feat: migrate to GitHub Actions and enhance deployment workflow

.drone.yml

@@ -288,139 +288,6 @@ steps:
       password:
         from_secret: nexus-password
 
----
-#pipeline to publish dapp contract on iexec
-kind: pipeline
-type: docker
-name: deploy-dapp-contract
-
-trigger:
-  event:
-    - promote
-  target:
-    - dapp-dev
-    - dapp-prod
-  branch:
-    - main
-
-steps:
-  - name: get scone fingerprint (dev)
-    image: iexechub/web3telegram-dapp:dev-${DRONE_COMMIT}-sconify-5.7.6-v15-production
-    commands:
-      - SCONE_HASH=1 node > deployment-dapp/.scone-fingerprint
-    when:
-      target:
-        - dapp-dev
-
-  - name: get scone fingerprint (prod)
-    # /!\: maintain the version here
-    image: iexechub/web3telegram-dapp:0.0.2-alpha-sconify-5.7.6-v15-production
-    commands:
-      - SCONE_HASH=1 node > deployment-dapp/.scone-fingerprint
-    when:
-      target:
-        - dapp-prod
-
-  - name: install deps
-    image: node:18.19
-    pull: always
-    commands:
-      - npm ci
-      - cd node_modules/whitelist-smart-contract
-      - npm install --save-dev ts-node
-      - cd ../../deployment-dapp
-      - npm ci
-
-  - name: deploy dapp contract
-    image: node:18.19
-    pull: always
-    environment:
-      DRONE_DEPLOY_TO: $DRONE_DEPLOY_TO
-      WALLET_PRIVATE_KEY_DEV:
-        from_secret: web3telegram-dapp-owner-dev-privatekey
-      WALLET_PRIVATE_KEY_PROD:
-        from_secret: web3telegram-dapp-owner-prod-privatekey
-    commands:
-      - cd deployment-dapp
-      - npm run deploy-dapp
-
-  - name: push dapp secret
-    image: node:18.19
-    pull: always
-    environment:
-      DRONE_DEPLOY_TO: $DRONE_DEPLOY_TO
-      WALLET_PRIVATE_KEY_DEV:
-        from_secret: web3telegram-dapp-owner-dev-privatekey
-      WALLET_PRIVATE_KEY_PROD:
-        from_secret: web3telegram-dapp-owner-prod-privatekey
-      TELEGRAM_BOT_TOKEN_DEV:
-        from_secret: telegram-bot-token-dev
-      TELEGRAM_BOT_TOKEN_PROD:
-        from_secret: telegram-bot-token-prod
-    commands:
-      - cd deployment-dapp
-      - npm run push-dapp-secret
-
-  - name: publish free sell order
-    image: node:18.19
-    pull: always
-    environment:
-      DRONE_DEPLOY_TO: $DRONE_DEPLOY_TO
-      WALLET_PRIVATE_KEY_DEV:
-        from_secret: web3telegram-dapp-owner-dev-privatekey
-      WALLET_PRIVATE_KEY_PROD:
-        from_secret: web3telegram-dapp-owner-prod-privatekey
-      PRICE: '0'
-      VOLUME: '1000000000'
-    commands:
-      - cd deployment-dapp
-      - npm run publish-sell-order
-
-  - name: add resource to whitelist dev
-    image: node:18.12.1
-    environment:
-      WALLET_PRIVATE_KEY:
-        from_secret: deployer-dev-privatekey # dev whitelist smart contract deployer
-      CONTRACT_ADDRESS:
-        from_secret: web3telegram-whitelist-dev-address
-    commands:
-      - cd node_modules/whitelist-smart-contract
-      - export ADDRESS_TO_ADD=$(cat ../../deployment-dapp/.app-address) && npm run addResourceToWhitelist
-    when:
-      target:
-        - dapp-dev
-      branch:
-        - main
-
-  - name: add resource to whitelist prod
-    image: node:18.12.1
-    environment:
-      WALLET_PRIVATE_KEY:
-        from_secret: deployer-prod-privatekey
-      CONTRACT_ADDRESS:
-        from_secret: web3telegram-whitelist-prod-address
-    commands:
-      - cd node_modules/whitelist-smart-contract
-      - export ADDRESS_TO_ADD=$(cat ../../deployment-dapp/.app-address) && npm run addResourceToWhitelist
-    when:
-      target:
-        - dapp-prod
-      branch:
-        - main
-
-  - name: configure ENS
-    image: node:18.19
-    pull: always
-    environment:
-      DRONE_DEPLOY_TO: $DRONE_DEPLOY_TO
-      WALLET_PRIVATE_KEY_DEV:
-        from_secret: web3telegram-dapp-owner-dev-privatekey
-      WALLET_PRIVATE_KEY_PROD:
-        from_secret: web3telegram-dapp-owner-prod-privatekey
-    commands:
-      - cd deployment-dapp
-      - npm run configure-ens
-
 ---
 # pipeline to publish sell order
 kind: pipeline

