Skip to content

docs: remove [TOC] from README #4579

docs: remove [TOC] from README

docs: remove [TOC] from README #4579

Workflow file for this run

name: Dashboard CI/CD
on:
push:
paths-ignore:
- 'apps/console/**'
- 'deploy/helm/console/**'
- ".github/workflows/console-ci.yaml"
- 'apps/sandbox/**'
- 'deploy/helm/sandbox/**'
- ".github/workflows/sandbox-ci.yaml"
branches:
- main
pull_request:
paths-ignore:
- 'apps/console/**'
- 'deploy/helm/console/**'
- ".github/workflows/console-ci.yaml"
- 'apps/sandbox/**'
- 'deploy/helm/sandbox/**'
- ".github/workflows/sandbox-ci.yaml"
branches:
- main
release:
types:
- prereleased
- released
workflow_dispatch:
inputs:
ENVIRONMENT_NAME:
description: 'Environment Name'
required: true
default: enkinet
type: choice
options:
- enkinet
- hammunet
- gilganet
- mardunet
- dumunet
env:
active_network: 'stokenet'
prerelease_network: 'stokenet'
release_network: 'mainnet'
jenkins_job_name: 'kubernetes-deployments/job/dapps-dashboard'
helm_dir: 'deploy/helm/dashboard'
dev_eks_cluster: 'rdx-works-main-dev'
prod_eks_cluster: 'rtlj-prod'
permissions:
id-token: write
pull-requests: write
contents: read
deployments: write
packages: write
jobs:
trigger:
name: Check trigger
if: >
( github.event.action == 'prereleased' && contains( github.event.release.tag_name, 'dashboard') ) ||
( github.event.action == 'released' && contains( github.event.release.tag_name, 'dashboard') ) ||
( github.event_name == 'workflow_dispatch' ) ||
( github.ref == 'refs/heads/main' && github.event_name == 'push' ) ||
( github.event_name == 'pull_request' )
runs-on: ubuntu-latest
steps:
- name: Dump context
uses: RDXWorks-actions/ghaction-dump-context@master
- name: Info
run: |
echo "This is triggered by ${{ github.event_name }}." >> $GITHUB_STEP_SUMMARY
echo "Github action is ${{ github.event.action }}." >> $GITHUB_STEP_SUMMARY
build:
runs-on: selfhosted-ubuntu-22.04
needs:
- trigger
steps:
- uses: RDXWorks-actions/checkout@main
with:
fetch-depth: 0
- name: Dump context
uses: RDXWorks-actions/ghaction-dump-context@master
- uses: ./.github/actions/build
with:
active_network_name: ${{ env.active_network }}
release_network_name: ${{ env.release_network }}
- name: Turbo Worfkflow
run: npx turbo run db:generate lint prettier coverage svelte:check --filter=dashboard
- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
with:
role_name: 'arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-dapps-monorepo-secrets-read-access'
app_name: 'dashboard'
step_name: 'build'
secret_prefix: 'GH'
secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/radixdlt/dapps-monorepo/dashboard/sonar-token-uQM7l6'
parse_json: true
- name: SonarCloud Scan
uses: RDXWorks-actions/sonarcloud-github-action@master
with:
projectBaseDir: ./apps/dashboard
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ env.GH_SONAR_TOKEN }}
setup-tags:
runs-on: ubuntu-latest
needs:
- trigger
steps:
- uses: RDXWorks-actions/checkout@main
with:
fetch-depth: 0
- name: Docker tags for dashboard
id: dashboard-tags
uses: RDXWorks-actions/metadata-action@master
with:
images: |
docker.io/radixdlt/dapps-dashboard
tags: |
type=sha,event=pr
type=sha,event=branch
type=semver,pattern={{version}}
- name: Docker tags for storybook
id: storybook-tags
uses: RDXWorks-actions/metadata-action@master
with:
images: |
docker.io/radixdlt/dapps-dashboard-storybook
tags: |
type=sha,event=pr
type=sha,event=branch
type=semver,pattern={{version}}
- name: Define network name
run: |
if [ "${{ github.event_name}}" = 'workflow_dispatch' ]; then
echo "NETWORK_NAME="${{ github.event.inputs.ENVIRONMENT_NAME }}"" >> $GITHUB_ENV
elif [ "${{ github.event.action }}" = "released" ]; then
echo "NETWORK_NAME=${{ env.release_network }}" >> $GITHUB_ENV
elif [ "${{ github.event.action }}" = "prereleased" ]; then
