zecfoundation
/
zebra
mirror of https://github.com/ZcashFoundation/zebra.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zebra/.github/workflows/continous-delivery.yml

331 lines
14 KiB
YAML
Raw Normal View History

Create instance group if it doesn't exist, update it if it does (#513) * Deploy instance group if it doesn't exist, update it if it does * Rename push.yml to cd.yml * Rename some CD steps
2020-06-21 01:39:47 -07:00
name: CD
Turn off the project workflow, reorg some CI jobs (#451) * Remove 'assign to project' workflow Doesn't work with external PRs. * Reorg CI jobs a bit * Also upgrade gcloud sdk to version 295.0.0
2020-06-08 18:03:51 -07:00
ci(concurrency)!: run a single CI workflow as required (#4981) * ci(concurrency)!: run a single CI workflow as required Previous behavior: Multiple Mainnet full syncs were able to run on the main branch at the same time, and pushing multiple commits to the same branch would run multiple CI workflows, when only the run from last commit was relevant Expected behavior: Ensure that only a single CI workflow runs at the same time in PRs. The latest commit should cancel any previous running workflows from the same PR. Solution: Use GitHub actions concurrency feature https://docs.github.com/en/actions/using-jobs/using-concurrency Fixes https://github.com/ZcashFoundation/zebra/issues/4977 Fixes https://github.com/ZcashFoundation/zebra/issues/4857 * docs: typo * ci(concurrency): do not cancel running full syncs Co-authored-by: teor <teor@riseup.net> * fix(concurrency): explain the behavior better & add new ones Co-authored-by: teor <teor@riseup.net>
2022-08-29 17:11:05 -07:00
# Ensures that only one workflow task will run at a time. Previous deployments, if
# already in process, won't get cancelled. Instead, we let the first to complete
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
# then queue the latest pending workflow, cancelling any workflows in between.
#
# Since the different event types each use a different Managed Instance Group or instance,
# we can run different event types concurrently.
ci(concurrency)!: run a single CI workflow as required (#4981) * ci(concurrency)!: run a single CI workflow as required Previous behavior: Multiple Mainnet full syncs were able to run on the main branch at the same time, and pushing multiple commits to the same branch would run multiple CI workflows, when only the run from last commit was relevant Expected behavior: Ensure that only a single CI workflow runs at the same time in PRs. The latest commit should cancel any previous running workflows from the same PR. Solution: Use GitHub actions concurrency feature https://docs.github.com/en/actions/using-jobs/using-concurrency Fixes https://github.com/ZcashFoundation/zebra/issues/4977 Fixes https://github.com/ZcashFoundation/zebra/issues/4857 * docs: typo * ci(concurrency): do not cancel running full syncs Co-authored-by: teor <teor@riseup.net> * fix(concurrency): explain the behavior better & add new ones Co-authored-by: teor <teor@riseup.net>
2022-08-29 17:11:05 -07:00
concurrency:
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }}
ci(concurrency)!: run a single CI workflow as required (#4981) * ci(concurrency)!: run a single CI workflow as required Previous behavior: Multiple Mainnet full syncs were able to run on the main branch at the same time, and pushing multiple commits to the same branch would run multiple CI workflows, when only the run from last commit was relevant Expected behavior: Ensure that only a single CI workflow runs at the same time in PRs. The latest commit should cancel any previous running workflows from the same PR. Solution: Use GitHub actions concurrency feature https://docs.github.com/en/actions/using-jobs/using-concurrency Fixes https://github.com/ZcashFoundation/zebra/issues/4977 Fixes https://github.com/ZcashFoundation/zebra/issues/4857 * docs: typo * ci(concurrency): do not cancel running full syncs Co-authored-by: teor <teor@riseup.net> * fix(concurrency): explain the behavior better & add new ones Co-authored-by: teor <teor@riseup.net>
2022-08-29 17:11:05 -07:00
cancel-in-progress: false
Turn off the project workflow, reorg some CI jobs (#451) * Remove 'assign to project' workflow Doesn't work with external PRs. * Reorg CI jobs a bit * Also upgrade gcloud sdk to version 295.0.0
2020-06-08 18:03:51 -07:00
on:
Split up big test job into its own workflow
2020-11-19 12:21:03 -08:00
workflow_dispatch:
refactor(cd): improve Docker and gcloud usage without Cloud Build (#3431) * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): use newer google auth action * fix (cd): use newer secret as gcp credential * fix (docker): do not create extra directories * fix (docker): ignore .github for caching purposes * fix (docker): use latest rust * fix: use a better name for manual deployment * refactor (docker): use standard directories for executable * fix (cd): most systems expect a "latest" tag Caching from the latest image is one of the main reasons to add this extra tag. Before this commit, the inline cache was not being used. * fix (cd): push the build image and the cache separately The inline cache exporter only supports `min` cache mode. To enable `max` cache mode, push the image and the cache separately by using the registry cache exporter. This also allows for smaller release images. * fix (cd): remove unused GHA cache We're leveraging the registry to cache the actions, instead of using the 10GB limits from Github Actions cache storage * refactor (cd): use cargo-chef for caching rust deps * fix (release): use newer debian to reduce vulnerabilities * fix (cd): use same zone, region and service accounts * fix (cd): use same disk size and type for all deployments * refactor (cd): activate interactive shells Use interactive shells for manual and test deployments. This allow greater flexibility if troubleshooting is needed inside the machines * fix (docker): do not build with different settings Compiling might be slow because different steps are compiling the same code 2-4 times because of the variations * fix(cd): use Mainnet instead of mainnet * fix(docker): remove tests as a runtime dependency * fix(cd): use default service account with cloud-platform scope * fix(cd): keep compatibility with gcr.io To prevent conflicts between registries, and migrate when the time is right, we'll keep pushing to both registries and use github actions cache to prevent conflicts between artifacts. * fix(docker): do not download zcash params twice * feat(docker): add google OS Config agent Use a separate step to have better flexibility in case a better approach is available * fix(docker): allow to use zebrad as a command * feat: add an image to inherit from with zcash params * refactor(docker): use cached zcash params from previous build * imp(cd): add double safety measure for production
2022-02-08 16:50:13 -08:00
inputs:
network:
default: 'Mainnet'
style(ci): lint and standardize the actions structure (#3940) * style(ci): comply with https://json.schemastore.org/github-workflow.json Some substituions were harder to make as files were not standardized * fix(mergify): use correct name for macos * style(actions): revert to single quotes * style: lint dependabot and mergify conf files * style: remove conditions with missing context * imp(lint): automate GH Actions linting * fix(lint): some actions need to be triggered by PR event * fix(lint): consider all workflow YAMLs * Use the same paths in the patch file * revert: keep condition as is * add TODO * fix: add missing checkpoint_sync input Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2022-04-11 22:06:37 -07:00
description: 'Network to deploy: Mainnet or Testnet'
required: true
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
log_file:
description: 'Log to a file path rather than standard output'
no_cache:
description: 'Disable the Docker cache for this build'
required: false
type: boolean
default: false
Turn off the project workflow, reorg some CI jobs (#451) * Remove 'assign to project' workflow Doesn't work with external PRs. * Reorg CI jobs a bit * Also upgrade gcloud sdk to version 295.0.0
2020-06-08 18:03:51 -07:00
push:
Scope deploys to main, gcloud branches; shorten initial delay
2020-06-18 23:14:10 -07:00
branches:
- main
ci(build): deploy long running node instances on release (#4939) * feat(build): deploy long running instances on release Previous behavior: Each time we merged to main new nodes would be deployed, this is an expected behavior as we need to ensure nodes get deployed and run without issues, but this could also replace nodes very hastily. Expected behavior: We want instances which would run for a longer time, to allow us to troubleshoot issues or inspect the behavior of this instances for longer periods of time (2+ weeks) Applied solution: Deploy a versioned manage instance group (MiG) using the major version of the release semver. We just use the first part of the version to replace old instances, and change it when a major version is released to keep a segregation between new and old versions. * ci(build): allow v0 as a major version tag * fix(build): use rust conventions for versioning * fix(deploy): improve documentation and trigger on release * Update .github/workflows/continous-delivery.yml Co-authored-by: teor <teor@riseup.net> * fix(versioning): typo * fix(deploy): use `zebrad-v1` as the instance name, with no SHA * fix(deploy): create and update MiG must use the same name * docs(deployments): add Continuous Delivery process Co-authored-by: teor <teor@riseup.net> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2022-08-28 05:46:21 -07:00
release:
types:
- published
Turn off the project workflow, reorg some CI jobs (#451) * Remove 'assign to project' workflow Doesn't work with external PRs. * Reorg CI jobs a bit * Also upgrade gcloud sdk to version 295.0.0
2020-06-08 18:03:51 -07:00
jobs:
ci(build): deploy long running node instances on release (#4939) * feat(build): deploy long running instances on release Previous behavior: Each time we merged to main new nodes would be deployed, this is an expected behavior as we need to ensure nodes get deployed and run without issues, but this could also replace nodes very hastily. Expected behavior: We want instances which would run for a longer time, to allow us to troubleshoot issues or inspect the behavior of this instances for longer periods of time (2+ weeks) Applied solution: Deploy a versioned manage instance group (MiG) using the major version of the release semver. We just use the first part of the version to replace old instances, and change it when a major version is released to keep a segregation between new and old versions. * ci(build): allow v0 as a major version tag * fix(build): use rust conventions for versioning * fix(deploy): improve documentation and trigger on release * Update .github/workflows/continous-delivery.yml Co-authored-by: teor <teor@riseup.net> * fix(versioning): typo * fix(deploy): use `zebrad-v1` as the instance name, with no SHA * fix(deploy): create and update MiG must use the same name * docs(deployments): add Continuous Delivery process Co-authored-by: teor <teor@riseup.net> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2022-08-28 05:46:21 -07:00
# If a release was made we want to extract the first part of the semver from the
# tag_name
#
# Generate the following output to pass to subsequent jobs
# - If our semver is `v1.3.0` the resulting output from this job would be `v1`
#
# Note: We just use the first part of the version to replace old instances, and change
fix(ci): Fix network parameter in continous-delivery.yml, and add network labels to GCP jobs (#5710) * chore: add Network as a label * Fix network parameter in continous-delivery.yml * Standardise network usage in zcashd-manual-deploy * Use lowercase network labels * Fix some shellcheck errors * Hard-code a Mainnet default to support contexts where env is not available * Fix string syntax * Fix more shellcheck errors * Update .github/workflows/zcashd-manual-deploy.yml Co-authored-by: Gustavo Valverde <gustavo@iterativo.do> Co-authored-by: Arya <aryasolhi@gmail.com>
2022-11-25 13:11:22 -08:00
# it when a major version is released, to keep a segregation between new and old
ci(build): deploy long running node instances on release (#4939) * feat(build): deploy long running instances on release Previous behavior: Each time we merged to main new nodes would be deployed, this is an expected behavior as we need to ensure nodes get deployed and run without issues, but this could also replace nodes very hastily. Expected behavior: We want instances which would run for a longer time, to allow us to troubleshoot issues or inspect the behavior of this instances for longer periods of time (2+ weeks) Applied solution: Deploy a versioned manage instance group (MiG) using the major version of the release semver. We just use the first part of the version to replace old instances, and change it when a major version is released to keep a segregation between new and old versions. * ci(build): allow v0 as a major version tag * fix(build): use rust conventions for versioning * fix(deploy): improve documentation and trigger on release * Update .github/workflows/continous-delivery.yml Co-authored-by: teor <teor@riseup.net> * fix(versioning): typo * fix(deploy): use `zebrad-v1` as the instance name, with no SHA * fix(deploy): create and update MiG must use the same name * docs(deployments): add Continuous Delivery process Co-authored-by: teor <teor@riseup.net> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2022-08-28 05:46:21 -07:00
