From 94458e0cb54a43c1a32ba065f620cc52fa4c9bc4 Mon Sep 17 00:00:00 2001 From: Carlos Bermudez Porto <43155355+cbermudez97@users.noreply.github.com> Date: Fri, 21 Jun 2024 10:27:58 -0400 Subject: [PATCH] ci: remove repository dispatch token usage (#7191) --- .github/workflows/hive-consensus-tests.yml | 161 ++++---- .github/workflows/publish-packages.yml | 13 +- .github/workflows/release.yml | 16 +- .../run-a-single-node-from-branch.yml | 357 +++++++++--------- .github/workflows/update-config-files.yml | 12 +- .github/workflows/update-dappnode-package.yml | 34 +- .github/workflows/update-docs.yml | 11 +- 7 files changed, 333 insertions(+), 271 deletions(-) diff --git a/.github/workflows/hive-consensus-tests.yml b/.github/workflows/hive-consensus-tests.yml index 65575337757..d060a51baba 100644 --- a/.github/workflows/hive-consensus-tests.yml +++ b/.github/workflows/hive-consensus-tests.yml @@ -1,9 +1,9 @@ -name: 'Hive consensus tests' +name: "Hive consensus tests" on: push: branches: [release/*] - + workflow_dispatch: inputs: parallelism: @@ -13,7 +13,7 @@ on: type: choice options: ['1', '2', '3', '4', '8', '16'] -concurrency: +concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true @@ -24,83 +24,90 @@ jobs: cleanRef: ${{ steps.prepare_ref.outputs.cleanRef }} runs-on: ubuntu-latest steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - ref: ${{ github.ref }} - - - name: Prepare docker tag - id: prepare_ref - run: | - REF_NAME=${{ github.ref }} - CLEAN_REF=$(echo "${REF_NAME/refs\/heads\//}" | sed 's/[^a-zA-Z0-9._-]/-/g') - echo "CLEAN_REF=$CLEAN_REF" >> $GITHUB_ENV - echo "cleanRef=$CLEAN_REF" >> $GITHUB_OUTPUT - - - name: Set Repo and Org Variables - id: cleanup - run: | - echo "ORG_NAME=${{ github.repository_owner }}" >> $GITHUB_ENV - echo "REPO_NAME=${{ github.event.repository.name }}" >> $GITHUB_ENV - - - name: Check if master or release branch - id: check_conditions - run: | - ref="${{ github.ref }}" - event_name="${{ github.event_name }}" - - # Append "refs/heads/" prefix if it's not already there - if [[ $ref != refs/heads/* ]]; then - ref="refs/heads/$ref" - fi - - # Initialize variables - skip_docker_build="false" - skip_wait_for_docker="false" - - # Set conditions based on branch and event type - if [[ "$ref" == "refs/heads/master" || $ref == refs/heads/release* ]]; then - skip_docker_build="true" - - if [[ "$event_name" == "workflow_dispatch" ]]; then - skip_wait_for_docker="true" + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: ${{ github.ref }} + + - name: Authenticate App + id: gh-app + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ vars.APP_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + + - name: Prepare docker tag + id: prepare_ref + run: | + REF_NAME=${{ github.ref }} + CLEAN_REF=$(echo "${REF_NAME/refs\/heads\//}" | sed 's/[^a-zA-Z0-9._-]/-/g') + echo "CLEAN_REF=$CLEAN_REF" >> $GITHUB_ENV + echo "cleanRef=$CLEAN_REF" >> $GITHUB_OUTPUT + + - name: Set Repo and Org Variables + id: cleanup + run: | + echo "ORG_NAME=${{ github.repository_owner }}" >> $GITHUB_ENV + echo "REPO_NAME=${{ github.event.repository.name }}" >> $GITHUB_ENV + + - name: Check if master or release branch + id: check_conditions + run: | + ref="${{ github.ref }}" + event_name="${{ github.event_name }}" + + # Append "refs/heads/" prefix if it's not already there + if [[ $ref != refs/heads/* ]]; then + ref="refs/heads/$ref" + fi + + # Initialize variables + skip_docker_build="false" + skip_wait_for_docker="false" + + # Set conditions based on branch and event type + if [[ "$ref" == "refs/heads/master" || $ref == refs/heads/release* ]]; then + skip_docker_build="true" + + if [[ "$event_name" == "workflow_dispatch" ]]; then + skip_wait_for_docker="true" + fi fi - fi - - # Output the variables - echo "skip_docker_build=$skip_docker_build" >> $GITHUB_OUTPUT - echo "skip_wait_for_docker=$skip_wait_for_docker" >> $GITHUB_OUTPUT - - - name: Trigger Docker Build Action with Cleaned Ref - if: steps.check_conditions.outputs.skip_docker_build != 'true' - uses: benc-uk/workflow-dispatch@v1 - env: - ADDITIONAL_OPTIONS: ${{ inputs.additional_options }} - with: + + # Output the variables + echo "skip_docker_build=$skip_docker_build" >> $GITHUB_OUTPUT + echo "skip_wait_for_docker=$skip_wait_for_docker" >> $GITHUB_OUTPUT + + - name: Trigger Docker Build Action with Cleaned Ref + if: steps.check_conditions.outputs.skip_docker_build != 'true' + uses: benc-uk/workflow-dispatch@v1 + env: + ADDITIONAL_OPTIONS: ${{ inputs.additional_options }} + with: workflow: publish-docker.yml ref: "${{ github.ref }}" - token: "${{ secrets.REPOSITORY_DISPATCH_TOKEN }}" + token: "${{ steps.gh-app.outputs.token }}" inputs: '{ - "tag": "${{ env.CLEAN_REF }}", - "dockerfile": "Dockerfile", - "build-config": "release" - }' - - - name: Wait for Docker Build Action to complete - if: steps.check_conditions.outputs.skip_wait_for_docker != 'true' - env: - GITHUB_TOKEN: ${{ secrets.REPOSITORY_DISPATCH_TOKEN }} - WORKFLOW_ID: 'publish-docker.yml' - MAX_WAIT_MINUTES: '5' - INTERVAL: '5' - TIMEOUT: '10' - ORG_NAME: ${{ env.ORG_NAME }} - REPO_NAME: ${{ env.REPO_NAME }} - REF: ${{ github.ref }} - run: | - chmod +x scripts/wait-for-workflow-completed.sh - ./scripts/wait-for-workflow-completed.sh - working-directory: ${{ github.workspace }} + "tag": "${{ env.CLEAN_REF }}", + "dockerfile": "Dockerfile", + "build-config": "release" + }' + + - name: Wait for Docker Build Action to complete + if: steps.check_conditions.outputs.skip_wait_for_docker != 'true' + env: + GITHUB_TOKEN: ${{ steps.gh-app.outputs.token }} + WORKFLOW_ID: 'publish-docker.yml' + MAX_WAIT_MINUTES: '5' + INTERVAL: '5' + TIMEOUT: '10' + ORG_NAME: ${{ env.ORG_NAME }} + REPO_NAME: ${{ env.REPO_NAME }} + REF: ${{ github.ref }} + run: | + chmod +x scripts/wait-for-workflow-completed.sh + ./scripts/wait-for-workflow-completed.sh + working-directory: ${{ github.workspace }} generate_hive_consensus_tests: name: "Prepare all hive tests to be started" @@ -113,7 +120,7 @@ jobs: uses: actions/checkout@v4 with: path: nethermind - submodules: 'recursive' + submodules: "recursive" - name: Generate Hive Json For Matrix id: set-matrix run: | diff --git a/.github/workflows/publish-packages.yml b/.github/workflows/publish-packages.yml index 2df63120c13..0d6690d77ab 100644 --- a/.github/workflows/publish-packages.yml +++ b/.github/workflows/publish-packages.yml @@ -98,11 +98,20 @@ jobs: env: FORMULA: nethermind.rb steps: + - name: Authenticate App + id: gh-app + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ vars.APP_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + repositories: "homebrew-nethermind" + - name: Check out homebrew-nethermind repository uses: actions/checkout@v4 with: repository: NethermindEth/homebrew-nethermind - token: ${{ secrets.REPOSITORY_DISPATCH_TOKEN }} + token: ${{ steps.gh-app.outputs.token }} + - name: Update formula file run: | json=$(curl -sL ${{ github.event.release.assets_url }}) @@ -117,7 +126,7 @@ jobs: awk -i inplace -v n=2 '/sha256/ { if (++count == n) sub(/sha256.*/, "sha256 \"'$arm64_hash'\""); } 1' $FORMULA - name: Submit package env: - GH_TOKEN: ${{ secrets.REPOSITORY_DISPATCH_TOKEN }} + GH_TOKEN: ${{ steps.gh-app.outputs.token }} run: | head_branch=feature/v${{ github.event.release.tag_name }}-${{ github.run_number }}-${{ github.run_attempt }} message="Update for v${{ github.event.release.tag_name }}" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b68666389f0..3f8430de866 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -116,6 +116,12 @@ jobs: steps: - name: Check out Nethermind repository uses: actions/checkout@v4 + - name: Authenticate App + id: gh-app + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ vars.APP_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} - name: Download artifacts uses: actions/download-artifact@v4 with: @@ -123,7 +129,7 @@ jobs: - name: Publish env: GIT_TAG: ${{ github.event.inputs.tag }} - GITHUB_TOKEN: ${{ secrets.REPOSITORY_DISPATCH_TOKEN }} + GITHUB_TOKEN: ${{ steps.gh-app.outputs.token }} PACKAGE_PREFIX: ${{ needs.build.outputs.package-prefix }} PRERELEASE: ${{ needs.build.outputs.prerelease }} run: | @@ -165,6 +171,12 @@ jobs: steps: - name: Check out Nethermind repository uses: actions/checkout@v4 + - name: Authenticate App + id: gh-app + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ vars.APP_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx @@ -195,4 +207,4 @@ jobs: curl -s -X POST https://api.github.com/repos/$GITHUB_REPOSITORY/dispatches \ -H "Accept: application/vnd.github.everest-preview+json" -H "Content-Type: application/json" \ -d '{"event_type":"dappnode","client_payload":{"tag":"${{ github.event.inputs.tag }}"}}' \ - -u "${{ secrets.REPOSITORY_DISPATCH_TOKEN }}" + -u "${{ steps.gh-app.outputs.token }}" diff --git a/.github/workflows/run-a-single-node-from-branch.yml b/.github/workflows/run-a-single-node-from-branch.yml index e11cd1c8267..afe6ddac4a5 100644 --- a/.github/workflows/run-a-single-node-from-branch.yml +++ b/.github/workflows/run-a-single-node-from-branch.yml @@ -1,4 +1,4 @@ -name: 'Run a node with selected configuration' +name: "Run a node with selected configuration" on: workflow_dispatch: @@ -35,11 +35,11 @@ on: cl_custom_image: description: "In case of need to run non-default cl image (different than actually supported by Sedge) put it in there" default: "" - required: false + required: false config: description: "Select a config file which will be selected for tests." default: "default.json" - required: true + required: true type: choice options: - default.json @@ -52,11 +52,11 @@ on: default: true type: boolean additional_nethermind_flags: - description: "Provide any additional flags to the Nethermind L1 node in space-separated format. Example: \"JsonRpc.Enabled=false Sync.SnapSync=false\"." + description: 'Provide any additional flags to the Nethermind L1 node in space-separated format. Example: "JsonRpc.Enabled=false Sync.SnapSync=false".' default: "" required: false additional_cl_flags: - description: "Provide any additional flags to the CL client in space-separated format. Example: \"clflag1=1 clflag2=2\"." + description: 'Provide any additional flags to the CL client in space-separated format. Example: "clflag1=1 clflag2=2".' default: "" required: false additional_options: @@ -99,7 +99,7 @@ on: cl_custom_image: description: "In case of need to run non-default cl image (different than actually supported by Sedge) put it in there" default: "" - required: false + required: false type: string config: description: "Select a config file which will be selected for tests." @@ -112,12 +112,12 @@ on: type: boolean additional_nethermind_flags: type: string - description: "Provide any additional flags to the Nethermind in space-separated format. Example: \"JsonRpc.Enabled=false Sync.SnapSync=false\"." + description: 'Provide any additional flags to the Nethermind in space-separated format. Example: "JsonRpc.Enabled=false Sync.SnapSync=false".' default: "" required: false additional_cl_flags: type: string - description: "Provide any additional flags to the CL client in space-separated format. Example: \"clflag1=1 clflag2=2\"." + description: 'Provide any additional flags to the CL client in space-separated format. Example: "clflag1=1 clflag2=2".' default: "" required: false additional_options: @@ -144,198 +144,213 @@ on: rpc_url: description: "" value: ${{ jobs.trigger_node_and_vm_creation.outputs.rpc_url }} - + jobs: create_docker_image: runs-on: ubuntu-latest outputs: base_tag: ${{ steps.set-base-tag.outputs.base_tag }} steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - ref: ${{ github.ref }} + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: ${{ github.ref }} + + - name: Authenticate App + id: gh-app + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ vars.APP_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} - - name: Prepare docker tag - id: prepare_ref - run: | - REF_NAME=${{ inputs.nethermind_repo_ref || github.ref }} - CLEAN_REF=$(echo "${REF_NAME/refs\/heads\//}" | sed 's/[^a-zA-Z0-9._-]/-/g') - echo "CLEAN_REF=$CLEAN_REF" >> $GITHUB_ENV + - name: Prepare docker tag + id: prepare_ref + run: | + REF_NAME=${{ inputs.nethermind_repo_ref || github.ref }} + CLEAN_REF=$(echo "${REF_NAME/refs\/heads\//}" | sed 's/[^a-zA-Z0-9._-]/-/g') + echo "CLEAN_REF=$CLEAN_REF" >> $GITHUB_ENV - - name: Set BASE_TAG - id: set-base-tag - env: - GITHUB_USERNAME: ${{ github.actor }} - run: | - BASE_TAG="${GITHUB_USERNAME:0:1}$(shuf -i 1000-9999 -n 1)" - echo "BASE_TAG=$BASE_TAG" >> $GITHUB_ENV - echo "base_tag=$BASE_TAG" >> $GITHUB_OUTPUT + - name: Set BASE_TAG + id: set-base-tag + env: + GITHUB_USERNAME: ${{ github.actor }} + run: | + BASE_TAG="${GITHUB_USERNAME:0:1}$(shuf -i 1000-9999 -n 1)" + echo "BASE_TAG=$BASE_TAG" >> $GITHUB_ENV + echo "base_tag=$BASE_TAG" >> $GITHUB_OUTPUT - - name: Creating a node with NodeName="DevNode-${{ github.actor }}-${{ env.BASE_TAG }}-${{ env.CLEAN_REF }}-${{ inputs.network }}-${{ inputs.cl_client }}" - run: echo "NodeName='DevNode-${{ github.actor }}-${{ env.BASE_TAG }}-${{ env.CLEAN_REF }}-${{ inputs.network }}-${{ inputs.cl_client }}'" + - name: Creating a node with NodeName="DevNode-${{ github.actor }}-${{ env.BASE_TAG }}-${{ env.CLEAN_REF }}-${{ inputs.network }}-${{ inputs.cl_client }}" + run: echo "NodeName='DevNode-${{ github.actor }}-${{ env.BASE_TAG }}-${{ env.CLEAN_REF }}-${{ inputs.network }}-${{ inputs.cl_client }}'" - - name: Extract dockerfile from additional_options - id: extract_dockerfile - run: | - echo "dockerfile=$(echo '${{ inputs.additional_options }}' | jq -r .default_dockerfile)" >> $GITHUB_OUTPUT - echo "build-config=$(echo '${{ inputs.additional_options }}' | jq -r .default_dockerfile_build_type | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT + - name: Extract dockerfile from additional_options + id: extract_dockerfile + run: | + echo "dockerfile=$(echo '${{ inputs.additional_options }}' | jq -r .default_dockerfile)" >> $GITHUB_OUTPUT + echo "build-config=$(echo '${{ inputs.additional_options }}' | jq -r .default_dockerfile_build_type | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT - - name: Set Repo and Org Variables - run: | - echo "ORG_NAME=${{ github.repository_owner }}" >> $GITHUB_ENV - echo "REPO_NAME=${{ github.event.repository.name }}" >> $GITHUB_ENV - - - name: Check if master branch and default additional_options - id: check_conditions - run: | - ref="${{ inputs.nethermind_repo_ref || github.ref }}" - if [ -z "$ref" ]; then - ref="${{ github.ref }}" - fi - # Append "refs/heads/" prefix if it's not already there - if [[ $ref != refs/heads/* ]]; then - ref="refs/heads/$ref" - fi + - name: Set Repo and Org Variables + run: | + echo "ORG_NAME=${{ github.repository_owner }}" >> $GITHUB_ENV + echo "REPO_NAME=${{ github.event.repository.name }}" >> $GITHUB_ENV - if - [[ "$ref" == "refs/heads/master" || $ref == refs/heads/release* || "$ref" == "refs/heads/paprika" ]] && - [[ "${{ steps.extract_dockerfile.outputs.dockerfile }}" == "Dockerfile" ]] && - [[ "${{ steps.extract_dockerfile.outputs.build-config }}" == "release" ]]; then - echo "skip_docker_build=true" >> $GITHUB_OUTPUT - else - echo "skip_docker_build=false" >> $GITHUB_OUTPUT - fi + - name: Check if master branch and default additional_options + id: check_conditions + run: | + ref="${{ inputs.nethermind_repo_ref || github.ref }}" + if [ -z "$ref" ]; then + ref="${{ github.ref }}" + fi + # Append "refs/heads/" prefix if it's not already there + if [[ $ref != refs/heads/* ]]; then + ref="refs/heads/$ref" + fi - - name: Trigger Docker Build Action with Cleaned Ref - if: steps.check_conditions.outputs.skip_docker_build != 'true' - uses: benc-uk/workflow-dispatch@v1 - env: - ADDITIONAL_OPTIONS: ${{ inputs.additional_options }} - with: + if + [[ "$ref" == "refs/heads/master" || $ref == refs/heads/release* || "$ref" == "refs/heads/paprika" ]] && + [[ "${{ steps.extract_dockerfile.outputs.dockerfile }}" == "Dockerfile" ]] && + [[ "${{ steps.extract_dockerfile.outputs.build-config }}" == "release" ]]; then + echo "skip_docker_build=true" >> $GITHUB_OUTPUT + else + echo "skip_docker_build=false" >> $GITHUB_OUTPUT + fi + + - name: Trigger Docker Build Action with Cleaned Ref + if: steps.check_conditions.outputs.skip_docker_build != 'true' + uses: benc-uk/workflow-dispatch@v1 + env: + ADDITIONAL_OPTIONS: ${{ inputs.additional_options }} + with: workflow: publish-docker.yml ref: "${{ inputs.nethermind_repo_ref || github.ref }}" - token: "${{ secrets.REPOSITORY_DISPATCH_TOKEN }}" + token: "${{ steps.gh-app.outputs.token }}" inputs: '{ - "tag": "${{ env.CLEAN_REF }}", - "dockerfile": "${{ steps.extract_dockerfile.outputs.dockerfile }}", - "build-config": "${{ steps.extract_dockerfile.outputs.build-config }}" - }' - - - name: Wait for Docker Build Action to complete - if: steps.check_conditions.outputs.skip_docker_build != 'true' - env: - GITHUB_TOKEN: ${{ secrets.REPOSITORY_DISPATCH_TOKEN }} - WORKFLOW_ID: 'publish-docker.yml' - MAX_WAIT_MINUTES: '5' - INTERVAL: '5' - TIMEOUT: '10' - ORG_NAME: ${{ env.ORG_NAME }} - REPO_NAME: ${{ env.REPO_NAME }} - REF: ${{ inputs.nethermind_repo_ref || github.ref }} - run: | - chmod +x scripts/wait-for-workflow-completed.sh - ./scripts/wait-for-workflow-completed.sh - working-directory: ${{ github.workspace }} - + "tag": "${{ env.CLEAN_REF }}", + "dockerfile": "${{ steps.extract_dockerfile.outputs.dockerfile }}", + "build-config": "${{ steps.extract_dockerfile.outputs.build-config }}" + }' + + - name: Wait for Docker Build Action to complete + if: steps.check_conditions.outputs.skip_docker_build != 'true' + env: + GITHUB_TOKEN: ${{ steps.gh-app.outputs.token }} + WORKFLOW_ID: "publish-docker.yml" + MAX_WAIT_MINUTES: "5" + INTERVAL: "5" + TIMEOUT: "10" + ORG_NAME: ${{ env.ORG_NAME }} + REPO_NAME: ${{ env.REPO_NAME }} + REF: ${{ inputs.nethermind_repo_ref || github.ref }} + run: | + chmod +x scripts/wait-for-workflow-completed.sh + ./scripts/wait-for-workflow-completed.sh + working-directory: ${{ github.workspace }} + trigger_node_and_vm_creation: needs: create_docker_image runs-on: ubuntu-latest steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - ref: ${{ github.ref }} + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: ${{ github.ref }} - - name: Prepare docker tag - id: prepare_ref - run: | - REF_NAME=${{ inputs.nethermind_repo_ref || github.ref }} - CLEAN_REF=$(echo "${REF_NAME/refs\/heads\//}" | sed 's/[^a-zA-Z0-9._-]/-/g') + - name: Authenticate App + id: gh-app + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ vars.APP_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + repositories: "nethermind,post-merge-smoke-tests" - echo "CLEAN_REF=$CLEAN_REF" >> $GITHUB_ENV + - name: Prepare docker tag + id: prepare_ref + run: | + REF_NAME=${{ inputs.nethermind_repo_ref || github.ref }} + CLEAN_REF=$(echo "${REF_NAME/refs\/heads\//}" | sed 's/[^a-zA-Z0-9._-]/-/g') - - name: Extract Variables - id: extract_variables - run: | - echo "BASE_TAG=${{ needs.create_docker_image.outputs.base_tag }}" >> $GITHUB_ENV - echo "timeout=$(echo '${{ inputs.additional_options }}' | jq -r .timeout)" >> $GITHUB_OUTPUT - echo "ssh_keys=$(echo '${{ inputs.additional_options }}' | jq -r .ssh_keys)" >> $GITHUB_OUTPUT - echo "allowed_ips=$(echo '${{ inputs.additional_options }}' | jq -r .allowed_ips)" >> $GITHUB_OUTPUT - echo "custom_machine_type=$(echo '${{ inputs.additional_options }}' | jq -r .custom_machine_type)" >> $GITHUB_OUTPUT - echo "l1_nethermind_image=$(echo '${{ inputs.additional_optimism_options }}' | jq -r .l1_nethermind_image)" >> $GITHUB_OUTPUT - echo "op_node_image=$(echo '${{ inputs.additional_optimism_options }}' | jq -r .op_node_image)" >> $GITHUB_OUTPUT - echo "op_el_extra_flags=$(echo '${{ inputs.additional_optimism_options }}' | jq -r .op_el_extra_flags)" >> $GITHUB_OUTPUT - echo "op_cl_extra_flags=$(echo '${{ inputs.additional_optimism_options }}' | jq -r .op_cl_extra_flags)" >> $GITHUB_OUTPUT - echo "layer1_el_endpoint=$(echo '${{ inputs.additional_optimism_options }}' | jq -r .layer1_el_endpoint)" >> $GITHUB_OUTPUT - echo "layer1_cl_endpoint=$(echo '${{ inputs.additional_optimism_options }}' | jq -r .layer1_cl_endpoint)" >> $GITHUB_OUTPUT - if [[ ${{ inputs.network }} == base-* ]] || [[ ${{ inputs.network }} == op-* ]]; then - echo "Forcing NON_VALIDATOR_MODE=false for OP chains" - echo "NON_VALIDATOR_MODE=false" >> $GITHUB_OUTPUT - else - echo "NON_VALIDATOR_MODE=${{ inputs.non_validator_mode }}" >> $GITHUB_OUTPUT - fi + echo "CLEAN_REF=$CLEAN_REF" >> $GITHUB_ENV - - name: Trigger Node creation Repo Action - uses: benc-uk/workflow-dispatch@v1 - with: + - name: Extract Variables + id: extract_variables + run: | + echo "BASE_TAG=${{ needs.create_docker_image.outputs.base_tag }}" >> $GITHUB_ENV + echo "timeout=$(echo '${{ inputs.additional_options }}' | jq -r .timeout)" >> $GITHUB_OUTPUT + echo "ssh_keys=$(echo '${{ inputs.additional_options }}' | jq -r .ssh_keys)" >> $GITHUB_OUTPUT + echo "allowed_ips=$(echo '${{ inputs.additional_options }}' | jq -r .allowed_ips)" >> $GITHUB_OUTPUT + echo "custom_machine_type=$(echo '${{ inputs.additional_options }}' | jq -r .custom_machine_type)" >> $GITHUB_OUTPUT + echo "l1_nethermind_image=$(echo '${{ inputs.additional_optimism_options }}' | jq -r .l1_nethermind_image)" >> $GITHUB_OUTPUT + echo "op_node_image=$(echo '${{ inputs.additional_optimism_options }}' | jq -r .op_node_image)" >> $GITHUB_OUTPUT + echo "op_el_extra_flags=$(echo '${{ inputs.additional_optimism_options }}' | jq -r .op_el_extra_flags)" >> $GITHUB_OUTPUT + echo "op_cl_extra_flags=$(echo '${{ inputs.additional_optimism_options }}' | jq -r .op_cl_extra_flags)" >> $GITHUB_OUTPUT + echo "layer1_el_endpoint=$(echo '${{ inputs.additional_optimism_options }}' | jq -r .layer1_el_endpoint)" >> $GITHUB_OUTPUT + echo "layer1_cl_endpoint=$(echo '${{ inputs.additional_optimism_options }}' | jq -r .layer1_cl_endpoint)" >> $GITHUB_OUTPUT + if [[ ${{ inputs.network }} == base-* ]] || [[ ${{ inputs.network }} == op-* ]]; then + echo "Forcing NON_VALIDATOR_MODE=false for OP chains" + echo "NON_VALIDATOR_MODE=false" >> $GITHUB_OUTPUT + else + echo "NON_VALIDATOR_MODE=${{ inputs.non_validator_mode }}" >> $GITHUB_OUTPUT + fi + + - name: Trigger Node creation Repo Action + uses: benc-uk/workflow-dispatch@v1 + with: workflow: run-single-node.yml repo: NethermindEth/post-merge-smoke-tests ref: "main" - token: "${{ secrets.REPOSITORY_DISPATCH_TOKEN }}" + token: "${{ steps.gh-app.outputs.token }}" inputs: '{ - "github_username": "${{ github.actor }}", - "base_tag": "${{ env.BASE_TAG }}", - "config_file": "${{ inputs.config }}", - "nethermind_branch": "${{ env.CLEAN_REF }}", - "network": "${{ inputs.network }}", - "cl_client": "${{ inputs.cl_client }}", - "additional_options": "{\"cl_custom_image\":\"${{ inputs.cl_custom_image }}\", \"timeout\":\"${{ steps.extract_variables.outputs.timeout }}\", \"non_validator_mode\":${{ steps.extract_variables.outputs.NON_VALIDATOR_MODE }}, \"additional_nethermind_flags\":\"${{ inputs.additional_nethermind_flags }}\", \"additional_cl_flags\":\"${{ inputs.additional_cl_flags }}\", \"ssh_keys\":\"${{ steps.extract_variables.outputs.ssh_keys }}\", \"allowed_ips\":\"${{ steps.extract_variables.outputs.allowed_ips }}\", \"custom_machine_type\":\"${{ steps.extract_variables.outputs.custom_machine_type }}\", \"convert_to_paprika\": \"${{ inputs.convert_to_paprika }}\"}", - "additional_optimism_options": "{\"l1_nethermind_image\":\"${{ steps.extract_variables.outputs.l1_nethermind_image}}\", \"op_node_image\":\"${{ steps.extract_variables.outputs.op_node_image}}\", \"op_el_extra_flags\":\"${{ steps.extract_variables.outputs.op_el_extra_flags}}\", \"op_cl_extra_flags\":\"${{ steps.extract_variables.outputs.op_cl_extra_flags}}\", \"layer1_el_endpoint\":\"${{ steps.extract_variables.outputs.layer1_el_endpoint}}\", \"layer1_cl_endpoint\":\"${{ steps.extract_variables.outputs.layer1_cl_endpoint}}\"}" - }' + "github_username": "${{ github.actor }}", + "base_tag": "${{ env.BASE_TAG }}", + "config_file": "${{ inputs.config }}", + "nethermind_branch": "${{ env.CLEAN_REF }}", + "network": "${{ inputs.network }}", + "cl_client": "${{ inputs.cl_client }}", + "additional_options": "{\"cl_custom_image\":\"${{ inputs.cl_custom_image }}\", \"timeout\":\"${{ steps.extract_variables.outputs.timeout }}\", \"non_validator_mode\":${{ steps.extract_variables.outputs.NON_VALIDATOR_MODE }}, \"additional_nethermind_flags\":\"${{ inputs.additional_nethermind_flags }}\", \"additional_cl_flags\":\"${{ inputs.additional_cl_flags }}\", \"ssh_keys\":\"${{ steps.extract_variables.outputs.ssh_keys }}\", \"allowed_ips\":\"${{ steps.extract_variables.outputs.allowed_ips }}\", \"custom_machine_type\":\"${{ steps.extract_variables.outputs.custom_machine_type }}\", \"convert_to_paprika\": \"${{ inputs.convert_to_paprika }}\"}", + "additional_optimism_options": "{\"l1_nethermind_image\":\"${{ steps.extract_variables.outputs.l1_nethermind_image}}\", \"op_node_image\":\"${{ steps.extract_variables.outputs.op_node_image}}\", \"op_el_extra_flags\":\"${{ steps.extract_variables.outputs.op_el_extra_flags}}\", \"op_cl_extra_flags\":\"${{ steps.extract_variables.outputs.op_cl_extra_flags}}\", \"layer1_el_endpoint\":\"${{ steps.extract_variables.outputs.layer1_el_endpoint}}\", \"layer1_cl_endpoint\":\"${{ steps.extract_variables.outputs.layer1_cl_endpoint}}\"}" + }' + + - name: Wait for creation of node + env: + GITHUB_TOKEN: ${{ steps.gh-app.outputs.token }} + WORKFLOW_ID: "run-single-node.yml" + MAX_WAIT_MINUTES: "5" + INTERVAL: "5" + TIMEOUT: "20" + ORG_NAME: "NethermindEth" + REPO_NAME: "post-merge-smoke-tests" + NAME_FILTER: ${{ env.BASE_TAG }} + REF: "main" + run: | + chmod +x scripts/wait-for-workflow-completed.sh + ./scripts/wait-for-workflow-completed.sh | tee script-output.txt + run_id=$(grep -oP 'Run ID: \K\d+' script-output.txt) + echo "Run ID extracted is: $run_id" + echo "RUN_ID=$run_id" >> $GITHUB_ENV + working-directory: ${{ github.workspace }} - - name: Wait for creation of node - env: - GITHUB_TOKEN: ${{ secrets.REPOSITORY_DISPATCH_TOKEN }} - WORKFLOW_ID: 'run-single-node.yml' - MAX_WAIT_MINUTES: '5' - INTERVAL: '5' - TIMEOUT: '20' - ORG_NAME: 'NethermindEth' - REPO_NAME: 'post-merge-smoke-tests' - NAME_FILTER: ${{ env.BASE_TAG }} - REF: 'main' - run: | - chmod +x scripts/wait-for-workflow-completed.sh - ./scripts/wait-for-workflow-completed.sh | tee script-output.txt - run_id=$(grep -oP 'Run ID: \K\d+' script-output.txt) - echo "Run ID extracted is: $run_id" - echo "RUN_ID=$run_id" >> $GITHUB_ENV - working-directory: ${{ github.workspace }} + - name: Download machine specs artifact + run: | + ARTIFACT_ID=$(curl -H "Accept: application/vnd.github.v3+json" -H "Authorization: token ${{ steps.gh-app.outputs.token }}" https://api.github.com/repos/NethermindEth/post-merge-smoke-tests/actions/runs/${{ env.RUN_ID }}/artifacts | jq '.artifacts[0].id') + curl -L -H "Accept: application/vnd.github.v3+json" -H "Authorization: token ${{ steps.gh-app.outputs.token }}" -o artifact.zip https://api.github.com/repos/NethermindEth/post-merge-smoke-tests/actions/artifacts/$ARTIFACT_ID/zip + unzip artifact.zip -d ./downloaded-artifacts/ - - name: Download machine specs artifact - run: | - ARTIFACT_ID=$(curl -H "Accept: application/vnd.github.v3+json" -H "Authorization: token ${{ secrets.REPOSITORY_DISPATCH_TOKEN }}" https://api.github.com/repos/NethermindEth/post-merge-smoke-tests/actions/runs/${{ env.RUN_ID }}/artifacts | jq '.artifacts[0].id') - curl -L -H "Accept: application/vnd.github.v3+json" -H "Authorization: token ${{ secrets.REPOSITORY_DISPATCH_TOKEN }}" -o artifact.zip https://api.github.com/repos/NethermindEth/post-merge-smoke-tests/actions/artifacts/$ARTIFACT_ID/zip - unzip artifact.zip -d ./downloaded-artifacts/ - - - name: Display machine specs content - run: | - FILE=$(ls downloaded-artifacts/machine-details | head -n 1) - cat "downloaded-artifacts/machine-details/$FILE" | tee spec-output.txt - rpc_url=$(grep -oP '\s{2,3}RPC URL: \K.+' spec-output.txt) - echo "RPC URL extracted is: $rpc_url" - echo "RPC_URL=$rpc_url" >> $GITHUB_ENV + - name: Display machine specs content + run: | + FILE=$(ls downloaded-artifacts/machine-details | head -n 1) + cat "downloaded-artifacts/machine-details/$FILE" | tee spec-output.txt + rpc_url=$(grep -oP '\s{2,3}RPC URL: \K.+' spec-output.txt) + echo "RPC URL extracted is: $rpc_url" + echo "RPC_URL=$rpc_url" >> $GITHUB_ENV - - name: Save RPC URL to file - if: inputs.custom_run_id != '' - run: | - workflow_id=${{ inputs.custom_run_id }} - echo "${{ env.RPC_URL }}" > rpc_url%${{ env.CLEAN_REF }}%${{ inputs.custom_run_id }}.txt + - name: Save RPC URL to file + if: inputs.custom_run_id != '' + run: | + workflow_id=${{ inputs.custom_run_id }} + echo "${{ env.RPC_URL }}" > rpc_url%${{ env.CLEAN_REF }}%${{ inputs.custom_run_id }}.txt - - name: Upload RPC URL - uses: actions/upload-artifact@v4 - if: inputs.custom_run_id != '' - with: - name: rpc-url___${{ env.CLEAN_REF }}___${{ inputs.custom_run_id }} - path: rpc_url%${{ env.CLEAN_REF }}%${{ inputs.custom_run_id }}.txt + - name: Upload RPC URL + uses: actions/upload-artifact@v4 + if: inputs.custom_run_id != '' + with: + name: rpc-url___${{ env.CLEAN_REF }}___${{ inputs.custom_run_id }} + path: rpc_url%${{ env.CLEAN_REF }}%${{ inputs.custom_run_id }}.txt diff --git a/.github/workflows/update-config-files.yml b/.github/workflows/update-config-files.yml index 50d548f4b2d..9f03d1500bc 100644 --- a/.github/workflows/update-config-files.yml +++ b/.github/workflows/update-config-files.yml @@ -1,8 +1,8 @@ -name: '[UPDATE] Config files (fast sync settings)' +name: "[UPDATE] Config files (fast sync settings)" on: schedule: - - cron: '0 0 * * 0' + - cron: "0 0 * * 0" workflow_dispatch: permissions: @@ -19,6 +19,12 @@ jobs: uses: actions/checkout@v3 with: ref: ${{ github.ref }} + - name: Authenticate App + id: gh-app + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ vars.APP_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} - name: Install dependencies run: | pip3 install setuptools @@ -29,7 +35,7 @@ jobs: - name: Create pull request uses: peter-evans/create-pull-request@v6.0.2 with: - token: ${{ secrets.REPOSITORY_DISPATCH_TOKEN }} + token: ${{ steps.gh-app.outputs.token }} commit-message: Updating Fast Sync config files body: | Config files included: diff --git a/.github/workflows/update-dappnode-package.yml b/.github/workflows/update-dappnode-package.yml index cb65aba1a5e..8553fc63ee3 100644 --- a/.github/workflows/update-dappnode-package.yml +++ b/.github/workflows/update-dappnode-package.yml @@ -1,23 +1,29 @@ -name: '[UPDATE] DAppNode package' +name: "[UPDATE] DAppNode package" on: repository_dispatch: types: dappnode - + jobs: update-dappnode: name: Triggering the DAppNode Package update runs-on: ubuntu-latest steps: - - name: Getting Tag - id: get_tag - run: echo ::set-output name=TAG::${{ github.event.client_payload.tag }} - - name: Sending dispatch event to nethermind DAppNode Package repository - env: - DISPATCH_REPO: dappnode/DAppNodePackage-nethermind - run: | - curl -s -X POST -u "${{ secrets.REPOSITORY_DISPATCH_TOKEN }}" \ - -H "Accept: application/vnd.github.everest-preview+json" \ - -H "Content-Type: application/json" \ - --data '{"event_type":"new_release", "client_payload": { "tag":"${{ steps.get_tag.outputs.TAG }}"}}' \ - https://api.github.com/repos/$DISPATCH_REPO/dispatches + - name: Getting Tag + id: get_tag + run: echo ::set-output name=TAG::${{ github.event.client_payload.tag }} + - name: Authenticate App + id: gh-app + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ vars.APP_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + - name: Sending dispatch event to nethermind DAppNode Package repository + env: + DISPATCH_REPO: dappnode/DAppNodePackage-nethermind + run: | + curl -s -X POST -u "${{ steps.gh-app.outputs.token }}" \ + -H "Accept: application/vnd.github.everest-preview+json" \ + -H "Content-Type: application/json" \ + --data '{"event_type":"new_release", "client_payload": { "tag":"${{ steps.get_tag.outputs.TAG }}"}}' \ + https://api.github.com/repos/$DISPATCH_REPO/dispatches diff --git a/.github/workflows/update-docs.yml b/.github/workflows/update-docs.yml index b6ceb554788..280dcff55a4 100644 --- a/.github/workflows/update-docs.yml +++ b/.github/workflows/update-docs.yml @@ -20,12 +20,19 @@ jobs: with: ref: ${{ github.event.inputs.ref || github.ref }} path: n + - name: Authenticate App + id: gh-app + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ vars.APP_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + repositories: "nethermind,docs" - name: Check out Nethermind docs repository uses: actions/checkout@v4 with: repository: NethermindEth/docs path: d - token: ${{ secrets.REPOSITORY_DISPATCH_TOKEN }} + token: ${{ steps.gh-app.outputs.token }} - name: Set up .NET uses: actions/setup-dotnet@v4 with: @@ -57,7 +64,7 @@ jobs: - name: Create a pull request working-directory: d env: - GH_TOKEN: ${{ secrets.REPOSITORY_DISPATCH_TOKEN }} + GH_TOKEN: ${{ steps.gh-app.outputs.token }} run: | version="${{ github.event_name == 'release' && format(' of v{0}', github.event.release.tag_name) || '' }}" head_branch=feature/auto-update-${{ github.run_number }}-${{ github.run_attempt }}