CD #157

Workflow file for this run

	name: "CD"

	on:
	workflow_dispatch:
	inputs:
	sha:
	description: "partner-chains commit SHA to build from"
	required: true
	type: string
	tag:
	description: "partner-chains release tag"
	required: true
	type: string
	no-build:
	description: "Skip build and use previously artifacts built in a past run"
	required: false
	type: boolean
	default: false
	no-public:
	description: "Skip steps to publish public release and public GHCR image"
	required: false
	type: boolean
	default: true
	no-release:
	description: "Skip creating draft release page"
	required: false
	type: boolean
	default: false
	no-deploy:
	description: "Skip deployment to staging environment"
	required: false
	type: boolean
	default: false
	no-wipe:
	description: "Skip staging environment chain wipe and keep volumes"
	required: false
	type: boolean
	default: false
	no-tests:
	description: "Skip all test steps against staging environment"
	required: false
	type: boolean
	default: false

	permissions:
	id-token: write
	contents: write
	packages: write

	env:
	AWS_REGION: "eu-central-1"
	SSH_AUTH_SOCK: /tmp/ssh_agent.sock
	STAGING_PREVIEW_SERVICES_HOST: staging-preview-services-service.staging-preview.svc.cluster.local
	STAGING_PREVIEW_VALIDATOR_1_HOST: staging-preview-validator-1-service.staging-preview.svc.cluster.local
	STAGING_PREVIEW_VALIDATOR_1_PORT: 9933

	jobs:
	build-linux:
	if: ${{ github.event.inputs.no-build != 'true' }}
	permissions:
	id-token: write
	contents: write
	runs-on: ubuntu-24.04
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Build and Upload for Linux
	uses: ./.github/actions/artifacts/build-pc-artifacts
	with:
	sha: ${{ inputs.sha }}
	tag: ${{ inputs.tag }}
	os: linux

	build-macos-x86_64:
	if: ${{ github.event.inputs.no-build != 'true' }}
	permissions:
	id-token: write
	contents: write
	runs-on: macos-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Build and Upload for macOS x86_64
	uses: ./.github/actions/artifacts/build-pc-artifacts
	with:
	sha: ${{ inputs.sha }}
	tag: ${{ inputs.tag }}
	os: macos-x86_64

	build-macos-arm64:
	if: ${{ github.event.inputs.no-build != 'true' }}
	permissions:
	id-token: write
	contents: write
	runs-on: macos-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Build and Upload for macOS arm64
	uses: ./.github/actions/artifacts/build-pc-artifacts
	with:
	sha: ${{ inputs.sha }}
	tag: ${{ inputs.tag }}
	os: macos-arm64

	upload-to-s3:
	if: ${{ github.event.inputs.no-build != 'true' }}
	needs:
	- build-linux
	- build-macos-x86_64
	- build-macos-arm64
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	contents: write
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Upload Artifacts to S3
	uses: ./.github/actions/artifacts/upload-to-s3
	with:
	sha: ${{ inputs.sha }}
	bucket-name: ${{ secrets.AWS_CD_ARTIFACT_S3_BUCKET }}
	env:
	AWS_REGION: ${{ env.AWS_REGION }}
	AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_S3_ROLE_ARN_SECRET }}

	download-from-s3:
	if: ${{ github.event.inputs.no-build == 'true' }}
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	contents: write
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Download Artifacts from S3
	uses: ./.github/actions/artifacts/download-from-s3
	with:
	sha: ${{ inputs.sha }}
	bucket-name: ${{ secrets.AWS_CD_ARTIFACT_S3_BUCKET }}
	env:
	AWS_REGION: ${{ env.AWS_REGION }}
	AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_S3_ROLE_ARN_SECRET }}

	artifacts-ready:
	needs:
	- upload-to-s3
	- download-from-s3
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	contents: write
	if: >
	always() && (
	(inputs.no-build != 'true' && needs.upload-to-s3.result == 'success') \|\|
	(inputs.no-build == 'true' && needs.download-from-s3.result == 'success')
	)
	steps:
	- name: Artifacts Ready
	run: \|
	if [[ "${{ inputs.no-build }}" != "true" ]]; then
	echo "Artifacts have been compiled and uploaded to S3"
	else
	echo "Previously built artifacts were downloaded from S3"
	fi

