-
Notifications
You must be signed in to change notification settings - Fork 1
147 lines (142 loc) · 7.23 KB
/
1-deploy-main-to-staging.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
name: 1 | Deploy main to staging
on:
push:
branches:
- main
jobs:
verify-build:
name: Verify build
runs-on: ubuntu-latest
outputs:
commit_hash: ${{ steps.get_commit.outputs.hash }}
steps:
- uses: 3cities/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
with:
ref: main
#- uses: ./.github/actions/verify-build # disable build verification to speed up the build as it's redundant because build verification is already completed by the dev branch build which must pass before merging into main per our GitHub protected branch settings.
- id: get_commit
run: echo "hash=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
tag:
needs: [verify-build] # tag iff build verification successful to avoid tagging a broken build
if: ${{ needs.verify-build.outputs.commit_hash != null }}
name: GitHub tag
runs-on: ubuntu-latest
outputs:
new_tag: ${{ steps.github-tag-action.outputs.new_tag }}
changelog: ${{ steps.github-tag-action.outputs.changelog }}
steps:
- uses: 3cities/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
with:
ref: ${{ needs.verify-build.outputs.commit_hash }}
- name: Bump prerelease version and push tag
id: github-tag-action
uses: 3cities/github-tag-action@86a7b93c90a7fb79fca2911075262fb781c9136a
with:
pre_release_branches: ${{ needs.verify-build.outputs.commit_hash }}
deploy-staging:
needs: [verify-build, tag]
if: ${{ needs.tag.outputs.new_tag != null }}
name: Deploy staging
runs-on: ubuntu-latest
steps:
- uses: 3cities/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
with:
ref: ${{ needs.verify-build.outputs.commit_hash }}
- uses: ./.github/actions/setup
- uses: ./.github/actions/build-prod
with:
tag: ${{ needs.tag.outputs.new_tag }}
alchemyApiKey: ${{ secrets.REACT_APP_ALCHEMY_API_KEY }}
infuraApiKey: ${{ secrets.REACT_APP_INFURA_API_KEY }}
web3authClientId: ${{ secrets.REACT_APP_WEB3AUTH_CLIENT_ID_STAGING }}
walletconnectProjectId: ${{ secrets.REACT_APP_WALLETCONNECT_PROJECT_ID_STAGING }}
isMainnet: false
- uses: ./.github/actions/deploy-cloudflare-pages
with:
projectName: 3cities-staging
apiToken: ${{ secrets.CLOUDFLARE_PAGES_API_TOKEN }}
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
githubToken: ${{ secrets.GITHUB_TOKEN }}
deploy-staging-prod:
needs: [verify-build, tag]
if: ${{ needs.tag.outputs.new_tag != null }}
name: Deploy staging-prod
runs-on: ubuntu-latest
outputs:
ipfs-cid: ${{ steps.nft-storage.outputs.hash }}
steps:
- uses: 3cities/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
with:
ref: ${{ needs.verify-build.outputs.commit_hash }}
- uses: ./.github/actions/setup
- uses: ./.github/actions/build-prod
with:
tag: ${{ needs.tag.outputs.new_tag }}
alchemyApiKey: ${{ secrets.REACT_APP_ALCHEMY_API_KEY }}
infuraApiKey: ${{ secrets.REACT_APP_INFURA_API_KEY }}
web3authClientId: ${{ secrets.REACT_APP_WEB3AUTH_CLIENT_ID }}
walletconnectProjectId: ${{ secrets.REACT_APP_WALLETCONNECT_PROJECT_ID }}
isMainnet: true
- uses: ./.github/actions/deploy-cloudflare-pages
with:
projectName: 3cities-staging-prod
apiToken: ${{ secrets.CLOUDFLARE_PAGES_API_TOKEN }}
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
githubToken: ${{ secrets.GITHUB_TOKEN }}
# TODO re-enable Pinning to IPFS which had an error in ipfs-action which I didn't yet attempt to solve https://github.com/3cities/3cities/actions/runs/9844652126/job/27178734939
# - name: Pin to IPFS on NFT.Storage
# id: nft-storage
# uses: 3cities/ipfs-action@19879f7df881441a7f1ae2257b63674fa33b8f26
# with:
# path: ./packages/react-app/build
# service: nft.storage
# nftStorageApiKey: ${{ secrets.NFT_STORAGE_API_KEY }}
push-to-releases-staging:
needs: [verify-build, deploy-staging, deploy-staging-prod]
name: 'Push to releases/staging'
runs-on: ubuntu-latest
steps:
- uses: 3cities/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
with:
ref: ${{ needs.verify-build.outputs.commit_hash }}
fetch-depth: 0 # fetch all tags/history, required for the push below to succeed as it must locally compare against releases/staging to execute the non-fast-forward push.
- name: Git push
# NB we use default of fast-forward only (no force push) because we want our CI/CD pipeline to have linear history for safety. This is also enforced in releases/staging protected branch settings.
run: |
git push origin ${{ needs.verify-build.outputs.commit_hash }}:refs/heads/releases/staging
github-prerelease:
needs: [verify-build, tag, deploy-staging, deploy-staging-prod]
name: GitHub pre-release
runs-on: ubuntu-latest
steps:
- uses: 3cities/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
with:
ref: ${{ needs.verify-build.outputs.commit_hash }}
fetch-depth: 0 # fetch all tags/history, required for release-action to find new_tag.
- name: Create GitHub pre-release
uses: 3cities/release-action@eb05307dcee34deaad054e98128088a30d7980dc
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
prerelease: true
tag: ${{ needs.tag.outputs.new_tag }}
name: Release ${{ needs.tag.outputs.new_tag }}
body: |
Go to [3cities.xyz](https://3cities.xyz) to view the latest release.
You can also access the 3cities interface directly from an IPFS gateway.
**BEWARE**: the 3cities interface may use [`localStorage`](https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage) to remember your settings.
**You should always use an IPFS gateway that enforces origin separation**, or our alias to the latest release at [3cities.xyz](https://3cities.xyz).
Your 3cities settings are never remembered across different URLs.
IPFS hash of this release:
- CIDv1: `${{ needs.deploy-staging-prod.outputs.ipfs-cid }}`
IPFS gateways:
- https://${{ needs.deploy-staging-prod.outputs.ipfs-cid }}.ipfs.dweb.link/
- https://${{ needs.deploy-staging-prod.outputs.ipfs-cid }}.ipfs.cf-ipfs.com/
- [ipfs://${{ needs.deploy-staging-prod.outputs.ipfs-cid }}/](ipfs://${{ needs.deploy-staging-prod.outputs.ipfs-cid }}/)
${{ needs.tag.outputs.changelog }}
staging-deployment-successful: # no-op job to force a workflow-level "staging-deployment-successful" github status check to be published. Github automatically makes the result of each workflow job available as a status check.
needs: [push-to-releases-staging, github-prerelease]
# NB here we omit 'name' so that the name of the status check in GitHub is the key staging-deployment-successful instead of the 'name'
runs-on: ubuntu-latest
steps:
- run: exit 0 # no-op because a job definition requires something to do, but all we want this job to do is publish a workflow-level github status check.