Request that parent window keep iframe open during signing #63
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 1 | Deploy main to staging | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| verify-build: | |
| name: Verify build | |
| runs-on: ubuntu-latest | |
| outputs: | |
| commit_hash: ${{ steps.get_commit.outputs.hash }} | |
| steps: | |
| - uses: 3cities/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
| with: | |
| ref: main | |
| #- uses: ./.github/actions/verify-build # disable build verification to speed up the build as it's redundant because build verification is already completed by the dev branch build which must pass before merging into main per our GitHub protected branch settings. | |
| - id: get_commit | |
| run: echo "hash=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
| tag: | |
| needs: [verify-build] # tag iff build verification successful to avoid tagging a broken build | |
| if: ${{ needs.verify-build.outputs.commit_hash != null }} | |
| name: GitHub tag | |
| runs-on: ubuntu-latest | |
| outputs: | |
| new_tag: ${{ steps.github-tag-action.outputs.new_tag }} | |
| changelog: ${{ steps.github-tag-action.outputs.changelog }} | |
| steps: | |
| - uses: 3cities/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
| with: | |
| ref: ${{ needs.verify-build.outputs.commit_hash }} | |
| - name: Bump prerelease version and push tag | |
| id: github-tag-action | |
| uses: 3cities/github-tag-action@86a7b93c90a7fb79fca2911075262fb781c9136a | |
| with: | |
| pre_release_branches: ${{ needs.verify-build.outputs.commit_hash }} | |
| deploy-staging: | |
| needs: [verify-build, tag] | |
| if: ${{ needs.tag.outputs.new_tag != null }} | |
| name: Deploy staging | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: 3cities/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
| with: | |
| ref: ${{ needs.verify-build.outputs.commit_hash }} | |
| - uses: ./.github/actions/setup | |
| - uses: ./.github/actions/build-prod | |
| with: | |
| tag: ${{ needs.tag.outputs.new_tag }} | |
| alchemyApiKey: ${{ secrets.REACT_APP_ALCHEMY_API_KEY }} | |
| infuraApiKey: ${{ secrets.REACT_APP_INFURA_API_KEY }} | |
| web3authClientId: ${{ secrets.REACT_APP_WEB3AUTH_CLIENT_ID_STAGING }} | |
| walletconnectProjectId: ${{ secrets.REACT_APP_WALLETCONNECT_PROJECT_ID_STAGING }} | |
| isMainnet: false | |
| - uses: ./.github/actions/deploy-cloudflare-pages | |
| with: | |
| projectName: 3cities-staging | |
| apiToken: ${{ secrets.CLOUDFLARE_PAGES_API_TOKEN }} | |
| accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
| githubToken: ${{ secrets.GITHUB_TOKEN }} | |
| deploy-staging-prod: | |
| needs: [verify-build, tag] | |
| if: ${{ needs.tag.outputs.new_tag != null }} | |
| name: Deploy staging-prod | |
| runs-on: ubuntu-latest | |
| outputs: | |
| ipfs-cid: ${{ steps.nft-storage.outputs.hash }} | |
| steps: | |
| - uses: 3cities/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
| with: | |
| ref: ${{ needs.verify-build.outputs.commit_hash }} | |
| - uses: ./.github/actions/setup | |
| - uses: ./.github/actions/build-prod | |
| with: | |
| tag: ${{ needs.tag.outputs.new_tag }} | |
| alchemyApiKey: ${{ secrets.REACT_APP_ALCHEMY_API_KEY }} | |
| infuraApiKey: ${{ secrets.REACT_APP_INFURA_API_KEY }} | |
| web3authClientId: ${{ secrets.REACT_APP_WEB3AUTH_CLIENT_ID }} | |
| walletconnectProjectId: ${{ secrets.REACT_APP_WALLETCONNECT_PROJECT_ID }} | |
| isMainnet: true | |
| - uses: ./.github/actions/deploy-cloudflare-pages | |
| with: | |
| projectName: 3cities-staging-prod | |
| apiToken: ${{ secrets.CLOUDFLARE_PAGES_API_TOKEN }} | |
| accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
| githubToken: ${{ secrets.GITHUB_TOKEN }} | |
| # TODO re-enable Pinning to IPFS which had an error in ipfs-action which I didn't yet attempt to solve https://github.com/3cities/3cities/actions/runs/9844652126/job/27178734939 | |
| # - name: Pin to IPFS on NFT.Storage | |
| # id: nft-storage | |
| # uses: 3cities/ipfs-action@19879f7df881441a7f1ae2257b63674fa33b8f26 | |
| # with: | |
| # path: ./packages/interface/build | |
| # service: nft.storage | |
| # nftStorageApiKey: ${{ secrets.NFT_STORAGE_API_KEY }} | |
| push-to-releases-staging: | |
| needs: [verify-build, deploy-staging, deploy-staging-prod] | |
| name: 'Push to releases/staging' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: 3cities/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
| with: | |
| ref: ${{ needs.verify-build.outputs.commit_hash }} | |
| fetch-depth: 0 # fetch all tags/history, required for the push below to succeed as it must locally compare against releases/staging to execute the non-fast-forward push. | |
| - name: Git push | |
| # NB we use default of fast-forward only (no force push) because we want our CI/CD pipeline to have linear history for safety. This is also enforced in releases/staging protected branch settings. | |
| run: | | |
| git push origin ${{ needs.verify-build.outputs.commit_hash }}:refs/heads/releases/staging | |
| github-prerelease: | |
| needs: [verify-build, tag, deploy-staging, deploy-staging-prod] | |
| name: GitHub pre-release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: 3cities/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
| with: | |
| ref: ${{ needs.verify-build.outputs.commit_hash }} | |
| fetch-depth: 0 # fetch all tags/history, required for release-action to find new_tag. | |
| - name: Create GitHub pre-release | |
| uses: 3cities/release-action@eb05307dcee34deaad054e98128088a30d7980dc | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| prerelease: true | |
| tag: ${{ needs.tag.outputs.new_tag }} | |
| name: Release ${{ needs.tag.outputs.new_tag }} | |
| body: | | |
| Go to [3cities.xyz](https://3cities.xyz) to view the latest release. | |
| You can also access the 3cities interface directly from an IPFS gateway. | |
| **BEWARE**: the 3cities interface may use [`localStorage`](https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage) to remember your settings. | |
| **You should always use an IPFS gateway that enforces origin separation**, or our alias to the latest release at [3cities.xyz](https://3cities.xyz). | |
| Your 3cities settings are never remembered across different URLs. | |
| IPFS hash of this release: | |
| - CIDv1: `${{ needs.deploy-staging-prod.outputs.ipfs-cid }}` | |
| IPFS gateways: | |
| - https://${{ needs.deploy-staging-prod.outputs.ipfs-cid }}.ipfs.dweb.link/ | |
| - https://${{ needs.deploy-staging-prod.outputs.ipfs-cid }}.ipfs.cf-ipfs.com/ | |
| - [ipfs://${{ needs.deploy-staging-prod.outputs.ipfs-cid }}/](ipfs://${{ needs.deploy-staging-prod.outputs.ipfs-cid }}/) | |
| ${{ needs.tag.outputs.changelog }} | |
| staging-deployment-successful: # no-op job to force a workflow-level "staging-deployment-successful" github status check to be published. Github automatically makes the result of each workflow job available as a status check. | |
| needs: [push-to-releases-staging, github-prerelease] | |
| # NB here we omit 'name' so that the name of the status check in GitHub is the key staging-deployment-successful instead of the 'name' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - run: exit 0 # no-op because a job definition requires something to do, but all we want this job to do is publish a workflow-level github status check. |