[DO-1664] Snyk integration in Github workflows #202
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
release: | |
types: [published] | |
push: | |
branches: | |
- main | |
tags: | |
- test-artifacts* | |
pull_request: | |
branches: | |
- main | |
jobs: | |
snyk-scan-deps-licences: | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
pull-requests: read | |
contents: read | |
deployments: write | |
steps: | |
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b | |
- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main | |
with: | |
role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }} | |
app_name: 'babylon-nodecli' | |
step_name: 'snyk-scan-deps-licenses' | |
secret_prefix: 'SNYK' | |
secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }} | |
parse_json: true | |
# - name: Run Snyk to check for deps vulnerabilities - Devops | |
# uses: snyk/actions/python@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0 | |
# with: | |
# args: --all-projects --org=${{ env.SNYK_DEVOPS_ORG_ID }} --severity-threshold=critical -d | |
- name: Install pipenv | |
run: | | |
python -m pip install --upgrade pipenv wheel | |
- name: Run Snyk to check for deps vulnerabilities - Network | |
run: | | |
npm install snyk -g | |
snyk -v | |
snyk auth ${{ env.SNYK_TOKEN }} | |
snyk test --all-projects --org=${{ env.SNYK_NETWORK_ORG_ID }} --severity-threshold=critical -d | |
snyk-scan-code: | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
pull-requests: read | |
contents: read | |
deployments: write | |
steps: | |
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b | |
- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main | |
with: | |
role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }} | |
app_name: 'babylon-nodecli' | |
step_name: 'snyk-scan-code' | |
secret_prefix: 'SNYK' | |
secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }} | |
parse_json: true | |
- name: Run Snyk to check for code vulnerabilities - Devops | |
uses: snyk/actions/python@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0 | |
with: | |
args: --all-projects --org=${{ env.SNYK_NETWORK_ORG_ID }} --severity-threshold=high | |
command: code test | |
snyk-sbom: | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
pull-requests: read | |
contents: read | |
deployments: write | |
needs: | |
- snyk-scan-deps-licences | |
- snyk-scan-code | |
steps: | |
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b | |
- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main | |
with: | |
role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }} | |
app_name: 'babylon-nodecli' | |
step_name: 'snyk-sbom' | |
secret_prefix: 'SNYK' | |
secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }} | |
parse_json: true | |
- name: Generate SBOM # check SBOM can be generated but nothing is done with it | |
uses: snyk/actions/python@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0 | |
with: | |
args: --all-projects --format=cyclonedx1.4+json --json-file-output sbom.json | |
command: sbom | |
package_ubuntu_cli: | |
name: "Package cli for Ubuntu" | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: cancel running workflows | |
uses: styfle/[email protected] | |
with: | |
access_token: ${{ github.token }} | |
- name: Checkout | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
- name: Dump context | |
uses: crazy-max/ghaction-dump-context@v1 | |
- name: Install build essentials | |
run: sudo apt-get -y install build-essential | |
- name: setup python | |
uses: actions/[email protected] | |
with: | |
python-version: 3.10.6 | |
- name: Build application local | |
run: | | |
cd node-runner-cli | |
make install | |
make local | |
- name: Execute Unit Tests | |
run: | | |
cd node-runner-cli | |
pip install pytest | |
pip install pytest-cov | |
make test | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Publish Test Results | |
uses: EnricoMi/[email protected] | |
if: always() | |
with: | |
files: | | |
/home/runner/work/babylon-nodecli/babylon-nodecli/node-runner-cli/junit/test-results.xml | |
test-results/**/*.xml | |
test-results/**/*.trx | |
test-results/**/*.json | |
junit/**/*.xml | |
junit/*.xml | |
node-runner-cli/junit/**/*.xml | |
junit/*.xml | |
**/junit/test-results.xml | |
- if: ${{ github.event_name == 'pull_request' }} | |
name: Get Cover | |
uses: orgoro/coverage@v3 | |
with: | |
coverageFile: node-runner-cli/coverage.xml | |
token: ${{ secrets.GITHUB_TOKEN }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build the binary for ubuntu jammy | |
run: | | |
cd node-runner-cli | |
make output-ubuntu-jammy | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: "Upload generated cli file" | |
uses: actions/[email protected] | |
with: | |
name: ubuntu 22.04 | |
path: "${{ github.workspace }}/node-runner-cli/out/ubuntu/jammy/radixnode" | |
- name: Build the binary for ubuntu focal | |
run: | | |
cd node-runner-cli | |
make output-ubuntu-focal | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: "Upload generated cli file" | |
uses: actions/[email protected] | |
with: | |
name: ubuntu 20.04 | |
path: "${{ github.workspace }}/node-runner-cli/out/ubuntu/focal/radixnode" | |
upload-asset-store: | |
environment: AWS_ARTIFACT | |
runs-on: ubuntu-22.04 | |
if: ${{ github.event_name == 'push' }} | |
needs: | |
- package_ubuntu_cli | |
permissions: | |
id-token: write | |
contents: read | |
pull-requests: read | |
steps: | |
- name: Checkout | |
uses: actions/[email protected] | |
- name: set branchname with commit | |
run: | | |
ls -l | |
BRANCH_NAME_WITH_HYPENS=$(echo ${GITHUB_REF##*/} | sed 's/\//-/g') | |
COMMIT=$(git log -1 --format=%h ) | |
BRANCH_WITH_COMMIT=$BRANCH_NAME_WITH_HYPENS-$COMMIT | |
echo "BRANCH_WITH_COMMIT=$BRANCH_WITH_COMMIT" >> $GITHUB_ENV | |
- name: Configure AWS Region | |
run: echo "AWS_DEFAULT_REGION=eu-west-1" >> $GITHUB_ENV | |
- id: install-aws-cli | |
uses: unfor19/install-aws-cli-action@v1 | |
with: | |
version: 2 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef | |
with: | |
role-to-assume: arn:aws:iam::${{secrets.ARTIFACT_AWS_ACCOUNT_ID }}:role/gh-asset-store-deployer | |
aws-region: eu-west-1 | |
- name: Download packaged cli | |
uses: actions/download-artifact@v3 | |
with: | |
name: ubuntu 22.04 | |
- name: Upload cli to asset store | |
run: | | |
ls */** | |
aws s3 cp radixnode s3://${{secrets.ARTIFACT_AWS_BUCKET }}/radixnode/${{env.BRANCH_WITH_COMMIT}}/radixnode-ubuntu-22.04 | |
upload-release-jammy: | |
runs-on: ubuntu-22.04 | |
if: ${{ github.event_name == 'release' }} | |
needs: | |
- package_ubuntu_cli | |
steps: | |
- name: Download packaged cli | |
uses: actions/download-artifact@v3 | |
with: | |
name: ubuntu 22.04 | |
