input-output-hk
diff --git a/‎.github/workflows/cardano-services.yaml‎
Lines changed: 63 additions & 0 deletions b/‎.github/workflows/cardano-services.yaml‎
Lines changed: 63 additions & 0 deletions
diff --git a/‎flake.lock‎
Lines changed: 32 additions & 15 deletions b/‎flake.lock‎
Lines changed: 32 additions & 15 deletions
diff --git a/‎flake.nix‎
Lines changed: 7 additions & 4 deletions b/‎flake.nix‎
Lines changed: 7 additions & 4 deletions
diff --git a/‎nix/cardano-services/deployments/asset.nix‎
Lines changed: 0 additions & 1 deletion b/‎nix/cardano-services/deployments/asset.nix‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎nix/cardano-services/deployments/backend-ingress.nix‎
Lines changed: 10 additions & 11 deletions b/‎nix/cardano-services/deployments/backend-ingress.nix‎
Lines changed: 10 additions & 11 deletions
diff --git a/‎nix/cardano-services/deployments/blockfrost-worker-deployment.nix‎
Lines changed: 5 additions & 22 deletions b/‎nix/cardano-services/deployments/blockfrost-worker-deployment.nix‎
Lines changed: 5 additions & 22 deletions
diff --git a/‎nix/cardano-services/deployments/chain-history.nix‎
Lines changed: 1 addition & 2 deletions b/‎nix/cardano-services/deployments/chain-history.nix‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎nix/cardano-services/deployments/ci.nix‎
Lines changed: 27 additions & 0 deletions b/‎nix/cardano-services/deployments/ci.nix‎
Lines changed: 27 additions & 0 deletions
@@ -0,0 +1,63 @@
+jobs:
+  deploy:
+    environment: ${{ inputs.environment }}
+    runs-on: ubuntu-latest
+    steps:
+    - name: 📥 Checkout repository
+      uses: actions/checkout@v3
+    - name: 🧰 Setup Nix
+      uses: nixbuild/nix-quick-install-action@v28
+    - uses: aws-actions/[email protected]
+      with:
+        aws-region: us-east-1
+        role-to-assume: ${{ contains(github.ref, "release/") && 'arn:aws:iam::926093910549:role/eks-admin'
+          || 'arn:aws:iam::926093910549:role/eks-devs' }}
+    - name: 🚀 Deploy
+      run: 'echo "yes" | nix run .#cardano-services.${{inputs.target}}.${{inputs.action}}
+
+        '
+name: cardano-services
+'on':
+  workflow_call:
+    inputs:
+      action:
+        required: true
+        type: string
+      target:
+        required: true
+        type: string
+  workflow_dispatch:
+    inputs:
+      action:
+        description: Action
+        options:
+        - apply
+        - destroy
+        - plan
+        required: true
+        type: choice
+      target:
+        description: Targets
+        options:
+        - dev-mainnet@us-east-1
+        - dev-preprod@us-east-1@v2
+        - dev-preview@us-east-1
+        - dev-sanchonet@us-east-1
+        - live-mainnet@eu-central-1@v2
+        - live-mainnet@us-east-2@v2
+        - live-preprod@eu-central-1@v2
+        - live-preprod@us-east-2@v2
+        - live-preview@eu-central-1@v2
+        - live-preview@us-east-2@v2
+        - live-sanchonet@eu-central-1
+        - live-sanchonet@us-east-2
+        - local-network@us-east-1@v1
+        - ops-preprod-1@us-east-1
+        - ops-preview-1@us-east-1
+        - staging-mainnet@eu-west-1@v2
+        - staging-preprod@us-east-1@v2
+        required: true
+        type: choice
+permissions:
+  contents: read
+  id-token: write
@@ -10,8 +10,11 @@
     n2c.url = "github:nlewo/nix2container";
     n2c.inputs.nixpkgs.follows = "nixpkgs";
 
-    nix-helm.url = "github:gytis-ivaskevicius/nix-helm";
-    nix-helm.inputs.nixpkgs.follows = "nixpkgs";
+    nix-toolbox.url = "github:DevPalace/nix-toolbox/";
+    #nix-toolbox.inputs.nixpkgs.follows = "nixpkgs";
+    nix-toolbox.inputs.flake-parts.follows = "flake-parts";
+    nix-toolbox.inputs.nix2container.follows = "";
+
 
     std = {
       url = "github:divnix/std";
@@ -35,7 +38,7 @@
   outputs = {
     std,
     self,
-    nix-helm,
+    nix-toolbox,
     devshell,
     ...
   } @ inputs:
@@ -72,7 +75,7 @@
         system,
         ...
       }: {
-        legacyPackages.cardano-services = import ./nix/cardano-services/deployments {inherit pkgs nix-helm inputs;};
+        legacyPackages.cardano-services = import ./nix/cardano-services/deployments {inherit pkgs nix-toolbox inputs;};
       };
     };
 }
@@ -3,7 +3,6 @@
   values,
   lib,
   utils,
-  chart,
   ...
 }: {
   providers.asset-provider = {
 
