Skip to content

chore: add safety check when update ledger (#1952) #1054

chore: add safety check when update ledger (#1952)

chore: add safety check when update ledger (#1952) #1054

Workflow file for this run

name: Docker Image
on:
push:
branches: [master]
tags:
- "v*"
- "staging*"
- "qa*"
jobs:
start-runner:
name: start self-hosted EC2 runner
runs-on: ubuntu-latest
outputs:
label: ${{ steps.start-ec2-runner.outputs.label }}
ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Start EC2 runner
id: start-ec2-runner
uses: machulav/ec2-github-runner@v2
with:
mode: start
github-token: ${{ secrets.PAT_RUNNER }}
ec2-image-id: ${{ secrets.EC2_IMAGE_ID }}
ec2-instance-type: ${{ secrets.EC2_INSTANCE_TYPE }}
subnet-id: ${{ secrets.SUBNET_ID }}
security-group-id: ${{ secrets.SECURITY_GROUP_ID }}
aws-resource-tags: >
[
{"Key": "Name", "Value": "${{ github.workflow }}"},
{"Key": "GitHubRepository", "Value": "${{ github.repository }}"}
]
parallel:
if: github.repository == 'parallel-finance/parallel'
needs: start-runner
runs-on: ${{ needs.start-runner.outputs.label }}
strategy:
matrix:
os: [self-hosted]
bin: ["parallel"]
steps:
- name: cleaning up
run: |
echo '${{ secrets.RUNNER_PASSWORD }}' | sudo -S chown -R $USER:$USER $GITHUB_WORKSPACE
echo "HOME=/home/ubuntu" >> ${GITHUB_ENV}
apt update -y && apt install git-lfs -y
- name: Checkout github repo (+ download lfs dependencies)
uses: actions/checkout@v3
with:
lfs: true
submodules: true
fetch-depth: 2
- name: Checkout LFS objects
run: git lfs checkout
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Get GIT Tag
if: startsWith(github.ref, 'refs/tags/')
id: git_tag
run: echo ::set-output name=tag::${GITHUB_REF/refs\/tags\//}
- uses: haya14busa/action-cond@v1
id: docker_tag
with:
cond: ${{ startsWith(github.ref, 'refs/tags/') }}
if_true: ${{ steps.git_tag.outputs.tag }}
if_false: "latest"
- name: Build and push production image
id: docker_build
uses: docker/build-push-action@v2
with:
context: .
file: Dockerfile.release
push: true
platforms: linux/amd64
build-args: |
BIN=${{ matrix.bin }}
PROFILE=release
tags: ${{ secrets.DOCKERHUB_ORGNAME }}/${{ matrix.bin }}:${{ steps.docker_tag.outputs.value }}
- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}
- name: slack
uses: 8398a7/action-slack@v3
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
status: ${{ job.status }}
fields: repo,message,commit,author,eventName,ref,workflow
if: always()
parallel-helper:
if: github.repository == 'parallel-finance/parallel'
needs:
- start-runner
- parallel
runs-on: ${{ needs.start-runner.outputs.label }}
strategy:
matrix:
os: [self-hosted]
bin: ["helper"]
steps:
- name: cleaning up
run: |
echo '${{ secrets.RUNNER_PASSWORD }}' | sudo -S chown -R $USER:$USER $GITHUB_WORKSPACE
echo "HOME=/home/ubuntu" >> ${GITHUB_ENV}
- name: Checkout github repo (+ download lfs dependencies)
uses: actions/checkout@v3
with:
lfs: true
submodules: true
fetch-depth: 2
- name: Checkout LFS objects
run: git lfs checkout
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Get GIT Tag
if: startsWith(github.ref, 'refs/tags/')
id: git_tag
run: echo ::set-output name=tag::${GITHUB_REF/refs\/tags\//}
- uses: haya14busa/action-cond@v1
id: docker_tag
with:
cond: ${{ startsWith(github.ref, 'refs/tags/') }}
if_true: ${{ steps.git_tag.outputs.tag }}
if_false: "latest"
- name: Build and push
id: docker_build
uses: docker/build-push-action@v2
with:
context: scripts/helper
file: scripts/helper/Dockerfile.release
push: true
platforms: linux/amd64
tags: ${{ secrets.DOCKERHUB_ORGNAME }}/${{ matrix.bin }}:${{ steps.docker_tag.outputs.value }}
- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}
- name: slack
uses: 8398a7/action-slack@v3
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
status: ${{ job.status }}
fields: repo,message,commit,author,eventName,ref,workflow
if: always()
stop-runner:
name: stop self-hosted EC2 runner
needs:
- start-runner
- parallel
- parallel-helper
runs-on: ubuntu-latest
if: ${{ always() }}
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Stop EC2 runner
uses: machulav/ec2-github-runner@v2
with:
mode: stop
github-token: ${{ secrets.PAT_RUNNER }}
label: ${{ needs.start-runner.outputs.label }}
ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }}