HSM handling improvements. #3693
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and test | |
on: | |
push: | |
branches: | |
- "main" | |
tags: | |
- "v*" | |
paths-ignore: | |
- "release-index.yaml" | |
- "replica-releases/**" | |
- "node-labels/**" | |
pull_request: | |
paths-ignore: | |
- "release-index.yaml" | |
- "replica-releases/**" | |
- "node-labels/**" | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
bazel: | |
runs-on: | |
labels: dre-runner-custom | |
# This image is based on ubuntu:20.04 | |
container: ghcr.io/dfinity/dre/actions-runner:3dd4f38f076cad73fdcc68ad37fd29bed4fa3e4d | |
steps: | |
- name: Create GitHub App Token | |
uses: actions/create-github-app-token@v1 | |
id: app-token | |
with: | |
app-id: ${{ vars.PR_AUTOMATION_BOT_PUBLIC_APP_ID }} | |
private-key: ${{ secrets.PR_AUTOMATION_BOT_PUBLIC_PRIVATE_KEY }} | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 2 | |
- name: "☁️ Setup runner" | |
uses: ./.github/workflows/manage-runner-pre | |
######################################## | |
# Build and test | |
# Will run test as a local subprocess because for some tests | |
# create status files on certain locations (like $HOME) | |
######################################## | |
- name: "🚀 Building" | |
uses: ./.github/workflows/build | |
with: | |
GITHUB_TOKEN: "${{ steps.app-token.outputs.token }}" | |
- name: "🚀 Testing" | |
env: | |
STAGING_PRIVATE_KEY_PEM: "${{ secrets.STAGING_PRIVATE_KEY_PEM }}" | |
run: | | |
mkdir -p ~/.config/dfx/identity/bootstrap-super-leader/ | |
echo $STAGING_PRIVATE_KEY_PEM > ~/.config/dfx/identity/bootstrap-super-leader/identity.pem | |
bazel test ... --spawn_strategy=local --test_env=HOME=/home/runner | |
# We don't need the linear-jira build and test step for now | |
# - name: "🚀 Build and Test Linear-Jira with Bazel" | |
# shell: bash | |
# run: | | |
# set -euxo pipefail | |
# cd linear-jira | |
# bazel build --config=ci ... | |
# bazel test --config=ci ... || true | |
# bazel query --noshow_progress 'kind("oci_push", ...)' | xargs -P $(nproc) -I_target bazel run _target -- --tag ${{ github.sha }} | |
######################################## | |
# Upload test artifacts | |
######################################## | |
- name: "🧪 Upload test artifacts" | |
if: ${{ github.ref == 'refs/heads/main' }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: test-artifacts | |
path: bazel-out/k8-opt/bin/rs/ic-observability/multiservice-discovery/multiservice-discovery | |
######################################## | |
# Prepare release | |
######################################## | |
- name: "🚢 Prepare release" | |
if: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
uses: ./.github/workflows/prepare-release | |
with: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
######################################## | |
# Upload container images | |
######################################## | |
- name: "🔧 Login to GitHub Container Registry" | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: "📦 Push images to GitHub Container Registry" | |
if: ${{ startsWith(github.ref, 'refs/tags/v') || startsWith(github.head_ref, 'container') || startsWith(github.ref, 'refs/heads/container') || (github.ref == 'refs/heads/main') }} | |
run: bazel query --noshow_progress 'kind("oci_push", ...)' | xargs -I_target bazel run _target -- --tag ${GITHUB_SHA} | |
######################################## | |
# Check if dashboard/* changed to see if | |
# it also needs to be updated in k8s | |
######################################## | |
- name: "❓ Check if dashboard/* changed in last commit" | |
id: check | |
uses: ./.github/workflows/check-modified-files-as-step | |
with: | |
path: dashboard/* | |
- name: "💲 Setting correct paths to update" | |
id: paths | |
shell: bash | |
run: | | |
files=( | |
bases/apps/ic-release-controller/controller/controller.yaml | |
bases/apps/ic-release-controller/commit-annotator/commit-annotator.yaml | |
bases/apps/mainnet-dashboard/backend/base/deployment.yaml | |
bases/apps/mainnet-dashboard/statefulset-slack.yaml | |
bases/apps/service-discovery/service-discovery.yaml | |
.github/workflows/dre-vector-configs.yaml | |
) | |
if [[ $changed == "true" ]]; then | |
echo "Adding frontend to list of files" | |
files+=( bases/apps/mainnet-dashboard/frontend/deployment.yaml ) | |
else | |
echo "Skipping adding of frontend to list of files" | |
fi | |
echo "Output of this step:" | |
echo ${files[@]} | |
echo "files=${files[@]}" >> $GITHUB_ENV | |
######################################## | |
# Deploy to github pages | |
######################################## | |
- name: "🚢 Deploy to GitHub Pages" | |
if: ${{ github.ref == 'refs/heads/main' }} | |
run: | | |
git config --global user.email "[email protected]" | |
git config --global user.name "GitHub Actions" | |
bazel run "//:mkdocs" -- gh-deploy --force | |
######################################## | |
# Update k8s deployments | |
######################################## | |
- name: "🤖 Update k8s deployments" | |
if: ${{ github.ref == 'refs/heads/main' }} | |
uses: ./.github/workflows/update-k8s-deployments | |
with: | |
github_api_token: ${{ secrets.K8S_API_TOKEN }} | |
######################################## | |
# Clean up runner | |
######################################## | |
- uses: ./.github/workflows/manage-runner-post | |
name: "🪓 Tear down runner" | |
if: ${{ !startsWith(runner.name, 'dre-runner-custom') }} | |
with: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |