Merge pull request #532 from radixdlt/release-date-for-1.0.1 #1310
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: main | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - develop | |
| - release\/* | |
| pull_request: | |
| branches: | |
| - main | |
| - develop | |
| - release\/* | |
| env: | |
| DOTNET_VERSION: "7.0.x" | |
| jobs: | |
| snyk-scan: | |
| name: snyk scan | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| pull-requests: read | |
| contents: read | |
| deployments: write | |
| steps: | |
| - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b | |
| - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main | |
| with: | |
| role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }} | |
| app_name: 'babylon-gateway' | |
| step_name: 'snyk-scan' | |
| secret_prefix: 'SNYK' | |
| secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }} | |
| parse_json: true | |
| - name: Setup .NET SDK | |
| uses: actions/setup-dotnet@607fce577a46308457984d59e4954e075820f10a | |
| with: | |
| dotnet-version: ${{ env.DOTNET_VERSION }} | |
| - name: Install dependencies | |
| run: dotnet restore | |
| - name: Run Snyk to check for deps vulnerabilities | |
| uses: snyk/actions/dotnet@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0 | |
| with: | |
| args: --all-projects --org=${{ env.SNYK_SERVICES_ORG_ID }} --severity-threshold=critical | |
| - name: Run Snyk to check for code vulnerabilities | |
| uses: snyk/actions/dotnet@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0 | |
| with: | |
| args: --all-projects --org=${{ env.SNYK_SERVICES_ORG_ID }} --severity-threshold=high | |
| command: code test | |
| - name: Generate SBOM # check SBOM can be generated but nothing is done with it | |
| uses: snyk/actions/dotnet@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0 | |
| with: | |
| args: --all-projects --org=${{ env.SNYK_SERVICES_ORG_ID }} --exclude=package.json --format=cyclonedx1.4+json --json-file-output sbom.json | |
| command: sbom | |
| build: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b | |
| - name: Setup .NET SDK | |
| uses: actions/setup-dotnet@607fce577a46308457984d59e4954e075820f10a | |
| with: | |
| dotnet-version: ${{ env.DOTNET_VERSION }} | |
| - name: Install dependencies | |
| run: dotnet restore | |
| - name: Build | |
| run: dotnet build --configuration Release --no-restore | |
| - name: Unit tests | |
| # Add --verbosity normal to get more noisy logs if required for debugging | |
| run: dotnet test --no-restore --filter RadixDlt.NetworkGateway.UnitTests | |
| setup-tags: | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| database-migrations-tag: ${{ steps.setup_tags.outputs.database-migrations-tag }} | |
| data-aggregator-tag: ${{ steps.setup_tags.outputs.data-aggregator-tag }} | |
| gateway-api-tag: ${{ steps.setup_tags.outputs.gateway-api-tag }} | |
| steps: | |
| - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b | |
| - name: Setup tags for docker image | |
| id: setup_tags | |
| uses: ./.github/actions/set-variables | |
| with: | |
| github_event_name: ${{ github.event_name }} | |
| github_action_name: ${{ github.event.action}} | |
| - name: Publish Gateway Settings | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| path: Directory.Build.props | |
| name: build_props | |
| retention-days: 1 | |
| docker-database-migrations-private: | |
| name: AMD Migration | |
| needs: | |
| - setup-tags | |
| - snyk-scan | |
| uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main | |
