Chore/update GitHub actions (#702)

* chore: update actions/cache to v4.0.2

* chore: update actions/checkout to v4.1.4

* chore: update actions/download-artifact to v4.1.7

* chore: update actions/setup-go to v5.0.1

* chore: update actions/setup-node to v4.0.2

* chore: update actions/upload-artifact to v4.3.3

* chore: update cachix/cachix-action to v14

* chore: update cachix/install-nix-action to v26

* chore: update dawidd6/action-download-artifact to v3.1.4

* chore: update dorny/paths-filter to v3.0.2

* chore: update github/codeql-action/analyze to v3.25.3

* chore: update github/codeql-action/autobuild to v3.25.3

* chore: update github/codeql-action/init to v3.25.3

* chore: update peter-evans/create-pull-request to v6.0.5

* chore: update planetscale/ghcommit-action to v0.1.37

* chore: update reviewdog/action-actionlint to v1.45.0

* chore: update setup-github-token to [email protected]

* chore: update chainlink-testing-framework/* to v2.3.16

* chore: update smartcontractkit/push-gha-metrics-action to v3.0.0

* chore: update softprops/action-gh-release to v2.0.5

* chore: update sonarsource/sonarqube-scan-action to v2.0.2

* chore: update tj-actions/branch-names to v8.0.1

* chore: fix contracts build w/ outdated container

* fix: use should_checkout for build-images

* Use a docker run command to build contracts
This temporarily gets around node issues for building contracts

* update checkout version

* cleanup issues and debug block

* add github workspace arg to script

* Use safe git path within container

* break up the docker commands to use github git diff since it doesn't play nice in the container

* move git install into section where we only do it when running inside of the container

* remove interactive mode

* adjust artifact permissions after docker build for upload

* fix action format error

* fix rust lint and test

* path and lint fixes

* chore: full bump after node20 solana build

* fix: use download-artifact

* fix: comment out container fields

---------

Co-authored-by: Tate <[email protected]>

.github/actions/build-test-image/action.yml

@@ -28,27 +28,27 @@ runs:
   steps:
     - name: Check if image exists
       id: check-image
-      uses: smartcontractkit/chainlink-github-actions/docker/image-exists@336617ae6d70fec60c15cc3382e17a4d2615a801 # v2.2.0
+      uses: smartcontractkit/chainlink-github-actions/docker/image-exists@e29366cdecfe6befff9ab8c3cfe4825218505d58 # v2.3.16
       with:
         repository: chainlink-solana-tests
         tag: ${{ inputs.tag }}
         AWS_REGION: ${{ inputs.QA_AWS_REGION }}
         AWS_ROLE_TO_ASSUME: ${{ inputs.QA_AWS_ROLE_TO_ASSUME }}
     - name: Download Artifacts
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
       with:
         name: artifacts
         path: ${{ inputs.artifacts_path }}
     - name: Get CTF Version
       id: version
-      uses: smartcontractkit/chainlink-github-actions/chainlink-testing-framework/mod-version@92e0f299a87522c2a37bfc4686c4d8a96dc9d28b # v2.3.5
+      uses: smartcontractkit/chainlink-github-actions/chainlink-testing-framework/mod-version@e29366cdecfe6befff9ab8c3cfe4825218505d58 # v2.3.16
       with:
         go-project-path: ./integration-tests
         module-name: github.com/smartcontractkit/chainlink-testing-framework
         enforce-semantic-tag: false
     - name: Build and Publish Test Runner
       if: steps.check-image.outputs.exists == 'false'
-      uses: smartcontractkit/chainlink-github-actions/docker/build-push@336617ae6d70fec60c15cc3382e17a4d2615a801 # v2.2.0
+      uses: smartcontractkit/chainlink-github-actions/docker/build-push@e29366cdecfe6befff9ab8c3cfe4825218505d58 # v2.3.16
       with:
         tags: |
           ${{ inputs.QA_AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ inputs.QA_AWS_REGION }}.amazonaws.com/chainlink-solana-tests:${{ inputs.tag }}

