Skip to content

infrastructure

infrastructure #1001

Workflow file for this run

name: infrastructure
on:
workflow_run:
workflows:
- ci
types:
- completed
workflow_dispatch:
inputs:
profile:
description: 'Profile'
type: choice
options:
- devnet
- testnet
default: 'devnet'
init:
description: 'Initialize'
type: boolean
default: false
logs:
description: 'Collect Logs'
type: boolean
default: false
debug:
description: 'Debug Deployment'
type: boolean
default: false
target:
description: 'Target Machine'
type: choice
options:
- lax1
- nyc1
- nyc2
- mia2
default: 'lax'
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event.inputs.target }}
cancel-in-progress: true
jobs:
cluster:
name: Setup and Test Nomad Cluster
runs-on: ubuntu-22.04
timeout-minutes: 180
if: ${{ github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }}
steps:
- name: Setup Environment
run: |
echo "${{ secrets.INFRASTRUCTURE_DNS_RECORDS }}" | sudo tee -a /etc/hosts
sudo systemctl restart systemd-resolved
IS_MANUAL_DEPLOYMENT=$([ "${{ github.event_name }}" == "workflow_dispatch" ] && echo true || echo false)
CLUSTER_PROFILE_FLAG=$([ "${IS_MANUAL_DEPLOYMENT}" == "true" ] && echo "--profile ${{ github.event.inputs.profile }}" || echo "--profile ci")
CLUSTER_LOGS_FLAG=$([ "${{ github.event.inputs.logs }}" == "false" ] && echo "--no-logs-collection" || echo "")
DEBUG_FLAG=$([ "${{ github.event.inputs.debug }}" == "true" ] && echo "--debug" || echo "")
TARGET_MACHINE_IP=$([ "${IS_MANUAL_DEPLOYMENT}" == "true" ] && echo "$(dig +short ${{ github.event.inputs.target }})" || echo "127.0.0.1")
echo "IS_MANUAL_DEPLOYMENT=${IS_MANUAL_DEPLOYMENT}" >> ${GITHUB_ENV}
echo "CLUSTER_PROFILE_FLAG=${CLUSTER_PROFILE_FLAG}" >> ${GITHUB_ENV}
echo "CLUSTER_LOGS_FLAG=${CLUSTER_LOGS_FLAG}" >> ${GITHUB_ENV}
echo "DEBUG_FLAG=${DEBUG_FLAG}" >> ${GITHUB_ENV}
echo "TARGET_MACHINE_IP=${TARGET_MACHINE_IP}" >> ${GITHUB_ENV}
- name: Notify - Deployment Initialized
if: ${{ env.IS_MANUAL_DEPLOYMENT == 'true' }}
run: |
WORKFLOW_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
PAYLOAD=$(cat <<-EOH
{
"text": "<@${{ github.actor }}> - deployment to <http://${TARGET_MACHINE_IP}:4646/ui|*${{ github.event.inputs.target }}*> has been initialized",
"attachments": [
{
"color": "#0000FF",
"fields": [
{
"title": "Workflow",
"value": "<${WORKFLOW_URL}|View Workflow Run>",
"short": false
},
]
}
]
}
EOH
)
curl -X POST -H 'Content-type: application/json' --data "${PAYLOAD}" "${{ secrets.SLACK_CI_CHANNEL_WEBHOOK_URL }}"
- name: Checkout Code
uses: actions/checkout@v4
with:
submodules: recursive
ref: ${{ github.event.workflow_run.head_branch }}
- name: Setup Cache
uses: actions/cache@v4
with:
path: |
~/go/pkg/mod
~/.cache/go-build
~/.local/pipx
/usr/local/bin/goreleaser
key: ${{ runner.os }}-go-${{ hashFiles('**/go.work.sum') }}
restore-keys: ${{ runner.os }}-go-
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: 1.22
check-latest: true
cache-dependency-path: go.work.sum
- name: Install Required Dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: |
echo 'deb [trusted=yes] https://repo.goreleaser.com/apt/ /' | sudo tee /etc/apt/sources.list.d/goreleaser.list
sudo apt-get update
sudo apt-get install --yes goreleaser
pip install boto3 botocore
pipx inject ansible-core botocore boto3
- name: Configure Control Machine
run: |
sudo useradd --create-home ubuntu && sudo usermod --append --groups sudo ubuntu
ANSIBLE_CONNECTION="ansible_connection=local"
if [ "${IS_MANUAL_DEPLOYMENT}" == "true" ]; then
ANSIBLE_CONNECTION=""
export ANSIBLE_HOST_KEY_CHECKING=false
mkdir -p ~/.ssh && \
chmod 700 ~/.ssh && \
echo "${{ secrets.INFRASTRUCTURE_DEPLOYMENT_KEY }}" > ~/.ssh/id_ed25519 && \
chmod 600 ~/.ssh/id_ed25519
fi
aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }}
aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws configure set default.region us-west-2
cp infrastructure/nomad/ansible.cfg.example infrastructure/nomad/ansible.cfg
cat <<-EOH > infrastructure/nomad/hosts.ini
