Skip to content

Commit

Permalink
Manual approval of deployment to dashboard.test.threshold.network
Browse files Browse the repository at this point in the history
We've integrated deployment of the testnet Token Dashboard into our
CI flow (deployment of new goerli packages with contracts triggers
start of the `Dashboard / CI` workflow). But we don't want to start the
dashboard deploy right away, because first the manual restart of the
client nodes is needed. Due to that we're introducing protection of the
`testnet` environment. Jobs which will use this environment will need to
be manually approved in GH Actions run's details. We don't need to halt
the deployment when workflow gets triggered by the merge to `main`,
because this trigger is not related to changes to contracts / client and
there is no need for the rotation of the client pods. This difference in
the need for use of environment protection meant that we needed to split
the `build-and-deploy-testnet` job to two separate jobs (another reason
for that was that we wanted to use `upstream builds` in case of
`workflow_dispatch` trigger). As after the split we would have three
jobs that had quite similar steps, we decided to extract the steps to
a separate action.
  • Loading branch information
michalinacienciala committed Aug 16, 2022
1 parent fecdedd commit 3175756
Show file tree
Hide file tree
Showing 2 changed files with 209 additions and 75 deletions.
134 changes: 134 additions & 0 deletions .github/actions/build-and-deploy-to-bucket/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,134 @@
name: Deploy to testnet bucket
description: "Build and deploy to testnet bucket"
inputs:
ethHostnameHttp:
description: The http ETH hostname
required: true
ethHostnameWs:
description: The ws ETH hostname
required: true
gcpServiceKey:
description: JSON key for Google Cloud Platform service account
required: true
gcpProject:
description: Google Cloud Platform project
required: true
useUpstreamBuilds:
description: True if the upstream builds should be used
required: true
default: "false"
upstreamBuilds:
description: Upstream builds (required if `useUpstreamBuilds==true`)
required: false
dependentPackagesTag:
description: Tag which should be used to pull packages with contracts (required if `useUpstreamBuilds==false`). For example `goerli`.
required: false
preview:
description: True if the code should be pushed to the preview bucket
required: true
default: "false"

runs:
using: "composite"
steps:
- uses: actions/setup-node@v3
with:
node-version: "14"
cache: "yarn"

# We need this step because the `@keep-network/tbtc` which we update in
# next step has a dependency to `@summa-tx/[email protected]` package, which
# downloads one of its sub-dependencies via unathenticated `git://`
# protocol. That protocol is no longer supported. Thanks to this step
# `https://` is used instead of `git://`.
- name: Configure git to don't use unauthenticated protocol
shell: bash
run: git config --global url."https://".insteadOf git://

- name: Install dependencies
shell: bash
run: yarn install --frozen-lockfile

- name: Get upstream packages versions
if: inputs.upstreamBuilds == true
uses: keep-network/ci/actions/upstream-builds-query@v2
id: upstream-builds-query
with:
upstream-builds: ${{ inputs.upstreamBuilds }}
query: |
threshold-contracts-version = github.com/threshold-network/solidity-contracts#version
- name: Set packages versions
shell: bash
id: set-packages-versions
run: |
if [ ${{ inputs.upstreamBuilds }} = "false" ]; then
echo "::set-output name=threshold-contracts-version::${{ inputs.dependentPackagesTag }}"
else
echo "::set-output name=threshold-contracts-version::${{ steps.upstream-builds-query.outputs.threshold-contracts-version }}"
fi
# We provide explicit version of the `keep-core` package, because using
# `goerli` tag results in `expected manifest` error - probably caused by
# bug in Yarn: https://github.com/yarnpkg/yarn/issues/4731.

