-
Notifications
You must be signed in to change notification settings - Fork 44
154 lines (133 loc) · 5.95 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
name: Deploy
run-name: Deploy ${{ inputs.network }} - ${{ inputs.gitref }}
on:
workflow_dispatch:
inputs:
network:
description: 'Deployment instance'
required: true
type: choice
options:
- devnet
- testnet
gitref:
description: 'Version, branch or commit to deploy'
required: true
type: string
permissions:
id-token: write
contents: write
jobs:
deploy:
name: ${{ inputs.network }} - ${{ inputs.gitref }}
# This is our arm64 runner which matches the AWS instance.
runs-on:
labels: ubuntu22-arm-4core
env:
# Define the instance information.
account-id: MIDEN_DEV_ACCOUNT_ID
oidcrole: midendev
instance-id: ${{ inputs.network == 'testnet' && 'TESTNET_INSTANCE_TF' || 'DEVNET_INSTANCE_TF' }}
# Define the expected package names.
node-package: miden-node-${{ inputs.gitref }}-arm64.deb
faucet-package: miden-faucet-${{ inputs.gitref }}-arm64.deb
steps:
# S3 path where packages are stored; used to send packages to instance as this isn't trivially possible directly.
# This cannot be done in the global env setup as it requires another env variable.
- name: Setup S3 path
run: echo "s3-path=s3://release-artifacts-${{ secrets[env.account-id] }}" >> $GITHUB_ENV
# Checkout repo so we have access to the required workflow actions.
- name: Checkout repo
uses: actions/checkout@main
with:
fetch-depth: 0
# Download from github if its a version tag referece.
- name: Download from releases
if: ${{ startsWith(inputs.gitref, 'v') }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release download ${{ inputs.gitref }} -p ${{ env.node-package }}
gh release download ${{ inputs.gitref }} -p ${{ env.node-package }}.checksum
gh release download ${{ inputs.gitref }} -p ${{ env.faucet-package }}
gh release download ${{ inputs.gitref }} -p ${{ env.faucet-package }}.checksum
sha256sum --check ${{ env.node-package }}.checksum
sha256sum --check ${{ env.faucet-package }}.checksum
# Otherwise build the packages from source.
#
# Note that we cannot build from the currently checked out repo source since that source
# defines our workflow actions, and not the compilation source target. For this reason we
# prefer building the binary using `cargo install ...`.
- name: Build from source
if: ${{ !startsWith(inputs.gitref, 'v') }}
uses: ./.github/actions/build_package
with:
gitref: ${{ inputs.gitref }}
- name: Rename built packages
if: ${{ !startsWith(inputs.gitref, 'v') }}
run: |
mv miden-node.deb ${{ env.node-package }}
mv miden-faucet.deb ${{ env.faucet-package }}
# Configure AWS communication via SSM.
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: eu-west-1
role-to-assume: "arn:aws:iam::${{ secrets[env.account-id] }}:role/${{ env.oidcrole }}-GithubActionsRole"
role-session-name: GithubActionsSession
- name: Install awscli
uses: ./.github/actions/ssm_execute
with:
instance_id: ${{ secrets[env.instance-id] }}
command: |
sudo apt-get udpate; \
sudo apt install awscli -y
# Move packages to instance using S3. Note that this will clobber the files.
- name: Upload packages to S3
run: |
aws s3 cp ${{ env.node-package }} ${{ env.s3-path }}/${{ env.node-package }}
aws s3 cp ${{ env.faucet-package }} ${{ env.s3-path }}/${{ env.faucet-package }}
- name: Download packages to instance
uses: ./.github/actions/ssm_execute
with:
instance_id: ${{ secrets[env.instance-id] }}
command: |
aws s3 cp ${{ env.s3-path }}/${{ env.node-package }} ${{ env.node-package}}; \
aws s3 cp ${{ env.s3-path }}/${{ env.faucet-package }} ${{ env.faucet-package}}
# Install and launch services on the instance.
- name: Stop miden services
uses: ./.github/actions/ssm_execute
with:
instance_id: ${{ secrets[env.instance-id] }}
command: |
sudo systemctl stop miden-node; \
sudo systemctl stop miden-faucet; \
sudo apt remove miden-node miden-faucet -y;
- name: Install packages
uses: ./.github/actions/ssm_execute
with:
instance_id: ${{ secrets[env.instance-id] }}
command: |
dpkg -i ${{ env.node-package }}; \
dpkg -i ${{ env.faucet-package }}
# The faucet uses the public faucet generated in the genesis block.
- name: Configure environment
uses: ./.github/actions/ssm_execute
with:
instance_id: ${{ secrets[env.instance-id] }}
command: |
sudo /usr/bin/miden-node init -c /etc/opt/miden-node/miden-node.toml -g /etc/opt/miden-node/genesis.toml; \
sudo /usr/bin/miden-node make-genesis -i /etc/opt/miden-node/genesis.toml -o /opt/miden-node/genesis.dat --force; \
sudo /usr/bin/miden-faucet init -c /etc/opt/miden-faucet/miden-faucet.toml -f /opt/miden-faucet/accounts/faucet.mac; \
sudo mkdir /opt/miden-faucet/accounts; \
sudo cp /opt/miden-node/accounts/faucet.mac /opt/miden-faucet/accounts/faucet.mac; \
sudo chown -R miden-node /opt/miden-node; \
sudo chown -R miden-faucet /opt/miden-faucet;
- name: Start miden services
uses: ./.github/actions/ssm_execute
with:
instance_id: ${{ secrets[env.instance-id] }}
command: |
sudo systemctl daemon-reload; \
sudo systemctl start miden-node; \
sudo systemctl start miden-faucet;