| with: | |
| runs_on: ubuntu-22.04 | |
| image_registry: "docker.io" | |
| image_organization: "radixdlt" | |
| image_name: "private-babylon-ng-database-migrations" | |
| tag: ${{ needs.setup-tags.outputs.database-migrations-tag }}-amd64 | |
| context: "." | |
| dockerfile: "./apps/DatabaseMigrations/Dockerfile" | |
| platforms: "linux/amd64" | |
| restore_artifact: "true" | |
| artifact_location: "./" | |
| artifact_name: build_props | |
| provenance: "false" | |
| scan_image: true | |
| snyk_target_ref: ${{ github.ref_name }} | |
| docker-database-migrations-private-arm: | |
| name: ARM Migration | |
| needs: | |
| - setup-tags | |
| uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main | |
| with: | |
| runs_on: babylon-gateway-arm | |
| image_registry: "docker.io" | |
| image_organization: "radixdlt" | |
| image_name: "private-babylon-ng-database-migrations" | |
| tag: ${{ needs.setup-tags.outputs.database-migrations-tag }}-arm64 | |
| context: "." | |
| dockerfile: "./apps/DatabaseMigrations/Dockerfile" | |
| platforms: "linux/arm64" | |
| restore_artifact: "true" | |
| artifact_location: "./" | |
| artifact_name: build_props | |
| provenance: "false" | |
| disable_qemu: true | |
| docker-data-aggregator-private: | |
| name: AMD Aggregator | |
| needs: | |
| - setup-tags | |
| - snyk-scan | |
| uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main | |
| with: | |
| runs_on: ubuntu-22.04 | |
| image_registry: "docker.io" | |
| image_organization: "radixdlt" | |
| image_name: "private-babylon-ng-data-aggregator" | |
| tag: ${{ needs.setup-tags.outputs.data-aggregator-tag }}-amd64 | |
| context: "." | |
| dockerfile: "./apps/DataAggregator/Dockerfile" | |
| platforms: "linux/amd64" | |
| restore_artifact: "true" | |
| artifact_location: "./" | |
| artifact_name: build_props | |
| provenance: "false" | |
| scan_image: true | |
| snyk_target_ref: ${{ github.ref_name }} | |
| docker-data-aggregator-private-arm: | |
| name: ARM Aggregator | |
| needs: | |
| - setup-tags | |
| uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main | |
| with: | |
| runs_on: babylon-gateway-arm | |
| image_registry: "docker.io" | |
| image_organization: "radixdlt" | |
| image_name: "private-babylon-ng-data-aggregator" | |
| tag: ${{ needs.setup-tags.outputs.data-aggregator-tag }}-arm64 | |
| context: "." | |
| dockerfile: "./apps/DataAggregator/Dockerfile" | |
| platforms: "linux/arm64" | |
| restore_artifact: "true" | |
| artifact_location: "./" | |
| artifact_name: build_props | |
| provenance: "false" | |
| disable_qemu: true | |
| docker-gateway-api-private: | |
| name: AMD Gateway | |
| needs: | |
| - setup-tags | |
| - snyk-scan | |
| uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main | |
| with: | |
| runs_on: ubuntu-22.04 | |
| image_registry: "docker.io" | |
| image_organization: "radixdlt" | |
| image_name: "private-babylon-ng-gateway-api" | |
| tag: ${{ needs.setup-tags.outputs.gateway-api-tag }}-amd64 | |
| context: "." | |
| dockerfile: "./apps/GatewayApi/Dockerfile" | |
| platforms: "linux/amd64" | |
| restore_artifact: "true" | |
| artifact_location: "./" | |
| artifact_name: build_props | |
| provenance: "false" | |
| scan_image: true | |
| snyk_target_ref: ${{ github.ref_name }} | |
| docker-gateway-api-private-arm: | |
| name: ARM Gateway | |
| needs: | |
| - setup-tags | |
| uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main | |
| with: | |
| runs_on: babylon-gateway-arm | |
| image_registry: "docker.io" | |
| image_organization: "radixdlt" | |