# TODO: Add upgrade of @keep-network/random-beacon, @keep-network/ecdsa,
# @keep-network/tbtc-v2 once they'll be added as dashboard's dependencies.
- name: Resolve latest goerli contracts
if: inputs.upstreamBuilds == true
shell: bash
run: |
yarn upgrade \
@threshold-network/solidity-contracts@${{ steps.set-packages-versions.outputs.threshold-contracts-version }} \
@keep-network/[email protected] \
@keep-network/keep-ecdsa@goerli \
@keep-network/tbtc@goerli \
@keep-network/coverage-pools@goerli
- name: Run postinstall script
shell: bash
# `yarn upgrade` doesn't trigger the `postinstall` script.
run: yarn run postinstall

- name: Build
shell: bash
run: yarn build
env:
PUBLIC_URL: /${{ github.head_ref }}
CHAIN_ID: "5"
ETH_HOSTNAME_HTTP: ${{ inputs.ethHostnameHttp }}
ETH_HOSTNAME_WS: ${{ inputs.ethHostnameWs }}

- name: Deploy PR preview to GCP
if: inputs.preview == true
uses: thesis/[email protected]
with:
service-key: ${{ inputs.gcpServiceKey }}
project: ${{ inputs.gcpProject }}
bucket-name: preview.dashboard.test.threshold.network
bucket-path: ${{ github.head_ref }}
build-folder: build

- name: Post preview URL to PR
if: inputs.preview == true
uses: actions/github-script@v5
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: 'Preview uploaded to https://preview.dashboard.test.threshold.network/${{ github.head_ref }}/index.html.'
})
- name: Deploy to GCP bucket
if: inputs.preview == false
uses: thesis/[email protected]
with:
service-key: ${{ inputs.gcpServiceKey }}
project: ${{ inputs.gcpProject }}
bucket-name: dashboard.test.threshold.network
build-folder: build
set-website: true
home-page-path: index.html
error-page-path: index.html
150 changes: 75 additions & 75 deletions .github/workflows/dashboard-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,18 @@ on:
- main
pull_request:
workflow_dispatch:
inputs:
environment:
description: "Environment (network) for workflow execution, e.g. `goerli`"
required: false
default: "dev"
upstream_builds:
description: "Upstream builds"
required: false
upstream_ref:
description: "Git reference to checkout (e.g. branch name)"
required: false
default: "main"

jobs:
format:
Expand Down Expand Up @@ -80,86 +92,74 @@ jobs:
# - name: Test
# run: yarn test

build-and-deploy-testnet:
name: Deploy to testnet
# The code will be published to `https://preview.dashboard.test.threshold.network/${{ github.head_ref }}/index.html.`
build-and-deploy-testnet-preview:
name: Deploy preview to testnet
needs: build-and-test
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3

- uses: actions/setup-node@v2
- uses: ./.github/actions/build-and-deploy-to-bucket
with:
node-version: "16"
cache: "yarn"

# We need this step because the `@keep-network/tbtc` which we update in
# next step has a dependency to `@summa-tx/[email protected]` package, which
# downloads one of its sub-dependencies via unathenticated `git://`
# protocol. That protocol is no longer supported. Thanks to this step
# `https://` is used instead of `git://`.
- name: Configure git to don't use unauthenticated protocol
run: git config --global url."https://".insteadOf git://

# We provide explicit version of the `keep-core` package, because using
# `goerli` tag results in `expected manifest` error - probably caused by
# bug in Yarn: https://github.com/yarnpkg/yarn/issues/4731.
- name: Resolve latest goerli contracts
run: |
yarn upgrade \
@threshold-network/solidity-contracts@goerli \
@keep-network/[email protected] \
@keep-network/keep-ecdsa@goerli \
@keep-network/tbtc@goerli \
@keep-network/coverage-pools@goerli
- name: Run postinstall script
# `yarn upgrade` doesn't trigger the `postinstall` script.
run: yarn run postinstall

- name: Build
run: yarn build
env:
PUBLIC_URL: /${{ github.head_ref }}
CHAIN_ID: 5
ETH_HOSTNAME_HTTP: ${{ secrets.GOERLI_ETH_HOSTNAME_HTTP }}
ETH_HOSTNAME_WS: ${{ secrets.GOERLI_ETH_HOSTNAME_WS }}
ethHostnameHttp: ${{ secrets.GOERLI_ETH_HOSTNAME_HTTP }}
ethHostnameWs: ${{ secrets.GOERLI_ETH_HOSTNAME_WS }}
gcpServiceKey: ${{ secrets.KEEP_TEST_CI_UPLOAD_DAPP_JSON_KEY_BASE64 }}
gcpProject: ${{ secrets.KEEP_TEST_GOOGLE_PROJECT_ID }}
useUpstreamBuilds: true
dependentPackagesTag: goerli
preview: true

