ci: fix gke auth actions #1782
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # Deploys the latest changes on 'main' branch, via a container | |
| # image tagged with 'main', to testnet-preview.penumbra.zone. | |
| name: Deploy testnet-preview.penumbra.zone | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| image_tag: | |
| description: 'Docker image tag to deploy' | |
| # The container tag "main" comes from the name of the main branch. | |
| # It's important we deploy this tag for preview, rather than "latest", | |
| # as "latest" maps to the most recent tag (i.e. weekly testnet). | |
| default: "main" | |
| required: true | |
| push: | |
| branches: | |
| - main | |
| # Cancel any pending preview deploys, in favor of a newer PR | |
| # that was just merged. | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| # Don't cancel mid-run, as an interrupted `helmfile sync` can create broken release | |
| # states in the kube API server that require manual cleanup. | |
| cancel-in-progress: false | |
| jobs: | |
| build-container: | |
| name: Build container for preview | |
| uses: ./.github/workflows/containers.yml | |
| secrets: inherit | |
| deploy: | |
| name: Deploy preview to cluster | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| needs: | |
| - build-container | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| environment: testnet-preview | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v4 | |
| - id: gcloudauth | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| workload_identity_provider: 'projects/1006847873719/locations/global/workloadIdentityPools/gh-runner-pool/providers/my-provider' | |
| service_account: '[email protected]' | |
| - name: get gke credentials | |
| uses: google-github-actions/get-gke-credentials@v1 | |
| with: | |
| cluster_name: testnet | |
| project_id: penumbra-sl-testnet | |
| location: us-central1 | |
| - name: install helmfile | |
| uses: mamezou-tech/[email protected] | |
| with: | |
| helmfile-version: "v0.157.0" | |
| - name: deploy | |
| run: |- | |
| export PATH="$HOME/bin:$PATH" | |
| cd deployments/ | |
| export PENUMBRA_VERSION='main' | |
| export HELM_RELEASE='penumbra-preview' | |
| ./ci.sh | |
| - name: bounce grpcui | |
| run: kubectl rollout restart deployment grpcui-preview | |
| - name: bounce osiris | |
| run: kubectl rollout restart deployment osiris-preview | |
| # We only run one (1) relayer instance, and re-deploy it as part of the preview update. | |
| # The other end of the configured path is the long-running testnet. | |
| # We ignore errors on the bounce, because we may have removed the deployment out of band: | |
| # we're still working on reliable packet relaying between test chains. | |
| - name: bounce relayer | |
| run: |- | |
| kubectl rollout restart deployment relayer-preview || true |