From 3a55f70b0d606d188461457840de3632ff22b251 Mon Sep 17 00:00:00 2001 From: Aaron DeRuvo Date: Thu, 5 Oct 2023 18:25:11 +0200 Subject: [PATCH 1/7] Write up versioning/ release process docs (#72) Co-authored-by: Aaron --- RELEASE.md | 40 +++++++++++++++++++ .../phone-number-privacy/common/README.md | 40 ------------------- 2 files changed, 40 insertions(+), 40 deletions(-) create mode 100644 RELEASE.md diff --git a/RELEASE.md b/RELEASE.md new file mode 100644 index 000000000..1c30935de --- /dev/null +++ b/RELEASE.md @@ -0,0 +1,40 @@ +# Release Process + +This repo uses changesets to determine what packages need a version bump. + +Each PR MUST be accompanied by a changeset unless it has zero affect on package consumers (ie changing github action workflows). + +To create a changeset run `changeset add` (or `yarn cs`) + +This will bring up an interactive console which asks which packages are affect and if they require minor or major update. + +when time to release new versions of npm package run `changeset version` this will look thru the changeset files that have been generated since last release to bump the versions for package automatically to major if any changesets specify major change minor if only minor and patch if a the package had no changesets of its own but depends on one which will be updated. + +finally `changeset publish` will go thru and publish to npm the packages that need publishing. + +after go ahead and run `git push --follow-tags` to push git tags up to github. + +## for pre releasing + +changesets has 2 strategies for pre release versions. + +The first is to enter `pre` mode on changesets. [docs here](https://github.com/changesets/changesets/blob/main/docs/prereleases.md) + +``` +yarn changeset pre enter beta +yarn changeset version +git add . +git commit -m "Enter prerelease mode and version packages" +yarn changeset publish +git push --follow-tags +``` + +The other is to append --snapshot. which is great for daily releases. + +``` +yarn changeset version --snapshot canary + +yarn changeset publish --no-git-tag --snapshot + +``` + diff --git a/packages/phone-number-privacy/common/README.md b/packages/phone-number-privacy/common/README.md index 48349f462..872df042f 100644 --- a/packages/phone-number-privacy/common/README.md +++ b/packages/phone-number-privacy/common/README.md @@ -8,44 +8,4 @@ This package contains common code used across ODIS. It is depended on by the Com - Error and Warning types used for monitoring and alerting in both the Combiner and Signer. - The PEAR Sequential Delay rate limiting algorithm. -## Release Process -When updating the ODIS common package, it is important to remember that all changes must be published before they can be used in production ODIS services or SDKS. If your changes are needed in the SDKS, then you will need to also publish all the Celo SDKs. The instructions below detail this entire SDK release process, but if your changes are only needed in ODIS services you only need to do step 7 (remember to run `yarn && yarn build` before publishing, and consider reading the rest of the steps anyway for context) - -These instructions assume the following scenario for readability: - -- The latest released sdk version is `3.1.0` -- The SDK versions in the monorepo are all set to `3.1.1-dev` -- You are releasing version `3.2.0` of the SDKs -- The latest released ODIS common package version is `2.0.2` -- You are releasing version `2.0.3` of the ODIS common package - -1. Checkout a new branch for the SDK release. Name it something like `/release3.2.0` -2. Note that you should release version `3.2.0-beta.1` and `2.0.3-beta.1` and test that everything is working correctly before publishing them as `latest`. If everything is not working correctly, try again with `-beta.2` -3. Search and replace all instances of the current sdk version in the monorepo with the new sdk version you are releasing (check the search and replace changes do what you intend them to before hitting replace!) - - i.e. search and replace `3.1.1-dev` with `3.2.0-beta.1` (note that we’ve removed the `-dev`) -4. Same idea as above -- ensure the version of the `@celo/phone-number-privacy-common` package is set to the version you are trying to release (i.e. `2.0.3-beta.1`) and that all other packages are importing this version. -5. From the monorepo root directory, run `yarn reset && yarn && yarn build` (expect this to take at least 10 mins) -6. Commit your changes with the message `3.2.0-beta.1` -7. Publish the ODIS common package by navigating to the `phone-number-privacy/common` directory and running `npm publish —-tag beta` - - You will be prompted to enter your OTP - - When publishing as `latest`, omit the `--tag beta` -8. Publish the sdks by running `npm run deploy-sdks` from the monorepo root directory - - You will be prompted to enter a version number that you wish to publish. i.e. `3.2.0-beta.1` - - You will be repeatedly asked to enter your OTP, which will be automatically supplied if you hit ‘enter’ (you do not have to paste it to the command line each time) - - When your OTP expires, you will see an error and will have to re-enter the new one - - Note the `deploy-sdks` script will automatically append `-dev` to all the sdk versions after they're published. You may need to search and replace to undue this if you were publishing a beta release. -9. Depending on what you're releasing, you may want to test that the newly published SDKs work as intended. This may be as simple as checking that CI runs successfully on your `3.2.0-beta.1` commit. -10. Once you are confident in the beta release, repeat steps 3 through 9 with versions `3.2.0` and `2.0.3`. The SDKs will be published with the `latest` tag. -11. The `deploy-sdks` script will automatically append `-dev` to all the sdk versions after they're published. For `latest` releases, it will also increment to the next patch version. Please ensure this happened correctly and commit the result with the message `3.2.1-dev` -12. Get your PR for the release branch reviewed and merged - - - If CI fails with output like below, it means that some packages outside of the SDK did not get incremented to `3.2.1-dev`. Please go through and make sure these are all incremented correctly and CI should pass. - - ``` - ./sdk/utils/src/address.ts(1,46): error TS2307: Cannot find module '@celo/base/lib/address' or its corresponding type declarations. - ../sdk/utils/src/address.ts(27,8): error TS2307: Cannot find module '@celo/base/lib/address' or its corresponding type declarations. - ../sdk/utils/src/async.ts(10,8): error TS2307: Cannot find module '@celo/base/lib/async' or its corresponding type declarations - ``` - -13. Don’t forget to tag the PR commit as a release in GitHub and add Release Notes From 4d2f8d538cf9954c43b5165f3dea3c5e35ef6faf Mon Sep 17 00:00:00 2001 From: soloseng <102702451+soloseng@users.noreply.github.com> Date: Thu, 5 Oct 2023 14:09:46 -0400 Subject: [PATCH 2/7] fixed fetch import --- .../combiner/test/end-to-end/domain.test.ts | 2 +- .../phone-number-privacy/combiner/test/end-to-end/pnp.test.ts | 2 +- .../phone-number-privacy/combiner/test/end-to-end/resources.ts | 1 - .../signer/test/end-to-end/disabled-apis.test.ts | 2 +- .../phone-number-privacy/signer/test/end-to-end/domain.test.ts | 2 +- .../phone-number-privacy/signer/test/end-to-end/pnp.test.ts | 2 +- 6 files changed, 5 insertions(+), 6 deletions(-) diff --git a/packages/phone-number-privacy/combiner/test/end-to-end/domain.test.ts b/packages/phone-number-privacy/combiner/test/end-to-end/domain.test.ts index 6ce612b02..57ad88bb4 100644 --- a/packages/phone-number-privacy/combiner/test/end-to-end/domain.test.ts +++ b/packages/phone-number-privacy/combiner/test/end-to-end/domain.test.ts @@ -30,7 +30,7 @@ import { } from '@celo/phone-number-privacy-common' import { defined, noNumber, noString } from '@celo/utils/lib/sign-typed-data-utils' import * as crypto from 'crypto' -import 'isomorphic-fetch' +import fetch from 'node-fetch' import { getCombinerVersion } from '../../src' import { getTestContextName } from './resources' diff --git a/packages/phone-number-privacy/combiner/test/end-to-end/pnp.test.ts