From e76421fe0d97ecf4ff11773ba93429779c25674e Mon Sep 17 00:00:00 2001 From: Connor Hubbard Date: Wed, 1 Feb 2023 15:35:05 -0600 Subject: [PATCH] Added GitHub Actions to handle release-management and version-control added a reference to the github environment to enforce protection around deployment build-deploy.yml -> fixed type-o in action removed references to unused SECRETS Added GitHub Actions to handle release-management and version-control --- .github/workflows/build-deploy.yml | 163 ++++++++++++++++++++++++ .github/workflows/cut-minor-release.yml | 82 ++++++++++++ .github/workflows/deploy-dev.yml | 19 +++ .github/workflows/deploy-prod.yml | 16 +++ .github/workflows/deploy-sandbox.yml | 21 +++ Dockerfile | 1 + 6 files changed, 302 insertions(+) create mode 100644 .github/workflows/build-deploy.yml create mode 100644 .github/workflows/cut-minor-release.yml create mode 100644 .github/workflows/deploy-dev.yml create mode 100644 .github/workflows/deploy-prod.yml create mode 100644 .github/workflows/deploy-sandbox.yml diff --git a/.github/workflows/build-deploy.yml b/.github/workflows/build-deploy.yml new file mode 100644 index 0000000000..1f0a0d7836 --- /dev/null +++ b/.github/workflows/build-deploy.yml @@ -0,0 +1,163 @@ +name: Build and Deploy sub-action +on: + workflow_call: + # Define the inputs required for the action to run + inputs: + # The environment where the deployment should occur + env: + required: true + type: string + description: The environment where the deployment should occur (e.g. dev, staging, prod). + + # The awk command to update the version environment variable + awk: + required: true + type: string + description: The awk command to update the version environment variable. + + # The rails command for a sanity check + rails: + required: false + type: string + default: echo "continuing." + description: The rails command for a sanity check. + + # The branch where the action should be triggered + branch: + required: false + type: string + default: ${{ github.ref }} + description: The branch where the action should be triggered. + + # Define the secrets required for the action to run + secrets: + # GitHub Personal Access Token for logging into GitHub + GH_PAT: + description: 'Personal Access Token (PAT) for logging into GitHub' + required: true + + # Docker registry login credentials + DOCKER: + description: 'Docker registry login credentials' + required: true + + # Google Cloud Platform Service Account Key for logging into the GKE cluster + GKE_SA_KEY: + description: 'Google Cloud Platform Service Account Key for logging into the GKE cluster' + required: true + + # Project ID for the Google Cloud Platform project + GKE_PROJECT: + description: 'Project ID for the Google Cloud Platform project' + required: true + + # Private key for signing commits and tags with GPG + GPG_PRIVATE_KEY: + description: 'Private key for signing commits and tags with GPG' + required: true + + # Passphrase for using the GPG private key + GPG_PASSPHRASE: + description: 'Passphrase for using the GPG private key' + required: true +jobs: + build: + runs-on: ubuntu-latest + environment: ${{ inputs.env }} + steps: + # Checkout the specified branch from GitHub + - uses: actions/checkout@v3 + with: + ref: ${{ inputs.branch }} + ssh-key: ${{ secrets.GH_PAT }} + + # Import the GPG key for signing Git commits and tags + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@v5 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PASSPHRASE }} + git_user_signingkey: true + git_commit_gpgsign: true + + # Install 'yq' for editing YAML files + - name: Install yq + run: sudo snap install yq + + # Get the current version from the 'VERSION' file + - name: get Version + run: echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV + + # Sanity check the version we are trying to release + - name: Sanity Check Branch + run: ${{ inputs.rails }} + + # Sync the version in the 