# versions.
versioning:
name: Versioning
runs-on: ubuntu-latest
outputs:
major_version: ${{ steps.set.outputs.major_version }}
ci(deploy): do not run `versioning` job when pushing to `main` (#4970) Previous behavior: When a push was detected in the `main` branch, the workflow would run the `versioning` job and crash trying to detect the version being deployed as there was none. Expected behavior: Do not fail the `versioning` job when pushing to `main` Solution: Limit the `versioning` job to only run when a release event is triggered and allow the `deploy-nodes` job to run even if `versioning` is skipped
2022-08-28 16:56:58 -07:00
if: ${{ github.event_name == 'release' }}
ci(build): deploy long running node instances on release (#4939) * feat(build): deploy long running instances on release Previous behavior: Each time we merged to main new nodes would be deployed, this is an expected behavior as we need to ensure nodes get deployed and run without issues, but this could also replace nodes very hastily. Expected behavior: We want instances which would run for a longer time, to allow us to troubleshoot issues or inspect the behavior of this instances for longer periods of time (2+ weeks) Applied solution: Deploy a versioned manage instance group (MiG) using the major version of the release semver. We just use the first part of the version to replace old instances, and change it when a major version is released to keep a segregation between new and old versions. * ci(build): allow v0 as a major version tag * fix(build): use rust conventions for versioning * fix(deploy): improve documentation and trigger on release * Update .github/workflows/continous-delivery.yml Co-authored-by: teor <teor@riseup.net> * fix(versioning): typo * fix(deploy): use `zebrad-v1` as the instance name, with no SHA * fix(deploy): create and update MiG must use the same name * docs(deployments): add Continuous Delivery process Co-authored-by: teor <teor@riseup.net> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2022-08-28 05:46:21 -07:00
steps:
- name: Getting Zebrad Version
id: get
build(deps): bump actions/github-script from 6.4.0 to 6.4.1 (#6468) Bumps [actions/github-script](https://github.com/actions/github-script) from 6.4.0 to 6.4.1. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v6.4.0...v6.4.1) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-10 23:12:21 -07:00
uses: actions/github-script@v6.4.1
ci(build): deploy long running node instances on release (#4939) * feat(build): deploy long running instances on release Previous behavior: Each time we merged to main new nodes would be deployed, this is an expected behavior as we need to ensure nodes get deployed and run without issues, but this could also replace nodes very hastily. Expected behavior: We want instances which would run for a longer time, to allow us to troubleshoot issues or inspect the behavior of this instances for longer periods of time (2+ weeks) Applied solution: Deploy a versioned manage instance group (MiG) using the major version of the release semver. We just use the first part of the version to replace old instances, and change it when a major version is released to keep a segregation between new and old versions. * ci(build): allow v0 as a major version tag * fix(build): use rust conventions for versioning * fix(deploy): improve documentation and trigger on release * Update .github/workflows/continous-delivery.yml Co-authored-by: teor <teor@riseup.net> * fix(versioning): typo * fix(deploy): use `zebrad-v1` as the instance name, with no SHA * fix(deploy): create and update MiG must use the same name * docs(deployments): add Continuous Delivery process Co-authored-by: teor <teor@riseup.net> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2022-08-28 05:46:21 -07:00
with:
result-encoding: string
script: |
return context.payload.release.tag_name.substring(0,2)
- name: Setting API Version
id: set
chore(actions): use newer method to set an output parameter (#6039) * chore(actions): use newer method to set an output parameter The set-output command is deprecated and will be disabled soon. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ * fix(actions): wrong substitution
2023-01-31 12:40:05 -08:00
run: echo "major_version=${{ steps.get.outputs.result }}" >> "$GITHUB_OUTPUT"
ci(build): deploy long running node instances on release (#4939) * feat(build): deploy long running instances on release Previous behavior: Each time we merged to main new nodes would be deployed, this is an expected behavior as we need to ensure nodes get deployed and run without issues, but this could also replace nodes very hastily. Expected behavior: We want instances which would run for a longer time, to allow us to troubleshoot issues or inspect the behavior of this instances for longer periods of time (2+ weeks) Applied solution: Deploy a versioned manage instance group (MiG) using the major version of the release semver. We just use the first part of the version to replace old instances, and change it when a major version is released to keep a segregation between new and old versions. * ci(build): allow v0 as a major version tag * fix(build): use rust conventions for versioning * fix(deploy): improve documentation and trigger on release * Update .github/workflows/continous-delivery.yml Co-authored-by: teor <teor@riseup.net> * fix(versioning): typo * fix(deploy): use `zebrad-v1` as the instance name, with no SHA * fix(deploy): create and update MiG must use the same name * docs(deployments): add Continuous Delivery process Co-authored-by: teor <teor@riseup.net> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2022-08-28 05:46:21 -07:00
# Each time this workflow is executed, a build will be triggered to create a new image
# with the corresponding tags using information from Git
#
# The image will be commonly named `zebrad:<short-hash | github-ref | semver>`
Turn off the project workflow, reorg some CI jobs (#451) * Remove 'assign to project' workflow Doesn't work with external PRs. * Reorg CI jobs a bit * Also upgrade gcloud sdk to version 295.0.0
2020-06-08 18:03:51 -07:00
build:
fix(ci): Run required jobs on dependent PRs (#5550) * Run CI jobs on dependent PRs * Change job names to be unique * Fix outdated workflow name Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2022-11-06 17:59:32 -08:00
name: Build CD Docker
refactor(actions): rename workflow files (#3941) * refactor(actions): rename workflow files * refactor(worflows): change files according new approach
2022-05-09 12:54:16 -07:00
uses: ./.github/workflows/build-docker-image.yml
feat(ci)!: implement reusable workflows for image building (#4173) * refactor(ci): test building in a separate workflow * force a change * force a change * fix(ci): send the correct variables to the reusable build * fix(ci): variables are not allowed * fix(ci): conditions are not allowed as input * fix(ci): use expected value * refactor(build): simplify the use of other dockerfiles * fix(cd): depend on docker build yml * fix(cd): use main branch as image name * imp(actions): remove uneeded variable repetition * imp(build): remove unused variables * imp(actions): rename the image building workflow Not all images are for zebra execution as we also have one for zcash-params * fix(ci): add dependable workflow in paths filters * docs(ci): remove TODO as this won't be needed at least an issue arises * docs(ci): CARGO_INCREMENTAL can decrease build time when running from a cache * fix: revert forced changes * fix(build): remove unused build inputs in zcash-params * imp(cd): as this is the production image, use the executable name * imp(ci): reduce log level to improve speed Co-authored-by: teor <teor@riseup.net> * imp(ci): use the correct name for the workflow Co-authored-by: teor <teor@riseup.net> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> Co-authored-by: teor <teor@riseup.net>
2022-04-28 01:13:35 -07:00
with:
dockerfile_path: ./docker/Dockerfile
dockerfile_target: runtime
image_name: zebrad
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
no_cache: ${{ inputs.no_cache || false }}
# We hard-code Mainnet here, because the config is modified before running zebrad
network: 'Mainnet'
feat(ci)!: implement reusable workflows for image building (#4173) * refactor(ci): test building in a separate workflow * force a change * force a change * fix(ci): send the correct variables to the reusable build * fix(ci): variables are not allowed * fix(ci): conditions are not allowed as input * fix(ci): use expected value * refactor(build): simplify the use of other dockerfiles * fix(cd): depend on docker build yml * fix(cd): use main branch as image name * imp(actions): remove uneeded variable repetition * imp(build): remove unused variables * imp(actions): rename the image building workflow Not all images are for zebra execution as we also have one for zcash-params * fix(ci): add dependable workflow in paths filters * docs(ci): remove TODO as this won't be needed at least an issue arises * docs(ci): CARGO_INCREMENTAL can decrease build time when running from a cache * fix: revert forced changes * fix(build): remove unused build inputs in zcash-params * imp(cd): as this is the production image, use the executable name * imp(ci): reduce log level to improve speed Co-authored-by: teor <teor@riseup.net> * imp(ci): use the correct name for the workflow Co-authored-by: teor <teor@riseup.net> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> Co-authored-by: teor <teor@riseup.net>
2022-04-28 01:13:35 -07:00
rust_backtrace: '1'
zebra_skip_ipv6_tests: '1'
rust_log: info
refactor(cd): improve Docker and gcloud usage without Cloud Build (#3431) * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): use newer google auth action * fix (cd): use newer secret as gcp credential * fix (docker): do not create extra directories * fix (docker): ignore .github for caching purposes * fix (docker): use latest rust * fix: use a better name for manual deployment * refactor (docker): use standard directories for executable * fix (cd): most systems expect a "latest" tag Caching from the latest image is one of the main reasons to add this extra tag. Before this commit, the inline cache was not being used. * fix (cd): push the build image and the cache separately The inline cache exporter only supports `min` cache mode. To enable `max` cache mode, push the image and the cache separately by using the registry cache exporter. This also allows for smaller release images. * fix (cd): remove unused GHA cache We're leveraging the registry to cache the actions, instead of using the 10GB limits from Github Actions cache storage * refactor (cd): use cargo-chef for caching rust deps * fix (release): use newer debian to reduce vulnerabilities * fix (cd): use same zone, region and service accounts * fix (cd): use same disk size and type for all deployments * refactor (cd): activate interactive shells Use interactive shells for manual and test deployments. This allow greater flexibility if troubleshooting is needed inside the machines * fix (docker): do not build with different settings Compiling might be slow because different steps are compiling the same code 2-4 times because of the variations * fix(cd): use Mainnet instead of mainnet * fix(docker): remove tests as a runtime dependency * fix(cd): use default service account with cloud-platform scope * fix(cd): keep compatibility with gcr.io To prevent conflicts between registries, and migrate when the time is right, we'll keep pushing to both registries and use github actions cache to prevent conflicts between artifacts. * fix(docker): do not download zcash params twice * feat(docker): add google OS Config agent Use a separate step to have better flexibility in case a better approach is available * fix(docker): allow to use zebrad as a command * feat: add an image to inherit from with zcash params * refactor(docker): use cached zcash params from previous build * imp(cd): add double safety measure for production
2022-02-08 16:50:13 -08:00
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
# Test that Zebra works using the default config with the latest Zebra version,
# and test reconfiguring the docker image for testnet.
ci: add a test to check that the Docker image config works (#5968) * ci: add a test to validate Zebra's config file and path * fix: use `ZEBRA_CONF_PATH` as single variable locating the conf * fix: do not remove the containers * fix: use extended regex * fix: use different steps to validate the conf tests * fix: do not specify a default CMD for running Docker in test builds * fix: use actual starting commands for entrypoint * fix: do not add cargo twice if cargo is in $1 * fix: allow to run `zebrad` in the `tests` stage of Dockerfile * fix: new entrypoint does not allow an empty CMD * fix: do not duplicate the `zebrad` command * fix: segregate configuration jobs * refactor(entrypoint): handle better parameters conditions * fix: make `zebrad` an executable command in `tests` stage * Show the commands that are being executed in the new docker test * Show full logs without tee or grep * Apply suggestions from code review Co-authored-by: teor <teor@riseup.net> * fix: use the actual path inside docker * fix: use `grep` with exit code If the container is logging to stderr, piping works only for stdout, so we're adding `2>&1` * fix: use `grep -q` to get an exit code * fix: fail if any error is detected * fix: fail if this test takes more than 5 minutes * fix: update patch workflows * feat: test Dockerfile `runtime` config * fix: depend on the configuration test to continue Co-authored-by: teor <teor@riseup.net>
2023-01-22 22:41:59 -08:00
test-configuration-file:
name: Test Zebra default Docker config file
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
timeout-minutes: 15
ci: add a test to check that the Docker image config works (#5968) * ci: add a test to validate Zebra's config file and path * fix: use `ZEBRA_CONF_PATH` as single variable locating the conf * fix: do not remove the containers * fix: use extended regex * fix: use different steps to validate the conf tests * fix: do not specify a default CMD for running Docker in test builds * fix: use actual starting commands for entrypoint * fix: do not add cargo twice if cargo is in $1 * fix: allow to run `zebrad` in the `tests` stage of Dockerfile * fix: new entrypoint does not allow an empty CMD * fix: do not duplicate the `zebrad` command * fix: segregate configuration jobs * refactor(entrypoint): handle better parameters conditions * fix: make `zebrad` an executable command in `tests` stage * Show the commands that are being executed in the new docker test * Show full logs without tee or grep * Apply suggestions from code review Co-authored-by: teor <teor@riseup.net> * fix: use the actual path inside docker * fix: use `grep` with exit code If the container is logging to stderr, piping works only for stdout, so we're adding `2>&1` * fix: use `grep -q` to get an exit code * fix: fail if any error is detected * fix: fail if this test takes more than 5 minutes * fix: update patch workflows * feat: test Dockerfile `runtime` config * fix: depend on the configuration test to continue Co-authored-by: teor <teor@riseup.net>
2023-01-22 22:41:59 -08:00
runs-on: ubuntu-latest
needs: build
steps:
change(ci): Turn CI errors into PR annotations for most CI jobs (#6690) * Turn CI errors into PR annotations for most jobs * Fix a missing step name
2023-05-18 09:44:39 -07:00
- uses: r7kamura/rust-problem-matchers@v1.3.0
ci: add a test to check that the Docker image config works (#5968) * ci: add a test to validate Zebra's config file and path * fix: use `ZEBRA_CONF_PATH` as single variable locating the conf * fix: do not remove the containers * fix: use extended regex * fix: use different steps to validate the conf tests * fix: do not specify a default CMD for running Docker in test builds * fix: use actual starting commands for entrypoint * fix: do not add cargo twice if cargo is in $1 * fix: allow to run `zebrad` in the `tests` stage of Dockerfile * fix: new entrypoint does not allow an empty CMD * fix: do not duplicate the `zebrad` command * fix: segregate configuration jobs * refactor(entrypoint): handle better parameters conditions * fix: make `zebrad` an executable command in `tests` stage * Show the commands that are being executed in the new docker test * Show full logs without tee or grep * Apply suggestions from code review Co-authored-by: teor <teor@riseup.net> * fix: use the actual path inside docker * fix: use `grep` with exit code If the container is logging to stderr, piping works only for stdout, so we're adding `2>&1` * fix: use `grep -q` to get an exit code * fix: fail if any error is detected * fix: fail if this test takes more than 5 minutes * fix: update patch workflows * feat: test Dockerfile `runtime` config * fix: depend on the configuration test to continue Co-authored-by: teor <teor@riseup.net>
2023-01-22 22:41:59 -08:00
- name: Inject slug/short variables
uses: rlespinasse/github-slug-action@v4
with:
short-length: 7
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
# Make sure Zebra can sync at least one full checkpoint on mainnet
ci: add a test to check that the Docker image config works (#5968) * ci: add a test to validate Zebra's config file and path * fix: use `ZEBRA_CONF_PATH` as single variable locating the conf * fix: do not remove the containers * fix: use extended regex * fix: use different steps to validate the conf tests * fix: do not specify a default CMD for running Docker in test builds * fix: use actual starting commands for entrypoint * fix: do not add cargo twice if cargo is in $1 * fix: allow to run `zebrad` in the `tests` stage of Dockerfile * fix: new entrypoint does not allow an empty CMD * fix: do not duplicate the `zebrad` command * fix: segregate configuration jobs * refactor(entrypoint): handle better parameters conditions * fix: make `zebrad` an executable command in `tests` stage * Show the commands that are being executed in the new docker test * Show full logs without tee or grep * Apply suggestions from code review Co-authored-by: teor <teor@riseup.net> * fix: use the actual path inside docker * fix: use `grep` with exit code If the container is logging to stderr, piping works only for stdout, so we're adding `2>&1` * fix: use `grep -q` to get an exit code * fix: fail if any error is detected * fix: fail if this test takes more than 5 minutes * fix: update patch workflows * feat: test Dockerfile `runtime` config * fix: depend on the configuration test to continue Co-authored-by: teor <teor@riseup.net>
2023-01-22 22:41:59 -08:00
- name: Run tests using the default config
run: |
set -ex
refactor(ci): use GitHub variables for non-sensitive info (#6357) * refactor(ci): use GitHub secrets and variables We've been using values that are variable across multiple workflows, and those can only be changed if modifying the workflows, but we should be able to change the values without committing new changes in the code for this purpose we're now using GitHub Variables, and even moving non-sensitive information into variables instead of secrets. Allowing more flexibility and other scenarios that should be easier to manage, like deploying to Mainnet or Testnet. * refactor(ci): use new GitHub variables for GCP auth * fix(ci): typo * fix(ci): do not use multiple variables for the same value * fix(ci): typo in variable * fix(vars): use different variables for machine types * fix(vars): missing substitution * fix: typo * fix: make the input CI network override the default network * Use the correct network variable for creating disks --------- Co-authored-by: teor <teor@riseup.net>
2023-04-12 23:56:21 -07:00
docker pull ${{ vars.GAR_BASE }}/zebrad@${{ needs.build.outputs.image_digest }}
docker run --detach --name default-conf-tests -t ${{ vars.GAR_BASE }}/zebrad@${{ needs.build.outputs.image_digest }}
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
# show the logs, even if the job times out
docker logs --tail all --follow default-conf-tests | \
tee --output-error=exit /dev/stderr | \
grep --max-count=1 --extended-regexp --color=always \
'net.*=.*Main.*estimated progress to chain tip.*BeforeOverwinter'
ci: add a test to check that the Docker image config works (#5968) * ci: add a test to validate Zebra's config file and path * fix: use `ZEBRA_CONF_PATH` as single variable locating the conf * fix: do not remove the containers * fix: use extended regex * fix: use different steps to validate the conf tests * fix: do not specify a default CMD for running Docker in test builds * fix: use actual starting commands for entrypoint * fix: do not add cargo twice if cargo is in $1 * fix: allow to run `zebrad` in the `tests` stage of Dockerfile * fix: new entrypoint does not allow an empty CMD * fix: do not duplicate the `zebrad` command * fix: segregate configuration jobs * refactor(entrypoint): handle better parameters conditions * fix: make `zebrad` an executable command in `tests` stage * Show the commands that are being executed in the new docker test * Show full logs without tee or grep * Apply suggestions from code review Co-authored-by: teor <teor@riseup.net> * fix: use the actual path inside docker * fix: use `grep` with exit code If the container is logging to stderr, piping works only for stdout, so we're adding `2>&1` * fix: use `grep -q` to get an exit code * fix: fail if any error is detected * fix: fail if this test takes more than 5 minutes * fix: update patch workflows * feat: test Dockerfile `runtime` config * fix: depend on the configuration test to continue Co-authored-by: teor <teor@riseup.net>
2023-01-22 22:41:59 -08:00
docker stop default-conf-tests
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
# get the exit status from docker
EXIT_STATUS=$( \
docker wait default-conf-tests || \
docker inspect --format "{{.State.ExitCode}}" default-conf-tests || \
echo "missing container, or missing exit status for container" \
)
ci: add a test to check that the Docker image config works (#5968) * ci: add a test to validate Zebra's config file and path * fix: use `ZEBRA_CONF_PATH` as single variable locating the conf * fix: do not remove the containers * fix: use extended regex * fix: use different steps to validate the conf tests * fix: do not specify a default CMD for running Docker in test builds * fix: use actual starting commands for entrypoint * fix: do not add cargo twice if cargo is in $1 * fix: allow to run `zebrad` in the `tests` stage of Dockerfile * fix: new entrypoint does not allow an empty CMD * fix: do not duplicate the `zebrad` command * fix: segregate configuration jobs * refactor(entrypoint): handle better parameters conditions * fix: make `zebrad` an executable command in `tests` stage * Show the commands that are being executed in the new docker test * Show full logs without tee or grep * Apply suggestions from code review Co-authored-by: teor <teor@riseup.net> * fix: use the actual path inside docker * fix: use `grep` with exit code If the container is logging to stderr, piping works only for stdout, so we're adding `2>&1` * fix: use `grep -q` to get an exit code * fix: fail if any error is detected * fix: fail if this test takes more than 5 minutes * fix: update patch workflows * feat: test Dockerfile `runtime` config * fix: depend on the configuration test to continue Co-authored-by: teor <teor@riseup.net>
2023-01-22 22:41:59 -08:00
docker logs default-conf-tests
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
echo "docker exit status: $EXIT_STATUS"
if [[ "$EXIT_STATUS" = "137" ]]; then
echo "ignoring expected signal status"
exit 0
fi
ci: add a test to check that the Docker image config works (#5968) * ci: add a test to validate Zebra's config file and path * fix: use `ZEBRA_CONF_PATH` as single variable locating the conf * fix: do not remove the containers * fix: use extended regex * fix: use different steps to validate the conf tests * fix: do not specify a default CMD for running Docker in test builds * fix: use actual starting commands for entrypoint * fix: do not add cargo twice if cargo is in $1 * fix: allow to run `zebrad` in the `tests` stage of Dockerfile * fix: new entrypoint does not allow an empty CMD * fix: do not duplicate the `zebrad` command * fix: segregate configuration jobs * refactor(entrypoint): handle better parameters conditions * fix: make `zebrad` an executable command in `tests` stage * Show the commands that are being executed in the new docker test * Show full logs without tee or grep * Apply suggestions from code review Co-authored-by: teor <teor@riseup.net> * fix: use the actual path inside docker * fix: use `grep` with exit code If the container is logging to stderr, piping works only for stdout, so we're adding `2>&1` * fix: use `grep -q` to get an exit code * fix: fail if any error is detected * fix: fail if this test takes more than 5 minutes * fix: update patch workflows * feat: test Dockerfile `runtime` config * fix: depend on the configuration test to continue Co-authored-by: teor <teor@riseup.net>
2023-01-22 22:41:59 -08:00
exit "$EXIT_STATUS"
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
# Make sure Zebra can sync the genesis block on testnet
- name: Run tests using a testnet config
run: |
set -ex
docker pull ${{ vars.GAR_BASE }}/zebrad@${{ needs.build.outputs.image_digest }}
docker run --env "NETWORK=Testnet" --detach --name testnet-conf-tests -t ${{ vars.GAR_BASE }}/zebrad@${{ needs.build.outputs.image_digest }}
# show the logs, even if the job times out
docker logs --tail all --follow testnet-conf-tests | \
tee --output-error=exit /dev/stderr | \
grep --max-count=1 --extended-regexp --color=always \
'net.*=.*Test.*estimated progress to chain tip.*Genesis'
docker stop testnet-conf-tests
# get the exit status from docker
EXIT_STATUS=$( \
docker wait testnet-conf-tests || \
docker inspect --format "{{.State.ExitCode}}" testnet-conf-tests || \
echo "missing container, or missing exit status for container" \
)
docker logs testnet-conf-tests
echo "docker exit status: $EXIT_STATUS"
if [[ "$EXIT_STATUS" = "137" ]]; then
echo "ignoring expected signal status"
exit 0
fi
exit "$EXIT_STATUS"
# Deploy Managed Instance Groups (MiGs) for Mainnet and Testnet,
# with one node in the configured GCP region.
ci(build): deploy long running node instances on release (#4939) * feat(build): deploy long running instances on release Previous behavior: Each time we merged to main new nodes would be deployed, this is an expected behavior as we need to ensure nodes get deployed and run without issues, but this could also replace nodes very hastily. Expected behavior: We want instances which would run for a longer time, to allow us to troubleshoot issues or inspect the behavior of this instances for longer periods of time (2+ weeks) Applied solution: Deploy a versioned manage instance group (MiG) using the major version of the release semver. We just use the first part of the version to replace old instances, and change it when a major version is released to keep a segregation between new and old versions. * ci(build): allow v0 as a major version tag * fix(build): use rust conventions for versioning * fix(deploy): improve documentation and trigger on release * Update .github/workflows/continous-delivery.yml Co-authored-by: teor <teor@riseup.net> * fix(versioning): typo * fix(deploy): use `zebrad-v1` as the instance name, with no SHA * fix(deploy): create and update MiG must use the same name * docs(deployments): add Continuous Delivery process Co-authored-by: teor <teor@riseup.net> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2022-08-28 05:46:21 -07:00
#
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
# Separate Mainnet and Testnet MiGs are deployed whenever there are:
# - pushes to the main branch, or
# - version releases of Zebra.
#
# Once this workflow is triggered:
# - by pushes to main: the MiG is always replaced,
# - by releases: the MiG is only replaced if the same major version is being deployed,
# otherwise a new major version is deployed in a new MiG.
ci(build): deploy long running node instances on release (#4939) * feat(build): deploy long running instances on release Previous behavior: Each time we merged to main new nodes would be deployed, this is an expected behavior as we need to ensure nodes get deployed and run without issues, but this could also replace nodes very hastily. Expected behavior: We want instances which would run for a longer time, to allow us to troubleshoot issues or inspect the behavior of this instances for longer periods of time (2+ weeks) Applied solution: Deploy a versioned manage instance group (MiG) using the major version of the release semver. We just use the first part of the version to replace old instances, and change it when a major version is released to keep a segregation between new and old versions. * ci(build): allow v0 as a major version tag * fix(build): use rust conventions for versioning * fix(deploy): improve documentation and trigger on release * Update .github/workflows/continous-delivery.yml Co-authored-by: teor <teor@riseup.net> * fix(versioning): typo * fix(deploy): use `zebrad-v1` as the instance name, with no SHA * fix(deploy): create and update MiG must use the same name * docs(deployments): add Continuous Delivery process Co-authored-by: teor <teor@riseup.net> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2022-08-28 05:46:21 -07:00
#
# Runs:
# - on every push/merge to the `main` branch
# - on every release, when it's published
refactor(cd): improve Docker and gcloud usage without Cloud Build (#3431) * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): use newer google auth action * fix (cd): use newer secret as gcp credential * fix (docker): do not create extra directories * fix (docker): ignore .github for caching purposes * fix (docker): use latest rust * fix: use a better name for manual deployment * refactor (docker): use standard directories for executable * fix (cd): most systems expect a "latest" tag Caching from the latest image is one of the main reasons to add this extra tag. Before this commit, the inline cache was not being used. * fix (cd): push the build image and the cache separately The inline cache exporter only supports `min` cache mode. To enable `max` cache mode, push the image and the cache separately by using the registry cache exporter. This also allows for smaller release images. * fix (cd): remove unused GHA cache We're leveraging the registry to cache the actions, instead of using the 10GB limits from Github Actions cache storage * refactor (cd): use cargo-chef for caching rust deps * fix (release): use newer debian to reduce vulnerabilities * fix (cd): use same zone, region and service accounts * fix (cd): use same disk size and type for all deployments * refactor (cd): activate interactive shells Use interactive shells for manual and test deployments. This allow greater flexibility if troubleshooting is needed inside the machines * fix (docker): do not build with different settings Compiling might be slow because different steps are compiling the same code 2-4 times because of the variations * fix(cd): use Mainnet instead of mainnet * fix(docker): remove tests as a runtime dependency * fix(cd): use default service account with cloud-platform scope * fix(cd): keep compatibility with gcr.io To prevent conflicts between registries, and migrate when the time is right, we'll keep pushing to both registries and use github actions cache to prevent conflicts between artifacts. * fix(docker): do not download zcash params twice * feat(docker): add google OS Config agent Use a separate step to have better flexibility in case a better approach is available * fix(docker): allow to use zebrad as a command * feat: add an image to inherit from with zcash params * refactor(docker): use cached zcash params from previous build * imp(cd): add double safety measure for production
2022-02-08 16:50:13 -08:00
deploy-nodes:
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
strategy:
matrix:
network: [Mainnet, Testnet]
name: Deploy ${{ matrix.network }} nodes
ci: add a test to check that the Docker image config works (#5968) * ci: add a test to validate Zebra's config file and path * fix: use `ZEBRA_CONF_PATH` as single variable locating the conf * fix: do not remove the containers * fix: use extended regex * fix: use different steps to validate the conf tests * fix: do not specify a default CMD for running Docker in test builds * fix: use actual starting commands for entrypoint * fix: do not add cargo twice if cargo is in $1 * fix: allow to run `zebrad` in the `tests` stage of Dockerfile * fix: new entrypoint does not allow an empty CMD * fix: do not duplicate the `zebrad` command * fix: segregate configuration jobs * refactor(entrypoint): handle better parameters conditions * fix: make `zebrad` an executable command in `tests` stage * Show the commands that are being executed in the new docker test * Show full logs without tee or grep * Apply suggestions from code review Co-authored-by: teor <teor@riseup.net> * fix: use the actual path inside docker * fix: use `grep` with exit code If the container is logging to stderr, piping works only for stdout, so we're adding `2>&1` * fix: use `grep -q` to get an exit code * fix: fail if any error is detected * fix: fail if this test takes more than 5 minutes * fix: update patch workflows * feat: test Dockerfile `runtime` config * fix: depend on the configuration test to continue Co-authored-by: teor <teor@riseup.net>
2023-01-22 22:41:59 -08:00
needs: [ build, test-configuration-file, versioning ]
Run acceptance tests post-merge with large cached state (#1282) * Create and mount persistent disk to store zebrad state, update runner container config to use * Enable checkpoint sync in zebrad image config * Lower state memory cache from 500MB to 50MB * Upgrade host to n2-standard-4 * Bump zebrad-cache disk size to 100GB * Copy zebrad as the tests are compiled with a hardcoded path to it * Rename all debug binaries for easy invocation * Name state cache disk, use the correct path to binaries * Create volume and all that jazz on instance creation Otherwise there's a lot of on-instance commands to do that is just handled by this shortcut. * Explicitly mount the state cache and cleanup test instance * Wait for zebra-test container to start then attach * Always clean up even if the tests step fails * Keep fast sleep but only print 'waiting' once
2020-11-12 12:18:35 -08:00
runs-on: ubuntu-latest
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
timeout-minutes: 60
refactor(ci): use improved OIDC for gcloud authentication (#3885) * refactor(ci): use improved OIDC authentication * fix(ci): standardize OIDC on all required jobs * fix: wrong indentation * fix(ci): remove non existing depency in clean job
2022-03-18 14:25:35 -07:00
permissions:
contents: 'read'
id-token: 'write'
ci(deploy): do not run `versioning` job when pushing to `main` (#4970) Previous behavior: When a push was detected in the `main` branch, the workflow would run the `versioning` job and crash trying to detect the version being deployed as there was none. Expected behavior: Do not fail the `versioning` job when pushing to `main` Solution: Limit the `versioning` job to only run when a release event is triggered and allow the `deploy-nodes` job to run even if `versioning` is skipped
2022-08-28 16:56:58 -07:00
if: ${{ !cancelled() && !failure() && ((github.event_name == 'push' && github.ref_name == 'main') || github.event_name == 'release') }}
refactor(cd): improve Docker and gcloud usage without Cloud Build (#3431) * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): use newer google auth action * fix (cd): use newer secret as gcp credential * fix (docker): do not create extra directories * fix (docker): ignore .github for caching purposes * fix (docker): use latest rust * fix: use a better name for manual deployment * refactor (docker): use standard directories for executable * fix (cd): most systems expect a "latest" tag Caching from the latest image is one of the main reasons to add this extra tag. Before this commit, the inline cache was not being used. * fix (cd): push the build image and the cache separately The inline cache exporter only supports `min` cache mode. To enable `max` cache mode, push the image and the cache separately by using the registry cache exporter. This also allows for smaller release images. * fix (cd): remove unused GHA cache We're leveraging the registry to cache the actions, instead of using the 10GB limits from Github Actions cache storage * refactor (cd): use cargo-chef for caching rust deps * fix (release): use newer debian to reduce vulnerabilities * fix (cd): use same zone, region and service accounts * fix (cd): use same disk size and type for all deployments * refactor (cd): activate interactive shells Use interactive shells for manual and test deployments. This allow greater flexibility if troubleshooting is needed inside the machines * fix (docker): do not build with different settings Compiling might be slow because different steps are compiling the same code 2-4 times because of the variations * fix(cd): use Mainnet instead of mainnet * fix(docker): remove tests as a runtime dependency * fix(cd): use default service account with cloud-platform scope * fix(cd): keep compatibility with gcr.io To prevent conflicts between registries, and migrate when the time is right, we'll keep pushing to both registries and use github actions cache to prevent conflicts between artifacts. * fix(docker): do not download zcash params twice * feat(docker): add google OS Config agent Use a separate step to have better flexibility in case a better approach is available * fix(docker): allow to use zebrad as a command * feat: add an image to inherit from with zcash params * refactor(docker): use cached zcash params from previous build * imp(cd): add double safety measure for production
2022-02-08 16:50:13 -08:00
Run acceptance tests post-merge with large cached state (#1282) * Create and mount persistent disk to store zebrad state, update runner container config to use * Enable checkpoint sync in zebrad image config * Lower state memory cache from 500MB to 50MB * Upgrade host to n2-standard-4 * Bump zebrad-cache disk size to 100GB * Copy zebrad as the tests are compiled with a hardcoded path to it * Rename all debug binaries for easy invocation * Name state cache disk, use the correct path to binaries * Create volume and all that jazz on instance creation Otherwise there's a lot of on-instance commands to do that is just handled by this shortcut. * Explicitly mount the state cache and cleanup test instance * Wait for zebra-test container to start then attach * Always clean up even if the tests step fails * Keep fast sleep but only print 'waiting' once
2020-11-12 12:18:35 -08:00
steps:
build(deps): bump actions/checkout from 3.5.1 to 3.5.2 (#6504) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.1 to 3.5.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.5.1...v3.5.2) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-16 16:36:01 -07:00
- uses: actions/checkout@v3.5.2
fix(ci): remove warnings caused by missing `actions/checkout` step (#5874) * fix(ci): remove warnings caused by missing `actions/checkout` * fix: typo in arguments * fix: add the whole disk name as this is a single instance * fix: add dis name to mount
2023-01-10 02:11:11 -08:00
with:
persist-credentials: false
refactor (actions): make better use of variables, secrets and versions (#3393) * style: use global variables and don't double print Remove repeated instances of global environment variables. Do not print ENV variables on the terminal as GitHub Actions already shows it. * fix (actions): Use fixed major versions for actions As actions get recurrent fixes, using a specific version causes more maintance on the pipelines. On the other hand, using @master versions could make some action unreliable, as breaking changes might be included without further notice, and even change behavior on a daily basis. * refactor: make better use of ENV variables A whole step with refex was being used to extract different variables from GitHub's environment. This gets depecrated in favor of using `rlespinasse/github-slug-action@v4` which has slug URL variables. A SLUG on a variable will: - put the variable content in lower case - replace any character by - except 0-9, a-z, ., and _ - remove leading and trailing - character - limit the string size to 63 characters This changes also takes care of using the Head or Base branch for deployments. This will allow us tomerge of workflows, as most steps on this deployment actions are very similar, with little variations between workflows. * fix (actions): use secrets for sensitive information * revert: use specific versions for dependabot Reverting commit 8c934099028e0651e464678c096d8d3815efe95c
2022-01-26 17:46:18 -08:00
- name: Inject slug/short variables
uses: rlespinasse/github-slug-action@v4
fix(actions): use a specific shortening length for SHAs (#3929) * fix(actions): use a specific shortening length for SHAs The rlespinasse/github-slug-action now works without checking out the code, reduce time and improving security with following actions. This requires to specify the GITHUB_SHA_SHORT variable length, as git uses 8 by default, but docker uses 7 by default. * fix(actions): target correct rlespinasse/github-slug-action version * fix(actions): just use major version * fix(actions): github-slug-action is not being correctly referenced
2022-03-21 16:07:01 -07:00
with:
short-length: 7
Run acceptance tests post-merge with large cached state (#1282) * Create and mount persistent disk to store zebrad state, update runner container config to use * Enable checkpoint sync in zebrad image config * Lower state memory cache from 500MB to 50MB * Upgrade host to n2-standard-4 * Bump zebrad-cache disk size to 100GB * Copy zebrad as the tests are compiled with a hardcoded path to it * Rename all debug binaries for easy invocation * Name state cache disk, use the correct path to binaries * Create volume and all that jazz on instance creation Otherwise there's a lot of on-instance commands to do that is just handled by this shortcut. * Explicitly mount the state cache and cleanup test instance * Wait for zebra-test container to start then attach * Always clean up even if the tests step fails * Keep fast sleep but only print 'waiting' once
2020-11-12 12:18:35 -08:00
fix(ci): Fix network parameter in continous-delivery.yml, and add network labels to GCP jobs (#5710) * chore: add Network as a label * Fix network parameter in continous-delivery.yml * Standardise network usage in zcashd-manual-deploy * Use lowercase network labels * Fix some shellcheck errors * Hard-code a Mainnet default to support contexts where env is not available * Fix string syntax * Fix more shellcheck errors * Update .github/workflows/zcashd-manual-deploy.yml Co-authored-by: Gustavo Valverde <gustavo@iterativo.do> Co-authored-by: Arya <aryasolhi@gmail.com>
2022-11-25 13:11:22 -08:00
# Makes the Zcash network name lowercase.
#
# Labels in GCP are required to be in lowercase, but the blockchain network
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
# uses sentence case, so we need to downcase the network.
fix(ci): Fix network parameter in continous-delivery.yml, and add network labels to GCP jobs (#5710) * chore: add Network as a label * Fix network parameter in continous-delivery.yml * Standardise network usage in zcashd-manual-deploy * Use lowercase network labels * Fix some shellcheck errors * Hard-code a Mainnet default to support contexts where env is not available * Fix string syntax * Fix more shellcheck errors * Update .github/workflows/zcashd-manual-deploy.yml Co-authored-by: Gustavo Valverde <gustavo@iterativo.do> Co-authored-by: Arya <aryasolhi@gmail.com>
2022-11-25 13:11:22 -08:00
#
# Passes the lowercase network to subsequent steps using $NETWORK env variable.
- name: Downcase network name for labels
run: |
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
NETWORK_CAPS="${{ matrix.network }}"
fix(ci): Fix network parameter in continous-delivery.yml, and add network labels to GCP jobs (#5710) * chore: add Network as a label * Fix network parameter in continous-delivery.yml * Standardise network usage in zcashd-manual-deploy * Use lowercase network labels * Fix some shellcheck errors * Hard-code a Mainnet default to support contexts where env is not available * Fix string syntax * Fix more shellcheck errors * Update .github/workflows/zcashd-manual-deploy.yml Co-authored-by: Gustavo Valverde <gustavo@iterativo.do> Co-authored-by: Arya <aryasolhi@gmail.com>
2022-11-25 13:11:22 -08:00
echo "NETWORK=${NETWORK_CAPS,,}" >> "$GITHUB_ENV"
Run acceptance tests post-merge with large cached state (#1282) * Create and mount persistent disk to store zebrad state, update runner container config to use * Enable checkpoint sync in zebrad image config * Lower state memory cache from 500MB to 50MB * Upgrade host to n2-standard-4 * Bump zebrad-cache disk size to 100GB * Copy zebrad as the tests are compiled with a hardcoded path to it * Rename all debug binaries for easy invocation * Name state cache disk, use the correct path to binaries * Create volume and all that jazz on instance creation Otherwise there's a lot of on-instance commands to do that is just handled by this shortcut. * Explicitly mount the state cache and cleanup test instance * Wait for zebra-test container to start then attach * Always clean up even if the tests step fails * Keep fast sleep but only print 'waiting' once
2020-11-12 12:18:35 -08:00
# Setup gcloud CLI
refactor(cd): improve Docker and gcloud usage without Cloud Build (#3431) * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): use newer google auth action * fix (cd): use newer secret as gcp credential * fix (docker): do not create extra directories * fix (docker): ignore .github for caching purposes * fix (docker): use latest rust * fix: use a better name for manual deployment * refactor (docker): use standard directories for executable * fix (cd): most systems expect a "latest" tag Caching from the latest image is one of the main reasons to add this extra tag. Before this commit, the inline cache was not being used. * fix (cd): push the build image and the cache separately The inline cache exporter only supports `min` cache mode. To enable `max` cache mode, push the image and the cache separately by using the registry cache exporter. This also allows for smaller release images. * fix (cd): remove unused GHA cache We're leveraging the registry to cache the actions, instead of using the 10GB limits from Github Actions cache storage * refactor (cd): use cargo-chef for caching rust deps * fix (release): use newer debian to reduce vulnerabilities * fix (cd): use same zone, region and service accounts * fix (cd): use same disk size and type for all deployments * refactor (cd): activate interactive shells Use interactive shells for manual and test deployments. This allow greater flexibility if troubleshooting is needed inside the machines * fix (docker): do not build with different settings Compiling might be slow because different steps are compiling the same code 2-4 times because of the variations * fix(cd): use Mainnet instead of mainnet * fix(docker): remove tests as a runtime dependency * fix(cd): use default service account with cloud-platform scope * fix(cd): keep compatibility with gcr.io To prevent conflicts between registries, and migrate when the time is right, we'll keep pushing to both registries and use github actions cache to prevent conflicts between artifacts. * fix(docker): do not download zcash params twice * feat(docker): add google OS Config agent Use a separate step to have better flexibility in case a better approach is available * fix(docker): allow to use zebrad as a command * feat: add an image to inherit from with zcash params * refactor(docker): use cached zcash params from previous build * imp(cd): add double safety measure for production
2022-02-08 16:50:13 -08:00
- name: Authenticate to Google Cloud
id: auth
build(deps): bump google-github-actions/auth from 1.1.0 to 1.1.1 (#6639) Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 1.1.0 to 1.1.1. - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](https://github.com/google-github-actions/auth/compare/v1.1.0...v1.1.1) --- updated-dependencies: - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-10 19:39:36 -07:00
uses: google-github-actions/auth@v1.1.1
refactor(cd): improve Docker and gcloud usage without Cloud Build (#3431) * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): use newer google auth action * fix (cd): use newer secret as gcp credential * fix (docker): do not create extra directories * fix (docker): ignore .github for caching purposes * fix (docker): use latest rust * fix: use a better name for manual deployment * refactor (docker): use standard directories for executable * fix (cd): most systems expect a "latest" tag Caching from the latest image is one of the main reasons to add this extra tag. Before this commit, the inline cache was not being used. * fix (cd): push the build image and the cache separately The inline cache exporter only supports `min` cache mode. To enable `max` cache mode, push the image and the cache separately by using the registry cache exporter. This also allows for smaller release images. * fix (cd): remove unused GHA cache We're leveraging the registry to cache the actions, instead of using the 10GB limits from Github Actions cache storage * refactor (cd): use cargo-chef for caching rust deps * fix (release): use newer debian to reduce vulnerabilities * fix (cd): use same zone, region and service accounts * fix (cd): use same disk size and type for all deployments * refactor (cd): activate interactive shells Use interactive shells for manual and test deployments. This allow greater flexibility if troubleshooting is needed inside the machines * fix (docker): do not build with different settings Compiling might be slow because different steps are compiling the same code 2-4 times because of the variations * fix(cd): use Mainnet instead of mainnet * fix(docker): remove tests as a runtime dependency * fix(cd): use default service account with cloud-platform scope * fix(cd): keep compatibility with gcr.io To prevent conflicts between registries, and migrate when the time is right, we'll keep pushing to both registries and use github actions cache to prevent conflicts between artifacts. * fix(docker): do not download zcash params twice * feat(docker): add google OS Config agent Use a separate step to have better flexibility in case a better approach is available * fix(docker): allow to use zebrad as a command * feat: add an image to inherit from with zcash params * refactor(docker): use cached zcash params from previous build * imp(cd): add double safety measure for production
2022-02-08 16:50:13 -08:00
with:
ci(auth): retry GCP authentication if fails (#4940) Previous behavior: Sometimes Google Cloud authentication fails, this might happen before IAM permissions are fully propagated Expected behavior: If the authentication fails, retry at least 3 times before exiting with a non zero exit code Applied solution: Google GitHub Actions for auth recently added this a `retries` feature which is now implemented to workaround this issue. Note: https://github.com/google-github-actions/auth/commit/95a6bc2a27ae409a01ea58dd0732eccaa088ec07 Fixes https://github.com/ZcashFoundation/zebra/issues/4846
2022-08-23 20:49:55 -07:00
retries: '3'
refactor(ci): use GitHub variables for non-sensitive info (#6357) * refactor(ci): use GitHub secrets and variables We've been using values that are variable across multiple workflows, and those can only be changed if modifying the workflows, but we should be able to change the values without committing new changes in the code for this purpose we're now using GitHub Variables, and even moving non-sensitive information into variables instead of secrets. Allowing more flexibility and other scenarios that should be easier to manage, like deploying to Mainnet or Testnet. * refactor(ci): use new GitHub variables for GCP auth * fix(ci): typo * fix(ci): do not use multiple variables for the same value * fix(ci): typo in variable * fix(vars): use different variables for machine types * fix(vars): missing substitution * fix: typo * fix: make the input CI network override the default network * Use the correct network variable for creating disks --------- Co-authored-by: teor <teor@riseup.net>
2023-04-12 23:56:21 -07:00
workload_identity_provider: '${{ vars.GCP_WIF }}'
service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}'
fix(gcloud): setup the GCP CLI after authenticating (#5606) Previous behavior: `gcloud` commands have been running without an appropiate authentication as the `auth` auction was sucessfully executed, but the actual gcloud CLI being used in further jobs was not using the correct configuration nor credentials Expected behavior: All `gcloud` commands should be properly configured and authenticated. Solution: Add the `google-github-actions/setup-gcloud` action after each `google-github-actions/auth` invocation, and before running any `gcloud` command. Remove the need of an OAuth Access token when not required by following steps
2022-11-09 22:32:21 -08:00
- name: Set up Cloud SDK
build(deps): bump google-github-actions/setup-gcloud from 1.1.0 to 1.1.1 (#6653) Bumps [google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud) from 1.1.0 to 1.1.1. - [Release notes](https://github.com/google-github-actions/setup-gcloud/releases) - [Changelog](https://github.com/google-github-actions/setup-gcloud/blob/main/CHANGELOG.md) - [Commits](https://github.com/google-github-actions/setup-gcloud/compare/v1.1.0...v1.1.1) --- updated-dependencies: - dependency-name: google-github-actions/setup-gcloud dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-13 18:34:22 -07:00
uses: google-github-actions/setup-gcloud@v1.1.1
Run acceptance tests post-merge with large cached state (#1282) * Create and mount persistent disk to store zebrad state, update runner container config to use * Enable checkpoint sync in zebrad image config * Lower state memory cache from 500MB to 50MB * Upgrade host to n2-standard-4 * Bump zebrad-cache disk size to 100GB * Copy zebrad as the tests are compiled with a hardcoded path to it * Rename all debug binaries for easy invocation * Name state cache disk, use the correct path to binaries * Create volume and all that jazz on instance creation Otherwise there's a lot of on-instance commands to do that is just handled by this shortcut. * Explicitly mount the state cache and cleanup test instance * Wait for zebra-test container to start then attach * Always clean up even if the tests step fails * Keep fast sleep but only print 'waiting' once
2020-11-12 12:18:35 -08:00
fix(cd): allow deploying instance templates without disk errors (#5697) * fix(cd): allow deploying instance templates without disk errors Motivation: PR #5670 failed in `main` as it was tested with `gcloud compute instances create-with-container` and even the manual deployment uses `instances`, and it works. But the one that failed uses `gcloud compute instance-templates create-with-container` using `instance-template` and it's complaining with: `When attaching or creating a disk that is also being mounted to a container, must specify the disk name` Based on the documentation, the name is optional when using `create-with-container`, for both `instances` and `instance-templates` Source: https://cloud.google.com/sdk/gcloud/reference/compute/instance-templates/create-with-container#--container-mount-disk Solution: Revert this specific job as how it was, and do not scale the instances above 1, as this would cause the following error: `Instance template specifies a disk with a custom name. This will cause instance group not to scale beyond 1 instance per zone.` * chore: reduce diff
2022-11-22 14:20:47 -08:00
# TODO we should implement the fixes from https://github.com/ZcashFoundation/zebra/pull/5670 here
# but the implementation is failing as it's requiring the disk names, contrary to what is stated in the official documentation
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
- name: Create instance template for ${{ matrix.network }}
Run acceptance tests post-merge with large cached state (#1282) * Create and mount persistent disk to store zebrad state, update runner container config to use * Enable checkpoint sync in zebrad image config * Lower state memory cache from 500MB to 50MB * Upgrade host to n2-standard-4 * Bump zebrad-cache disk size to 100GB * Copy zebrad as the tests are compiled with a hardcoded path to it * Rename all debug binaries for easy invocation * Name state cache disk, use the correct path to binaries * Create volume and all that jazz on instance creation Otherwise there's a lot of on-instance commands to do that is just handled by this shortcut. * Explicitly mount the state cache and cleanup test instance * Wait for zebra-test container to start then attach * Always clean up even if the tests step fails * Keep fast sleep but only print 'waiting' once
2020-11-12 12:18:35 -08:00
run: |
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
gcloud compute instance-templates create-with-container zebrad-${{ needs.versioning.outputs.major_version || env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }}-${NETWORK} \
refactor(cd): improve Docker and gcloud usage without Cloud Build (#3431) * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): use newer google auth action * fix (cd): use newer secret as gcp credential * fix (docker): do not create extra directories * fix (docker): ignore .github for caching purposes * fix (docker): use latest rust * fix: use a better name for manual deployment * refactor (docker): use standard directories for executable * fix (cd): most systems expect a "latest" tag Caching from the latest image is one of the main reasons to add this extra tag. Before this commit, the inline cache was not being used. * fix (cd): push the build image and the cache separately The inline cache exporter only supports `min` cache mode. To enable `max` cache mode, push the image and the cache separately by using the registry cache exporter. This also allows for smaller release images. * fix (cd): remove unused GHA cache We're leveraging the registry to cache the actions, instead of using the 10GB limits from Github Actions cache storage * refactor (cd): use cargo-chef for caching rust deps * fix (release): use newer debian to reduce vulnerabilities * fix (cd): use same zone, region and service accounts * fix (cd): use same disk size and type for all deployments * refactor (cd): activate interactive shells Use interactive shells for manual and test deployments. This allow greater flexibility if troubleshooting is needed inside the machines * fix (docker): do not build with different settings Compiling might be slow because different steps are compiling the same code 2-4 times because of the variations * fix(cd): use Mainnet instead of mainnet * fix(docker): remove tests as a runtime dependency * fix(cd): use default service account with cloud-platform scope * fix(cd): keep compatibility with gcr.io To prevent conflicts between registries, and migrate when the time is right, we'll keep pushing to both registries and use github actions cache to prevent conflicts between artifacts. * fix(docker): do not download zcash params twice * feat(docker): add google OS Config agent Use a separate step to have better flexibility in case a better approach is available * fix(docker): allow to use zebrad as a command * feat: add an image to inherit from with zcash params * refactor(docker): use cached zcash params from previous build * imp(cd): add double safety measure for production
2022-02-08 16:50:13 -08:00
--boot-disk-type=pd-ssd \
ci: use Container-Optimized OS public image on the VM (#5617) * ci(compute): use debian public image on the VM, not the container Previous behavior: We were pulling the debian image the wrong way, as this was being used as a container but it was meant to be the VM image The image being pulled to create the internal container has been causing crashes as this images do not exists on Google's container repositories Expected behavior: Use a public image as debian-11 to get multiple benefits from it, as being able to use machine-images (#5615) and automatic disk resizing (which is now possible as we're using COS images, but those are more restrictive) Solution Add `--image-project=debian-cloud` and `--image-family=debian-11` as stated in the official documentation: https://cloud.google.com/sdk/gcloud/reference/compute/instances/create-with-container#--image-project More info: https://cloud.google.com/compute/docs/images/os-details#import * fix: use a public image with docker on the host * fix(logs): missing sudo before docker command Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2022-11-16 15:08:28 -08:00
--image-project=cos-cloud \
--image-family=cos-stable \
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
--user-output-enabled \
--metadata google-logging-enabled=true,google-logging-use-fluentbit=true \
refactor(ci): use GitHub variables for non-sensitive info (#6357) * refactor(ci): use GitHub secrets and variables We've been using values that are variable across multiple workflows, and those can only be changed if modifying the workflows, but we should be able to change the values without committing new changes in the code for this purpose we're now using GitHub Variables, and even moving non-sensitive information into variables instead of secrets. Allowing more flexibility and other scenarios that should be easier to manage, like deploying to Mainnet or Testnet. * refactor(ci): use new GitHub variables for GCP auth * fix(ci): typo * fix(ci): do not use multiple variables for the same value * fix(ci): typo in variable * fix(vars): use different variables for machine types * fix(vars): missing substitution * fix: typo * fix: make the input CI network override the default network * Use the correct network variable for creating disks --------- Co-authored-by: teor <teor@riseup.net>
2023-04-12 23:56:21 -07:00
--container-image ${{ vars.GAR_BASE }}/zebrad@${{ needs.build.outputs.image_digest }} \
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
--container-env "NETWORK=${{ matrix.network }},LOG_FILE=${{ vars.CD_LOG_FILE }},SENTRY_DSN=${{ vars.SENTRY_DSN }},SHORT_SHA=${{ env.GITHUB_SHA_SHORT }}" \
--create-disk=name=zebrad-cache-${{ env.GITHUB_SHA_SHORT }}-${NETWORK},auto-delete=yes,size=300GB,type=pd-ssd \
--container-mount-disk=mount-path="/zebrad-cache",name=zebrad-cache-${{ env.GITHUB_SHA_SHORT }}-${NETWORK} \
refactor(ci): use GitHub variables for non-sensitive info (#6357) * refactor(ci): use GitHub secrets and variables We've been using values that are variable across multiple workflows, and those can only be changed if modifying the workflows, but we should be able to change the values without committing new changes in the code for this purpose we're now using GitHub Variables, and even moving non-sensitive information into variables instead of secrets. Allowing more flexibility and other scenarios that should be easier to manage, like deploying to Mainnet or Testnet. * refactor(ci): use new GitHub variables for GCP auth * fix(ci): typo * fix(ci): do not use multiple variables for the same value * fix(ci): typo in variable * fix(vars): use different variables for machine types * fix(vars): missing substitution * fix: typo * fix: make the input CI network override the default network * Use the correct network variable for creating disks --------- Co-authored-by: teor <teor@riseup.net>
2023-04-12 23:56:21 -07:00
--machine-type ${{ vars.GCP_SMALL_MACHINE }} \
ci: unpin specific `buildkit` version and fix deployment subnets (#6645) * ci(build): unpin specific `buildkit` version We previously had an issue with the following error: `cannot reuse body, request must be retried` This commonly was a wrong error, caused by a containerd issue which has being tracked and solved here: https://github.com/docker/build-push-action/issues/761#issuecomment-1406261692 We're having errors when building, and this might be caused by an underliying error which containerd is not showing us correctly. * ci(deploy): Use specific subnetworks on GCP VMs
2023-05-09 17:45:32 -07:00
--network-interface=subnet=${{ vars.GCP_SUBNETWORK }} \
fix(deployment): explicitly use a service account and region (#6643)
2023-05-09 14:13:26 -07:00
--service-account ${{ vars.GCP_DEPLOYMENTS_SA }} \
gcloud workflow to deploy containers via managed instance group Also default command to 'zebrad connect' until 'start' is fleshed out.
2020-06-15 01:32:51 -07:00
--scopes cloud-platform \
fix(ci): Fix network parameter in continous-delivery.yml, and add network labels to GCP jobs (#5710) * chore: add Network as a label * Fix network parameter in continous-delivery.yml * Standardise network usage in zcashd-manual-deploy * Use lowercase network labels * Fix some shellcheck errors * Hard-code a Mainnet default to support contexts where env is not available * Fix string syntax * Fix more shellcheck errors * Update .github/workflows/zcashd-manual-deploy.yml Co-authored-by: Gustavo Valverde <gustavo@iterativo.do> Co-authored-by: Arya <aryasolhi@gmail.com>
2022-11-25 13:11:22 -08:00
--labels=app=zebrad,environment=prod,network=${NETWORK},github_ref=${{ env.GITHUB_REF_SLUG_URL }} \
ci(deploy): templates do not allow the `zone` argument (#6646)
2023-05-09 19:06:18 -07:00
--tags zebrad
Add 'zebrad' tags to instance templates And add 'one time' commands commented out for managing firewall rules.
2020-06-18 14:52:53 -07:00
Run acceptance tests post-merge with large cached state (#1282) * Create and mount persistent disk to store zebrad state, update runner container config to use * Enable checkpoint sync in zebrad image config * Lower state memory cache from 500MB to 50MB * Upgrade host to n2-standard-4 * Bump zebrad-cache disk size to 100GB * Copy zebrad as the tests are compiled with a hardcoded path to it * Rename all debug binaries for easy invocation * Name state cache disk, use the correct path to binaries * Create volume and all that jazz on instance creation Otherwise there's a lot of on-instance commands to do that is just handled by this shortcut. * Explicitly mount the state cache and cleanup test instance * Wait for zebra-test container to start then attach * Always clean up even if the tests step fails * Keep fast sleep but only print 'waiting' once
2020-11-12 12:18:35 -08:00
# Check if our destination instance group exists already
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
- name: Check if ${{ matrix.network }} instance group exists
Run acceptance tests post-merge with large cached state (#1282) * Create and mount persistent disk to store zebrad state, update runner container config to use * Enable checkpoint sync in zebrad image config * Lower state memory cache from 500MB to 50MB * Upgrade host to n2-standard-4 * Bump zebrad-cache disk size to 100GB * Copy zebrad as the tests are compiled with a hardcoded path to it * Rename all debug binaries for easy invocation * Name state cache disk, use the correct path to binaries * Create volume and all that jazz on instance creation Otherwise there's a lot of on-instance commands to do that is just handled by this shortcut. * Explicitly mount the state cache and cleanup test instance * Wait for zebra-test container to start then attach * Always clean up even if the tests step fails * Keep fast sleep but only print 'waiting' once
2020-11-12 12:18:35 -08:00
id: does-group-exist
continue-on-error: true
run: |
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
gcloud compute instance-groups list | grep "zebrad-${{ needs.versioning.outputs.major_version || env.GITHUB_REF_SLUG_URL }}-${NETWORK}" | grep "${{ vars.GCP_REGION }}"
Run acceptance tests post-merge with large cached state (#1282) * Create and mount persistent disk to store zebrad state, update runner container config to use * Enable checkpoint sync in zebrad image config * Lower state memory cache from 500MB to 50MB * Upgrade host to n2-standard-4 * Bump zebrad-cache disk size to 100GB * Copy zebrad as the tests are compiled with a hardcoded path to it * Rename all debug binaries for easy invocation * Name state cache disk, use the correct path to binaries * Create volume and all that jazz on instance creation Otherwise there's a lot of on-instance commands to do that is just handled by this shortcut. * Explicitly mount the state cache and cleanup test instance * Wait for zebra-test container to start then attach * Always clean up even if the tests step fails * Keep fast sleep but only print 'waiting' once
2020-11-12 12:18:35 -08:00
# Deploy new managed instance group using the new instance template
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
- name: Create managed instance group for ${{ matrix.network }}
Run acceptance tests post-merge with large cached state (#1282) * Create and mount persistent disk to store zebrad state, update runner container config to use * Enable checkpoint sync in zebrad image config * Lower state memory cache from 500MB to 50MB * Upgrade host to n2-standard-4 * Bump zebrad-cache disk size to 100GB * Copy zebrad as the tests are compiled with a hardcoded path to it * Rename all debug binaries for easy invocation * Name state cache disk, use the correct path to binaries * Create volume and all that jazz on instance creation Otherwise there's a lot of on-instance commands to do that is just handled by this shortcut. * Explicitly mount the state cache and cleanup test instance * Wait for zebra-test container to start then attach * Always clean up even if the tests step fails * Keep fast sleep but only print 'waiting' once
2020-11-12 12:18:35 -08:00
if: steps.does-group-exist.outcome == 'failure'
run: |
gcloud compute instance-groups managed create \
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
"zebrad-${{ needs.versioning.outputs.major_version || env.GITHUB_REF_SLUG_URL }}-${NETWORK}" \
--template "zebrad-${{ needs.versioning.outputs.major_version || env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }}-${NETWORK}" \
Create instance group if it doesn't exist, update it if it does (#513) * Deploy instance group if it doesn't exist, update it if it does * Rename push.yml to cd.yml * Rename some CD steps
2020-06-21 01:39:47 -07:00
--health-check zebrad-tracing-filter \
--initial-delay 30 \
refactor(ci): use GitHub variables for non-sensitive info (#6357) * refactor(ci): use GitHub secrets and variables We've been using values that are variable across multiple workflows, and those can only be changed if modifying the workflows, but we should be able to change the values without committing new changes in the code for this purpose we're now using GitHub Variables, and even moving non-sensitive information into variables instead of secrets. Allowing more flexibility and other scenarios that should be easier to manage, like deploying to Mainnet or Testnet. * refactor(ci): use new GitHub variables for GCP auth * fix(ci): typo * fix(ci): do not use multiple variables for the same value * fix(ci): typo in variable * fix(vars): use different variables for machine types * fix(vars): missing substitution * fix: typo * fix: make the input CI network override the default network * Use the correct network variable for creating disks --------- Co-authored-by: teor <teor@riseup.net>
2023-04-12 23:56:21 -07:00
--region "${{ vars.GCP_REGION }}" \
fix(cd): allow deploying instance templates without disk errors (#5697) * fix(cd): allow deploying instance templates without disk errors Motivation: PR #5670 failed in `main` as it was tested with `gcloud compute instances create-with-container` and even the manual deployment uses `instances`, and it works. But the one that failed uses `gcloud compute instance-templates create-with-container` using `instance-template` and it's complaining with: `When attaching or creating a disk that is also being mounted to a container, must specify the disk name` Based on the documentation, the name is optional when using `create-with-container`, for both `instances` and `instance-templates` Source: https://cloud.google.com/sdk/gcloud/reference/compute/instance-templates/create-with-container#--container-mount-disk Solution: Revert this specific job as how it was, and do not scale the instances above 1, as this would cause the following error: `Instance template specifies a disk with a custom name. This will cause instance group not to scale beyond 1 instance per zone.` * chore: reduce diff
2022-11-22 14:20:47 -08:00
--size 1
Update existing managed instance groups on deploy
2020-06-19 00:26:31 -07:00
Run acceptance tests post-merge with large cached state (#1282) * Create and mount persistent disk to store zebrad state, update runner container config to use * Enable checkpoint sync in zebrad image config * Lower state memory cache from 500MB to 50MB * Upgrade host to n2-standard-4 * Bump zebrad-cache disk size to 100GB * Copy zebrad as the tests are compiled with a hardcoded path to it * Rename all debug binaries for easy invocation * Name state cache disk, use the correct path to binaries * Create volume and all that jazz on instance creation Otherwise there's a lot of on-instance commands to do that is just handled by this shortcut. * Explicitly mount the state cache and cleanup test instance * Wait for zebra-test container to start then attach * Always clean up even if the tests step fails * Keep fast sleep but only print 'waiting' once
2020-11-12 12:18:35 -08:00
# Rolls out update to existing group using the new instance template
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
- name: Update managed instance group for ${{ matrix.network }}
Run acceptance tests post-merge with large cached state (#1282) * Create and mount persistent disk to store zebrad state, update runner container config to use * Enable checkpoint sync in zebrad image config * Lower state memory cache from 500MB to 50MB * Upgrade host to n2-standard-4 * Bump zebrad-cache disk size to 100GB * Copy zebrad as the tests are compiled with a hardcoded path to it * Rename all debug binaries for easy invocation * Name state cache disk, use the correct path to binaries * Create volume and all that jazz on instance creation Otherwise there's a lot of on-instance commands to do that is just handled by this shortcut. * Explicitly mount the state cache and cleanup test instance * Wait for zebra-test container to start then attach * Always clean up even if the tests step fails * Keep fast sleep but only print 'waiting' once
2020-11-12 12:18:35 -08:00
if: steps.does-group-exist.outcome == 'success'
run: |
gcloud compute instance-groups managed rolling-action start-update \
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
"zebrad-${{ needs.versioning.outputs.major_version || env.GITHUB_REF_SLUG_URL }}-${NETWORK}" \
--version template="zebrad-${{ needs.versioning.outputs.major_version || env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }}-${NETWORK}" \
refactor(ci): use GitHub variables for non-sensitive info (#6357) * refactor(ci): use GitHub secrets and variables We've been using values that are variable across multiple workflows, and those can only be changed if modifying the workflows, but we should be able to change the values without committing new changes in the code for this purpose we're now using GitHub Variables, and even moving non-sensitive information into variables instead of secrets. Allowing more flexibility and other scenarios that should be easier to manage, like deploying to Mainnet or Testnet. * refactor(ci): use new GitHub variables for GCP auth * fix(ci): typo * fix(ci): do not use multiple variables for the same value * fix(ci): typo in variable * fix(vars): use different variables for machine types * fix(vars): missing substitution * fix: typo * fix: make the input CI network override the default network * Use the correct network variable for creating disks --------- Co-authored-by: teor <teor@riseup.net>
2023-04-12 23:56:21 -07:00
--region "${{ vars.GCP_REGION }}"
refactor(cd): improve Docker and gcloud usage without Cloud Build (#3431) * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): use newer google auth action * fix (cd): use newer secret as gcp credential * fix (docker): do not create extra directories * fix (docker): ignore .github for caching purposes * fix (docker): use latest rust * fix: use a better name for manual deployment * refactor (docker): use standard directories for executable * fix (cd): most systems expect a "latest" tag Caching from the latest image is one of the main reasons to add this extra tag. Before this commit, the inline cache was not being used. * fix (cd): push the build image and the cache separately The inline cache exporter only supports `min` cache mode. To enable `max` cache mode, push the image and the cache separately by using the registry cache exporter. This also allows for smaller release images. * fix (cd): remove unused GHA cache We're leveraging the registry to cache the actions, instead of using the 10GB limits from Github Actions cache storage * refactor (cd): use cargo-chef for caching rust deps * fix (release): use newer debian to reduce vulnerabilities * fix (cd): use same zone, region and service accounts * fix (cd): use same disk size and type for all deployments * refactor (cd): activate interactive shells Use interactive shells for manual and test deployments. This allow greater flexibility if troubleshooting is needed inside the machines * fix (docker): do not build with different settings Compiling might be slow because different steps are compiling the same code 2-4 times because of the variations * fix(cd): use Mainnet instead of mainnet * fix(docker): remove tests as a runtime dependency * fix(cd): use default service account with cloud-platform scope * fix(cd): keep compatibility with gcr.io To prevent conflicts between registries, and migrate when the time is right, we'll keep pushing to both registries and use github actions cache to prevent conflicts between artifacts. * fix(docker): do not download zcash params twice * feat(docker): add google OS Config agent Use a separate step to have better flexibility in case a better approach is available * fix(docker): allow to use zebrad as a command * feat: add an image to inherit from with zcash params * refactor(docker): use cached zcash params from previous build * imp(cd): add double safety measure for production
2022-02-08 16:50:13 -08:00
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
# This jobs handles the deployment of a single node (1) in the configured GCP zone
ci(build): deploy long running node instances on release (#4939) * feat(build): deploy long running instances on release Previous behavior: Each time we merged to main new nodes would be deployed, this is an expected behavior as we need to ensure nodes get deployed and run without issues, but this could also replace nodes very hastily. Expected behavior: We want instances which would run for a longer time, to allow us to troubleshoot issues or inspect the behavior of this instances for longer periods of time (2+ weeks) Applied solution: Deploy a versioned manage instance group (MiG) using the major version of the release semver. We just use the first part of the version to replace old instances, and change it when a major version is released to keep a segregation between new and old versions. * ci(build): allow v0 as a major version tag * fix(build): use rust conventions for versioning * fix(deploy): improve documentation and trigger on release * Update .github/workflows/continous-delivery.yml Co-authored-by: teor <teor@riseup.net> * fix(versioning): typo * fix(deploy): use `zebrad-v1` as the instance name, with no SHA * fix(deploy): create and update MiG must use the same name * docs(deployments): add Continuous Delivery process Co-authored-by: teor <teor@riseup.net> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2022-08-28 05:46:21 -07:00
# when an instance is required to test a specific commit
#
# Runs:
# - on request, using workflow_dispatch with regenerate-disks
#
# Note: this instances are not automatically replaced or deleted
refactor(cd): improve Docker and gcloud usage without Cloud Build (#3431) * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): use newer google auth action * fix (cd): use newer secret as gcp credential * fix (docker): do not create extra directories * fix (docker): ignore .github for caching purposes * fix (docker): use latest rust * fix: use a better name for manual deployment * refactor (docker): use standard directories for executable * fix (cd): most systems expect a "latest" tag Caching from the latest image is one of the main reasons to add this extra tag. Before this commit, the inline cache was not being used. * fix (cd): push the build image and the cache separately The inline cache exporter only supports `min` cache mode. To enable `max` cache mode, push the image and the cache separately by using the registry cache exporter. This also allows for smaller release images. * fix (cd): remove unused GHA cache We're leveraging the registry to cache the actions, instead of using the 10GB limits from Github Actions cache storage * refactor (cd): use cargo-chef for caching rust deps * fix (release): use newer debian to reduce vulnerabilities * fix (cd): use same zone, region and service accounts * fix (cd): use same disk size and type for all deployments * refactor (cd): activate interactive shells Use interactive shells for manual and test deployments. This allow greater flexibility if troubleshooting is needed inside the machines * fix (docker): do not build with different settings Compiling might be slow because different steps are compiling the same code 2-4 times because of the variations * fix(cd): use Mainnet instead of mainnet * fix(docker): remove tests as a runtime dependency * fix(cd): use default service account with cloud-platform scope * fix(cd): keep compatibility with gcr.io To prevent conflicts between registries, and migrate when the time is right, we'll keep pushing to both registries and use github actions cache to prevent conflicts between artifacts. * fix(docker): do not download zcash params twice * feat(docker): add google OS Config agent Use a separate step to have better flexibility in case a better approach is available * fix(docker): allow to use zebrad as a command * feat: add an image to inherit from with zcash params * refactor(docker): use cached zcash params from previous build * imp(cd): add double safety measure for production
2022-02-08 16:50:13 -08:00
deploy-instance:
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
name: Deploy single ${{ inputs.network }} instance
ci: add a test to check that the Docker image config works (#5968) * ci: add a test to validate Zebra's config file and path * fix: use `ZEBRA_CONF_PATH` as single variable locating the conf * fix: do not remove the containers * fix: use extended regex * fix: use different steps to validate the conf tests * fix: do not specify a default CMD for running Docker in test builds * fix: use actual starting commands for entrypoint * fix: do not add cargo twice if cargo is in $1 * fix: allow to run `zebrad` in the `tests` stage of Dockerfile * fix: new entrypoint does not allow an empty CMD * fix: do not duplicate the `zebrad` command * fix: segregate configuration jobs * refactor(entrypoint): handle better parameters conditions * fix: make `zebrad` an executable command in `tests` stage * Show the commands that are being executed in the new docker test * Show full logs without tee or grep * Apply suggestions from code review Co-authored-by: teor <teor@riseup.net> * fix: use the actual path inside docker * fix: use `grep` with exit code If the container is logging to stderr, piping works only for stdout, so we're adding `2>&1` * fix: use `grep -q` to get an exit code * fix: fail if any error is detected * fix: fail if this test takes more than 5 minutes * fix: update patch workflows * feat: test Dockerfile `runtime` config * fix: depend on the configuration test to continue Co-authored-by: teor <teor@riseup.net>
2023-01-22 22:41:59 -08:00
needs: [ build, test-configuration-file ]
