forked from smartcontractkit/chainlink
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
refactor: use only goreleaser to build unsigned chainlink images in o…
…ne workflow (smartcontractkit#14034) * refactor: use only goreleaser to build unsigned chainlink images in one workflow * fix: use branches-ignore filter instead * rename and switch runner * temp switch back name because of env protection rule * back to use the refactored name * update goreleaser yaml * add new docker inputs, rename IMAGE_NAME, add goreleaser build-sign-publish workflow * add output image name and digest to github summary * refactor gha workflow names and add output image name and digest to build-develop * remove unnecessary outputs * add a git_ref validation job * temp delete workflows for easier testing * add if conditional to validate step * fix metric name and add debug log * update docker registry * no goreleaser output since we don't use the goreleaser/action * remove debug log and use bash shell * fix formatting * remove root images from goreleaser yaml * use custom setup-go * fix typo * use tee instead * add back setup-go and refactor output summary step * update with new filename and workflow trigger * fix docker registry input * remove role-duration input * change conditional * revert temp gha workflow delete commit * sync with origin develop * refactor trigger based on push and pr label * fix install remote plugins bug include * add new docker builds for plugins and update dockerfile * add goreleaser --split to gha and refactor action_utils script * fix add shell * fix metrics job name and publish docker manifest files * fix image_templates goreleaser * fix check artifacts.json and metrics name * fix if not end * ls -al dist * add --single-target flag and split checksum * remove split in checksum * remove --single-target and update output artifact.json path * cat artifacts.json * use ubuntu-latest runner * update build-publish workflow output summary step * build on every pr - conditional publish | add workflow_dispatch trigger * add workflow_dispatch conditional build-publish * fix typo * fix typo * use ubuntu-20.04 runner * fix conditional * add comment
- Loading branch information
1 parent
5e99bdb
commit e2a8841
Showing
11 changed files
with
283 additions
and
290 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,119 @@ | ||
name: "Build and Publish Chainlink" | ||
|
||
on: | ||
pull_request: | ||
push: | ||
branches: | ||
- develop | ||
- "release/**" | ||
workflow_dispatch: | ||
inputs: | ||
git_ref: | ||
description: "The git ref to check out" | ||
required: true | ||
build-publish: | ||
description: "Whether to build and publish - defaults to just build" | ||
required: false | ||
default: "false" | ||
|
||
env: | ||
GIT_REF: ${{ github.event.inputs.git_ref || github.ref }} | ||
|
||
jobs: | ||
goreleaser-build-publish-chainlink: | ||
runs-on: ubuntu-20.04 | ||
permissions: | ||
id-token: write | ||
contents: read | ||
strategy: | ||
matrix: | ||
goarch: [amd64, arm64] | ||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 | ||
with: | ||
ref: ${{ env.GIT_REF }} | ||
|
||
# This gets the image tag and whether to publish the image based on the event type | ||
# PR builds: pr-<pr_number>-<short_sha> (if label 'build-publish' is present publishes the image) | ||
# develop builds: develop-<short_sha> | ||
# release builds: release-<short_sha> | ||
# manual builds: <short_sha> (if build-publish is true publishes the image) | ||
- name: Get image tag | ||
id: get-image-tag | ||
run: | | ||
short_sha=$(git rev-parse --short HEAD) | ||
echo "build-publish=false" | tee -a $GITHUB_OUTPUT | ||
if [[ ${{ github.event_name }} == 'push' ]]; then | ||
if [[ ${{ github.ref_name }} == 'release/'* ]]; then | ||
echo "image-tag=release-${short_sha}" | tee -a $GITHUB_OUTPUT | ||
echo "build-publish=true" | tee -a $GITHUB_OUTPUT | ||
else | ||
echo "image-tag=develop-${short_sha}" | tee -a $GITHUB_OUTPUT | ||
echo "build-publish=true" | tee -a $GITHUB_OUTPUT | ||
fi | ||
elif [[ ${{ github.event_name }} == 'workflow_dispatch' ]]; then | ||
echo "image-tag=${short_sha}" | tee -a $GITHUB_OUTPUT | ||
echo "build-publish=${{ github.event.inputs.build-publish }}" | tee -a $GITHUB_OUTPUT | ||
else | ||
if [[ ${{ github.event_name }} == "pull_request" ]]; then | ||
echo "image-tag=pr-${{ github.event.number }}-${short_sha}" | tee -a $GITHUB_OUTPUT | ||
if [[ ${{ contains(github.event.pull_request.labels.*.name, 'build-publish') }} == "true" ]]; then | ||
echo "build-publish=true" | tee -a $GITHUB_OUTPUT | ||
fi | ||
fi | ||
fi | ||
- name: Configure aws credentials | ||
if: steps.get-image-tag.outputs.build-publish == 'true' | ||
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | ||
with: | ||
role-to-assume: ${{ secrets.AWS_OIDC_IAM_ROLE_BUILD_PUBLISH_DEVELOP_PR }} | ||
aws-region: ${{ secrets.AWS_REGION }} | ||
mask-aws-account-id: true | ||
role-session-name: goreleaser-build-publish-chainlink | ||
|
||
- name: Build and publish images | ||
uses: ./.github/actions/goreleaser-build-sign-publish | ||
with: | ||
enable-docker-publish: ${{ steps.get-image-tag.outputs.build-publish }} | ||
docker-registry: ${{ secrets.AWS_SDLC_ECR_HOSTNAME }} | ||
docker-image-name: chainlink | ||
docker-image-tag: ${{ steps.get-image-tag.outputs.image-tag }} | ||
enable-goreleaser-snapshot: "true" | ||
enable-goreleaser-split: "true" | ||
goreleaser-split-arch: ${{ matrix.goarch }} | ||
goreleaser-exec: ./tools/bin/goreleaser_wrapper | ||
goreleaser-config: .goreleaser.develop.yaml | ||
goreleaser-key: ${{ secrets.GORELEASER_KEY }} | ||
zig-version: 0.11.0 | ||
|
||
- name: Output image name and digest | ||
if: steps.get-image-tag.outputs.build-publish == 'true' | ||
shell: bash | ||
run: | | ||
# need to check if artifacts.json exists because goreleaser splits the build | ||
if [[ -f dist/artifacts.json ]]; then | ||
artifact_path="dist/artifacts.json" | ||
else | ||
artifact_path="dist/linux_${{ matrix.goarch }}/artifacts.json" | ||
cat dist/linux_${{ matrix.goarch }}/artifacts.json | ||
fi | ||
echo "### Docker Images" | tee -a "$GITHUB_STEP_SUMMARY" | ||
jq -r '.[] | select(.type == "Docker Image") | "`\(.goarch)-image`: \(.name)"' ${artifact_path} >> output.txt | ||
jq -r '.[] | select(.type == "Archive") | "`\(.goarch)-digest`: \(.extra.Checksum)"' ${artifact_path} >> output.txt | ||
while read -r line; do | ||
echo "$line" | tee -a "$GITHUB_STEP_SUMMARY" | ||
done < output.txt | ||
- name: Collect Metrics | ||
if: always() | ||
id: collect-gha-metrics | ||
uses: smartcontractkit/push-gha-metrics-action@d9da21a2747016b3e13de58c7d4115a3d5c97935 # v3.0.1 | ||
with: | ||
id: goreleaser-build-publish | ||
org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }} | ||
basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }} | ||
hostname: ${{ secrets.GRAFANA_INTERNAL_HOST }} | ||
this-job-name: goreleaser-build-publish-chainlink (${{ matrix.goarch }}) | ||
continue-on-error: true |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.