safe-react/.github/workflows/deploy-mainnet.yml

149 lines
6.0 KiB
YAML

name: Deploy to Mainnet network
# Run on pushes to master or PRs
on:
# Pull request hook without any config. Launches for every pull request
pull_request:
push:
branches:
- master
# Launches build when release is published
release:
types: [published]
env:
REPO_NAME_ALPHANUMERIC: safereact
REACT_APP_NETWORK: 'mainnet'
STAGING_BUCKET_NAME: ${{ secrets.STAGING_MAINNET_BUCKET_NAME }}
REACT_APP_SENTRY_DSN: ${{ secrets.SENTRY_DSN_MAINNET }}
REACT_APP_GOOGLE_ANALYTICS: ${{ secrets.REACT_APP_GOOGLE_ANALYTICS_ID_MAINNET }}
REACT_APP_GNOSIS_APPS_URL: ${{ secrets.REACT_APP_GNOSIS_APPS_URL_PROD }}
jobs:
debug:
name: Debug
runs-on: ubuntu-latest
steps:
- name: Dump env
run: env | sort
- name: Dump GitHub context
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
run: echo "$GITHUB_CONTEXT"
deploy:
name: Deployment
runs-on: ubuntu-latest
steps:
- name: Remove broken apt repos [Ubuntu]
if: matrix.os == 'ubuntu-latest'
run: |
for apt_file in `grep -lr microsoft /etc/apt/sources.list.d/`; do sudo rm $apt_file; done
- uses: actions/checkout@v2
- name: Setup Node.js
uses: actions/setup-node@v2
with:
node-version: 14
- uses: actions/cache@v2
with:
path: '**/node_modules'
key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}
- run: |
sudo apt-get update
sudo apt-get -y install python3-pip python3-dev libusb-1.0-0-dev libudev-dev
pip install awscli --upgrade --user
# Due to some dependencies yarn may randomly throw an error about invalid cache
# This approach is taken from https://github.com/yarnpkg/yarn/issues/7212#issuecomment-506155894 to fix the issue
# Another approach is to install with flag --network-concurrency 1, but this will make the installation pretty slow (default value is 8)
mkdir .yarncache
yarn install --cache-folder ./.yarncache --frozen-lockfile
rm -rf .yarncache
yarn cache clean
# Set production flag
- name: Set production flag for tag build
run: echo "REACT_APP_ENV=production" >> $GITHUB_ENV
if: startsWith(github.ref, 'refs/tags/v')
- name: Build ${{ env.REACT_APP_NETWORK }} app
run: yarn build
env:
PUBLIC_URL: './'
REACT_APP_FORTMATIC_KEY: ${{ secrets.REACT_APP_FORTMATIC_KEY }}
REACT_APP_INFURA_TOKEN: ${{ secrets.REACT_APP_INFURA_TOKEN }}
REACT_APP_PORTIS_ID: ${{ secrets.REACT_APP_PORTIS_ID }}
REACT_APP_INTERCOM_ID: ${{ secrets.REACT_APP_INTERCOM_ID }}
REACT_APP_IPFS_GATEWAY: ${{ secrets.REACT_APP_IPFS_GATEWAY }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
# Script to deploy Pull Requests
- run: bash ./scripts/github/deploy_pull_request.sh
if: success() && github.event.number
env:
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
PR_NUMBER: ${{ github.event.number }}
REVIEW_BUCKET_NAME: ${{ secrets.AWS_REVIEW_BUCKET_NAME }}
REACT_APP_NETWORK: ${{ env.REACT_APP_NETWORK }}
TRAVIS_TAG: ${{ github.event.release.tag_name }}
- name: 'PRaul: Comment PR with app URLs'
uses: mshick/add-pr-comment@v1
with:
message: |
* [Safe Multisig app ${{ env.REACT_APP_NETWORK }}](${{ env.REVIEW_FEATURE_URL }}/${{ env.REACT_APP_NETWORK }}/app/)
repo-token: ${{ secrets.GITHUB_TOKEN }}
repo-token-user-login: 'github-actions[bot]'
allow-repeats: true
if: success() && github.event.number
env:
REVIEW_FEATURE_URL: https://pr${{ github.event.number }}--${{ env.REPO_NAME_ALPHANUMERIC }}.review.gnosisdev.com
# Script to deploy to development environment
# Mainnet build is never created in development branch
# Script to deploy to staging environment
- name: 'Deploy to S3: Staging'
if: github.ref == 'refs/heads/master' # Or refs/heads/main
run: aws s3 sync build s3://${{ env.STAGING_BUCKET_NAME }}/current/app --delete
# Script to upload release files
- name: 'Upload release build files for production'
if: startsWith(github.ref, 'refs/tags/v')
run: aws s3 sync build s3://${{ env.STAGING_BUCKET_NAME }}/releases/${{ github.event.release.tag_name }} --delete
# - run: bash ./scripts/github/deploy_release.sh
# if: startsWith(github.ref, 'refs/tags/v')
# env:
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
# PR_NUMBER: ${{ github.event.number }}
# REVIEW_BUCKET_NAME: ${{ secrets.AWS_REVIEW_BUCKET_NAME }}
# REACT_APP_NETWORK: ${{ env.REACT_APP_NETWORK }}
# VERSION_TAG: ${{ github.event.release.tag_name }}
# Script to prepare production deployments
- run: bash ./scripts/github/prepare_production_deployment.sh
if: success() && startsWith(github.ref, 'refs/tags/v')
env:
PROD_DEPLOYMENT_HOOK_TOKEN: ${{ secrets.PROD_DEPLOYMENT_HOOK_TOKEN }}
PROD_DEPLOYMENT_HOOK_URL: ${{ secrets.PROD_DEPLOYMENT_HOOK_URL }}
VERSION_TAG: ${{ github.event.release.tag_name }}
# Upload Sentry source maps when sending to staging or production
- run: yarn sentry-upload-sourcemaps
if: success() && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v'))
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: ${{ secrets.SENTRY_ORG}}
SENTRY_PROJECT: gnosis-safe-multisig-${{ env.REACT_APP_NETWORK }}