Release #9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Release" | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| sha: | |
| description: "partner-chains commit SHA to release" | |
| required: true | |
| type: string | |
| tag: | |
| description: "partner-chains release tag" | |
| required: true | |
| type: string | |
| no-release: | |
| description: "SKIP RELEASE - Don't even create a draft release" | |
| required: false | |
| type: boolean | |
| default: false | |
| no-deploy: | |
| description: "SKIP DEPLOY - Don't deploy to staging environment" | |
| required: false | |
| type: boolean | |
| default: false | |
| no-wipe: | |
| description: "SKIP WIPE - Don't wipe staging chain" | |
| required: false | |
| type: boolean | |
| default: false | |
| no-tests: | |
| description: "SKIP TESTS - Exlucde all test jobs against staging environment" | |
| required: false | |
| type: boolean | |
| default: false | |
| no-public-release: | |
| description: "SKIP PUBLIC RELEASE - Don't make release public" | |
| required: false | |
| type: boolean | |
| default: true | |
| no-ghcr: | |
| description: "SKIP GHCR - Don't publish public GHCR image" | |
| required: false | |
| type: boolean | |
| default: true | |
| permissions: | |
| id-token: write | |
| contents: write | |
| packages: write | |
| env: | |
| AWS_REGION: "eu-central-1" | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| STAGING_PREVIEW_SERVICES_HOST: staging-preview-services-service.staging-preview.svc.cluster.local | |
| STAGING_PREVIEW_VALIDATOR_1_HOST: staging-preview-validator-1-service.staging-preview.svc.cluster.local | |
| STAGING_PREVIEW_VALIDATOR_1_PORT: 9933 | |
| jobs: | |
| download-from-s3: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Download Artifacts from S3 | |
| uses: ./.github/actions/artifacts/download-from-s3 | |
| with: | |
| sha: ${{ inputs.sha }} | |
| bucket-name: ${{ secrets.AWS_CD_ARTIFACT_S3_BUCKET }} | |
| env: | |
| AWS_REGION: ${{ env.AWS_REGION }} | |
| AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_S3_ROLE_ARN_SECRET }} | |
| - name: Rename artifacts | |
| run: | | |
| for file in *${{ inputs.sha }}*; do | |
| if [ -f "$file" ]; then | |
| mv "$file" "${file/${{ inputs.sha }}/${{ inputs.tag }}}" | |
| fi | |
| done | |
| create-draft-release: | |
| if: ${{ !inputs.no-release }} | |
| permissions: | |
| id-token: write | |
| contents: write | |
| needs: download-from-s3 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Create Draft Release | |
| uses: ./.github/actions/release/create-draft-release | |
| with: | |
| sha: ${{ inputs.sha }} | |
| tag: ${{ inputs.tag }} | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| deploy-staging-preview: | |
| if: inputs.no-deploy != 'true' | |
| permissions: | |
| id-token: write | |
| contents: write | |
| runs-on: eks | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Deploy staging-preview | |
| uses: ./.github/actions/deploy/deploy-staging-preview | |
| with: | |
| image: ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ inputs.sha }} | |
| sha: ${{ inputs.sha }} | |
| no-wipe: ${{ inputs.no-wipe || 'false' }} | |
| env: | |
| AWS_REGION: "eu-central-1" | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
| AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }} | |
| ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }} | |
| kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
| K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
| K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
| partner-chain-ready: | |
| if: | | |
| always() && | |
| inputs.no-tests != 'true' && | |
| (needs.deploy-staging-preview.result == 'success' || needs.deploy-staging-preview.result == 'skipped') | |
| runs-on: eks | |
| needs: deploy-staging-preview | |
| outputs: | |
| deployment_mc_epoch: ${{ steps.mc-epoch.outputs.deployment_mc_epoch }} | |
| steps: | |
| - name: Set deployment main chain epoch | |
| id: mc-epoch | |
| run: echo "deployment_mc_epoch=$(curl -s http://$STAGING_PREVIEW_SERVICES_HOST:1337/health | jq .currentEpoch)" >> $GITHUB_OUTPUT | |
| shell: bash | |
| - name: Check Finalization Status | |
| run: | | |
| get_finalized_number() { | |
| curl -s -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"chain_getFinalizedHead","params":[],"id":"1"}' http://$STAGING_PREVIEW_VALIDATOR_1_HOST:$STAGING_PREVIEW_VALIDATOR_1_PORT | | |
| jq -r ".result" | | |
