From ae5155686fee18ffc68d3a8114570298ae1cb980 Mon Sep 17 00:00:00 2001 From: Irman Nur Muhammad Alamsyah Date: Mon, 8 Aug 2022 10:20:19 +0700 Subject: [PATCH] ci: remove session key injection (#340) --- .github/workflows/benchmark.yml | 107 -------------------------------- .github/workflows/builder.yml | 9 +++ .github/workflows/deployer.yml | 33 ---------- .github/workflows/tester.yml | 28 ++++++++- 4 files changed, 35 insertions(+), 142 deletions(-) delete mode 100644 .github/workflows/benchmark.yml diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml deleted file mode 100644 index 24a92bd9..00000000 --- a/.github/workflows/benchmark.yml +++ /dev/null @@ -1,107 +0,0 @@ -name: Benchmark automation - -on: - issue_comment: - types: - - created - -concurrency: - group: benchmark-automation - -jobs: - start-runner: - runs-on: ubuntu-latest - if: ${{ github.event.issue.pull_request && github.event.comment.body == '/benchmark'}} - steps: - - name: Checkout code - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@master - with: - project_id: ${{ secrets.DEV_GCP_PROJECT_ID }} - service_account_key: ${{ secrets.DEV_GCP_SA_KEY }} - export_default_credentials: true - - name: start runner - run: gcloud compute instances start gh-runner --zone=asia-southeast1-b - - self-host: - runs-on: [self-hosted, blockchain] - needs: [start-runner] - if: ${{ github.event.issue.pull_request && github.event.comment.body == '/benchmark'}} - steps: - - uses: actions/github-script@v3 - id: get-pr - with: - script: | - const request = { - owner: context.repo.owner, - repo: context.repo.repo, - pull_number: context.issue.number - } - core.info(`Getting PR #${request.pull_number} from ${request.owner}/${request.repo}`) - try { - const result = await github.pulls.get(request) - return result.data - } catch (err) { - core.setFailed(`Request failed with error ${err}`) - } - - name: Checkout code - uses: actions/checkout@v3 - with: - repository: ${{ fromJSON(steps.get-pr.outputs.result).head.repo.full_name }} - ref: ${{ fromJSON(steps.get-pr.outputs.result).head.ref }} # or .head.sha, .head.ref for branch name - - name: ACTIONS_ALLOW_UNSECURE_COMMANDS - run: echo 'ACTIONS_ALLOW_UNSECURE_COMMANDS=true' >> $GITHUB_ENV - - name: Install toolchain - uses: actions-rs/toolchain@v1 - with: - profile: minimal - toolchain: nightly-2021-11-01 - components: clippy, rustfmt - target: wasm32-unknown-unknown - override: true - default: true - - name: Rust cache - uses: Swatinem/rust-cache@v1.3.0 - - name: Change nightly version - run: sed -i 's/+nightly/+nightly-2021-11-01/g' .maintain/run-benchmark-for-pallet.sh - - name: benchmarking - run: .maintain/run-benchmark-for-pallet.sh - - name: Create Pull Request - uses: peter-evans/create-pull-request@v3 - with: - token: ${{ secrets.DEBIO_DEVOPS_GITHUB_TOKEN }} - commit-message: Update Benchmark - committer: GitHub - author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com> - signoff: false - branch: benchmark - delete-branch: true - title: "Update Benchmark" - body: | - Update benchmark - - :crown: *An automated PR* - labels: benchmark - assignees: debio-devops - draft: false - - stop-runner: - runs-on: ubuntu-latest - if: ${{ github.event.issue.pull_request && github.event.comment.body == '/benchmark'}} - needs: [self-host] - steps: - - name: Checkout code - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@master - with: - project_id: ${{ secrets.DEV_GCP_PROJECT_ID }} - service_account_key: ${{ secrets.DEV_GCP_SA_KEY }} - export_default_credentials: true - - name: stop runner - run: gcloud compute instances stop gh-runner --zone=asia-southeast1-b diff --git a/.github/workflows/builder.yml