b/packages/phone-number-privacy/combiner/test/end-to-end/pnp.test.ts index 63f01d172..a52a9563a 100644 --- a/packages/phone-number-privacy/combiner/test/end-to-end/pnp.test.ts +++ b/packages/phone-number-privacy/combiner/test/end-to-end/pnp.test.ts @@ -13,7 +13,7 @@ import { import { normalizeAddressWith0x } from '@celo/utils/lib/address' import threshold_bls from 'blind-threshold-bls' import { randomBytes } from 'crypto' -import 'isomorphic-fetch' +import fetch from 'node-fetch' import { config as signerConfig } from '../../../signer/src/config' import { getCombinerVersion } from '../../src' import { diff --git a/packages/phone-number-privacy/combiner/test/end-to-end/resources.ts b/packages/phone-number-privacy/combiner/test/end-to-end/resources.ts index bd93afa69..a1a4adf18 100644 --- a/packages/phone-number-privacy/combiner/test/end-to-end/resources.ts +++ b/packages/phone-number-privacy/combiner/test/end-to-end/resources.ts @@ -11,7 +11,6 @@ import { normalizeAddressWith0x, privateKeyToAddress, } from '@celo/utils/lib/address' -import 'isomorphic-fetch' require('dotenv').config() diff --git a/packages/phone-number-privacy/signer/test/end-to-end/disabled-apis.test.ts b/packages/phone-number-privacy/signer/test/end-to-end/disabled-apis.test.ts index 1014df19a..85b14405f 100644 --- a/packages/phone-number-privacy/signer/test/end-to-end/disabled-apis.test.ts +++ b/packages/phone-number-privacy/signer/test/end-to-end/disabled-apis.test.ts @@ -20,7 +20,7 @@ import { } from '@celo/phone-number-privacy-common' import { defined, noBool, noNumber, noString } from '@celo/utils/lib/sign-typed-data-utils' import { LocalWallet } from '@celo/wallet-local' -import 'isomorphic-fetch' +import fetch from 'node-fetch' require('dotenv').config() diff --git a/packages/phone-number-privacy/signer/test/end-to-end/domain.test.ts b/packages/phone-number-privacy/signer/test/end-to-end/domain.test.ts index 019da1422..8539831b8 100644 --- a/packages/phone-number-privacy/signer/test/end-to-end/domain.test.ts +++ b/packages/phone-number-privacy/signer/test/end-to-end/domain.test.ts @@ -27,7 +27,7 @@ import { import { DomainRequest } from '@celo/phone-number-privacy-common/src' import { defined, noBool, noNumber, noString } from '@celo/utils/lib/sign-typed-data-utils' import { LocalWallet } from '@celo/wallet-local' -import 'isomorphic-fetch' +import fetch, { Response } from 'node-fetch' import { getTestParamsForContext } from './utils' const { ACCOUNT_ADDRESS1, PRIVATE_KEY1 } = TestUtils.Values diff --git a/packages/phone-number-privacy/signer/test/end-to-end/pnp.test.ts b/packages/phone-number-privacy/signer/test/end-to-end/pnp.test.ts index 8be4b6f10..0b726d83d 100644 --- a/packages/phone-number-privacy/signer/test/end-to-end/pnp.test.ts +++ b/packages/phone-number-privacy/signer/test/end-to-end/pnp.test.ts @@ -15,7 +15,7 @@ import { } from '@celo/phone-number-privacy-common' import threshold_bls from 'blind-threshold-bls' import { randomBytes } from 'crypto' -import 'isomorphic-fetch' +import fetch, { Response } from 'node-fetch' import { config } from '../../src/config' import { getBlindedPhoneNumber, getTestParamsForContext } from './utils' From 72db04ac398ad65777e67ad6b6ce5d59747f35fa Mon Sep 17 00:00:00 2001 From: soloseng <102702451+soloseng@users.noreply.github.com> Date: Thu, 5 Oct 2023 14:40:50 -0400 Subject: [PATCH 3/7] revert changes in signer as not needed --- .../signer/test/end-to-end/disabled-apis.test.ts | 3 +-- .../phone-number-privacy/signer/test/end-to-end/domain.test.ts | 2 +- .../phone-number-privacy/signer/test/end-to-end/pnp.test.ts | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/packages/phone-number-privacy/signer/test/end-to-end/disabled-apis.test.ts b/packages/phone-number-privacy/signer/test/end-to-end/disabled-apis.test.ts index 85b14405f..594c6888a 100644 --- a/packages/phone-number-privacy/signer/test/end-to-end/disabled-apis.test.ts +++ b/packages/phone-number-privacy/signer/test/end-to-end/disabled-apis.test.ts @@ -20,8 +20,7 @@ import { } from '@celo/phone-number-privacy-common' import { defined, noBool, noNumber, noString } from '@celo/utils/lib/sign-typed-data-utils' import { LocalWallet } from '@celo/wallet-local' -import fetch from 'node-fetch' - +import 'isomorphic-fetch' require('dotenv').config() const { ACCOUNT_ADDRESS1, BLINDED_PHONE_NUMBER, PRIVATE_KEY1 } = TestUtils.Values diff --git a/packages/phone-number-privacy/signer/test/end-to-end/domain.test.ts b/packages/phone-number-privacy/signer/test/end-to-end/domain.test.ts index 8539831b8..019da1422 100644 --- a/packages/phone-number-privacy/signer/test/end-to-end/domain.test.ts +++ b/packages/phone-number-privacy/signer/test/end-to-end/domain.test.ts @@ -27,7 +27,7 @@ import { import { DomainRequest } from '@celo/phone-number-privacy-common/src' import { defined, noBool, noNumber, noString } from '@celo/utils/lib/sign-typed-data-utils' import { LocalWallet } from '@celo/wallet-local' -import fetch, { Response } from 'node-fetch' +import 'isomorphic-fetch' import { getTestParamsForContext } from './utils' const { ACCOUNT_ADDRESS1, PRIVATE_KEY1 } = TestUtils.Values diff --git a/packages/phone-number-privacy/signer/test/end-to-end/pnp.test.ts b/packages/phone-number-privacy/signer/test/end-to-end/pnp.test.ts index 0b726d83d..8be4b6f10 100644 --- a/packages/phone-number-privacy/signer/test/end-to-end/pnp.test.ts +++ b/packages/phone-number-privacy/signer/test/end-to-end/pnp.test.ts @@ -15,7 +15,7 @@ import { } from '@celo/phone-number-privacy-common' import threshold_bls from 'blind-threshold-bls' import { randomBytes } from 'crypto' -import fetch, { Response } from 'node-fetch' +import 'isomorphic-fetch' import { config } from '../../src/config' import { getBlindedPhoneNumber, getTestParamsForContext } from './utils' From 3f1763a54cbbeb4ad487e58314104fcbaaaac0c2 Mon Sep 17 00:00:00 2001 From: Aaron DeRuvo Date: Fri, 6 Oct 2023 16:41:05 +0200 Subject: [PATCH 4/7] CI Reorg (#78) * move combiner tests to be separate as they re long running, combine encrypted backup and identity as they are fast * rename group to CI checks * require changeset to be present as part of lint --------- Co-authored-by: Aaron --- .changeset/unlucky-scissors-wave.md | 2 + .github/workflows/circleci.yml | 71 +++++++++++++---------------- 2 files changed, 34 insertions(+), 39 deletions(-) create mode 100644 .changeset/unlucky-scissors-wave.md diff --git a/.changeset/unlucky-scissors-wave.md b/.changeset/unlucky-scissors-wave.md new file mode 100644 index 000000000..a845151cc --- /dev/null +++ b/.changeset/unlucky-scissors-wave.md @@ -0,0 +1,2 @@ +--- +--- diff --git a/.github/workflows/circleci.yml b/.github/workflows/circleci.yml index 932864d6e..314689452 100644 --- a/.github/workflows/circleci.yml +++ b/.github/workflows/circleci.yml @@ -1,5 +1,5 @@ -name: social connect -run-name: social connect tests +name: CI Checks +run-name: ci checks # Dockefile for the self-hosted runner: # https://github.com/celo-org/infrastructure/blob/master/terraform/root-modules/gcp/integration-tests-gke/files/github-arc/Dockerfile-monorepo @@ -38,7 +38,7 @@ env: jobs: install-dependencies: - name: Install dependencies + name: Install + Build + outputs: package-json-checksum: ${{ steps.node-checksums.outputs.PACKAGE_JSON_CHECKSUM }} # Propagate more outputs if you need https://github.com/tj-actions/changed-files#outputs @@ -124,15 +124,6 @@ jobs: if: steps.cache_node.outputs.cache-hit != 'true' run: | yarn check-licenses - - name: Detect files changed in PR, and expose as output - id: changed-files - uses: tj-actions/changed-files@v37 - with: - # Using comma as separator to be able to easily match full paths (using ,) - separator: ',' - # Checking if changed in the last 100 commits in PRs - fetch_depth: '150' - - run: echo ",${{ steps.changed-files.outputs.all_modified_files }}" lint-checks: name: Lint code runs-on: ['self-hosted', 'org', '8-cpu'] @@ -155,8 +146,20 @@ jobs: package-json-checksum: ${{ needs.install-dependencies.outputs.package-json-checksum }} - run: yarn run prettify:diff - run: yarn run lint + - name: Detect files changed in PR, and expose as output + id: changed-files + uses: tj-actions/changed-files@v37 + with: + # Using comma as separator to