- name: Upload radixcli ubuntu binary | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ github.event.release.upload_url }} | |
asset_path: ./radixnode | |
asset_name: radixnode-ubuntu-22.04 | |
asset_content_type: application/octet-stream | |
if: ${{ github.event_name == 'release' }} | |
upload-release-focal: | |
runs-on: ubuntu-20.04 | |
if: ${{ github.event_name == 'release' }} | |
needs: | |
- package_ubuntu_cli | |
steps: | |
- name: Download packaged cli | |
uses: actions/download-artifact@v3 | |
with: | |
name: ubuntu 20.04 | |
- name: Upload radixcli ubuntu binary | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ github.event.release.upload_url }} | |
asset_path: ./radixnode | |
asset_name: radixnode-ubuntu-20.04 | |
asset_content_type: application/octet-stream | |
if: ${{ github.event_name == 'release' }} | |
test-systemd: | |
runs-on: [node-only] | |
needs: | |
- package_ubuntu_cli | |
steps: | |
- name: Checkout | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
- name: Download packaged cli | |
uses: actions/download-artifact@v3 | |
with: | |
name: ubuntu 22.04 | |
- name: Get dependencies | |
run: | | |
chmod +x ./radixnode | |
sudo apt-get update | |
sudo apt-get install containerd runc | |
- name: Run systemd dependencies | |
run: | | |
ls -a | |
chmod +x ./radixnode | |
# ./radixnode systemd dependencies | |
echo "expecting the dependencies to be already installed" | |
- name: Run systemd config | |
run: | | |
ls -a | |
chmod +x ./radixnode | |
echo "HOME=$HOME" | |
echo "PATH=$PWD" | |
./radixnode systemd config -m CORE \ | |
-n 13 \ | |
-t radix://node_tdx_d_1qwq2nfe6vxqwe3mqmfm9l2xl97as7lkwndval63cymvc3qszn8nqx6g2s3m@3.109.161.178 \ | |
-i 35.178.142.54 \ | |
-v "not_a_real_validator_address" \ | |
-k $KEYSTORE_PASSWORD -nk -a \ | |
-dd $HOME/babylon-ledger | |
./radixnode systemd stop && sudo rm -rf $HOME/babylon-ledger | |
env: | |
KEYSTORE_PASSWORD: ${{secrets.KEYSTORE_PASSWORD}} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Run systemd install | |
run: | | |
ls -a | |
chmod +x ./radixnode | |
echo "HOME=$HOME" | |
echo "PATH=$PWD" | |
./radixnode systemd install | |
- name: Get Logs and Status | |
run: | | |
sleep 15 | |
sudo tail /var/log/syslog -n 100 | |
./radixnode auth set-admin-password --setupmode SYSTEMD -p $NGINX_ADMIN_PASSWORD | |
./radixnode auth set-superadmin-password --setupmode SYSTEMD -p $NGINX_SUPERADMIN_PASSWORD | |
./radixnode auth set-metrics-password --setupmode SYSTEMD -p $NGINX_METRICS_PASSWORD | |
NGINX_ADMIN_PASSWORD=$NGINX_ADMIN_PASSWORD ./radixnode api system health | |
NGINX_ADMIN_PASSWORD=$NGINX_ADMIN_PASSWORD ./radixnode api system version | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
NGINX_ADMIN_PASSWORD: ${{secrets.NGINX_ADMIN_PASSWORD}} | |
NGINX_METRICS_PASSWORD: ${{secrets.NGINX_METRICS_PASSWORD}} | |
NGINX_SUPERADMIN_PASSWORD: ${{secrets.NGINX_SUPERADMIN_PASSWORD}} | |
- name: Stop systemd | |
run: | | |
chmod +x ./radixnode | |
echo "HOME=$HOME" | |
echo "PATH=$PWD" | |
./radixnode systemd stop | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# - name: Clean Up | |
# run: | | |
# sudo rm -rf /etc/radixdlt/node | |
# rm -rf node-config/ | |
# rm -rf monitoring | |
test-config-command: | |
runs-on: ubuntu-22.04 | |
needs: | |
- package_ubuntu_cli | |
steps: | |
- name: Checkout | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
