feat: make 'reserve release' --amount parameter the amount to release by this execution command #2021
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened, closed] | |
| branches: | |
| - master | |
| workflow_dispatch: | |
| env: | |
| AWS_REGION: "eu-central-1" | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| permissions: | |
| id-token: write | |
| contents: write | |
| jobs: | |
| ### Pre merge workflow ############################################################################################################### | |
| build-linux-pre-merge: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged == false) | |
| outputs: | |
| sha: ${{ steps.get_sha.outputs.sha }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
| - name: Get current commit SHA | |
| id: get_sha | |
| run: echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
| - name: Setup Earthly | |
| uses: ./.github/earthly-setup | |
| with: | |
| ssh_key: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }} | |
| config_tar: ${{ secrets.EARTHLY_TAR }} | |
| - name: Acquire AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN_SECRET }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ secrets.ECR_REGISTRY_SECRET }} | |
| - name: Build and Artifacts and Push Image | |
| env: | |
| EARTHLY_CI: true | |
| EARTHLY_OUTPUT: true | |
| EARTHLY_PUSH: true | |
| run: | | |
| earthly -P +ci --image=${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node | |
| - name: Upload partner-chains-node artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: partner-chains-node-artifact | |
| path: partner-chains-node-artifact | |
| - name: Upload chain spec artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: chain-specs | |
| path: | | |
| ./devnet_chain_spec.json | |
| ./ci_preview_chain_spec.json | |
| ./staging_preview_chain_spec.json | |
| ./staging_preprod_chain_spec.json | |
| local-environment-tests: | |
| if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged == false) | |
| needs: build-linux-pre-merge | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
| - name: Deploy and test against local environment | |
| uses: ./.github/actions/tests/local-environment-tests | |
| with: | |
| tag: CI | |
| image: ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ needs.build-linux-pre-merge.outputs.sha }} | |
| sha: ${{ needs.build-linux-pre-merge.outputs.sha }} | |
| tests: premerge | |
| env: | |
| SUBSTRATE_REPO_SSH_KEY: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }} | |
| EARTHLY_TAR: ${{ secrets.EARTHLY_TAR }} | |
| AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }} | |
| AWS_REGION: ${{ env.AWS_REGION }} | |
| ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
| ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }} | |
| TEST_ENVIRONMENT: local | |
| local-environment-tests-alert: | |
| needs: local-environment-tests | |
| if: always() && needs.local-environment-tests.result != 'skipped' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
| - name: Download test report | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: test-results | |
| - name: Report to slack | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| JIRA_URL: ${{ secrets.JIRA_URL }} | |
| repository: ${{ github.repository }} | |
| slack_ref_name: ${{ github.ref_name }} | |
| job_url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
| github_actor_username: ${{ github.actor }} | |
| env: local-pre-merge | |
| run: | | |
| mv .report.json e2e-tests/.report.json | |
| cd e2e-tests | |
| ./report_slack.sh $repository $slack_ref_name $job_url $env $github_actor_username null | |
| shell: bash | |
| devshell-tests: | |
| needs: build-linux-pre-merge | |
| strategy: | |
| matrix: | |
| os: [nixos, macos] | |
| runs-on: | |
| - self-hosted | |
| - ${{ matrix.os }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
| - name: Acquire AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN_ }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Add signing key for nix | |
| run: echo "${{ secrets.NIX_SIGNING_KEY }}" > "${{ runner.temp }}/nix-key" | |
| - name: Run nixci to build/test all outputs | |
| run: | | |
| nix run github:srid/nixci -- -v build -- --fallback > /tmp/outputs | |
| - name: Copy nix scopes to nix cache | |
| run: | | |
| nix-store --stdin -q --deriver < /tmp/outputs | nix-store --stdin -qR --include-outputs \ | |
| | nix copy --stdin --to \ | |
| "s3://cache.sc.iog.io?secret-key=${{ runner.temp }}/nix-key®ion=$AWS_DEFAULT_REGION" \ | |
| && rm /tmp/outputs | |
| pre-merge-checks-complete: | |
