ci: workflow for standalone pd #3709
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cratelyn
added
the
A-node
conorsch
force-pushed
the
3336-standalone-node
branch
from
5d49429 to
7302f90
Compare
We want to exercise the pd https logic, but we can't naively run it from scratch on every deploy, because that'd be far too many API requests to reissue certs from ACME. Instead, let's preserve the ACME directory before wiping state, and reuse it before bouncing the service. This setup requires always-on boxes provisioned out of band. So far, this adds the base logic via a workflow. In order to get it running, I'll need to iterate on the workflow, but workflows must land on main prior to being available for ad-hoc execution. Refs #3336.
conorsch
force-pushed
the
3336-standalone-node
branch
from
7302f90 to
fc70ab3
Compare
I'm going to get this in as a necessary-but-not-sufficient base for further iteration. |
conorsch
added a commit
that referenced
this pull request
Mar 18, 2024
These changes build on #3709, specifically: * consuming ssh privkey & hostkey material from GHA secrets * creates a dedicated workflow So far this only targets preview. Will run the job ad-hoc a few times and make changes as necessary before porting to testnet env and hooking up to the automatically-triggered release workflows. Refs #3336.
conorsch
added a commit
that referenced
this pull request
Mar 18, 2024
These changes build on #3709, specifically: * consuming ssh privkey & hostkey material from GHA secrets * creates a dedicated workflow So far this only targets preview. Will run the job ad-hoc a few times and make changes as necessary before porting to testnet env and hooking up to the automatically-triggered release workflows. Refs #3336.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We want to exercise the pd https logic, but we can't naively run it from scratch on every deploy, because that'd be far too many API requests to reissue certs from ACME. Instead, let's preserve the ACME directory before wiping state, and reuse it before bouncing the service.
This setup requires always-on bxoes provisioned out of band. So far, this adds the base logic via a workflow. In order to get it running, I'll need to iterate on the workflow, but workflows must land on main prior to being available for ad-hoc execution.
Refs #3336.