refactor(cd): improve Docker and gcloud usage without Cloud Build (#3431) * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): use newer google auth action * fix (cd): use newer secret as gcp credential * fix (docker): do not create extra directories * fix (docker): ignore .github for caching purposes * fix (docker): use latest rust * fix: use a better name for manual deployment * refactor (docker): use standard directories for executable * fix (cd): most systems expect a "latest" tag Caching from the latest image is one of the main reasons to add this extra tag. Before this commit, the inline cache was not being used. * fix (cd): push the build image and the cache separately The inline cache exporter only supports `min` cache mode. To enable `max` cache mode, push the image and the cache separately by using the registry cache exporter. This also allows for smaller release images. * fix (cd): remove unused GHA cache We're leveraging the registry to cache the actions, instead of using the 10GB limits from Github Actions cache storage * refactor (cd): use cargo-chef for caching rust deps * fix (release): use newer debian to reduce vulnerabilities * fix (cd): use same zone, region and service accounts * fix (cd): use same disk size and type for all deployments * refactor (cd): activate interactive shells Use interactive shells for manual and test deployments. This allow greater flexibility if troubleshooting is needed inside the machines * fix (docker): do not build with different settings Compiling might be slow because different steps are compiling the same code 2-4 times because of the variations * fix(cd): use Mainnet instead of mainnet * fix(docker): remove tests as a runtime dependency * fix(cd): use default service account with cloud-platform scope * fix(cd): keep compatibility with gcr.io To prevent conflicts between registries, and migrate when the time is right, we'll keep pushing to both registries and use github actions cache to prevent conflicts between artifacts. * fix(docker): do not download zcash params twice * feat(docker): add google OS Config agent Use a separate step to have better flexibility in case a better approach is available * fix(docker): allow to use zebrad as a command * feat: add an image to inherit from with zcash params * refactor(docker): use cached zcash params from previous build * imp(cd): add double safety measure for production
2022-02-08 16:50:13 -08:00
runs-on: ubuntu-latest
timeout-minutes: 30
refactor(ci): use improved OIDC for gcloud authentication (#3885) * refactor(ci): use improved OIDC authentication * fix(ci): standardize OIDC on all required jobs * fix: wrong indentation * fix(ci): remove non existing depency in clean job
2022-03-18 14:25:35 -07:00
permissions:
contents: 'read'
id-token: 'write'
refactor(cd): improve Docker and gcloud usage without Cloud Build (#3431) * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): use newer google auth action * fix (cd): use newer secret as gcp credential * fix (docker): do not create extra directories * fix (docker): ignore .github for caching purposes * fix (docker): use latest rust * fix: use a better name for manual deployment * refactor (docker): use standard directories for executable * fix (cd): most systems expect a "latest" tag Caching from the latest image is one of the main reasons to add this extra tag. Before this commit, the inline cache was not being used. * fix (cd): push the build image and the cache separately The inline cache exporter only supports `min` cache mode. To enable `max` cache mode, push the image and the cache separately by using the registry cache exporter. This also allows for smaller release images. * fix (cd): remove unused GHA cache We're leveraging the registry to cache the actions, instead of using the 10GB limits from Github Actions cache storage * refactor (cd): use cargo-chef for caching rust deps * fix (release): use newer debian to reduce vulnerabilities * fix (cd): use same zone, region and service accounts * fix (cd): use same disk size and type for all deployments * refactor (cd): activate interactive shells Use interactive shells for manual and test deployments. This allow greater flexibility if troubleshooting is needed inside the machines * fix (docker): do not build with different settings Compiling might be slow because different steps are compiling the same code 2-4 times because of the variations * fix(cd): use Mainnet instead of mainnet * fix(docker): remove tests as a runtime dependency * fix(cd): use default service account with cloud-platform scope * fix(cd): keep compatibility with gcr.io To prevent conflicts between registries, and migrate when the time is right, we'll keep pushing to both registries and use github actions cache to prevent conflicts between artifacts. * fix(docker): do not download zcash params twice * feat(docker): add google OS Config agent Use a separate step to have better flexibility in case a better approach is available * fix(docker): allow to use zebrad as a command * feat: add an image to inherit from with zcash params * refactor(docker): use cached zcash params from previous build * imp(cd): add double safety measure for production
2022-02-08 16:50:13 -08:00
if: github.event_name == 'workflow_dispatch'
steps:
build(deps): bump actions/checkout from 3.5.1 to 3.5.2 (#6504) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.1 to 3.5.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.5.1...v3.5.2) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-16 16:36:01 -07:00
- uses: actions/checkout@v3.5.2
fix(ci): remove warnings caused by missing `actions/checkout` step (#5874) * fix(ci): remove warnings caused by missing `actions/checkout` * fix: typo in arguments * fix: add the whole disk name as this is a single instance * fix: add dis name to mount
2023-01-10 02:11:11 -08:00
with:
persist-credentials: false
refactor(cd): improve Docker and gcloud usage without Cloud Build (#3431) * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): use newer google auth action * fix (cd): use newer secret as gcp credential * fix (docker): do not create extra directories * fix (docker): ignore .github for caching purposes * fix (docker): use latest rust * fix: use a better name for manual deployment * refactor (docker): use standard directories for executable * fix (cd): most systems expect a "latest" tag Caching from the latest image is one of the main reasons to add this extra tag. Before this commit, the inline cache was not being used. * fix (cd): push the build image and the cache separately The inline cache exporter only supports `min` cache mode. To enable `max` cache mode, push the image and the cache separately by using the registry cache exporter. This also allows for smaller release images. * fix (cd): remove unused GHA cache We're leveraging the registry to cache the actions, instead of using the 10GB limits from Github Actions cache storage * refactor (cd): use cargo-chef for caching rust deps * fix (release): use newer debian to reduce vulnerabilities * fix (cd): use same zone, region and service accounts * fix (cd): use same disk size and type for all deployments * refactor (cd): activate interactive shells Use interactive shells for manual and test deployments. This allow greater flexibility if troubleshooting is needed inside the machines * fix (docker): do not build with different settings Compiling might be slow because different steps are compiling the same code 2-4 times because of the variations * fix(cd): use Mainnet instead of mainnet * fix(docker): remove tests as a runtime dependency * fix(cd): use default service account with cloud-platform scope * fix(cd): keep compatibility with gcr.io To prevent conflicts between registries, and migrate when the time is right, we'll keep pushing to both registries and use github actions cache to prevent conflicts between artifacts. * fix(docker): do not download zcash params twice * feat(docker): add google OS Config agent Use a separate step to have better flexibility in case a better approach is available * fix(docker): allow to use zebrad as a command * feat: add an image to inherit from with zcash params * refactor(docker): use cached zcash params from previous build * imp(cd): add double safety measure for production
2022-02-08 16:50:13 -08:00
- name: Inject slug/short variables
uses: rlespinasse/github-slug-action@v4
fix(actions): use a specific shortening length for SHAs (#3929) * fix(actions): use a specific shortening length for SHAs The rlespinasse/github-slug-action now works without checking out the code, reduce time and improving security with following actions. This requires to specify the GITHUB_SHA_SHORT variable length, as git uses 8 by default, but docker uses 7 by default. * fix(actions): target correct rlespinasse/github-slug-action version * fix(actions): just use major version * fix(actions): github-slug-action is not being correctly referenced
2022-03-21 16:07:01 -07:00
with:
short-length: 7
refactor(cd): improve Docker and gcloud usage without Cloud Build (#3431) * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): use newer google auth action * fix (cd): use newer secret as gcp credential * fix (docker): do not create extra directories * fix (docker): ignore .github for caching purposes * fix (docker): use latest rust * fix: use a better name for manual deployment * refactor (docker): use standard directories for executable * fix (cd): most systems expect a "latest" tag Caching from the latest image is one of the main reasons to add this extra tag. Before this commit, the inline cache was not being used. * fix (cd): push the build image and the cache separately The inline cache exporter only supports `min` cache mode. To enable `max` cache mode, push the image and the cache separately by using the registry cache exporter. This also allows for smaller release images. * fix (cd): remove unused GHA cache We're leveraging the registry to cache the actions, instead of using the 10GB limits from Github Actions cache storage * refactor (cd): use cargo-chef for caching rust deps * fix (release): use newer debian to reduce vulnerabilities * fix (cd): use same zone, region and service accounts * fix (cd): use same disk size and type for all deployments * refactor (cd): activate interactive shells Use interactive shells for manual and test deployments. This allow greater flexibility if troubleshooting is needed inside the machines * fix (docker): do not build with different settings Compiling might be slow because different steps are compiling the same code 2-4 times because of the variations * fix(cd): use Mainnet instead of mainnet * fix(docker): remove tests as a runtime dependency * fix(cd): use default service account with cloud-platform scope * fix(cd): keep compatibility with gcr.io To prevent conflicts between registries, and migrate when the time is right, we'll keep pushing to both registries and use github actions cache to prevent conflicts between artifacts. * fix(docker): do not download zcash params twice * feat(docker): add google OS Config agent Use a separate step to have better flexibility in case a better approach is available * fix(docker): allow to use zebrad as a command * feat: add an image to inherit from with zcash params * refactor(docker): use cached zcash params from previous build * imp(cd): add double safety measure for production
2022-02-08 16:50:13 -08:00
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
# Makes the Zcash network name lowercase.
#
# Labels in GCP are required to be in lowercase, but the blockchain network
# uses sentence case, so we need to downcase the network.
#
# Passes the lowercase network to subsequent steps using $NETWORK env variable.
- name: Downcase network name for labels
run: |
NETWORK_CAPS="${{ inputs.network }}"
echo "NETWORK=${NETWORK_CAPS,,}" >> "$GITHUB_ENV"
refactor(cd): improve Docker and gcloud usage without Cloud Build (#3431) * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): use newer google auth action * fix (cd): use newer secret as gcp credential * fix (docker): do not create extra directories * fix (docker): ignore .github for caching purposes * fix (docker): use latest rust * fix: use a better name for manual deployment * refactor (docker): use standard directories for executable * fix (cd): most systems expect a "latest" tag Caching from the latest image is one of the main reasons to add this extra tag. Before this commit, the inline cache was not being used. * fix (cd): push the build image and the cache separately The inline cache exporter only supports `min` cache mode. To enable `max` cache mode, push the image and the cache separately by using the registry cache exporter. This also allows for smaller release images. * fix (cd): remove unused GHA cache We're leveraging the registry to cache the actions, instead of using the 10GB limits from Github Actions cache storage * refactor (cd): use cargo-chef for caching rust deps * fix (release): use newer debian to reduce vulnerabilities * fix (cd): use same zone, region and service accounts * fix (cd): use same disk size and type for all deployments * refactor (cd): activate interactive shells Use interactive shells for manual and test deployments. This allow greater flexibility if troubleshooting is needed inside the machines * fix (docker): do not build with different settings Compiling might be slow because different steps are compiling the same code 2-4 times because of the variations * fix(cd): use Mainnet instead of mainnet * fix(docker): remove tests as a runtime dependency * fix(cd): use default service account with cloud-platform scope * fix(cd): keep compatibility with gcr.io To prevent conflicts between registries, and migrate when the time is right, we'll keep pushing to both registries and use github actions cache to prevent conflicts between artifacts. * fix(docker): do not download zcash params twice * feat(docker): add google OS Config agent Use a separate step to have better flexibility in case a better approach is available * fix(docker): allow to use zebrad as a command * feat: add an image to inherit from with zcash params * refactor(docker): use cached zcash params from previous build * imp(cd): add double safety measure for production
2022-02-08 16:50:13 -08:00
# Setup gcloud CLI
- name: Authenticate to Google Cloud
id: auth
build(deps): bump google-github-actions/auth from 1.1.0 to 1.1.1 (#6639) Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 1.1.0 to 1.1.1. - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](https://github.com/google-github-actions/auth/compare/v1.1.0...v1.1.1) --- updated-dependencies: - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-10 19:39:36 -07:00
uses: google-github-actions/auth@v1.1.1
refactor(cd): improve Docker and gcloud usage without Cloud Build (#3431) * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): use newer google auth action * fix (cd): use newer secret as gcp credential * fix (docker): do not create extra directories * fix (docker): ignore .github for caching purposes * fix (docker): use latest rust * fix: use a better name for manual deployment * refactor (docker): use standard directories for executable * fix (cd): most systems expect a "latest" tag Caching from the latest image is one of the main reasons to add this extra tag. Before this commit, the inline cache was not being used. * fix (cd): push the build image and the cache separately The inline cache exporter only supports `min` cache mode. To enable `max` cache mode, push the image and the cache separately by using the registry cache exporter. This also allows for smaller release images. * fix (cd): remove unused GHA cache We're leveraging the registry to cache the actions, instead of using the 10GB limits from Github Actions cache storage * refactor (cd): use cargo-chef for caching rust deps * fix (release): use newer debian to reduce vulnerabilities * fix (cd): use same zone, region and service accounts * fix (cd): use same disk size and type for all deployments * refactor (cd): activate interactive shells Use interactive shells for manual and test deployments. This allow greater flexibility if troubleshooting is needed inside the machines * fix (docker): do not build with different settings Compiling might be slow because different steps are compiling the same code 2-4 times because of the variations * fix(cd): use Mainnet instead of mainnet * fix(docker): remove tests as a runtime dependency * fix(cd): use default service account with cloud-platform scope * fix(cd): keep compatibility with gcr.io To prevent conflicts between registries, and migrate when the time is right, we'll keep pushing to both registries and use github actions cache to prevent conflicts between artifacts. * fix(docker): do not download zcash params twice * feat(docker): add google OS Config agent Use a separate step to have better flexibility in case a better approach is available * fix(docker): allow to use zebrad as a command * feat: add an image to inherit from with zcash params * refactor(docker): use cached zcash params from previous build * imp(cd): add double safety measure for production
2022-02-08 16:50:13 -08:00
with:
ci(auth): retry GCP authentication if fails (#4940) Previous behavior: Sometimes Google Cloud authentication fails, this might happen before IAM permissions are fully propagated Expected behavior: If the authentication fails, retry at least 3 times before exiting with a non zero exit code Applied solution: Google GitHub Actions for auth recently added this a `retries` feature which is now implemented to workaround this issue. Note: https://github.com/google-github-actions/auth/commit/95a6bc2a27ae409a01ea58dd0732eccaa088ec07 Fixes https://github.com/ZcashFoundation/zebra/issues/4846
2022-08-23 20:49:55 -07:00
retries: '3'
refactor(ci): use GitHub variables for non-sensitive info (#6357) * refactor(ci): use GitHub secrets and variables We've been using values that are variable across multiple workflows, and those can only be changed if modifying the workflows, but we should be able to change the values without committing new changes in the code for this purpose we're now using GitHub Variables, and even moving non-sensitive information into variables instead of secrets. Allowing more flexibility and other scenarios that should be easier to manage, like deploying to Mainnet or Testnet. * refactor(ci): use new GitHub variables for GCP auth * fix(ci): typo * fix(ci): do not use multiple variables for the same value * fix(ci): typo in variable * fix(vars): use different variables for machine types * fix(vars): missing substitution * fix: typo * fix: make the input CI network override the default network * Use the correct network variable for creating disks --------- Co-authored-by: teor <teor@riseup.net>
2023-04-12 23:56:21 -07:00
workload_identity_provider: '${{ vars.GCP_WIF }}'
service_account: '${{ vars.GCP_DEPLOYMENTS_SA }}'
fix(gcloud): setup the GCP CLI after authenticating (#5606) Previous behavior: `gcloud` commands have been running without an appropiate authentication as the `auth` auction was sucessfully executed, but the actual gcloud CLI being used in further jobs was not using the correct configuration nor credentials Expected behavior: All `gcloud` commands should be properly configured and authenticated. Solution: Add the `google-github-actions/setup-gcloud` action after each `google-github-actions/auth` invocation, and before running any `gcloud` command. Remove the need of an OAuth Access token when not required by following steps
2022-11-09 22:32:21 -08:00
- name: Set up Cloud SDK
build(deps): bump google-github-actions/setup-gcloud from 1.1.0 to 1.1.1 (#6653) Bumps [google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud) from 1.1.0 to 1.1.1. - [Release notes](https://github.com/google-github-actions/setup-gcloud/releases) - [Changelog](https://github.com/google-github-actions/setup-gcloud/blob/main/CHANGELOG.md) - [Commits](https://github.com/google-github-actions/setup-gcloud/compare/v1.1.0...v1.1.1) --- updated-dependencies: - dependency-name: google-github-actions/setup-gcloud dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-13 18:34:22 -07:00
uses: google-github-actions/setup-gcloud@v1.1.1
refactor(cd): improve Docker and gcloud usage without Cloud Build (#3431) * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): use newer google auth action * fix (cd): use newer secret as gcp credential * fix (docker): do not create extra directories * fix (docker): ignore .github for caching purposes * fix (docker): use latest rust * fix: use a better name for manual deployment * refactor (docker): use standard directories for executable * fix (cd): most systems expect a "latest" tag Caching from the latest image is one of the main reasons to add this extra tag. Before this commit, the inline cache was not being used. * fix (cd): push the build image and the cache separately The inline cache exporter only supports `min` cache mode. To enable `max` cache mode, push the image and the cache separately by using the registry cache exporter. This also allows for smaller release images. * fix (cd): remove unused GHA cache We're leveraging the registry to cache the actions, instead of using the 10GB limits from Github Actions cache storage * refactor (cd): use cargo-chef for caching rust deps * fix (release): use newer debian to reduce vulnerabilities * fix (cd): use same zone, region and service accounts * fix (cd): use same disk size and type for all deployments * refactor (cd): activate interactive shells Use interactive shells for manual and test deployments. This allow greater flexibility if troubleshooting is needed inside the machines * fix (docker): do not build with different settings Compiling might be slow because different steps are compiling the same code 2-4 times because of the variations * fix(cd): use Mainnet instead of mainnet * fix(docker): remove tests as a runtime dependency * fix(cd): use default service account with cloud-platform scope * fix(cd): keep compatibility with gcr.io To prevent conflicts between registries, and migrate when the time is right, we'll keep pushing to both registries and use github actions cache to prevent conflicts between artifacts. * fix(docker): do not download zcash params twice * feat(docker): add google OS Config agent Use a separate step to have better flexibility in case a better approach is available * fix(docker): allow to use zebrad as a command * feat: add an image to inherit from with zcash params * refactor(docker): use cached zcash params from previous build * imp(cd): add double safety measure for production
2022-02-08 16:50:13 -08:00
# Create instance template from container image
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
- name: Manual deploy of a single ${{ inputs.network }} instance running zebrad
refactor(cd): improve Docker and gcloud usage without Cloud Build (#3431) * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): use newer google auth action * fix (cd): use newer secret as gcp credential * fix (docker): do not create extra directories * fix (docker): ignore .github for caching purposes * fix (docker): use latest rust * fix: use a better name for manual deployment * refactor (docker): use standard directories for executable * fix (cd): most systems expect a "latest" tag Caching from the latest image is one of the main reasons to add this extra tag. Before this commit, the inline cache was not being used. * fix (cd): push the build image and the cache separately The inline cache exporter only supports `min` cache mode. To enable `max` cache mode, push the image and the cache separately by using the registry cache exporter. This also allows for smaller release images. * fix (cd): remove unused GHA cache We're leveraging the registry to cache the actions, instead of using the 10GB limits from Github Actions cache storage * refactor (cd): use cargo-chef for caching rust deps * fix (release): use newer debian to reduce vulnerabilities * fix (cd): use same zone, region and service accounts * fix (cd): use same disk size and type for all deployments * refactor (cd): activate interactive shells Use interactive shells for manual and test deployments. This allow greater flexibility if troubleshooting is needed inside the machines * fix (docker): do not build with different settings Compiling might be slow because different steps are compiling the same code 2-4 times because of the variations * fix(cd): use Mainnet instead of mainnet * fix(docker): remove tests as a runtime dependency * fix(cd): use default service account with cloud-platform scope * fix(cd): keep compatibility with gcr.io To prevent conflicts between registries, and migrate when the time is right, we'll keep pushing to both registries and use github actions cache to prevent conflicts between artifacts. * fix(docker): do not download zcash params twice * feat(docker): add google OS Config agent Use a separate step to have better flexibility in case a better approach is available * fix(docker): allow to use zebrad as a command * feat: add an image to inherit from with zcash params * refactor(docker): use cached zcash params from previous build * imp(cd): add double safety measure for production
2022-02-08 16:50:13 -08:00
run: |
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
gcloud compute instances create-with-container "zebrad-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }}-${NETWORK}" \
ci(disk): use an official GCP image on CI VMs for disk auto-resizing, make CI & CD disks 300GB (#5371) * Revert "ci(ssh): connect using `ssh-compute` action by Google (#5330)" This reverts commit b366d6e7bb41125fbb861aa551610b3c3de7a544. * ci(ssh): use sudo for docker commands if user is not root * ci(ssh): specify the service account to connect with * ci(ssh): increase the Google Cloud instance sshd connection limit * chore: add a new line at the end of the script * chore: update our VM image to bullseye * chore: fix `tj-actions/changed-files` file comparison * ci(disk): use an official image on CI VMs for disk auto-resizing Previous behavior: We've presented issues in the past with resizing as the device is busy, for example: ``` e2fsck: Cannot continue, aborting. /dev/sdb is in use. ``` Expected behavior: We've been manually resizing the disk as this task was not being done automatically, but having an official Public Image from GCP would make this easier (automatic) and it also integrates better with other GCP services Configuration differences: https://cloud.google.com/compute/docs/images/os-details#notable-difference-debian Solution: - Use `debian-11` from the official public images https://cloud.google.com/compute/docs/images/os-details#debian - Remove the manual disk resizing from the pipeline * ci: increase VM disk size to fit future cached states sizes Some GCP disk images are 160 GB, which means they could get to the current 200 GB size soon.
2022-10-16 05:01:59 -07:00
--boot-disk-size 300GB \
refactor(cd): improve Docker and gcloud usage without Cloud Build (#3431) * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): use newer google auth action * fix (cd): use newer secret as gcp credential * fix (docker): do not create extra directories * fix (docker): ignore .github for caching purposes * fix (docker): use latest rust * fix: use a better name for manual deployment * refactor (docker): use standard directories for executable * fix (cd): most systems expect a "latest" tag Caching from the latest image is one of the main reasons to add this extra tag. Before this commit, the inline cache was not being used. * fix (cd): push the build image and the cache separately The inline cache exporter only supports `min` cache mode. To enable `max` cache mode, push the image and the cache separately by using the registry cache exporter. This also allows for smaller release images. * fix (cd): remove unused GHA cache We're leveraging the registry to cache the actions, instead of using the 10GB limits from Github Actions cache storage * refactor (cd): use cargo-chef for caching rust deps * fix (release): use newer debian to reduce vulnerabilities * fix (cd): use same zone, region and service accounts * fix (cd): use same disk size and type for all deployments * refactor (cd): activate interactive shells Use interactive shells for manual and test deployments. This allow greater flexibility if troubleshooting is needed inside the machines * fix (docker): do not build with different settings Compiling might be slow because different steps are compiling the same code 2-4 times because of the variations * fix(cd): use Mainnet instead of mainnet * fix(docker): remove tests as a runtime dependency * fix(cd): use default service account with cloud-platform scope * fix(cd): keep compatibility with gcr.io To prevent conflicts between registries, and migrate when the time is right, we'll keep pushing to both registries and use github actions cache to prevent conflicts between artifacts. * fix(docker): do not download zcash params twice * feat(docker): add google OS Config agent Use a separate step to have better flexibility in case a better approach is available * fix(docker): allow to use zebrad as a command * feat: add an image to inherit from with zcash params * refactor(docker): use cached zcash params from previous build * imp(cd): add double safety measure for production
2022-02-08 16:50:13 -08:00
--boot-disk-type=pd-ssd \
ci: use Container-Optimized OS public image on the VM (#5617) * ci(compute): use debian public image on the VM, not the container Previous behavior: We were pulling the debian image the wrong way, as this was being used as a container but it was meant to be the VM image The image being pulled to create the internal container has been causing crashes as this images do not exists on Google's container repositories Expected behavior: Use a public image as debian-11 to get multiple benefits from it, as being able to use machine-images (#5615) and automatic disk resizing (which is now possible as we're using COS images, but those are more restrictive) Solution Add `--image-project=debian-cloud` and `--image-family=debian-11` as stated in the official documentation: https://cloud.google.com/sdk/gcloud/reference/compute/instances/create-with-container#--image-project More info: https://cloud.google.com/compute/docs/images/os-details#import * fix: use a public image with docker on the host * fix(logs): missing sudo before docker command Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2022-11-16 15:08:28 -08:00
--image-project=cos-cloud \
--image-family=cos-stable \
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
--user-output-enabled \
--metadata google-logging-enabled=true,google-logging-use-fluentbit=true \
refactor(cd): improve Docker and gcloud usage without Cloud Build (#3431) * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): overall pipeline improvement - Use a more ENV configurable Dockerfile - Remove cloudbuild dependency - Use compute optimized machine types - Use SSD instead of normal hard drives - Move Sentry endpoint to secrets - Use a single yml for auto & manual deploy - Migrate to Google Artifact Registry * refactor (cd): use newer google auth action * fix (cd): use newer secret as gcp credential * fix (docker): do not create extra directories * fix (docker): ignore .github for caching purposes * fix (docker): use latest rust * fix: use a better name for manual deployment * refactor (docker): use standard directories for executable * fix (cd): most systems expect a "latest" tag Caching from the latest image is one of the main reasons to add this extra tag. Before this commit, the inline cache was not being used. * fix (cd): push the build image and the cache separately The inline cache exporter only supports `min` cache mode. To enable `max` cache mode, push the image and the cache separately by using the registry cache exporter. This also allows for smaller release images. * fix (cd): remove unused GHA cache We're leveraging the registry to cache the actions, instead of using the 10GB limits from Github Actions cache storage * refactor (cd): use cargo-chef for caching rust deps * fix (release): use newer debian to reduce vulnerabilities * fix (cd): use same zone, region and service accounts * fix (cd): use same disk size and type for all deployments * refactor (cd): activate interactive shells Use interactive shells for manual and test deployments. This allow greater flexibility if troubleshooting is needed inside the machines * fix (docker): do not build with different settings Compiling might be slow because different steps are compiling the same code 2-4 times because of the variations * fix(cd): use Mainnet instead of mainnet * fix(docker): remove tests as a runtime dependency * fix(cd): use default service account with cloud-platform scope * fix(cd): keep compatibility with gcr.io To prevent conflicts between registries, and migrate when the time is right, we'll keep pushing to both registries and use github actions cache to prevent conflicts between artifacts. * fix(docker): do not download zcash params twice * feat(docker): add google OS Config agent Use a separate step to have better flexibility in case a better approach is available * fix(docker): allow to use zebrad as a command * feat: add an image to inherit from with zcash params * refactor(docker): use cached zcash params from previous build * imp(cd): add double safety measure for production
2022-02-08 16:50:13 -08:00
--container-stdin \
--container-tty \
refactor(ci): use GitHub variables for non-sensitive info (#6357) * refactor(ci): use GitHub secrets and variables We've been using values that are variable across multiple workflows, and those can only be changed if modifying the workflows, but we should be able to change the values without committing new changes in the code for this purpose we're now using GitHub Variables, and even moving non-sensitive information into variables instead of secrets. Allowing more flexibility and other scenarios that should be easier to manage, like deploying to Mainnet or Testnet. * refactor(ci): use new GitHub variables for GCP auth * fix(ci): typo * fix(ci): do not use multiple variables for the same value * fix(ci): typo in variable * fix(vars): use different variables for machine types * fix(vars): missing substitution * fix: typo * fix: make the input CI network override the default network * Use the correct network variable for creating disks --------- Co-authored-by: teor <teor@riseup.net>
2023-04-12 23:56:21 -07:00
--container-image ${{ vars.GAR_BASE }}/zebrad@${{ needs.build.outputs.image_digest }} \
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
--container-env "NETWORK=${{ inputs.network }},LOG_FILE=${{ inputs.log_file || vars.CD_LOG_FILE }},SENTRY_DSN=${{ vars.SENTRY_DSN }},SHORT_SHA=${{ env.GITHUB_SHA_SHORT }}" \
fix(ci): remove warnings caused by missing `actions/checkout` step (#5874) * fix(ci): remove warnings caused by missing `actions/checkout` * fix: typo in arguments * fix: add the whole disk name as this is a single instance * fix: add dis name to mount
2023-01-10 02:11:11 -08:00
--create-disk=auto-delete=yes,size=300GB,type=pd-ssd \
change(cd): Deploy testnet instances for every main branch push and release (#6842)
2023-06-07 22:44:30 -07:00
--create-disk=name=zebrad-cache-${{ env.GITHUB_SHA_SHORT }}-${NETWORK},auto-delete=yes,size=300GB,type=pd-ssd \
--container-mount-disk=mount-path='/zebrad-cache',name=zebrad-cache-${{ env.GITHUB_SHA_SHORT }}-${NETWORK} \
refactor(ci): use GitHub variables for non-sensitive info (#6357) * refactor(ci): use GitHub secrets and variables We've been using values that are variable across multiple workflows, and those can only be changed if modifying the workflows, but we should be able to change the values without committing new changes in the code for this purpose we're now using GitHub Variables, and even moving non-sensitive information into variables instead of secrets. Allowing more flexibility and other scenarios that should be easier to manage, like deploying to Mainnet or Testnet. * refactor(ci): use new GitHub variables for GCP auth * fix(ci): typo * fix(ci): do not use multiple variables for the same value * fix(ci): typo in variable * fix(vars): use different variables for machine types * fix(vars): missing substitution * fix: typo * fix: make the input CI network override the default network * Use the correct network variable for creating disks --------- Co-authored-by: teor <teor@riseup.net>
2023-04-12 23:56:21 -07:00
--machine-type ${{ vars.GCP_SMALL_MACHINE }} \
ci: unpin specific `buildkit` version and fix deployment subnets (#6645) * ci(build): unpin specific `buildkit` version We previously had an issue with the following error: `cannot reuse body, request must be retried` This commonly was a wrong error, caused by a containerd issue which has being tracked and solved here: https://github.com/docker/build-push-action/issues/761#issuecomment-1406261692 We're having errors when building, and this might be caused by an underliying error which containerd is not showing us correctly. * ci(deploy): Use specific subnetworks on GCP VMs
2023-05-09 17:45:32 -07:00
--network-interface=subnet=${{ vars.GCP_SUBNETWORK }} \
fix(deployment): explicitly use a service account and region (#6643)
2023-05-09 14:13:26 -07:00
--service-account ${{ vars.GCP_DEPLOYMENTS_SA }} \
fix(ci): Fix network parameter in continous-delivery.yml, and add network labels to GCP jobs (#5710) * chore: add Network as a label * Fix network parameter in continous-delivery.yml * Standardise network usage in zcashd-manual-deploy * Use lowercase network labels * Fix some shellcheck errors * Hard-code a Mainnet default to support contexts where env is not available * Fix string syntax * Fix more shellcheck errors * Update .github/workflows/zcashd-manual-deploy.yml Co-authored-by: Gustavo Valverde <gustavo@iterativo.do> Co-authored-by: Arya <aryasolhi@gmail.com>
2022-11-25 13:11:22 -08:00
--labels=app=zebrad,environment=qa,network=${NETWORK},github_ref=${{ env.GITHUB_REF_SLUG_URL }} \
fix(deployment): explicitly use a service account and region (#6643)
2023-05-09 14:13:26 -07:00
--tags zebrad \
--zone ${{ vars.GCP_ZONE }}