(feat) Port workflows from zilliqa-developer (#2)

* (feat) .gitignore (fix) Start of importing submodules * (feat) Import submodule, delete empty directories so we can import the others. * (feat) Import submodules * (fix) Set versions for submodules * (feat) Hopefully re-add cicd * (feat) Install a trunk config file
Zilliqa · Jul 2, 2024 · 5bebcdf · 5bebcdf
1 parent 5f5a4ff
commit 5bebcdf
Show file tree

Hide file tree

Showing 7 changed files with 432 additions and 0 deletions.
diff --git a/.github/workflows/ci-bridge.yml b/.github/workflows/ci-bridge.yml
@@ -0,0 +1,31 @@
+name: "CI for Product Bridge"
+
+on:
+  push: {}
+
+jobs:
+  testing:
+    runs-on: ubuntu-latest
+    name: "Bridge Tests"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - name: Install nodes packages
+        run: npm ci
+        working-directory: bridge-web
+
+      - name: Check bridge-web build
+        run: npm run build
+        working-directory: bridge-web
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+        with:
+          version: nightly
+
+      - name: Run Foundry tests
+        run: forge test
+        working-directory: smart-contracts
diff --git a/.github/workflows/ci-linting.yml b/.github/workflows/ci-linting.yml
@@ -0,0 +1,37 @@
+name: "Linting"
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  release:
+    types:
+      - created
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    name: "Linting"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - uses: pnpm/action-setup@v2
+        with:
+          version: 6.0.2
+
+      - name: "Installing dependencies"
+        run: |
+          pnpm i
+
+      - name: Trunk cache
+        id: cache-trunk
+        uses: actions/[email protected]
+        with:
+          path: ~/.cache/trunk/
+          key: ${{ runner.os }}-trunk
+
+      - name: Trunk Check
+        uses: trunk-io/[email protected]
diff --git a/.github/workflows/cicd-prd.yml b/.github/workflows/cicd-prd.yml
@@ -0,0 +1,139 @@
+name: "CICD production"
+
+on:
+  # On merged
+  push:
+    branches:
+      - main
+  # On released
+  release:
+    types: [published]
+
+jobs:
+  build-docker:
+    permissions:
+      id-token: write
+      contents: write
+    runs-on: ubuntu-22.04
+    if: github.actor != 'dependabot[bot]'
+    name: "Deploy image"
+    strategy:
+      fail-fast: false
+      matrix:
+        application: [zilliqa-bridge-validator]
+        include:
+          - application: zilliqa-bridge-validator
+            image_name: zilliqa-bridge-validator
+            path: bridge-validators
+            tag_length: 8
+            tag_latest: false
+    env:
+      DOCKER_DOMAIN: asia-docker.pkg.dev
+      REGISTRY: asia-docker.pkg.dev/prj-p-devops-services-tvwmrf63/zilliqa-public
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          submodules: recursive
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+          fetch-depth: 0
+
+      - name: Docker build and push - production
+        uses: Zilliqa/gh-actions-workflows/actions/ci-dockerized-app-build-push@v2
+        with:
+          context: ${{ matrix.path }}
+          push: true
+          tag: asia-docker.pkg.dev/prj-p-devops-services-tvwmrf63/zilliqa-public/${{ matrix.image_name }}:${{ github.ref_name }}
+          registry: asia-docker.pkg.dev
+          workload-identity-provider: "${{ secrets.GCP_PRD_GITHUB_WIF }}"
+          service-account: "${{ secrets.GCP_PRD_GITHUB_SA_DOCKER_REGISTRY }}"
+          cache-key: ${{ env.REGISTRY }}/${{ matrix.image_name }}-cache
+          build-args: |
+            DEPLOY_ENV=prd
+            VITE_ENV="PROD"
+
+  build-makefile:
+    permissions:
+      id-token: write
+      contents: write
+    runs-on: ubuntu-22.04
+    name: "Build image with Makefile"
+    strategy:
+      fail-fast: false
+      matrix:
+        application: [zilliqa-bridge-web]
+        include:
+          - application: zilliqa-bridge-web
+            image_name: zilliqa-bridge-web
+            path: bridge-web
+            tag_length: 8
+            tag_latest: false
+    env:
+      DOCKER_DOMAIN: asia-docker.pkg.dev
+      REGISTRY: asia-docker.pkg.dev/prj-p-devops-services-tvwmrf63/zilliqa-public
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          submodules: recursive
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+          fetch-depth: 0
+
+      - name: "Authenticate to Google Cloud - production"
+        id: google-auth
+        uses: "google-github-actions/auth@v1"
+        with:
+          token_format: "access_token"
+          workload_identity_provider: "${{ secrets.GCP_PRD_GITHUB_WIF }}"
+          service_account: "${{ secrets.GCP_PRD_GITHUB_SA_DOCKER_REGISTRY }}"
+          create_credentials_file: true
+
+      - name: Login to the registry - production
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.DOCKER_DOMAIN }}
+          username: "oauth2accesstoken"
+          password: "${{ steps.google-auth.outputs.access_token }}"
+
+      - name: Get tag version - production
+        if: github.event_name == 'push'
+        id: set-tag
+        uses: Zilliqa/gh-actions-workflows/actions/generate-tag@v1
+        with:
+          tag: ${{ env.REGISTRY }}/${{ matrix.image_name }}
+          length: ${{ matrix.tag_length }}
+
+      - name: "Build and push ${{ matrix.application }} - production"
+        if: github.event_name == 'push'
+        env:
+          ENVIRONMENT: prd
+          IMAGE_TAG: ${{ steps.set-tag.outputs.tags }}
+          ENV_FILES_DECRYPTER_NONPRD: ${{ secrets.ENV_FILES_DECRYPTER_NONPRD }}
+          ENV_FILES_DECRYPTER_PRD: ${{ secrets.ENV_FILES_DECRYPTER_PRD }}
+        run: |
+          cd ${{ matrix.path }}
+          make image/build-and-push
+
+      - name: "Build and push ${{ matrix.application }} - production"
+        if: github.event_name == 'release'
+        env:
+          ENVIRONMENT: prd
+          IMAGE_TAG: ${{ env.REGISTRY }}/${{ matrix.image_name }}:${{ github.ref_name }}
+          ENV_FILES_DECRYPTER_NONPRD: ${{ secrets.ENV_FILES_DECRYPTER_NONPRD }}
+          ENV_FILES_DECRYPTER_PRD: ${{ secrets.ENV_FILES_DECRYPTER_PRD }}
+        run: |
+          cd ${{ matrix.path }}
+          make image/build-and-push
+
+      - name: "Build and push ${{ matrix.application }} tag latest - production"
+        if: matrix.tag_latest == true && github.event_name == 'release'
+        env:
+          ENVIRONMENT: prd
+          IMAGE_TAG: ${{ env.REGISTRY }}/${{ matrix.image_name }}:latest
+          ENV_FILES_DECRYPTER_NONPRD: ${{ secrets.ENV_FILES_DECRYPTER_NONPRD }}
+          ENV_FILES_DECRYPTER_PRD: ${{ secrets.ENV_FILES_DECRYPTER_PRD }}
+        run: |
+          cd ${{ matrix.path }}
+          make image/build-and-push
diff --git a/.github/workflows/cicd-stg.yml b/.github/workflows/cicd-stg.yml
@@ -0,0 +1,131 @@
+name: "CICD staging"
+
+on:
+  # Test run before merging
+  pull_request:
+    branches:
+      - main
+  # On merged
+  push:
+    branches:
+      - main
+
+jobs:
+  build-docker:
+    permissions:
+      id-token: write
+      contents: write
+    runs-on: ubuntu-22.04
+    if: github.actor != 'dependabot[bot]' && github.ref_name == 'main'
+    name: "Deploy image"
+    strategy:
+      fail-fast: false
+      matrix:
+        application: [zilliqa-bridge-validator]
+        include:
+          - application: zilliqa-bridge-validator
+            image_name: zilliqa-bridge-validator
+            path: bridge-validators
+            tag_length: 8
+            tag_latest: false
+    env:
+      DOCKER_DOMAIN: asia-docker.pkg.dev
+      REGISTRY: asia-docker.pkg.dev/prj-d-devops-services-4dgwlsse/zilliqa-public
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          submodules: "true"
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+          fetch-depth: 0
+
+      - name: Docker build and push - staging
+        uses: Zilliqa/gh-actions-workflows/actions/ci-dockerized-app-build-push@v2
+        with:
+          context: ${{ matrix.path }}
+          push: ${{ github.ref_name == github.event.repository.default_branch }}
+          tag: asia-docker.pkg.dev/prj-d-devops-services-4dgwlsse/zilliqa-public/${{ matrix.image_name }}