- name: Download packaged cli | |
uses: actions/download-artifact@v3 | |
with: | |
name: ubuntu 22.04 | |
- name: Get dependencies | |
run: | | |
chmod +x ./radixnode | |
sudo apt-get update | |
sudo apt-get install containerd runc | |
./radixnode docker dependencies | |
- name: core-gateway-all-local | |
run: | | |
ls -a | |
chmod +x ./radixnode | |
mkdir -p $HOME/node-config | |
echo "HOME=$HOME" | |
echo "PATH=$PWD" | |
export PROMPT_FEEDS="node-runner-cli/test-prompts/core-gateway-all-local.yml" | |
./radixnode docker config -m DETAILED \ | |
-d $HOME/node-config \ | |
-k $KEYSTORE_PASSWORD -nk -a | |
env: | |
KEYSTORE_PASSWORD: ${{secrets.KEYSTORE_PASSWORD}} | |
RADIXDLT_APP_VERSION_OVERRIDE: "1.3.2" | |
RADIXDLT_GATEWAY_VERSION_OVERRIDE: "0.0.1-rc1" | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: corenode-01 | |
run: | | |
ls -a | |
chmod +x ./radixnode | |
export PROMPT_FEEDS="node-runner-cli/test-prompts/corenode-01.yml" | |
./radixnode docker config -m DETAILED \ | |
-d $HOME/node-config \ | |
-k $KEYSTORE_PASSWORD -nk -a | |
env: | |
KEYSTORE_PASSWORD: ${{secrets.KEYSTORE_PASSWORD}} | |
RADIXDLT_APP_VERSION_OVERRIDE: "1.3.2" | |
RADIXDLT_GATEWAY_VERSION_OVERRIDE: "0.0.1-rc1" | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: corenode-02 | |
run: | | |
ls -a | |
export PROMPT_FEEDS="node-runner-cli/test-prompts/corenode-02.yml" | |
./radixnode docker config -m DETAILED \ | |
-d $HOME/node-config \ | |
-k $KEYSTORE_PASSWORD -nk -a | |
env: | |
KEYSTORE_PASSWORD: ${{secrets.KEYSTORE_PASSWORD}} | |
RADIXDLT_APP_VERSION_OVERRIDE: "1.3.2" | |
RADIXDLT_GATEWAY_VERSION_OVERRIDE: "0.0.1-rc1" | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# Enable below tests when gateway support is implemented | |
# - name: gateway-remote-core-local-postgress | |
# run: | | |
# ls -a | |
# export PROMPT_FEEDS="node-runner-cli/test-prompts/gateway-remote-core-local-postgress.yml" | |
# ./radixnode docker config -m DETAILED \ | |
# -d $HOME/node-config \ | |
# -k $KEYSTORE_PASSWORD -nk -a | |
# env: | |
# KEYSTORE_PASSWORD: ${{secrets.KEYSTORE_PASSWORD}} | |
# RADIXDLT_APP_VERSION_OVERRIDE: "1.3.2" | |
# RADIXDLT_GATEWAY_VERSION_OVERRIDE: "0.0.1-rc1" | |
# - name: gateway-remote-core-remote-postgress | |
# run: | | |
# ls -a | |
# export PROMPT_FEEDS="node-runner-cli/test-prompts/gateway-remote-core-remote-postgress.yml" | |
# ./radixnode docker config -m DETAILED \ | |
# -d $HOME/node-config \ | |
# -k $KEYSTORE_PASSWORD -nk -a | |
# env: | |
# KEYSTORE_PASSWORD: ${{secrets.KEYSTORE_PASSWORD}} | |
# RADIXDLT_APP_VERSION_OVERRIDE: "1.3.2" | |
# RADIXDLT_GATEWAY_VERSION_OVERRIDE: "0.0.1-rc1" | |
test-core-only-node: | |
runs-on: ubuntu-22.04 | |
permissions: | |
id-token: write | |
pull-requests: read | |
contents: read | |
needs: | |
- package_ubuntu_cli | |
steps: | |
- name: Checkout | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
- name: Download packaged cli | |
uses: actions/download-artifact@v3 | |
with: | |
name: ubuntu 22.04 | |
- name: Run configure command | |
run: | | |
chmod +x ./radixnode | |
sudo apt-get update | |
sudo apt-get install containerd runc | |
./radixnode docker dependencies | |
- name: Setup config | |
run: | | |
chmod +x ./radixnode | |
mkdir -p $HOME/node-config | |
export DISABLE_VERSION_CHECK=true | |
