Skip to content

Commit

Permalink
refactor: use only goreleaser to build unsigned chainlink images in o…
Browse files Browse the repository at this point in the history
…ne workflow (smartcontractkit#14034)

* refactor: use only goreleaser to build unsigned chainlink images in one workflow

* fix: use branches-ignore filter instead

* rename and switch runner

* temp switch back name because of env protection rule

* back to use the refactored name

* update goreleaser yaml

* add new docker inputs, rename IMAGE_NAME, add goreleaser build-sign-publish workflow

* add output image name and digest to github summary

* refactor gha workflow names and add output image name and digest to build-develop

* remove unnecessary outputs

* add a git_ref validation job

* temp delete workflows for easier testing

* add if conditional to validate step

* fix metric name and add debug log

* update docker registry

* no goreleaser output since we don't use the goreleaser/action

* remove debug log and use bash shell

* fix formatting

* remove root images from goreleaser yaml

* use custom setup-go

* fix typo

* use tee instead

* add back setup-go and refactor output summary step

* update with new filename and workflow trigger

* fix docker registry input

* remove role-duration input

* change conditional

* revert temp gha workflow delete commit

* sync with origin develop

* refactor trigger based on push and pr label

* fix install remote plugins bug include

* add new docker builds for plugins and update dockerfile

* add goreleaser --split to gha and refactor action_utils script

* fix add shell

* fix metrics job name and publish docker manifest files

* fix image_templates goreleaser

* fix check artifacts.json and metrics name

* fix if not end

* ls -al dist

* add --single-target flag and split checksum

* remove split in checksum

* remove --single-target and update output artifact.json path

* cat artifacts.json

* use ubuntu-latest runner

* update build-publish workflow output summary step

* build on every pr - conditional publish | add workflow_dispatch trigger

* add workflow_dispatch conditional build-publish

* fix typo

* fix typo

* use ubuntu-20.04 runner

* fix conditional

* add comment
  • Loading branch information
momentmaker authored Aug 15, 2024
1 parent 5e99bdb commit e2a8841
Show file tree
Hide file tree
Showing 11 changed files with 283 additions and 290 deletions.
41 changes: 28 additions & 13 deletions .github/actions/goreleaser-build-sign-publish/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,13 @@ inputs:
description: The docker registry
default: localhost:5001
required: false
# snapshot inputs
enable-goreleaser-snapshot:
description: Enable goreleaser build / release snapshot
default: "false"
docker-image-name:
description: The docker image name
default: chainlink
required: false
docker-image-tag:
description: The docker image tag
default: develop
required: false
# goreleaser inputs
goreleaser-exec:
Expand All @@ -43,6 +46,17 @@ inputs:
description: "The goreleaser configuration yaml"
default: ".goreleaser.yaml"
required: false
enable-goreleaser-snapshot:
description: Enable goreleaser build / release snapshot
default: "false"
required: false
enable-goreleaser-split:
description: Enable goreleaser split and merge builds
default: "false"
required: false
goreleaser-split-arch:
description: The architecture to split the goreleaser build
required: false
# signing inputs
enable-cosign:
description: Enable signing of docker images
Expand All @@ -57,13 +71,6 @@ inputs:
cosign-password:
description: The password to decrypt the cosign private key needed to sign the image
required: false
outputs:
goreleaser-metadata:
description: "Build result metadata"
value: ${{ steps.goreleaser.outputs.metadata }}
goreleaser-artifacts:
description: "Build result artifacts"
value: ${{ steps.goreleaser.outputs.artifacts }}
runs:
using: composite
steps:
Expand Down Expand Up @@ -97,14 +104,22 @@ runs:
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: ${{ inputs.docker-registry }}
- name: Goreleaser release
id: goreleaser
- name: Set goreleaser split env
if: inputs.enable-goreleaser-split == 'true'
shell: bash
run: |
echo "GOOS=linux" | tee -a $GITHUB_ENV
echo "GOARCH=${{ inputs.goreleaser-split-arch }}" | tee -a $GITHUB_ENV
- name: Run goreleaser release
shell: bash
env:
ENABLE_COSIGN: ${{ inputs.enable-cosign }}
ENABLE_GORELEASER_SNAPSHOT: ${{ inputs.enable-goreleaser-snapshot }}
ENABLE_GORELEASER_SPLIT: ${{ inputs.enable-goreleaser-split }}
ENABLE_DOCKER_PUBLISH: ${{ inputs.enable-docker-publish }}
IMAGE_PREFIX: ${{ inputs.docker-registry }}
IMAGE_NAME: ${{ inputs.docker-image-name }}
IMAGE_TAG: ${{ inputs.docker-image-tag }}
GORELEASER_EXEC: ${{ inputs.goreleaser-exec }}
GORELEASER_CONFIG: ${{ inputs.goreleaser-config }}
COSIGN_PASSWORD: ${{ inputs.cosign-password }}
Expand Down
32 changes: 25 additions & 7 deletions .github/actions/goreleaser-build-sign-publish/action_utils
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ set -euo pipefail

ENABLE_COSIGN=${ENABLE_COSIGN:-false}
ENABLE_GORELEASER_SNAPSHOT=${ENABLE_GORELEASER_SNAPSHOT:-false}
ENABLE_GORELEASER_SPLIT=${ENABLE_GORELEASER_SPLIT:-false}
ENABLE_DOCKER_PUBLISH=${ENABLE_DOCKER_PUBLISH:-false}
COSIGN_PASSWORD=${COSIGN_PASSWORD:-""}
GORELEASER_EXEC=${GORELEASER_EXEC:-goreleaser}
Expand All @@ -27,8 +28,12 @@ _publish_snapshot_manifests() {
local docker_manifest_extra_args=$DOCKER_MANIFEST_EXTRA_ARGS
local full_sha=$(git rev-parse HEAD)
local images=$(docker images --filter "label=org.opencontainers.image.revision=$full_sha" --format "{{.Repository}}:{{.Tag}}" | sort)
local arches=(amd64 arm64)
local raw_manifest_lists=""
if [[ $ENABLE_GORELEASER_SPLIT == "true" ]]; then
local arches=(${GOARCH:-""})
else
local arches=(amd64 arm64)
fi
for image in $images; do
for arch in "${arches[@]}"; do
image=${image%"-$arch"}
Expand All @@ -51,22 +56,35 @@ _publish_snapshot_manifests() {

# wrapper function to invoke goreleaser release
goreleaser_release() {
goreleaser_flags=()

# set goreleaser flags
if [[ $ENABLE_GORELEASER_SNAPSHOT == "true" ]]; then
goreleaser_flags+=("--snapshot")
goreleaser_flags+=("--clean")
fi
if [[ $ENABLE_GORELEASER_SPLIT == "true" ]]; then
goreleaser_flags+=("--split")
fi
flags=$(printf "%s " "${goreleaser_flags[@]}")
flags=$(echo "$flags" | sed 's/ *$//')

if [[ $ENABLE_COSIGN == "true" ]]; then
echo "$COSIGN_PUBLIC_KEY" > cosign.pub
echo "$COSIGN_PRIVATE_KEY" > cosign.key
fi

if [[ -n $MACOS_SDK_DIR ]]; then
MACOS_SDK_DIR=$(echo "$(cd "$(dirname "$MACOS_SDK_DIR")" || exit; pwd)/$(basename "$MACOS_SDK_DIR")")
fi
if [[ $ENABLE_GORELEASER_SNAPSHOT == "true" ]]; then
$GORELEASER_EXEC release --snapshot --clean --config "$GORELEASER_CONFIG" "$@"
if [[ $ENABLE_DOCKER_PUBLISH == "true" ]]; then

$GORELEASER_EXEC release ${flags} --config "$GORELEASER_CONFIG" "$@"

if [[ $ENABLE_DOCKER_PUBLISH == "true" ]]; then
_publish_snapshot_images
_publish_snapshot_manifests
fi
else
$GORELEASER_EXEC release --clean --config "$GORELEASER_CONFIG" "$@"
fi

if [[ $ENABLE_COSIGN == "true" ]]; then
rm -rf cosign.pub
rm -rf cosign.key
Expand Down
119 changes: 119 additions & 0 deletions .github/workflows/build-publish-develop-pr.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,119 @@
name: "Build and Publish Chainlink"

on:
pull_request:
push:
branches:
- develop
- "release/**"
workflow_dispatch:
inputs:
git_ref:
description: "The git ref to check out"
required: true
build-publish:
description: "Whether to build and publish - defaults to just build"
required: false
default: "false"

env:
GIT_REF: ${{ github.event.inputs.git_ref || github.ref }}

jobs:
goreleaser-build-publish-chainlink:
runs-on: ubuntu-20.04
permissions:
id-token: write
contents: read
strategy:
matrix:
goarch: [amd64, arm64]
steps:
- name: Checkout repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
ref: ${{ env.GIT_REF }}