| xargs -I {} curl -s -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"chain_getHeader","params":["{}"],"id":"1"}' http://$STAGING_PREVIEW_VALIDATOR_1_HOST:$STAGING_PREVIEW_VALIDATOR_1_PORT | | |
| jq -r ".result.number" | xargs printf "%d" || true | |
| } | |
| INITIAL_FINALIZED_NUMBER=$(get_finalized_number) | |
| echo "Initial Finalized Block Number: $INITIAL_FINALIZED_NUMBER" | |
| timeout=300 # Timeout in seconds | |
| interval=10 # Interval in seconds | |
| elapsed=0 | |
| while true; do | |
| if [ $elapsed -ge $timeout ]; then | |
| echo "Timeout reached: $timeout seconds" | |
| exit 1 | |
| fi | |
| CURRENT_FINALIZED_NUMBER=$(get_finalized_number) | |
| echo "Current Finalized Block Number: $CURRENT_FINALIZED_NUMBER" | |
| if [ "$CURRENT_FINALIZED_NUMBER" -gt "$INITIAL_FINALIZED_NUMBER" ]; then | |
| echo "Finalized block number has increased." | |
| break | |
| fi | |
| echo "Waiting for blocks to be finalized..." | |
| sleep $interval | |
| elapsed=$((elapsed + interval)) | |
| done | |
| echo "Blocks are being finalized. Finalized Block Number: $CURRENT_FINALIZED_NUMBER" | |
| shell: bash | |
| run-smoke-tests: | |
| if: always() && inputs.no-tests != 'true' && needs.partner-chain-ready.result == 'success' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| needs: partner-chain-ready | |
| runs-on: eks | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.tag }} | |
| - name: Setup tests | |
| uses: ./.github/actions/tests/setup-python | |
| env: | |
| ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
| kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
| K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
| K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
| - name: Run smoke tests | |
| uses: ./.github/actions/tests/run-e2e-tests | |
| with: | |
| blockchain: substrate | |
| env: staging | |
| decrypt: true | |
| markers: "not active_flow and not passive_flow and (CD or rpc)" | |
| threads: 1 | |
| run-all-tests: | |
| if: always() && inputs.no-tests != 'true' && needs.run-smoke-tests.result == 'success' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| needs: run-smoke-tests | |
| runs-on: eks | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.tag }} | |
| - name: Setup tests | |
| uses: ./.github/actions/tests/setup-python | |
| env: | |
| ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
| kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
| K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
| K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
| - name: Run all tests (some skipped due to new deployment) | |
| uses: ./.github/actions/tests/run-e2e-tests | |
| env: | |
| DEPLOYMENT_MC_EPOCH: ${{ needs.partner-chain-ready.outputs.deployment_mc_epoch }} | |
| with: | |
| blockchain: substrate | |
| env: staging | |
| decrypt: true | |
| markers: "not active_flow and not passive_flow" | |
| deployment_mc_epoch: $DEPLOYMENT_MC_EPOCH | |
| threads: 1 | |
| wait-for-n1-epoch: | |
| if: always() && inputs.no-tests != 'true' && needs.partner-chain-ready.result == 'success' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| needs: partner-chain-ready | |
| runs-on: eks | |
| timeout-minutes: 1440 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Configure kubectl | |
| uses: ./.github/actions/tests/configure-kubectl | |
| env: | |
| kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
| K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
| K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
| - name: Set MC epoch to wait for | |
| id: increment-epoch | |
| env: | |
| DEPLOYMENT_MC_EPOCH: ${{ needs.partner-chain-ready.outputs.deployment_mc_epoch }} | |
| run: | | |
| echo "Current epoch: $DEPLOYMENT_MC_EPOCH" | |
| incremented_epoch=$((DEPLOYMENT_MC_EPOCH + 1)) | |
| echo "Incremented epoch: $incremented_epoch" | |
| echo "mc_epoch_to_wait_for=$incremented_epoch" >> $GITHUB_OUTPUT | |
| - name: Wait for next MC epoch | |
| uses: ./.github/actions/tests/wait-for-epoch | |
| with: | |
| epoch: ${{ steps.increment-epoch.outputs.mc_epoch_to_wait_for }} | |
| deployment: kubernetes | |
| node: staging-preview-validator-1 | |
| environment: staging-preview | |
| run-all-tests-on-n1-epoch: | |
| if: always() && inputs.no-tests != 'true' && needs.wait-for-n1-epoch.result == 'success' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| needs: wait-for-n1-epoch | |
| runs-on: eks | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.tag }} | |
| - name: Setup tests | |
| uses: ./.github/actions/tests/setup-python | |
| env: | |
| ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
| kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
| K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
| K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
| - name: Run all tests (some skipped due to new deployment) | |
| uses: ./.github/actions/tests/run-e2e-tests | |
| env: | |
| DEPLOYMENT_MC_EPOCH: ${{ needs.partner-chain-ready.outputs.deployment_mc_epoch }} | |
| with: | |
| blockchain: substrate | |
| env: staging | |
| decrypt: true | |
| latest_mc_epoch: true | |
| markers: "not active_flow and not passive_flow" | |
| deployment_mc_epoch: $DEPLOYMENT_MC_EPOCH | |
| threads: 1 | |
| wait-for-n2-epoch: | |
| if: | | |
| always() && | |
| inputs.no-tests != 'true' && | |
| needs.partner-chain-ready.result == 'success' && | |
| needs.wait-for-n1-epoch.result == 'success' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| needs: | |
| - partner-chain-ready | |
| - wait-for-n1-epoch | |
| runs-on: eks | |
| timeout-minutes: 1450 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Configure kubectl | |
| uses: ./.github/actions/tests/configure-kubectl | |
| env: | |
| kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
| K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
| K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
| - name: Set MC epoch to wait for | |
| id: increment-epoch | |
| env: | |
| DEPLOYMENT_MC_EPOCH: ${{ needs.partner-chain-ready.outputs.deployment_mc_epoch }} | |
| run: | | |
| echo "Current epoch: $DEPLOYMENT_MC_EPOCH" | |
| incremented_epoch=$((DEPLOYMENT_MC_EPOCH + 2)) | |
| echo "Incremented epoch: $incremented_epoch" | |
| echo "mc_epoch_to_wait_for=$incremented_epoch" >> $GITHUB_OUTPUT | |
| - name: Wait for next MC epoch | |
| uses: ./.github/actions/tests/wait-for-epoch | |
| with: | |
| epoch: ${{ steps.increment-epoch.outputs.mc_epoch_to_wait_for }} | |
| deployment: kubernetes | |
| node: staging-preview-validator-1 | |
| environment: staging-preview | |
| run-all-tests-on-n2-epoch: | |
| if: always() && inputs.no-tests != 'true' && needs.wait-for-n2-epoch.result == 'success' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| needs: wait-for-n2-epoch | |
| runs-on: eks | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.tag }} | |
| - name: Setup tests | |
| uses: ./.github/actions/tests/setup-python | |
| env: | |
| ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
| kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
| K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
| K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
| - name: Run all tests (no skipped tests) | |
| uses: ./.github/actions/tests/run-e2e-tests | |
| env: | |
| DEPLOYMENT_MC_EPOCH: ${{ needs.partner-chain-ready.outputs.deployment_mc_epoch }} | |
| with: | |
| blockchain: substrate | |
| env: staging | |
| decrypt: true | |
| latest_mc_epoch: true | |
| markers: "not active_flow and not passive_flow" | |
| deployment_mc_epoch: $DEPLOYMENT_MC_EPOCH | |
| threads: 1 | |
| publish-ghcr: | |
| if: | | |
| inputs.no-ghcr != 'true' && | |
| (inputs.no-tests == 'true' || needs.run-all-tests-on-n2-epoch.result == 'success') | |
| permissions: | |
| id-token: write | |
| contents: write | |
| packages: write | |
| needs: run-all-tests-on-n2-epoch | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Trigger Publish Workflow | |
| run: | | |
| curl -X POST \ | |
| -H "Authorization: token ${{ secrets.ACTIONS_PUBLISH_PAT }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| https://api.github.com/repos/${{ github.repository }}/actions/workflows/release-publish-ghcr.yml/dispatches \ | |
| -d '{"ref": "${{ github.ref_name }}", "inputs": {"sha": "${{ inputs.sha }}", "tag": "${{ inputs.tag }}"}}' | |
| publish-public-release: | |
| if: | | |
| inputs.no-release != 'true' && | |
| inputs.no-public-release != 'true' && | |
| (inputs.no-tests == 'true' || needs.run-all-tests-on-n2-epoch.result == 'success') | |
| permissions: | |
| id-token: write | |
| contents: write | |
| packages: write | |
| needs: run-all-tests-on-n2-epoch | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Trigger Publish Workflow | |
| run: | | |
| curl -X POST \ | |
| -H "Authorization: token ${{ secrets.ACTIONS_PUBLISH_PAT }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| https://api.github.com/repos/${{ github.repository }}/actions/workflows/release-publish-draft-release.yml/dispatches \ | |
| -d '{"ref": "${{ github.ref_name }}", "inputs": {"sha": "${{ inputs.sha }}", "tag": "${{ inputs.tag }}"}}' |