Skip to content

fix: sanitize x as twitter #501

fix: sanitize x as twitter

fix: sanitize x as twitter #501

Workflow file for this run

name: CI/CD
on:
pull_request:
branches:
- main
push:
branches:
- main
permissions:
contents: read
concurrency:
group: ci-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
test:
if: ${{ github.event_name == 'pull_request' }}
strategy:
fail-fast: false
matrix:
command:
- 'build'
- 'lint:check'
- 'format:check'
- 'test'
runs-on: ubuntu-20.04
name: Test on Node.js 16 ( ${{ matrix.command }} )
steps:
- name: Checkout Repository
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
with:
fetch-depth: 0
- name: Set Up Node.js
uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d
with:
node-version: 16
cache: yarn
- name: Install Dependencies
run: yarn install --frozen-lockfile
- name: Run ${{ matrix.command }}
run: yarn ${{ matrix.command }}
build:
if: ${{ github.event_name == 'push' && github.ref_type == 'branch' }}
runs-on: ubuntu-20.04
name: Build
steps:
- name: Checkout Repository
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
with:
fetch-depth: 0
- name: Set Up QEMU
uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7
- name: Set Up Docker Buildx
id: set-up-buildx
uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55
with:
install: true
- name: Cache Docker Layers
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Build Docker
uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9
with:
builder: ${{ steps.set-up-buildx.outputs.name }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
context: .
file: .maintain/docker/Dockerfile
build-args: VCS_REF=${{ github.sha }}
tags: ${{ github.repository }}:${{ github.sha }}
outputs: type=docker,dest=/tmp/docker_image.tar
- name: Move Cache Docker Layers
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Upload Build to Artifact
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32
with:
name: build_${{ github.sha }}
path: |
/tmp/docker_image.tar
retention-days: 5
release-please:
needs:
- build
runs-on: ubuntu-20.04
name: Release Please
steps:
- name: Checkout Repository
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
with:
fetch-depth: 0
- name: Release
id: release
uses: google-github-actions/release-please-action@ca6063f4ed81b55db15b8c42d1b6f7925866342d
with:
token: ${{ secrets.PAT }}
fork: true
release-type: node
package-name: ${{ github.event.repository.name }}
include-v-in-tag: false
outputs:
release_created: ${{ steps.release.outputs.release_created }}
tag_name: ${{ steps.release.outputs.tag_name }}
publish-docker:
needs:
- release-please
runs-on: ubuntu-20.04
name: Publish Docker
steps:
- name: Login to DockerHub
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Download Build from Artifact
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
with:
name: build_${{ github.sha }}
path: /tmp
- name: Load Downloaded Image
run: |
docker load --input /tmp/docker_image.tar
docker images --no-trunc --digests ${{ github.repository }}
- name: Tag as Release Version
if: ${{ needs.release-please.outputs.release_created }}
run: |
docker tag ${{ github.repository }}:${{ github.sha }} ${{ github.repository }}:${{ needs.release-please.outputs.tag_name }}
docker tag ${{ github.repository }}:${{ github.sha }} ${{ github.repository }}:latest
docker images --no-trunc --digests ${{ github.repository }}
- name: Push
run: docker image push -a ${{ github.repository }}
deploy:
needs:
- release-please
- publish-docker
permissions:
contents: read
id-token: write
strategy:
max-parallel: 1
matrix:
is_release:
- ${{ needs.release-please.outputs.release_created || false }}
environment:
- TESTNET
- MAINNET
exclude:
- is_release: false
environment: MAINNET
environment: ${{ matrix.environment }}
runs-on: ubuntu-20.04
name: Deploy to ${{ matrix.environment }}
steps:
- name: Checkout Repository
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
with:
fetch-depth: 0
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033
with:
workload_identity_provider: ${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_WORKLOAD_IDENTITY_PROVIDER')] }}
service_account: ${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_WORKLOAD_IDENTITY_SERVICE_ACCOUNT')] }}
- name: Set Up Google Cloud SDK
uses: google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b
- name: Get GKE Credentials
uses: google-github-actions/get-gke-credentials@35ab0d2b2d48792c19f09325413bd185c8d44394
with:
cluster_name: ${{ secrets[format('{0}_{1}', matrix.environment, 'GKE_CLUSTER_NAME')] }}
location: ${{ secrets[format('{0}_{1}', matrix.environment, 'GKE_LOCATION')] }}
use_internal_ip: true
- name: Get Secrets from Google Secret Manager
id: secrets
uses: google-github-actions/get-secretmanager-secrets@4d6d3dfd94110800dda8d84109cb6da0f6a5919d
with:
secrets: |-
WEB_APP_ENVIRONMENT:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/WEB_APP_ENVIRONMENT
WEB_APP_NAME:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/WEB_APP_NAME
WEB_APP_SECRET:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/WEB_APP_SECRET