	build-and-publish-ecr:
	if: ${{ github.event.inputs.no-build != 'true' }}
	permissions:
	id-token: write
	contents: write
	needs: artifacts-ready
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Build and Publish to ECR
	uses: ./.github/actions/images/build-and-publish-ecr
	with:
	sha: ${{ inputs.sha }}
	tag: ${{ inputs.tag }}
	env:
	AWS_REGION: "eu-central-1"
	ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }}
	AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }}

	create-draft-release:
	if: ${{ github.event.inputs.no-release != 'true' }}
	permissions:
	id-token: write
	contents: write
	needs: artifacts-ready
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Create Draft Release
	uses: ./.github/actions/release/create-draft-release
	with:
	tag: ${{ inputs.tag }}
	env:
	GITHUB_TOKEN: ${{ github.token }}

	generate-chain-specs:
	permissions:
	id-token: write
	contents: write
	needs: artifacts-ready
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Generate Chain Specs
	uses: ./.github/actions/artifacts/generate-chain-specs
	with:
	tag: ${{ inputs.tag }}

	upload-chain-specs:
	permissions:
	id-token: write
	contents: write
	needs: generate-chain-specs
	runs-on: eks
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Upload chain spec artifacts to Kubernetes
	uses: ./.github/actions/deploy/upload-chain-specs
	with:
	sha: ${{ github.sha }}
	env:
	kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
	K8S_SERVER: ${{ secrets.K8S_SERVER }}
	K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}

	deploy-staging-preview:
	if: ${{ github.event.inputs.no-deploy != 'true' }}
	permissions:
	id-token: write
	contents: write
	needs:
	- upload-chain-specs
	- build-and-publish-ecr
	runs-on: eks
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Deploy staging-preview
	uses: ./.github/actions/deploy/deploy-staging-preview
	with:
	image: ${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node:${{ inputs.sha }}
	sha: ${{ github.sha }}
	no-wipe: ${{ github.event.inputs.no-wipe \|\| 'false' }}
	env:
	AWS_REGION: "eu-central-1"
	SSH_AUTH_SOCK: /tmp/ssh_agent.sock
	ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
	AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }}
	ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }}
	kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
	K8S_SERVER: ${{ secrets.K8S_SERVER }}
	K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}

	partner-chain-ready:
	if: ${{ github.event.inputs.no-tests != 'true' && (needs.deploy-staging-preview.result == 'success' \|\| needs.deploy-staging-preview.result == 'skipped') }}
	runs-on: eks
	needs: deploy-staging-preview
	outputs:
	deployment_mc_epoch: ${{ steps.mc-epoch.outputs.deployment_mc_epoch }}
	steps:
	- name: Set deployment main chain epoch
	id: mc-epoch
	run: echo "deployment_mc_epoch=$(curl -s http://$STAGING_PREVIEW_SERVICES_HOST:1337/health \| jq .currentEpoch)" >> $GITHUB_OUTPUT
	shell: bash
	- name: Check Finalization Status
	run: \|
	FINALIZED_NUMBER=$(
	curl -s -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"chain_getFinalizedHead","params":[],"id":"1"}' http://$STAGING_PREVIEW_VALIDATOR_1_HOST:$STAGING_PREVIEW_VALIDATOR_1_PORT \|
	jq -r ".result" \|
	xargs -I {} curl -s -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"chain_getHeader","params":["{}"],"id":"1"}' http://$STAGING_PREVIEW_VALIDATOR_1_HOST:$STAGING_PREVIEW_VALIDATOR_1_PORT \|
	jq -r ".result.number" \| xargs printf "%d"
	)

	timeout=300 # Timeout in seconds
	interval=10 # Interval in seconds
	elapsed=0

	while [ "$FINALIZED_NUMBER" -le 0 ]; do
	if [ $elapsed -ge $timeout ]; then
	echo "Timeout reached: $timeout seconds"
	exit 1
	fi

	echo "Waiting for blocks to be finalized..."
	sleep $interval
	elapsed=$((elapsed + interval))

