From ae0c314eb408e3814c0f683db307459f7652a718 Mon Sep 17 00:00:00 2001 From: Krinitsyn Vladislav Date: Mon, 7 Oct 2024 13:59:23 +0200 Subject: [PATCH] fix(workflows): add node sync check; refine artefacts append to releases (#4213) --- .github/actions/message/action.yml | 2 + .github/actions/message/main.js | 4 + .github/workflows/PR.yml | 6 + .github/workflows/Update-Vara-Prod.yml | 215 ------------------------- .github/workflows/Update-testnet.yml | 126 --------------- .github/workflows/check-node-sync.yml | 104 ++++++++++++ .github/workflows/release.yml | 104 +++++++++++- .github/workflows/release_listener.yml | 50 ------ .github/workflows/rollback-testnet.yml | 95 ----------- .github/workflows/validation.yml | 69 +++++--- docker/Dockerfile | 78 +++++---- docker/Dockerfile-release | 6 +- docker/Vara-Dockerfile | 54 ------- 13 files changed, 307 insertions(+), 606 deletions(-) delete mode 100644 .github/workflows/Update-Vara-Prod.yml delete mode 100644 .github/workflows/Update-testnet.yml create mode 100644 .github/workflows/check-node-sync.yml delete mode 100644 .github/workflows/release_listener.yml delete mode 100644 .github/workflows/rollback-testnet.yml delete mode 100644 docker/Vara-Dockerfile diff --git a/.github/actions/message/action.yml b/.github/actions/message/action.yml index 49a58966d8a..a384f9ca035 100644 --- a/.github/actions/message/action.yml +++ b/.github/actions/message/action.yml @@ -16,6 +16,8 @@ outputs: description: If enable macOS build. validator: description: If enable validator checks. + check-node-sync: + description: If enable try full node sync. release: description: If enable release build. production: diff --git a/.github/actions/message/main.js b/.github/actions/message/main.js index d72d778aa0b..add09fc981a 100644 --- a/.github/actions/message/main.js +++ b/.github/actions/message/main.js @@ -19,6 +19,7 @@ const RELEASE = "E3-forcerelease"; const PRODUCTION = "E4-forceproduction"; const SKIP_CI = "[skip-ci]"; const VALIDATOR_LABEL = "check-validator"; +const CHECK_NODE_SYNC = "check-node-sync"; const [owner, repo] = ["gear-tech", "gear"]; /** @@ -78,6 +79,7 @@ async function main() { !skipCI && (isDepbot || BUILD_LABELS.some((label) => labels.includes(label))); const validator = !skipCI && labels.includes(VALIDATOR_LABEL); + const check_node_sync = !skipCI && labels.includes(CHECK_NODE_SYNC); const win_native = !skipCI && labels.includes(WINDOWS_NATIVE); const macos = !skipCI && labels.includes(MACOS); const release = !skipCI && labels.includes(RELEASE); @@ -90,6 +92,7 @@ async function main() { core.setOutput("macos", macos); core.setOutput("release", release); core.setOutput("validator", validator); + core.setOutput("check-node-sync", check_node_sync); core.setOutput("production", production); console.log("---"); @@ -99,6 +102,7 @@ async function main() { console.log("macos: ", macos); console.log("production: ", production); console.log("validator: ", validator); + console.log("check-node-sync: ", check_node_sync); console.log("release: ", release); // Mock checks if skipping CI. diff --git a/.github/workflows/PR.yml b/.github/workflows/PR.yml index 7730b2fb9a5..70768010602 100644 --- a/.github/workflows/PR.yml +++ b/.github/workflows/PR.yml @@ -23,6 +23,7 @@ jobs: win-native: ${{ steps.config.outputs.win-native }} macos: ${{ steps.config.outputs.macos }} validator: ${{ steps.config.outputs.validator }} + check-node-sync: ${{ steps.config.outputs.check-node-sync }} release: ${{ steps.config.outputs.release }} production: ${{ steps.config.outputs.production }} steps: @@ -74,3 +75,8 @@ jobs: VARA_VALIDATOR_8: ${{ secrets.VARA_VALIDATOR_8 }} SSH_VARA_USERNAME: ${{ secrets.SSH_VARA_USERNAME }} VARA_SSH_PRIVATE_KEY: ${{ secrets.VARA_SSH_PRIVATE_KEY }} + + check-node-sync: + needs: status + if: ${{ needs.status.outputs.check-node-sync == 'true' }} + uses: ./.github/workflows/check-node-sync.yml diff --git a/.github/workflows/Update-Vara-Prod.yml b/.github/workflows/Update-Vara-Prod.yml deleted file mode 100644 index 6b8de9d399b..00000000000 --- a/.github/workflows/Update-Vara-Prod.yml +++ /dev/null @@ -1,215 +0,0 @@ -name: Upgrade Vara Production - -on: - workflow_dispatch: - -env: - CARGO_TERM_COLOR: always - -jobs: - tag-image: - runs-on: ubuntu-latest - outputs: - image_tag: ${{ steps.image-tag.outputs.tag }} - steps: - - name: Checkout repo - uses: actions/checkout@v4 - - - name: Create image tag - id: image-tag - run: echo "tag=ghcr.io/gear-tech/node-vara:0.1.0-`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_OUTPUT - - docker: - runs-on: ubuntu-latest - needs: tag-image - steps: - - name: Checkout repo - uses: actions/checkout@v4 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to DockerHub - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build and push - id: docker_build - uses: docker/build-push-action@v6 - with: - context: . - file: ./docker/Vara-Dockerfile - push: true - tags: ghcr.io/gear-tech/node-vara:latest, ${{ needs.tag-image.outputs.image_tag }} - - deploy-first-connector: - runs-on: ubuntu-latest - needs: [docker, tag-image] - environment: production - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Install Info - run: | - ls -l . - ls -l ../.. - pwd - - - name: Send telegram notify before run playbook - uses: appleboy/telegram-action@master - with: - to: ${{ secrets.TELEGRAM_CHANNEL_ID }} - token: ${{ secrets.TELEGRAM_BOT_TOKEN }} - message: | - Attention! Instances will be temporarily unavailable! - ${{ github.actor }} run build with commit: "${{ github.event.commits[0].message }}" - Build number: ${{ github.run_number }} - - - name: Run playbook - uses: dawidd6/action-ansible-playbook@v2 - with: - # Required, playbook filepath - directory: ./ansible/ - playbook: vara.yaml - # Optional, SSH private key - key: ${{secrets.SSH_PRIVATE_KEY}} - # Optional, literal inventory file contents - inventory: | - [gearNodes:children] - nodes - [nodes] - ${{secrets.VARA_CONNECT_1}} name=vara-connect-1 connect=yes loki=yes loki_url=${{secrets.LOKI_URL}} gear_image_tag=${{ needs.tag-image.outputs.image_tag }} - - deploy-second-connector: - runs-on: ubuntu-latest - needs: [docker, tag-image, deploy-first-connector] - environment: production - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Install Info - run: | - ls -l . - ls -l ../.. - pwd - - - name: Send telegram notify before run playbook - uses: appleboy/telegram-action@master - with: - to: ${{ secrets.TELEGRAM_CHANNEL_ID }} - token: ${{ secrets.TELEGRAM_BOT_TOKEN }} - message: | - Attention! Instances will be temporarily unavailable! - ${{ github.actor }} run build with commit: "${{ github.event.commits[0].message }}" - Build number: ${{ github.run_number }} - - - name: Run playbook - uses: dawidd6/action-ansible-playbook@v2 - with: - # Required, playbook filepath - directory: ./ansible/ - playbook: vara.yaml - # Optional, SSH private key - key: ${{secrets.SSH_PRIVATE_KEY}} - # Optional, literal inventory file contents - inventory: | - [gearNodes:children] - nodes - [nodes] - ${{secrets.VARA_CONNECT_2}} name=vara-connect-2 connect=yes loki=yes loki_url=${{secrets.LOKI_URL}} gear_image_tag=${{ needs.tag-image.outputs.image_tag }} - - deploy-one-validator: - runs-on: ubuntu-latest - needs: [docker, tag-image, deploy-first-connector,deploy-second-connector] - environment: production - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Install Info - run: | - ls -l . - ls -l ../.. - pwd - - - name: Send telegram notify before run playbook - uses: appleboy/telegram-action@master - with: - to: ${{ secrets.TELEGRAM_CHANNEL_ID }} - token: ${{ secrets.TELEGRAM_BOT_TOKEN }} - message: | - Attention! Instances will be temporarily unavailable! - ${{ github.actor }} run build with commit: "${{ github.event.commits[0].message }}" - Build number: ${{ github.run_number }} - - - name: Run playbook - uses: dawidd6/action-ansible-playbook@v2 - with: - # Required, playbook filepath - directory: ./ansible/ - playbook: vara.yaml - # Optional, SSH private key - key: ${{secrets.SSH_PRIVATE_KEY}} - # Optional, literal inventory file contents - inventory: | - [gearNodes:children] - nodes - [nodes] - ${{secrets.VARA_NODE_1}} name=vara-validator-1 validator=yes loki=yes loki_url=${{secrets.LOKI_URL}} gear_image_tag=${{ needs.tag-image.outputs.image_tag }} - - deploy-all-validator: - runs-on: ubuntu-latest - environment: production - needs: [docker, tag-image, deploy-first-connector, deploy-second-connector, deploy-one-validator] - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Install Info - run: | - ls -l . - ls -l ../.. - pwd - - - name: Send telegram notify before run playbook - uses: appleboy/telegram-action@master - with: - to: ${{ secrets.TELEGRAM_CHANNEL_ID }} - token: ${{ secrets.TELEGRAM_BOT_TOKEN }} - message: | - Attention! Instances will be temporarily unavailable! - ${{ github.actor }} run build with commit: "${{ github.event.commits[0].message }}" - Build number: ${{ github.run_number }} - - - name: Run playbook - uses: dawidd6/action-ansible-playbook@v2 - with: - # Required, playbook filepath - directory: ./ansible/ - playbook: vara.yaml - # Optional, SSH private key - key: ${{secrets.SSH_PRIVATE_KEY}} - # Optional, literal inventory file contents - inventory: | - [gearNodes:children] - bootnode - nodes - [bootnode] - ${{secrets.VARA_NODE_2}} name=vara-validator-2 loki=yes loki_url=${{secrets.LOKI_URL}} gear_image_tag=${{ needs.tag-image.outputs.image_tag }} - [nodes] - ${{secrets.VARA_NODE_3}} name=vara-validator-3 validator=yes loki=yes loki_url=${{secrets.LOKI_URL}} gear_image_tag=${{ needs.tag-image.outputs.image_tag }} - ${{secrets.VARA_NODE_4}} name=vara-validator-4 validator=yes loki=yes loki_url=${{secrets.LOKI_URL}} gear_image_tag=${{ needs.tag-image.outputs.image_tag }} - ${{secrets.VARA_NODE_5}} name=vara-validator-5 validator=yes loki=yes loki_url=${{secrets.LOKI_URL}} gear_image_tag=${{ needs.tag-image.outputs.image_tag }} - ${{secrets.VARA_NODE_6}} name=vara-validator-6 validator=yes loki=yes loki_url=${{secrets.LOKI_URL}} gear_image_tag=${{ needs.tag-image.outputs.image_tag }} - ${{secrets.VARA_NODE_7}} name=vara-validator-7 validator=yes loki=yes loki_url=${{secrets.LOKI_URL}} gear_image_tag=${{ needs.tag-image.outputs.image_tag }} - ${{secrets.VARA_NODE_8}} name=vara-validator-8 validator=yes loki=yes loki_url=${{secrets.LOKI_URL}} gear_image_tag=${{ needs.tag-image.outputs.image_tag }} - ${{secrets.VARA_NODE_RPC}} name=vara-rpc rpc=yes unsafe=yes loki=yes loki_url=${{secrets.LOKI_URL}} gear_image_tag=${{ needs.tag-image.outputs.image_tag }} - ${{secrets.VARA_NODE_ARCHIVE_RPC}} name=vara-archive-rpc archive_node=yes loki=yes loki_url=${{secrets.LOKI_URL}} gear_image_tag=${{ needs.tag-image.outputs.image_tag }} diff --git a/.github/workflows/Update-testnet.yml b/.github/workflows/Update-testnet.yml deleted file mode 100644 index b8819c6445c..00000000000 --- a/.github/workflows/Update-testnet.yml +++ /dev/null @@ -1,126 +0,0 @@ -name: Update production testnet - -on: - workflow_dispatch: - -env: - CARGO_TERM_COLOR: always - -jobs: - tag-image: - runs-on: ubuntu-latest - outputs: - image_tag: ${{ steps.image-tag.outputs.tag }} - steps: - - name: Checkout repo - uses: actions/checkout@v4 - - - name: Create image tag - id: image-tag - run: echo "tag=ghcr.io/gear-tech/node:0.1.0-`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_OUTPUT - - docker: - runs-on: [kuberunner] - needs: tag-image - steps: - - name: Checkout repo - uses: actions/checkout@v4 - - - name: Echo tag - run: echo ${{ needs.tag-image.outputs.image_tag }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to DockerHub - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build and push - id: docker_build - uses: docker/build-push-action@v6 - with: - context: . - file: ./docker/Dockerfile - push: true - tags: ghcr.io/gear-tech/node:latest, ${{ needs.tag-image.outputs.image_tag }} - -# deploy-one-validator: -# runs-on: ubuntu-latest -# needs: [docker, tag-image] -# steps: -# - name: Checkout -# uses: actions/checkout@v4 - - - -# - name: Send telegram notify before run playbook -# uses: appleboy/telegram-action@master -# with: -# to: ${{ secrets.TELEGRAM_CHANNEL_ID }} -# token: ${{ secrets.TELEGRAM_BOT_TOKEN }} -# message: | -# Attention! Instances will be temporarily unavailable! -# Update second validator! -# ${{ github.actor }} run build with commit: "${{ github.event.commits[0].message }}" -# Build number: ${{ github.run_number }} - -# - name: Run playbook -# uses: dawidd6/action-ansible-playbook@v2 -# with: -# # Required, playbook filepath -# directory: ./ansible/ -# playbook: main.yaml -# # Optional, SSH private key -# key: ${{secrets.SSH_PRIVATE_KEY}} -# # Optional, literal inventory file contents -# inventory: | -# [gearNodes:children] -# nodes -# [nodes] -# ${{secrets.GEAR_NODE_2}} name=testnet-gear02 validator=yes loki=yes loki_url=${{secrets.LOKI_URL}} gear_image_tag=${{ needs.tag-image.outputs.image_tag }} - -# deploy-all-validators: -# runs-on: ubuntu-latest -# environment: production -# needs: [docker, deploy-one-validator,tag-image] -# steps: -# - name: Checkout -# uses: actions/checkout@v4 - - - -# - name: Send telegram notify before run playbook -# uses: appleboy/telegram-action@master -# with: -# to: ${{ secrets.TELEGRAM_CHANNEL_ID }} -# token: ${{ secrets.TELEGRAM_BOT_TOKEN }} -# message: | -# Attention! Instances will be temporarily unavailable! -# Update all testnet! -# ${{ github.actor }} run build with commit: "${{ github.event.commits[0].message }}" -# Build number: ${{ github.run_number }} - -# - name: Run playbook -# uses: dawidd6/action-ansible-playbook@v2 -# with: -# # Required, playbook filepath -# directory: ./ansible/ -# playbook: main.yaml -# # Optional, SSH private key -# key: ${{secrets.SSH_PRIVATE_KEY}} -# # Optional, literal inventory file contents -# inventory: | -# [gearNodes:children] -# bootnode -# nodes -# [bootnode] -# ${{secrets.GEAR_NODE}} name=testnet-gear01 loki=yes loki_url=${{secrets.LOKI_URL}} gear_image_tag=${{ needs.tag-image.outputs.image_tag }} -# [nodes] -# ${{secrets.GEAR_NODE_3}} name=testnet-rpc-node rpc=yes unsafe=yes loki=yes loki_url=${{secrets.LOKI_URL}} gear_image_tag=${{ needs.tag-image.outputs.image_tag }} -# ${{secrets.GEAR_NODE_4}} name=testnet-gear03 validator=yes loki=yes loki_url=${{secrets.LOKI_URL}} gear_image_tag=${{ needs.tag-image.outputs.image_tag }} -# ${{secrets.GEAR_NODE_5}} name=testnet-gear04 validator=yes loki=yes loki_url=${{secrets.LOKI_URL}} gear_image_tag=${{ needs.tag-image.outputs.image_tag }} -# ${{secrets.ARCHIVE_RPC_NODE}} name=testnet-archive-rpc-node rpc=yes unsafe=no archive_node=yes loki=yes loki_url=${{secrets.LOKI_URL}} gear_image_tag=${{ needs.tag-image.outputs.image_tag }} diff --git a/.github/workflows/check-node-sync.yml b/.github/workflows/check-node-sync.yml new file mode 100644 index 00000000000..8d882ffd577 --- /dev/null +++ b/.github/workflows/check-node-sync.yml @@ -0,0 +1,104 @@ +name: Check node sync + +on: + workflow_dispatch: + workflow_call: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +env: + CARGO_TERM_COLOR: always + +jobs: + prepare: + runs-on: ubuntu-latest + outputs: + image_name: ${{ steps.image.outputs.image_name }} + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Get branch + id: branch + run: | + branch_name=${GITHUB_REF#refs/heads/} + echo "branch_name=$branch_name" >> $GITHUB_ENV + + - name: Get short SHA + id: sha + run: | + sha_short=$(git rev-parse --short HEAD) + echo "sha_short=$sha_short" >> $GITHUB_ENV + + - name: Set IMAGE_NAME + id: image + run: | + image_name="ghcr.io/gear-tech/node:${{ env.branch_name }}-${{ env.sha_short }}" + echo "image_name=$image_name" >> $GITHUB_OUTPUT + + build-and-push-image: + needs: [prepare] + runs-on: kuberunner + permissions: + contents: read + packages: write + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Log in to the github container registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push image + uses: docker/build-push-action@v6 + with: + file: ./docker/Dockerfile + push: true + tags: ${{ needs.prepare.outputs.image_name }} + + check-mainnet: + needs: [prepare, build-and-push-image] + runs-on: kuberunner + timeout-minutes: 7200 + steps: + - name: Run mainnet sync + run: | + docker run --name gear-node --rm ${{ needs.prepare.outputs.image_name }} \ + gear --chain vara --sync full 2>&1 | tee -a ./sync.log & + while ! grep -q 'Imported' ./sync.log; do sleep 60; done + docker kill gear-node + + check-testnet: + needs: [prepare, build-and-push-image] + runs-on: kuberunner + timeout-minutes: 7200 + steps: + - name: Run testnet sync + run: | + docker run --name gear-node --rm ${{ needs.prepare.outputs.image_name }} \ + gear --chain testnet --sync full 2>&1 | tee -a ./sync.log & + while ! grep -q 'Imported' ./sync.log; do sleep 60; done + docker kill gear-node + + notify: + if: failure() + runs-on: ubuntu-latest + steps: + - name: Notify build failure in Telegram + if: failure() + uses: appleboy/telegram-action@master + with: + to: ${{ secrets.TELEGRAM_DEVOPS_CHAT }} + token: ${{ secrets.TELEGRAM_DEVOPS_TOKEN }} + format: markdown + disable_web_page_preview: true + message: | + *Status:* 🔥 + *Problem:* Build failed + *Details:* https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c6be38ee103..e1496040fbb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,8 +1,39 @@ name: Release on: - push: - tags: [ "*" ] + workflow_dispatch: + inputs: + tag_name: + description: 'Tag for release. Example: v1.0.0' + required: true + make_latest: + description: 'Mark this release as the latest' + required: true + type: choice + options: + - true + - false + default: 'true' + draft: + description: 'Publish as draft' + required: true + type: choice + options: + - true + - false + default: 'false' + prerelease: + description: 'Is this a pre-release' + required: true + type: choice + options: + - true + - false + default: 'false' + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true env: CARGO_TERM_COLOR: always @@ -15,6 +46,8 @@ jobs: steps: - name: "Actions: Checkout" uses: actions/checkout@v4 + with: + ref: ${{ github.event.inputs.tag_name }} - name: "Environment: Cargo path" run: echo "/tmp/cargo/bin" >> $GITHUB_PATH @@ -68,7 +101,74 @@ jobs: cp target/production/gear artifact/gear strip artifact/gear || true + - name: Check SHA256 checksums + run: | + sha256sum artifact/production_vara_runtime_v$VARA_SPEC.wasm + sha256sum artifact/testnet_vara_runtime_v$VARA_SPEC.wasm + - name: Publish uses: softprops/action-gh-release@v2 with: files: artifact/* + tag_name: ${{ github.event.inputs.tag_name }} + make_latest: ${{ github.event.inputs.make_latest }} + draft: ${{ github.event.inputs.draft }} + prerelease: ${{ github.event.inputs.prerelease }} + token: ${{ env.GITHUB_TOKEN }} + + trigger-multiplatform-build: + needs: build + runs-on: ubuntu-latest + steps: + - name: Dispatch Multiplatform Build Workflow + uses: actions/github-script@v7 + with: + github-token: ${{ env.GITHUB_TOKEN }} + script: | + github.rest.actions.createWorkflowDispatch({ + owner: 'gear-tech', + repo: 'builds', + workflow_id: 'nightly.yml', + ref: 'master', + inputs: { + release_version: '${{ github.event.inputs.tag_name }}', + latest: '${{ github.event.inputs.make_latest }}' + } + }); + + trigger-docker-build: + needs: build + runs-on: ubuntu-latest + steps: + - name: Dispatch Docker Build Workflow + uses: actions/github-script@v7 + with: + github-token: ${{ env.GITHUB_TOKEN }} + script: | + github.rest.actions.createWorkflowDispatch({ + owner: 'gear-tech', + repo: 'gear', + workflow_id: 'CI-docker-gear.yml', + ref: 'master', + inputs: { + release_version: '${{ github.event.inputs.tag_name }}', + latest: '${{ github.event.inputs.make_latest }}' + } + }); + + notify: + if: failure() + runs-on: ubuntu-latest + steps: + - name: Notify build failure in Telegram + if: failure() + uses: appleboy/telegram-action@master + with: + to: ${{ secrets.TELEGRAM_DEVOPS_CHAT }} + token: ${{ secrets.TELEGRAM_DEVOPS_TOKEN }} + format: markdown + disable_web_page_preview: true + message: | + *Status:* 🔥 + *Problem:* Build failed + *Details:* https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} diff --git a/.github/workflows/release_listener.yml b/.github/workflows/release_listener.yml deleted file mode 100644 index baf65968bc5..00000000000 --- a/.github/workflows/release_listener.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: Release Listener - -on: - release: - types: [published] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -env: - GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} - -jobs: - trigger-multiplatform-build: - runs-on: ubuntu-latest - steps: - - name: Dispatch Multiplatform Build Workflow - uses: actions/github-script@v7 - with: - github-token: ${{ env.GITHUB_TOKEN }} - script: | - github.rest.actions.createWorkflowDispatch({ - owner: 'gear-tech', - repo: 'builds', - workflow_id: 'nightly.yml', - ref: 'master', - inputs: { - release_version: '${{ github.event.release.tag_name }}' - } - }); - - trigger-docker-build: - runs-on: ubuntu-latest - steps: - - name: Dispatch Docker Build Workflow - uses: actions/github-script@v7 - with: - github-token: ${{ env.GITHUB_TOKEN }} - script: | - github.rest.actions.createWorkflowDispatch({ - owner: 'gear-tech', - repo: 'gear', - workflow_id: 'CI-docker-gear.yml', - ref: 'master', - inputs: { - release_version: '${{ github.event.release.tag_name }}', - latest: 'true' - } - }); diff --git a/.github/workflows/rollback-testnet.yml b/.github/workflows/rollback-testnet.yml deleted file mode 100644 index 27a9564bc0a..00000000000 --- a/.github/workflows/rollback-testnet.yml +++ /dev/null @@ -1,95 +0,0 @@ -name: Rollback production testnet - -on: - workflow_dispatch: - inputs: - image-tag: - description: 'Tag for rollback' - required: true - -env: - CARGO_TERM_COLOR: always - IMAGE_NAME: ghcr.io/gear-tech/node:${{ github.event.inputs.image-tag }} - -jobs: - rollback-one-validator: - runs-on: ubuntu-latest - environment: production - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Install Info - run: | - ls -l . - ls -l ../.. - pwd - - - name: Send telegram notify before run playbook - uses: appleboy/telegram-action@master - with: - to: ${{ secrets.TELEGRAM_CHANNEL_ID }} - token: ${{ secrets.TELEGRAM_BOT_TOKEN }} - message: | - Attention! - Rollback second validator with docker image ${{ env.IMAGE_NAME }} - - - name: Run playbook - uses: dawidd6/action-ansible-playbook@v2 - with: - # Required, playbook filepath - directory: ./ansible/ - playbook: main.yaml - # Optional, SSH private key - key: ${{secrets.SSH_PRIVATE_KEY}} - # Optional, literal inventory file contents - inventory: | - [gearNodes:children] - nodes - [nodes] - ${{secrets.GEAR_NODE_2}} name=testnet-gear02 validator=yes loki=yes loki_url=${{secrets.LOKI_URL}} gear_image_tag=${{ env.IMAGE_NAME }} - - rollback-all-validators: - runs-on: ubuntu-latest - needs: rollback-one-validator - environment: production - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Install Info - run: | - ls -l . - ls -l ../.. - pwd - - - name: Send telegram notify before run playbook - uses: appleboy/telegram-action@master - with: - to: ${{ secrets.TELEGRAM_CHANNEL_ID }} - token: ${{ secrets.TELEGRAM_BOT_TOKEN }} - message: | - Attention! - Rollback all testnet with docker image ${{ env.IMAGE_NAME }} - - - name: Run playbook - uses: dawidd6/action-ansible-playbook@v2 - with: - # Required, playbook filepath - directory: ./ansible/ - playbook: main.yaml - # Optional, SSH private key - key: ${{secrets.SSH_PRIVATE_KEY}} - # Optional, literal inventory file contents - inventory: | - [gearNodes:children] - bootnode - nodes - [bootnode] - ${{secrets.GEAR_NODE}} name=testnet-gear01 loki=yes loki_url=${{secrets.LOKI_URL}} gear_image_tag=${{ env.IMAGE_NAME }} - [nodes] - ${{secrets.GEAR_NODE_3}} name=testnet-rpc-node rpc=yes unsafe=yes loki=yes loki_url=${{secrets.LOKI_URL}} gear_image_tag=${{ env.IMAGE_NAME }} - ${{secrets.GEAR_NODE_4}} name=testnet-gear03 validator=yes loki=yes loki_url=${{secrets.LOKI_URL}} gear_image_tag=${{ env.IMAGE_NAME }} - ${{secrets.GEAR_NODE_5}} name=testnet-gear04 validator=yes loki=yes loki_url=${{secrets.LOKI_URL}} gear_image_tag=${{ env.IMAGE_NAME }} - ${{secrets.ARCHIVE_NODE}} name=testnet-archive-node validator=yes archive_node=yes loki=yes loki_url=${{secrets.LOKI_URL}} gear_image_tag=${{ env.IMAGE_NAME }} - ${{secrets.ARCHIVE_RPC_NODE}} name=testnet-archive-rpc-node rpc=yes unsafe=no archive_node=yes loki=yes loki_url=${{secrets.LOKI_URL}} gear_image_tag=${{ env.IMAGE_NAME }} diff --git a/.github/workflows/validation.yml b/.github/workflows/validation.yml index 8dfbc1fd943..28f6fbfc8e2 100644 --- a/.github/workflows/validation.yml +++ b/.github/workflows/validation.yml @@ -11,55 +11,65 @@ on: VARA_SSH_PRIVATE_KEY: required: true +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + env: CARGO_TERM_COLOR: always jobs: - tag-image: + prepare: runs-on: ubuntu-latest outputs: - image_tag: ${{ steps.image-tag.outputs.tag }} + image_name: ${{ steps.image.outputs.image_name }} steps: - - name: Checkout repo + - name: Checkout repository uses: actions/checkout@v4 - - name: Create image tag - id: image-tag - run: echo "tag=ghcr.io/gear-tech/node:0.1.0-`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_OUTPUT + - name: Get branch + id: branch + run: | + branch_name=${GITHUB_REF#refs/heads/} + echo "branch_name=$branch_name" >> $GITHUB_ENV + + - name: Get short SHA + id: sha + run: | + sha_short=$(git rev-parse --short HEAD) + echo "sha_short=$sha_short" >> $GITHUB_ENV + + - name: Set IMAGE_NAME + id: image + run: | + image_name="ghcr.io/gear-tech/node:${{ env.branch_name }}-${{ env.sha_short }}" + echo "image_name=$image_name" >> $GITHUB_OUTPUT build-update-validator: runs-on: [kuberunner] - needs: tag-image + needs: prepare steps: - - name: Checkout repo + - name: Checkout repository uses: actions/checkout@v4 - - name: Echo tag - run: echo ${{ needs.tag-image.outputs.image_tag }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to DockerHub + - name: Log in to the github container registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and push - id: docker_build + - name: Build and push image uses: docker/build-push-action@v6 with: - context: . file: ./docker/Dockerfile push: true - tags: ${{ needs.tag-image.outputs.image_tag }} + tags: ${{ needs.prepare.outputs.image_name }} - name: SSH into VM uses: appleboy/ssh-action@v1.0.3 env: - NEW_IMAGE: ${{ needs.tag-image.outputs.image_tag }} + NEW_IMAGE: ${{ needs.prepare.outputs.image_name }} with: host: ${{ secrets.VARA_VALIDATOR_8 }} username: ${{ secrets.SSH_VARA_USERNAME }} @@ -67,5 +77,22 @@ jobs: envs: NEW_IMAGE script: | sudo docker-compose -f /home/gear/docker-compose.yaml down - awk -v new_image="$NEW_IMAGE" '{gsub(/image: ghcr.io\/gear-tech\/node:.*/, "image: " new_image)}1' /home/gear/docker-compose.yaml > tmp && mv tmp /home/gear/docker-compose.yaml + sudo sed -i "s|image:.*|image: ${NEW_IMAGE}|g" /home/gear/docker-compose.yaml sudo docker-compose -f /home/gear/docker-compose.yaml up -d + + notify: + if: failure() + runs-on: ubuntu-latest + steps: + - name: Notify build failure in Telegram + if: failure() + uses: appleboy/telegram-action@master + with: + to: ${{ secrets.TELEGRAM_DEVOPS_CHAT }} + token: ${{ secrets.TELEGRAM_DEVOPS_TOKEN }} + format: markdown + disable_web_page_preview: true + message: | + *Status:* 🔥 + *Problem:* Build failed + *Details:* https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} diff --git a/docker/Dockerfile b/docker/Dockerfile index c15e2bd8d13..e8a705a263f 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,54 +1,52 @@ +# ===== BUILD STAGE ====== FROM amazonlinux:2023 as builder -LABEL description="This is the build stage for Gear. Here we create the binary." ARG PROFILE=production -WORKDIR /gear +ARG TOOLCHAIN=nightly-2023-04-25 -COPY . /gear +RUN yum update -y && \ + yum install -y clang gcc git gzip make tar wget unzip && \ + yum clean all && \ + rm -rf /var/cache/yum + +RUN curl -OL https://github.com/protocolbuffers/protobuf/releases/download/v3.14.0/protoc-3.14.0-linux-x86_64.zip && \ + unzip -o protoc-3.14.0-linux-x86_64.zip -d /usr/local bin/protoc && \ + unzip -o protoc-3.14.0-linux-x86_64.zip -d /usr/local 'include/*' && \ + rm -f protoc-3.14.0-linux-x86_64.zip + +RUN wget https://cmake.org/files/v3.24/cmake-3.24.0-linux-x86_64.sh && \ + chmod +x cmake-3.24.0-linux-x86_64.sh && \ + ./cmake-3.24.0-linux-x86_64.sh --skip-license --prefix=/usr/local && \ + rm cmake-3.24.0-linux-x86_64.sh && \ + cmake --version + +RUN wget https://sh.rustup.rs/rustup-init.sh && \ + chmod +x rustup-init.sh && \ + ./rustup-init.sh -y && \ + rm rustup-init.sh -# Install dependencies -RUN yum update -y && yum install -y clang gcc git gzip make tar wget unzip - -ARG PROTOC_ZIP=protoc-3.14.0-linux-x86_64.zip -RUN curl -OL https://github.com/protocolbuffers/protobuf/releases/download/v3.14.0/$PROTOC_ZIP -RUN unzip -o $PROTOC_ZIP -d /usr/local bin/protoc -RUN unzip -o $PROTOC_ZIP -d /usr/local 'include/*' -RUN rm -f $PROTOC_ZIP - -# Install CMake v3 -RUN wget https://cmake.org/files/v3.24/cmake-3.24.0-linux-x86_64.sh -RUN chmod +x cmake-3.24.0-linux-x86_64.sh -RUN ./cmake-3.24.0-linux-x86_64.sh --skip-license --prefix=/usr/local -RUN rm cmake-3.24.0-linux-x86_64.sh -RUN cmake --version - -# Install Rust and toolchains -RUN wget https://sh.rustup.rs/rustup-init.sh -RUN chmod +x rustup-init.sh -RUN ./rustup-init.sh -y ENV PATH="/root/.cargo/bin:$PATH" -#RUN rustup default stable -RUN rustup toolchain install nightly-2023-04-25 -RUN rustup target add wasm32-unknown-unknown --toolchain nightly-2023-04-25 -#RUN rustup update nightly && rustup target add wasm32-unknown-unknown --toolchain -# Build +COPY . /gear + +WORKDIR /gear + +RUN rustup toolchain install $TOOLCHAIN && \ + rustup target add wasm32-unknown-unknown --toolchain $TOOLCHAIN + RUN cargo build -p gear-cli --profile $PROFILE -# ===== SECOND STAGE ====== -FROM ubuntu:22.04 -MAINTAINER GEAR -LABEL description="This is the 2nd stage: a very small image where we copy the Gear binary." +# ===== FINAL STAGE ====== +FROM debian:12-slim + ARG PROFILE=production + +RUN apt-get update && apt-get upgrade -y && \ + rm -rf /var/lib/apt/lists/* + COPY --from=builder /gear/target/$PROFILE/gear /usr/local/bin -RUN apt-get update && apt-get install -y openssl -RUN useradd -m -u 1000 -U -s /bin/sh -d /gear gear && \ - mkdir -p /gear/.local/share && \ - mkdir /data && \ - chown -R gear:gear /data && \ - ln -s /data /gear/.local/share/gear -USER root +RUN gear --version -CMD ["/usr/local/bin/gear"] +CMD ["gear"] diff --git a/docker/Dockerfile-release b/docker/Dockerfile-release index dcce72a6c20..7a027b797cb 100644 --- a/docker/Dockerfile-release +++ b/docker/Dockerfile-release @@ -1,9 +1,9 @@ FROM debian:12-slim -ARG RELEASE_VERSION +ARG RELEASE_VERSION=latest -RUN apt-get update && \ - apt-get install -y curl sudo xz-utils && \ +RUN apt-get update && apt-get upgrade -y && \ + apt-get install -y curl && \ rm -rf /var/lib/apt/lists/* RUN if [ "$RELEASE_VERSION" = "latest" ]; then \ diff --git a/docker/Vara-Dockerfile b/docker/Vara-Dockerfile deleted file mode 100644 index 4abe70f29fc..00000000000 --- a/docker/Vara-Dockerfile +++ /dev/null @@ -1,54 +0,0 @@ -FROM amazonlinux:2023 as builder -LABEL description="This is the build stage for Gear. Here we create the binary." - -ARG PROFILE=production -WORKDIR /gear - -COPY . /gear - -# Install dependencies -RUN yum update -y && yum install -y clang gcc git gzip make tar wget unzip - -ARG PROTOC_ZIP=protoc-3.14.0-linux-x86_64.zip -RUN curl -OL https://github.com/protocolbuffers/protobuf/releases/download/v3.14.0/$PROTOC_ZIP -RUN unzip -o $PROTOC_ZIP -d /usr/local bin/protoc -RUN unzip -o $PROTOC_ZIP -d /usr/local 'include/*' -RUN rm -f $PROTOC_ZIP - -# Install CMake v3 -RUN wget https://cmake.org/files/v3.24/cmake-3.24.0-linux-x86_64.sh -RUN chmod +x cmake-3.24.0-linux-x86_64.sh -RUN ./cmake-3.24.0-linux-x86_64.sh --skip-license --prefix=/usr/local -RUN rm cmake-3.24.0-linux-x86_64.sh -RUN cmake --version - -# Install Rust and toolchains -RUN wget https://sh.rustup.rs/rustup-init.sh -RUN chmod +x rustup-init.sh -RUN ./rustup-init.sh -y -ENV PATH="/root/.cargo/bin:$PATH" -RUN rustup default stable -RUN cargo --version -RUN rustc --version -RUN rustup update nightly && rustup target add wasm32-unknown-unknown --toolchain nightly - -# Build -RUN cargo build -p gear-cli --no-default-features --features=vara-native --profile $PROFILE - -# ===== SECOND STAGE ====== - -FROM ubuntu:22.10 -MAINTAINER GEAR -LABEL description="This is the 2nd stage: a very small image where we copy the Gear binary." -ARG PROFILE=production -COPY --from=builder /gear/target/$PROFILE/gear /usr/local/bin -RUN apt-get update && apt-get install -y openssl -RUN useradd -m -u 1000 -U -s /bin/sh -d /gear gear && \ - mkdir -p /gear/.local/share && \ - mkdir /data && \ - chown -R gear:gear /data && \ - ln -s /data /gear/.local/share/gear - -USER root - -CMD ["/usr/local/bin/gear"]