-
Notifications
You must be signed in to change notification settings - Fork 46
139 lines (131 loc) · 5.24 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: "Deploy"
env:
CACHE_NAME: marlowe-temp
ALLOWED_URIS: "https://github.com https://api.github.com"
TRUSTED_PUBLIC_KEYS: "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= marlowe-temp.cachix.org-1:1gPjVFpu4QjaAT3tRurCioX+BC23V7mjvFwpP5bV0Ec="
SUBSTITUTERS: "https://cache.nixos.org/ https://cache.iog.io https://marlowe-temp.cachix.org"
VAULT_ADDR: "https://vault.dapps.aws.iohkdev.io"
NOMAD_ADDR: "https://nomad.dapps.aws.iohkdev.io"
NOMAD_NAMESPACE: "marlowe"
on:
push:
branches:
- main
tags:
- runtime@v*
- marlowe-runtime-web@v*
- marlowe-apps@v*
jobs:
publish:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout
uses: actions/[email protected]
- name: Install Nix
uses: cachix/install-nix-action@v26
with:
nix_path: nixpkgs=channel:nixos-unstable
install_url: https://releases.nixos.org/nix/nix-2.10.3/install
extra_nix_config: |
allowed-uris = ${{ env.ALLOWED_URIS }}
trusted-public-keys = ${{ env.TRUSTED_PUBLIC_KEYS }}
substituters = ${{ env.SUBSTITUTERS }}
experimental-features = nix-command flakes
- name: Build images and copy to local Docker registry
run: |
nix build .#oci-images.x86_64-linux.all.copyToDockerDaemon
./result/bin/copy-to-docker-daemon
- name: Authenticate with container registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
- name: Tag and push images
run: |
tagAndPush() {
IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$1
# Change all uppercase to lowercase
IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
echo IMAGE_ID=$IMAGE_ID
docker tag $1:latest $IMAGE_ID:$TAG
docker push $IMAGE_ID:$TAG
}
if [[ "${{ github.ref }}" == "refs/tags/runtime@v"* ]]
then
# Strip "runtime@v" prefix from tag name
export TAG=$(echo "${{ github.ref_name }}" | sed -e "s/^runtime@v//")
echo TAG=$TAG
tagAndPush "marlowe-chain-indexer"
tagAndPush "marlowe-chain-sync"
tagAndPush "marlowe-indexer"
tagAndPush "marlowe-sync"
tagAndPush "marlowe-contract"
tagAndPush "marlowe-tx"
tagAndPush "marlowe-proxy"
tagAndPush "marlowe-web-server"
elif [[ "${{ github.ref }}" == "refs/tags/marlowe-apps@v"* ]]
then
# Strip "marlowe-apps@v" prefix from tag name
export TAG=$(echo "${{ github.ref_name }}" | sed -e "s/^marlowe-apps@v//")
echo TAG=$TAG
tagAndPush "marlowe-pipe"
tagAndPush "marlowe-oracle"
elif [[ "${{ github.ref }}" == "refs/tags/marlowe-runtime-web@v"* ]]
then
# Strip "marlowe-runtime-web@v" prefix from tag name
export TAG=$(echo "${{ github.ref_name }}" | sed -e "s/^marlowe-runtime-web@v//")
echo TAG=$TAG
tagAndPush "marlowe-web-server"
else
export "TAG=${GITHUB_SHA::8}"
echo TAG=$TAG
tagAndPush "marlowe-chain-indexer"
tagAndPush "marlowe-chain-sync"
tagAndPush "marlowe-indexer"
tagAndPush "marlowe-sync"
tagAndPush "marlowe-contract"
tagAndPush "marlowe-tx"
tagAndPush "marlowe-proxy"
tagAndPush "marlowe-web-server"
tagAndPush "marlowe-pipe"
tagAndPush "marlowe-oracle"
fi
autocommit:
name: Auto Commit
needs: publish
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v4
with:
ref: main
token: ${{ secrets.GH_PAT }}
- name: Update publish version
id: update
run: |
if [[ "${{ github.ref }}" == "refs/tags/runtime@v"* ]]
then
export TAG=$(echo "${{ github.ref_name }}" | sed -e "s/^runtime@v//")
echo TAG=$TAG
yq e -i '.instances.demo.tag = env(TAG)' deploy/marlowe-runtime/values.yaml
yq e -i '.instances.demo.webTag = env(TAG)' deploy/marlowe-runtime/values.yaml
elif [[ "${{ github.ref }}" == "refs/tags/marlowe-runtime-web@v"* ]]
then
export TAG=$(echo "${{ github.ref_name }}" | sed -e "s/^marlowe-runtime-web@v//")
echo TAG=$TAG
yq e -i '.instances.demo.webTag = env(TAG)' deploy/marlowe-runtime/values.yaml
else
export "TAG=${GITHUB_SHA::8}"
echo TAG=$TAG
yq e -i '.instances.qa.tag = env(TAG)' deploy/marlowe-runtime/values.yaml
yq e -i '.instances.qa.webTag = env(TAG)' deploy/marlowe-runtime/values.yaml
yq e -i '.images.stagingTag = env(TAG)' deploy/marlowe-oracle/values.yaml
fi
- name: Commit changes
uses: EndBug/add-and-commit@v7
with:
default_author: github_actions
add: '.'
message: "[ci skip] deploy from ${{ steps.update.outputs.VERSION }}"
signoff: true
branch: main