	FINALIZED_NUMBER=$(
	curl -s -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"chain_getFinalizedHead","params":[],"id":"1"}' http://$STAGING_PREVIEW_VALIDATOR_1_HOST:$STAGING_PREVIEW_VALIDATOR_1_PORT \|
	jq -r ".result" \|
	xargs -I {} curl -s -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"chain_getHeader","params":["{}"],"id":"1"}' http://$STAGING_PREVIEW_VALIDATOR_1_HOST:$STAGING_PREVIEW_VALIDATOR_1_PORT \|
	jq -r ".result.number" \| xargs printf "%d"
	)
	done

	echo "Blocks are being finalized. Finalized Block Number: $FINALIZED_NUMBER"
	shell: bash

	run-smoke-tests:
	if: ${{ github.event.inputs.no-tests != 'true' }}
	permissions:
	id-token: write
	contents: read
	needs: partner-chain-ready
	runs-on: eks
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Setup tests
	uses: ./.github/actions/tests/setup-python
	env:
	ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
	kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
	K8S_SERVER: ${{ secrets.K8S_SERVER }}
	K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}
	- name: Run smoke tests
	uses: ./.github/actions/tests/run-e2e-tests
	with:
	blockchain: substrate
	env: staging
	decrypt: true
	markers: "not active_flow and not passive_flow and (CD or rpc)"
	threads: 1

	run-all-tests:
	if: ${{ github.event.inputs.no-tests != 'true' }}
	permissions:
	id-token: write
	contents: read
	needs: run-smoke-tests
	runs-on: eks
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Setup tests
	uses: ./.github/actions/tests/setup-python
	env:
	ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
	kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
	K8S_SERVER: ${{ secrets.K8S_SERVER }}
	K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}
	- name: Run all tests (some skipped due to new deployment)
	uses: ./.github/actions/tests/run-e2e-tests
	env:
	DEPLOYMENT_MC_EPOCH: ${{ needs.partner-chain-ready.outputs.deployment_mc_epoch }}
	with:
	blockchain: substrate
	env: staging
	decrypt: true
	markers: "not active_flow and not passive_flow"
	deployment_mc_epoch: $DEPLOYMENT_MC_EPOCH
	threads: 1

	wait-for-n1-epoch:
	if: ${{ github.event.inputs.no-tests != 'true' }}
	permissions:
	id-token: write
	contents: read
	needs: partner-chain-ready
	runs-on: eks
	timeout-minutes: 1440
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Configure kubectl
	uses: ./.github/actions/tests/configure-kubectl
	env:
	kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
	K8S_SERVER: ${{ secrets.K8S_SERVER }}
	K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}
	- name: Set MC epoch to wait for
	id: increment-epoch
	env:
	DEPLOYMENT_MC_EPOCH: ${{ needs.partner-chain-ready.outputs.deployment_mc_epoch }}
	run: \|
	echo "Current epoch: $DEPLOYMENT_MC_EPOCH"
	incremented_epoch=$((DEPLOYMENT_MC_EPOCH + 1))
	echo "Incremented epoch: $incremented_epoch"
	echo "mc_epoch_to_wait_for=$incremented_epoch" >> $GITHUB_OUTPUT
	- name: Wait for next MC epoch
	uses: ./.github/actions/tests/wait-for-epoch
	with:
	epoch: ${{ steps.increment-epoch.outputs.mc_epoch_to_wait_for }}
	deployment: kubernetes
	node: staging-preview-validator-1
	environment: staging-preview

	run-all-tests-on-n1-epoch:
	if: ${{ github.event.inputs.no-tests != 'true' }}
	permissions:
	id-token: write
	contents: read
	needs: wait-for-n1-epoch
	runs-on: eks
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Setup tests
	uses: ./.github/actions/tests/setup-python
	env:
	ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
	kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
	K8S_SERVER: ${{ secrets.K8S_SERVER }}
	K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}
	- name: Run all tests (some skipped due to new deployment)
	uses: ./.github/actions/tests/run-e2e-tests
	env:
	DEPLOYMENT_MC_EPOCH: ${{ needs.partner-chain-ready.outputs.deployment_mc_epoch }}
	with:
	blockchain: substrate
	env: staging
	decrypt: true
	latest_mc_epoch: true
	markers: "not active_flow and not passive_flow"
	deployment_mc_epoch: $DEPLOYMENT_MC_EPOCH
	threads: 1

	wait-for-n2-epoch:
	if: ${{ github.event.inputs.no-tests != 'true' }}
	permissions:
	id-token: write
	contents: read
	needs:
	- partner-chain-ready
	- wait-for-n1-epoch
	runs-on: eks
	timeout-minutes: 1450
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Configure kubectl
	uses: ./.github/actions/tests/configure-kubectl
	env:
	kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
	K8S_SERVER: ${{ secrets.K8S_SERVER }}
	K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}
	- name: Set MC epoch to wait for
	id: increment-epoch
	env:
	DEPLOYMENT_MC_EPOCH: ${{ needs.partner-chain-ready.outputs.deployment_mc_epoch }}
	run: \|
	echo "Current epoch: $DEPLOYMENT_MC_EPOCH"
	incremented_epoch=$((DEPLOYMENT_MC_EPOCH + 2))
	echo "Incremented epoch: $incremented_epoch"
	echo "mc_epoch_to_wait_for=$incremented_epoch" >> $GITHUB_OUTPUT
	- name: Wait for next MC epoch
	uses: ./.github/actions/tests/wait-for-epoch
	with:
	epoch: ${{ steps.increment-epoch.outputs.mc_epoch_to_wait_for }}
	deployment: kubernetes
	node: staging-preview-validator-1
	environment: staging-preview

