From 212ffe1d52ca30c74973ba35e7c902bc58a60eec Mon Sep 17 00:00:00 2001 From: Jason Greathouse Date: Mon, 26 Feb 2024 15:06:33 -0800 Subject: [PATCH] update workflows with current runners and up to date actions (#41) * update workflows with current runners and up to date actions * clean up spacing * Update .github/workflows/CI.yml Co-authored-by: Nick Santana --------- Co-authored-by: Nick Santana --- .github/workflows/CI.yml | 85 ++++---- .github/workflows/build-deploy-staging.yaml | 205 ++++++++------------ .github/workflows/dispatch-deploy.yaml | 50 +++-- .github/workflows/release.yaml | 7 +- .github/workflows/tag.yaml | 17 +- 5 files changed, 159 insertions(+), 205 deletions(-) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 8730716..9e4bea4 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -21,53 +21,54 @@ permissions: jobs: test-rust-build: - runs-on: [self-hosted, Linux, large] + runs-on: mco-dev-large-x64 container: mobilecoin/builder-install:v0.0.25 steps: - - name: Check out code - uses: actions/checkout@v3 - with: - submodules: 'recursive' - - name: Setup Rust - uses: ./.github/actions/setup-rust - - name: Cargo build - uses: actions-rs/cargo@v1 - with: - command: build - args: --locked - - name: Check dirty git - uses: ./.github/actions/check-dirty-git + - name: Checkout + uses: mobilecoinofficial/gh-actions/checkout@v0 + + - name: Setup Rust + uses: ./.github/actions/setup-rust + + - name: Cargo build + shell: bash + run: | + cargo build --release --locked + + - name: Check dirty git + uses: ./.github/actions/check-dirty-git + lint-rust: - runs-on: [self-hosted, Linux, large] + runs-on: mco-dev-large-x64 container: mobilecoin/builder-install:v0.0.25 - steps: - - name: Check out code - uses: actions/checkout@v3 - with: - submodules: 'recursive' - - name: Setup Rust - uses: ./.github/actions/setup-rust - with: - components: rustfmt, clippy - - name: Run lint script - uses: ./.github/actions/lint - - name: Check dirty git - uses: ./.github/actions/check-dirty-git + - name: Checkout + uses: mobilecoinofficial/gh-actions/checkout@v0 + + - name: Setup Rust + uses: ./.github/actions/setup-rust + with: + components: rustfmt, clippy + + - name: Run lint script + uses: ./.github/actions/lint + + - name: Check dirty git + uses: ./.github/actions/check-dirty-git test: - runs-on: [self-hosted, Linux, large] + runs-on: mco-dev-large-x64 container: mobilecoin/builder-install:v0.0.25 steps: - - name: Check out code - uses: actions/checkout@v3 - with: - submodules: 'recursive' - - name: Setup Rust - uses: ./.github/actions/setup-rust - - name: Cargo test - uses: actions-rs/cargo@v1 - with: - command: test - args: --locked - - name: Check dirty git - uses: ./.github/actions/check-dirty-git + - name: Checkout + uses: mobilecoinofficial/gh-actions/checkout@v0 + + - name: Setup Rust + uses: ./.github/actions/setup-rust + + - name: Cargo test + shell: bash + run: | + cargo test --locked + + - name: Check dirty git + uses: ./.github/actions/check-dirty-git diff --git a/.github/workflows/build-deploy-staging.yaml b/.github/workflows/build-deploy-staging.yaml index b1e7bdb..0726c41 100644 --- a/.github/workflows/build-deploy-staging.yaml +++ b/.github/workflows/build-deploy-staging.yaml @@ -15,146 +15,109 @@ on: jobs: frontend: name: build-frontend - runs-on: [self-hosted, Linux, large] + runs-on: mco-dev-large-x64 