From 455db91f100ef44474e0cf0cabf9335fa959daff Mon Sep 17 00:00:00 2001 From: Gustavo Valverde Date: Thu, 13 Apr 2023 02:56:21 -0400 Subject: [PATCH] refactor(ci): use GitHub variables for non-sensitive info (#6357) * refactor(ci): use GitHub secrets and variables We've been using values that are variable across multiple workflows, and those can only be changed if modifying the workflows, but we should be able to change the values without committing new changes in the code for this purpose we're now using GitHub Variables, and even moving non-sensitive information into variables instead of secrets. Allowing more flexibility and other scenarios that should be easier to manage, like deploying to Mainnet or Testnet. * refactor(ci): use new GitHub variables for GCP auth * fix(ci): typo * fix(ci): do not use multiple variables for the same value * fix(ci): typo in variable * fix(vars): use different variables for machine types * fix(vars): missing substitution * fix: typo * fix: make the input CI network override the default network * Use the correct network variable for creating disks --------- Co-authored-by: teor --- .../workflows/build-crates-individually.yml | 10 +- .github/workflows/build-docker-image.yml | 12 +- .github/workflows/continous-delivery.yml | 34 ++-- .../continous-integration-docker.yml | 49 +++--- .../workflows/continous-integration-os.yml | 10 +- .github/workflows/coverage.yml | 10 +- .github/workflows/delete-gcp-resources.yml | 12 +- .github/workflows/deploy-gcp-tests.yml | 146 +++++++++--------- .github/workflows/docs.yml | 8 +- .github/workflows/lint.yml | 10 +- .github/workflows/zcash-lightwalletd.yml | 11 +- .github/workflows/zcashd-manual-deploy.yml | 18 +-- 12 files changed, 152 insertions(+), 178 deletions(-) diff --git a/.github/workflows/build-crates-individually.yml b/.github/workflows/build-crates-individually.yml index df5cca8c701..a1bf818096f 100644 --- a/.github/workflows/build-crates-individually.yml +++ b/.github/workflows/build-crates-individually.yml @@ -37,11 +37,11 @@ on: - '.github/workflows/build-crates-individually.yml' env: - CARGO_INCREMENTAL: 0 - RUST_LOG: info - RUST_BACKTRACE: full - RUST_LIB_BACKTRACE: full - COLORBT_SHOW_HIDDEN: '1' + CARGO_INCREMENTAL: ${{ vars.CARGO_INCREMENTAL }} + RUST_LOG: ${{ vars.RUST_LOG }} + RUST_BACKTRACE: ${{ vars.RUST_BACKTRACE }} + RUST_LIB_BACKTRACE: ${{ vars.RUST_LIB_BACKTRACE }} + COLORBT_SHOW_HIDDEN: ${{ vars.COLORBT_SHOW_HIDDEN }} jobs: matrix: diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml index dc9c16b9bbb..8d7bb0511d1 100644 --- a/.github/workflows/build-docker-image.yml +++ b/.github/workflows/build-docker-image.yml @@ -84,7 +84,7 @@ jobs: with: # list of Docker images to use as base name for tags images: | - us-docker.pkg.dev/zealous-zebra/zebra/${{ inputs.image_name }} + us-docker.pkg.dev/${{ vars.GCP_PROJECT }}/zebra/${{ inputs.image_name }} zfnd/zebra,enable=${{ github.event_name == 'release' && !github.event.release.prerelease }} # appends inputs.tag_suffix to image tags/names flavor: | @@ -119,8 +119,8 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_ARTIFACTS_SA }}' token_format: 'access_token' # Some builds might take over an hour, and Google's default lifetime duration for # an access token is 1 hour (3600s). We increase this to 3 hours (10800s) @@ -177,7 +177,7 @@ jobs: # The caches are tried in top-down order, the first available cache is used: # https://github.com/moby/moby/pull/26839#issuecomment-277383550 cache-from: | - type=registry,ref=us-docker.pkg.dev/zealous-zebra/zebra-caching/${{ inputs.image_name }}${{ inputs.tag_suffix }}:${{ env.GITHUB_REF_SLUG_URL }}-cache - type=registry,ref=us-docker.pkg.dev/zealous-zebra/zebra-caching/${{ inputs.image_name }}${{ inputs.tag_suffix }}:main-cache + type=registry,ref=us-docker.pkg.dev/${{ vars.GCP_PROJECT }}/zebra-caching/${{ inputs.image_name }}${{ inputs.tag_suffix }}:${{ env.GITHUB_REF_SLUG_URL }}-cache + type=registry,ref=us-docker.pkg.dev/${{ vars.GCP_PROJECT }}/zebra-caching/${{ inputs.image_name }}${{ inputs.tag_suffix }}:main-cache cache-to: | - type=registry,ref=us-docker.pkg.dev/zealous-zebra/zebra-caching/${{ inputs.image_name }}${{ inputs.tag_suffix }}:${{ env.GITHUB_REF_SLUG_URL }}-cache,mode=max + type=registry,ref=us-docker.pkg.dev/${{ vars.GCP_PROJECT }}/zebra-caching/${{ inputs.image_name }}${{ inputs.tag_suffix }}:${{ env.GITHUB_REF_SLUG_URL }}-cache,mode=max diff --git a/.github/workflows/continous-delivery.yml b/.github/workflows/continous-delivery.yml index dc6f7537126..f9e7ac935b9 100644 --- a/.github/workflows/continous-delivery.yml +++ b/.github/workflows/continous-delivery.yml @@ -25,12 +25,6 @@ on: types: - published -env: - GAR_BASE: us-docker.pkg.dev/zealous-zebra/zebra - REGION: us-central1 - ZONE: us-central1-a - MACHINE_TYPE: c2-standard-4 - jobs: # If a release was made we want to extract the first part of the semver from the # tag_name @@ -92,8 +86,8 @@ jobs: - name: Run tests using the default config run: | set -ex - docker pull ${{ env.GAR_BASE }}/zebrad@${{ needs.build.outputs.image_digest }} - docker run --detach --name default-conf-tests -t ${{ env.GAR_BASE }}/zebrad@${{ needs.build.outputs.image_digest }} + docker pull ${{ vars.GAR_BASE }}/zebrad@${{ needs.build.outputs.image_digest }} + docker run --detach --name default-conf-tests -t ${{ vars.GAR_BASE }}/zebrad@${{ needs.build.outputs.image_digest }} EXIT_STATUS=$(docker logs --tail all --follow default-conf-tests 2>&1 | grep -q --extended-regexp --max-count=1 -e 'estimated progress to chain tip.*BeforeOverwinter'; echo $?; ) docker stop default-conf-tests docker logs default-conf-tests @@ -147,8 +141,8 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1.1.0 @@ -161,10 +155,10 @@ jobs: --boot-disk-type=pd-ssd \ --image-project=cos-cloud \ --image-family=cos-stable \ - --container-image ${{ env.GAR_BASE }}/zebrad@${{ needs.build.outputs.image_digest }} \ + --container-image ${{ vars.GAR_BASE }}/zebrad@${{ needs.build.outputs.image_digest }} \ --create-disk=name=zebrad-cache-${{ env.GITHUB_SHA_SHORT }},auto-delete=yes,size=300GB,type=pd-ssd \ --container-mount-disk=mount-path="/zebrad-cache",name=zebrad-cache-${{ env.GITHUB_SHA_SHORT }} \ - --machine-type ${{ env.MACHINE_TYPE }} \ + --machine-type ${{ vars.GCP_SMALL_MACHINE }} \ --scopes cloud-platform \ --labels=app=zebrad,environment=prod,network=${NETWORK},github_ref=${{ env.GITHUB_REF_SLUG_URL }} \ --tags zebrad @@ -174,7 +168,7 @@ jobs: id: does-group-exist continue-on-error: true run: | - gcloud compute instance-groups list | grep "zebrad-${{ needs.versioning.outputs.major_version || env.GITHUB_REF_SLUG_URL }}" | grep "${{ env.REGION }}" + gcloud compute instance-groups list | grep "zebrad-${{ needs.versioning.outputs.major_version || env.GITHUB_REF_SLUG_URL }}" | grep "${{ vars.GCP_REGION }}" # Deploy new managed instance group using the new instance template - name: Create managed instance group @@ -185,7 +179,7 @@ jobs: --template "zebrad-${{ needs.versioning.outputs.major_version || env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }}" \ --health-check zebrad-tracing-filter \ --initial-delay 30 \ - --region "${{ env.REGION }}" \ + --region "${{ vars.GCP_REGION }}" \ --size 1 # Rolls out update to existing group using the new instance template @@ -195,7 +189,7 @@ jobs: gcloud compute instance-groups managed rolling-action start-update \ "zebrad-${{ needs.versioning.outputs.major_version || env.GITHUB_REF_SLUG_URL }}" \ --version template="zebrad-${{ needs.versioning.outputs.major_version || env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }}" \ - --region "${{ env.REGION }}" + --region "${{ vars.GCP_REGION }}" # This jobs handles the deployment of a single node (1) in the us-central1-a zone # when an instance is required to test a specific commit @@ -230,8 +224,8 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1.1.0 @@ -246,11 +240,11 @@ jobs: --image-family=cos-stable \ --container-stdin \ --container-tty \ - --container-image ${{ env.GAR_BASE }}/zebrad@${{ needs.build.outputs.image_digest }} \ + --container-image ${{ vars.GAR_BASE }}/zebrad@${{ needs.build.outputs.image_digest }} \ --create-disk=auto-delete=yes,size=300GB,type=pd-ssd \ --create-disk=name=zebrad-cache-${{ env.GITHUB_SHA_SHORT }},auto-delete=yes,size=300GB,type=pd-ssd \ --container-mount-disk=mount-path='/zebrad-cache',name=zebrad-cache-${{ env.GITHUB_SHA_SHORT }} \ - --machine-type ${{ env.MACHINE_TYPE }} \ - --zone ${{ env.ZONE }} \ + --machine-type ${{ vars.GCP_SMALL_MACHINE }} \ + --zone ${{ vars.GCP_ZONE }} \ --labels=app=zebrad,environment=qa,network=${NETWORK},github_ref=${{ env.GITHUB_REF_SLUG_URL }} \ --tags zebrad diff --git a/.github/workflows/continous-integration-docker.yml b/.github/workflows/continous-integration-docker.yml index 2a74c0968fd..b1338f45b3a 100644 --- a/.github/workflows/continous-integration-docker.yml +++ b/.github/workflows/continous-integration-docker.yml @@ -76,13 +76,6 @@ on: - '.github/workflows/deploy-gcp-tests.yml' - '.github/workflows/build-docker-image.yml' -env: - # TODO: use the output from ./.github/workflows/build-docker-image.yml - IMAGE_NAME: zebrad-test - GAR_BASE: us-docker.pkg.dev/zealous-zebra/zebra - # TODO: use environmental secrets for dynamic values - NETWORK: Mainnet - jobs: get-available-disks: runs-on: ubuntu-latest @@ -106,19 +99,19 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1.1.0 # Disk images in GCP are required to be in lowercase, but the blockchain network - # uses sentence case, so we need to downcase ${{ env.NETWORK or github.event.inputs.network }} + # uses sentence case, so we need to downcase ${{ vars.ZCASH_NETWORK or github.event.inputs.network }} # # Passes a lowercase Network name to subsequent steps using $NETWORK env variable - name: Downcase network name for disks run: | - NETWORK_CAPS=${{ env.NETWORK || github.event.inputs.network }} + NETWORK_CAPS=${{ github.event.inputs.network || vars.ZCASH_NETWORK }} echo "NETWORK=${NETWORK_CAPS,,}" >> $GITHUB_ENV # Find a cached state disk for subsequent jobs needing a cached state without @@ -169,9 +162,9 @@ jobs: with: dockerfile_path: ./docker/Dockerfile dockerfile_target: tests - image_name: zebrad-test - # TODO: validate how to use variable/conditional values for Testnet - network: Mainnet + image_name: ${{ vars.CI_IMAGE_NAME }} + # The default network in the image is based on the default network variable in GitHub + network: ${{ vars.ZCASH_NETWORK }} checkpoint_sync: true rust_backtrace: full rust_lib_backtrace: full @@ -204,8 +197,8 @@ jobs: # If some tests hang, add "-- --nocapture" for just that test, or for all the tests. - name: Run zebrad tests run: | - docker pull ${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} - docker run --name zebrad-tests --tty ${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} cargo test --locked --release --features "lightwalletd-grpc-tests" --workspace -- --include-ignored + docker pull ${{ vars.GAR_BASE }}/${{ vars.CI_IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} + docker run --name zebrad-tests --tty ${{ vars.GAR_BASE }}/${{ vars.CI_IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} cargo test --locked --release --features "lightwalletd-grpc-tests" --workspace -- --include-ignored # zebrad tests without cached state with `getblocktemplate-rpcs` feature # @@ -223,8 +216,8 @@ jobs: - name: Run zebrad tests run: | - docker pull ${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} - docker run --name zebrad-tests --tty ${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} cargo test --locked --release --features "lightwalletd-grpc-tests getblocktemplate-rpcs" --workspace -- --include-ignored + docker pull ${{ vars.GAR_BASE }}/${{ vars.CI_IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} + docker run --name zebrad-tests --tty ${{ vars.GAR_BASE }}/${{ vars.CI_IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} cargo test --locked --release --features "lightwalletd-grpc-tests getblocktemplate-rpcs" --workspace -- --include-ignored # Run state tests with fake activation heights. # @@ -248,8 +241,8 @@ jobs: - name: Run tests with fake activation heights run: | - docker pull ${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} - docker run -e TEST_FAKE_ACTIVATION_HEIGHTS --name zebrad-tests -t ${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} cargo test --locked --release --package zebra-state --lib -- --nocapture --include-ignored with_fake_activation_heights + docker pull ${{ vars.GAR_BASE }}/${{ vars.CI_IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} + docker run -e TEST_FAKE_ACTIVATION_HEIGHTS --name zebrad-tests -t ${{ vars.GAR_BASE }}/${{ vars.CI_IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} cargo test --locked --release --package zebra-state --lib -- --nocapture --include-ignored with_fake_activation_heights env: TEST_FAKE_ACTIVATION_HEIGHTS: '1' @@ -269,8 +262,8 @@ jobs: - name: Run zebrad large sync tests run: | - docker