/job/incentives' | |
| application_name: 'incentives' | |
| kubernetes_namespace: 'incentives-mainnet' | |
| aws_eks_cluster: 'rtlj-prod' | |
| aws_iam_role_name: 'jenkins-incentives-mainnet-deployer' | |
| helmfile_environment: 'prod' | |
| helmfile_extra_vars: 'ci.tag=${{ github.sha }},ci.install_connector=true' | |
| secrets: | |
| aws_deployment_account_id: ${{ secrets.AWS_PROD_ACCOUNT_ID }} | |
| secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }} | |