fix: replace estuary with web3 for pinning #825
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
tags: | |
- '*' | |
pull_request: | |
branches: | |
- main | |
env: | |
XDG_CACHE_HOME: ${{ github.workspace }}/.cache | |
jobs: | |
build: | |
name: build | |
uses: ./.github/workflows/build.yml | |
test-unit: | |
name: 'test:unit' | |
uses: ./.github/workflows/test-unit.yml | |
publishPreview: | |
name: publish preview | |
needs: build | |
environment: Deploy | |
runs-on: ubuntu-latest | |
outputs: | |
cid: ${{ steps.ipfs.outputs.cid }} | |
steps: | |
- uses: actions/[email protected] | |
- name: Setup node | |
uses: actions/[email protected] | |
with: | |
node-version: 18.14.0 | |
- name: Download build artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: ipfs-webui_${{ github.sha }}-${{ runner.os }}-build | |
path: build | |
- name: Cache bigger downloads | |
uses: actions/[email protected] | |
id: cache | |
with: | |
path: ${{ github.workspace }}/.cache | |
key: ${{ runner.os }}-${{ hashFiles('package.json', 'package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-${{ hashFiles('package.json', 'package-lock.json') }} | |
${{ runner.os }}- | |
# pin the built site to ipfs-websites cluster, output the cid as `steps.ipfs.outputs.cid` | |
# see: https://github.com/ipfs-shipyard/ipfs-github-action | |
- uses: ipfs/download-ipfs-distribution-action@v1 | |
with: | |
name: kubo | |
- uses: ipfs/download-ipfs-distribution-action@v1 | |
with: | |
name: ipfs-cluster-ctl | |
- name: Fix DNS resolver | |
run: | | |
# fix resolv - DNS provided by Github is unreliable for DNSLik/dnsaddr | |
sudo sed -i -e 's/nameserver 127.0.0.*/nameserver 1.1.1.1/g' /etc/resolv.conf | |
- uses: ipfs/start-ipfs-daemon-action@v1 | |
- name: Import build/ to IPFS | |
id: ipfs | |
run: | | |
root_cid=$(ipfs add --cid-version 1 -Q -r ./build) | |
echo "cid=$root_cid" >> $GITHUB_OUTPUT | |
- run: echo ${{ steps.ipfs.outputs.cid }} | |
- run: echo ${{ github.ref }} | |
- name: Create ipfs-webui.car file | |
run: | | |
ipfs dag export ${{ steps.ipfs.outputs.cid }} > ipfs-webui_${{ github.sha }}.car | |
- name: Attach produced build to Github Action | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ipfs-webui_${{ github.sha }}.car | |
path: ipfs-webui_${{ github.sha }}.car | |
if-no-files-found: error | |
# Instructions for this are at https://github.com/ipfs/ipfs-webui/issues/2161#issuecomment-1836835068 | |
- name: Pin to web3.storage with w3cli | |
id: pin-w3up | |
# only pin for main commits | |
if: github.ref == 'refs/heads/main' | |
continue-on-error: true | |
run: | | |
# ensure whoami | |
npx -y --package=@web3-storage/w3cli@latest -- w3 whoami | |
# convert base64 env var to file | |
echo $W3CLI_SPACE_DELEGATION_PROOF_BASE64_STRING | base64 -d > ipfs-webui-ci-space.ucan.proof | |
# Add space | |
export W3CLI_SPACE_DID=$(npx -y --package=@web3-storage/w3cli@latest -- w3 space add ipfs-webui-ci-space.ucan.proof) | |
# use space | |
npx -y --package=@web3-storage/w3cli@latest -- w3 space use $W3CLI_SPACE_DID | |
# upload car | |
npx -y --package=@web3-storage/w3cli@latest -- w3 up --no-wrap -c ipfs-webui_${{ github.sha }}.car | |
env: | |
W3_STORE_NAME: ipfs-webui-ci | |
W3_AGENT_DID: ${{ secrets.W3_AGENT_DID }} | |
# set w3cli principal from https://github.com/web3-storage/w3cli#w3_principal | |
W3_PRINCIPAL: ${{ secrets.W3_AGENT_PRINCIPAL }} | |
W3CLI_SPACE_DELEGATION_PROOF_BASE64_STRING: ${{ secrets.W3CLI_SPACE_DELEGATION_PROOF_BASE64_STRING }} | |
- name: Pin to ipfs-websites.collab.ipfscluster.io | |
id: pin-cluster | |
# only pin for main commits | |
if: github.ref == 'refs/heads/main' | |
continue-on-error: true | |
run: | | |
ipfs-cluster-ctl --enc=json \ | |
--host "${CLUSTER_HOST}" \ | |
--basic-auth "$CLUSTER_USER:$CLUSTER_PASSWORD" \ | |
peers ls > cluster-peers-ls | |
for maddr in $(jq -r '.ipfs.addresses[]?' cluster-peers-ls); do | |
ipfs swarm peering add "$maddr" & | |
ipfs swarm connect "$maddr" & | |
done | |
ipfs-cluster-ctl --enc=json \ | |
--host "${CLUSTER_HOST}" \ | |
--basic-auth "${CLUSTER_USER}:${CLUSTER_PASSWORD}" \ | |
pin add \ | |
--name "${PIN_NAME}" \ | |
