This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Liquidator-Bot/Push/PR - Create and publish a Docker image & Deploy | |
on: | |
push: | |
branches: [main, development] | |
paths: | |
- '.github/workflows/deploy-bots.yaml' | |
- 'packages/bots/**' | |
- 'packages/monitors/**' | |
- 'docker/liquidator/**' | |
- 'docker/oracles-monitor/**' | |
- 'packages/sdk/**' | |
- 'packages/chains/**' | |
- 'ops/**' | |
pull_request: | |
branches: [main, development] | |
paths: | |
- '.github/workflows/deploy-bots.yaml' | |
- 'packages/bots/**' | |
- 'packages/monitors/**' | |
- 'docker/liquidator/**' | |
- 'docker/oracles-monitor/**' | |
- 'packages/sdk/**' | |
- 'packages/chains/**' | |
- 'ops/**' | |
env: | |
IMAGE_TAG: ${{ github.sha }} | |
UPTIME_LIQUIDATOR_API: ${{ secrets.UPTIME_LIQUIDATOR_API }} | |
UPTIME_PYTH_UPDATER_API: ${{ secrets.UPTIME_PYTH_UPDATER_API }} | |
jobs: | |
terraform-infra: | |
runs-on: ubuntu-latest | |
name: Deploy Infra to AWS | |
steps: | |
- name: Checkout | |
uses: actions/checkout@master | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- name: Terraform Plan | |
working-directory: ./ops | |
run: make infra-plan | |
- name: Terraform Deploy | |
working-directory: ./ops | |
run: make infra-deploy | |
lint-bots: | |
runs-on: ubuntu-latest | |
env: | |
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: 'yarn' | |
- name: Install `packages` | |
run: yarn install --immutable | |
env: | |
# Fixes issue: `ethereumjs-abi: The remote archive doesn't match the expected checksum` | |
YARN_CHECKSUM_BEHAVIOR: update | |
- name: Build `sdk` | |
run: yarn build:sdk | |
- name: Lint `liquidator` | |
run: yarn workspace @ionicprotocol/liquidator lint | |
#base bot | |
# - name: Lint `liquidator_base` | |
# run: yarn workspace @ionicprotocol/liquidator_base lint | |
- name: Lint `oracles-monitor` | |
run: yarn workspace @ionicprotocol/oracles-monitor lint | |
- name: Lint `pyth-updater` | |
run: yarn workspace @ionicprotocol/pyth-updater lint | |
build-and-push-liquidator-image: | |
needs: [terraform-infra] | |
runs-on: ubuntu-latest | |
env: | |
REGISTRY: 058264122535.dkr.ecr.us-east-1.amazonaws.com | |
REPOSITORY: ionic-liquidator | |
UPTIME_LIQUIDATOR_API: ${{ secrets.UPTIME_LIQUIDATOR_API }} | |
UPTIME_PYTH_UPDATER_API: ${{ secrets.UPTIME_PYTH_UPDATER_API }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: us-east-1 | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
- name: Login to Private ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
# Avoids rate limits error on pulling from public ECR | |
- name: Login to Public ECR | |
uses: docker/login-action@v2 | |
with: | |
registry: public.ecr.aws | |
username: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
- name: Log in to GH Container registry | |
uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build, tag, and push docker image to Amazon ECR Public | |
run: | | |
docker build --build-arg UPTIME_LIQUIDATOR_API=${{ secrets.UPTIME_LIQUIDATOR_API }} -f docker/liquidator/Dockerfile -t $REGISTRY/$REPOSITORY:$IMAGE_TAG -t ghcr.io/ionicprotocol/$REPOSITORY:$IMAGE_TAG . | |
docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG | |
docker push ghcr.io/ionicprotocol/$REPOSITORY:$IMAGE_TAG | |
build-and-push-liquidator-ecs-image: | |
needs: [terraform-infra] | |
runs-on: ubuntu-latest | |
env: | |
REGISTRY: 058264122535.dkr.ecr.us-east-1.amazonaws.com | |
REPOSITORY: liquidator-ecs | |
UPTIME_LIQUIDATOR_API: ${{ secrets.UPTIME_LIQUIDATOR_API }} | |
UPTIME_PYTH_UPDATER_API: ${{ secrets.UPTIME_PYTH_UPDATER_API }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: us-east-1 | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
- name: Login to Private ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
# Avoids rate limits error on pulling from public ECR | |
- name: Login to Public ECR | |
uses: docker/login-action@v2 | |
with: | |
registry: public.ecr.aws | |
username: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
- name: Log in to GH Container registry | |
uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build, tag, and push docker image to Amazon ECR Public | |
run: | | |
docker build --build-arg UPTIME_LIQUIDATOR_API=${{ secrets.UPTIME_LIQUIDATOR_API }} -f docker/liquidator-ecs/Dockerfile -t $REGISTRY/$REPOSITORY:$IMAGE_TAG -t ghcr.io/ionicprotocol/$REPOSITORY:$IMAGE_TAG . | |
docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG | |
docker push ghcr.io/ionicprotocol/$REPOSITORY:$IMAGE_TAG | |
build-and-push-oracles-monitor-image: | |
needs: [terraform-infra] | |
runs-on: ubuntu-latest | |
env: | |
REGISTRY: 058264122535.dkr.ecr.us-east-1.amazonaws.com | |
REPOSITORY: ionic-oracles-monitor | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: us-east-1 | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
- name: Login to Private ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
# Avoids rate limits error on pulling from public ECR. | |
- name: Login to Public ECR | |
uses: docker/login-action@v2 | |
with: | |
registry: public.ecr.aws | |
username: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
- name: Log in to GH Container registry | |
uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build, tag, and push docker image to Amazon ECR Public | |
run: | | |
docker build -f docker/oracles-monitor/Dockerfile -t $REGISTRY/$REPOSITORY:$IMAGE_TAG -t ghcr.io/ionicprotocol/$REPOSITORY:$IMAGE_TAG . | |
docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG | |
docker push ghcr.io/ionicprotocol/$REPOSITORY:$IMAGE_TAG | |
build-and-push-pyth-liquidator-image: | |
needs: [terraform-infra] | |
runs-on: ubuntu-latest | |
env: | |
REGISTRY: 058264122535.dkr.ecr.us-east-1.amazonaws.com | |
REPOSITORY: liquidator-pyth | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: us-east-1 | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
- name: Login to Private ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
# Avoids rate limits error on pulling from public ECR | |
- name: Login to Public ECR | |
uses: docker/login-action@v2 | |
with: | |
registry: public.ecr.aws | |
username: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