be able to easily match full paths (using ,) + separator: ',' + # Checking if changed in the last 100 commits in PRs + fetch_depth: '150' + - run: echo ",${{ steps.changed-files.outputs.all_modified_files }}" + - name: Has Changeset + id: changeset + run: yarn changeset status --since origin/main general_test: - name: General jest test + name: General (identity + encrypted-backup) test runs-on: ['self-hosted', 'org', '8-cpu'] container: image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/celo-monorepo:node18 @@ -172,30 +175,28 @@ jobs: uses: ./.github/actions/sync-workspace with: package-json-checksum: ${{ needs.install-dependencies.outputs.package-json-checksum }} - - name: Run Jest Tests + - name: Run Encrypted Backup tests run: | - mkdir -p test-results/jest - # Skipping packages that are tested in a specific job below - yarn run lerna \ - --ignore @celo/identity \ - run test + yarn --cwd=packages/sdk/encrypted-backup test + - name: Run Identity Tests + run: | + yarn --cwd=packages/sdk/identity test - name: Upload Jest Test Results uses: actions/upload-artifact@v3 with: name: Jest Test Results path: test-results/jest - - - identity-tests: - name: Identity Tests + combiner-test: + name: Combiner test runs-on: ['self-hosted', 'org', '8-cpu'] container: image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/celo-monorepo:node18 timeout-minutes: 30 - needs: [install-dependencies] + needs: install-dependencies if: | github.base_ref == 'main' || contains(github.base_ref, 'staging') || contains(github.base_ref, 'production') || - contains(needs.install-dependencies.outputs.all_modified_files, 'packages/phone-number-privacy/common') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/phone-number-privacy/combiner') || + contains(needs.install-dependencies.outputs.all_modified_files, ',package.json') || contains(needs.install-dependencies.outputs.all_modified_files, ',yarn.lock') || false steps: @@ -209,25 +210,20 @@ jobs: uses: ./.github/actions/sync-workspace with: package-json-checksum: ${{ needs.install-dependencies.outputs.package-json-checksum }} - #- name: Generate DevChain - # run: | - # cd packages/sdk/identity - # yarn test:reset - - name: Run tests + - name: Run Tests for combiner run: | - yarn --cwd=packages/sdk/identity test + yarn --cwd=packages/phone-number-privacy/combiner test:coverage odis-test: - name: ODIS test + name: ODIS (signer + common) test + needs: install-dependencies runs-on: ['self-hosted', 'org', '8-cpu'] container: image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/celo-monorepo:node18 timeout-minutes: 30 - needs: [install-dependencies, lint-checks] + if: | github.base_ref == 'main' || contains(github.base_ref, 'staging') || contains(github.base_ref, 'production') || contains(needs.install-dependencies.outputs.all_modified_files, 'packages/phone-number-privacy') || - contains(needs.install-dependencies.outputs.all_modified_files, 'packages/protocol') || - contains(needs.install-dependencies.outputs.all_modified_files, 'packages/sdk') || contains(needs.install-dependencies.outputs.all_modified_files, ',package.json') || contains(needs.install-dependencies.outputs.all_modified_files, ',yarn.lock') || false @@ -245,9 +241,6 @@ jobs: - name: Run Tests for common package run: | yarn --cwd=packages/phone-number-privacy/common test:coverage - - name: Run Tests for combiner - run: | - yarn --cwd=packages/phone-number-privacy/combiner test:coverage - name: Run Tests for signer run: | - yarn --cwd=packages/phone-number-privacy/signer test:coverage + yarn --cwd=packages/phone-number-privacy/signer test:coverage \ No newline at end of file From 562302de81c75425e7c119db76166e2b895e1e4e Mon Sep 17 00:00:00 2001 From: Victoria <4222953+lvpeschke@users.noreply.github.com> Date: Fri, 6 Oct 2023 14:42:56 +0200 Subject: [PATCH 5/7] Create dependabot.yml Update GitHub Actions version automatically every Monday. --- .github/dependabot.