pull ${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} - docker run --name zebrad-tests -t ${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} cargo test --locked --release --features lightwalletd-grpc-tests --package zebrad --test acceptance -- --nocapture --include-ignored sync_large_checkpoints_ + docker pull ${{ vars.GAR_BASE }}/${{ vars.CI_IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} + docker run --name zebrad-tests -t ${{ vars.GAR_BASE }}/${{ vars.CI_IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} cargo test --locked --release --features lightwalletd-grpc-tests --package zebrad --test acceptance -- --nocapture --include-ignored sync_large_checkpoints_ # Test launching lightwalletd with an empty lightwalletd and Zebra state. # @@ -288,8 +281,8 @@ jobs: - name: Run tests with empty lightwalletd launch run: | - docker pull ${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} - docker run -e ZEBRA_TEST_LIGHTWALLETD --name lightwalletd-tests -t ${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} cargo test --locked --release --features lightwalletd-grpc-tests --package zebrad --test acceptance -- --nocapture --include-ignored lightwalletd_integration + docker pull ${{ vars.GAR_BASE }}/${{ vars.CI_IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} + docker run -e ZEBRA_TEST_LIGHTWALLETD --name lightwalletd-tests -t ${{ vars.GAR_BASE }}/${{ vars.CI_IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} cargo test --locked --release --features lightwalletd-grpc-tests --package zebrad --test acceptance -- --nocapture --include-ignored lightwalletd_integration env: ZEBRA_TEST_LIGHTWALLETD: '1' @@ -309,8 +302,8 @@ jobs: - name: Run tests using the default config run: | set -ex - docker pull ${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} - docker run --detach --name default-conf-tests -t ${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} zebrad start + docker pull ${{ vars.GAR_BASE }}/${{ vars.CI_IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} + docker run --detach --name default-conf-tests -t ${{ vars.GAR_BASE }}/${{ vars.CI_IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} zebrad start EXIT_STATUS=$(docker logs --tail all --follow default-conf-tests 2>&1 | grep -q --extended-regexp --max-count=1 -e 'estimated progress to chain tip.*BeforeOverwinter'; echo $?; ) docker stop default-conf-tests docker logs default-conf-tests @@ -332,8 +325,8 @@ jobs: - name: Run tests using the $ZEBRA_CONF_PATH run: | set -ex - docker pull ${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} - docker run --detach -e ZEBRA_CONF_PATH --name variable-conf-tests -t ${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} -c $ZEBRA_CONF_PATH start + docker pull ${{ vars.GAR_BASE }}/${{ vars.CI_IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} + docker run --detach -e ZEBRA_CONF_PATH --name variable-conf-tests -t ${{ vars.GAR_BASE }}/${{ vars.CI_IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} -c $ZEBRA_CONF_PATH start EXIT_STATUS=$(docker logs --tail all --follow variable-conf-tests 2>&1 | grep -q --extended-regexp --max-count=1 -e 'v1.0.0-rc.2.toml'; echo $?; ) docker stop variable-conf-tests docker logs variable-conf-tests diff --git a/.github/workflows/continous-integration-os.yml b/.github/workflows/continous-integration-os.yml index d9e97d5da7d..d6453cae1ba 100644 --- a/.github/workflows/continous-integration-os.yml +++ b/.github/workflows/continous-integration-os.yml @@ -51,11 +51,11 @@ on: - '.github/workflows/continous-integration-os.yml' env: - CARGO_INCREMENTAL: 0 - RUST_LOG: info - RUST_BACKTRACE: full - RUST_LIB_BACKTRACE: full - COLORBT_SHOW_HIDDEN: '1' + CARGO_INCREMENTAL: ${{ vars.CARGO_INCREMENTAL }} + RUST_LOG: ${{ vars.RUST_LOG }} + RUST_BACKTRACE: ${{ vars.RUST_BACKTRACE }} + RUST_LIB_BACKTRACE: ${{ vars.RUST_LIB_BACKTRACE }} + COLORBT_SHOW_HIDDEN: ${{ vars.COLORBT_SHOW_HIDDEN }} jobs: test: diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 1e5e8b16946..7b42769245c 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -41,11 +41,11 @@ on: - '.github/workflows/coverage.yml' env: - CARGO_INCREMENTAL: 0 - RUST_LOG: info - RUST_BACKTRACE: full - RUST_LIB_BACKTRACE: full - COLORBT_SHOW_HIDDEN: '1' + CARGO_INCREMENTAL: ${{ vars.CARGO_INCREMENTAL }} + RUST_LOG: ${{ vars.RUST_LOG }} + RUST_BACKTRACE: ${{ vars.RUST_BACKTRACE }} + RUST_LIB_BACKTRACE: ${{ vars.RUST_LIB_BACKTRACE }} + COLORBT_SHOW_HIDDEN: ${{ vars.COLORBT_SHOW_HIDDEN }} jobs: coverage: diff --git a/.github/workflows/delete-gcp-resources.yml b/.github/workflows/delete-gcp-resources.yml index f886256f226..ad4c0b73976 100644 --- a/.github/workflows/delete-gcp-resources.yml +++ b/.github/workflows/delete-gcp-resources.yml @@ -40,8 +40,8 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1.1.0 @@ -192,8 +192,8 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' token_format: 'access_token' - name: Login to Google Artifact Registry @@ -210,7 +210,7 @@ jobs: # https://github.com/GoogleCloudPlatform/gcr-cleaner with: args: >- - -repo=us-docker.pkg.dev/zealous-zebra/zebra/zebrad-test - -repo=us-docker.pkg.dev/zealous-zebra/zebra/lightwalletd + -repo=us-docker.pkg.dev/${{ vars.GCP_PROJECT }}/zebra/zebrad-test + -repo=us-docker.pkg.dev/${{ vars.GCP_PROJECT }}/zebra/lightwalletd -grace=${{ env.DELETE_IMAGE_HOURS }} -keep=${{ env.KEEP_LATEST_IMAGE_COUNT }} diff --git a/.github/workflows/deploy-gcp-tests.yml b/.github/workflows/deploy-gcp-tests.yml index b42d2ebf8da..41f90e242e1 100644 --- a/.github/workflows/deploy-gcp-tests.yml +++ b/.github/workflows/deploy-gcp-tests.yml @@ -87,12 +87,6 @@ on: description: 'Application name, used to work out when a job is an update job' env: - # where we get the Docker image from - IMAGE_NAME: zebrad-test - GAR_BASE: us-docker.pkg.dev/zealous-zebra/zebra - # what kind of Google Cloud instance we want to launch - ZONE: us-central1-f - MACHINE_TYPE: c2d-standard-16 # How many previous log lines we show at the start of each new log job. # Increase this number if some log lines are skipped between jobs # @@ -153,8 +147,8 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1.1.0 @@ -170,13 +164,13 @@ jobs: --image-family=cos-stable \ --create-disk=name="${{ inputs.test_id }}-${{ env.GITHUB_SHA_SHORT }}",device-name="${{ inputs.test_id }}-${{ env.GITHUB_SHA_SHORT }}",size=300GB,type=pd-ssd \ --container-image=gcr.io/google-containers/busybox \ - --machine-type ${{ env.MACHINE_TYPE }} \ + --machine-type ${{ vars.GCP_LARGE_MACHINE }} \ --scopes cloud-platform \ --metadata=google-monitoring-enabled=TRUE,google-logging-enabled=TRUE \ --metadata-from-file=startup-script=.github/workflows/scripts/gcp-vm-startup-script.sh \ --labels=app=${{ inputs.app_name }},environment=test,network=${NETWORK},github_ref=${{ env.GITHUB_REF_SLUG_URL }},test=${{ inputs.test_id }} \ --tags ${{ inputs.app_name }} \ - --zone ${{ env.ZONE }} + --zone ${{ vars.GCP_ZONE }} sleep 60 # Create a docker volume with the new disk we just created. @@ -185,7 +179,7 @@ jobs: - name: Create ${{ inputs.test_id }} Docker volume run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ + --zone ${{ vars.GCP_ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -235,8 +229,8 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1.1.0 @@ -245,7 +239,7 @@ jobs: - name: Launch ${{ inputs.test_id }} test run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ + --zone ${{ vars.GCP_ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -257,7 +251,7 @@ jobs: --detach \ ${{ inputs.test_variables }} \ --mount type=volume,src=${{ inputs.test_id }}-${{ env.GITHUB_SHA_SHORT }},dst=${{ inputs.root_state_path }}/${{ inputs.zebra_state_dir }} \ - ${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} \ + ${{ vars.GAR_BASE }}/${{ vars.CI_IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} \ " @@ -305,8 +299,8 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1.1.0 @@ -411,13 +405,13 @@ jobs: --image-family=cos-stable \ --create-disk=image=${{ env.CACHED_DISK_NAME }},name="${{ inputs.test_id }}-${{ env.GITHUB_SHA_SHORT }}",device-name="${{ inputs.test_id }}-${{ env.GITHUB_SHA_SHORT }}",size=300GB,type=pd-ssd \ --container-image=gcr.io/google-containers/busybox \ - --machine-type ${{ env.MACHINE_TYPE }} \ + --machine-type ${{ vars.GCP_LARGE_MACHINE }} \ --scopes cloud-platform \ --metadata=google-monitoring-enabled=TRUE,google-logging-enabled=TRUE \ --metadata-from-file=startup-script=.github/workflows/scripts/gcp-vm-startup-script.sh \ --labels=app=${{ inputs.app_name }},environment=test,network=${NETWORK},github_ref=${{ env.GITHUB_REF_SLUG_URL }},test=${{ inputs.test_id }} \ --tags ${{ inputs.app_name }} \ - --zone ${{ env.ZONE }} + --zone ${{ vars.GCP_ZONE }} sleep 60 # Create a docker volume with the selected cached state. @@ -428,7 +422,7 @@ jobs: - name: Create ${{ inputs.test_id }} Docker volume run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ + --zone ${{ vars.GCP_ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -476,8 +470,8 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1.1.0 @@ -506,7 +500,7 @@ jobs: if: ${{ (inputs.needs_zebra_state && !inputs.needs_lwd_state) && inputs.test_id != 'lwd-full-sync' }} run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ + --zone ${{ vars.GCP_ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -518,7 +512,7 @@ jobs: --detach \ ${{ inputs.test_variables }} \ --mount type=volume,src=${{ inputs.test_id }}-${{ env.GITHUB_SHA_SHORT }},dst=${{ inputs.root_state_path }}/${{ inputs.zebra_state_dir }} \ - ${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} \ + ${{ vars.GAR_BASE }}/${{ vars.CI_IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} \ " # Launch the test with the previously created Lightwalletd and Zebra cached state. @@ -554,7 +548,7 @@ jobs: if: ${{ (inputs.needs_zebra_state && inputs.needs_lwd_state) || inputs.test_id == 'lwd-full-sync' }} run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ + --zone ${{ vars.GCP_ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -567,7 +561,7 @@ jobs: ${{ inputs.test_variables }} \ --mount type=volume,src=${{ inputs.test_id }}-${{ env.GITHUB_SHA_SHORT }},dst=${{ inputs.root_state_path }}/${{ inputs.zebra_state_dir }} \ --mount type=volume,src=${{ inputs.test_id }}-${{ env.GITHUB_SHA_SHORT }},dst=${{ inputs.root_state_path }}/${{ inputs.lwd_state_dir }} \ - ${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} \ + ${{ vars.GAR_BASE }}/${{ vars.CI_IMAGE_NAME }}:sha-${{ env.GITHUB_SHA_SHORT }} \ " @@ -612,8 +606,8 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1.1.0 @@ -659,8 +653,8 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1.1.0 @@ -676,7 +670,7 @@ jobs: - name: Show logs for ${{ inputs.test_id }} test (heartwood) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ + --zone ${{ vars.GCP_ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -731,8 +725,8 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1.1.0 @@ -741,7 +735,7 @@ jobs: - name: Show logs for ${{ inputs.test_id }} test (canopy) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ + --zone ${{ vars.GCP_ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -798,8 +792,8 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1.1.0 @@ -808,7 +802,7 @@ jobs: - name: Show logs for ${{ inputs.test_id }} test (1740k) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ + --zone ${{ vars.GCP_ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -867,8 +861,8 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1.1.0 @@ -877,7 +871,7 @@ jobs: - name: Show logs for ${{ inputs.test_id }} test (1760k) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ + --zone ${{ vars.GCP_ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -936,8 +930,8 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1.1.0 @@ -946,7 +940,7 @@ jobs: - name: Show logs for ${{ inputs.test_id }} test (1780k) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ + --zone ${{ vars.GCP_ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -1006,8 +1000,8 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1.1.0 @@ -1016,7 +1010,7 @@ jobs: - name: Show logs for ${{ inputs.test_id }} test (1800k) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ + --zone ${{ vars.GCP_ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -1075,8 +1069,8 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1.1.0 @@ -1085,7 +1079,7 @@ jobs: - name: Show logs for ${{ inputs.test_id }} test (1820k) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ + --zone ${{ vars.GCP_ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -1144,8 +1138,8 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1.1.0 @@ -1154,7 +1148,7 @@ jobs: - name: Show logs for ${{ inputs.test_id }} test (1850k) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ + --zone ${{ vars.GCP_ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -1213,8 +1207,8 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1.1.0 @@ -1223,7 +1217,7 @@ jobs: - name: Show logs for ${{ inputs.test_id }} test (1880k) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ + --zone ${{ vars.GCP_ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -1282,8 +1276,8 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1.1.0 @@ -1292,7 +1286,7 @@ jobs: - name: Show logs for ${{ inputs.test_id }} test (1920k) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ + --zone ${{ vars.GCP_ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -1350,8 +1344,8 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1.1.0 @@ -1360,7 +1354,7 @@ jobs: - name: Show logs for ${{ inputs.test_id }} test (1920k) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ + --zone ${{ vars.GCP_ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -1416,8 +1410,8 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1.1.0 @@ -1428,7 +1422,7 @@ jobs: - name: Show logs for ${{ inputs.test_id }} test (checkpoint) run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ + --zone ${{ vars.GCP_ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -1491,8 +1485,8 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1.1.0 @@ -1510,7 +1504,7 @@ jobs: - name: Result of ${{ inputs.test_id }} test run: | gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ + --zone ${{ vars.GCP_ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -1589,8 +1583,8 @@ jobs: id: auth uses: google-github-actions/auth@v1.0.0 with: - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1.1.0 @@ -1645,7 +1639,7 @@ jobs: DOCKER_LOGS=$( \ gcloud compute ssh ${{ inputs.test_id }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }} \ - --zone ${{ env.ZONE }} \ + --zone ${{ vars.GCP_ZONE }} \ --ssh-flag="-o ServerAliveInterval=5" \ --ssh-flag="-o ConnectionAttempts=20" \ --ssh-flag="-o ConnectTimeout=5" \ @@ -1725,13 +1719,13 @@ jobs: MINIMUM_UPDATE_HEIGHT=$((ORIGINAL_HEIGHT+CACHED_STATE_UPDATE_LIMIT)) if [[ -z "$UPDATE_SUFFIX" ]] || [[ "$SYNC_HEIGHT" -gt "$MINIMUM_UPDATE_HEIGHT" ]]; then gcloud compute images create \ - "${{ inputs.disk_prefix }}-${SHORT_GITHUB_REF}-${{ env.GITHUB_SHA_SHORT }}-v${{ env.STATE_VERSION }}-${{ env.NETWORK }}-${{ inputs.disk_suffix }}${UPDATE_SUFFIX}-${TIME_SUFFIX}" \ + "${{ inputs.disk_prefix }}-${SHORT_GITHUB_REF}-${{ env.GITHUB_SHA_SHORT }}-v${{ env.STATE_VERSION }}-${NETWORK}-${{ inputs.disk_suffix }}${UPDATE_SUFFIX}-${TIME_SUFFIX}" \ --force \ --source-disk=${{ inputs.test_id }}-${{ env.GITHUB_SHA_SHORT }} \ - --source-disk-zone=${{ env.ZONE }} \ + --source-disk-zone=${{ vars.GCP_ZONE }} \ --storage-location=us \ --description="Created from commit ${{ env.GITHUB_SHA_SHORT }} with height ${{ env.SYNC_HEIGHT }}" \ - --labels="height=${{ env.SYNC_HEIGHT }},purpose=${{ inputs.disk_prefix }},commit=${{ env.GITHUB_SHA_SHORT }},state-version=${{ env.STATE_VERSION }},network=${{ env.NETWORK }},target-height-kind=${{ inputs.disk_suffix }},update-flag=${UPDATE_SUFFIX},updated-from-height=${ORIGINAL_HEIGHT},test-id=${{ inputs.test_id }},app-name=${{ inputs.app_name }}" + --labels="height=${{ env.SYNC_HEIGHT }},purpose=${{ inputs.disk_prefix }},commit=${{ env.GITHUB_SHA_SHORT }},state-version=${{ env.STATE_VERSION }},network=${NETWORK},target-height-kind=${{ inputs.disk_suffix }},update-flag=${UPDATE_SUFFIX},updated-from-height=${ORIGINAL_HEIGHT},test-id=${{ inputs.test_id }},app-name=${{ inputs.app_name }}" else echo "Skipped cached state update because the new sync height $SYNC_HEIGHT was less than $CACHED_STATE_UPDATE_LIMIT blocks above the original height $ORIGINAL_HEIGHT" fi @@ -1764,8 +1758,8 @@ jobs: id: auth uses: google-github-actions/auth@v1.0.0 with: - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1.1.0 @@ -1779,5 +1773,5 @@ jobs: if [ -z "${INSTANCE}" ]; then echo "No instance to delete" else - gcloud compute instances delete "${INSTANCE}" --zone "${{ env.ZONE }}" --delete-disks all --quiet + gcloud compute instances delete "${INSTANCE}" --zone "${{ vars.GCP_ZONE }}" --delete-disks all --quiet fi diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 6c5b980e122..1d184ae0b69 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -28,10 +28,10 @@ on: - '.github/workflows/docs.yml' env: - RUST_LOG: info - RUST_BACKTRACE: full - RUST_LIB_BACKTRACE: full - COLORBT_SHOW_HIDDEN: '1' + RUST_LOG: ${{ vars.RUST_LOG }} + RUST_BACKTRACE: ${{ vars.RUST_BACKTRACE }} + RUST_LIB_BACKTRACE: ${{ vars.RUST_LIB_BACKTRACE }} + COLORBT_SHOW_HIDDEN: ${{ vars.COLORBT_SHOW_HIDDEN }} jobs: build: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index d1685784bc7..13dfb4e329f 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -16,11 +16,11 @@ on: pull_request: env: - CARGO_INCREMENTAL: 0 - RUST_LOG: info - RUST_BACKTRACE: full - RUST_LIB_BACKTRACE: full - COLORBT_SHOW_HIDDEN: '1' + CARGO_INCREMENTAL: ${{ vars.CARGO_INCREMENTAL }} + RUST_LOG: ${{ vars.RUST_LOG }} + RUST_BACKTRACE: ${{ vars.RUST_BACKTRACE }} + RUST_LIB_BACKTRACE: ${{ vars.RUST_LIB_BACKTRACE }} + COLORBT_SHOW_HIDDEN: ${{ vars.COLORBT_SHOW_HIDDEN }} jobs: changed-files: diff --git a/.github/workflows/zcash-lightwalletd.yml b/.github/workflows/zcash-lightwalletd.yml index e6ebba90e1d..77024f12d16 100644 --- a/.github/workflows/zcash-lightwalletd.yml +++ b/.github/workflows/zcash-lightwalletd.yml @@ -43,7 +43,6 @@ on: - '.github/workflows/zcash-lightwalletd.yml' env: - GAR_BASE: us-docker.pkg.dev/zealous-zebra/zebra IMAGE_NAME: lightwalletd jobs: @@ -78,7 +77,7 @@ jobs: with: # list of Docker images to use as base name for tags images: | - ${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }} + ${{ vars.GAR_BASE }}/${{ env.IMAGE_NAME }} # generate Docker tags based on the following events/attributes # set latest tag for default branch tags: | @@ -115,8 +114,8 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_ARTIFACTS_SA }}' token_format: 'access_token' - name: Set up Cloud SDK @@ -143,5 +142,5 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} push: true - cache-from: type=registry,ref=${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:buildcache - cache-to: type=registry,ref=${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:buildcache,mode=max + cache-from: type=registry,ref=${{ vars.GAR_BASE }}/${{ env.IMAGE_NAME }}:buildcache + cache-to: type=registry,ref=${{ vars.GAR_BASE }}/${{ env.IMAGE_NAME }}:buildcache,mode=max diff --git a/.github/workflows/zcashd-manual-deploy.yml b/.github/workflows/zcashd-manual-deploy.yml index 8a67675bc1f..150a1871330 100644 --- a/.github/workflows/zcashd-manual-deploy.yml +++ b/.github/workflows/zcashd-manual-deploy.yml @@ -12,12 +12,6 @@ on: description: 'GCP Managed Instance Group size' required: true -env: - PROJECT_ID: zealous-zebra - REGION: us-central1 - ZONE: us-central1-a - MACHINE_TYPE: c2-standard-4 - jobs: deploy: name: Deploy zcashd nodes @@ -54,8 +48,8 @@ jobs: uses: google-github-actions/auth@v1.0.0 with: retries: '3' - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + workload_identity_provider: '${{ vars.GCP_WIF }}' + service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}' - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1.1.0 @@ -72,7 +66,7 @@ jobs: --container-tty \ --container-image electriccoinco/zcashd \ --container-env ZCASHD_NETWORK="${{ inputs.network }}" \ - --machine-type ${{ env.MACHINE_TYPE }} \ + --machine-type ${{ vars.GCP_SMALL_MACHINE }} \ --service-account ${{ env.DEPLOY_SA }} \ --scopes cloud-platform \ --labels=app=zcashd,environment=prod,network=${NETWORK},github_ref=${{ env.GITHUB_REF_SLUG_URL }} \ @@ -83,7 +77,7 @@ jobs: id: does-group-exist continue-on-error: true run: | - gcloud compute instance-groups list | grep "zcashd-${{ env.GITHUB_REF_SLUG_URL }}-${{ inputs.network }}" | grep "${{ env.REGION }}" + gcloud compute instance-groups list | grep "zcashd-${{ env.GITHUB_REF_SLUG_URL }}-${{ inputs.network }}" | grep "${{ vars.GCP_REGION }}" # Deploy new managed instance group using the new instance template - name: Create managed instance group @@ -92,7 +86,7 @@ jobs: gcloud compute instance-groups managed create \ "zcashd-${{ env.GITHUB_REF_SLUG_URL }}-${{ inputs.network }}" \ --template "zcashd-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }}" \ - --region "${{ env.REGION }}" \ + --region "${{ vars.GCP_REGION }}" \ --size "${{ github.event.inputs.size }}" # Rolls out update to existing group using the new instance template @@ -102,4 +96,4 @@ jobs: gcloud compute instance-groups managed rolling-action start-update \ "zcashd-${{ env.GITHUB_REF_SLUG_URL }}-${{ inputs.network }}" \ --version template="zcashd-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }}" \ - --region "${{ env.REGION }}" + --region "${{ vars.GCP_REGION }}"