Merge pull request #844 from input-output-hk/nhenin/burn-roletokens #1206
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Deploy" | |
env: | |
CACHE_NAME: marlowe-temp | |
ALLOWED_URIS: "https://github.com https://api.github.com" | |
TRUSTED_PUBLIC_KEYS: "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= marlowe-temp.cachix.org-1:1gPjVFpu4QjaAT3tRurCioX+BC23V7mjvFwpP5bV0Ec=" | |
SUBSTITUTERS: "https://cache.nixos.org/ https://cache.iog.io https://marlowe-temp.cachix.org" | |
VAULT_ADDR: "https://vault.dapps.aws.iohkdev.io" | |
NOMAD_ADDR: "https://nomad.dapps.aws.iohkdev.io" | |
NOMAD_NAMESPACE: "marlowe" | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- runtime@v* | |
- marlowe-runtime-web@v* | |
- marlowe-apps@v* | |
jobs: | |
publish: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout | |
uses: actions/[email protected] | |
- name: Install Nix | |
uses: cachix/install-nix-action@v26 | |
with: | |
nix_path: nixpkgs=channel:nixos-unstable | |
install_url: https://releases.nixos.org/nix/nix-2.20.3/install | |
extra_nix_config: | | |
allowed-uris = ${{ env.ALLOWED_URIS }} | |
trusted-public-keys = ${{ env.TRUSTED_PUBLIC_KEYS }} | |
substituters = ${{ env.SUBSTITUTERS }} | |
experimental-features = nix-command flakes | |
- name: Build images and copy to local Docker registry | |
run: | | |
nix build .#oci-images.x86_64-linux.all.copyToDockerDaemon | |
./result/bin/copy-to-docker-daemon | |
- name: Authenticate with container registry | |
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin | |
- name: Tag and push images | |
run: | | |
tagAndPush() { | |
IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$1 | |
# Change all uppercase to lowercase | |
IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') | |
echo IMAGE_ID=$IMAGE_ID | |
docker tag $1:latest $IMAGE_ID:$TAG | |
docker push $IMAGE_ID:$TAG | |
} | |
if [[ "${{ github.ref }}" == "refs/tags/runtime@v"* ]] | |
then | |
# Strip "runtime@v" prefix from tag name | |
export TAG=$(echo "${{ github.ref_name }}" | sed -e "s/^runtime@v//") | |
echo TAG=$TAG | |
tagAndPush "marlowe-chain-indexer" | |
tagAndPush "marlowe-chain-sync" | |
tagAndPush "marlowe-indexer" | |
tagAndPush "marlowe-sync" | |
tagAndPush "marlowe-contract" | |
tagAndPush "marlowe-tx" | |
tagAndPush "marlowe-proxy" | |
tagAndPush "marlowe-web-server" | |
elif [[ "${{ github.ref }}" == "refs/tags/marlowe-apps@v"* ]] | |
then | |
# Strip "marlowe-apps@v" prefix from tag name | |
export TAG=$(echo "${{ github.ref_name }}" | sed -e "s/^marlowe-apps@v//") | |
echo TAG=$TAG | |
tagAndPush "marlowe-pipe" | |
tagAndPush "marlowe-oracle" | |
elif [[ "${{ github.ref }}" == "refs/tags/marlowe-runtime-web@v"* ]] | |
then | |
# Strip "marlowe-runtime-web@v" prefix from tag name | |
export TAG=$(echo "${{ github.ref_name }}" | sed -e "s/^marlowe-runtime-web@v//") | |
echo TAG=$TAG | |
tagAndPush "marlowe-web-server" | |
else | |
export "TAG=${GITHUB_SHA::8}" | |
echo TAG=$TAG | |
tagAndPush "marlowe-chain-indexer" | |
tagAndPush "marlowe-chain-sync" | |
tagAndPush "marlowe-indexer" | |
tagAndPush "marlowe-sync" | |
tagAndPush "marlowe-contract" | |
tagAndPush "marlowe-tx" | |
tagAndPush "marlowe-proxy" | |
tagAndPush "marlowe-web-server" | |
tagAndPush "marlowe-pipe" | |
tagAndPush "marlowe-oracle" | |
fi | |
autocommit: | |
name: Auto Commit | |
needs: publish | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
with: | |
ref: main | |
token: ${{ secrets.GH_PAT }} | |
- name: Update publish version | |
id: update | |
run: | | |
if [[ "${{ github.ref }}" == "refs/tags/runtime@v"* ]] | |
then | |
export TAG=$(echo "${{ github.ref_name }}" | sed -e "s/^runtime@v//") | |
echo TAG=$TAG | |
yq e -i '.instances.demo.tag = env(TAG)' deploy/marlowe-runtime/values.yaml | |
yq e -i '.instances.demo.webTag = env(TAG)' deploy/marlowe-runtime/values.yaml | |
elif [[ "${{ github.ref }}" == "refs/tags/marlowe-runtime-web@v"* ]] | |
then | |
export TAG=$(echo "${{ github.ref_name }}" | sed -e "s/^marlowe-runtime-web@v//") | |
echo TAG=$TAG | |
yq e -i '.instances.demo.webTag = env(TAG)' deploy/marlowe-runtime/values.yaml | |
else | |
export "TAG=${GITHUB_SHA::8}" | |
echo TAG=$TAG | |
yq e -i '.instances.qa.tag = env(TAG)' deploy/marlowe-runtime/values.yaml | |
yq e -i '.instances.qa.webTag = env(TAG)' deploy/marlowe-runtime/values.yaml | |
yq e -i '.images.stagingTag = env(TAG)' deploy/marlowe-oracle/values.yaml | |
fi | |
- name: Commit changes | |
uses: EndBug/add-and-commit@v9 | |
with: | |
default_author: github_actions | |
add: '.' | |
message: "[ci skip] deploy from ${{ steps.update.outputs.VERSION }}" | |
signoff: true | |
branch: main |