Skip to content

Commit

Permalink
Modify the ci flow
Browse files Browse the repository at this point in the history 
add to push

add oauth

minor modify
  • Loading branch information
@Lisooo790926
Lisooo790926 committed Oct 19, 2023
1 parent 1d1d786 commit 4b17966
Show file tree
Hide file tree
Showing 15 changed files with 577 additions and 434 deletions.
3 changes: 0 additions & 3 deletions .dockerignore
View file

This file was deleted.

2 changes: 1 addition & 1 deletion .github/workflows/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# This is the custom image for running build-and-test.yml

FROM ubuntu:22.04
FROM node:18-buster

ENV DEBIAN_FRONTEND=noninteractive

Expand Down
147 changes: 147 additions & 0 deletions .github/workflows/build-all.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,147 @@
name: CD-Build All

on:
workflow_call:
inputs:
build-services:
default: 'relay-frontend'
type: string
version:
default: '0.0.1'
type: string
jobs:
build-all:
if: ${{ inputs.build-services == 'contract' }}
runs-on: ubuntu-22.04
steps:
- name: Install node.js
uses: actions/setup-node@v3
with:
node-version: '18'

- name: Check out repository code
uses: actions/checkout@v3

- name: Setup circom, related lib
run: |
apt-get update && apt-get install -y build-essential curl
curl --proto '=https' --tlsv1.2 https://sh.rustup.rs -sSf | sh -s -- -y && \
. "$HOME/.cargo/env" && \
cd /tmp && \
git clone https://github.com/iden3/circom.git && \
cd circom && \
cargo build --release && \
cargo install --path circom
echo "/root/.cargo/bin" >> $GITHUB_PATH
- name: Install and build packages
run: yarn && yarn build

- name: Install Tenderly CLI
run: curl https://raw.githubusercontent.com/Tenderly/tenderly-cli/master/scripts/install-linux.sh | sudo sh

- name: Deploy contracts
run: |
mv ./packages/relay/.env.example /packages/relay/.env
yarn contracts deploy:devnet
env:
TENDERLY_ACCESS_KEY: ${{ secrets.TENDERLY_ACCESS_KEY }}
TENDERLY_PROJECT_SLUG: ${{ secrets.TENDERLY_PROJECT_SLUG }}
TENDERLY_DEVNET_TEMPLATE: ${{ secrets.TENDERLY_DEVNET_TEMPLATE }}
TENDERLY_ACCOUNT_ID: ${{ secrets.TENDERLY_ACCOUNT_ID }}

- name: Export Config to GitHub Envs
run: gh variable set -f /packages/relay/.env --repo $GITHUB_REPOSITORY
env:
GH_TOKEN: ${{ secrets.GH_PAT }}

- name: Authenticate to Google Cloud
id: auth
uses: 'google-github-actions/auth@v1'
with:
token_format: access_token
workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
access_token_lifetime: 300s

- name: Login Registry
id: docker-auth
uses: docker/login-action@v1
with:
registry: ${{ vars.GAR_LOCATION }}-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}

- name: push relay image
run: |
docker build -t ${{ vars.GAR_LOCATION }}-docker.pkg.dev/${{ vars.PROJECT_ID }}/${{ vars.REPOSITORY }}/${{ vars.BACKEND_SERVICE }}:${{ inputs.version }} -f ./packages/relay/Dockerfile .
docker push ${{ vars.GAR_LOCATION }}-docker.pkg.dev/${{ vars.PROJECT_ID }}/${{ vars.REPOSITORY }}/${{ vars.BACKEND_SERVICE }}:${{ inputs.version }}
- name: push frontend image
run: |
docker build -t ${{ vars.GAR_LOCATION }}-docker.pkg.dev/${{ vars.PROJECT_ID }}/${{ vars.REPOSITORY }}/${{ vars.FRONTEND_SERVICE }}:${{ inputs.version }} -f ./packages/frontend/Dockerfile .
docker push ${{ vars.GAR_LOCATION }}-docker.pkg.dev/${{ vars.PROJECT_ID }}/${{ vars.REPOSITORY }}/${{ vars.FRONTEND_SERVICE }}:${{ inputs.version }}
- name: add tag to record version
run: |
git tag v${{ inputs.version }}
git push refs/tags/v${{ inputs.version }} -f
build-relay-frontend:
if: ${{ inputs.build-services == 'relay-frontend'}}
runs-on: ubuntu-22.04
steps:
- name: Install node.js
uses: actions/setup-node@v3
with:
node-version: '18'