echo "NETWORK_NAME=${{ env.prerelease_network }}" >> $GITHUB_ENV
elif [ "${{ github.ref }}" = "refs/heads/main" -a "${{ github.event_name }}" = 'push' ] || [ "${{ github.event_name }}" = "pull_request" ]; then
echo "NETWORK_NAME=${{ env.active_network }}" >> $GITHUB_ENV
fi
- id: network
run: |
echo "network-name=${{ env.NETWORK_NAME }}" >> $GITHUB_OUTPUT
- id: tag-with-network
run: |
echo "tag-with-network=${{github.sha}}-${{ env.NETWORK_NAME }}" >> $GITHUB_OUTPUT
- run: |
echo "$GITHUB_OUTPUT"
outputs:
dashboard-tags: ${{ steps.dashboard-tags.outputs.tags }}
dashboard-labels: ${{ steps.dashboard-tags.outputs.labels }}
dashboard-json: ${{ steps.dashboard-tags.outputs.json }}
storybook-tags: ${{ steps.storybook-tags.outputs.tags }}
storybook-labels: ${{ steps.storybook-tags.outputs.labels }}
storybook-json: ${{ steps.storybook-tags.outputs.json }}
tag-with-network: ${{steps.tag-with-network.outputs.tag-with-network}}
network-name: ${{steps.network.outputs.network-name}}
phylum_analyze:
if: ${{ github.event.pull_request }}
uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/phylum-analyze.yml@main
secrets:
phylum_api_key: ${{ secrets.PHYLUM_API_KEY }}
with:
phylum_pr_number: ${{ github.event.number }}
phylum_pr_name: ${{ github.head_ref }}
phylum_group_name: dApp-engineering
phylum_project_id: 70969afc-325a-413c-8001-2092940e0d7d
github_repository: ${{ github.repository }}
add_report_comment_to_pull_request: true
snyk-scan-deps-licences:
runs-on: ubuntu-latest
needs:
- trigger
steps:
- uses: RDXWorks-actions/checkout@main
- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
with:
role_name: 'arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-common-secrets-read-access'
app_name: 'dashboard'
step_name: 'snyk-scan-deps-licences'
secret_prefix: 'SNYK'
secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/common/snyk-credentials-rXRpuX'
parse_json: true
- name: Run Snyk to check for deps vulnerabilities
uses: RDXWorks-actions/snyk-actions/node@master
continue-on-error: true
with:
args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --severity-threshold=critical
snyk-scan-code:
runs-on: ubuntu-latest
needs:
- trigger
steps:
- uses: RDXWorks-actions/checkout@main
- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
with:
role_name: 'arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-common-secrets-read-access'
app_name: 'dashboard'
step_name: 'snyk-scan-code'
secret_prefix: 'SNYK'
secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/common/snyk-credentials-rXRpuX'
parse_json: true
- name: Run Snyk to check for code vulnerabilities
uses: RDXWorks-actions/snyk-actions/node@master
continue-on-error: true # temporary until code fix
with:
args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --severity-threshold=high
command: code test
snyk-sbom:
runs-on: ubuntu-latest
needs:
- snyk-scan-deps-licences
- snyk-scan-code
permissions: write-all
steps:
- uses: RDXWorks-actions/checkout@main
- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
with:
role_name: 'arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-common-secrets-read-access'
app_name: 'dashboard'
step_name: 'snyk-sbom'
secret_prefix: 'SNYK'
secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/common/snyk-credentials-rXRpuX'
parse_json: true
- name: Generate SBOM # check SBOM can be generated but nothing is done with it
uses: RDXWorks-actions/snyk-actions/node@master
with:
args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --format=cyclonedx1.4+json --json-file-output sbom.json
command: sbom
- name: Upload SBOM
if: github.event_name == 'release'
uses: RDXWorks-actions/upload-release-assets@c94805dc72e4b20745f543da0f62eaee7722df7a
with:
files: sbom.json
repo-token: ${{ secrets.GITHUB_TOKEN }}
