feat: add nansen to signers key map #4149
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# PRs: | |
# - Builds Explorer | |
# Pushes: | |
# - Builds Explorer | |
# - Pushes Docker image to Docker Hub | |
# - Deploys to staging environment | |
# Tags: | |
# - Builds Explorer | |
# - Pushes Docker image to Docker Hub | |
# - Deploys to staging environment | |
# - Deploys to prod environment | |
name: CI/CD | |
on: | |
push: | |
branches: | |
- '**' | |
paths-ignore: | |
- '**/CHANGELOG.md' | |
- '**/package.json' | |
pull_request: | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
build-publish: | |
runs-on: ubuntu-latest | |
outputs: | |
docker_image_digest: ${{ steps.docker_push.outputs.digest }} | |
version: ${{ steps.docker_meta.outputs.version }} | |
new_release_published: ${{ steps.semantic.outputs.new_release_published }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
persist-credentials: false | |
- name: Semantic Release | |
uses: cycjimmy/semantic-release-action@v3 | |
id: semantic | |
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_TOKEN || secrets.GITHUB_TOKEN }} | |
SEMANTIC_RELEASE_PACKAGE: ${{ github.event.repository.name }} | |
with: | |
semantic_version: 19 | |
extra_plugins: | | |
@semantic-release/changelog | |
@semantic-release/git | |
- name: Checkout tag | |
if: steps.semantic.outputs.new_release_version != '' | |
uses: actions/checkout@v3 | |
with: | |
ref: v${{ steps.semantic.outputs.new_release_version }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Docker meta | |
id: docker_meta | |
uses: docker/metadata-action@v4 | |
with: | |
images: ${{ github.repository }} | |
tags: | | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern={{version}},value=${{ steps.semantic.outputs.new_release_version }},enable=${{ steps.semantic.outputs.new_release_published == 'true' }} | |
type=semver,pattern={{major}}.{{minor}},value=${{ steps.semantic.outputs.new_release_version }},enable=${{ steps.semantic.outputs.new_release_published == 'true' }} | |
- name: Login to Dockerhub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- name: Build/Tag/Push Image | |
id: docker_push | |
uses: docker/build-push-action@v3 | |
with: | |
push: true | |
platforms: ${{ github.ref == 'refs/heads/main' && 'linux/amd64,linux/arm64' || 'linux/amd64' }} | |
tags: ${{ steps.docker_meta.outputs.tags }} | |
labels: ${{ steps.docker_meta.outputs.labels }} | |
secrets: | | |
"sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}" | |
build-args: | | |
RELEASE_TAG_NAME=${{ steps.semantic.outputs.new_release_version }} | |
NEXT_PUBLIC_SENTRY_DSN=${{ secrets.NEXT_PUBLIC_SENTRY_DSN }} | |
SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }} | |
- name: Deployment Info | |
run: 'echo "::warning::Will deploy docker tag/digest: ${{ steps.docker_meta.outputs.version }}/${{ steps.docker_push.outputs.digest }}"' | |
deploy-dev: | |
runs-on: ubuntu-latest | |
needs: | |
- build-publish | |
env: | |
DEPLOY_ENV: dev | |
environment: | |
name: k8s-dev | |
url: https://explorer.dev.hiro.so/ | |
steps: | |
- name: Checkout actions repo | |
uses: actions/checkout@v3 | |
with: | |
ref: explorer | |
token: ${{ secrets.GH_TOKEN }} | |
repository: ${{ secrets.DEVOPS_ACTIONS_REPO }} | |
- name: Deploy Explorer | |
uses: ./actions/deploy | |
with: | |
docker_tag: ${{ needs.build-publish.outputs.docker_image_digest }} | |
application_path: manifests/sites/explorer/${{ env.DEPLOY_ENV }}/base/kustomization.yaml | |
gh_token: ${{ secrets.GH_TOKEN }} | |
auto-approve-dev: | |
runs-on: ubuntu-latest | |
if: needs.build-publish.outputs.new_release_published == 'true' | |
needs: | |
- build-publish | |
steps: | |
- name: Approve pending deployment | |
run: | | |
sleep 5 | |
ENV_ID=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -H "Accept: application/vnd.github.v3+json" "https://api.github.com/repos/hirosystems/explorer/actions/runs/${{ github.run_id }}/pending_deployments" | jq -r '.[0].environment.id // empty') | |
if [[ -n "${ENV_ID}" ]]; then | |
curl -s -X POST -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -H "Accept: application/vnd.github.v3+json" "https://api.github.com/repos/hirosystems/explorer/actions/runs/${{ github.run_id }}/pending_deployments" -d "{\"environment_ids\":[${ENV_ID}],\"state\":\"approved\",\"comment\":\"auto approve\"}" | |
fi | |
deploy-staging: | |
runs-on: ubuntu-latest | |
needs: | |
- build-publish | |
- deploy-dev | |
env: | |
DEPLOY_ENV: stg | |
environment: | |
name: k8s-staging | |
url: https://explorer.stg.hiro.so/ | |
steps: | |
- name: Checkout actions repo | |
uses: actions/checkout@v3 | |
with: | |
ref: explorer | |
token: ${{ secrets.GH_TOKEN }} | |
repository: ${{ secrets.DEVOPS_ACTIONS_REPO }} | |
- name: Deploy Explorer | |
uses: ./actions/deploy | |
with: | |
docker_tag: ${{ needs.build-publish.outputs.docker_image_digest }} | |
application_path: manifests/sites/explorer/${{ env.DEPLOY_ENV }}/base/kustomization.yaml | |
gh_token: ${{ secrets.GH_TOKEN }} | |
auto-approve-staging: | |
runs-on: ubuntu-latest | |
if: needs.build-publish.outputs.new_release_published == 'true' | |
needs: | |
- build-publish | |
- deploy-dev | |
steps: | |
- name: Approve pending deployment | |
run: | | |
sleep 5 | |
ENV_ID=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -H "Accept: application/vnd.github.v3+json" "https://api.github.com/repos/hirosystems/explorer/actions/runs/${{ github.run_id }}/pending_deployments" | jq -r '.[0].environment.id // empty') | |
if [[ -n "${ENV_ID}" ]]; then | |
curl -s -X POST -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -H "Accept: application/vnd.github.v3+json" "https://api.github.com/repos/hirosystems/explorer/actions/runs/${{ github.run_id }}/pending_deployments" -d "{\"environment_ids\":[${ENV_ID}],\"state\":\"approved\",\"comment\":\"auto approve\"}" | |
fi | |
deploy-prod: | |
runs-on: ubuntu-latest | |
if: needs.build-publish.outputs.new_release_published == 'true' | |
needs: | |
- build-publish | |
- deploy-staging | |
env: | |
DEPLOY_ENV: prd | |
environment: | |
name: k8s-prod | |
url: https://explorer.hiro.so/ | |
steps: | |
- name: Checkout actions repo | |
uses: actions/checkout@v3 | |
with: | |
ref: explorer | |
token: ${{ secrets.GH_TOKEN }} | |
repository: ${{ secrets.DEVOPS_ACTIONS_REPO }} | |
- name: Deploy Explorer | |
uses: ./actions/deploy | |
with: | |
docker_tag: ${{ needs.build-publish.outputs.docker_image_digest }} | |
application_path: manifests/sites/explorer/${{ env.DEPLOY_ENV }}/base/kustomization.yaml | |
gh_token: ${{ secrets.GH_TOKEN }} |