.github/actions/build_contract_artifacts/action.yml

@@ -4,11 +4,51 @@ inputs:
   ref:
     required: false
     description: The chainlink-solana ref to use
+  image:
+    required: false
+    description: docker image to use to build
+  image-version:
+    required: false
+    description: docker image version/tag to use for build
 
 runs:
   using: composite
   steps:
+    - name: Checkout solana
+      uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+      with:
+        repository: smartcontractkit/chainlink-solana
+        ref: ${{ inputs.ref }}
+
+    # temporary docker run to build artifacts
+    - name: Docker Builder
+      if: ${{ inputs.image != '' && inputs.image-version != '' }}
+      env:
+        image: ${{ inputs.image }}
+        image_version: ${{ inputs.image-version }}
+      shell: bash
+      run: |
+        # start container
+        docker run -d -v $(pwd):/repo --name build-container "${image}":"${image_version}" tail -f /dev/null
+        # generate go bindings
+        docker exec build-container bash -c "/repo/scripts/build-contract-artifacts-action.sh"
+        # check go bindings
+        git diff --stat --exit-code
+        # build with keys
+        docker exec build-container bash -c "\
+          export RUSTUP_HOME=\"/root/.rustup\" &&\
+          cd /repo &&\
+          ./scripts/programs-keys-gen.sh &&\
+          cd ./contracts &&\
+          anchor build &&\
+          chown -R $(id -u):$(id -g) /repo"
+        # clean up the container
+        docker stop build-container
+        docker rm build-container
+
+    # should be used again after moving from projectserum/build to backpackapp/build
     - name: Install latest Git version (>= 2.18.0) for actions/checkout
+      if: ${{ inputs.image  == '' && inputs.image-version  == '' }}
       shell: bash
       run: |
         apt-get update
@@ -17,37 +57,37 @@ runs:
         apt update
         apt install git -y
         git config --global --add safe.directory "$GITHUB_WORKSPACE"
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
-      with:
-        repository: smartcontractkit/chainlink-solana
-        ref: ${{ inputs.ref }}
     - name: Setup go
-      uses: actions/setup-go@v4
+      if: ${{ inputs.image  == '' && inputs.image-version  == '' }}
+      uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
       with:
         go-version-file: "go.mod"
         check-latest: true
-    - name: yarn install
-      shell: bash
-      run: yarn install --frozen-lockfile
     - name: Generate build artifacts for go bindings check
+      if: ${{ inputs.image  == '' && inputs.image-version  == '' }}
       shell: bash
       run: anchor build
       working-directory: contracts
     - name: Check generated go bindings are up to date
+      if: ${{ inputs.image  == '' && inputs.image-version  == '' }}
       shell: bash
       run: |
         go install github.com/gagliardetto/[email protected]
         ./scripts/anchor-go-gen.sh
         git diff --stat --exit-code
     - name: Generate program_ids
+      if: ${{ inputs.image  == '' && inputs.image-version  == '' }}
       shell: bash
       run: ./scripts/programs-keys-gen.sh
     - name: Generate build artifacts with custom program_ids
+      if: ${{ inputs.image  == '' && inputs.image-version  == '' }}
       shell: bash
       run: anchor build
       working-directory: contracts
+
+    #save the contracts artifacts
     - name: Upload Artifacts
-      uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
       with:
         name: artifacts
         path: contracts/target/deploy

.github/actions/setup-go/action.yml

@@ -18,15 +18,15 @@ runs:
   using: composite
   steps:
     - name: Set up Go
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
       with:
         go-version-file: ${{ inputs.go-version-file }}
         cache: false
 
     - name: Get branch name
       if: ${{ inputs.only-modules == 'false' }}
       id: branch-name
-      uses: tj-actions/branch-names@2e5354c6733793113f416314375826df030ada23 #v6.5
+      uses: tj-actions/branch-names@6871f53176ad61624f978536bbf089c574dc19a2 # v8.0.1
 
     - name: Set go cache keys
       shell: bash
@@ -40,7 +40,7 @@ runs:
       shell: bash
       run: echo "path=./${{ inputs.go-module-file }}" >> $GITHUB_OUTPUT
 
