From e646a09a0f80bb0ebe2c6909b98aafce0a887056 Mon Sep 17 00:00:00 2001 From: jluque Date: Tue, 21 Nov 2023 11:03:11 +0100 Subject: [PATCH 01/11] chore(INFRA-1282): add release action --- .github/workflows/build-test.yml | 71 ++++++++++++++++++++++++++++++++ .github/workflows/main.yml | 46 +++++++++++++++++++++ .github/workflows/release.yml | 38 +++++++++++++++++ 3 files changed, 155 insertions(+) create mode 100644 .github/workflows/build-test.yml create mode 100644 .github/workflows/main.yml create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml new file mode 100644 index 00000000..50afd431 --- /dev/null +++ b/.github/workflows/build-test.yml @@ -0,0 +1,71 @@ +name: Build, Lint, and Test + +on: + workflow_call: + +jobs: + prepare: + name: Prepare + runs-on: ubuntu-latest + steps: + # v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - name: Use Node.js + # v4.0.0 + uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 + with: + node-version-file: '.nvmrc' + cache: 'yarn' + - name: Install Yarn dependencies + run: yarn --immutable + + build: + name: Build + runs-on: ubuntu-latest + needs: + - prepare + steps: + - uses: actions/checkout@v3 + - name: Use Node.js + uses: actions/setup-node@v3 + with: + node-version-file: '.nvmrc' + cache: 'yarn' + - run: yarn --immutable --immutable-cache + - run: yarn build + - name: Store build artifact + uses: actions/upload-artifact@v3 + with: + name: build + path: ./build/ + - name: Require clean working directory + shell: bash + run: | + if ! git diff --exit-code; then + echo "Working tree dirty at end of job" + exit 1 + fi + + test: + name: Test + runs-on: ubuntu-latest + needs: + - prepare + steps: + # v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - name: Use Node.js + # v4.0.0 + uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 + with: + node-version-file: '.nvmrc' + cache: 'yarn' + - run: yarn --immutable --immutable-cache + - run: yarn test + - name: Require clean working directory + shell: bash + run: | + if ! git diff --exit-code; then + echo "Working tree dirty at end of job" + exit 1 + fi \ No newline at end of file diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 00000000..9677d3fb --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,46 @@ +name: Main + +on: + pull_request: + +jobs: + check-workflows: + name: Check workflows + runs-on: ubuntu-latest + steps: + # v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - name: Download actionlint + id: download-actionlint + run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/7fdc9630cc360ea1a469eed64ac6d78caeda1234/scripts/download-actionlint.bash) 1.6.23 + shell: bash + - name: Check workflow files + run: ${{ steps.download-actionlint.outputs.executable }} -color + shell: bash + + build-test: + name: Build and test + uses: ./.github/workflows/build-test.yml + + release-uat: + name: UAT Release + uses: ./.github/workflows/release.yml + needs: [ build-test ] + #if: github.ref == 'refs/heads/main' + if: always() + permissions: + contents: read + id-token: write + with: + environment: uat + + release-prd: + name: PRD Release + uses: ./.github/workflows/release.yml + needs: [ build-test ] + #if: github.ref == 'refs/heads/main' + permissions: + contents: read + id-token: write + with: + environment: prd \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..fc953da4 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,38 @@ +on: + workflow_call: + inputs: + environment: + required: true + description: Environment name + type: string +jobs: + deploy: + name: Deploy + runs-on: ubuntu-latest + environment: + name: ${{ inputs.environment }} + steps: + # v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - name: Use Node.js + # v4.0.0 + uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 + with: + node-version-file: '.nvmrc' + cache: 'yarn' + - name: configure AWS credentials + # v4.0.1 + uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a + with: + role-to-assume: ${{ vars.AWS_ROLE_ARN }} + role-session-name: ghactionssession + aws-region: ${{ vars.AWS_REGION }} + - name: download build artifact + uses: actions/download-artifact@v3 + with: + name: build + path: ./build/ + - name: Deploy website + run: | + aws s3 cp ./build/ s3://${{ vars.AWS_BUCKET_NAME }}/ --recursive --acl private + aws cloudfront create-invalidation --distribution-id ${{ vars.AWS_CF_DISTRIBUTION_ID }} --paths "/" From 8c823c054bb882e066e7cf0d9572fcd707d98dbf Mon Sep 17 00:00:00 2001 From: jluque Date: Tue, 21 Nov 2023 11:54:37 +0100 Subject: [PATCH 02/11] chore(INFRA-1282): Update readme, rename to master --- .github/workflows/{main.yml => master.yml} | 9 +++-- README.md | 43 +++++++++++++++++++--- 2 files changed, 43 insertions(+), 9 deletions(-) rename .github/workflows/{main.yml => master.yml} (87%) diff --git a/.github/workflows/main.yml b/.github/workflows/master.yml similarity index 87% rename from .github/workflows/main.yml rename to .github/workflows/master.yml index 9677d3fb..44c6315d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/master.yml @@ -2,6 +2,8 @@ name: Main on: pull_request: + push: + branches: [master] jobs: check-workflows: @@ -26,8 +28,7 @@ jobs: name: UAT Release uses: ./.github/workflows/release.yml needs: [ build-test ] - #if: github.ref == 'refs/heads/main' - if: always() + if: github.ref == 'refs/heads/master' permissions: contents: read id-token: write @@ -37,8 +38,8 @@ jobs: release-prd: name: PRD Release uses: ./.github/workflows/release.yml - needs: [ build-test ] - #if: github.ref == 'refs/heads/main' + needs: [ build-test, release-uat ] + if: github.ref == 'refs/heads/master' permissions: contents: read id-token: write diff --git a/README.md b/README.md index bc8c2681..9db5a197 100644 --- a/README.md +++ b/README.md @@ -71,12 +71,45 @@ The project follows the same release process as the other projects in the MetaMa ### Deployments -- Make sure you have the netlify client configured with your credentials and you have access to the project. +#### Repository Release Process Documentation -#### Staging +This section provides a detailed explanation of the release process for this repository, which is managed through a GitHub Action workflow. -- `npm run deploy` +##### Workflow Overview -#### Production +The GitHub Action workflow is named `master` and it is triggered on every pull request and push to the `master` branch. The workflow consists of four jobs: + +1. `check-workflows` +2. `build-test` +3. `release-uat` +4. `release-prd` + +###### 1. Check Workflows + +This job performs the following steps: + +- Checks out the repository using the `actions/checkout` action. +- Downloads `actionlint`, a tool for linting GitHub Actions workflow files. +- Checks the workflow files using `actionlint`. + +###### 2. Build and Test + +This job uses the workflow defined in `./.github/workflows/build-test.yml`. It is responsible for building the project and running tests to ensure the code is working as expected. + +###### 3. UAT Release + +This job uses the workflow defined in `./.github/workflows/release.yml`. It is dependent on the `build-test` job and only runs if the `build-test` job is successful and the current branch is `master`. This job is responsible for releasing the project to the User Acceptance Testing (UAT) environment. + +###### 4. PRD Release + +This job is similar to the `release-uat` job but it releases the project to the Production (PRD) environment. It also depends on the `build-test` job and only runs if the `build-test` job is successful and the current branch is `master`. + +##### Release Process + +The release process is initiated when a pull request is merged into the `master` branch or when a direct push is made to the `master` branch. Here are the steps that are followed: + +1. The `check-workflows` job is run to ensure the workflow files are valid. +2. If the workflow files are valid, the `build-test` job is run to build the project and run tests. +3. If