Skip to content

CI/CD pipeline

CI/CD pipeline #44

Workflow file for this run

name: CI/CD pipeline
env:
DOCKER_REGISTRY: nethermind.jfrog.io
REPO_DEV: nubia-docker-local-dev
REPO_STAGING: nubia-docker-local-staging
REPO_PROD: nubia-docker-local-prod
on:
push:
branches: [main]
tags: ["v*"]
workflow_dispatch:
permissions:
id-token: write
contents: write
jobs:
build_docker_image:
runs-on: ubuntu-latest
outputs:
DOCKER_IMAGE_TAG: ${{ steps.set_tag.outputs.DOCKER_IMAGE_TAG }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Define image tag
id: set_tag
run: |
export DOCKER_IMAGE_TAG=$(git describe --tags)
# This one is to be able to use the image tag in the next steps in this job
echo "DOCKER_IMAGE_TAG=$DOCKER_IMAGE_TAG" >> $GITHUB_ENV
# This one is to be able to use the image tag in the next jobs
echo "DOCKER_IMAGE_TAG=$DOCKER_IMAGE_TAG" >> $GITHUB_OUTPUT
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to registry
run: |
docker login ${{ env.DOCKER_REGISTRY }} -u ${{ vars.ARTIFACTORY_NUBIA_USER }} -p ${{ secrets.ARTIFACTORY_NUBIA_CONTRIBUTOR}}
- name: Build and Push
uses: docker/build-push-action@v5
with:
context: .
platforms: "linux/amd64"
push: true
tags: ${{ env.DOCKER_REGISTRY }}/${{ env.REPO_DEV }}/juno:${{ env.DOCKER_IMAGE_TAG }}
validate_dev:
permissions:
id-token: write
contents: write
needs: [build_docker_image]
runs-on: ubuntu-latest
environment:
name: Development
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Verify Deployment Version (Dev)
run: |
bash .github/workflow-scripts/verify_deployment.sh ${{ secrets.DEV_SEPOLIA_URL }} ${{ needs.build_docker_image.outputs.DOCKER_IMAGE_TAG }}
dev-starknet-rs-tests:
needs: [validate_dev]
uses: ./.github/workflows/starknet-rs-tests.yml
secrets:
STARKNET_RPC: ${{ secrets.DEV_SEPOLIA_URL }}/v0_6
dev-starknet-js-tests:
needs: [validate_dev]
uses: ./.github/workflows/starknet-js-tests.yml
secrets:
TEST_RPC_URL: ${{ secrets.DEV_SEPOLIA_URL }}/v0_7
TEST_ACCOUNT_ADDRESS: ${{ secrets.TEST_ACCOUNT_ADDRESS }}
TEST_ACCOUNT_PRIVATE_KEY: ${{ secrets.TEST_ACCOUNT_PRIVATE_KEY }}
promote_to_staging:
needs: [build_docker_image, validate_dev]
runs-on: ubuntu-latest
environment:
name: Staging
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup JFrog CLI
uses: jfrog/setup-jfrog-cli@v4
env:
JF_URL: ${{ vars.JFROG_URL}}
JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_NUBIA_CONTRIBUTOR }}
- name: Promote to Staging
run: |
jf rt dpr juno/${{ needs.build_docker_image.outputs.DOCKER_IMAGE_TAG }} ${{ env.REPO_DEV }} ${{ env.REPO_STAGING }}
- name: Verify Deployment Version (Staging)
run: |
bash .github/workflow-scripts/verify_deployment.sh ${{ secrets.STAGING_SEPOLIA_URL }} ${{ needs.build_docker_image.outputs.DOCKER_IMAGE_TAG }}
staging-starknet-rs-tests:
needs: [promote_to_staging]
uses: ./.github/workflows/starknet-rs-tests.yml
secrets:
STARKNET_RPC: ${{ secrets.STAGING_SEPOLIA_URL }}/v0_6
staging-starknet-js-tests:
needs: [promote_to_staging]
uses: ./.github/workflows/starknet-js-tests.yml
secrets:
TEST_RPC_URL: ${{ secrets.STAGING_SEPOLIA_URL }}/v0_7
TEST_ACCOUNT_ADDRESS: ${{ secrets.TEST_ACCOUNT_ADDRESS }}
TEST_ACCOUNT_PRIVATE_KEY: ${{ secrets.TEST_ACCOUNT_PRIVATE_KEY }}
promote_to_production:
needs: [build_docker_image, promote_to_staging]
runs-on: ubuntu-latest
environment:
name: Production
steps:
- name: Setup JFrog CLI
uses: jfrog/setup-jfrog-cli@v4
env:
JF_URL: ${{ vars.JFROG_URL}}
JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_NUBIA_CONTRIBUTOR }}
- name: Promote to Production
run: |
jf rt dpr juno/${{ needs.build_docker_image.outputs.DOCKER_IMAGE_TAG }} ${{ env.REPO_STAGING }} ${{ env.REPO_PROD }}
test_in_production:
needs: [promote_to_production]
runs-on: ubuntu-latest
environment:
name: ProductionTests # Artificial gate to enforce manual approval
steps:
- name: Starting production tests
run: |
echo "Tests in production will start shortly."
prod-starknet-rs-tests:
needs: [test_in_production]
uses: ./.github/workflows/starknet-rs-tests.yml
secrets:
STARKNET_RPC: ${{ secrets.PROD_SEPOLIA_URL }}/v0_6
prod-starknet-js-tests:
needs: [test_in_production]
uses: ./.github/workflows/starknet-js-tests.yml
secrets:
TEST_RPC_URL: ${{ secrets.PROD_SEPOLIA_URL }}/v0_7
TEST_ACCOUNT_ADDRESS: ${{ secrets.TEST_ACCOUNT_ADDRESS }}
TEST_ACCOUNT_PRIVATE_KEY: ${{ secrets.TEST_ACCOUNT_PRIVATE_KEY }}