| image_name: "private-babylon-ng-gateway-api" | |
| tag: ${{ needs.setup-tags.outputs.gateway-api-tag }}-arm64 | |
| context: "." | |
| dockerfile: "./apps/GatewayApi/Dockerfile" | |
| platforms: "linux/arm64" | |
| restore_artifact: "true" | |
| artifact_location: "./" | |
| artifact_name: build_props | |
| provenance: "false" | |
| disable_qemu: true | |
| join-gateway-images: | |
| name: Gateway | |
| needs: | |
| - setup-tags | |
| - docker-gateway-api-private | |
| - docker-gateway-api-private-arm | |
| uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/merge-docker-images.yml@main | |
| with: | |
| image_name: private-babylon-ng-gateway-api | |
| image_tag: ${{ needs.setup-tags.outputs.gateway-api-tag }} | |
| tag_suffix_1: amd64 | |
| tag_suffix_2: arm64 | |
| aws_dockerhub_secret: github-actions/common/dockerhub-credentials | |
| secrets: | |
| role-to-assume: ${{ secrets.GH_COMMON_SECRETS_READ_ROLE }} | |
| join-aggregator-images: | |
| name: Aggregator | |
| needs: | |
| - setup-tags | |
| - docker-data-aggregator-private | |
| - docker-data-aggregator-private-arm | |
| uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/merge-docker-images.yml@main | |
| with: | |
| image_name: private-babylon-ng-data-aggregator | |
| image_tag: ${{ needs.setup-tags.outputs.data-aggregator-tag }} | |
| tag_suffix_1: amd64 | |
| tag_suffix_2: arm64 | |
| aws_dockerhub_secret: github-actions/common/dockerhub-credentials | |
| secrets: | |
| role-to-assume: ${{ secrets.GH_COMMON_SECRETS_READ_ROLE }} | |
| join-migrations-images: | |
| name: Migration | |
| needs: | |
| - setup-tags | |
| - docker-database-migrations-private | |
| - docker-database-migrations-private-arm | |
| uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/merge-docker-images.yml@main | |
| with: | |
| image_name: private-babylon-ng-database-migrations | |
| image_tag: ${{ needs.setup-tags.outputs.database-migrations-tag }} | |
| tag_suffix_1: amd64 | |
| tag_suffix_2: arm64 | |
| aws_dockerhub_secret: github-actions/common/dockerhub-credentials | |
| secrets: | |
| role-to-assume: ${{ secrets.GH_COMMON_SECRETS_READ_ROLE }} | |
| deploy-on-mardunet: | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - docker-gateway-api-private | |
| - docker-data-aggregator-private | |
| - docker-database-migrations-private | |
| - setup-tags | |
| if: github.ref == 'refs/heads/develop' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b | |
| - uses: ./.github/actions/fetch-secrets | |
| with: | |
| role_name: ${{ secrets.GH_BABYLON_GATEWAY_SECRETS_READ_ACCESS_ROLE }} | |
| app_name: "babylon-gateway" | |
| step_name: "deploy-on-mardunet" | |
| secret_prefix: "CF_GITHUB_WORKER" | |
| secret_name: "github-actions/radixdlt/babylon-gateway/cloudflare" | |
| parse_json: true | |
| - name: Process ci.env | |
| run: | | |
| export $(grep -v '^#' ./deployment/ci.env | xargs) | |
| echo "FULLNODE_VERSION=$FULLNODE_VERSION" >> $GITHUB_ENV | |
| - name: Check if ci.env changed | |
| id: changed-files | |
| uses: tj-actions/changed-files@db5dd7c176cf59a19ef6561bf1936f059dee4b74 | |
| with: | |
| files: | | |
| deployment/ci.env | |
| - name: Trigger deployment event ${{ github.ref }} | |
| env: | |
| NAMESPACE: "ng-mardunet" | |
| EVENT_TYPE: "ng_babylon_mardunet" | |
| run: | | |
| curl --silent --show-error --fail --location --request POST 'https://github-worker.radixdlt.com/repos/radixdlt/${{secrets.DISPATCH_REPO}}/dispatches' \ | |
| --header 'Accept: application/vnd.github.v3+json' \ | |