- name: Log in to GH Container registry | |
uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build, tag, and push docker image to Amazon ECR Public | |
run: | | |
docker build -f docker/pyth-liquidator/Dockerfile -t $REGISTRY/$REPOSITORY:$IMAGE_TAG -t ghcr.io/ionicprotocol/$REPOSITORY:$IMAGE_TAG . | |
docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG | |
docker push ghcr.io/ionicprotocol/$REPOSITORY:$IMAGE_TAG | |
build-and-push-pyth-updater-image: | |
needs: [terraform-infra] | |
runs-on: ubuntu-latest | |
env: | |
REGISTRY: 058264122535.dkr.ecr.us-east-1.amazonaws.com | |
REPOSITORY: ionic-pyth-updater | |
UPTIME_LIQUIDATOR_API: ${{ secrets.UPTIME_LIQUIDATOR_API }} | |
UPTIME_PYTH_UPDATER_API: ${{ secrets.UPTIME_PYTH_UPDATER_API }} | |
PYTH_UPDATER_ETHEREUM_ADMIN_ACCOUNT: '${{ secrets.PYTH_UPDATER_ETHEREUM_ADMIN_ACCOUNT }}' | |
PYTH_UPDATER_ETHEREUM_ADMIN_PRIVATE_KEY: '${{ secrets.PYTH_UPDATER_ETHEREUM_ADMIN_PRIVATE_KEY }}' | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: us-east-1 | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
- name: Login to Private ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
# Avoids rate limits error on pulling from public ECR | |
- name: Login to Public ECR | |
uses: docker/login-action@v2 | |
with: | |
registry: public.ecr.aws | |
username: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
- name: Log in to GH Container registry | |
uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build, tag, and push docker image to Amazon ECR Public | |
run: | | |
docker build --build-arg UPTIME_PYTH_UPDATER_API=${{ secrets.UPTIME_PYTH_UPDATER_API }} -f docker/pyth-updater/Dockerfile -t $REGISTRY/$REPOSITORY:$IMAGE_TAG -t ghcr.io/ionicprotocol/$REPOSITORY:$IMAGE_TAG . | |
docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG | |
docker push ghcr.io/ionicprotocol/$REPOSITORY:$IMAGE_TAG | |
smoke-tests: | |
runs-on: ubuntu-latest | |
needs: | |
[ | |
build-and-push-oracles-monitor-image, | |
build-and-push-pyth-updater-image, | |
build-and-push-pyth-liquidator-image, | |
build-and-push-liquidator-ecs-image, | |
build-and-push-liquidator-image, | |
# build-and-push-liquidator-base-image, | |
lint-bots, | |
] | |
env: | |
ETHEREUM_ADMIN_ACCOUNT: '${{ secrets.ETHEREUM_ADMIN_ACCOUNT }}' | |
ETHEREUM_ADMIN_PRIVATE_KEY: '${{ secrets.ETHEREUM_ADMIN_PRIVATE_KEY }}' | |
PYTH_UPDATER_ETHEREUM_ADMIN_ACCOUNT: '${{ secrets.PYTH_UPDATER_ETHEREUM_ADMIN_ACCOUNT }}' | |
PYTH_UPDATER_ETHEREUM_ADMIN_PRIVATE_KEY: '${{ secrets.PYTH_UPDATER_ETHEREUM_ADMIN_PRIVATE_KEY }}' | |
SUPABASE_KEY: ${{ secrets.SUPABASE_KEY }} | |
INFURA_API_KEY: ${{ secrets.INFURA_API_KEY }} | |
LIQUIDATION_DISCORD_WEBHOOK_URL: ${{ secrets.LIQUIDATION_DISCORD_WEBHOOK_URL }} | |
PER_DISCORD_WEBHOOK_URL: ${{ secrets.PER_DISCORD_WEBHOOK_URL }} | |
DISCORD_FAILURE_WEBHOOK_URL: ${{secrets.DISCORD_FAILURE_WEBHOOK_URL }} | |
DISCORD_SUCCESS_WEBHOOK_URL: ${{secrets.DISCORD_SUCCESS_WEBHOOK_URL }} | |
LIFIAPIKEY: ${{ secrets.LIFIAPIKEY }} | |
ORACLES_DISCORD_WEBHOOK_URL: ${{ secrets.ORACLES_DISCORD_WEBHOOK_URL }} | |