@@ -1,26 +1,25 @@
 {
   lib,
   values,
-  chart,
   config,
   utils,
   ...
 }: {
   templates.accelerator = lib.mkIf (values.useAccelerator && values.ingress.enabled) {
     apiVersion = "operator.h3poteto.dev/v1alpha1";
     kind = "EndpointGroupBinding";
-    metadata.name = "${chart.name}-main";
+    metadata.name = "${config.name}-main";
     spec = {
       endpointGroupArn = values.acceleratorArn;
-      ingressRef.name = "${chart.name}-backend";
+      ingressRef.name = "${config.name}-backend";
     };
   };
 
   templates.backend-ingress = lib.mkIf values.ingress.enabled {
     apiVersion = "networking.k8s.io/v1";
     kind = "Ingress";
     metadata = {
-      name = "${chart.name}-backend";
+      name = "${config.name}-backend";
       labels = utils.appLabels "backend";
       annotations =
         if values.useAccelerator
@@ -62,7 +61,7 @@
           # Use latency routing policy
           "external-dns.alpha.kubernetes.io/aws-region" = config.region;
           "external-dns.alpha.kubernetes.io/set-identifier" = values.backend.dnsId;
-          "alb.ingress.kubernetes.io/group.name" = chart.namespace;
+          "alb.ingress.kubernetes.io/group.name" = config.namespace;
           "alb.ingress.kubernetes.io/group.order" = toString values.cardano-services.ingresOrder;
         };
     };
@@ -77,7 +76,7 @@
                 pathType = "Prefix";
                 path = "/v${lib.last (lib.sort lib.versionOlder values.cardano-services.versions.handle)}/asset";
                 backend.service = {
-                  name = "${chart.name}-asset-provider";
+                  name = "${config.name}-asset-provider";
                   port.name = "http";
                 };
               }
@@ -87,7 +86,7 @@
                 pathType = "Prefix";
                 path = "/v${lib.last (lib.sort lib.versionOlder values.cardano-services.versions.handle)}/handle";
                 backend.service = {
-                  name = "${chart.name}-handle-provider";
+                  name = "${config.name}-handle-provider";
                   port.name = "http";
                 };
               }
@@ -97,7 +96,7 @@
                 pathType = "Prefix";
                 path = "/v${version}/chain-history";
                 backend.service = {
-                  name = "${chart.name}-chain-history-provider";
+                  name = "${config.name}-chain-history-provider";
                   port.name = "http";
                 };
               })
@@ -118,7 +117,7 @@
                   pathType = "Prefix";
                   path = it;
                   backend.service = {
-                    name = "${chart.name}-backend";
+                    name = "${config.name}-backend";
                     port.name = "http";
                   };
                 }
@@ -129,7 +128,7 @@
                 pathType = "Prefix";
                 path = "/v${lib.last (lib.sort lib.versionOlder values.cardano-services.versions.stakePool)}/stake-pool";
                 backend.service = {
-                  name = "${chart.name}-stake-pool-provider";
+                  name = "${config.name}-stake-pool-provider";
                   port.name = "http";
                 };
               }
@@ -139,7 +138,7 @@
                 pathType = "Exact";
                 path = "/ws";
                 backend.service = {
-                  name = "${chart.name}-ws-server";
+                  name = "${config.name}-ws-server";
                   port.name = "http";
                 };
               }
 
@@ -1,40 +1,28 @@
 {
   lib,
   values,
-  chart,
   utils,
   config,
   ...
 }: {
-  templates.blockfrost-worker-deployment = lib.mkIf values.blockfrost-worker.enabled {
-    apiVersion = "apps/v1";
-    kind = "Deployment";
+  resources.deployments.blockfrost-worker = lib.mkIf values.blockfrost-worker.enabled {
     metadata = {
-      name = "${chart.name}-blockfrost-worker";
+      name = "${config.name}-blockfrost-worker";
       labels = utils.appLabels "blockfrost-worker";
     };
     spec = {
       selector.matchLabels = utils.appLabels "blockfrost-worker";
       template = {
         metadata.labels = utils.appLabels "blockfrost-worker";
         spec = {
-          imagePullSecrets = [
-            {
-              name = "dockerconfigjson";
-            }
-          ];
+          imagePullSecrets.dockerconfigjson = {};
           containers = [
             {
               inherit (values.cardano-services) image;
               inherit (values.blockfrost-worker) resources;
               name = "blockfrost-worker";
               args = ["start-blockfrost-worker"];
-              ports = [
-                {
-                  containerPort = 3000;
-                  name = "http";
-                }
-              ];
+              ports.http.containerPort = 3000;
               livenessProbe = {
                 timeoutSeconds = 5;
                 httpGet = {
@@ -87,12 +75,7 @@
               ];
             }
           ];
-          volumes = [
-            {
-              name = "tls";
-              secret.secretName = "postgresql-server-cert";
-            }
-          ];
+          volumes.tls.secret.secretName = "postgresql-server-cert";
         };
       };
     };
 
@@ -1,9 +1,8 @@
 {
-  config,
   values,
   lib,
   utils,
-  chart,
+  config,
   ...
 }: {
   providers.chain-history-provider = {
 
@@ -0,0 +1,27 @@
+{
+  lib,
+  modules,
+  config,
+  ...
+}: {
+  imports = [
+    modules.githubAction
+  ];
+
+  ci.github = {
+    name = "cardano-services";
+    deploymentAttrPath = config.ci.github.name;
+    outputPath = "$PRJ_ROOT/.github/workflows/${config.ci.github.name}.yaml";
+    extraDefinitions.permissions = {
+      id-token = "write"; # This is required for AWS credentials action
+      contents = "read";
+    };
+    extraSteps = lib.singleton {
+      uses = "aws-actions/[email protected]";
+      "with" = {
+        role-to-assume = "\${{ contains(github.ref, \"release/\") && 'arn:aws:iam::926093910549:role/eks-admin' || 'arn:aws:iam::926093910549:role/eks-devs' }}";
+        aws-region = "us-east-1";
+      };
+    };
+  };
+}
-Original file line number
+Diff line change
   values,
   lib,
   utils,
 -  chart,
   ...
 }: {
   providers.asset-provider = {