| --header 'Authorization: Basic ${{env.CF_GITHUB_WORKER_ENCODED_BASIC_AUTH}}' \ | |
| --header 'Content-Type: application/json' \ | |
| --data-raw '{ | |
| "event_type": "${{env.EVENT_TYPE}}", | |
| "client_payload": { | |
| "namespace_postfix": "${{env.NAMESPACE}}", | |
| "ci_env_changed": "${{steps.changed-files.outputs.any_changed}}", | |
| "data_aggregator_image_tag": "${{ needs.setup-tags.outputs.data-aggregator-tag }}", | |
| "gateway_api_image_tag": "${{ needs.setup-tags.outputs.gateway-api-tag }}", | |
| "database_migrations_image_tag": "${{ needs.setup-tags.outputs.database-migrations-tag }}", | |
| "core_docker_tag": "${{env.FULLNODE_VERSION}}" | |
| } | |
| }' | |
| ephemeral-deploy-and-benchmark: | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - docker-gateway-api-private | |
| - docker-data-aggregator-private | |
| - docker-database-migrations-private | |
| - setup-tags | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/develop' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b | |
| - uses: ./.github/actions/fetch-secrets | |
| with: | |
| role_name: ${{ secrets.GH_BABYLON_GATEWAY_SECRETS_READ_ACCESS_ROLE }} | |
| app_name: "babylon-gateway" | |
| step_name: "ephemeral-deploy-and-benchmark" | |
| secret_prefix: "JENKINS" | |
| secret_name: "github-actions/radixdlt/babylon-gateway/jenkins-api-token" | |
| parse_json: true | |
| - name: Process ci.env | |
| run: | | |
| export $(grep -v '^#' ./deployment/ci.env | xargs) | |
| echo "FULLNODE_VERSION=$FULLNODE_VERSION" >> $GITHUB_ENV | |
| - name: Check if ci.env changed | |
| id: changed-files | |
| uses: tj-actions/changed-files@db5dd7c176cf59a19ef6561bf1936f059dee4b74 | |
| with: | |
| files: | | |
| deployment/ci.env | |
| - name: Deploy and run benchmark on an ephemeral network | |
| uses: toptal/jenkins-job-trigger-action@649c04c83c099c759aba134bf78138a303ec095f | |
| with: | |
| jenkins_url: "${{ env.JENKINS_URL }}" | |
| jenkins_user: ${{ env.JENKINS_USER }} | |
| jenkins_token: ${{ env.JENKINS_TOKEN }} | |
| job_name: "ephemeral-deployments/job/ephemeral-env-gateway-benchmark" | |
| job_params: | | |
| { | |
| "gatewayDockerTag": "${{ needs.setup-tags.outputs.gateway-api-tag }}", | |
| "gatewayBranch": "${{ env.GATEWAY_BRANCH }}", | |
| "nodeDockerTag": "${{ env.FULLNODE_VERSION }}", | |
| "postgresVersion": "${{ env.POSTGRES_VERSION }}" | |
| } | |
| job_timeout: "3600" | |
| deploy-pr: | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - docker-gateway-api-private | |
| - docker-data-aggregator-private | |
| - docker-database-migrations-private | |
| - setup-tags | |
| if: github.event_name == 'pull_request' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b | |
| - uses: ./.github/actions/fetch-secrets | |
| with: | |
| role_name: ${{ secrets.GH_BABYLON_GATEWAY_SECRETS_READ_ACCESS_ROLE }} | |
| app_name: "babylon-gateway" | |
| step_name: "deploy-pr" | |
| secret_prefix: "CF_GITHUB_WORKER" | |
| secret_name: "github-actions/radixdlt/babylon-gateway/cloudflare" | |
| parse_json: true | |
| - name: setup "namespace_postfix" | |
| run: | | |
| pull_number=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH") | |
| echo "NAMESPACE=pr-$pull_number" >> $GITHUB_ENV | |
| - name: Trigger pull request deployment event ${{ github.ref }} | |
| env: | |
| EVENT_TYPE: "ng_babylon_pr" | |
| run: | | |
| curl --silent --show-error --fail --location --request POST 'https://github-worker.radixdlt.com/repos/radixdlt/${{secrets.DISPATCH_REPO}}/dispatches' \ | |