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..6e3281732 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,14 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "github-actions" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + day: "monday" + interval: "weekly" + # To be added when a package manager decision has been taken + # - package-ecosystem: "npm" / "pnpm" # https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem From 491245331e1ed3e23a7d76ac591e8dc1c4ef3209 Mon Sep 17 00:00:00 2001 From: alvarof2 Date: Fri, 6 Oct 2023 18:10:28 +0200 Subject: [PATCH 6/7] Signer Dockerfile and GH Actions --- .github/workflows/container-all-monorepo.yml | 42 ------------------ .github/workflows/odis-signer-container.yml | 44 +++++++++++++++++++ .../{Dockerfile => Dockerfile-signer} | 20 +-------- 3 files changed, 46 insertions(+), 60 deletions(-) delete mode 100644 .github/workflows/container-all-monorepo.yml create mode 100644 .github/workflows/odis-signer-container.yml rename dockerfiles/phone-number-privacy/{Dockerfile => Dockerfile-signer} (63%) diff --git a/.github/workflows/container-all-monorepo.yml b/.github/workflows/container-all-monorepo.yml deleted file mode 100644 index 682f64d73..000000000 --- a/.github/workflows/container-all-monorepo.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -name: Build celo-monorepo container - -on: - push: - paths: - - 'dockerfiles/all-monorepo/**' - branches: - - master - pull_request: - paths: - - 'dockerfiles/all-monorepo/**' - workflow_dispatch: - -jobs: - celomonorepo-build-dev: - uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v1.8 - name: Build us-west1-docker.pkg.dev/devopsre/dev-images/monorepo:${{ github.sha }} - if: | - github.ref != 'refs/heads/master' - with: - workload-id-provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-monorepo/providers/github-by-repos - service-account: 'celo-monorepo-dev@devopsre.iam.gserviceaccount.com' - artifact-registry: us-west1-docker.pkg.dev/devopsre/dev-images/monorepo - tag: ${{ github.sha }} - context: . - file: dockerfiles/all-monorepo/Dockerfile - trivy: true - - celomonorepo-build: - uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v1.8 - name: Build us-west1-docker.pkg.dev/devopsre/celo-monorepo/monorepo:${{ github.sha }} - if: | - github.ref == 'refs/heads/master' - with: - workload-id-provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-monorepo-master/providers/github-by-repos - service-account: 'celo-monorepo@devopsre.iam.gserviceaccount.com' - artifact-registry: us-west1-docker.pkg.dev/devopsre/celo-monorepo/monorepo - tag: ${{ github.sha }} - context: . - file: dockerfiles/all-monorepo/Dockerfile - trivy: true diff --git a/.github/workflows/odis-signer-container.yml b/.github/workflows/odis-signer-container.yml new file mode 100644 index 000000000..1319a285b --- /dev/null +++ b/.github/workflows/odis-signer-container.yml @@ -0,0 +1,44 @@ +--- + name: Build ODIS signer image + + on: + push: + paths: + - 'dockerfiles/phone-number-privacy/Dockerfile-signer' + - 'packages/phone-number-privacy/signer/**' + branches: + - main + pull_request: + paths: + - 'dockerfiles/phone-number-privacy/Dockerfile-signer' + - 'packages/phone-number-privacy/signer/**' + workflow_dispatch: + + jobs: + odis-signer-build-dev: + uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v1.11.4 + name: Build us-west1-docker.pkg.dev/devopsre/dev-images/monorepo:${{ github.sha }} + if: | + github.ref != 'refs/heads/main' + with: + workload-id-provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-social-connect/providers/github-by-repos + service-account: 'social-connect-dev@devopsre.iam.gserviceaccount.com' + artifact-registry: us-west1-docker.pkg.dev/devopsre/dev-images/odis-signer + tag: ${{ github.sha }} + context: . + file: dockerfiles/phone-number-privacy/Dockerfile-signer + trivy: true + + odis-signer-build: + uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v1.11.4 + name: Build us-west1-docker.pkg.dev/devopsre/celo-monorepo/monorepo:${{ github.sha }} + if: | + github.ref == 'refs/heads/master' + with: + workload-id-provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-social-connect-main/providers/github-by-repos + service-account: 'social-connect@devopsre.iam.gserviceaccount.com' + artifact-registry: us-west1-docker.pkg.dev/devopsre/social-connect/odis-signer + tag: ${{ github.sha }} + context: . + file: dockerfiles/phone-number-privacy/Dockerfile-signer + trivy: true diff --git a/dockerfiles/phone-number-privacy/Dockerfile b/dockerfiles/phone-number-privacy/Dockerfile-signer similarity index 63% rename from dockerfiles/phone-number-privacy/Dockerfile rename to dockerfiles/phone-number-privacy/Dockerfile-signer index 65cf6acef..1b5c4cdf8 100644 --- a/dockerfiles/phone-number-privacy/Dockerfile +++ b/dockerfiles/phone-number-privacy/Dockerfile-signer @@ -5,22 +5,10 @@ FROM scratch AS packages # Assemble all dependencies into the packages folder so the second stage can select whether to # include all packages, or just the phone-number-privacy packages. WORKDIR /celo-phone-number-privacy/ -COPY packages/typescript packages/typescript -COPY packages/dev-utils packages/dev-utils COPY packages/phone-number-privacy/signer packages/phone-number-privacy/signer COPY packages/phone-number-privacy/common packages/phone-number-privacy/common -COPY packages/protocol packages/protocol -COPY packages/sdk/base packages/sdk/base -COPY packages/sdk/connect packages/sdk/connect -COPY packages/sdk/contractkit packages/sdk/contractkit -COPY packages/sdk/cryptographic-utils packages/sdk/cryptographic-utils -COPY packages/sdk/utils packages/sdk/utils -COPY packages/sdk/phone-utils packages/sdk/phone-utils -COPY packages/sdk/wallets/wallet-base packages/sdk/wallets/wallet-base -COPY packages/sdk/wallets/wallet-hsm packages/sdk/wallets/wallet-hsm -COPY packages/sdk/wallets/wallet-hsm-azure packages/sdk/wallets/wallet-hsm-azure -COPY packages/sdk/wallets/wallet-local packages/sdk/wallets/wallet-local -COPY packages/sdk/wallets/wallet-remote packages/sdk/wallets/wallet-remote +COPY packages/sdk/encrypted-backup packages/sdk/encrypted-backup +COPY packages/sdk/identity packages/sdk/identity ##### Main stage FROM node:18 @@ -30,12 +18,9 @@ WORKDIR /celo-phone-number-privacy/ # Copy monorepo settings COPY lerna.json package.json yarn.lock ./ -COPY scripts/ scripts/ -COPY patches/ patches/ # Makes build fail if it doesn't copy git, will be removed after build COPY .git .git -COPY .gitmodules .gitmodules # Setting ONLY_PUBLISHED_DEPENDENCIES to true or any non-empty string results in only the # phone-number-privacy package being copied into the image, and therefore it will only build using @@ -49,7 +34,6 @@ RUN yarn install --network-timeout 100000 --frozen-lockfile && yarn cache clean RUN yarn build RUN rm -r .git -RUN rm .gitmodules # Setup and run the signer application. ENV NODE_ENV production From 0b9b99fa4bffba4aa0ddd1533c349c5fde273944 Mon Sep 17 00:00:00 2001 From: alvarof2 Date: Fri, 6 Oct 2023 18:12:07 +0200 Subject: [PATCH 7/7] Delete Cloud Build yaml --- cloudbuild.yaml | 38 -------------------------------------- 1 file changed, 38 deletions(-) delete mode 100644 cloudbuild.yaml diff --git a/cloudbuild.yaml b/cloudbuild.yaml deleted file mode 100644 index 2ee58d511..000000000 --- a/cloudbuild.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# We use kaniko for building docker images -# More details: https://github.com/GoogleContainerTools/kaniko - -steps: - -- id: "docker:celotool" - name: gcr.io/kaniko-project/executor:v0.16.0 - args: [ - "--dockerfile=dockerfiles/celotool/Dockerfile", - "--cache=true", - "--destination=gcr.io/$PROJECT_ID/celo-monorepo:celotool-$COMMIT_SHA" - ] - waitFor: ['-'] - -- id: "docker:cli" - name: gcr.io/kaniko-project/executor:v0.16.0 - args: [ - "--dockerfile=dockerfiles/cli/Dockerfile", - "--cache=true", - "--destination=gcr.io/$PROJECT_ID/celocli:$COMMIT_SHA", - "--build-arg", - "celo_env=alfajores" - ] - waitFor: ['-'] - -- id: "docker:phone-number-privacy-signer" - name: gcr.io/kaniko-project/executor:v0.16.0 - args: [ - "--dockerfile=dockerfiles/phone-number-privacy/Dockerfile", - "--cache=true", - "--destination=us.gcr.io/$PROJECT_ID/celo-monorepo:phone-number-privacy-$COMMIT_SHA" - ] - waitFor: ['-'] - -options: - machineType: 'N1_HIGHCPU_8' - -timeout: 3000s \ No newline at end of file