'Chart.yaml' and 'values.yaml' files + - name: Sync Chart.yaml version + run: yq eval -i ".appVersion=\"${{ env.VERSION }}\"" ./helm/Chart.yaml + + - name: Sync values.yaml version + run: yq eval -i ".goQuai.image.version=\"${{ env.VERSION }}\"" ./helm/values.yaml + # Login to the Docker registry + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: quaibuild + password: ${{ secrets.DOCKER }} + + # Build and push the Docker image to the registry + - name: Build Docker + run: docker build -t quainetwork/go-quai:${{ env.VERSION }} . + + - name: Push to Docker Hub + run: docker push quainetwork/go-quai:${{ env.VERSION }} + + # Tag the Git repository with the current version + - name: git tag + run: git tag -s ${{ env.VERSION }} && git push origin tag ${{ env.VERSION }} + + # Set up Google Cloud Platform with the correct service account key and project id + - uses: google-github-actions/setup-gcloud@94337306dda8180d967a56932ceb4ddcf01edae7 + with: + service_account_key: ${{ secrets.GKE_SA_KEY }} + project_id: ${{ secrets.GKE_PROJECT }} + + # Get credentials for accessing the GKE cluster. + - uses: google-github-actions/get-gke-credentials@fb08709ba27618c31c09e014e1d8364b02e5042e + with: + cluster_name: ${{ inputs.env }} + location: us-central1-c + credentials: ${{ secrets.GKE_SA_KEY }} + + # Deploy the helm chart + - name: Deploy the helm chart + uses: WyriHaximus/github-action-helm3@v2 + with: + exec: helm upgrade go-quai ./helm --install --wait --atomic --namespace=${{ inputs.env }} --values=./helm/env/${{ inputs.env }}.values.yaml + + # Rev the version + - name: Update version environment variable + run: echo "VERSION=$(echo $VERSION | ${{ inputs.awk }})" >> $GITHUB_ENV + + # Update the 'VERSION' file to reflect the rev'd version + - name: Update VERSION file + run: echo "$VERSION" > VERSION + + # Sync the version in the 'Chart.yaml' and 'values.yaml' files + - name: Update Chart.yaml version + run: yq eval -P -i ".appVersion=\"${{ env.VERSION }}\"" ./helm/Chart.yaml + + - name: Update values.yaml version + run: yq eval -P -i ".goQuai.image.version=\"${{ env.VERSION }}\"" ./helm/values.yaml + + # Remove the kubernetes acces file + - name: remove kubeconfig + run: rm $KUBECONFIG + + - uses: stefanzweifel/git-auto-commit-action@v4 + with: + branch: ${{ inputs.branch }} + commit_message: Rev'd 'VERSION' file to {{ env.VERSION }} + commit_options: -S + commit_username: ci@dominant-strategies.io + commit_user_email: ci-dominantstrategies diff --git a/.github/workflows/cut-minor-release.yml b/.github/workflows/cut-minor-release.yml new file mode 100644 index 0000000000..bff9657968 --- /dev/null +++ b/.github/workflows/cut-minor-release.yml @@ -0,0 +1,82 @@ +name: Cut a new Minor Release Branch +on: workflow_dispatch +jobs: + cutReleaseCandidate: + runs-on: ubuntu-latest + outputs: + branch: ${{ steps.set-branch.outputs.branch }} + steps: + - uses: actions/checkout@v3 + with: + ssh-key: ${{ secrets.GH_PAT }} + + - name: get Version + run: echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV + + - name: Update version environment variable + run: echo "VERSION=$(echo $VERSION | sed 's/pre/rc/g' | awk -F. '{print $1"."$2"."$3"."0}')" >> $GITHUB_ENV + + - name: Update 'VERSION' file + run: echo "$VERSION" > VERSION + + - name: Update Chart.yaml version + run: yq eval -P -i ".appVersion=\"${{ env.VERSION }}\"" ./helm/Chart.yaml + + - name: Update values.yaml version + run: yq eval -P -i ".goQuai.image.version=\"${{ env.VERSION }}\"" ./helm/values.yaml + + - name: Update version environment variable e.g. v0.1.0-pre.0 -> v0.1 + run: echo "BRANCH=$(echo $VERSION | sed 's/\.[0-9]*-.