From 5bebcdf7a97af1831aec248d793574d3bdd4b04e Mon Sep 17 00:00:00 2001 From: Richard Watts <108257153+rrw-zilliqa@users.noreply.github.com> Date: Tue, 2 Jul 2024 11:17:47 +0100 Subject: [PATCH] (feat) Port workflows from zilliqa-developer (#2) * (feat) .gitignore (fix) Start of importing submodules * (feat) Import submodule, delete empty directories so we can import the others. * (feat) Import submodules * (fix) Set versions for submodules * (feat) Hopefully re-add cicd * (feat) Install a trunk config file --- .github/workflows/ci-bridge.yml | 31 +++++++ .github/workflows/ci-linting.yml | 37 ++++++++ .github/workflows/cicd-prd.yml | 139 +++++++++++++++++++++++++++++++ .github/workflows/cicd-stg.yml | 131 +++++++++++++++++++++++++++++ .gitignore | 11 +++ .gitmodules | 12 +++ .trunk/trunk.yaml | 71 ++++++++++++++++ 7 files changed, 432 insertions(+) create mode 100644 .github/workflows/ci-bridge.yml create mode 100644 .github/workflows/ci-linting.yml create mode 100644 .github/workflows/cicd-prd.yml create mode 100644 .github/workflows/cicd-stg.yml create mode 100644 .gitignore create mode 100644 .gitmodules create mode 100644 .trunk/trunk.yaml diff --git a/.github/workflows/ci-bridge.yml b/.github/workflows/ci-bridge.yml new file mode 100644 index 0000000..98b7e76 --- /dev/null +++ b/.github/workflows/ci-bridge.yml @@ -0,0 +1,31 @@ +name: "CI for Product Bridge" + +on: + push: {} + +jobs: + testing: + runs-on: ubuntu-latest + name: "Bridge Tests" + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + submodules: recursive + + - name: Install nodes packages + run: npm ci + working-directory: bridge-web + + - name: Check bridge-web build + run: npm run build + working-directory: bridge-web + + - name: Install Foundry + uses: foundry-rs/foundry-toolchain@v1 + with: + version: nightly + + - name: Run Foundry tests + run: forge test + working-directory: smart-contracts diff --git a/.github/workflows/ci-linting.yml b/.github/workflows/ci-linting.yml new file mode 100644 index 0000000..6507e2f --- /dev/null +++ b/.github/workflows/ci-linting.yml @@ -0,0 +1,37 @@ +name: "Linting" + +on: + push: + branches: + - main + pull_request: + branches: + - main + release: + types: + - created +jobs: + build: + runs-on: ubuntu-22.04 + name: "Linting" + steps: + - name: Checkout + uses: actions/checkout@v3 + + - uses: pnpm/action-setup@v2 + with: + version: 6.0.2 + + - name: "Installing dependencies" + run: | + pnpm i + + - name: Trunk cache + id: cache-trunk + uses: actions/cache@v3.0.4 + with: + path: ~/.cache/trunk/ + key: ${{ runner.os }}-trunk + + - name: Trunk Check + uses: trunk-io/trunk-action@v1.0.4 diff --git a/.github/workflows/cicd-prd.yml b/.github/workflows/cicd-prd.yml new file mode 100644 index 0000000..8bd59e4 --- /dev/null +++ b/.github/workflows/cicd-prd.yml @@ -0,0 +1,139 @@ +name: "CICD production" + +on: + # On merged + push: + branches: + - main + # On released + release: + types: [published] + +jobs: + build-docker: + permissions: + id-token: write + contents: write + runs-on: ubuntu-22.04 + if: github.actor != 'dependabot[bot]' + name: "Deploy image" + strategy: + fail-fast: false + matrix: + application: [zilliqa-bridge-validator] + include: + - application: zilliqa-bridge-validator + image_name: zilliqa-bridge-validator + path: bridge-validators + tag_length: 8 + tag_latest: false + env: + DOCKER_DOMAIN: asia-docker.pkg.dev + REGISTRY: asia-docker.pkg.dev/prj-p-devops-services-tvwmrf63/zilliqa-public + steps: + - name: Checkout code + uses: actions/checkout@v3 + with: + submodules: recursive + ref: ${{ github.event.pull_request.head.ref }} + repository: ${{ github.event.pull_request.head.repo.full_name }} + fetch-depth: 0 + + - name: Docker build and push - production + uses: Zilliqa/gh-actions-workflows/actions/ci-dockerized-app-build-push@v2 + with: + context: ${{ matrix.path }} + push: true + tag: asia-docker.pkg.dev/prj-p-devops-services-tvwmrf63/zilliqa-public/${{ matrix.image_name }}:${{ github.ref_name }} + registry: asia-docker.pkg.dev + workload-identity-provider: "${{ secrets.GCP_PRD_GITHUB_WIF }}" + service-account: "${{ secrets.GCP_PRD_GITHUB_SA_DOCKER_REGISTRY }}" + cache-key: ${{ env.REGISTRY }}/${{ matrix.image_name }}-cache + build-args: | + DEPLOY_ENV=prd + VITE_ENV="PROD" + + build-makefile: + permissions: + id-token: write + contents: write + runs-on: ubuntu-22.04 + name: "Build image with Makefile" + strategy: + fail-fast: false + matrix: + application: [zilliqa-bridge-web] + include: + - application: zilliqa-bridge-web + image_name: zilliqa-bridge-web + path: bridge-web + tag_length: 8 + tag_latest: false + env: + DOCKER_DOMAIN: asia-docker.pkg.dev + REGISTRY: asia-docker.pkg.dev/prj-p-devops-services-tvwmrf63/zilliqa-public + steps: + - name: Checkout code + uses: actions/checkout@v3 + with: + submodules: recursive + ref: ${{ github.event.pull_request.head.ref }} + repository: ${{ github.event.pull_request.head.repo.full_name }} + fetch-depth: 0 + + - name: "Authenticate to Google Cloud - production" + id: google-auth + uses: "google-github-actions/auth@v1" + with: + token_format: "access_token" + workload_identity_provider: "${{ secrets.GCP_PRD_GITHUB_WIF }}" + service_account: "${{ secrets.GCP_PRD_GITHUB_SA_DOCKER_REGISTRY }}" + create_credentials_file: true + + - name: Login to the registry - production + uses: docker/login-action@v2 + with: + registry: ${{ env.DOCKER_DOMAIN }} + username: "oauth2accesstoken" + password: "${{ steps.google-auth.outputs.access_token }}" + + - name: Get tag version - production + if: github.event_name == 'push' + id: set-tag + uses: Zilliqa/gh-actions-workflows/actions/generate-tag@v1 + with: + tag: ${{ env.REGISTRY }}/${{ matrix.image_name }} + length: ${{ matrix.tag_length }} + + - name: "Build and push ${{ matrix.application }} - production" + if: github.event_name == 'push' + env: + ENVIRONMENT: prd + IMAGE_TAG: ${{ steps.set-tag.outputs.tags }} + ENV_FILES_DECRYPTER_NONPRD: ${{ secrets.ENV_FILES_DECRYPTER_NONPRD }} + ENV_FILES_DECRYPTER_PRD: ${{ secrets.ENV_FILES_DECRYPTER_PRD }} + run: | + cd ${{ matrix.path }} + make image/build-and-push + + - name: "Build and push ${{ matrix.application }} - production" + if: github.event_name == 'release' + env: + ENVIRONMENT: prd + IMAGE_TAG: ${{ env.REGISTRY }}/${{ matrix.image_name }}:${{ github.ref_name }} + ENV_FILES_DECRYPTER_NONPRD: ${{ secrets.ENV_FILES_DECRYPTER_NONPRD }} + ENV_FILES_DECRYPTER_PRD: ${{ secrets.ENV_FILES_DECRYPTER_PRD }} + run: | + cd ${{ matrix.path }} + make image/build-and-push + + - name: "Build and push ${{ matrix.application }} tag latest - production" + if: matrix.tag_latest == true && github.event_name == 'release' + env: + ENVIRONMENT: prd + IMAGE_TAG: ${{ env.REGISTRY }}/${{ matrix.image_name }}:latest + ENV_FILES_DECRYPTER_NONPRD: ${{ secrets.ENV_FILES_DECRYPTER_NONPRD }} + ENV_FILES_DECRYPTER_PRD: ${{ secrets.ENV_FILES_DECRYPTER_PRD }} + run: | + cd ${{ matrix.path }} + make image/build-and-push diff --git a/.github/workflows/cicd-stg.yml b/.github/workflows/cicd-stg.yml new file mode 100644 index 0000000..afa7f56 --- /dev/null +++ b/.github/workflows/cicd-stg.yml @@ -0,0 +1,131 @@ +name: "CICD staging" + +on: + # Test run before merging + pull_request: + branches: + - main + # On merged + push: + branches: + - main + +jobs: + build-docker: + permissions: + id-token: write + contents: write + runs-on: ubuntu-22.04 + if: github.actor != 'dependabot[bot]' && github.ref_name == 'main' + name: "Deploy image" + strategy: + fail-fast: false + matrix: + application: [zilliqa-bridge-validator] + include: + - application: zilliqa-bridge-validator + image_name: zilliqa-bridge-validator + path: bridge-validators + tag_length: 8 + tag_latest: false + env: + DOCKER_DOMAIN: asia-docker.pkg.dev + REGISTRY: asia-docker.pkg.dev/prj-d-devops-services-4dgwlsse/zilliqa-public + steps: + - name: Checkout code + uses: actions/checkout@v3 + with: + submodules: "true" + ref: ${{ github.event.pull_request.head.ref }} + repository: ${{ github.event.pull_request.head.repo.full_name }} + fetch-depth: 0 + + - name: Docker build and push - staging + uses: Zilliqa/gh-actions-workflows/actions/ci-dockerized-app-build-push@v2 + with: + context: ${{ matrix.path }} + push: ${{ github.ref_name == github.event.repository.default_branch }} + tag: asia-docker.pkg.dev/prj-d-devops-services-4dgwlsse/zilliqa-public/${{ matrix.image_name }} + tag-length: ${{ matrix.tag_length }} + tag-latest: ${{ matrix.tag_latest }} + registry: asia-docker.pkg.dev + workload-identity-provider: "${{ secrets.GCP_PRD_GITHUB_WIF }}" + service-account: "${{ secrets.GCP_STG_GITHUB_SA_DOCKER_REGISTRY }}" + cache-key: ${{ env.REGISTRY }}/${{ matrix.image_name }}-cache + build-args: | + DEPLOY_ENV=stg + + build-makefile: + permissions: + id-token: write + contents: write + runs-on: ubuntu-22.04 + # To test deployments, remove the github.ref_name clause: see devops/docs/z2-testing-apps.md - rrw 2024-04-12 + # && github.ref_name == 'main' + if: github.actor != 'dependabot[bot]' + name: "Build image with Makefile" + strategy: + fail-fast: false + matrix: + application: [zilliqa-bridge-web] + include: + - application: zilliqa-bridge-web + image_name: zilliqa-bridge-web + path: bridge-web + tag_length: 8 + tag_latest: false + env: + DOCKER_DOMAIN: asia-docker.pkg.dev + REGISTRY: asia-docker.pkg.dev/prj-d-devops-services-4dgwlsse/zilliqa-public + steps: + - name: Checkout code + uses: actions/checkout@v3 + with: + submodules: recursive + ref: ${{ github.event.pull_request.head.ref }} + repository: ${{ github.event.pull_request.head.repo.full_name }} + fetch-depth: 0 + + - name: "Authenticate to Google Cloud - staging" + id: google-auth + uses: "google-github-actions/auth@v1" + with: + token_format: "access_token" + workload_identity_provider: "${{ secrets.GCP_PRD_GITHUB_WIF }}" + service_account: "${{ secrets.GCP_STG_GITHUB_SA_DOCKER_REGISTRY }}" + create_credentials_file: true + + - name: Login to the registry - staging + uses: docker/login-action@v2 + with: + registry: ${{ env.DOCKER_DOMAIN }} + username: "oauth2accesstoken" + password: "${{ steps.google-auth.outputs.access_token }}" + + - name: Get tag version - staging + id: set-tag + uses: Zilliqa/gh-actions-workflows/actions/generate-tag@v1 + with: + tag: ${{ env.REGISTRY }}/${{ matrix.image_name }} + length: ${{ matrix.tag_length }} + + - name: "Build and push ${{ matrix.application }} - staging" + env: + ENVIRONMENT: stg + IMAGE_TAG: ${{ steps.set-tag.outputs.tags }} + ENV_FILES_DECRYPTER_NONPRD: ${{ secrets.ENV_FILES_DECRYPTER_NONPRD }} + ENV_FILES_DECRYPTER_PRD: ${{ secrets.ENV_FILES_DECRYPTER_PRD }} + run: | + cd ${{ matrix.path }} + make image/build-and-push + + - name: "Build and push ${{ matrix.application }} tag latest - staging" + if: ${{ matrix.tag_latest == true }} + env: + ENVIRONMENT: stg + IMAGE_TAG: "${{ env.REGISTRY }}/${{ matrix.image_name }}:latest" + ENV_FILES_DECRYPTER_NONPRD: ${{ secrets.ENV_FILES_DECRYPTER_NONPRD }} + ENV_FILES_DECRYPTER_PRD: ${{ secrets.ENV_FILES_DECRYPTER_PRD }} + run: | + cd ${{ matrix.path }} + make image/build-and-push diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..23d4a5e --- /dev/null +++ b/.gitignore @@ -0,0 +1,11 @@ +node_modules/ +Debug/ +*~ +**/~ +**/*~ +**/node_modules +._* +**/._* + +.trunk/** +!.trunk/trunk.yaml diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..898ebf3 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,12 @@ +[submodule "smart-contracts/lib/forge-std"] + path = smart-contracts/lib/forge-std + url = https://github.com/foundry-rs/forge-std +[submodule "smart-contracts/lib/openzeppelin-foundry-upgrades"] + path = smart-contracts/lib/openzeppelin-foundry-upgrades + url = https://github.com/OpenZeppelin/openzeppelin-foundry-upgrades +[submodule "smart-contracts/lib/openzeppelin-contracts"] + path = smart-contracts/lib/openzeppelin-contracts + url = https://github.com/OpenZeppelin/openzeppelin-contracts +[submodule "smart-contracts/lib/openzeppelin-contracts-upgradeable"] + path = smart-contracts/lib/openzeppelin-contracts-upgradeable + url = https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml new file mode 100644 index 0000000..6c2dae0 --- /dev/null +++ b/.trunk/trunk.yaml @@ -0,0 +1,71 @@ +version: 0.1 +cli: + version: 1.22.0 +plugins: + sources: + - id: trunk + ref: v1.2.1 + uri: https://github.com/trunk-io/plugins + +lint: + enabled: + - clippy@1.65.0 + - gofmt@1.20.4 + - golangci-lint@1.57.2 + - oxipng@9.1.1 + - shellcheck@0.10.0 + - taplo@0.8.1 + - actionlint@1.6.27 + - hadolint@2.12.0 + - eslint@8.57.0 + - buildifier@7.1.1 + - git-diff-check + - markdownlint@0.40.0 + - prettier@3.2.5 + - shfmt@3.6.0 + - svgo@3.2.0 + - gitleaks@8.18.2 + - flake8@7.0.0 + - isort@5.13.2 + - black@24.4.2 + - rustfmt@1.65.0 + # - shellcheck@0.9.0 - removed for being over-prissy and wanting tab indents - rrw 2023-04-25 + ignore: + - linters: [gitleaks] + paths: + - smart-contracts/script/config.ts + - smart-contracts/script/**/*.s.sol + - bridge-web/src/config/config.ts + - linters: [eslint] + paths: + - bridge-web + - linters: [ALL] + paths: + - .devcontainer/* + - .devcontainer/** + - .trunk/*out/** + - node_modules/** + - "**/node_modules/**" + - develop_env/** + - "tailwind_theme/**" + - "**/tailwind_theme/**" + - "**/develop_env/**" + - "bazel-*/**" + - "**/static/css/*" + - "static/css/**" + - "templates/*" + - "**/templates/*" + - "templates/**" + - "**/templates/**" + +runtimes: + enabled: + - go@1.18.3 + - node@16.14.2 + - python@3.10.3 +actions: + enabled: + - trunk-announce + - trunk-check-pre-push + - trunk-fmt-pre-commit + - trunk-upgrade-available