export RADIXDLT_APP_VERSION_OVERRIDE="rcnet-v2-phase2-r4" | |
export DOCKER_COMPOSE_LOCATION="/usr/local/bin/docker-compose" | |
export PROMPT_FEEDS="node-runner-cli/test-prompts/core-gateway-all-local.yml" | |
./radixnode docker config -m DETAILED \ | |
-d $HOME/node-config \ | |
-k $KEYSTORE_PASSWORD -nk -a | |
env: | |
KEYSTORE_PASSWORD: ${{secrets.KEYSTORE_PASSWORD}} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# - id: auth | |
# uses: google-github-actions/auth@a61909d048e0be579b6c15b27088d19668493851 | |
# with: | |
# workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDP }} | |
# service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }} | |
# - name: 'Register gcloud as Docker credential helper' | |
# run: | | |
# gcloud auth configure-docker -q | |
# - uses: radixdlt/iac-resuable-artifacts/[email protected] | |
# with: | |
# role_name: "arn:aws:iam::308190735829:role/gh-common-secrets-read-access" | |
# app_name: "dashboard" | |
# step_name: "push-dash" | |
# secret_prefix: "GH_GCR_JSON_KEY" | |
# secret_name: "arn:aws:secretsmanager:eu-west-2:308190735829:secret:github-actions/common/gcr-credentials-OeJwWi" | |
# parse_json: false | |
- name: Login to GCR | |
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a | |
with: | |
registry: eu.gcr.io | |
username: _json_key | |
password: ${{ secrets.GCR_EU_DEV_JSON_KEY }} | |
- name: Run CLI setup | |
run: | | |
export DISABLE_VERSION_CHECK=true | |
export DOCKER_COMPOSE_LOCATION="/usr/local/bin/docker-compose" | |
./radixnode docker install -f $HOME/node-config/config.yaml -a | |
# ToDo: Fix Authorization error export DOCKER_COMPOSE_FOLDER_PREFIX=runner ? | |
sleep 60 | |
./radixnode auth set-admin-password -m DOCKER -p $NGINX_ADMIN_PASSWORD | |
./radixnode auth set-metrics-password -m DOCKER -p $NGINX_METRICS_PASSWORD | |
./radixnode auth set-superadmin-password -m DOCKER -p $NGINX_SUPERADMIN_PASSWORD | |
NGINX_ADMIN_PASSWORD=$NGINX_ADMIN_PASSWORD ./radixnode api system health | |
NGINX_ADMIN_PASSWORD=$NGINX_ADMIN_PASSWORD ./radixnode api system version | |
env: | |
NGINX_ADMIN_PASSWORD: ${{secrets.NGINX_ADMIN_PASSWORD}} | |
NGINX_METRICS_PASSWORD: ${{secrets.NGINX_METRICS_PASSWORD}} | |
NGINX_SUPERADMIN_PASSWORD: ${{secrets.NGINX_SUPERADMIN_PASSWORD}} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Run Monitoring setup | |
run: | | |
export DOCKER_COMPOSE_LOCATION="/usr/local/bin/docker-compose" | |
./radixnode monitoring config \ | |
-m MONITOR_CORE \ | |
-cm $NGINX_METRICS_PASSWORD \ | |
-gm $NGINX_METRICS_PASSWORD \ | |
-am $NGINX_METRICS_PASSWORD | |
./radixnode monitoring install -a | |
env: | |
NGINX_ADMIN_PASSWORD: ${{secrets.NGINX_ADMIN_PASSWORD}} | |
NGINX_METRICS_PASSWORD: ${{secrets.NGINX_METRICS_PASSWORD}} | |
NGINX_SUPERADMIN_PASSWORD: ${{secrets.NGINX_SUPERADMIN_PASSWORD}} | |
snyk-monitor: | |
runs-on: ubuntu-latest | |
#needs: | |
# - upload-release-jammy | |
permissions: | |
id-token: write | |
pull-requests: read | |
contents: read | |
deployments: write | |
steps: | |
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b | |
- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main | |
with: | |
role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }} | |
app_name: 'babylon-nodecli' | |
step_name: 'snyk-monitor' | |
secret_prefix: 'SNYK' | |
secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }} | |