*//g')" >> $GITHUB_ENV + + - name: Store version in branch variable + id: set-branch + run: echo "::set-output name=branch::${{ env.BRANCH }}" + + - uses: stefanzweifel/git-auto-commit-action@v4 + with: + commit_message: Rev'd 'VERSION' file to {{ env.VERSION }} + branch: ${{ env.BRANCH }} + create_branch: true + commit_options: -S + commit_username: ci@dominant-strategies.io + commit_user_email: ci-dominantstrategies + + + - uses: actions/checkout@v3 + with: + ssh-key: ${{ secrets.GH_PAT }} + + - name: get Version + run: echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV + + - name: Update version environment variable + run: echo "VERSION=$(echo $VERSION | sed "s/-.*//g" | awk -F. '{print $1"."$2+1"."0"-pre.0"}')" >> $GITHUB_ENV + + - name: Update 'VERSION' file + run: echo "$VERSION" > VERSION + + - name: Update Chart.yaml version + run: yq eval -P -i ".appVersion=\"${{ env.VERSION }}\"" ./helm/Chart.yaml + + + - uses: stefanzweifel/git-auto-commit-action@v4 + with: + commit_message: Rev'd 'VERSION' file to {{ env.VERSION }} + branch: main + commit_options: -S + commit_username: ci@dominant-strategies.io + commit_user_email: ci-dominantstrategies + deployReleaseCandidate: + uses: ./.github/workflows/build-deploy.yml + secrets: + DOCKER: ${{ secrets.DOCKER }} + GH_PAT: ${{ secrets.GH_PAT }} + GKE_SA_KEY: ${{ secrets.GKE_SA_KEY }} + GKE_PROJECT: ${{ secrets.GKE_PROJECT }} + GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + with: + env: quai-sandbox + awk : sed -e "s/pre/rc/g" | read a; if [[ "$a" =~ "rc" ]];then echo $a | awk -F . '{print $1"."$2"."$3"."$4+1}';else echo $a; fi + rails: '[[ ! "$VERSION" =~ "pre" ]]' + needs: [cutReleaseCandidate] diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml new file mode 100644 index 0000000000..fffb9c5972 --- /dev/null +++ b/.github/workflows/deploy-dev.yml @@ -0,0 +1,19 @@ +name: Build and Deploy to Dev +on: + pull_request: + types: [closed] + branches: [ "main" ] +jobs: + buildDeployDev: + if: github.event.pull_request.merged == true + uses: ./.github/workflows/build-deploy.yml + secrets: + DOCKER: ${{ secrets.DOCKER }} + GH_PAT: ${{ secrets.GH_PAT }} + GKE_SA_KEY: ${{ secrets.GKE_SA_KEY }} + GKE_PROJECT: ${{ secrets.GKE_PROJECT }} + GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + with: + env: quai-dev + awk: awk -F. '{print $1"."$2"."$3"."$4+1}' diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml new file mode 100644 index 0000000000..c2c0ead316 --- /dev/null +++ b/.github/workflows/deploy-prod.yml @@ -0,0 +1,16 @@ +name: Build and Deploy to Prod +on: workflow_dispatch +jobs: + buildDeployProd: + uses: ./.github/workflows/build-deploy.yml + secrets: + DOCKER: ${{ secrets.DOCKER }} + GH_PAT: ${{ secrets.GH_PAT }} + GKE_SA_KEY: ${{ secrets.GKE_SA_KEY }} + GKE_PROJECT: ${{ secrets.GKE_PROJECT }} + GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + with: + env: quai-prod + awk: sed "s/-.*//g" | awk -F. '{print $1"."$2"."$3+1}' + rails: '[[ ! "$VERSION" =~ "rc" ]] && [[ ! "$VERSION" =~ "pre" ]]' diff --git a/.github/workflows/deploy-sandbox.yml b/.github/workflows/deploy-sandbox.yml new file mode 100644 index 0000000000..2b780ad16f --- /dev/null +++ b/.github/workflows/deploy-sandbox.yml @@ -0,0 +1,21 @@ +name: Build and Deploy to Sandbox +on: + pull_request: + types: [closed] + branches: + - 'v?[0-9]+.[0-9]+' +jobs: + buildDeploySandbox: + if: github.event.pull_request.merged == true + uses: ./.github/workflows/build-deploy.yml + secrets: + DOCKER: ${{ secrets.DOCKER }} + GH_PAT: ${{ secrets.GH_PAT }} + GKE_SA_KEY: ${{ secrets.GKE_SA_KEY }} + GKE_PROJECT: ${{ secrets.GKE_PROJECT }} + GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + with: + env: quai-sandbox + awk : sed -e "s/pre/rc/g" | read a; if [[ "$a" =~ "rc" ]];then echo $a | awk -F . '{print $1"."$2"."$3"."$4+1}';else echo $a; fi + rails: '[[ ! "$VERSION" =~ "pre" ]]' diff --git a/Dockerfile b/Dockerfile index 0a93e6bf73..4db935cf47 100644 --- a/Dockerfile +++ b/Dockerfile @@ -32,6 +32,7 @@ EXPOSE 8678 8679 30315 30315/udp COPY --from=builder /go-quai/build/bin ./build/bin COPY --from=builder /go-quai/core/knot ./core/knot +COPY --from=builder /go-quai/VERSION ./VERSION WORKDIR ./