-
Notifications
You must be signed in to change notification settings - Fork 319
109 lines (100 loc) · 3.67 KB
/
deploy-testnet.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
---
# Deploys the most recent tagged testnet (e.g. "037-iocaste.2") to cluster
# at testnet.penumbra.zone.
name: Deploy testnet.penumbra.zone
on:
workflow_dispatch:
inputs:
image_tag:
description: 'Docker image tag to deploy'
# We cannot set a meaningful default here, because we always want the latest tag.
# Inputs cannot reference special variables like `github.ref_name`, so we default
# to the value of `github.ref_name` when exporting the env var in the deploy step.
required: true
push:
tags:
- '*-?v[0-9]+*'
jobs:
# Before deploying, we must wait for the container build to complete,
# so that the relevant tag is present in container registry.
build-container:
name: Build container for testnet
uses: ./.github/workflows/containers.yml
secrets: inherit
deploy:
name: Deploy testnet to cluster
needs:
- build-container
runs-on: ubuntu-latest
permissions:
contents: 'read'
id-token: 'write'
environment: testnet
timeout-minutes: 30
steps:
- name: checkout
uses: actions/checkout@v4
- id: gcloudauth
uses: google-github-actions/auth@v2
with:
workload_identity_provider: 'projects/1006847873719/locations/global/workloadIdentityPools/gh-runner-pool/providers/my-provider'
service_account: '[email protected]'
- name: get gke credentials
uses: google-github-actions/get-gke-credentials@v2
with:
cluster_name: testnet
project_id: penumbra-sl-testnet
location: us-central1
- name: install helmfile
uses: mamezou-tech/[email protected]
with:
helmfile-version: "v0.157.0"
- name: deploy
run: |-
export PATH="$HOME/bin:$PATH"
cd deployments/
export PENUMBRA_VERSION='${{ github.event.inputs.image_tag || github.ref_name }}'
export HELM_RELEASE='penumbra-testnet'
./ci.sh
- name: bounce grpcui
run: kubectl rollout restart deployment grpcui-testnet
- name: bounce galileo
shell: bash
run: |-
export PENUMBRA_VERSION='${{ github.event.inputs.image_tag || github.ref_name }}'
# Set the exact version for the current testnet for Galileo, so deps match.
kubectl set image deployments \
-l "app.kubernetes.io/instance=galileo" \
"galileo=ghcr.io/penumbra-zone/galileo:penumbra-${PENUMBRA_VERSION}"
# Wait for rollout to complete. Will block until pods are marked Ready.
kubectl rollout status deployment \
-l "app.kubernetes.io/instance=galileo"
# Deploys a standalone instance of pd,
# specifically to exercise the auto-https direct-serve logic.
standalone:
name: deploy standalone pd node, preview
permissions:
contents: 'read'
id-token: 'write'
needs:
- deploy
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v4
- name: configure ssh identity
run: |-
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "$SSH_PRIVKEY" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
echo "$SSH_HOSTKEYS" > ~/.ssh/known_hosts
env:
SSH_PRIVKEY: ${{ secrets.CI_RUNNER_SSH_PRIVKEY }}
SSH_HOSTKEYS: ${{ secrets.CI_RUNNER_SSH_HOSTKEYS }}
- name: deploy
shell: bash
run: |-
export PENUMBRA_VERSION='${{ github.event.inputs.image_tag || github.ref_name }}'
export PENUMBRA_ENVIRONMENT="penumbra-testnet"
./deployments/scripts/redeploy-ci-fullnode-via-runner