parse_json: true | |
- name: Enable Snyk online monitoring to check for vulnerabilities | |
uses: snyk/actions/python@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0 | |
with: | |
args: --all-projects --org=${{ env.SNYK_DEVOPS_ORG_ID }} --target-reference=${{ github.ref_name }} | |
command: monitor | |
- name: Enable Snyk online monitoring to check for vulnerabilities | |
uses: snyk/actions/python@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0 | |
with: | |
args: --all-projects --org=${{ env.SNYK_NETWORK_ORG_ID }} --target-reference=${{ github.ref_name }} | |
command: monitor | |
# These do not run on Babylon | |
# test-core-api: | |
# runs-on: [node-only] | |
# needs: | |
# - test-core-only-node | |
# steps: | |
# - uses: actions/setup-python@v3 | |
# with: | |
# python-version: '3.x' | |
# architecture: 'x64' | |
# - name: Checkout | |
# uses: actions/[email protected] | |
# - name: setup python modules | |
# run: | | |
# cd node-runner-cli | |
# make local | |
# - name: Run api commands | |
# run: | | |
# export DISABLE_VERSION_CHECK=true | |
# export NGINX_ADMIN_PASSWORD=$NGINX_ADMIN_PASSWORD | |
# export NGINX_METRICS_PASSWORD=$NGINX_METRICS_PASSWORD | |
# export NGINX_SUPERADMIN_PASSWORD=$NGINX_SUPERADMIN_PASSWORD | |
# python node-runner-cli/tests.py | |
# env: | |
# NGINX_ADMIN_PASSWORD: ${{secrets.NGINX_ADMIN_PASSWORD}} | |
# NGINX_METRICS_PASSWORD: ${{secrets.NGINX_METRICS_PASSWORD}} | |
# NGINX_SUPERADMIN_PASSWORD: ${{secrets.NGINX_SUPERADMIN_PASSWORD}} | |
# test-full-stack: | |
# runs-on: ubuntu-22.04 | |
# needs: | |
# - package_ubuntu_cli | |
# steps: | |
# - name: Download packaged cli | |
# uses: actions/download-artifact@v3 | |
# with: | |
# name: ubuntu 22.04 | |
# - name: Get dependencies | |
# run: | | |
# chmod +x ./radixnode | |
# sudo apt-get update | |
# sudo apt-get install containerd runc | |
# ./radixnode docker dependencies | |
# - name: Setup config | |
# run: | | |
# chmod +x ./radixnode | |
# mkdir -p $HOME/node-config | |
# export DISABLE_VERSION_CHECK=true | |
# rm -rf $HOME/node-config | |
# ./radixnode docker config -d $HOME/node-config \ | |
# -t radix://tn1qv9f8ys7ade4khjyr2s6zlhuxjqvhzz39kvjskupaj9lvhl3lwxauc67nn8@65.1.217.210 \ | |
# -m CORE GATEWAY -n 2 -k $KEYSTORE_PASSWORD -nk -p $POSTGRESS_PASSWORD -a | |
# #grep -v "password" $HOME/node-config/config.yaml > temp && mv temp $HOME/node-config/config.yaml | |
# cat $HOME/node-config/config.yaml | |
# env: | |
# POSTGRESS_PASSWORD: ${{secrets.POSTGRESS_PASSWORD}} | |
# KEYSTORE_PASSWORD: ${{secrets.KEYSTORE_PASSWORD}} | |
# CORE_DOCKER_REPO_OVERRIDE: "radixdlt/radixdlt-core" | |
# RADIXDLT_APP_VERSION_OVERRIDE: "1.3.2" | |
# RADIXDLT_GATEWAY_VERSION_OVERRIDE: "0.0.1-rc1" | |
# - name: Run CLI setup | |
# run: | | |
# export DISABLE_VERSION_CHECK=true | |
# export COMPOSE_HTTP_TIMEOUT=360 | |
# | |
# ./radixnode docker stop -f $HOME/node-config/config.yaml | |
# | |
# #Below PATH require when ansible is installed as part of pip | |
# export PATH="$PATH:/home/ubuntu/.local/bin" | |
# | |
# DOCKER_COMPOSE_FOLDER_PREFIX=ubuntu ./radixnode auth set-admin-password -m DOCKER -p $NGINX_ADMIN_PASSWORD | |
# DOCKER_COMPOSE_FOLDER_PREFIX=ubuntu ./radixnode auth set-metrics-password -m DOCKER -p $NGINX_METRICS_PASSWORD | |
# DOCKER_COMPOSE_FOLDER_PREFIX=ubuntu ./radixnode auth