SUPPORT_MAIL:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/SUPPORT_MAIL
WEBSITE_URL:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/WEBSITE_URL
NEAR_TIPPING_CONTRACT_ADDRESS:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/NEAR_TIPPING_CONTRACT_ADDRESS
FIREBASE_PROJECT_ID:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/FIREBASE_PROJECT_ID
FIREBASE_API_KEY:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/FIREBASE_API_KEY
FIREBASE_MESSAGING_SENDER_ID:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/FIREBASE_MESSAGING_SENDER_ID
FIREBASE_STORAGE_BUCKET:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/FIREBASE_STORAGE_BUCKET
WEB_FIREBASE_APP_ID:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/WEB_FIREBASE_APP_ID
WEB_FIREBASE_MEASUREMENT_ID:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/WEB_FIREBASE_MEASUREMENT_ID
WEB_SENTRY_DSN:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/WEB_SENTRY_DSN
WEB_DNS:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/WEB_DNS
NODE_RPC_WS_DNS:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/NODE_RPC_WS_DNS
API_DNS:${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}/API_DNS
- name: Tunneling SSH connections
run: |
gcloud compute ssh ${{ secrets[format('{0}_{1}', matrix.environment, 'GCE_BASTION_INSTANCE_NAME')] }} \
--project=${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }} \
--zone ${{ secrets[format('{0}_{1}', matrix.environment, 'GCE_BASTION_INSTANCE_ZONE')] }} \
--ssh-flag '-4 -L 8888:127.0.0.1:8888 -N -q -f' \
--tunnel-through-iap \
--quiet
- name: Set Up Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78
with:
version: v3.10.0
- name: Perform Deployment
run: |
helm repo add myriadsocial https://charts.myriad.social
helm repo update
HTTPS_PROXY=127.0.0.1:8888 helm upgrade ${{ github.event.repository.name }} myriadsocial/myriad-web \
--install \
--set-string image.tag=${{ needs.release-please.outputs.tag_name || github.sha }} \
--set-string serviceAccount.name=${{ github.event.repository.name }} \
--set-string serviceAccount.annotations.'iam\.gke\.io/gcp-service-account'=${{ github.event.repository.name }}@${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}.iam.gserviceaccount.com \
--set-string config.app.environment=${{ steps.secrets.outputs.WEB_APP_ENVIRONMENT }} \
--set-string config.app.name="${{ steps.secrets.outputs.WEB_APP_NAME }}" \
--set-string config.app.version=${{ needs.release-please.outputs.tag_name || github.sha }} \
--set-string config.app.authURL=https://${{ steps.secrets.outputs.WEB_DNS }} \
--set-string config.app.secret=${{ steps.secrets.outputs.WEB_APP_SECRET }} \
--set-string config.supportMail=${{ steps.secrets.outputs.SUPPORT_MAIL }} \
--set-string config.websiteURL=${{ steps.secrets.outputs.WEBSITE_URL }} \
--set-string config.rpcURL=wss://${{ steps.secrets.outputs.NODE_RPC_WS_DNS }} \
--set-string config.apiURL=https://${{ steps.secrets.outputs.API_DNS }} \
--set-string config.near.tippingContractAddress=${{ steps.secrets.outputs.NEAR_TIPPING_CONTRACT_ADDRESS }} \
--set-string config.firebase.projectId=${{ steps.secrets.outputs.FIREBASE_PROJECT_ID }} \
--set-string config.firebase.apiKey=${{ steps.secrets.outputs.FIREBASE_API_KEY }} \
--set-string config.firebase.messagingSenderId=${{ steps.secrets.outputs.FIREBASE_MESSAGING_SENDER_ID }} \
--set-string config.firebase.storageBucket=${{ steps.secrets.outputs.FIREBASE_STORAGE_BUCKET }} \
--set-string config.firebase.appId=${{ steps.secrets.outputs.WEB_FIREBASE_APP_ID }} \
--set-string config.firebase.measurementId=${{ steps.secrets.outputs.WEB_FIREBASE_MEASUREMENT_ID }} \
--set-string config.sentry.dsn=${{ steps.secrets.outputs.WEB_SENTRY_DSN }} \
--set ingress.enabled=true \
--set-string ingress.className=nginx \
--set-string ingress.annotations."cert-manager\.io/cluster-issuer"=letsencrypt \
--set-string ingress.annotations."nginx\.ingress\.kubernetes\.io/proxy-body-size"="100m" \
--set-string ingress.annotations."nginx\.org/client-max-body-size"="100m" \
--set-string ingress.hosts[0].host=${{ steps.secrets.outputs.WEB_DNS }} \
--set-string ingress.hosts[0].paths[0].path=/ \
--set-string ingress.hosts[0].paths[0].pathType=ImplementationSpecific \
--set-string ingress.tls[0].secretName=${{ steps.secrets.outputs.WEB_DNS }}-letsencrypt-tls \
--set-string ingress.tls[0].hosts[0]=${{ steps.secrets.outputs.WEB_DNS }} \
--set-string resources.requests.cpu=300m \
--set-string resources.requests.memory=512Mi \
--set-string resources.limits.cpu=500m \
--set-string resources.limits.memory=1024Mi \
--set replicaCount=1 \
--set autoscaling.enabled=true \
--set autoscaling.minReplicas=1 \
--set autoscaling.maxReplicas=1 \
--set-string nodeSelector.pool=general \
--set-string nodeSelector.'iam\.gke\.io/gke-metadata-server-enabled'='true'
HTTPS_PROXY=127.0.0.1:8888 kubectl rollout status deployment/${{ github.event.repository.name }}
- name: Clean Up Tunneling SSH Connections
if: always()
run: |
kill -9 $(lsof -ti:8888)
gcloud compute os-login ssh-keys remove --key-file=/home/runner/.ssh/google_compute_engine.pub