# This job will be triggered via the `workflow_dispatch` event, as part of the
# CI flow, which gets triggered manually after changes in the contracts,
# client code, etc. As after such changes the manual rotation of the client
# pods is needed, we configure the job to use the protected `testnet`
# environment. Thanks to this, the job won't start until somebody approves it
# in GH Actions.
# The code will be published to `https://dashboard.test.threshold.network/index.html.`
build-and-deploy-testnet-on-dispatch:
name: Deploy to testnet
needs: build-and-test
if: |
github.event_name == 'workflow_dispatch'
&& github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
# testnet environment is protected, it requires an approval before execution.
environment:
name: testnet
steps:
- uses: actions/checkout@v3

# A pull_request event is a PR; deploy to preview testnet bucket.
- name: Deploy PR preview to GCP
if: github.event_name == 'pull_request'
uses: thesis/[email protected]
- uses: ./.github/actions/build-and-deploy-to-bucket
with:
service-key: ${{ secrets.KEEP_TEST_CI_UPLOAD_DAPP_JSON_KEY_BASE64 }}
project: ${{ secrets.KEEP_TEST_GOOGLE_PROJECT_ID }}
bucket-name: preview.dashboard.test.threshold.network
bucket-path: ${{ github.head_ref }}
build-folder: build

- name: Post preview URL to PR
if: github.event_name == 'pull_request'
uses: actions/github-script@v5
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: 'Preview uploaded to https://preview.dashboard.test.threshold.network/${{ github.head_ref }}/index.html.'
})
# A push event is triggered on main branch merge; deploy to testnet
# bucket. Also triggered by manual dispatch from `main` branch.
- name: Deploy to GCP bucket
if: |
github.event_name == 'push'
|| (github.event_name == 'workflow_dispatch'
&& github.ref == 'refs/heads/main')
uses: thesis/[email protected]
ethHostnameHttp: ${{ secrets.GOERLI_ETH_HOSTNAME_HTTP }}
ethHostnameWs: ${{ secrets.GOERLI_ETH_HOSTNAME_WS }}
gcpServiceKey: ${{ secrets.KEEP_TEST_CI_UPLOAD_DAPP_JSON_KEY_BASE64 }}
gcpProject: ${{ secrets.KEEP_TEST_GOOGLE_PROJECT_ID }}
useUpstreamBuilds: true
upstreamBuilds: ${{ github.event.inputs.upstream_builds }}
preview: false

# This job will be triggered after merges of PRs to the `main` branch. As the
# triggering is not related to the changes in the contracts / client code, we
# don't need to rotate the pods and hence don't need to wait with the
# execution of workflow for the manual approval.
# The code will be published to `https://dashboard.test.threshold.network/index.html.`
build-and-deploy-testnet-on-push:
name: Deploy to testnet
needs: build-and-test
if: github.event_name == 'push'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3

- uses: ./.github/actions/build-and-deploy-to-bucket
with:
service-key: ${{ secrets.KEEP_TEST_CI_UPLOAD_DAPP_JSON_KEY_BASE64 }}
project: ${{ secrets.KEEP_TEST_GOOGLE_PROJECT_ID }}
bucket-name: dashboard.test.threshold.network
build-folder: build
set-website: true
home-page-path: index.html
error-page-path: index.html
ethHostnameHttp: ${{ secrets.GOERLI_ETH_HOSTNAME_HTTP }}
ethHostnameWs: ${{ secrets.GOERLI_ETH_HOSTNAME_WS }}
gcpServiceKey: ${{ secrets.KEEP_TEST_CI_UPLOAD_DAPP_JSON_KEY_BASE64 }}
gcpProject: ${{ secrets.KEEP_TEST_GOOGLE_PROJECT_ID }}
useUpstreamBuilds: false
dependentPackagesTag: goerli
preview: false

0 comments on commit 3175756

Please sign in to comment.