b/.github/workflows/builder.yml index 12e4d8b4..33b21850 100644 --- a/.github/workflows/builder.yml +++ b/.github/workflows/builder.yml @@ -94,6 +94,7 @@ jobs: - name: Copy binnary file run: cp target/release/debio . - name: Build and push + if: "!startsWith(github.ref, 'refs/tags/')" uses: docker/build-push-action@v2 with: context: . @@ -104,6 +105,14 @@ jobs: ${{ github.repository }}:${{ needs.compute-build-info.outputs.latest_tag }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max + - name: Docker image re-tag + if: "startsWith(github.ref, 'refs/tags/')" + uses: akhilerm/tag-push-action@v2.0.0 + with: + src: ${{ github.repository }}:${{ needs.compute-build-info.outputs.sha_short }} + dst: | + ${{ github.repository }}:${{ needs.compute-build-info.outputs.revision_tag }} + ${{ github.repository }}:${{ needs.compute-build-info.outputs.latest_tag }} # Temp fix # https://github.com/docker/build-push-action/issues/252 # https://github.com/moby/buildkit/issues/1896 diff --git a/.github/workflows/deployer.yml b/.github/workflows/deployer.yml index 568a8656..3f5d2706 100644 --- a/.github/workflows/deployer.yml +++ b/.github/workflows/deployer.yml @@ -82,16 +82,6 @@ jobs: NODE_KEY_PUBLIC_VALIDATOR_1:${{ secrets.DEV_GCP_PROJECT_ID }}/NODE_KEY_PUBLIC_VALIDATOR_1 NODE_KEY_PRIVATE_VALIDATOR_2:${{ secrets.DEV_GCP_PROJECT_ID }}/NODE_KEY_PRIVATE_VALIDATOR_2 NODE_KEY_PUBLIC_VALIDATOR_2:${{ secrets.DEV_GCP_PROJECT_ID }}/NODE_KEY_PUBLIC_VALIDATOR_2 - SESSION_KEY_SEED_VALIDATOR_1:${{ secrets.DEV_GCP_PROJECT_ID }}/SESSION_KEY_SEED_VALIDATOR_1 - SESSION_KEY_GRANDPA_VALIDATOR_1:${{ secrets.DEV_GCP_PROJECT_ID }}/SESSION_KEY_GRANDPA_VALIDATOR_1 - SESSION_KEY_BABE_VALIDATOR_1:${{ secrets.DEV_GCP_PROJECT_ID }}/SESSION_KEY_BABE_VALIDATOR_1 - SESSION_KEY_IMONLINE_VALIDATOR_1:${{ secrets.DEV_GCP_PROJECT_ID }}/SESSION_KEY_IMONLINE_VALIDATOR_1 - SESSION_KEY_BEEFY_VALIDATOR_1:${{ secrets.DEV_GCP_PROJECT_ID }}/SESSION_KEY_BEEFY_VALIDATOR_1 - SESSION_KEY_SEED_VALIDATOR_2:${{ secrets.DEV_GCP_PROJECT_ID }}/SESSION_KEY_SEED_VALIDATOR_2 - SESSION_KEY_GRANDPA_VALIDATOR_2:${{ secrets.DEV_GCP_PROJECT_ID }}/SESSION_KEY_GRANDPA_VALIDATOR_2 - SESSION_KEY_BABE_VALIDATOR_2:${{ secrets.DEV_GCP_PROJECT_ID }}/SESSION_KEY_BABE_VALIDATOR_2 - SESSION_KEY_IMONLINE_VALIDATOR_2:${{ secrets.DEV_GCP_PROJECT_ID }}/SESSION_KEY_IMONLINE_VALIDATOR_2 - SESSION_KEY_BEEFY_VALIDATOR_2:${{ secrets.DEV_GCP_PROJECT_ID }}/SESSION_KEY_BEEFY_VALIDATOR_2 - name: Deploy if: "${{ env.DEPLOY == 'true' }}" uses: appleboy/ssh-action@master @@ -114,49 +104,26 @@ jobs: --set config.nodes[0].validator=false \ --set-string config.nodes[0].keys.private=${{ steps.secrets.outputs.NODE_KEY_PRIVATE_1 }} \ --set-string config.nodes[0].keys.public=${{ steps.secrets.outputs.NODE_KEY_PUBLIC_1 }} \ - --set config.nodes[0].sessionInjectionEnabled=false \ --set-string config.nodes[1].name=archive1 \ --set config.nodes[1].bootnode=true \ --set config.nodes[1].archive=true \ --set config.nodes[1].validator=false \ --set-string config.nodes[1].keys.private=${{ steps.secrets.outputs.NODE_KEY_PRIVATE_2 }} \ --set-string config.nodes[1].keys.public=${{ steps.secrets.outputs.NODE_KEY_PUBLIC_2 }} \ - --set config.nodes[1].sessionInjectionEnabled=false \ --set-string config.nodes[2].name=validator1 \ --set config.nodes[2].bootnode=true \ --set config.nodes[2].archive=false \ --set config.nodes[2].validator=true \ --set-string config.nodes[2].keys.private=${{ steps.secrets.outputs.NODE_KEY_PRIVATE_VALIDATOR_1 }} \ --set-string config.nodes[2].keys.public=${{ steps.secrets.outputs.NODE_KEY_PUBLIC_VALIDATOR_1 }} \ - --set config.nodes[2].sessionInjectionEnabled=true \ - --set-string