+          tag-length: ${{ matrix.tag_length }}
+          tag-latest: ${{ matrix.tag_latest }}
+          registry: asia-docker.pkg.dev
+          workload-identity-provider: "${{ secrets.GCP_PRD_GITHUB_WIF }}"
+          service-account: "${{ secrets.GCP_STG_GITHUB_SA_DOCKER_REGISTRY }}"
+          cache-key: ${{ env.REGISTRY }}/${{ matrix.image_name }}-cache
+          build-args: |
+            DEPLOY_ENV=stg
+
+  build-makefile:
+    permissions:
+      id-token: write
+      contents: write
+    runs-on: ubuntu-22.04
+    # To test deployments, remove the github.ref_name clause: see devops/docs/z2-testing-apps.md - rrw 2024-04-12
+    # && github.ref_name == 'main'
+    if: github.actor != 'dependabot[bot]'
+    name: "Build image with Makefile"
+    strategy:
+      fail-fast: false
+      matrix:
+        application: [zilliqa-bridge-web]
+        include:
+          - application: zilliqa-bridge-web
+            image_name: zilliqa-bridge-web
+            path: bridge-web
+            tag_length: 8
+            tag_latest: false
+    env:
+      DOCKER_DOMAIN: asia-docker.pkg.dev
+      REGISTRY: asia-docker.pkg.dev/prj-d-devops-services-4dgwlsse/zilliqa-public
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          submodules: recursive
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+          fetch-depth: 0
+
+      - name: "Authenticate to Google Cloud - staging"
+        id: google-auth
+        uses: "google-github-actions/auth@v1"
+        with:
+          token_format: "access_token"
+          workload_identity_provider: "${{ secrets.GCP_PRD_GITHUB_WIF }}"
+          service_account: "${{ secrets.GCP_STG_GITHUB_SA_DOCKER_REGISTRY }}"
+          create_credentials_file: true
+
+      - name: Login to the registry - staging
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.DOCKER_DOMAIN }}
+          username: "oauth2accesstoken"
+          password: "${{ steps.google-auth.outputs.access_token }}"
+
+      - name: Get tag version - staging
+        id: set-tag
+        uses: Zilliqa/gh-actions-workflows/actions/generate-tag@v1
+        with:
+          tag: ${{ env.REGISTRY }}/${{ matrix.image_name }}
+          length: ${{ matrix.tag_length }}
+
+      - name: "Build and push ${{ matrix.application }} - staging"
+        env:
+          ENVIRONMENT: stg
+          IMAGE_TAG: ${{ steps.set-tag.outputs.tags }}
+          ENV_FILES_DECRYPTER_NONPRD: ${{ secrets.ENV_FILES_DECRYPTER_NONPRD }}
+          ENV_FILES_DECRYPTER_PRD: ${{ secrets.ENV_FILES_DECRYPTER_PRD }}
+        run: |
+          cd ${{ matrix.path }}
+          make image/build-and-push
+
+      - name: "Build and push ${{ matrix.application }} tag latest - staging"
+        if: ${{ matrix.tag_latest == true }}
+        env:
+          ENVIRONMENT: stg
+          IMAGE_TAG: "${{ env.REGISTRY }}/${{ matrix.image_name }}:latest"
+          ENV_FILES_DECRYPTER_NONPRD: ${{ secrets.ENV_FILES_DECRYPTER_NONPRD }}
+          ENV_FILES_DECRYPTER_PRD: ${{ secrets.ENV_FILES_DECRYPTER_PRD }}
+        run: |
+          cd ${{ matrix.path }}
+          make image/build-and-push
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,11 @@
+node_modules/
+Debug/
+*~
+**/~
+**/*~
+**/node_modules
+._*
+**/._*
+
+.trunk/**
+!.trunk/trunk.yaml
diff --git a/.gitmodules b/.gitmodules
@@ -0,0 +1,12 @@
+[submodule "smart-contracts/lib/forge-std"]
+	path = smart-contracts/lib/forge-std
+	url = https://github.com/foundry-rs/forge-std
+[submodule "smart-contracts/lib/openzeppelin-foundry-upgrades"]
+	path = smart-contracts/lib/openzeppelin-foundry-upgrades
+	url = https://github.com/OpenZeppelin/openzeppelin-foundry-upgrades
+[submodule "smart-contracts/lib/openzeppelin-contracts"]
+	path = smart-contracts/lib/openzeppelin-contracts
+	url = https://github.com/OpenZeppelin/openzeppelin-contracts
+[submodule "smart-contracts/lib/openzeppelin-contracts-upgradeable"]
+	path = smart-contracts/lib/openzeppelin-contracts-upgradeable
+	url = https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable