|
20 | 20 | tags: |
21 | 21 | - '@cardano-sdk/cardano-services**' |
22 | 22 | env: |
23 | | - AWS_REGION: us-east-1 |
24 | | - AWS_ROLE_ARN: arn:aws:iam::926093910549:role/lace-ci |
25 | 23 | # NIX_UPLOAD_CACHE: s3://lace-nix-cache?region=us-east-1 |
26 | 24 | DISCOVERY_USER_NAME: gha-runner |
27 | 25 | DISCOVERY_KNOWN_HOSTS_ENTRY: "65.109.126.156 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEOVVDZydvD+diYa6A3EtA3WGw5NfN0wv7ckQxa/fX1O" |
28 | | -permissions: |
29 | | - id-token: write |
30 | | - contents: read |
31 | 26 | concurrency: |
32 | 27 | group: std-${{ github.workflow }}-${{ github.ref }} |
33 | 28 | cancel-in-progress: true |
|
36 | 31 | outputs: |
37 | 32 | hits: ${{ steps.discovery.outputs.hits }} |
38 | 33 | runs-on: [self-hosted, discovery] |
| 34 | + env: |
| 35 | + AWS_REGION: us-east-1 |
| 36 | + AWS_ROLE_ARN: arn:aws:iam::926093910549:role/lace-ci |
| 37 | + permissions: |
| 38 | + id-token: write |
| 39 | + contents: read |
39 | 40 | steps: |
40 | 41 | - name: Configure AWS Credentials |
41 | 42 | uses: aws-actions/[email protected] |
|
67 | 68 | name: ${{ matrix.target.jobName }} |
68 | 69 | runs-on: ubuntu-latest |
69 | 70 | needs: discover |
| 71 | + env: |
| 72 | + AWS_REGION: us-east-1 |
| 73 | + AWS_ROLE_ARN: arn:aws:iam::926093910549:role/lace-ci |
| 74 | + # NIX_UPLOAD_CACHE: s3://lace-nix-cache?region=us-east-1 |
| 75 | + permissions: |
| 76 | + id-token: write |
| 77 | + contents: read |
70 | 78 | strategy: |
71 | 79 | matrix: |
72 | 80 | target: ${{ contains(fromJSON(needs.discover.outputs.hits), 'oci-images') && fromJSON(needs.discover.outputs.hits).oci-images.publish || fromJSON('["dummy-target"]') }} |
@@ -103,51 +111,61 @@ jobs: |
103 | 111 | with: {ffBuildInstructions: true, remoteStore: "ssh-ng://eu.nixbuild.net"} |
104 | 112 |
|
105 | 113 |
|
106 | | - diff-to-eu: |
107 | | - runs-on: ubuntu-latest |
108 | | - needs: [discover, images] |
109 | | - name: ${{ matrix.target.jobName }} (us-east-1) |
110 | | - env: |
111 | | - AWS_REGION: us-east-1 |
| 114 | + # TODO: remove all hardcoded instances of `dev-preview` in the next iteration |
| 115 | + diff-to-us: |
| 116 | + needs: images |
| 117 | + name: Diff & Comment (dev-preview) |
| 118 | + if: github.event_name == 'pull_request' && (github.base_ref == 'master') |
112 | 119 | permissions: |
113 | | - id-token: write |
114 | 120 | contents: read |
115 | 121 | pull-requests: write |
116 | | - if: fromJSON(needs.discover.outputs.hits).deployments.diff != '{}' && github.event_name == 'pull_request' |
117 | | - strategy: |
118 | | - matrix: |
119 | | - target: ${{ fromJSON(needs.discover.outputs.hits).deployments.diff }} |
| 122 | + runs-on: ubuntu-22.04 |
120 | 123 | steps: |
121 | | - - name: Configure AWS Credentials |
122 | | - uses: aws-actions/[email protected] |
123 | | - with: |
124 | | - role-to-assume: ${{ env.AWS_ROLE_ARN }} |
125 | | - aws-region: ${{ env.AWS_REGION }} |
| 124 | + - uses: actions/checkout@v4 |
126 | 125 | - uses: nixbuild/nix-quick-install-action@v25 |
127 | 126 | - uses: nixbuild/nixbuild-action@v17 |
128 | 127 | with: |
129 | 128 | nixbuild_ssh_key: ${{ secrets.SSH_PRIVATE_KEY }} |
130 | 129 | generate_summary_for: job |
| 130 | + # Further steps assume AWS_PROFILE=lw, while the official action has no way to specify that profile: |
| 131 | + - name: Set up AWS credentials |
| 132 | + run: | |
| 133 | + mkdir -p ~/.aws |
| 134 | +
|
| 135 | + cat <<EOF >~/.aws/credentials |
| 136 | + [lw] |
| 137 | + aws_access_key_id = ${{ secrets.AWS_ACCESS_KEY}} |
| 138 | + aws_secret_access_key = ${{ secrets.AWS_SECRET_ACCESS_KEY }} |
| 139 | + EOF |
| 140 | +
|
| 141 | + cat <<EOF >~/.aws/config |
| 142 | + [lw] |
| 143 | + region = us-east-1 |
| 144 | + EOF |
131 | 145 | - uses: divnix/std-action/setup-discovery-ssh@main |
132 | 146 | with: |
133 | 147 | ssh_key: ${{ secrets.SSH_PRIVATE_KEY }} |
134 | 148 | user_name: ${{ env.DISCOVERY_USER_NAME }} |
135 | 149 | ssh_known_hosts_entry: ${{ env.DISCOVERY_KNOWN_HOSTS_ENTRY }} |
136 | | - - name: Configure K8S Cluster Access |
137 | | - shell: bash |
138 | | - run: | |
139 | | - echo "Assuming role '$(aws sts get-caller-identity)' in cluster 'lace-dev-us-east-1'." |
140 | | - aws eks update-kubeconfig --name "lace-dev-us-east-1" |
141 | | - - name: Show commit |
142 | | - shell: bash |
| 150 | + - name: Generate the Diff |
143 | 151 | run: | |
144 | | - echo commit: ${{ github.sha }} |
145 | | - - uses: divnix/std-action/run@main |
| 152 | + echo 'export K8S_USER=eks-devs' >.envrc.local |
| 153 | +
|
| 154 | + nix develop .#x86_64-linux.local.envs.main -L --command bash -c ' |
| 155 | + set -euo pipefail |
| 156 | +
|
| 157 | + export AWS_PROFILE="lw" |
| 158 | + export AWS_REGION="us-east-1" |
| 159 | +
|
| 160 | + # FIXME: before merging: change target to `dev-preview@us-east-1` |
| 161 | + nix run -L ".#[email protected]" | tee k8s-plan.diff |
| 162 | + ' |
| 163 | + - name: Post Comment on the PR |
146 | 164 | env: |
147 | | - BRANCH: ${{ github.ref_type == 'branch' && github.head_ref }} |
148 | 165 | GH_TOKEN: ${{ github.token }} |
149 | | - OWNER_AND_REPO: ${{ github.repository }} |
150 | | - with: {ffBuildInstructions: true, remoteStore: "ssh-ng://eu.nixbuild.net"} |
| 166 | + run: | |
| 167 | + prNumber=$(cut -d/ -f1 <<<'${{ github.ref_name }}') |
| 168 | + gh pr comment "$prNumber" --body "$(sed -e '2i\\n```diff' -e '$a```' k8s-plan.diff)" |
151 | 169 |
|
152 | 170 |
|
153 | 171 | deploy-to-eu: |
|
0 commit comments