Skip to content

Commit

Permalink
ci: improve release devops (#546)
Browse files Browse the repository at this point in the history 
This primarily adds new workflow files which are mostly untested. 

However we cannot test them before they are added to `main` branch so here goes.
  • Loading branch information
@Mirko-von-Leipzig
Mirko-von-Leipzig authored Nov 6, 2024
1 parent 17028df commit e3aefd1
Show file tree
Hide file tree
Showing 5 changed files with 314 additions and 148 deletions.
93 changes: 93 additions & 0 deletions .github/actions/build_package/action.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
name: build-package
description: Builds miden-node and miden-faucet debian packages for the given git reference
inputs:
gitref:
required: true
description: The git ref to build the packages from.

runs:
using: "composite"
steps:
- name: Identify target git SHA
id: git-sha
shell: bash
run: |
if git show-ref -q --verify "refs/remotes/origin/$gitref" 2>/dev/null; then
echo "sha=$(git show-ref --hash --verify "refs/remotes/origin/$gitref")" >> $GITHUB_OUTPUT
elif git show-ref -q --verify "refs/tags/$gitref" 2>/dev/null; then
echo "sha=$(git show-ref --hash --verify "refs/tags/$gitref")" >> $GITHUB_OUTPUT
elif git rev-parse --verify "$gitref^{commit}" >/dev/null 2>&1; then
echo "sha=$(git rev-parse --verify "$gitref^{commit})" >> $GITHUB_OUTPUT
else
echo "::error Unknown git reference type"
# exit 1
fi
- name: Build binaries
run: |
cargo install miden-node --locked --features testing --git ${{ github.repositoryUrl }} --rev ${{ steps.git-sha.outputs.sha }}
cargo install miden-faucet --locked --features testing --git ${{ github.repositoryUrl }} --rev ${{ steps.git-sha.outputs.sha }}
- name: Create package directories
run: |
mkdir -p \
packaging/deb/miden-node/DEBIAN \
packaging/deb/miden-node/usr/bin\
packaging/deb/miden-node/lib/systemd/system\
packaging/deb/miden-node/etc/miden\
packaging/deb/miden-node/opt/miden/miden-faucet
mkdir -p \
packaging/deb/miden-faucet/DEBIAN \
packaging/deb/miden-faucet/usr/bin\
packaging/deb/miden-faucet/lib/systemd/system\
packaging/deb/miden-faucet/etc/miden\
packaging/deb/miden-faucet/opt/miden/miden-faucet
- name: Copy binary files
run: |
cp -p $CARGO_HOME/bin/miden-node packaging/deb/miden-node/urs/bin/
cp -p $CARGO_HOME/bin/miden-faucet packaging/deb/miden-faucet/urs/bin/
# These have to be downloaded as the current repo source isn't necessarily the target git reference.
- name: Copy package install scripts
run: |
git show ${{ steps.git-sha.outputs.sha }}:packaging/miden-node.service > packaging/deb/miden-node/lib/systemd/system/miden-node.service
git show ${{ steps.git-sha.outputs.sha }}:packaging/postinst > packaging/deb/miden-node/DEBIAN/postinst
git show ${{ steps.git-sha.outputs.sha }}:packaging/postrm > packaging/deb/miden-node/DEBIAN/postrm
git show ${{ steps.git-sha.outputs.sha }}:packaging/miden-faucet.service > packaging/deb/miden-faucet/lib/systemd/system/miden-faucet.service
git show ${{ steps.git-sha.outputs.sha }}:packaging/postinst > packaging/deb/miden-faucet/DEBIAN/postinst
git show ${{ steps.git-sha.outputs.sha }}:packaging/postrm > packaging/deb/miden-faucet/DEBIAN/postrm
- name: Create control files
run: |
cat > packaging/deb/miden-node/DEBIAN/control << EOF
Package: miden-node
Version: ${{ inputs.gitref }}
Section: base
Priority: optional
Architecture: $(uname -m)
Maintainer: Polygon Devops <[email protected]>
Description: miden-node binary package
Homepage: https://polygon.technology/polygon-miden
Vcs-Git: [email protected]:0xPolygonMiden/miden-node.git
Vcs-Browser: https://github.com/0xPolygonMiden/miden-node
EOF
cat > packaging/deb/miden-faucet/DEBIAN/control << EOF
Package: miden-faucet
Version: ${{ inputs.gitref }}
Section: base
Priority: optional
Architecture: $(uname -m)
Maintainer: Polygon Devops <[email protected]>
Description: miden-faucet binary package
Homepage: https://polygon.technology/polygon-miden
Vcs-Git: [email protected]:0xPolygonMiden/miden-node.git
Vcs-Browser: https://github.com/0xPolygonMiden/miden-node
EOF
- name: Build packages
run: |
dpkg-deb --build --root-owner-group packaging/deb/miden-node
dpkg-deb --build --root-owner-group packaging/deb/miden-faucet
13 changes: 1 addition & 12 deletions .github/workflows/arm_deb_packager.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,15 +181,4 @@ jobs:
echo "account_id=MIDEN_DEV_ACCOUNT_ID" >> $GITHUB_OUTPUT
echo "instance_id=DEVNET_INSTANCE_TF" >> $GITHUB_OUTPUT
fi

