CI/CD pipeline #202
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD pipeline | |
env: | |
DOCKER_REGISTRY: nethermind.jfrog.io | |
REPO_DEV: nubia-docker-local-dev | |
REPO_STAGING: nubia-docker-local-staging | |
REPO_PROD: nubia-docker-local-prod | |
on: | |
push: | |
branches: [main] | |
tags: ["v*"] | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
permissions: | |
id-token: write | |
contents: write | |
jobs: | |
build_docker_image: | |
runs-on: ubuntu-latest | |
outputs: | |
DOCKER_IMAGE_TAG: ${{ steps.set_tag.outputs.DOCKER_IMAGE_TAG }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Define image tag | |
id: set_tag | |
run: | | |
export DOCKER_IMAGE_TAG=$(git describe --tags) | |
# This one is to be able to use the image tag in the next steps in this job | |
echo "DOCKER_IMAGE_TAG=$DOCKER_IMAGE_TAG" >> $GITHUB_ENV | |
# This one is to be able to use the image tag in the next jobs | |
echo "DOCKER_IMAGE_TAG=$DOCKER_IMAGE_TAG" >> $GITHUB_OUTPUT | |
- name: Setup Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to registry | |
run: | | |
docker login ${{ env.DOCKER_REGISTRY }} -u ${{ secrets.ARTIFACTORY_NUBIA_USERNAME }} -p ${{ secrets.ARTIFACTORY_NUBIA_TOKEN_DEVELOPER }} | |
- name: Build and Push | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
platforms: "linux/amd64" | |
push: true | |
tags: | | |
${{ env.DOCKER_REGISTRY }}/${{ env.REPO_DEV }}/juno:${{ env.DOCKER_IMAGE_TAG }} | |
${{ env.DOCKER_REGISTRY }}/${{ env.REPO_DEV }}/juno:latest | |
validate_dev: | |
permissions: | |
id-token: write | |
contents: write | |
needs: [build_docker_image] | |
runs-on: ubuntu-latest | |
environment: | |
name: Development | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Verify Deployment Version (Dev) | |
run: | | |
bash .github/workflow-scripts/verify_deployment.sh ${{ secrets.DEV_SEPOLIA_URL }} ${{ needs.build_docker_image.outputs.DOCKER_IMAGE_TAG }} | |
dev-starknet-rs-tests: | |
needs: [validate_dev] | |
uses: ./.github/workflows/starknet-rs-tests.yml | |
secrets: | |
STARKNET_RPC: ${{ secrets.DEV_SEPOLIA_URL }}/v0_6 | |
dev-starknet-js-tests: | |
needs: [validate_dev] | |
uses: ./.github/workflows/starknet-js-tests.yml | |
secrets: | |
TEST_RPC_URL: ${{ secrets.DEV_SEPOLIA_URL }}/v0_7 | |
TEST_ACCOUNT_ADDRESS: ${{ secrets.TEST_ACCOUNT_ADDRESS }} | |
TEST_ACCOUNT_PRIVATE_KEY: ${{ secrets.TEST_ACCOUNT_PRIVATE_KEY }} | |
promote_to_staging: | |
needs: [build_docker_image, validate_dev] | |
runs-on: ubuntu-latest | |
environment: | |
name: Staging | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Login to registry | |
run: | | |
docker login ${{ env.DOCKER_REGISTRY }} -u ${{ secrets.ARTIFACTORY_NUBIA_USERNAME }} -p ${{ secrets.ARTIFACTORY_NUBIA_TOKEN_DEVELOPER }} | |
- name: Promote to Staging | |
run: | | |
OLD_TAG=${{ env.DOCKER_REGISTRY }}/${{ env.REPO_DEV }}/juno:${{ needs.build_docker_image.outputs.DOCKER_IMAGE_TAG }} | |
NEW_TAG=${{ env.DOCKER_REGISTRY }}/${{ env.REPO_STAGING }}/juno:${{ needs.build_docker_image.outputs.DOCKER_IMAGE_TAG }} | |
LATEST_TAG=${{ env.DOCKER_REGISTRY }}/${{ env.REPO_STAGING }}/juno:latest | |
docker pull $OLD_TAG | |
docker tag $OLD_TAG $NEW_TAG | |
docker push $NEW_TAG | |
docker tag $OLD_TAG $LATEST_TAG | |
docker push $LATEST_TAG | |
- name: Verify Deployment Version (Staging) | |
run: | | |
bash .github/workflow-scripts/verify_deployment.sh ${{ secrets.STAGING_SEPOLIA_URL }} ${{ needs.build_docker_image.outputs.DOCKER_IMAGE_TAG }} | |
staging-starknet-rs-tests: | |
needs: [promote_to_staging] | |
uses: ./.github/workflows/starknet-rs-tests.yml | |
secrets: | |
STARKNET_RPC: ${{ secrets.STAGING_SEPOLIA_URL }}/v0_6 | |
staging-starknet-js-tests: | |
needs: [promote_to_staging] | |
uses: ./.github/workflows/starknet-js-tests.yml | |
secrets: | |
TEST_RPC_URL: ${{ secrets.STAGING_SEPOLIA_URL }}/v0_7 | |
TEST_ACCOUNT_ADDRESS: ${{ secrets.TEST_ACCOUNT_ADDRESS }} | |
TEST_ACCOUNT_PRIVATE_KEY: ${{ secrets.TEST_ACCOUNT_PRIVATE_KEY }} | |
promote_to_production: | |
needs: [build_docker_image, promote_to_staging] | |
runs-on: ubuntu-latest | |
environment: | |
name: Production | |
steps: | |
- name: Login to registry | |
run: | | |
docker login ${{ env.DOCKER_REGISTRY }} -u ${{ secrets.ARTIFACTORY_NUBIA_USERNAME }} -p ${{ secrets.ARTIFACTORY_NUBIA_TOKEN_DEVELOPER }} | |
- name: Promote to Production | |
run: | | |
OLD_TAG=${{ env.DOCKER_REGISTRY }}/${{ env.REPO_STAGING }}/juno:${{ needs.build_docker_image.outputs.DOCKER_IMAGE_TAG }} | |
NEW_TAG=${{ env.DOCKER_REGISTRY }}/${{ env.REPO_PROD }}/juno:${{ needs.build_docker_image.outputs.DOCKER_IMAGE_TAG }} | |
docker pull $OLD_TAG | |
docker tag $OLD_TAG $NEW_TAG | |
docker push $NEW_TAG | |
test_in_production: | |
needs: [promote_to_production] | |
runs-on: ubuntu-latest | |
environment: | |
name: ProductionTests # Artificial gate to enforce manual approval | |
steps: | |
- name: Starting production tests | |
run: | | |
echo "Tests in production will start shortly." | |
prod-starknet-rs-tests: | |
needs: [test_in_production] | |
uses: ./.github/workflows/starknet-rs-tests.yml | |
secrets: | |
STARKNET_RPC: ${{ secrets.PROD_SEPOLIA_URL }}/v0_6 | |
prod-starknet-js-tests: | |
needs: [test_in_production] | |
uses: ./.github/workflows/starknet-js-tests.yml | |
secrets: | |
TEST_RPC_URL: ${{ secrets.PROD_SEPOLIA_URL }}/v0_7 | |
TEST_ACCOUNT_ADDRESS: ${{ secrets.TEST_ACCOUNT_ADDRESS }} | |
TEST_ACCOUNT_PRIVATE_KEY: ${{ secrets.TEST_ACCOUNT_PRIVATE_KEY }} |