.github/workflows/dapp-deploy.yml

@@ -10,25 +10,71 @@ on:
         options:
           - dapp-dev
           - dapp-prod
-      image-tag:
-        description: 'Tag for the dapp image to sconify'
-        required: true
-        type: string
-        default: 'latest'
       sconify-version:
         description: 'Version of the sconify image to use'
         type: string
-        default: '5.7.6-v15'
+        default: '5.9.0-v15'
 
 env:
   DEPLOY_ENVIRONMENT: ${{ inputs.environment }}
 
 jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    outputs:
+      image-name: ${{ steps.set-outputs.outputs.image-name }}
+      image-tag: ${{ steps.set-outputs.outputs.image-tag }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PAT }}
+
+      - name: Get dapp version
+        id: version
+        run: |
+          VERSION=$(node -p "require('./dapp/package.json').version")
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "dapp-version=$VERSION"
+
+      - name: Set image tag
+        id: image-tag
+        run: |
+          if [ "${{ inputs.environment }}" = "dapp-dev" ]; then
+            echo "image-tag=dev-${{ steps.version.outputs.version }}" >> $GITHUB_OUTPUT
+          else
+            echo "image-tag=${{ steps.version.outputs.version }}" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Build and push Docker image
+        id: build
+        uses: docker/build-push-action@v5
+        with:
+          context: ./dapp
+          push: true
+          tags: iexechub/web3telegram-dapp:${{ steps.image-tag.outputs.image-tag }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Set outputs
+        id: set-outputs
+        run: |
+          echo "image-name=iexechub/web3telegram-dapp" >> $GITHUB_OUTPUT
+          echo "image-tag=${{ steps.image-tag.outputs.image-tag }}" >> $GITHUB_OUTPUT
+
   sconify:
-    uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/[email protected]
+    needs: build-and-push
+    uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/[email protected]
     with:
-      image-name: product/web3telegram-dapp
-      image-tag: ${{ inputs.image-tag }}
+      image-name: ${{ needs.build-and-push.outputs.image-name }}
+      image-tag: ${{ needs.build-and-push.outputs.image-tag }}
       sconify-debug: false
       sconify-prod: true
       docker-registry: docker.io
@@ -43,12 +89,12 @@ jobs:
       heap: 1G
       dlopen: 1
       mprotect: 1
-      docker-username: ${{ vars.DOCKERHUB_USERNAME }}
-      scontain-username: ${{ secrets.SCONTAIN_REGISTRY_USERNAME }}
     secrets:
       docker-password: ${{ secrets.DOCKERHUB_PAT }}
       scontain-password: ${{ secrets.SCONTAIN_REGISTRY_PAT }}
       scone-signing-key: ${{ secrets.SCONIFY_SIGNING_PRIVATE_KEY }}
+      docker-username: ${{ secrets.DOCKERHUB_USERNAME }}
+      scontain-username: ${{ secrets.SCONTAIN_REGISTRY_USERNAME }}
 
   display-sconify-results:
     runs-on: ubuntu-latest
@@ -60,7 +106,7 @@ jobs:
           echo "" >> $GITHUB_STEP_SUMMARY
 
           echo "### Production Image" >> $GITHUB_STEP_SUMMARY
-          echo "- **Image**: ${{ needs.sconify.outputs.prod-image }}" >> $GITHUB_STEP_SUMMARY
+          echo "- **Image Tag**: ${{ needs.sconify.outputs.prod-image-tag }}" >> $GITHUB_STEP_SUMMARY
           echo "- **Checksum**: ${{ needs.sconify.outputs.prod-checksum }}" >> $GITHUB_STEP_SUMMARY
           echo "- **MrEnclave**: ${{ needs.sconify.outputs.prod-mrenclave }}" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
@@ -70,7 +116,7 @@ jobs:
 
   deploy-dapp:
     runs-on: ubuntu-latest
-    needs: sconify
+    needs: [build-and-push, sconify]
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -101,6 +147,7 @@ jobs:
           WALLET_PRIVATE_KEY_PROD: ${{ secrets.WEB3TELEGRAM_DAPP_OWNER_PROD_PRIVATEKEY }}
           DOCKER_IMAGE_CHECKSUM_DEV: ${{ needs.sconify.outputs.prod-checksum }}
           DOCKER_IMAGE_CHECKSUM_PROD: ${{ needs.sconify.outputs.prod-checksum }}
+          SCONIFIED_IMAGE_TAG: ${{ needs.sconify.outputs.prod-image-tag }}
         run: |
           cd deployment-dapp
           npm run deploy-dapp

.github/workflows/release.yml

@@ -12,5 +12,5 @@ name: release-please
 
 jobs:
   release-please:
-    uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/release-please.yml@release-please-v2.0.0
+    uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/release-please.yml@release-please-v2.1.0
     secrets: inherit