steps: - - name: Checkout - uses: actions/checkout@v3 - with: - submodules: recursive - - - name: Setup Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v2 - with: - install: true - - - name: Login to DockerHub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Publish frontend to DockerHub - uses: docker/build-push-action@v3 - id: docker-push-frontend - with: - context: . - file: .internal-ci/docker/Dockerfile.frontend - tags: ${{ env.DOCKERHUB_ORG }}/${{env.REPO_NAME}}-frontend:${{ github.ref_name }} - push: true + - name: Checkout + uses: mobilecoinofficial/gh-actions/checkout@v0 + + - name: Docker + uses: mobilecoinofficial/gh-actions/docker@v0 + with: + dockerfile: Dockerfile + images: mobilecoin/reserve-auditor-frontend + flavor: latest=true + tags: | + type=ref,event=branch + type=semver,pattern=v{{version}} + type=sha + password: ${{ secrets.DOCKERHUB_TOKEN }} + username: ${{ secrets.DOCKERHUB_USERNAME }} backend: strategy: matrix: versions: - - {mobilecoind: v4.1.0-test, prefix: testnet, network: test} - - {mobilecoind: v4.1.0, prefix: mainnet, network: prod} + - {mobilecoind: v4.1.0-test, prefix: testnet, network: test} + - {mobilecoind: v4.1.0, prefix: mainnet, network: prod} name: Build-backend - runs-on: [self-hosted, Linux, large] - outputs: - version: ${{ steps.docker_meta.outputs.version }} + runs-on: mco-dev-large-x64 steps: - - name: Checkout - uses: actions/checkout@v3 - with: - submodules: recursive - - - name: Setup Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v2 - with: - install: true - - - name: Login to DockerHub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Generate Docker Tags - id: docker_meta - uses: docker/metadata-action@v4 - with: - flavor: latest=true - images: mobilecoin/reserve-auditor - tags: | - type=ref,event=branch - type=semver,pattern=v{{version}},suffix=-${{ matrix.versions.prefix }} - type=sha - - - - name: Publish backend to DockerHub - uses: docker/build-push-action@v3 - id: docker-push-backend - with: - context: . - build-args: | - MOBILECOIND_BASE_TAG=${{ matrix.versions.mobilecoind }} - NETWORK=${{ matrix.versions.network }} - file: Dockerfile - labels: ${{ steps.docker_meta.outputs.labels }} - tags: ${{ steps.docker_meta.outputs.tags }} - push: true + - name: Checkout + uses: mobilecoinofficial/gh-actions/checkout@v0 + + - name: Docker + uses: mobilecoinofficial/gh-actions/docker@v0 + with: + dockerfile: Dockerfile + images: mobilecoin/reserve-auditor + build_args: | + MOBILECOIND_BASE_TAG=${{ matrix.versions.mobilecoind }} + NETWORK=${{ matrix.versions.network }} + flavor: latest=true + tags: | + type=ref,event=branch + type=semver,pattern=v{{version}},suffix=-${{ matrix.versions.prefix }} + type=sha + password: ${{ secrets.DOCKERHUB_TOKEN }} + username: ${{ secrets.DOCKERHUB_USERNAME }} harbor: needs: backend name: Publish to Harbor - runs-on: [self-hosted, Linux, small] + runs-on: mco-dev-small-x64 steps: - - name: Checkout - uses: actions/checkout@v3 - with: - submodules: recursive - - - name: Package and publish chart - uses: mobilecoinofficial/gha-k8s-toolbox@v1 - with: - action: helm-publish - chart_repo_username: ${{ secrets.HARBOR_USERNAME }} - chart_repo_password: ${{ secrets.HARBOR_PASSWORD }} - chart_repo: ${{ env.CHART_REPO }} - chart_app_version: ${{ github.ref_name }} - chart_version: ${{ github.ref_name }} - chart_path: ${{ env.CHART_PATH }} + - name: Checkout + uses: mobilecoinofficial/gh-actions/checkout@v0 + + - name: Package and publish chart + uses: mobilecoinofficial/gha-k8s-toolbox@v1 + with: + action: helm-publish + chart_repo_username: ${{ secrets.HARBOR_USERNAME }} + chart_repo_password: ${{ secrets.HARBOR_PASSWORD }} + chart_repo: ${{ env.CHART_REPO }} + chart_app_version: ${{ github.ref_name }} + chart_version: ${{ github.ref_name }} + chart_path: ${{ env.CHART_PATH }} deploy: name: Deploy - runs-on: [self-hosted, Linux] + runs-on: mco-dev-small-x64 needs: [backend,harbor] strategy: matrix: target: - - {chain: main, network: main-stage} - - {chain: test, network: test-stage} + - {chain: main, network: main-stage} + - {chain: test, network: test-stage} steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Create ${{ matrix.target }} namespace - uses: mobilecoinofficial/gha-k8s-toolbox@v1 - with: - action: namespace-create - namespace: reserve-auditor-staging - rancher_cluster: ${{ env.TARGET_CLUSTER }} - rancher_url: ${{ secrets.RANCHER_B_URL }} - rancher_token: ${{ secrets.RANCHER_B_TOKEN }} - - - name: Deploys ${{ matrix.target.chain }}net release - uses: mobilecoinofficial/gha-k8s-toolbox@v1 - with: - action: helm-deploy - rancher_cluster: ${{ env.TARGET_CLUSTER }} - namespace: reserve-auditor-staging - release_name: ${{ matrix.target.chain }}net-${{ env.REPO_NAME }} - rancher_url: ${{ secrets.RANCHER_B_URL }} - rancher_token: ${{ secrets.RANCHER_B_TOKEN }} - chart_repo: ${{ env.CHART_REPO }} - chart_name: ${{ env.REPO_NAME}} - chart_version: ${{ github.ref_name }} - chart_values: ${{ env.CHART_PATH }}/${{ matrix.target.chain }}net-values.yaml - chart_set: | - --set=mobilecoind.image.tag=${{ github.ref_name }}-${{ matrix.target.chain }}net - --set=frontend.image.tag=${{ github.ref_name }} - --set=ingress.host=auditor.stage.${{ matrix.target.chain }}.mobilecoin.com - --set=frontend.network=${{ matrix.target.network }} + - name: Checkout + uses: mobilecoinofficial/gh-actions/checkout@v0 + + - name: Create reserve-auditor-staging namespace + uses: mobilecoinofficial/gha-k8s-toolbox@v1 + with: + action: namespace-create + namespace: reserve-auditor-staging + rancher_cluster: ${{ env.TARGET_CLUSTER }} + rancher_url: ${{ secrets.RANCHER_B_URL }} + rancher_token: ${{ secrets.RANCHER_B_TOKEN }} + + - name: Deploys ${{ matrix.target.chain }}net release + uses: mobilecoinofficial/gha-k8s-toolbox@v1 + with: + action: helm-deploy + rancher_cluster: ${{ env.TARGET_CLUSTER }} + namespace: reserve-auditor-staging + release_name: ${{ matrix.target.chain }}net-${{ env.REPO_NAME }} + rancher_url: ${{ secrets.RANCHER_B_URL }} + rancher_token: ${{ secrets.RANCHER_B_TOKEN }} + chart_repo: ${{ env.CHART_REPO }} + chart_name: ${{ env.REPO_NAME}} + chart_version: ${{ github.ref_name }} + chart_values: ${{ env.CHART_PATH }}/${{ matrix.target.chain }}net-values.yaml + # CBB: change mobilecoind.image to reserveAuditor.image... + chart_set: | + --set=mobilecoind.image.tag=${{ github.ref_name }}-${{ matrix.target.chain }}net + --set=ingress.host=auditor.stage.