Deploy Sprinter signing with Portainer to staging - latest by @mpetrun5 #96
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to staging | |
| run-name: Deploy Sprinter signing with Portainer to staging - ${{ github.event.inputs.image_version || 'latest' }} by @${{ github.actor }} | |
| on: | |
| workflow_run: | |
| workflows: ["Publish Latest Docker Image"] | |
| types: | |
| - completed | |
| workflow_dispatch: | |
| inputs: | |
| image_version: | |
| description: 'Signing version. Example: v2.0.0' | |
| required: true | |
| default: latest | |
| env: | |
| PORTAINER_ENDPOINT_ID: 8 | |
| STACK_NAME: sprinter-signing-staging | |
| jobs: | |
| deploy: | |
| if: ${{ github.event.workflow_run.conclusion == 'success' || github.event.inputs.image_version }} | |
| runs-on: | |
| group: portainer-deployment | |
| environment: staging | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| clean: true | |
| - name: Check if stack exists in Portainer | |
| id: check_stack | |
| env: | |
| PORTAINER_URL: ${{ secrets.PORTAINER_URL }} | |
| PORTAINER_API_TOKEN: ${{ secrets.PORTAINER_API_TOKEN }} | |
| run: | | |
| RESPONSE=$(curl -s -H "X-API-Key: ${{ secrets.PORTAINER_API_TOKEN }}" "${{ secrets.PORTAINER_URL }}/api/stacks") | |
| STACK_ID=$(echo "$RESPONSE" | jq -r --arg name "$STACK_NAME" '.[] | select(.Name == $name) | .Id') | |
| if [ -n "$STACK_ID" ]; then | |
| echo "Stack exists. ID: $STACK_ID" | |
| echo "exists=true" >> $GITHUB_OUTPUT | |
| echo "stack_id=$STACK_ID" >> $GITHUB_OUTPUT | |
| else | |
| echo "Stack does not exist." | |
| echo "exists=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Render docker-compose.yml with envsubst | |
| env: | |
| DOCKER_COMPOSE_PATH: ./deploy/docker-compose.staging.yml | |
| # export here all secrets used in the docker-compose environment | |
| SIGNING_IMAGE_VERSION: ${{ github.event.inputs.image_version || 'latest' }} | |
| SPRINTER_SIGNING_DOMAIN: ${{ secrets.SPRINTER_SIGNING_DOMAIN }} | |
| # Shared across all relayers | |
| SYG_CHAINS: ${{ secrets.SYG_CHAINS }} | |
| SYG_RELAYER_SOLVERCONFIG_ACCESSKEY: ${{ secrets.SYG_RELAYER_SOLVERCONFIG_ACCESSKEY }} | |
| SYG_RELAYER_SOLVERCONFIG_SECRETKEY: ${{ secrets.SYG_RELAYER_SOLVERCONFIG_SECRETKEY }} | |
| SYG_RELAYER_COINMARKETCAPCONFIG_APIKEY: ${{ secrets.SYG_RELAYER_COINMARKETCAPCONFIG_APIKEY }} | |
| SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_ENCRYPTIONKEY: ${{ secrets.SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_ENCRYPTIONKEY }} | |
| SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_URL: ${{ secrets.SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_URL }} | |
| # Per-relayer secrets | |
| SYG_RELAYER_MPCCONFIG_KEY_1: ${{ secrets.SYG_RELAYER_MPCCONFIG_KEY_1 }} | |
| KEYSHARE_1: ${{ secrets.KEYSHARE_1 }} | |
| SYG_RELAYER_MPCCONFIG_KEY_2: ${{ secrets.SYG_RELAYER_MPCCONFIG_KEY_2 }} | |
| KEYSHARE_2: ${{ secrets.KEYSHARE_2 }} | |
| SYG_RELAYER_MPCCONFIG_KEY_3: ${{ secrets.SYG_RELAYER_MPCCONFIG_KEY_3 }} | |
| KEYSHARE_3: ${{ secrets.KEYSHARE_3 }} | |
| run: | | |
| envsubst '$SIGNING_IMAGE_VERSION $SPRINTER_SIGNING_DOMAIN $SYG_CHAINS $SYG_RELAYER_SOLVERCONFIG_ACCESSKEY $SYG_RELAYER_SOLVERCONFIG_SECRETKEY $SYG_RELAYER_COINMARKETCAPCONFIG_APIKEY $SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_ENCRYPTIONKEY $SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_URL $SYG_RELAYER_MPCCONFIG_KEY_1 $KEYSHARE_1 $SYG_RELAYER_MPCCONFIG_KEY_2 $KEYSHARE_2 $SYG_RELAYER_MPCCONFIG_KEY_3 $KEYSHARE_3' < ${DOCKER_COMPOSE_PATH} > docker-compose.rendered.yml | |
| echo "Rendered docker-compose" | |
| - name: Deploy stack (create or update) | |
| env: | |
| PORTAINER_URL: ${{ secrets.PORTAINER_URL }} | |
| PORTAINER_API_TOKEN: ${{ secrets.PORTAINER_API_TOKEN }} | |
| run: | | |
| STACK_EXISTS="${{ steps.check_stack.outputs.exists }}" | |
| STACK_ID="${{ steps.check_stack.outputs.stack_id }}" | |
| if [ "$STACK_EXISTS" = "true" ]; then | |
| echo "Updating existing stack with ID: $STACK_ID" | |
| jq -n --rawfile compose docker-compose.rendered.yml \ | |
| '{stackFileContent: $compose, prune: true, pullImage: true, env: []}' > payload.json | |
| curl -s -X PUT "$PORTAINER_URL/api/stacks/$STACK_ID?endpointId=$PORTAINER_ENDPOINT_ID" \ | |
| -H "X-API-Key: $PORTAINER_API_TOKEN" \ | |
| -H "Content-Type: application/json" \ | |
| -d @payload.json \ | |
| --fail | |
| else | |
| echo "Creating new stack: $STACK_NAME" | |
| jq -n --rawfile compose docker-compose.rendered.yml \ | |
| --arg name "$STACK_NAME" \ | |
| '{name: $name, fromAppTemplate: false, stackFileContent: $compose, env: []}' > payload.json | |
| curl -v -s -X POST "$PORTAINER_URL/api/stacks/create/standalone/string?endpointId=$PORTAINER_ENDPOINT_ID" \ | |
| -H "X-API-Key: $PORTAINER_API_TOKEN" \ | |
| -H "Content-Type: application/json" \ | |
| -d @payload.json \ | |
| --fail | |
| fi | |
| - name: Cleanup | |
| run: rm -rf docker-compose.rendered.yml payload.json |