deploy:
name: Deploy to ${{ needs.build_package.outputs.target }}
needs: build_package
uses: ./.github/workflows/deploy_package.yml
with:
target: ${{ needs.build_package.outputs.target }}
tag: ${{ needs.build_package.outputs.tag }}
account_id: ${{ needs.build_package.outputs.account_id }}
instance_id: ${{ needs.build_package.outputs.instance_id }}
secrets: inherit
154 changes: 154 additions & 0 deletions .github/workflows/deploy.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,154 @@
name: Deploy
run-name: Deploy ${{ inputs.network }} - ${{ inputs.gitref }}
on:
workflow_dispatch:
inputs:
network:
description: 'Deployment instance'
required: true
type: choice
options:
- testnet
- devnet

gitref:
description: 'Version, commit or other gitref to deploy'
required: true
type: string

architecture:
description: 'Instance architecture'
type: choice
options:
- arm64
default: 'arm64'

permissions:
id-token: write
contents: write

jobs:
deploy:
# Select the runner based on the input architecture using github workflows ternary operator.
runs-on:
labels: ${{ inputs.architecture == 'arm64' && 'ubuntu22-arm-4core' || ubuntu-latest }}

env:
# Define the instance information.
account-id: MIDEN_DEV_ACCOUNT_ID
oicdrole: midendev
instance-id: ${{ inputs.network == 'testnet' && 'TESTNET_INSTANCE_TF' || 'DEVNET_INSTANCE_TF' }}

# Define the expected package names.
node-package: miden-node-${{ inputs.gitref }}-${{ inputs.architecture }}.deb
faucet-package: miden-faucet-${{ inputs.gitref }}-${{ inputs.architecture }}.deb

# S3 path where packages are stored; used to send packages to instance as this isn't trivially possible directly.
s3-path: s3://release-artifacts-${{ secrets[env.account-id] }}

steps:
# Checkout repo so we have access to the required workflow actions.
- name: Checkout repo
uses: actions/checkout@v3
with:
fetch-depth: 0

# Download from github if its a version tag referece.
- name: Download packages from releases
if: ${{ startsWith(inputs.gitref, 'v') }}
run: |
gh release ${{ inputs.gitref }} download ${{ env.node-package }}
gh release ${{ inputs.gitref }} download ${{ env.node-package }}.checksum
gh release ${{ inputs.gitref }} download ${{ env.faucet-package }}
gh release ${{ inputs.gitref }} download ${{ env.faucet-package }}.checksum
sha256 --check ${{ env.node-package }}.checksum
sha256 --check ${{ env.faucet-package }}.checksum
# Otherwise build the packages from source.
#
# Note that we cannot build from the currently checked out repo source since that source
# defines our workflow actions, and not the compilation source target. For this reason we
# prefer building the binary using `cargo install ...`.
- name: Build package
if: ${{ !startsWith(inputs.gitref, 'v') }}
run: |
echo "::error Non-release deployment currently not supported"
exit 1
# Configure AWS communication via SSM.
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: eu-west-1
role-to-assume: "arn:aws:iam::${{ secrets[env.account-id] }}:role/${{ env.oidcrole }}-GithubActionsRole"
role-session-name: GithubActionsSession

- name: Install awscli
uses: ./.github/actions/ssm_execute
with:
instance_id: ${{ secrets[env.instance-id] }}
command: |
sudo apt udpate; \
sudo apt install awscli -y
# Move packages to instance using S3.
# TODO: does this fail if the files already exist?
- name: Upload packages to S3
run: |
aws s3 cp ${{ env.node-package }} ${{ env.s3-path }}/${{ env.node-package }}
aws s3 cp ${{ env.node-faucet }} ${{ env.s3-path }}/${{ env.node-faucet }}
# TODO: does this fail if the files already exist?
- name: Download packages to instance
uses: ./.github/actions/ssm_execute
with:
instance_id: ${{ secrets[env.instance-id] }}
command: |
aws s3 cp ${{ env.s3-path }}/${{ env.node-package }} ${{ env.node-package}}; \
aws s3 cp ${{ env.s3-path }}/${{ env.faucet-package }} ${{ env.faucet-package}}
# Install and launch services on the instance.
- name: Stop miden services
uses: ./.github/actions/ssm_execute
with:
instance_id: ${{ secrets[env.instance-id] }}
command: |
sudo systemctl stop miden-node; \
sudo systemctl stop miden-faucet; \
sudo apt remove miden-node miden-faucet -y; \
sudo rm -f miden-*
- name: Install packages
uses: ./.github/actions/ssm_execute
with:
instance_id: ${{ secrets[env.instance-id] }}
command: |
dpkg -i ${{ env.node-package }}; \
dpkg -i ${{ env.faucet-package }}
- name: Configure environment
uses: ./.github/actions/ssm_execute
with:
instance_id: ${{ secrets[env.instance-id] }}
command: |
sudo chown -R miden /opt/miden; \
sudo /usr/bin/miden-node init -c /etc/miden/miden-node.toml -g /opt/miden/miden-node/genesis.toml; \
sudo /usr/bin/miden-node make-genesis -i /opt/miden/miden-node/genesis.toml -o /opt/miden/miden-node/genesis.dat --force; \
sudo /usr/bin/miden-faucet init -c /opt/miden/miden-faucet/miden-faucet.toml -f /opt/miden/miden-node/accounts/faucet.mac
- name: Start miden node service
uses: ./.github/actions/ssm_execute
with:
instance_id: ${{ secrets[env.instance-id] }}
command: |
sudo systemctl daemon-reload; \
sudo systemctl start miden-node
- name: Start miden faucet service
uses: ./.github/actions/ssm_execute
with:
instance_id: ${{ secrets[env.instance-id] }}
command: |
sudo systemctl daemon-reload; \
sudo systemctl start miden-faucet
Loading

0 comments on commit e3aefd1

Please sign in to comment.