	run-all-tests-on-n2-epoch:
	if: ${{ github.event.inputs.no-tests != 'true' }}
	permissions:
	id-token: write
	contents: read
	needs: wait-for-n2-epoch
	runs-on: eks
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Setup tests
	uses: ./.github/actions/tests/setup-python
	env:
	ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
	kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
	K8S_SERVER: ${{ secrets.K8S_SERVER }}
	K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}
	- name: Run all tests (no skipped tests)
	uses: ./.github/actions/tests/run-e2e-tests
	env:
	DEPLOYMENT_MC_EPOCH: ${{ needs.partner-chain-ready.outputs.deployment_mc_epoch }}
	with:
	blockchain: substrate
	env: staging
	decrypt: true
	latest_mc_epoch: true
	markers: "not active_flow and not passive_flow"
	deployment_mc_epoch: $DEPLOYMENT_MC_EPOCH
	threads: 1

	publish:
	if: ${{ always() && github.event.inputs.no-release != 'true' && github.event.inputs.no-public != 'true' && (github.event.inputs.no-tests == 'true' \|\| needs.run-all-tests-on-n2-epoch.result == 'success') }}
	permissions:
	id-token: write
	contents: write
	packages: write
	needs:
	- artifacts-ready
	- run-all-tests-on-n2-epoch
	runs-on: ubuntu-latest
	steps:
	- name: Trigger Publish Workflow
	run: \|
	curl -X POST \
	-H "Authorization: token ${{ secrets.ACTIONS_PUBLISH_PAT }}" \
	-H "Accept: application/vnd.github.v3+json" \
	https://api.github.com/repos/${{ github.repository }}/actions/workflows/publish.yml/dispatches \
	-d '{"ref": "${{ github.ref_name }}", "inputs": {"sha": "${{ inputs.sha }}", "tag": "${{ inputs.tag }}"}}'

	# deploy-staging-preprod:
	# if: ${{ github.event.inputs.no-deploy != 'true' }}
	# permissions:
	# id-token: write
	# contents: write
	# needs: run-all-tests-on-n2-epoch
	# runs-on: eks
	# steps:
	# - name: Checkout
	# uses: actions/checkout@v4
	# - name: Deploy staging-preprod
	# uses: ./.github/actions/deploy-staging-preprod
	# with:
	# image: ${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node:${{ inputs.sha }}
	# chain-spec-secret: ${{ inputs.chain-spec-secret }}
	# no-wipe: ${{ github.event.inputs.no-wipe \|\| 'false' }}
	# env:
	# AWS_REGION: "eu-central-1"
	# SSH_AUTH_SOCK: /tmp/ssh_agent.sock
	# ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
	# AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }}
	# ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }}
	# kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
	# K8S_SERVER: ${{ secrets.K8S_SERVER }}
	# K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}
	#
	# staging-preprod-tests:
	# if: ${{ github.event.inputs.no-tests != 'true' }}
	# permissions:
	# id-token: write
	# contents: write
	# needs: deploy-staging-preprod
	# runs-on: eks
	# steps:
	# - name: Checkout
	# uses: actions/checkout@v4
	# - name: Run Tests
	# uses: ./.github/actions/tests/staging-preprod-tests
	# with:
	# node-host: staging-preprod-validator-1.staging-preprod.svc.cluster.local
	# node-port: 9933
	# env:
	# SSH_AUTH_SOCK: /tmp/ssh_agent.sock
	# AWS_ROLE_ARN_: ${{ secrets.AWS_ROLE_ARN_ }}
	# SSH_KEY_BINARY_HOST: ${{ secrets.SSH_KEY_BINARY_HOST }}
	# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
	# JIRA_URL: ${{ secrets.JIRA_URL }}
	# ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
	# kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
	# K8S_SERVER: ${{ secrets.K8S_SERVER }}
	# K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CD #157

Workflow file

CD #157

Jobs

Run details

Workflow file for this run