[nomad_servers]
${TARGET_MACHINE_IP} ${ANSIBLE_CONNECTION} ansible_user=ubuntu
[nomad_clients]
${TARGET_MACHINE_IP} ${ANSIBLE_CONNECTION} ansible_user=ubuntu
EOH
ansible all --inventory infrastructure/nomad/hosts.ini --module-name ping
- name: Destroy Existing Cluster
if: ${{ env.IS_MANUAL_DEPLOYMENT == 'true' }}
run: |
./cluster.sh destroy ${CLUSTER_PROFILE_FLAG} ${DEBUG_FLAG}
working-directory: infrastructure/nomad
- name: Initialize Cluster
if: ${{ env.IS_MANUAL_DEPLOYMENT == 'false' || github.event.inputs.init == 'true'}}
run: |
START_TIME="$(date +%s)"
./cluster.sh init ${CLUSTER_PROFILE_FLAG} ${DEBUG_FLAG}
END_TIME="$(date +%s)"
echo "INIT_DURATION=$(date -ud "@$((END_TIME - START_TIME))" +'%H:%M:%S')" >> ${GITHUB_ENV}
working-directory: infrastructure/nomad
- name: Deploy Cluster
run: |
START_TIME="$(date +%s)"
./cluster.sh deploy ${CLUSTER_PROFILE_FLAG} ${CLUSTER_LOGS_FLAG} ${DEBUG_FLAG}
END_TIME="$(date +%s)"
echo "DEPLOY_DURATION=$(date -ud "@$((END_TIME - START_TIME))" +'%H:%M:%S')" >> ${GITHUB_ENV}
working-directory: infrastructure/nomad
- name: Notify - Deployment Successful
if: ${{ env.IS_MANUAL_DEPLOYMENT == 'true' && success() }}
run: |
INIT_DURATION=${INIT_DURATION:-N/A}
DEPLOY_DURATION=${DEPLOY_DURATION:-N/A}
RUNNER_DURATION=$(date -ud "@$(( $(date +%s) - $(date +%s -r /proc/$(pgrep -o -x "runner")/stat) ))" +'%H:%M:%S')
WORKFLOW_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
PAYLOAD=$(cat <<-EOH
{
"text": "<@${{ github.actor }}> - deployment to <http://${TARGET_MACHINE_IP}:4646/ui|*${{ github.event.inputs.target }}*> was successful",
"attachments": [
{
"color": "#00FF00",
"fields": [
{
"title": "Workflow",
"value": "<${WORKFLOW_URL}|View Workflow Run>",
"short": false
},
{
"title": "Deployment Duration",
"value": "Init: ${INIT_DURATION}\nDeploy: ${DEPLOY_DURATION}\nRunner: ${RUNNER_DURATION}",
"short": false
}
]
}
]
}
EOH
)
curl -X POST -H 'Content-type: application/json' --data "${PAYLOAD}" "${{ secrets.SLACK_CI_CHANNEL_WEBHOOK_URL }}"
- name: Notify - Deployment Failed
if: ${{ env.IS_MANUAL_DEPLOYMENT == 'true' && failure() }}
run: |
WORKFLOW_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
PAYLOAD=$(cat <<-EOH
{
"text": "<@${{ github.actor }}> - deployment to <http://${TARGET_MACHINE_IP}:4646/ui|*${{ github.event.inputs.target }}*> has failed",
"attachments": [
{
"color": "#FF0000",
"fields": [
{
"title": "Workflow",
"value": "<${WORKFLOW_URL}|View Workflow Run>",
"short": false
},
]
}
]
}
EOH
)
curl -X POST -H 'Content-type: application/json' --data "${PAYLOAD}" "${{ secrets.SLACK_CI_CHANNEL_WEBHOOK_URL }}"
- name: Initialize Debug Shell
if: ${{ env.IS_MANUAL_DEPLOYMENT == 'false' && failure() }}
run: |
TUNSHELL_KEYS=$(curl -sSf -X POST https://eu.relay.tunshell.com/api/sessions)
DEBUG_SHELL="sh <(curl -sSf https://lets.tunshell.com/init.sh) L $(echo ${TUNSHELL_KEYS} | jq -r .peer2_key) \${TUNSHELL_SECRET} eu.relay.tunshell.com"
WORKFLOW_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
PR_TITLE="$(jq -r .head_commit.message <<< '${{ toJson(github.event.workflow_run) }}')"
PR_URL="$(jq -r '.head_commit.url // ""' <<< '${{ toJson(github.event.workflow_run) }}')"
PAYLOAD=$(cat <<-EOH
{
"text": "<@${{ github.actor }}> infrastructure workflow has failed:",
"attachments": [
{
"color": "#FF0000",
"fields": [
{
"title": "Workflow",
"value": "<${WORKFLOW_URL}|View Workflow Run>",
"short": false
},
$( [ -n "$PR_URL" ] && cat <<-PULL_REQUEST
{
"title": "Pull Request",
"value": "<${PR_URL}|${PR_TITLE}>",
"short": false
},
PULL_REQUEST
)
{
"title": "Debug Shell",
"value": "\`\`\`${DEBUG_SHELL}\`\`\`",
"short": false
}
]
}
]
}
EOH
)
echo "Debug Shell: ${DEBUG_SHELL}"
curl -X POST -H 'Content-type: application/json' --data "${PAYLOAD}" "${{ secrets.SLACK_CI_CHANNEL_WEBHOOK_URL }}"
curl -sSf https://lets.tunshell.com/init.sh | sh -s -- T $(echo ${TUNSHELL_KEYS} | jq -r .peer1_key) ${{ secrets.TUNSHELL_SECRET }} eu.relay.tunshell.com