Skip to content

infra: configure forge-test environment #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
volmedo merged 6 commits into from
Mar 13, 2026
Merged

infra: configure forge-test environment #44

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
9056ddf
use custom storoku v0.5.1_co cost-optimization version
volmedo Feb 9, 2026
591d25d
add test network
volmedo Feb 9, 2026
5b45bfc
add references to test network services
volmedo Feb 9, 2026
c790850
forge-test upload-service has been deployed as w3infra
volmedo Feb 10, 2026
9f6bd24
latest storoku
volmedo Mar 12, 2026
a1f3c29
deploy to forge-test on releases
volmedo Mar 12, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 23 additions & 1 deletion .github/workflows/deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ on:
options:
- warm-staging
- forge-production
- forge-test

permissions:
id-token: write # This is required for requesting the JWT
Expand Down Expand Up @@ -48,7 +49,7 @@ jobs:
cloudflare-zone-id: ${{ secrets.WARM_STAGING_CLOUDFLARE_ZONE_ID }}
cloudflare-api-token: ${{ secrets.WARM_STAGING_CLOUDFLARE_API_TOKEN }}

# apply prod on successful release, plan otherwise
# apply prod and test on successful release, plan otherwise
forge-production:
uses: ./.github/workflows/terraform.yml
with:
Expand All @@ -69,3 +70,24 @@ jobs:
admin-dashboard-password: ${{ secrets.FORGE_PROD_ADMIN_DASHBOARD_PASSWORD }}
cloudflare-zone-id: ${{ secrets.FORGE_PROD_CLOUDFLARE_ZONE_ID }}
cloudflare-api-token: ${{ secrets.FORGE_PROD_CLOUDFLARE_API_TOKEN }}

forge-test:
uses: ./.github/workflows/terraform.yml
with:
env: forge-test
workspace: forge-test
network: test
did: did:web:etracker.test.storacha.network
client-egress-usd-per-tib: ${{ vars.FORGE_TEST_CLIENT_EGRESS_USD_PER_TIB }}
provider-egress-usd-per-tib: ${{ vars.FORGE_TEST_PROVIDER_EGRESS_USD_PER_TIB }}
apply: ${{ (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success') || (github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'forge-test') }}
secrets:
aws-account-id: ${{ secrets.FORGE_TEST_AWS_ACCOUNT_ID }}
aws-region: ${{ secrets.FORGE_TEST_AWS_REGION }}
region: ${{ secrets.FORGE_TEST_AWS_REGION }}
private-key: ${{ secrets.FORGE_TEST_PRIVATE_KEY }}
metrics-auth-token: ${{ secrets.FORGE_TEST_METRICS_AUTH_TOKEN }}
admin-dashboard-user: ${{ secrets.FORGE_TEST_ADMIN_DASHBOARD_USER }}
admin-dashboard-password: ${{ secrets.FORGE_TEST_ADMIN_DASHBOARD_PASSWORD }}
cloudflare-zone-id: ${{ secrets.FORGE_TEST_CLOUDFLARE_ZONE_ID }}
cloudflare-api-token: ${{ secrets.FORGE_TEST_CLOUDFLARE_API_TOKEN }}
20 changes: 12 additions & 8 deletions .github/workflows/terraform.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,9 +86,6 @@ jobs:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/terraform-ci

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- uses: opentofu/setup-opentofu@v1

- name: Tofu Init
Expand All @@ -97,17 +94,24 @@ jobs:
make init
working-directory: deploy

- name: Build + Push Docker ECR
run: |
make docker-push
working-directory: deploy

# just plan if !inputs.apply
- name: Terraform Plan
if: ${{ !inputs.apply }}
run: |
make plan
working-directory: deploy

# build and push docker image and apply if inputs.apply
- name: Set up Docker Buildx
if: ${{ inputs.apply }}
uses: docker/setup-buildx-action@v3

- name: Build + Push Docker ECR
if: ${{ inputs.apply }}
run: |
make docker-push
working-directory: deploy

- name: Terraform Apply
if: ${{ inputs.apply }}
run: |
Expand Down
12 changes: 8 additions & 4 deletions .storoku.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,15 +14,18 @@
"secrets": [
{
"name": "ETRACKER_METRICS_AUTH_TOKEN",
"variable": true
"variable": true,
"external": false
},
{
"name": "ETRACKER_ADMIN_DASHBOARD_USER",
"variable": true
"variable": true,
"external": false
},
{
"name": "ETRACKER_ADMIN_DASHBOARD_PASSWORD",
"variable": true
"variable": true,
"external": false
}
],
"tables": [
Expand Down Expand Up @@ -101,7 +104,8 @@
],
"networks": [
"warm",
"forge"
"forge",
"test"
],
"writeToContainer": false
}
13 changes: 13 additions & 0 deletions deploy/.env.production.local.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,19 @@ if [ "$TF_WORKSPACE" == "forge-prod" ]; then
CONSUMER_CUSTOMER_INDEX_NAME="customer"