# This gets the image tag and whether to publish the image based on the event type
# PR builds: pr-<pr_number>-<short_sha> (if label 'build-publish' is present publishes the image)
# develop builds: develop-<short_sha>
# release builds: release-<short_sha>
# manual builds: <short_sha> (if build-publish is true publishes the image)
- name: Get image tag
id: get-image-tag
run: |
short_sha=$(git rev-parse --short HEAD)
echo "build-publish=false" | tee -a $GITHUB_OUTPUT
if [[ ${{ github.event_name }} == 'push' ]]; then
if [[ ${{ github.ref_name }} == 'release/'* ]]; then
echo "image-tag=release-${short_sha}" | tee -a $GITHUB_OUTPUT
echo "build-publish=true" | tee -a $GITHUB_OUTPUT
else
echo "image-tag=develop-${short_sha}" | tee -a $GITHUB_OUTPUT
echo "build-publish=true" | tee -a $GITHUB_OUTPUT
fi
elif [[ ${{ github.event_name }} == 'workflow_dispatch' ]]; then
echo "image-tag=${short_sha}" | tee -a $GITHUB_OUTPUT
echo "build-publish=${{ github.event.inputs.build-publish }}" | tee -a $GITHUB_OUTPUT
else
if [[ ${{ github.event_name }} == "pull_request" ]]; then
echo "image-tag=pr-${{ github.event.number }}-${short_sha}" | tee -a $GITHUB_OUTPUT
if [[ ${{ contains(github.event.pull_request.labels.*.name, 'build-publish') }} == "true" ]]; then
echo "build-publish=true" | tee -a $GITHUB_OUTPUT
fi
fi
fi
- name: Configure aws credentials
if: steps.get-image-tag.outputs.build-publish == 'true'
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: ${{ secrets.AWS_OIDC_IAM_ROLE_BUILD_PUBLISH_DEVELOP_PR }}
aws-region: ${{ secrets.AWS_REGION }}
mask-aws-account-id: true
role-session-name: goreleaser-build-publish-chainlink

- name: Build and publish images
uses: ./.github/actions/goreleaser-build-sign-publish
with:
enable-docker-publish: ${{ steps.get-image-tag.outputs.build-publish }}
docker-registry: ${{ secrets.AWS_SDLC_ECR_HOSTNAME }}
docker-image-name: chainlink
docker-image-tag: ${{ steps.get-image-tag.outputs.image-tag }}
enable-goreleaser-snapshot: "true"
enable-goreleaser-split: "true"
goreleaser-split-arch: ${{ matrix.goarch }}
goreleaser-exec: ./tools/bin/goreleaser_wrapper
goreleaser-config: .goreleaser.develop.yaml
goreleaser-key: ${{ secrets.GORELEASER_KEY }}
zig-version: 0.11.0

- name: Output image name and digest
if: steps.get-image-tag.outputs.build-publish == 'true'
shell: bash
run: |
# need to check if artifacts.json exists because goreleaser splits the build
if [[ -f dist/artifacts.json ]]; then
artifact_path="dist/artifacts.json"
else
artifact_path="dist/linux_${{ matrix.goarch }}/artifacts.json"
cat dist/linux_${{ matrix.goarch }}/artifacts.json
fi
echo "### Docker Images" | tee -a "$GITHUB_STEP_SUMMARY"
jq -r '.[] | select(.type == "Docker Image") | "`\(.goarch)-image`: \(.name)"' ${artifact_path} >> output.txt
jq -r '.[] | select(.type == "Archive") | "`\(.goarch)-digest`: \(.extra.Checksum)"' ${artifact_path} >> output.txt
while read -r line; do
echo "$line" | tee -a "$GITHUB_STEP_SUMMARY"
done < output.txt
- name: Collect Metrics
if: always()
id: collect-gha-metrics
uses: smartcontractkit/push-gha-metrics-action@d9da21a2747016b3e13de58c7d4115a3d5c97935 # v3.0.1
with:
id: goreleaser-build-publish
org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }}
basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }}
hostname: ${{ secrets.GRAFANA_INTERNAL_HOST }}
this-job-name: goreleaser-build-publish-chainlink (${{ matrix.goarch }})
continue-on-error: true
69 changes: 0 additions & 69 deletions .github/workflows/build-publish-develop.yml

This file was deleted.

66 changes: 0 additions & 66 deletions .github/workflows/build-publish-pr.yml

This file was deleted.

Loading

0 comments on commit e2a8841

Please sign in to comment.