Skip to content

HSM handling improvements. #3695

HSM handling improvements.

HSM handling improvements. #3695

Workflow file for this run

name: Build and test
on:
push:
branches:
- "main"
tags:
- "v*"
paths-ignore:
- "release-index.yaml"
- "replica-releases/**"
- "node-labels/**"
pull_request:
paths-ignore:
- "release-index.yaml"
- "replica-releases/**"
- "node-labels/**"
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
bazel:
runs-on:
labels: dre-runner-custom
# This image is based on ubuntu:20.04
container: ghcr.io/dfinity/dre/actions-runner:3dd4f38f076cad73fdcc68ad37fd29bed4fa3e4d
steps:
- name: Create GitHub App Token
uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.PR_AUTOMATION_BOT_PUBLIC_APP_ID }}
private-key: ${{ secrets.PR_AUTOMATION_BOT_PUBLIC_PRIVATE_KEY }}
- uses: actions/checkout@v4
with:
fetch-depth: 2
- name: "☁️ Setup runner"
uses: ./.github/workflows/manage-runner-pre
########################################
# Build and test
# Will run test as a local subprocess because for some tests
# create status files on certain locations (like $HOME)
########################################
- name: "🚀 Building"
uses: ./.github/workflows/build
with:
GITHUB_TOKEN: "${{ steps.app-token.outputs.token }}"
- name: "🚀 Testing"
env:
STAGING_PRIVATE_KEY_PEM: "${{ secrets.STAGING_PRIVATE_KEY_PEM }}"
run: |
mkdir -p ~/.config/dfx/identity/bootstrap-super-leader/
echo $STAGING_PRIVATE_KEY_PEM > ~/.config/dfx/identity/bootstrap-super-leader/identity.pem
bazel test ... --spawn_strategy=local --test_env=HOME=/home/runner
# We don't need the linear-jira build and test step for now
# - name: "🚀 Build and Test Linear-Jira with Bazel"
# shell: bash
# run: |
# set -euxo pipefail
# cd linear-jira
# bazel build --config=ci ...
# bazel test --config=ci ... || true
# bazel query --noshow_progress 'kind("oci_push", ...)' | xargs -P $(nproc) -I_target bazel run _target -- --tag ${{ github.sha }}
########################################
# Upload test artifacts
########################################
- name: "🧪 Upload test artifacts"
if: ${{ github.ref == 'refs/heads/main' }}
uses: actions/upload-artifact@v4
with:
name: test-artifacts
path: bazel-out/k8-opt/bin/rs/ic-observability/multiservice-discovery/multiservice-discovery
########################################
# Prepare release
########################################
- name: "🚢 Prepare release"
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
uses: ./.github/workflows/prepare-release
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
########################################
# Upload container images
########################################
- name: "🔧 Login to GitHub Container Registry"
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: "📦 Push images to GitHub Container Registry"
if: ${{ startsWith(github.ref, 'refs/tags/v') || startsWith(github.head_ref, 'container') || startsWith(github.ref, 'refs/heads/container') || (github.ref == 'refs/heads/main') }}
run: bazel query --noshow_progress 'kind("oci_push", ...)' | xargs -I_target bazel run _target -- --tag ${GITHUB_SHA}
########################################
# Check if dashboard/* changed to see if
# it also needs to be updated in k8s
########################################
- name: "❓ Check if dashboard/* changed in last commit"
id: check
uses: ./.github/workflows/check-modified-files-as-step
with:
path: dashboard/*
- name: "💲 Setting correct paths to update"
id: paths
shell: bash
run: |
files=(
bases/apps/ic-release-controller/controller/controller.yaml
bases/apps/ic-release-controller/commit-annotator/commit-annotator.yaml
bases/apps/mainnet-dashboard/backend/base/deployment.yaml
bases/apps/mainnet-dashboard/statefulset-slack.yaml
bases/apps/service-discovery/service-discovery.yaml
.github/workflows/dre-vector-configs.yaml
)
if [[ $changed == "true" ]]; then
echo "Adding frontend to list of files"
files+=( bases/apps/mainnet-dashboard/frontend/deployment.yaml )
else
echo "Skipping adding of frontend to list of files"
fi
echo "Output of this step:"
echo ${files[@]}
echo "files=${files[@]}" >> $GITHUB_ENV
########################################
# Deploy to github pages
########################################
- name: "🚢 Deploy to GitHub Pages"
if: ${{ github.ref == 'refs/heads/main' }}
run: |
git config --global user.email "[email protected]"
git config --global user.name "GitHub Actions"
bazel run "//:mkdocs" -- gh-deploy --force
########################################
# Update k8s deployments
########################################
- name: "🤖 Update k8s deployments"
if: ${{ github.ref == 'refs/heads/main' }}
uses: ./.github/workflows/update-k8s-deployments
with:
github_api_token: ${{ secrets.K8S_API_TOKEN }}
########################################
# Clean up runner
########################################
- uses: ./.github/workflows/manage-runner-post
name: "🪓 Tear down runner"
if: ${{ !startsWith(runner.name, 'dre-runner-custom') }}
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}