${{ matrix.target.chain }}.mobilecoin.com + --set=frontend.network=${{ matrix.target.network }} diff --git a/.github/workflows/dispatch-deploy.yaml b/.github/workflows/dispatch-deploy.yaml index 0eee09a..320fe91 100644 --- a/.github/workflows/dispatch-deploy.yaml +++ b/.github/workflows/dispatch-deploy.yaml @@ -12,35 +12,33 @@ on: jobs: prod-deploy: - runs-on: [self-hosted, Linux] + runs-on: mco-dev-small-x64 strategy: matrix: target: [mainnet, testnet] steps: - - name: Checkout - uses: actions/checkout@v3 + - name: Checkout + uses: mobilecoinofficial/gh-actions/checkout@v0 - - name: Create ${{ matrix.target }} namespace - uses: mobilecoinofficial/gha-k8s-toolbox@v1 - with: - action: namespace-create - namespace: ${{ matrix.target }}-reserve-auditor - rancher_cluster: ${{ env.TARGET_CLUSTER }} - rancher_url: ${{ secrets.RANCHER_B_URL }} - rancher_token: ${{ secrets.RANCHER_B_TOKEN }} + - name: Create ${{ matrix.target }} namespace + uses: mobilecoinofficial/gha-k8s-toolbox@v1 + with: + action: namespace-create + namespace: ${{ matrix.target }}-reserve-auditor + rancher_cluster: ${{ env.TARGET_CLUSTER }} + rancher_url: ${{ secrets.RANCHER_B_URL }} + rancher_token: ${{ secrets.RANCHER_B_TOKEN }} - - name: Deploys ${{ matrix.target }} release - uses: mobilecoinofficial/gha-k8s-toolbox@v1 - with: - action: helm-deploy - rancher_cluster: ${{ env.TARGET_CLUSTER }} - namespace: ${{ matrix.target }}-reserve-auditor - release_name: ${{ matrix.target }}-${{ env.REPO_NAME }} - rancher_url: ${{ secrets.RANCHER_B_URL }} - rancher_token: ${{ secrets.RANCHER_B_TOKEN }} - chart_repo: ${{ env.CHART_REPO }} - chart_name: ${{ env.REPO_NAME}} - chart_version: ${{ github.ref_name }} - chart_values: ${{ env.CHART_PATH }}/${{ matrix.target }}-values.yaml - chart_set: | - --set=frontend.image.tag=${{ needs.build.outputs.tag }} + - name: Deploys ${{ matrix.target }} release + uses: mobilecoinofficial/gha-k8s-toolbox@v1 + with: + action: helm-deploy + rancher_cluster: ${{ env.TARGET_CLUSTER }} + namespace: ${{ matrix.target }}-reserve-auditor + release_name: ${{ matrix.target }}-${{ env.REPO_NAME }} + rancher_url: ${{ secrets.RANCHER_B_URL }} + rancher_token: ${{ secrets.RANCHER_B_TOKEN }} + chart_repo: ${{ env.CHART_REPO }} + chart_name: ${{ env.REPO_NAME}} + chart_version: ${{ github.ref_name }} + chart_values: ${{ env.CHART_PATH }}/${{ matrix.target }}-values.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 78bb880..0eaa1b2 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -11,11 +11,12 @@ permissions: jobs: gh-release: - runs-on: [self-hosted, Linux, small] + runs-on: mco-dev-small-x64 steps: - name: Checkout - uses: actions/checkout@v3 + uses: mobilecoinofficial/gh-actions/checkout@v0 + - name: Create a GitHub Release - uses: softprops/action-gh-release@v1 + uses: mobilecoinofficial/gh-actions/gh-release@v0 with: generate_release_notes: true diff --git a/.github/workflows/tag.yaml b/.github/workflows/tag.yaml index 2146550..7bb595c 100644 --- a/.github/workflows/tag.yaml +++ b/.github/workflows/tag.yaml @@ -7,18 +7,9 @@ on: jobs: tag: - runs-on: [self-hosted, Linux, small] + runs-on: mco-dev-small-x64 steps: - # We need to use an external PAT here because GHA will not run downstream events if we use the built in token. - - name: Checkout - uses: actions/checkout@v3 + - name: bump tag + uses: mobilecoinofficial/gh-actions/tag@v0 with: - token: ${{ secrets.ACTIONS_TOKEN }} - - - name: Bump GitHub tag - id: bump - uses: anothrNick/github-tag-action@v1 - env: - GITHUB_TOKEN: ${{ secrets.ACTIONS_TOKEN }} - WITH_V: 'true' - DEFAULT_BUMP: patch + github_token: ${{ secrets.ACTIONS_TOKEN }}