@@ -142,148 +142,5 @@ jobs:
142142 - name : Run E2E tests
143143 run : bash test-e2e.sh
144144
145- build-operator :
146- runs-on : ubuntu-latest
147- if : false # operator build removed — operator lives in bootnode/universe repo
148- permissions :
149- contents : read
150- packages : write
151- steps :
152- - run : echo "Operator build skipped"
153-
154- build-and-push :
155- runs-on : ubuntu-latest
156- needs : [e2e-test]
157- if : github.event_name == 'push' && github.ref == 'refs/heads/main'
158- permissions :
159- contents : read
160- packages : write
161-
162- steps :
163- - uses : actions/checkout@v4
164-
165- - name : Log in to Container Registry (hanzoai)
166- uses : docker/login-action@v3
167- with :
168- registry : ${{ env.REGISTRY }}
169- username : ${{ github.actor }}
170- password : ${{ secrets.GITHUB_TOKEN }}
171-
172- - name : Log in to Container Registry (bootnode org)
173- uses : docker/login-action@v3
174- with :
175- registry : ${{ env.REGISTRY }}
176- username : ${{ github.actor }}
177- password : ${{ secrets.BOOTNODE_GHCR_PAT }}
178-
179- - name : Set up Docker Buildx
180- uses : docker/setup-buildx-action@v3
181-
182- - name : Get short SHA
183- id : sha
184- run : echo "short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
185-
186- - name : Build and push API image
187- uses : docker/build-push-action@v5
188- with :
189- context : ./api
190- push : true
191- platforms : linux/amd64
192- provenance : false
193- sbom : false
194- tags : |
195- ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:api-latest
196- ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:api-${{ steps.sha.outputs.short }}
197- ${{ env.REGISTRY }}/${{ env.CANONICAL_IMAGE }}:api-latest
198- ${{ env.REGISTRY }}/${{ env.CANONICAL_IMAGE }}:api-${{ steps.sha.outputs.short }}
199- cache-from : type=gha,scope=api
200- cache-to : type=gha,mode=max,scope=api
201-
202- - name : Build and push Web image (universal, brand selected at runtime)
203- uses : docker/build-push-action@v5
204- with :
205- context : ./web
206- push : true
207- platforms : linux/amd64
208- provenance : false
209- sbom : false
210- tags : |
211- ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:web-latest
212- ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:web-${{ steps.sha.outputs.short }}
213- ${{ env.REGISTRY }}/${{ env.CANONICAL_IMAGE }}:web-latest
214- ${{ env.REGISTRY }}/${{ env.CANONICAL_IMAGE }}:web-${{ steps.sha.outputs.short }}
215- cache-from : type=gha,scope=web
216- cache-to : type=gha,mode=max,scope=web
217-
218- deploy :
219- runs-on : ubuntu-latest
220- needs : [build-and-push, build-operator]
221- if : github.event_name == 'push' && github.ref == 'refs/heads/main'
222- environment : production
223-
224- steps :
225- - uses : actions/checkout@v4
226-
227- - name : Fetch deploy credentials from KMS
228- id : kms
229- env :
230- KMS_CLIENT_ID : ${{ secrets.KMS_CLIENT_ID }}
231- KMS_CLIENT_SECRET : ${{ secrets.KMS_CLIENT_SECRET }}
232- HANZO_API_KEY : ${{ secrets.HANZO_API_KEY }}
233- KMS_ENDPOINT : ${{ vars.KMS_ENDPOINT || 'https://kms.hanzo.ai' }}
234- run : |
235- # Auth: Universal Auth (preferred) or legacy API key
236- if [ -n "${KMS_CLIENT_ID}" ] && [ -n "${KMS_CLIENT_SECRET}" ]; then
237- HANZO_API_KEY=$(curl -sf "${KMS_ENDPOINT}/api/v1/auth/universal-auth/login" \
238- -H "Content-Type: application/json" \
239- -d "{\"clientId\":\"${KMS_CLIENT_ID}\",\"clientSecret\":\"${KMS_CLIENT_SECRET}\"}" | jq -r '.accessToken')
240- fi
241- response=$(curl -sf "${KMS_ENDPOINT}/api/v3/secrets/raw?workspaceId=e1359bf4-31b4-4dfa-bb90-323e2c298ad8&secretPath=/deploy&environment=prod" \
242- -H "Authorization: Bearer ${HANZO_API_KEY}" 2>/dev/null || echo "")
243- if [ -n "$response" ]; then
244- token=$(echo "$response" | jq -r '.secrets[] | select(.secretKey=="DO_API_TOKEN") | .secretValue // empty')
245- fi
246- if [ -z "${token:-}" ]; then
247- echo "::error::Deploy credentials not found. Set HANZO_API_KEY with KMS access."
248- exit 1
249- fi
250- echo "::add-mask::${token}"
251- echo "token=${token}" >> "$GITHUB_OUTPUT"
252-
253- - name : Install doctl
254- uses : digitalocean/action-doctl@v2
255- with :
256- token : ${{ steps.kms.outputs.token }}
257-
258- - name : Save DigitalOcean kubeconfig (bootnode-k8s)
259- run : doctl kubernetes cluster kubeconfig save ${{ secrets.K8S_CLUSTER_NAME }}
260-
261- - name : Deploy bootnode services
262- run : |
263- kubectl apply -f infra/k8s/namespace.yaml
264- kubectl apply -f infra/k8s/api-deployment.yaml
265- kubectl apply -f infra/k8s/web-deployments.yaml
266- kubectl apply -f infra/k8s/ingress.yaml
267-
268- # Restart API
269- kubectl rollout restart deployment/bootnode-api -n bootnode
270- kubectl rollout status deployment/bootnode-api -n bootnode --timeout=300s
271-
272- # Restart all cloud web deployments (white-label portals)
273- for deploy in $(kubectl get deployments -n bootnode -o name | grep -E 'cloud-web|web3'); do
274- kubectl rollout restart $deploy -n bootnode
275- kubectl rollout status $deploy -n bootnode --timeout=300s
276- done
277-
278- - name : Save DigitalOcean kubeconfig (lux-k8s)
279- run : doctl kubernetes cluster kubeconfig save ${{ secrets.LUX_K8S_CLUSTER_NAME }}
280-
281- - name : Deploy operator to lux-k8s
282- run : |
283- # Apply CRDs and RBAC
284- kubectl apply -f infra/k8s/lux/crds.yaml
285- kubectl apply -f infra/k8s/lux/rbac.yaml
286-
287- # Deploy operator
288- kubectl apply -f infra/k8s/lux/operator-deployment.yaml
289- kubectl rollout status deployment/bootnode-operator -n bootnode-system --timeout=120s
145+ # Build, push, and deploy are handled by docker-release.yml
146+ # which triggers on CI completion via workflow_run
0 commit comments