Reusable CI actions #3
Conversation
| aws-role-arn-gati: ${{ secrets.AWS_OIDC_IAM_ROLE_ARN_GATI }} | ||
| aws-lambda-url-gati: ${{ secrets.AWS_LAMBDA_URL_GATI }} |
There was a problem hiding this comment.
The reason why mercury uses GATI is because it has to pull the private go dep gokit. Does this repo use any private packages from the smartcontractkit org in GH? If not, we can forego these.
There was a problem hiding this comment.
Can also remove the inputs:
- aws-region
- use-gati (defaults to false)
| golangci-lint-version: "v1.53.2" | ||
| golangci-lint-args: --out-format checkstyle:golangci-lint-report.xml ${{ needs.init.outputs.lint_args_packages }} | ||
|
|
||
| ci-lint-charts: |
There was a problem hiding this comment.
This is for helm charts (kubernetes). If you don't have any in this repo, you can remove this job enitrely.
| permissions: | ||
| id-token: write | ||
| contents: read | ||
| actions: read |
There was a problem hiding this comment.
If we don't need GATI, we can remove this entirely too. These allow us to assume IAM roles in AWS via GitHub's OIDC provider in AWS.
There was a problem hiding this comment.
By entirely you mean the permissions section?
There was a problem hiding this comment.
Yeah, the default perms should work if we're not needing to assume an AWS IAM role.
| # aws inputs | ||
| aws-region: ${{ secrets.AWS_REGION }} | ||
| # gati inputs | ||
| use-gati: "true" | ||
| aws-role-arn-gati: ${{ secrets.AWS_OIDC_IAM_ROLE_ARN_GATI }} | ||
| aws-lambda-url-gati: ${{ secrets.AWS_LAMBDA_URL_GATI }} |
There was a problem hiding this comment.
Consider removing these if removing in the other action.
| uses: smartcontractkit/.github/actions/cicd-build-publish-artifacts-go@main | ||
| with: | ||
| # general inputs | ||
| app-name: mercury-pipeline-${{ matrix.package }} |
There was a problem hiding this comment.
| app-name: mercury-pipeline-${{ matrix.package }} | |
| app-name: chainlink-feeds-${{ matrix.package }} |
.github/workflows/push-master.yml
Outdated
| aws-region: ${{ secrets.AWS_REGION }} | ||
| # gati inputs | ||
| use-gati: "true" | ||
| aws-role-arn-gati: ${{ secrets.AWS_OIDC_IAM_ROLE_ARN_GATI }} | ||
| aws-lambda-url-gati: ${{ secrets.AWS_LAMBDA_URL_GATI }} |
.github/workflows/push-master.yml
Outdated
| # aws inputs | ||
| aws-region: ${{ secrets.AWS_REGION }} | ||
| # gati inputs | ||
| use-gati: "true" | ||
| aws-role-arn-gati: ${{ secrets.AWS_OIDC_IAM_ROLE_ARN_GATI }} | ||
| aws-lambda-url-gati: ${{ secrets.AWS_LAMBDA_URL_GATI }} |
| gc-host: ${{ secrets.GRAFANA_CLOUD_HOST }} | ||
| # aws inputs | ||
| aws-region: ${{ secrets.AWS_REGION }} | ||
| aws-role-arn: ${{ secrets.AWS_OIDC_IAM_ROLE_ARN }} |
There was a problem hiding this comment.
We need this if pushing docker images to AWS ECR
.github/workflows/push-master.yml
Outdated
| git-user: app-token-issuer-data-feeds[bot] | ||
| git-email: app-token-issuer-data-feeds[bot]@users.noreply.github.com |
There was a problem hiding this comment.
Need to change to a foundations bot?
.github/workflows/push-master.yml
Outdated
| pnpm-use-cache: false | ||
| # aws inputs | ||
| aws-region: ${{ secrets.AWS_REGION }} | ||
| aws-role-arn: ${{ secrets.AWS_ROLE_ARN_GATI_CHANGESETS }} |
There was a problem hiding this comment.
Will need to setup a GATI to allow changesets to push git tags/create releases/etc
No description provided.