| --header 'Accept: application/vnd.github.v3+json' \ | |
| --header 'Authorization: Basic ${{env.CF_GITHUB_WORKER_ENCODED_BASIC_AUTH}}' \ | |
| --header 'Content-Type: application/json' \ | |
| --data-raw '{ | |
| "event_type": "${{env.EVENT_TYPE}}", | |
| "client_payload": { | |
| "namespace_postfix": "${{env.NAMESPACE}}", | |
| "data_aggregator_image_tag": "${{ needs.setup-tags.outputs.data-aggregator-tag }}", | |
| "gateway_api_image_tag": "${{ needs.setup-tags.outputs.gateway-api-tag }}", | |
| "database_migrations_image_tag": "${{ needs.setup-tags.outputs.database-migrations-tag }}" | |
| } | |
| }' | |
| ephemeral-deploy-and-test: | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - docker-gateway-api-private | |
| - docker-data-aggregator-private | |
| - docker-database-migrations-private | |
| - setup-tags | |
| if: github.event_name == 'pull_request' && github.base_ref == 'develop' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b | |
| - uses: ./.github/actions/fetch-secrets | |
| with: | |
| role_name: ${{ secrets.GH_BABYLON_GATEWAY_SECRETS_READ_ACCESS_ROLE }} | |
| app_name: "babylon-gateway" | |
| step_name: "ephemeral-deploy-and-test" | |
| secret_prefix: "JENKINS" | |
| secret_name: "github-actions/radixdlt/babylon-gateway/jenkins-api-token" | |
| parse_json: true | |
| - name: Export branch name in github's environment | |
| run: | | |
| echo "GATEWAY_BRANCH=$GITHUB_HEAD_REF" >> $GITHUB_ENV | |
| - name: Process ci.env | |
| run: | | |
| export $(grep -v '^#' ./deployment/ci.env | xargs) | |
| echo "FULLNODE_VERSION=$FULLNODE_VERSION" >> $GITHUB_ENV | |
| echo "POSTGRES_VERSION=$POSTGRES_VERSION" >> $GITHUB_ENV | |
| - name: Deploy and test on an ephemeral network | |
| uses: toptal/jenkins-job-trigger-action@649c04c83c099c759aba134bf78138a303ec095f | |
| with: | |
| jenkins_url: "${{ env.JENKINS_URL }}" | |
| jenkins_user: ${{ env.JENKINS_USER }} | |
| jenkins_token: ${{ env.JENKINS_TOKEN }} | |
| job_name: "ephemeral-deployments/job/ephemeral-gateway-env-deploy-and-test" | |
| job_params: | | |
| { | |
| "gatewayDockerTag": "${{ needs.setup-tags.outputs.gateway-api-tag }}", | |
| "gatewayBranch": "${{ env.GATEWAY_BRANCH }}", | |
| "nodeDockerTag": "${{ env.FULLNODE_VERSION }}", | |
| "postgresVersion": "${{ env.POSTGRES_VERSION }}" | |
| } | |
| job_timeout: "3600" | |
| sonarcloud: | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b | |
| with: | |
| fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
| - uses: ./.github/actions/fetch-secrets | |
| with: | |
| role_name: ${{ secrets.GH_COMMON_SECRETS_READ_ROLE }} | |
| app_name: "babylon-gateway" | |
| step_name: "sonarcloud" | |
| secret_prefix: "SONAR" | |
| # SonarCloud access token should be generated from https://sonarcloud.io/account/security/ | |
| secret_name: "github-actions/common/sonar-token" | |
| parse_json: true | |
| - name: SonarScanner for .NET | |
| uses: highbyte/sonarscan-dotnet@8410b6452e036aff2fb830831e508e723b8af60d | |
| with: | |
| sonarProjectKey: radixdlt_babylon-gateway | |
| sonarProjectName: babylon-gateway | |
| sonarOrganization: radixdlt-github | |
| dotnetTestArguments: --filter RadixDlt.NetworkGateway.UnitTests --logger trx --collect:"XPlat Code Coverage" -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover | |
| sonarBeginArguments: /d:sonar.cs.opencover.reportsPaths="**/TestResults/**/coverage.opencover.xml" -d:sonar.cs.vstest.reportsPaths="**/TestResults/*.trx" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ env.SONAR_TOKEN }} |