the `build-test` job is successful, the `release-uat` job is run to release the project to the UAT environment. +4. If the `release-uat` job is successful, the `release-prd` job is run to release the project to the PRD environment, ideally `prd` GitHub environment has configured environment deployment policy (approvals). -- `npm run deploy:prod` From 4bc054d5ee7aca7de5689c742bfa8f0c87fda8e3 Mon Sep 17 00:00:00 2001 From: jluque Date: Wed, 6 Dec 2023 12:55:21 +0100 Subject: [PATCH 03/11] chore(INFRA-1282): remove inmutable and unrequired step --- .github/workflows/build-test.yml | 4 ++-- .github/workflows/release.yml | 8 -------- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index 50afd431..eccb3319 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -17,7 +17,7 @@ jobs: node-version-file: '.nvmrc' cache: 'yarn' - name: Install Yarn dependencies - run: yarn --immutable + run: yarn build: name: Build @@ -31,7 +31,7 @@ jobs: with: node-version-file: '.nvmrc' cache: 'yarn' - - run: yarn --immutable --immutable-cache + - run: yarn - run: yarn build - name: Store build artifact uses: actions/upload-artifact@v3 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fc953da4..9556dc53 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,14 +12,6 @@ jobs: environment: name: ${{ inputs.environment }} steps: - # v4.1.1 - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - name: Use Node.js - # v4.0.0 - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 - with: - node-version-file: '.nvmrc' - cache: 'yarn' - name: configure AWS credentials # v4.0.1 uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a From 19290bd370d410e792f2e6b4e26686b5adc66ace Mon Sep 17 00:00:00 2001 From: Jose Luque Date: Thu, 14 Dec 2023 11:41:54 +0100 Subject: [PATCH 04/11] chore(INFRA-1282): update yarn settings --- .github/workflows/build-test.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index eccb3319..7f2f1e90 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -17,7 +17,7 @@ jobs: node-version-file: '.nvmrc' cache: 'yarn' - name: Install Yarn dependencies - run: yarn + run: yarn --immutable build: name: Build @@ -60,7 +60,7 @@ jobs: with: node-version-file: '.nvmrc' cache: 'yarn' - - run: yarn --immutable --immutable-cache + - run: yarn - run: yarn test - name: Require clean working directory shell: bash @@ -68,4 +68,5 @@ jobs: if ! git diff --exit-code; then echo "Working tree dirty at end of job" exit 1 - fi \ No newline at end of file + fi + From 619b9ddf180819f3991464ca5cd857cea2bfb4b1 Mon Sep 17 00:00:00 2001 From: Jose Luque Date: Thu, 14 Dec 2023 11:43:43 +0100 Subject: [PATCH 05/11] chore(INFRA-1282): fix --- .github/workflows/build-test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index 7f2f1e90..7bef8686 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -17,7 +17,7 @@ jobs: node-version-file: '.nvmrc' cache: 'yarn' - name: Install Yarn dependencies - run: yarn --immutable + run: yarn build: name: Build @@ -31,7 +31,7 @@ jobs: with: node-version-file: '.nvmrc' cache: 'yarn' - - run: yarn + - run: yarn --immutable - run: yarn build - name: Store build artifact uses: actions/upload-artifact@v3 From 83b4c615c02316b92f0ca904030eddb93773cf61 Mon Sep 17 00:00:00 2001 From: Jose Luque Date: Fri, 15 Dec 2023 19:10:00 +0100 Subject: [PATCH 06/11] chore(INFRA-1282): add only immutable --- .github/workflows/build-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index 7bef8686..b69c5095 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -60,7 +60,7 @@ jobs: with: node-version-file: '.nvmrc' cache: 'yarn' - - run: yarn + - run: yarn --immutable - run: yarn test - name: Require clean working directory shell: bash From 07c0d324fae61b085ec94b67430cf01bf3999e92 Mon Sep 17 00:00:00 2001 From: Jake Perkins Date: Wed, 9 Apr 2025 12:38:36 -0500 Subject: [PATCH 07/11] cicd-testing --- .github/workflows/master.yml | 7 ++++++- .github/workflows/release.yml | 27 ++++++++++++++++++++++----- 2 files changed, 28 insertions(+), 