| if: ${{ always() && (github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged == false)) }} | |
| needs: [build-linux-pre-merge, local-environment-tests, devshell-tests] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check if any needed job failed | |
| run: | | |
| if [[ "${{ needs.build-linux-pre-merge.result }}" != "success" || | |
| "${{ needs.local-environment-tests.result }}" != "success" || | |
| "${{ needs.devshell-tests.result }}" != "success" ]]; then | |
| echo "One or more needed jobs failed." | |
| exit 1 | |
| else | |
| echo "All needed jobs passed." | |
| fi | |
| ### Post merge workflow ############################################################################################################### | |
| build-linux-post-merge: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' && github.event.pull_request.merged == true | |
| outputs: | |
| sha: ${{ steps.get_sha.outputs.sha }} | |
| steps: | |
| - name: Checkout master | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: master | |
| - name: Get current commit SHA | |
| id: get_sha | |
| run: echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
| - name: Setup Earthly | |
| uses: ./.github/earthly-setup | |
| with: | |
| ssh_key: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }} | |
| config_tar: ${{ secrets.EARTHLY_TAR }} | |
| - name: Acquire AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN_SECRET }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ secrets.ECR_REGISTRY_SECRET }} | |
| - name: Build and Artifacts and Push Image | |
| env: | |
| EARTHLY_CI: true | |
| EARTHLY_OUTPUT: true | |
| EARTHLY_PUSH: true | |
| run: | | |
| earthly -P +ci --image=${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node --tags="latest" | |
| - name: Rename artifact | |
| run: | | |
| cp partner-chains-node partner-chains-node-${{ steps.get_sha.outputs.sha }}-x86_64-linux | |
| chmod +x partner-chains-node-${{ steps.get_sha.outputs.sha }}-x86_64-linux | |
| - name: Upload partner-chains-node artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: partner-chains-node-linux-artifact | |
| path: partner-chains-node-${{ steps.get_sha.outputs.sha }}-x86_64-linux | |
| - name: Upload chain spec artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: chain-specs | |
| path: | | |
| ./devnet_chain_spec.json | |
| ./ci_preview_chain_spec.json | |
| ./staging_preview_chain_spec.json | |
| ./staging_preprod_chain_spec.json | |
| build-macos-x86_64: | |
| if: github.event_name == 'pull_request' && github.event.pull_request.merged == true | |
| permissions: | |
| id-token: write | |
| contents: write | |
| runs-on: macos-latest | |
| steps: | |
| - name: Checkout master | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: master | |
| - name: Get current commit SHA | |
| id: get_sha | |
| run: echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
| - name: Build and Upload for macOS x86_64 | |
| uses: ./.github/actions/artifacts/build-pc-artifacts | |
| with: | |
| sha: ${{ steps.get_sha.outputs.sha }} | |
| tag: ${{ steps.get_sha.outputs.sha }} | |
| os: macos-x86_64 | |
| build-macos-arm64: | |
| if: github.event_name == 'pull_request' && github.event.pull_request.merged == true | |
| permissions: | |
| id-token: write | |
| contents: write | |
| runs-on: macos-latest | |
| steps: | |
| - name: Checkout master | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: master | |
| - name: Get current commit SHA | |
| id: get_sha | |
| run: echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
| - name: Build and Upload for macOS arm64 | |
| uses: ./.github/actions/artifacts/build-pc-artifacts | |
| with: | |
| sha: ${{ steps.get_sha.outputs.sha }} | |
| tag: ${{ steps.get_sha.outputs.sha }} | |
| os: macos-arm64 | |
| upload-to-s3: | |
| if: github.event_name == 'pull_request' && github.event.pull_request.merged == true | |
| needs: | |
| - build-linux-post-merge | |
| - build-macos-x86_64 | |
| - build-macos-arm64 | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: write | |
| steps: | |
| - name: Checkout master | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: master | |
| - name: Get current commit SHA | |
| id: get_sha | |
| run: echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
| - name: Upload Artifacts to S3 | |
| uses: ./.github/actions/artifacts/upload-to-s3 | |
| with: | |
| sha: ${{ steps.get_sha.outputs.sha }} | |
| bucket-name: ${{ secrets.AWS_CD_ARTIFACT_S3_BUCKET }} | |
| env: | |
| AWS_REGION: ${{ env.AWS_REGION }} | |
| AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_S3_ROLE_ARN_SECRET }} | |
