Deploy Program #23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Program | ||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| program: | ||
| description: Program | ||
| required: true | ||
| default: candy-guard | ||
| type: choice | ||
| options: | ||
| - candy-guard | ||
| - candy-machine-core | ||
| cluster: | ||
| description: Cluster environment | ||
| required: true | ||
| default: devnet | ||
| type: choice | ||
| options: | ||
| - devnet | ||
| - mainnet-beta | ||
| - sonic-devnet | ||
| - sonic-testnet | ||
| - eclipse-mainnet | ||
| - eclipse-devnet | ||
| git_ref: | ||
| description: Release tag (release/[email protected]) or (release/[email protected]) or commit to deploy | ||
| required: true | ||
| type: string | ||
| default: release/[email protected] | ||
| dry_run: | ||
| description: Dry run | ||
| required: false | ||
| type: boolean | ||
| default: false | ||
| env: | ||
| CACHE: true | ||
| jobs: | ||
| build_programs: | ||
| name: Programs | ||
| uses: ./.github/workflows/build-programs.yml | ||
| secrets: inherit | ||
| with: | ||
| git_ref: ${{ inputs.git_ref }} | ||
| test_js: | ||
| name: JS client | ||
| needs: build_programs | ||
| uses: ./.github/workflows/test-js.yml | ||
| secrets: inherit | ||
| with: | ||
| git_ref: ${{ inputs.git_ref }} | ||
| deploy_program: | ||
| name: Program / Deploy | ||
| runs-on: ubuntu-latest | ||
| needs: test_js | ||
| permissions: | ||
| contents: write | ||
| steps: | ||
| - name: Git checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| ref: ${{ inputs.git_ref }} | ||
| - name: Load environment variables | ||
| run: cat .github/.env >> $GITHUB_ENV | ||
| - name: Install Rust | ||
| uses: metaplex-foundation/actions/install-rust@v1 | ||
| with: | ||
| toolchain: ${{ env.RUST_VERSION }} | ||
| - name: Install Solana | ||
| uses: metaplex-foundation/actions/install-solana@v1 | ||
| with: | ||
| version: ${{ env.DEPLOY_SOLANA_VERSION }} | ||
| cache: ${{ env.CACHE }} | ||
| - name: Install cargo-release | ||
| uses: metaplex-foundation/actions/install-cargo-release@v1 | ||
| if: github.event.inputs.publish_crate == 'true' | ||
| with: | ||
| cache: ${{ env.CACHE }} | ||
| - name: Set RPC | ||
| run: | | ||
| # We do this if waterfall because github actions does not allow dynamic access to secrets | ||
| if [ "${{ inputs.cluster }}" == "devnet" ]; then | ||
| echo RPC=${{ secrets.DEVNET_RPC }} >> $GITHUB_ENV | ||
| else if [ "${{ inputs.cluster }}" == "mainnet-beta" ]; then | ||
| echo RPC=${{ secrets.MAINNET_RPC }} >> $GITHUB_ENV | ||
| else if [ "${{ inputs.cluster }}" == "sonic-devnet" ]; then | ||
| echo RPC=${{ secrets.SONIC_DEVNET_RPC }} >> $GITHUB_ENV | ||
| else if [ "${{ inputs.cluster }}" == "sonic-testnet" ]; then | ||
| echo RPC=${{ secrets.SONIC_TESTNET_RPC }} >> $GITHUB_ENV | ||
| else if [ "${{ inputs.cluster }}" == "eclipse-devnet" ]; then | ||
| echo RPC=${{ secrets.ECLIPSE_DEVNET_RPC }} >> $GITHUB_ENV | ||
| else if [ "${{ inputs.cluster }}" == "eclipse-testnet" ]; then | ||
| echo RPC=${{ secrets.ECLIPSE_TESTNET_RPC }} >> $GITHUB_ENV | ||
| else if [ "${{ inputs.cluster }}" == "eclipse-mainnet" ]; then | ||
| echo RPC=${{ secrets.ECLIPSE_MAINNET_RPC }} >> $GITHUB_ENV | ||
| fi | ||
| - name: Identify Program | ||
| run: | | ||
| if [[ "${{ inputs.cluster }}" == "sonic"* ]]; then | ||
| echo ${{ secrets.CORE_CANDY_MACHINE_SONIC_DEPLOY_KEY }} > ./deploy-key.json | ||
| else if [[ "${{ inputs.cluster }}" == "eclipse"* ]]; then | ||
| echo ${{ secrets.CORE_CANDY_MACHINE_ECLIPSE_DEPLOY_KEY }} > ./deploy-key.json | ||
| fi | ||
| if [ "${{ inputs.program }}" == "candy-guard" ]; then | ||
| if [ ! -e "./deploy-key.json" ]; then | ||
| echo ${{ secrets.CORE_CANDY_GUARD_DEPLOY_KEY }} > ./deploy-key.json | ||
| fi | ||
| echo ${{ secrets.CORE_CANDY_GUARD_ID }} > ./program-id.json | ||
| echo PROGRAM_NAME="mpl_core_candy_guard" >> $GITHUB_ENV | ||
| else | ||
| if [ ! -e "./deploy-key.json" ]; then | ||
| echo ${{ secrets.CORE_CANDY_MACHINE_CORE_DEPLOY_KEY }} > ./deploy-key.json | ||
| fi | ||
| echo ${{ secrets.CORE_CANDY_MACHINE_CORE_ID }} > ./program-id.json | ||
| echo PROGRAM_NAME="mpl_core_candy_machine_core" >> $GITHUB_ENV | ||
| fi | ||
| - name: Download Program Builds | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: program-builds-${{ inputs.git_ref }} | ||
| - name: Deploy Program | ||
| if: !github.event.inputs.dry_run | ||
| run: | | ||
| echo "Deploying ${{ inputs.program }} to ${{ inputs.cluster }}" | ||
| solana -v program deploy ./programs/.bin/${{ env.PROGRAM_NAME }}.so \ | ||
| -u ${{ env.RPC }} \ | ||
| --program-id ./program-id.json \ | ||
| -k ./deploy-key.json \ | ||
| --max-sign-attempts 100 \ | ||
| --use-rpc | ||
| - name: Publish crate | ||
| working-directory: ./programs/${{ inputs.program }}/program | ||
| if: github.event.inputs.publish_crate == 'true' && github.event.inputs.cluster == 'mainnet-beta' | ||
| run: | | ||
| git stash | ||
| git config user.name "${{ env.COMMIT_USER_NAME }}" | ||
| git config user.email "${{ env.COMMIT_USER_EMAIL }}" | ||
| cargo login ${{ secrets.CRATES_TOKEN }} | ||
| cargo release ${{ inputs.bump }} --no-confirm --no-push --no-tag --execute | ||
| git reset --soft HEAD~1 | ||
| git stash pop | ||
| - name: Create tag | ||
| uses: actions/github-script@v5 | ||
| with: | ||
| script: | | ||
| github.rest.git.createRef({ | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| ref: 'refs/tags/${{ inputs.program }}-${{ inputs.cluster }}', | ||
| sha: '${{ inputs.git_ref }}' | ||
| }); | ||