release-tag: ${{ github.event.release.tag_name }}
snyk-monitor:
runs-on: ubuntu-latest
if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop')
needs:
- setup-tags
- push-dashboard
- push-storybook
steps:
- uses: RDXWorks-actions/checkout@main
- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
with:
role_name: 'arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-common-secrets-read-access'
app_name: 'dashboard'
step_name: 'snyk-monitor'
secret_prefix: 'SNYK'
secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/common/snyk-credentials-rXRpuX'
parse_json: true
- name: Enable Snyk online monitoring to check for vulnerabilities
uses: RDXWorks-actions/snyk-actions/node@master
with:
args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --target-reference=${{ github.ref_name }}
command: monitor
snyk-container-monitor:
runs-on: ubuntu-latest
if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop')
needs:
- setup-tags
- push-dashboard
- push-storybook
steps:
- uses: radixdlt/public-iac-resuable-artifacts/snyk-container-monitor@main
with:
role_name: 'arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-common-secrets-read-access'
app_name: 'dashboard'
dockerhub_secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/common/dockerhub-credentials'
snyk_secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/common/snyk-credentials-rXRpuX'
snyk_org_id: ${{ secrets.SNYK_ORG_ID }}
image: docker.io/radixdlt/dapps-dashboard:${{ needs.setup-tags.outputs.tag-with-network }}
target_ref: ${{ github.ref_name }}
push-dashboard:
name: (PRIVATE) Dashboard docker AMD
needs:
- setup-tags
- snyk-scan-deps-licences
- snyk-scan-code
uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main
with:
runs_on: selfhosted-ubuntu-22.04
image_registry: 'docker.io'
image_organization: 'radixdlt'
target: 'dashboard'
image_name: 'dapps-dashboard'
tag: ${{ needs.setup-tags.outputs.tag-with-network }}
context: './'
dockerfile: './Dockerfile'
platforms: 'linux/amd64'
scan_image: false
with_sbom: false
provenance: false
snyk_target_ref: ${{ github.ref_name }}
build-args: |
NETWORK_NAME=${{ needs.setup-tags.outputs.network-name }}
NPM_LOCAL_CACHE=.cache/
push-storybook:
name: (PRIVATE) Dashboard docker AMD
needs:
- setup-tags
- snyk-scan-deps-licences
- snyk-scan-code
uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main
with:
runs_on: selfhosted-ubuntu-22.04
image_registry: 'docker.io'
image_organization: 'radixdlt'
target: 'storybook'
image_name: 'dapps-dashboard-storybook'
tag: ${{ needs.setup-tags.outputs.tag-with-network }}
context: './'
dockerfile: './Dockerfile'
platforms: 'linux/amd64'
scan_image: true
provenance: false
snyk_target_ref: ${{ github.ref_name }}
with_sbom: false
build-args: |
NETWORK_NAME=${{ needs.setup-tags.outputs.network-name }}
NPM_LOCAL_CACHE=.cache/
deploy_pull_request:
if: ${{ github.event.pull_request }}
name: Deploy PR
needs:
- push-dashboard
- push-storybook
- setup-tags
uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main
with:
jenkins_job_name: "kubernetes-deployments/job/dapps-dashboard"
github_branch: "${{ github.head_ref }}"
application_name: "dashboard"
hierarchical_namespace: "dashboard-ci-pr"
create_subnamespace: "true"
kubernetes_namespace: "dashboard-pr-${{ github.event.number }}"
aws_eks_cluster: "rdx-works-main-dev"
aws_iam_role_name: "jenkins-dashboard-pr-deployer"
helm_dir: "deploy/helm/dashboard"
helmfile_environment: "pr"
helmfile_extra_vars: "ci.tag=${{ needs.setup-tags.outputs.tag-with-network }},ci.prNumber=${{ github.event.number }}"
secrets:
aws_deployment_account_id: ${{ secrets.AWS_DEV_ACCOUNT_ID }}
secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }}
deploy_dev:
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
name: Deploy DEV
needs:
- push-dashboard
- push-storybook
- setup-tags
uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main
with:
github_environment: "dashboard-dev"
github_branch: "${{ github.ref }}"
jenkins_job_name: "kubernetes-deployments/job/dapps-dashboard"
application_name: "dashboard"
kubernetes_namespace: "dashboard-dev"
aws_eks_cluster: "rdx-works-main-dev"
aws_iam_role_name: "jenkins-dashboard-dev-deployer"
helm_dir: "deploy/helm/dashboard"
helmfile_environment: "dev"
helmfile_extra_vars: "ci.tag=${{ needs.setup-tags.outputs.tag-with-network }}"
secrets:
aws_deployment_account_id: ${{ secrets.AWS_DEV_ACCOUNT_ID }}
secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }}
deploy_dumunet:
if: >
( github.event.inputs.ENVIRONMENT_NAME == 'dumunet' && github.event_name == 'workflow_dispatch' )
name: Deploy DUMUNET
needs:
- push-dashboard
- push-storybook
- setup-tags
uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main
with:
github_environment: "dashboard-dumunet"
github_branch: "${{ github.ref }}"
jenkins_job_name: "kubernetes-deployments/job/dapps-dashboard"
application_name: "dashboard"
kubernetes_namespace: "dashboard-dumunet"
aws_eks_cluster: "rdx-works-main-dev"
aws_iam_role_name: "jenkins-dashboard-dev-deployer"
helm_dir: "deploy/helm/dashboard"
helmfile_environment: "dumunet"
helmfile_extra_vars: "ci.tag=${{ needs.setup-tags.outputs.tag-with-network }}"
secrets:
aws_deployment_account_id: ${{ secrets.AWS_DEV_ACCOUNT_ID }}
secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }}
deploy_enkinet:
if: >
( github.event.inputs.ENVIRONMENT_NAME == 'enkinet' && github.event_name == 'workflow_dispatch' )
name: Deploy ENKINET
needs:
- push-dashboard
- push-storybook
- setup-tags
uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main
with:
github_environment: "dashboard-enkinet"
github_branch: "${{ github.ref }}"
jenkins_job_name: "kubernetes-deployments/job/dapps-dashboard"
application_name: "dashboard"
kubernetes_namespace: "dashboard-enkinet"
aws_eks_cluster: "rdx-works-main-dev"
aws_iam_role_name: "jenkins-dashboard-dev-deployer"
helm_dir: "deploy/helm/dashboard"
helmfile_environment: "enkinet"
helmfile_extra_vars: "ci.tag=${{ needs.setup-tags.outputs.tag-with-network }}"
secrets:
aws_deployment_account_id: ${{ secrets.AWS_DEV_ACCOUNT_ID }}
secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }}
deploy_hammunet:
if: >
( github.event.inputs.ENVIRONMENT_NAME == 'hammunet' && github.event_name == 'workflow_dispatch' )
name: Deploy HAMMUNET
needs:
- push-dashboard
- push-storybook
- setup-tags
uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main
with:
github_environment: "dashboard-hammunet"
github_branch: "${{ github.ref }}"
jenkins_job_name: "kubernetes-deployments/job/dapps-dashboard"
application_name: "dashboard"
kubernetes_namespace: "dashboard-hammunet"
aws_eks_cluster: "rdx-works-main-dev"
aws_iam_role_name: "jenkins-dashboard-dev-deployer"
helm_dir: "deploy/helm/dashboard"
helmfile_environment: "hammunet"
helmfile_extra_vars: "ci.tag=${{ needs.setup-tags.outputs.tag-with-network }}"
secrets:
aws_deployment_account_id: ${{ secrets.AWS_DEV_ACCOUNT_ID }}
secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }}
deploy_mardunet:
if: >
( github.event.inputs.ENVIRONMENT_NAME == 'mardunet' && github.event_name == 'workflow_dispatch' )
name: Deploy MARDUNET
needs:
- push-dashboard
- push-storybook
- setup-tags
uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main
with:
github_environment: "dashboard-mardunet"
github_branch: "${{ github.ref }}"
jenkins_job_name: "kubernetes-deployments/job/dapps-dashboard"
application_name: "dashboard"
kubernetes_namespace: "dashboard-mardunet"
aws_eks_cluster: "rdx-works-main-dev"
aws_iam_role_name: "jenkins-dashboard-dev-deployer"
