Earn protocol WIP #22 (#561) #250
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Earn Protocol App Staging | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - dev | |
| jobs: | |
| changes: | |
| name: Check for earn protocol changes | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event_name == 'push' }} | |
| permissions: | |
| pull-requests: read | |
| outputs: | |
| build-earn-protocol: ${{ steps.filter.outputs.build-earn-protocol }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dorny/paths-filter@v3 | |
| id: filter | |
| with: | |
| filters: | | |
| build-earn-protocol: | |
| - 'apps/earn-protocol/**' | |
| - 'packages/app-db/**' | |
| - 'packages/app-types/**' | |
| - 'packages/app-earn-ui/**' | |
| - 'packages/app-icons/**' | |
| build-earn-protocol: | |
| name: Build and deploy Earn Protocol App | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| needs: changes | |
| if: ${{ needs.changes.outputs.build-earn-protocol == 'true' }} | |
| env: | |
| AWS_REGION: us-east-1 | |
| ENVIRONMENT_TAG: staging | |
| SERVICE_NAME: summer-fi-earn-protocol-staging | |
| CLUSTER_NAME: summer-fi-earn-protocol-staging | |
| CONFIG_URL: ${{ secrets.CONFIG_URL }} | |
| CONFIG_URL_RAYS: ${{ secrets.CONFIG_URL_RAYS }} | |
| FUNCTIONS_API_URL: ${{ secrets.FUNCTIONS_API_URL }} | |
| BORROW_DB_READ_CONNECTION_STRING: ${{ secrets.BORROW_DB_READ_CONNECTION_STRING }} | |
| EARN_PROTOCOL_DB_CONNECTION_STRING: ${{ secrets.EARN_PROTOCOL_DB_CONNECTION_STRING }} | |
| CONTENTFUL_ACCESS_TOKEN: ${{ secrets.CONTENTFUL_ACCESS_TOKEN }} | |
| CONTENTFUL_PREVIEW_ACCESS_TOKEN: ${{ secrets.CONTENTFUL_PREVIEW_ACCESS_TOKEN }} | |
| CONTENTFUL_SPACE_ID: ${{ secrets.CONTENTFUL_SPACE_ID }} | |
| MIXPANEL_KEY: ${{ secrets.MIXPANEL_KEY }} | |
| NEXT_PUBLIC_MIXPANEL_KEY: ${{ secrets.NEXT_PUBLIC_MIXPANEL_KEY }} | |
| ACCOUNT_KIT_API_KEY: ${{ secrets.ACCOUNT_KIT_API_KEY }} | |
| NEXT_PUBLIC_TRANSAK_API_KEY: ${{ secrets.NEXT_PUBLIC_TRANSAK_API_KEY }} | |
| NEXT_PUBLIC_TRANSAK_ENVIRONMENT: ${{ secrets.NEXT_PUBLIC_TRANSAK_ENVIRONMENT }} | |
| SUBGRAPH_BASE: ${{ secrets.SUBGRAPH_BASE }} | |
| SDK_API_URL: ${{ secrets.SDK_API_URL }} | |
| EARN_PROTOCOL_JWT_SECRET: ${{ secrets.EARN_PROTOCOL_JWT_SECRET }} | |
| EARN_PROTOCOL_JWT_CHALLENGE_SECRET: ${{ secrets.EARN_PROTOCOL_JWT_CHALLENGE_SECRET }} | |
| RPC_GATEWAY: ${{ secrets.RPC_GATEWAY }} | |
| TRM_API_KEY: ${{ secrets.TRM_API_KEY }} | |
| NEXT_TELEMETRY_DISABLED: ${{ secrets.NEXT_TELEMETRY_DISABLED }} | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 2 | |
| - name: Set up turbo cache | |
| uses: rharkor/caching-for-turbo@v1.5 | |
| - uses: pnpm/action-setup@v2.0.1 | |
| with: | |
| version: 8.14.1 | |
| - name: Setup Node.js environment | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 20 | |
| cache: 'pnpm' | |
| - name: Setup Earn Protocol App Next.js Cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ${{ github.workspace }}/apps/earn-protocol/.next/cache | |
| key: | |
| ${{ runner.os }}-earn-protocol-app-${{ hashFiles('pnpm-lock.yaml') }}-${{ | |
| hashFiles('apps/earn-protocol/**/*.ts', 'apps/earn-protocol/**/*.tsx') }} | |
| restore-keys: ${{ runner.os }}-earn-protocol-app-${{ hashFiles('pnpm-lock.yaml') }}- | |
| - name: Establish VPN connection | |
| run: | | |
| sudo apt update | |
| sudo apt install -y openvpn openvpn-systemd-resolved | |
| echo 'Configuring the VPN...' | |
| echo "${{ secrets.VPN_CONFIG }}" > vpn-config.ovpn | |
| echo "${{ secrets.VPN_USERNAME }}" > vpn-credentials.txt | |
| echo "${{ secrets.VPN_PASSWORD }}" >> vpn-credentials.txt | |
| echo 'Connecting to the VPN...' | |
| sudo openvpn --config vpn-config.ovpn --auth-user-pass vpn-credentials.txt --daemon | |
| sleep 5 | |
| - name: Check VPN connection | |
| env: | |
| BORROW_DB_READ_DB: ${{ secrets.BORROW_DB_READ_DB }} | |
| BORROW_DB_READ_HOST: ${{ secrets.BORROW_DB_READ_HOST }} | |
| BORROW_DB_READ_USER: ${{ secrets.BORROW_DB_READ_USER }} | |
| BORROW_DB_READ_PASSWORD: ${{ secrets.BORROW_DB_READ_PASSWORD }} | |
| PGCONNECT_TIMEOUT: 5 | |
| run: | | |
| echo 'Checking the VPN connection...' | |
| sudo systemctl start postgresql.service | |
| PGPASSWORD=$BORROW_DB_READ_PASSWORD /usr/bin/psql -d $BORROW_DB_READ_DB -U $BORROW_DB_READ_USER -h $BORROW_DB_READ_HOST -c 'SELECT 1;' > /dev/null | |
| STATUS_CODE=$? | |
| if ! [[ "$STATUS_CODE" = 0 ]]; then | |
| echo 'VPN connection failed' | |
| exit 1 | |
| fi | |
| echo 'VPN connected!' | |
| - name: Extract commit hash | |
| id: vars | |
| shell: bash | |
| run: | | |
| echo "::set-output name=sha_short::$(git rev-parse --short HEAD)" | |
| - name: Install dependencies | |
| run: pnpm install | |
| - name: Prebuild | |
| run: pnpm prebuild | |
| - name: Build | |
| run: pnpm build-earn-frontend | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_DEV }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY_ID_DEV }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Build docker image, copy build output and push to ECR | |
| id: build-image | |
| env: | |
| LATEST_TAG: latest | |
| ECR_REPO_NAME: summer-fi-earn-protocol-staging | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| SHA_TAG: ${{ steps.vars.outputs.sha_short }} | |
| run: | | |
| # Build a docker container and | |
| # push it to ECR so that it can | |
| # be deployed to ECS. | |
| docker build -f apps/earn-protocol/docker/Dockerfile \ | |
| --build-arg BORROW_DB_READ_CONNECTION_STRING=${{ secrets.BORROW_DB_READ_CONNECTION_STRING }} \ | |
| --build-arg EARN_PROTOCOL_DB_CONNECTION_STRING=${{ secrets.EARN_PROTOCOL_DB_CONNECTION_STRING }} \ | |
| --build-arg CONTENTFUL_SPACE_ID=${{ secrets.CONTENTFUL_SPACE_ID }} \ | |
| --build-arg CONTENTFUL_ACCESS_TOKEN=${{ secrets.CONTENTFUL_ACCESS_TOKEN }} \ | |
| --build-arg CONTENTFUL_PREVIEW_ACCESS_TOKEN=${{ secrets.CONTENTFUL_PREVIEW_ACCESS_TOKEN }} \ | |
| --build-arg CONFIG_URL=${{ secrets.CONFIG_URL }} \ | |
| --build-arg CONFIG_URL_RAYS=${{ secrets.CONFIG_URL_RAYS }} \ | |
| --build-arg FUNCTIONS_API_URL=${{ secrets.FUNCTIONS_API_URL }} \ | |
| --build-arg MIXPANEL_KEY=${{ secrets.MIXPANEL_KEY }} \ | |
| --build-arg NEXT_PUBLIC_MIXPANEL_KEY=${{ secrets.NEXT_PUBLIC_MIXPANEL_KEY }} \ | |
| --build-arg ACCOUNT_KIT_API_KEY=${{ secrets.ACCOUNT_KIT_API_KEY }} \ | |
| --build-arg NEXT_PUBLIC_TRANSAK_API_KEY=${{ secrets.NEXT_PUBLIC_TRANSAK_API_KEY }} \ | |
| --build-arg EARN_PROTOCOL_JWT_SECRET=${{ secrets.EARN_PROTOCOL_JWT_SECRET }} \ | |
| --build-arg EARN_PROTOCOL_JWT_CHALLENGE_SECRET=${{ secrets.EARN_PROTOCOL_JWT_CHALLENGE_SECRET }} \ | |
| --build-arg NEXT_PUBLIC_TRANSAK_ENVIRONMENT=${{ secrets.NEXT_PUBLIC_TRANSAK_ENVIRONMENT }} \ | |
| --build-arg RPC_GATEWAY=${{ secrets.RPC_GATEWAY }} \ | |
| --build-arg TRM_API_KEY=${{ secrets.TRM_API_KEY }} \ | |
| --build-arg NEXT_TELEMETRY_DISABLED=${{ secrets.NEXT_TELEMETRY_DISABLED }} \ | |
| --build-arg SDK_API_URL=${{ secrets.SDK_API_URL }} \ | |
| --cache-from type=registry,ref=189194422115.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/buildkit-test:cache \ | |
| -t $ECR_REGISTRY/$ECR_REPO_NAME:$SHA_TAG \ | |
| -t $ECR_REGISTRY/$ECR_REPO_NAME:$LATEST_TAG \ | |
| -t $ECR_REGISTRY/$ECR_REPO_NAME:$ENVIRONMENT_TAG \ | |
| ./apps/earn-protocol | |
| docker push $ECR_REGISTRY/$ECR_REPO_NAME --all-tags | |
| - name: Update ECS service with latest Docker image | |
| id: service-update | |
| run: | | |
| aws ecs update-service --cluster $CLUSTER_NAME --service ${{ env.SERVICE_NAME }} --force-new-deployment --region $AWS_REGION | |
| - name: Wait for all services to become stable | |
| uses: oryanmoshe/ecs-wait-action@v1.3 | |
| with: | |
| ecs-cluster: ${{ env.CLUSTER_NAME }} | |
| ecs-services: '["${{ env.SERVICE_NAME }}"]' |