SENDGRID_API_KEY: ${{ secrets.SENDGRID_API_KEY }} | |
SENDGRID_EMAIL_TO: ${{ secrets.SENDGRID_EMAIL_TO}} | |
UPTIME_LIQUIDATOR_API: ${{ secrets.UPTIME_LIQUIDATOR_API }} | |
UPTIME_PYTH_UPDATER_API: ${{ secrets.UPTIME_PYTH_UPDATER_API }} | |
MODE_MAINNET_RPC_URLS: ${{ secrets.MODE_MAINNET_RPC_URLS }} | |
BASE_MAINNET_RPC_URLS: ${{ secrets.BASE_MAINNET_RPC_URLS }} | |
OPTIMISM_MAINNET_RPC_URLS: ${{ secrets.OPTIMISM_MAINNET_RPC_URLS }} | |
LISK_MAINNET_RPC_URLS: ${{ secrets.LISK_MAINNET_RPC_URLS }} | |
FRAXTAL_MAINNET_RPC_URLS: ${{ secrets.FRAXTAL_MAINNET_RPC_URLS }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: run smoke tests for liquidator bot | |
working-directory: ./ops | |
run: make liquidator-smoke-test | |
- name: run smoke tests for pyth-updater bot | |
working-directory: ./ops | |
run: make pyth-smoke-test | |
# - name: run smoke tests for feed verifier | |
# working-directory: ./ops | |
# run: make feed-verifier-smoke-test | |
# - name: run smoke tests for price verifier | |
# working-directory: ./ops | |
# run: make price-verifier-smoke-test | |
# - name: run smoke tests for price change verifier | |
# working-directory: ./ops | |
# run: make price-change-verifier-smoke-test | |
terraform-deploy-bots: | |
if: startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/development' | |
runs-on: ubuntu-latest | |
needs: [smoke-tests] | |
name: Deploy bots to ECS | |
env: | |
ETHEREUM_ADMIN_ACCOUNT: '${{ secrets.ETHEREUM_ADMIN_ACCOUNT }}' | |
ETHEREUM_ADMIN_PRIVATE_KEY: '${{ secrets.ETHEREUM_ADMIN_PRIVATE_KEY }}' | |
PYTH_UPDATER_ETHEREUM_ADMIN_ACCOUNT: '${{ secrets.PYTH_UPDATER_ETHEREUM_ADMIN_ACCOUNT }}' | |
PYTH_UPDATER_ETHEREUM_ADMIN_PRIVATE_KEY: '${{ secrets.PYTH_UPDATER_ETHEREUM_ADMIN_PRIVATE_KEY }}' | |
INFURA_API_KEY: ${{ secrets.INFURA_API_KEY }} | |
LIQUIDATION_DISCORD_WEBHOOK_URL: ${{ secrets.LIQUIDATION_DISCORD_WEBHOOK_URL }} | |
ORACLES_DISCORD_WEBHOOK_URL: ${{ secrets.ORACLES_DISCORD_WEBHOOK_URL }} | |
PER_DISCORD_WEBHOOK_URL: ${{ secrets.PER_DISCORD_WEBHOOK_URL }} | |
DISCORD_FAILURE_WEBHOOK_URL: ${{secrets.DISCORD_FAILURE_WEBHOOK_URL }} | |
DISCORD_SUCCESS_WEBHOOK_URL: ${{secrets.DISCORD_SUCCESS_WEBHOOK_URL }} | |
LIFIAPIKEY: ${{ secrets.LIFIAPIKEY }} | |
PYTH_UPDATER_DISCORD_WEBHOOK_URL: ${{ secrets.PYTH_UPDATER_DISCORD_WEBHOOK_URL }} | |
SUPABASE_KEY: ${{ secrets.SUPABASE_KEY }} | |
SENDGRID_API_KEY: ${{ secrets.SENDGRID_API_KEY }} | |
SENDGRID_EMAIL_TO: ${{ secrets.SENDGRID_EMAIL_TO}} | |
MODE_MAINNET_RPC_URLS: ${{ secrets.MODE_MAINNET_RPC_URLS }} | |
BASE_MAINNET_RPC_URLS: ${{ secrets.BASE_MAINNET_RPC_URLS }} | |
OPTIMISM_MAINNET_RPC_URLS: ${{ secrets.OPTIMISM_MAINNET_RPC_URLS }} | |
LISK_MAINNET_RPC_URLS: ${{ secrets.LISK_MAINNET_RPC_URLS }} | |
FRAXTAL_MAINNET_RPC_URLS: ${{ secrets.FRAXTAL_MAINNET_RPC_URLS }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@master | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- name: Terraform Plan | |
working-directory: ./ops | |
run: make prod-plan | |
- name: Terraform Deploy | |
working-directory: ./ops | |
run: make prod-deploy |