TRUSTED_AUTHORITIES="did:web:up.forge.storacha.network"
elif [ "$TF_WORKSPACE" == "forge-test" ]; then
STORAGE_PROVIDER_TABLE_NAME="forge-test-w3infra-storage-provider"
STORAGE_PROVIDER_TABLE_REGION="us-west-2"

CUSTOMER_TABLE_NAME="forge-test-w3infra-customer"
CUSTOMER_TABLE_REGION="us-west-2"

CONSUMER_TABLE_NAME="forge-test-w3infra-consumer"
CONSUMER_TABLE_REGION="us-west-2"
CONSUMER_CONSUMER_INDEX_NAME="consumer"
CONSUMER_CUSTOMER_INDEX_NAME="customer"

TRUSTED_AUTHORITIES="did:web:up.test.storacha.network"
else
STORAGE_PROVIDER_TABLE_NAME="staging-warm-upload-api-storage-provider"
STORAGE_PROVIDER_TABLE_REGION="us-east-2"
Expand Down
76 changes: 40 additions & 36 deletions deploy/app/.terraform.lock.hcl
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 6 additions & 6 deletions deploy/app/external.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
locals {
storage_provider_table_name = "${terraform.workspace == "forge-prod" ? "forge-prod-upload-api-storage-provider" : "staging-warm-upload-api-storage-provider"}"
storage_provider_table_region = "${terraform.workspace == "forge-prod" ? "us-west-2" : "us-east-2"}"
storage_provider_table_name = "${terraform.workspace == "forge-test" ? "forge-test-w3infra-storage-provider" : (terraform.workspace == "forge-prod" ? "forge-prod-upload-api-storage-provider" : "staging-warm-upload-api-storage-provider")}"
storage_provider_table_region = "${(terraform.workspace == "forge-prod" || terraform.workspace == "forge-test") ? "us-west-2" : "us-east-2"}"

customer_table_name = "${terraform.workspace == "forge-prod" ? "forge-prod-upload-api-customer" : "staging-warm-upload-api-customer"}"
customer_table_region = "${terraform.workspace == "forge-prod" ? "us-west-2" : "us-east-2"}"
customer_table_name = "${terraform.workspace == "forge-test" ? "forge-test-w3infra-customer" : (terraform.workspace == "forge-prod" ? "forge-prod-upload-api-customer" : "staging-warm-upload-api-customer")}"
customer_table_region = "${(terraform.workspace == "forge-test" || terraform.workspace == "forge-prod") ? "us-west-2" : "us-east-2"}"

consumer_table_name = "${terraform.workspace == "forge-prod" ? "forge-prod-upload-api-consumer" : "staging-warm-upload-api-consumer"}"
consumer_table_region = "${terraform.workspace == "forge-prod" ? "us-west-2" : "us-east-2"}"
consumer_table_name = "${terraform.workspace == "forge-test" ? "forge-test-w3infra-consumer" : (terraform.workspace == "forge-prod" ? "forge-prod-upload-api-consumer" : "staging-warm-upload-api-consumer")}"
consumer_table_region = "${(terraform.workspace == "forge-test" || terraform.workspace == "forge-prod") ? "us-west-2" : "us-east-2"}"
}

provider "aws" {
Expand Down
16 changes: 5 additions & 11 deletions deploy/app/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 5.86.0"
version = ">= 6.0.0"
}
archive = {
source = "hashicorp/archive"
Expand Down Expand Up @@ -31,14 +31,10 @@ provider "aws" {
}
}

# CloudFront is a global service. Certs must be created in us-east-1, where the core ACM infra lives
provider "aws" {
region = "us-east-1"
alias = "acm"
}


module "app" {
source = "github.com/storacha/storoku//app?ref=v0.5.1"
source = "github.com/storacha/storoku//app?ref=v0.6.2"
private_key = var.private_key
private_key_env_var = "ETRACKER_PRIVATE_KEY"
httpport = 8080
Expand Down Expand Up @@ -72,6 +68,8 @@ module "app" {
"ETRACKER_ADMIN_DASHBOARD_USER" = var.admin_dashboard_user
"ETRACKER_ADMIN_DASHBOARD_PASSWORD" = var.admin_dashboard_password
}
# enter external secrets (provisioned out-of-band) here
external_secrets = []
# enter any sqs queues you want to create here
queues = []
caches = []
Expand Down Expand Up @@ -145,10 +143,6 @@ module "app" {
]
buckets = [
]
providers = {
aws = aws
aws.acm = aws.acm
}
env_files = var.env_files
domain_base = var.domain_base
}
Loading
Loading