149 lines
6.0 KiB
YAML
149 lines
6.0 KiB
YAML
name: Deploy to Mainnet network
|
|
|
|
# Run on pushes to master or PRs
|
|
on:
|
|
# Pull request hook without any config. Launches for every pull request
|
|
pull_request:
|
|
push:
|
|
branches:
|
|
- master
|
|
# Launches build when release is published
|
|
release:
|
|
types: [published]
|
|
|
|
env:
|
|
REPO_NAME_ALPHANUMERIC: safereact
|
|
REACT_APP_NETWORK: 'mainnet'
|
|
STAGING_BUCKET_NAME: ${{ secrets.STAGING_MAINNET_BUCKET_NAME }}
|
|
REACT_APP_SENTRY_DSN: ${{ secrets.SENTRY_DSN_MAINNET }}
|
|
REACT_APP_GOOGLE_ANALYTICS: ${{ secrets.REACT_APP_GOOGLE_ANALYTICS_ID_MAINNET }}
|
|
REACT_APP_GNOSIS_APPS_URL: ${{ secrets.REACT_APP_GNOSIS_APPS_URL_PROD }}
|
|
|
|
jobs:
|
|
debug:
|
|
name: Debug
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Dump env
|
|
run: env | sort
|
|
- name: Dump GitHub context
|
|
env:
|
|
GITHUB_CONTEXT: ${{ toJson(github) }}
|
|
run: echo "$GITHUB_CONTEXT"
|
|
deploy:
|
|
name: Deployment
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Remove broken apt repos [Ubuntu]
|
|
if: matrix.os == 'ubuntu-latest'
|
|
run: |
|
|
for apt_file in `grep -lr microsoft /etc/apt/sources.list.d/`; do sudo rm $apt_file; done
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v2
|
|
with:
|
|
node-version: 14
|
|
|
|
- uses: actions/cache@v2
|
|
with:
|
|
path: '**/node_modules'
|
|
key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}
|
|
|
|
- run: |
|
|
sudo apt-get update
|
|
sudo apt-get -y install python3-pip python3-dev libusb-1.0-0-dev libudev-dev
|
|
pip install awscli --upgrade --user
|
|
# Due to some dependencies yarn may randomly throw an error about invalid cache
|
|
# This approach is taken from https://github.com/yarnpkg/yarn/issues/7212#issuecomment-506155894 to fix the issue
|
|
# Another approach is to install with flag --network-concurrency 1, but this will make the installation pretty slow (default value is 8)
|
|
mkdir .yarncache
|
|
yarn install --cache-folder ./.yarncache --frozen-lockfile
|
|
rm -rf .yarncache
|
|
yarn cache clean
|
|
|
|
# Set production flag
|
|
- name: Set production flag for tag build
|
|
run: echo "REACT_APP_ENV=production" >> $GITHUB_ENV
|
|
if: startsWith(github.ref, 'refs/tags/v')
|
|
|
|
- name: Build ${{ env.REACT_APP_NETWORK }} app
|
|
run: yarn build
|
|
env:
|
|
PUBLIC_URL: './'
|
|
REACT_APP_FORTMATIC_KEY: ${{ secrets.REACT_APP_FORTMATIC_KEY }}
|
|
REACT_APP_INFURA_TOKEN: ${{ secrets.REACT_APP_INFURA_TOKEN }}
|
|
REACT_APP_PORTIS_ID: ${{ secrets.REACT_APP_PORTIS_ID }}
|
|
REACT_APP_INTERCOM_ID: ${{ secrets.REACT_APP_INTERCOM_ID }}
|
|
REACT_APP_IPFS_GATEWAY: ${{ secrets.REACT_APP_IPFS_GATEWAY }}
|
|
|
|
- name: Configure AWS credentials
|
|
uses: aws-actions/configure-aws-credentials@v1
|
|
with:
|
|
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
|
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
|
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
|
|
|
|
# Script to deploy Pull Requests
|
|
- run: bash ./scripts/github/deploy_pull_request.sh
|
|
if: success() && github.event.number
|
|
env:
|
|
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
|
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
|
PR_NUMBER: ${{ github.event.number }}
|
|
REVIEW_BUCKET_NAME: ${{ secrets.AWS_REVIEW_BUCKET_NAME }}
|
|
REACT_APP_NETWORK: ${{ env.REACT_APP_NETWORK }}
|
|
TRAVIS_TAG: ${{ github.event.release.tag_name }}
|
|
|
|
- name: 'PRaul: Comment PR with app URLs'
|
|
uses: mshick/add-pr-comment@v1
|
|
with:
|
|
message: |
|
|
* [Safe Multisig app ${{ env.REACT_APP_NETWORK }}](${{ env.REVIEW_FEATURE_URL }}/${{ env.REACT_APP_NETWORK }}/app/)
|
|
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
|
repo-token-user-login: 'github-actions[bot]'
|
|
allow-repeats: true
|
|
if: success() && github.event.number
|
|
env:
|
|
REVIEW_FEATURE_URL: https://pr${{ github.event.number }}--${{ env.REPO_NAME_ALPHANUMERIC }}.review.gnosisdev.com
|
|
|
|
# Script to deploy to development environment
|
|
# Mainnet build is never created in development branch
|
|
|
|
# Script to deploy to staging environment
|
|
- name: 'Deploy to S3: Staging'
|
|
if: github.ref == 'refs/heads/master' # Or refs/heads/main
|
|
run: aws s3 sync build s3://${{ env.STAGING_BUCKET_NAME }}/current/app --delete
|
|
|
|
# Script to upload release files
|
|
- name: 'Upload release build files for production'
|
|
if: startsWith(github.ref, 'refs/tags/v')
|
|
run: aws s3 sync build s3://${{ env.STAGING_BUCKET_NAME }}/releases/${{ github.event.release.tag_name }} --delete
|
|
# - run: bash ./scripts/github/deploy_release.sh
|
|
# if: startsWith(github.ref, 'refs/tags/v')
|
|
# env:
|
|
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
|
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
|
# PR_NUMBER: ${{ github.event.number }}
|
|
# REVIEW_BUCKET_NAME: ${{ secrets.AWS_REVIEW_BUCKET_NAME }}
|
|
# REACT_APP_NETWORK: ${{ env.REACT_APP_NETWORK }}
|
|
# VERSION_TAG: ${{ github.event.release.tag_name }}
|
|
|
|
# Script to prepare production deployments
|
|
- run: bash ./scripts/github/prepare_production_deployment.sh
|
|
if: success() && startsWith(github.ref, 'refs/tags/v')
|
|
env:
|
|
PROD_DEPLOYMENT_HOOK_TOKEN: ${{ secrets.PROD_DEPLOYMENT_HOOK_TOKEN }}
|
|
PROD_DEPLOYMENT_HOOK_URL: ${{ secrets.PROD_DEPLOYMENT_HOOK_URL }}
|
|
VERSION_TAG: ${{ github.event.release.tag_name }}
|
|
|
|
# Upload Sentry source maps when sending to staging or production
|
|
- run: yarn sentry-upload-sourcemaps
|
|
if: success() && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v'))
|
|
env:
|
|
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
|
|
SENTRY_ORG: ${{ secrets.SENTRY_ORG}}
|
|
SENTRY_PROJECT: gnosis-safe-multisig-${{ env.REACT_APP_NETWORK }}
|
|
|