config.nodes[2].sessionKeys.keySeed="${{ steps.secrets.outputs.SESSION_KEY_SEED_VALIDATOR_1 }}" \ - --set-string config.nodes[2].sessionKeys.grandpa=${{ steps.secrets.outputs.SESSION_KEY_GRANDPA_VALIDATOR_1 }} \ - --set-string config.nodes[2].sessionKeys.babe=${{ steps.secrets.outputs.SESSION_KEY_BABE_VALIDATOR_1 }} \ - --set-string config.nodes[2].sessionKeys.imonline=${{ steps.secrets.outputs.SESSION_KEY_IMONLINE_VALIDATOR_1 }} \ - --set-string config.nodes[2].sessionKeys.beefy=${{ steps.secrets.outputs.SESSION_KEY_BEEFY_VALIDATOR_1 }} \ --set-string config.nodes[3].name=validator2 \ --set config.nodes[3].bootnode=true \ --set config.nodes[3].archive=false \ --set config.nodes[3].validator=true \ --set-string config.nodes[3].keys.private=${{ steps.secrets.outputs.NODE_KEY_PRIVATE_VALIDATOR_2 }} \ --set-string config.nodes[3].keys.public=${{ steps.secrets.outputs.NODE_KEY_PUBLIC_VALIDATOR_2 }} \ - --set config.nodes[3].sessionInjectionEnabled=true \ - --set-string config.nodes[3].sessionKeys.keySeed="${{ steps.secrets.outputs.SESSION_KEY_SEED_VALIDATOR_2 }}" \ - --set-string config.nodes[3].sessionKeys.grandpa=${{ steps.secrets.outputs.SESSION_KEY_GRANDPA_VALIDATOR_2 }} \ - --set-string config.nodes[3].sessionKeys.babe=${{ steps.secrets.outputs.SESSION_KEY_BABE_VALIDATOR_2 }} \ - --set-string config.nodes[3].sessionKeys.imonline=${{ steps.secrets.outputs.SESSION_KEY_IMONLINE_VALIDATOR_2 }} \ - --set-string config.nodes[3].sessionKeys.beefy=${{ steps.secrets.outputs.SESSION_KEY_BEEFY_VALIDATOR_2 }} \ --set services.httpRPC.enabled=true \ --set services.websocketRPC.enabled=true \ - --set ingress.httpRPC.enabled=true \ - --set-string ingress.httpRPC.annotations."kubernetes\.io/ingress\.class"=nginx \ - --set-string ingress.httpRPC.annotations."cert-manager\.io/cluster-issuer"=letsencrypt \ - --set-string ingress.httpRPC.annotations."nginx\.ingress\.kubernetes\.io/limit-rps"="10" \ - --set-string ingress.httpRPC.hosts[0].host=http-rpc.dev.debio.network \ - --set-string ingress.httpRPC.hosts[0].paths[0].path=/ \ - --set-string ingress.httpRPC.hosts[0].paths[0].pathType=ImplementationSpecific \ - --set-string ingress.httpRPC.tls[0].secretName=debio-node-http-rpc-tls \ - --set-string ingress.httpRPC.tls[0].hosts[0]=http-rpc.dev.debio.network \ --set ingress.websocketRPC.enabled=true \ --set-string ingress.websocketRPC.annotations."kubernetes\.io/ingress\.class"=nginx \ --set-string ingress.websocketRPC.annotations."cert-manager\.io/cluster-issuer"=letsencrypt \ diff --git a/.github/workflows/tester.yml b/.github/workflows/tester.yml index f870af26..0e06c8b9 100644 --- a/.github/workflows/tester.yml +++ b/.github/workflows/tester.yml @@ -10,7 +10,30 @@ concurrency: cancel-in-progress: true jobs: + changes: + runs-on: ubuntu-latest + outputs: + test: ${{ steps.filter.outputs.test }} + markdown: ${{ steps.filter.outputs.markdown }} + steps: + - uses: dorny/paths-filter@v2 + id: filter + with: + filters: | + test-code: + - 'node/**' + - 'pallets/**' + - 'primitives/**' + - 'runtime/**' + - 'trait/**' + - '.editorconfig' + - 'rustfmt.toml' + - 'Cargo.toml' + - 'Cargo.lock' + test-code: + needs: changes + if: ${{ needs.changes.outputs.test-code == 'true' }} runs-on: ubuntu-20.04 steps: - name: Checkout code @@ -34,6 +57,7 @@ jobs: run: ./.maintain/test.sh check-link-markdown: + needs: changes runs-on: ubuntu-20.04 steps: - name: Checkout code @@ -43,5 +67,5 @@ jobs: - name: Check link markdown uses: gaurav-nelson/github-action-markdown-link-check@v1 with: - use-quiet-mode: 'yes' - config-file: '.github/workflows/mlc_config.json' + use-quiet-mode: "yes" + config-file: ".github/workflows/mlc_config.json"