helm_dir: "deploy/helm/dashboard"
helmfile_environment: "mardunet"
helmfile_extra_vars: "ci.tag=${{ needs.setup-tags.outputs.tag-with-network }}"
secrets:
aws_deployment_account_id: ${{ secrets.AWS_DEV_ACCOUNT_ID }}
secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }}
deploy_stokenet:
if: github.event_name == 'release' && github.event.action == 'prereleased'
name: Deploy STOKENET
needs:
- push-dashboard
- push-storybook
- setup-tags
uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main
with:
github_environment: "dashboard-stokenet"
github_branch: "${{ github.ref }}"
jenkins_job_name: "kubernetes-deployments/job/dapps-dashboard"
application_name: "dashboard"
kubernetes_namespace: "dashboard-stokenet"
aws_eks_cluster: "rtlj-prod"
aws_iam_role_name: "jenkins-dashboard-stokenet-deployer"
helm_dir: "deploy/helm/dashboard"
helmfile_environment: "stokenet"
helmfile_extra_vars: "ci.tag=${{ needs.setup-tags.outputs.tag-with-network }}"
secrets:
aws_deployment_account_id: ${{ secrets.AWS_PROD_ACCOUNT_ID }}
secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }}
deploy_mainnet:
if: github.event_name == 'release' && github.event.action == 'released'
name: Deploy MAINNET
needs:
- push-dashboard
- push-storybook
- setup-tags
uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main
with:
github_environment: "dashboard-mainnet"
github_branch: "${{ github.ref }}"
jenkins_job_name: "kubernetes-deployments/job/dapps-dashboard"
application_name: "dashboard"
kubernetes_namespace: "dashboard-mainnet"
aws_eks_cluster: "rtlj-prod"
aws_iam_role_name: "jenkins-dashboard-mainnet-deployer"
helm_dir: "deploy/helm/dashboard"
helmfile_environment: "mainnet"
helmfile_extra_vars: "ci.tag=${{ needs.setup-tags.outputs.tag-with-network }}"
secrets:
aws_deployment_account_id: ${{ secrets.AWS_PROD_ACCOUNT_ID }}
secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }}
# storybook-tests:
# runs-on: selfhosted-ubuntu-22.04
# permissions:
# id-token: write
# pull-requests: read
# contents: read
# if: ( github.ref == 'refs/heads/main' && github.event_name == 'push' ) || github.event.pull_request
# needs:
# - push-dashboard
# - push-storybook
# steps:
# - uses: RDXWorks-actions/checkout@main
# with:
# fetch-depth: 0
# - name: Use Node.js
# uses: RDXWorks-actions/setup-node@main
# with:
# always-auth: true
# node-version: 20.3.0
# cache: yarn
# - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
# with:
# role_name: "arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-dapps-monorepo-secrets-read-access"
# app_name: "dashboard"
# step_name: "unit-tests"
# secret_prefix: "GH"
# secret_name: "arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/radixdlt/dapps-monorepo/npm-token-gt8FBI"
# parse_json: true
# - uses: ./.github/actions/build
# with:
# npm_token: ${{ env.GH_NPM_TOKEN }}
# - name: Integration tests (PR)
# if: github.event.pull_request
# run: |
# # Due to a limitation on Github Action we cannot depend on jobs that might be skipped, because this
# # job will also be skipped.
# #
# echo "Waiting for the Kubernetes deployments to complete"
# sleep 90
# echo "Running storybook tests against PR environment"
# export TARGET_URL="https://dashboard-storybook-pr-${{ github.event.number }}.rdx-works-main.extratools.works"
# yarn test:storybook
# - name: Integration tests (Hammunet)
# if: github.ref == 'refs/heads/main' && github.event_name == 'push'
# run: |
# # Due to a limitation on Github Action we cannot depend on jobs that might be skipped, because this
# # job will also be skipped.
# #
# echo "Waiting for the Kubernetes deployments to complete"
# sleep 90
# echo "Running storybook tests against hammunet"
# export TARGET_URL="https://hammunet-dashboard-storybook.rdx-works-main.extratools.works"
# yarn test:storybook