| upload-chain-specs: | |
| if: github.event_name == 'pull_request' && github.event.pull_request.merged == true | |
| needs: build-linux-post-merge | |
| runs-on: eks | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: master | |
| - name: Upload chain spec artifacts to Kubernetes | |
| uses: ./.github/actions/deploy/upload-chain-specs | |
| with: | |
| sha: ${{ needs.build-linux-post-merge.outputs.sha }} | |
| env: | |
| kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
| K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
| K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
| deploy-rustdoc: | |
| if: github.event_name == 'pull_request' && github.event.pull_request.merged == true | |
| needs: build-linux-post-merge | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: master | |
| - name: Deploy Rust Docs | |
| uses: ./.github/actions/deploy/deploy-rustdoc | |
| with: | |
| ssh_key: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| local-environment-tests-post-merge: | |
| if: github.event_name == 'pull_request' && github.event.pull_request.merged == true | |
| needs: build-linux-post-merge | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: master | |
| - name: Deploy and test against local environment | |
| uses: ./.github/actions/tests/local-environment-tests | |
| with: | |
| tag: CI | |
| image: ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ needs.build-linux-post-merge.outputs.sha }} | |
| sha: ${{ needs.build-linux-post-merge.outputs.sha }} | |
| tests: postmerge | |
| env: | |
| SUBSTRATE_REPO_SSH_KEY: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }} | |
| EARTHLY_TAR: ${{ secrets.EARTHLY_TAR }} | |
| AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }} | |
| AWS_REGION: ${{ env.AWS_REGION }} | |
| ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
| ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }} | |
| TEST_ENVIRONMENT: local | |
| local-environment-tests-post-merge-alert: | |
| needs: local-environment-tests-post-merge | |
| if: always() && needs.local-environment-tests-post-merge.result != 'skipped' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: master | |
| - name: Download test report | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: test-results | |
| - name: Report to slack | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| JIRA_URL: ${{ secrets.JIRA_URL }} | |
| repository: ${{ github.repository }} | |
| slack_ref_name: ${{ github.ref_name }} | |
| job_url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
| github_actor_username: ${{ github.actor }} | |
| env: local-post-merge | |
| run: | | |
| mv .report.json e2e-tests/.report.json | |
| cd e2e-tests | |
| ./report_slack.sh $repository $slack_ref_name $job_url $env $github_actor_username null | |
| shell: bash | |
| deploy-ci-preview: | |
| needs: | |
| - build-linux-post-merge | |
| - local-environment-tests-post-merge-alert | |
| permissions: | |
| id-token: write | |
| contents: write | |
| runs-on: eks | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: master | |
| - name: Deploy ci-preview | |
| uses: ./.github/actions/deploy/deploy-ci-preview | |
| with: | |
| image: ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ needs.build-linux-post-merge.outputs.sha }} | |
| sha: ${{ needs.build-linux-post-merge.outputs.sha }} | |
| no-wipe: true | |
| env: | |
| AWS_REGION: "eu-central-1" | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
| AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }} | |
| ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }} | |
| kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
| K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
| K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
| post-merge-actions-complete: | |
| if: ${{ always() && (github.event_name == 'pull_request' && github.event.pull_request.merged == true) }} | |
| needs: [build-linux-post-merge, deploy-rustdoc, upload-chain-specs, local-environment-tests-post-merge, deploy-ci-preview] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check if any needed job failed | |
| run: | | |
| if [[ "${{ needs.deploy-rustdoc.result }}" != "success" || | |
| "${{ needs.build-linux-post-merge.result }}" != "success" || | |
| "${{ needs.upload-chain-specs.result }}" != "success" || | |
| "${{ needs.local-environment-tests-post-merge.result }}" != "success" ]] | |
| "${{ needs.deploy-ci-preview.result }}" != "success" ]]; then | |
| echo "One or more needed jobs failed." | |
| exit 1 | |
| else | |
| echo "All needed jobs passed." | |
| fi |