-
Notifications
You must be signed in to change notification settings - Fork 0
93 lines (87 loc) · 3.99 KB
/
deploy.yml
File metadata and controls
93 lines (87 loc) · 3.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# storoku:ignore
name: Deploy
on:
push:
branches:
- main
pull_request:
branches: [main]
workflow_run:
workflows: [Releaser]
types: [completed]
branches: [main]
workflow_dispatch:
inputs:
environment:
type: choice
description: Environment
options:
- warm-staging
- forge-production
- forge-test
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
jobs:
# apply staging on pushes to main, plan otherwise
warm-staging:
uses: ./.github/workflows/terraform.yml
with:
env: warm-staging
workspace: warm-staging
network: warm
did: did:web:staging.etracker.warm.storacha.network
client-egress-usd-per-tib: ${{ vars.WARM_STAGING_CLIENT_EGRESS_USD_PER_TIB }}
provider-egress-usd-per-tib: ${{ vars.WARM_STAGING_PROVIDER_EGRESS_USD_PER_TIB }}
apply: ${{ github.event_name != 'pull_request' }}
secrets:
aws-account-id: ${{ secrets.WARM_STAGING_AWS_ACCOUNT_ID }}
aws-region: ${{ secrets.WARM_STAGING_AWS_REGION }}
region: ${{ secrets.WARM_STAGING_AWS_REGION }}
private-key: ${{ secrets.WARM_STAGING_PRIVATE_KEY }}
metrics-auth-token: ${{ secrets.WARM_STAGING_METRICS_AUTH_TOKEN }}
admin-dashboard-user: ${{ secrets.WARM_STAGING_ADMIN_DASHBOARD_USER }}
admin-dashboard-password: ${{ secrets.WARM_STAGING_ADMIN_DASHBOARD_PASSWORD }}
cloudflare-zone-id: ${{ secrets.WARM_STAGING_CLOUDFLARE_ZONE_ID }}
cloudflare-api-token: ${{ secrets.WARM_STAGING_CLOUDFLARE_API_TOKEN }}
# apply prod and test on successful release, plan otherwise
forge-production:
uses: ./.github/workflows/terraform.yml
with:
env: forge-production
workspace: forge-prod
network: forge
did: did:web:etracker.forge.storacha.network
client-egress-usd-per-tib: ${{ vars.FORGE_PROD_CLIENT_EGRESS_USD_PER_TIB }}
provider-egress-usd-per-tib: ${{ vars.FORGE_PROD_PROVIDER_EGRESS_USD_PER_TIB }}
apply: ${{ (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success') || (github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'forge-production') }}
secrets:
aws-account-id: ${{ secrets.FORGE_PROD_AWS_ACCOUNT_ID }}
aws-region: ${{ secrets.FORGE_PROD_AWS_REGION }}
region: ${{ secrets.FORGE_PROD_AWS_REGION }}
private-key: ${{ secrets.FORGE_PROD_PRIVATE_KEY }}
metrics-auth-token: ${{ secrets.FORGE_PROD_METRICS_AUTH_TOKEN }}
admin-dashboard-user: ${{ secrets.FORGE_PROD_ADMIN_DASHBOARD_USER }}
admin-dashboard-password: ${{ secrets.FORGE_PROD_ADMIN_DASHBOARD_PASSWORD }}
cloudflare-zone-id: ${{ secrets.FORGE_PROD_CLOUDFLARE_ZONE_ID }}
cloudflare-api-token: ${{ secrets.FORGE_PROD_CLOUDFLARE_API_TOKEN }}
forge-test:
uses: ./.github/workflows/terraform.yml
with:
env: forge-test
workspace: forge-test
network: test
did: did:web:etracker.test.storacha.network
client-egress-usd-per-tib: ${{ vars.FORGE_TEST_CLIENT_EGRESS_USD_PER_TIB }}
provider-egress-usd-per-tib: ${{ vars.FORGE_TEST_PROVIDER_EGRESS_USD_PER_TIB }}
apply: ${{ (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success') || (github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'forge-test') }}
secrets:
aws-account-id: ${{ secrets.FORGE_TEST_AWS_ACCOUNT_ID }}
aws-region: ${{ secrets.FORGE_TEST_AWS_REGION }}
region: ${{ secrets.FORGE_TEST_AWS_REGION }}
private-key: ${{ secrets.FORGE_TEST_PRIVATE_KEY }}
metrics-auth-token: ${{ secrets.FORGE_TEST_METRICS_AUTH_TOKEN }}
admin-dashboard-user: ${{ secrets.FORGE_TEST_ADMIN_DASHBOARD_USER }}
admin-dashboard-password: ${{ secrets.FORGE_TEST_ADMIN_DASHBOARD_PASSWORD }}
cloudflare-zone-id: ${{ secrets.FORGE_TEST_CLOUDFLARE_ZONE_ID }}
cloudflare-api-token: ${{ secrets.FORGE_TEST_CLOUDFLARE_API_TOKEN }}