- name: Check out repository code
uses: actions/checkout@v3

- name: Setup circom, related lib
run: |
apt-get update && apt-get install -y build-essential curl
curl --proto '=https' --tlsv1.2 https://sh.rustup.rs -sSf | sh -s -- -y && \
. "$HOME/.cargo/env" && \
cd /tmp && \
git clone https://github.com/iden3/circom.git && \
cd circom && \
cargo build --release && \
cargo install --path circom
echo "/root/.cargo/bin" >> $GITHUB_PATH
- name: Install and build packages
run: yarn && yarn build

- name: Authenticate to Google Cloud
id: auth
uses: 'google-github-actions/auth@v1'
with:
token_format: access_token
workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
access_token_lifetime: 300s

- name: Login Registry
id: docker-auth
uses: docker/login-action@v1
with:
registry: ${{ vars.GAR_LOCATION }}-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}

- name: push relay image
run: |
docker build -t ${{ vars.GAR_LOCATION }}-docker.pkg.dev/${{ vars.PROJECT_ID }}/${{ vars.REPOSITORY }}/${{ vars.BACKEND_SERVICE }}:${{ inputs.version }} -f ./packages/relay/Dockerfile .
docker push ${{ vars.GAR_LOCATION }}-docker.pkg.dev/${{ vars.PROJECT_ID }}/${{ vars.REPOSITORY }}/${{ vars.BACKEND_SERVICE }}:${{ inputs.version }}
- name: push frontend image
run: |
docker build -t ${{ vars.GAR_LOCATION }}-docker.pkg.dev/${{ vars.PROJECT_ID }}/${{ vars.REPOSITORY }}/${{ vars.FRONTEND_SERVICE }}:${{ inputs.version }} -f ./packages/frontend/Dockerfile .
docker push ${{ vars.GAR_LOCATION }}-docker.pkg.dev/${{ vars.PROJECT_ID }}/${{ vars.REPOSITORY }}/${{ vars.FRONTEND_SERVICE }}:${{ inputs.version }}
- name: add tag to record version
run: |
git tag v${{ inputs.version }}
git push refs/tags/v${{ inputs.version }} -f
16 changes: 3 additions & 13 deletions .github/workflows/build-and-test.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Build and Test
name: CI-Build and Test

on:
workflow_call:
Expand All @@ -16,30 +16,20 @@ jobs:
name: Build and Test
runs-on: ubuntu-22.04
container:
image: ghcr.io/social-tw/ubuntu-circom:22.04
image: ghcr.io/social-tw/circom_node_env:0.0.1
credentials:
username: jason-ntu
username: ${{ github.actor }}
password: ${{ secrets.CR_PAT }}
timeout-minutes: 30
steps:
- name: Modify system variable PATH
run: echo "/root/.cargo/bin" >> $GITHUB_PATH
- name: Check out repository code
uses: actions/checkout@v3
- name: Install node.js
uses: actions/setup-node@v3
with:
node-version: '18'
- name: Install yarn
run: npm install --global yarn
- name: Install jest
run: npm i --save-dev @types/jest
- name: Clean and Install packages
run: |
rm -rf node_modules package-lock.json
yarn
- name: Install Hardhat locally
run: yarn add --dev hardhat --ignore-workspace-root-check
- name: Build
run: yarn build
- name: Downcase target
Expand Down
64 changes: 64 additions & 0 deletions .github/workflows/deploy-frontend.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
name: CD-Manual-Frontend-Deploy

on:
workflow_dispatch:
branches: ['feat_system_cicd_enhancment']
inputs:
version:
type: string
required: true

workflow_call:
inputs:
version:
type: string
required: true

jobs:
frontend:
permissions:
contents: 'read'
id-token: 'write'

runs-on: ubuntu-latest
steps:
- name: Production Code
uses: 'actions/checkout@v3'