set-gateway-password -m DOCKER -p $NGINX_GATEWAY_PASSWORD | |
# | |
# ./radixnode monitoring stop | |
# ./radixnode monitoring config \ | |
# -m MONITOR_CORE MONITOR_GATEWAY \ | |
# -cm $NGINX_METRICS_PASSWORD \ | |
# -gm $NGINX_METRICS_PASSWORD \ | |
# -am $NGINX_METRICS_PASSWORD | |
# | |
# ./radixnode monitoring install -a | |
# | |
# export POSTGRES_PASSWORD=${{secrets.POSTGRESS_PASSWORD}} | |
# export RADIXDLT_NODE_KEY_PASSWORD=${{secrets.KEYSTORE_PASSWORD}} | |
# # ToDo: Fix Docker Image Pull with Gateway installation | |
# # ./radixnode docker install -f $HOME/node-config/config.yaml -a | |
# # sleep 60 | |
# | |
# # NGINX_ADMIN_PASSWORD=$NGINX_ADMIN_PASSWORD ./radixnode api system health | |
# # curl -f --request POST --insecure --user "gateway:$NGINX_GATEWAY_PASSWORD" https://localhost/gateway | |
# # curl --insecure --user "gateway:$NGINX_GATEWAY_PASSWORD" https://localhost/token/native --header 'Content-Type: application/json' -d '{ "network_identifier":{"network":"stokenet"}}' | |
# # curl -k -f -u "metrics:$NGINX_METRICS_PASSWORD" https://localhost/gateway/metrics | |
# | |
# env: | |
# NGINX_ADMIN_PASSWORD: ${{secrets.NGINX_ADMIN_PASSWORD}} | |
# NGINX_METRICS_PASSWORD: ${{secrets.NGINX_METRICS_PASSWORD}} | |
# NGINX_GATEWAY_PASSWORD: ${{secrets.NGINX_GATEWAY_PASSWORD}} | |
# CORE_DOCKER_REPO_OVERRIDE: "radixdlt/radixdlt-core" | |
# RADIXDLT_APP_VERSION_OVERRIDE: "1.3.2" | |
# RADIXDLT_GATEWAY_VERSION_OVERRIDE: "0.0.1-rc1" | |
# | |
# test-full-stack-no-nginx: | |
# runs-on: ubuntu-22.04 | |
# needs: | |
# - package_ubuntu_cli | |
# steps: | |
# - name: Download packaged cli | |
# uses: actions/download-artifact@v3 | |
# with: | |
# name: ubuntu 22.04 | |
# - name: Get dependencies | |
# run: | | |
# chmod +x ./radixnode | |
# sudo apt-get update | |
# sudo apt-get install containerd runc | |
# ./radixnode docker dependencies | |
# - name: Setup config | |
# run: | | |
# chmod +x ./radixnode | |
# mkdir -p $HOME/node-config | |
# export DISABLE_VERSION_CHECK=true | |
# export COMPOSE_HTTP_TIMEOUT=360 | |
# ./radixnode docker config -d $HOME/node-config \ | |
# -t radix://tn1qv9f8ys7ade4khjyr2s6zlhuxjqvhzz39kvjskupaj9lvhl3lwxauc67nn8@65.1.217.210 \ | |
# -m CORE GATEWAY -n 2 -k password -nk -p postgres -xg false -xc false -a | |
# env: | |
# POSTGRESS_PASSWORD: ${{secrets.POSTGRESS_PASSWORD}} | |
# KEYSTORE_PASSWORD: ${{secrets.KEYSTORE_PASSWORD}} | |
# CORE_DOCKER_REPO_OVERRIDE: "radixdlt/radixdlt-core" | |
# RADIXDLT_APP_VERSION_OVERRIDE: "1.3.2" | |
# RADIXDLT_GATEWAY_VERSION_OVERRIDE: "0.0.1-rc1" | |
# - name: Run CLI setup | |
# run: | | |
# export DISABLE_VERSION_CHECK=true | |
# export COMPOSE_HTTP_TIMEOUT=360 | |
# ./radixnode docker stop -f $HOME/node-config/config.yaml | |
# | |
# #Below PATH require when ansible is installed as part of pip | |
# export PATH="$PATH:/home/ubuntu/.local/bin" | |
# # ToDo: Fix Docker Image Pull with Gateway installation | |
# # ./radixnode docker install -f $HOME/node-config/config.yaml -a -u | |
# | |
# # sleep 60 | |
# # NODE_END_POINT="http://localhost:3333" NGINX=false ./radixnode api system health | |
# # curl -k -f -u "admin:$NGINX_ADMIN_PASSWORD" http://localhost:5207 | |
# env: | |
# CORE_DOCKER_REPO_OVERRIDE: "radixdlt/radixdlt-core" | |
# RADIXDLT_APP_VERSION_OVERRIDE: "1.3.2" | |
# RADIXDLT_GATEWAY_VERSION_OVERRIDE: "0.0.1-rc1" |