--replication-min 1 \ | |
--replication-max 3 \ | |
--wait \ | |
$PIN_CID | |
env: | |
CLUSTER_HOST: "/dnsaddr/ipfs-websites.collab.ipfscluster.io" | |
CLUSTER_USER: ${{ secrets.CLUSTER_USER }} | |
CLUSTER_PASSWORD: ${{ secrets.CLUSTER_PASSWORD }} | |
PIN_CID: ${{ steps.ipfs.outputs.cid }} | |
PIN_NAME: "ipfs-webui@${{ github.sha }}" | |
- name: Fail job due to pinning failure | |
# only fail if pinning failed for main commits | |
if: github.ref == 'refs/heads/main' && steps.pin-w3up.outcome == 'failure' && steps.pin-cluster.outcome == 'failure' | |
uses: actions/github-script@v6 | |
with: | |
script: | | |
core.setFailed('Pinning did not succeed') | |
# dnslink-dnsimple requires go | |
- uses: actions/setup-go@v4 | |
if: github.ref == 'refs/heads/main' | |
with: | |
go-version: "1.20.x" | |
- name: Set up dnslink updater | |
if: github.ref == 'refs/heads/main' | |
run: go install github.com/ipfs/[email protected] | |
# dev dnslink is updated on each main branch update | |
- run: dnslink-dnsimple --domain dev.webui.ipfs.io --record _dnslink --link /ipfs/${{ steps.ipfs.outputs.cid }} | |
if: github.ref == 'refs/heads/main' | |
env: | |
DNSIMPLE_TOKEN: ${{ secrets.DNSIMPLE_TOKEN }} | |
# production dnslink is updated on release (during tag build) | |
- run: dnslink-dnsimple --domain webui.ipfs.io --record _dnslink --link /ipfs/${{ steps.ipfs.outputs.cid }} | |
if: github.ref == 'refs/heads/main' && github.event_name == 'workflow_dispatch' | |
env: | |
DNSIMPLE_TOKEN: ${{ secrets.DNSIMPLE_TOKEN }} | |
test-e2e: | |
name: 'test:e2e' | |
uses: ./.github/workflows/test-e2e.yml | |
test-storybook: | |
name: 'test:storybook' | |
uses: ./.github/workflows/test-storybook.yml | |
# separate check for TS | |
typecheck: | |
name: typecheck | |
needs: build | |
uses: ./.github/workflows/typecheck.yml | |
# separate check for eslint | |
eslint: | |
name: eslint | |
needs: build | |
uses: ./.github/workflows/eslint.yml | |
# automatically commit new tag and changelog updates when a push to main happens. | |
# This will then trigger | |
# 1. The 'ci.yml' workflow for the newly committed git tag, | |
# 2. The 'publish-release-build.yml' workflow | |
release: | |
name: 'Run semantic release' | |
runs-on: ubuntu-latest | |
needs: [build, publishPreview, eslint, typecheck, test-e2e, test-unit, test-storybook] | |
steps: | |
- name: Checkout 🛎️ | |
uses: actions/[email protected] | |
with: | |
persist-credentials: false | |
- name: Cache bigger downloads | |
uses: actions/[email protected] | |
id: cache | |
with: | |
path: ${{ github.workspace }}/.cache | |
key: ${{ runner.os }}-${{ hashFiles('package.json', 'package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-${{ hashFiles('package.json', 'package-lock.json') }} | |
${{ runner.os }}- | |
- name: Cache build dir | |
uses: actions/[email protected] | |
id: build-cache | |
with: | |
path: build | |
key: ${{ runner.os }}-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ github.sha }} | |
# This is needed for custom-release-notes-generator.js to inject the CID in the release notes | |
- name: Write CID to tmp file | |
run: | | |
echo ${{ needs.publishPreview.outputs.cid }} > .cid | |
- name: Setup node | |
uses: actions/[email protected] | |
with: | |
node-version: 18.14.0 | |
- name: Install dependencies | |
run: npm ci --prefer-offline --no-audit --progress=false --cache ${{ github.workspace }}/.cache/npm | |
- name: Download CAR artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: ipfs-webui_${{ github.sha }}.car | |
- name: Dry-run semantic release | |
if: github.ref != 'refs/heads/main' | |
run: | | |
git config user.name "ipfs-gui-bot" | |
git config user.email "[email protected]" | |
npx semantic-release --ci --dry-run -b ${{ github.ref }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
# Update the version (npm version [major|minor|patch]) | |
- name: Run semantic release | |
if: github.ref == 'refs/heads/main' && github.event_name == 'workflow_dispatch' | |
run: | | |
git config user.name "ipfs-gui-bot" | |
git config user.email "[email protected]" | |
npx semantic-release --ci | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} |