- name: Authenticate to Google Cloud
id: auth
uses: 'google-github-actions/auth@v1'
with:
token_format: access_token
workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
access_token_lifetime: 900s

## artifact registry auth setup
- name: Login to Artifact Registry
id: docker-auth
uses: docker/login-action@v1
with:
registry: ${{ vars.GAR_LOCATION }}-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}

- name: Deploy to Cloud Run
id: deploy
uses: google-github-actions/deploy-cloudrun@v0
with:
service: ${{ vars.FRONTEND_SERVICE }}
region: ${{ vars.REGION }}
image: ${{ vars.GAR_LOCATION }}-docker.pkg.dev/${{ vars.PROJECT_ID }}/${{ vars.REPOSITORY }}/${{ vars.FRONTEND_SERVICE }}:${{ inputs.version }}
## set --max-old-space-size=8192 for node.js to increase memory limit
env_vars: |
ENV=${{ vars.ENV }}
STAGE_SERVER=${{ vars.ENV }}_SERVER
NODE_OPTIONS=${{ vars.NODE_OPTIONS }}
- name: Allow public access
id: unauthenticated
run: gcloud run services add-iam-policy-binding ${{ vars.FRONTEND_SERVICE }} --region=${{ vars.REGION }} --member="allUsers" --role="roles/run.invoker"

- name: Show Output
run: echo ${{ steps.deploy.outputs.url }}
65 changes: 65 additions & 0 deletions .github/workflows/deploy-relay.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
name: CD-Manual-Relay-Deploy

on:
workflow_dispatch:
branches: ['feat_system_cicd_enhancment']
inputs:
version:
type: string
required: true

workflow_call:
inputs:
version:
type: string
required: true

jobs:
relay:
permissions:
contents: 'read'
id-token: 'write'

runs-on: ubuntu-latest
steps:
- name: Production Code
uses: 'actions/checkout@v3'

- name: Authenticate to Google Cloud
id: auth
uses: 'google-github-actions/auth@v1'
with:
token_format: access_token
workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
access_token_lifetime: 300s

## artifact registry auth setup
- name: Login to Artifact Registry
id: docker-auth
uses: docker/login-action@v1
with:
registry: ${{ vars.GAR_LOCATION }}-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}

- name: Deploy to Cloud Run
id: deploy
uses: google-github-actions/deploy-cloudrun@v0
with:
service: ${{ vars.BACKEND_SERVICE }}
region: ${{ vars.REGION }}
image: ${{ vars.GAR_LOCATION }}-docker.pkg.dev/${{ vars.PROJECT_ID }}/${{ vars.REPOSITORY }}/${{ vars.BACKEND_SERVICE }}:${{ inputs.version }}
# add ENV as below
env_vars: |
TWITTER_CLIENT_ID=${{ secrets.TWITTER_CLIENT_ID }}
TWITTER_CLIENT_KEY=${{ secrets.TWITTER_CLIENT_KEY }}
CLIENT_URL=${{ vars.CLIENT_URL }}
CALLBACK_URL=${{ vars.CALLBACK_URL }}
- name: Allow public access
id: unauthenticated
run: gcloud run services add-iam-policy-binding ${{ vars.BACKEND_SERVICE }} --region=${{ vars.REGION }} --member="allUsers" --role="roles/run.invoker"

- name: Show Output
run: echo ${{ steps.deploy.outputs.url }}
Loading

0 comments on commit 4b17966

Please sign in to comment.