6 deletions(-) diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index 44c6315d..071cd356 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -28,12 +28,17 @@ jobs: name: UAT Release uses: ./.github/workflows/release.yml needs: [ build-test ] - if: github.ref == 'refs/heads/master' + # Todo Remove After testing + if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/cf-cicd' permissions: contents: read id-token: write with: environment: uat + aws-region: us-east-1 + aws-role-arn: arn:aws:iam::722264665990:role/OIDCGithubProviderRoleMetamaskHome + aws-bucket-name: stage.home.metamask.io + cloudfront-distribution-id: E1RY04JD0H4SYF release-prd: name: PRD Release diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9556dc53..8b5fee15 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,6 +5,23 @@ on: required: true description: Environment name type: string + aws-region: + required: true + description: AWS region + type: string + default: us-east-1 + aws-role-arn: + required: true + description: AWS role ARN + type: string + aws-bucket-name: + required: true + description: AWS S3 bucket name + type: string + cloudfront-distribution-id: + required: true + description: AWS CloudFront distribution ID + type: string jobs: deploy: name: Deploy @@ -16,9 +33,9 @@ jobs: # v4.0.1 uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a with: - role-to-assume: ${{ vars.AWS_ROLE_ARN }} - role-session-name: ghactionssession - aws-region: ${{ vars.AWS_REGION }} + role-to-assume: ${{ inputs.aws-role-arn }} + role-session-name: github-actions + aws-region: ${{ inputs.aws-region }} - name: download build artifact uses: actions/download-artifact@v3 with: @@ -26,5 +43,5 @@ jobs: path: ./build/ - name: Deploy website run: | - aws s3 cp ./build/ s3://${{ vars.AWS_BUCKET_NAME }}/ --recursive --acl private - aws cloudfront create-invalidation --distribution-id ${{ vars.AWS_CF_DISTRIBUTION_ID }} --paths "/" + aws s3 cp ./build/ s3://${{ inputs.aws-bucket-name }}/ --recursive --acl private + aws cloudfront create-invalidation --distribution-id ${{ inputs.cloudfront-distribution-id }} --paths "/" From e158d748d34aeb26d2ab913dc8a7e8685db461bf Mon Sep 17 00:00:00 2001 From: Jake Perkins Date: Wed, 9 Apr 2025 12:40:27 -0500 Subject: [PATCH 08/11] v4 --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8b5fee15..a83b6541 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -31,7 +31,7 @@ jobs: steps: - name: configure AWS credentials # v4.0.1 - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ inputs.aws-role-arn }} role-session-name: github-actions From 9e927b50c66cf427915e95227d78cc01b71157fe Mon Sep 17 00:00:00 2001 From: Jake Perkins Date: Wed, 9 Apr 2025 12:43:06 -0500 Subject: [PATCH 09/11] workflow --- .github/workflows/master.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index 071cd356..8a5c69f0 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -49,4 +49,9 @@ jobs: contents: read id-token: write with: - environment: prd \ No newline at end of file + #TODO Update + environment: prd + aws-region: us-east-1 + aws-role-arn: arn:aws:iam::722264665990:role/OIDCGithubProviderRoleMetamaskHome + aws-bucket-name: stage.home.metamask.io + cloudfront-distribution-id: E1RY04JD0H4SYF \ No newline at end of file From acd007b41728a1636e956fe78460a40c359c66c4 Mon Sep 17 00:00:00 2001 From: Jake Perkins Date: Wed, 9 Apr 2025 12:55:29 -0500 Subject: [PATCH 10/11] bump nvmrc --- .nvmrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.nvmrc b/.nvmrc index dae199ae..ca3f1e5c 100644 --- a/.nvmrc +++ b/.nvmrc @@ -1 +1 @@ -v12 +v14 \ No newline at end of file From 6cd9ee0a78d3a0aea7f4b3378bc428de8b68f85e Mon Sep 17 00:00:00 2001 From: Jake Perkins Date: Wed, 9 Apr 2025 15:04:42 -0500 Subject: [PATCH 11/11] node v16 --- .nvmrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.nvmrc b/.nvmrc index ca3f1e5c..5edcff03 100644 --- a/.nvmrc +++ b/.nvmrc @@ -1 +1 @@ -v14 \ No newline at end of file +v16 \ No newline at end of file