-    - uses: actions/cache@v3
+    - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
       name: Cache Go Modules
       with:
         path: |
@@ -51,7 +51,7 @@ runs:
         restore-keys: |
           ${{ runner.os }}-gomod-${{ inputs.cache-version }}-
 
-    - uses: actions/cache@v3
+    - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
       if: ${{ inputs.only-modules == 'false' }}
       name: Cache Go Build Outputs
       with:

.github/workflows/codeql-analysis.yml

@@ -38,24 +38,24 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
         with:
           go-version-file: "go.mod"
           check-latest: true
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@39d8d7e78f59cf6b40ac3b9fbebef0c753d7c9e5 # v2.2.2
+        uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
         with:
           languages: ${{ matrix.language }}
 
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@39d8d7e78f59cf6b40ac3b9fbebef0c753d7c9e5 # v2.2.2
+        uses: github/codeql-action/autobuild@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -69,4 +69,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@39d8d7e78f59cf6b40ac3b9fbebef0c753d7c9e5 # v2.2.2
+        uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3

.github/workflows/contract-release.yml

@@ -16,28 +16,33 @@ jobs:
       projectserum_version: ${{ steps.psversion.outputs.projectserum_version }}
     steps:
       - name: Checkout the repo
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
       - name: Get ProjectSerum Version
         id: psversion
         uses: ./.github/actions/projectserum_version
   release-artifacts:
     name: Release Artifacts
     runs-on: ubuntu-latest
     needs: [get_projectserum_version]
-    container:
-      image: projectserum/build:${{ needs.get_projectserum_version.outputs.projectserum_version }}
-      env:
-        RUSTUP_HOME: "/root/.rustup"
+    # container:
+    #   image: projectserum/build:${{ needs.get_projectserum_version.outputs.projectserum_version }}
+    #   env:
+    #     RUSTUP_HOME: "/root/.rustup"
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
       - name: Build Artifacts
-        run: anchor build
+        env:
+          psversion: ${{ needs.get_projectserum_version.outputs.projectserum_version }}
+        run: |
+          docker run -v "$(pwd)":/repo projectserum/build:"${psversion}" bash -c "\
+            anchor build &&\
+            chown -R $(id -u):$(id -g) /repo"
       - name: Generate archive
         run: |
           tar cfvz artifacts.tar.gz target/deploy/*.so target/idl/*
       - name: Create Release
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v2.0.5
         with:
-          files: | 
+          files: |
             contracts/artifacts.tar.gz
             contracts/target/deploy/*.so

.github/workflows/e2e_custom_cl.yml

@@ -25,9 +25,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout sources
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
       - name: Setup go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
         with:
           go-version-file: "go.mod"
           check-latest: true
@@ -42,7 +42,7 @@ jobs:
       projectserum_version: ${{ steps.psversion.outputs.projectserum_version }}
     steps:
       - name: Checkout the repo
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
       - name: Get ProjectSerum Version
         id: psversion
         uses: ./.github/actions/projectserum_version
@@ -55,16 +55,19 @@ jobs:
       contents: read
     runs-on: ubuntu-latest-32cores-128GB
     needs: [get_projectserum_version]
-    container:
-      image: projectserum/build:${{ needs.get_projectserum_version.outputs.projectserum_version }}
-      env:
-        RUSTUP_HOME: "/root/.rustup"
-        FORCE_COLOR: 1
+    # container:
+    #   image: projectserum/build:${{ needs.get_projectserum_version.outputs.projectserum_version }}
+    #   env:
+    #     RUSTUP_HOME: "/root/.rustup"
+    #     FORCE_COLOR: 1
     steps:
       - name: Checkout the repo
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
       - name: Build contracts
         uses: ./.github/actions/build_contract_artifacts
+        with:
+          image: projectserum/build
+          image-version: ${{ needs.get_projectserum_version.outputs.projectserum_version }}
 
   e2e_custom_build_custom_chainlink_image:
     name: E2E Custom Build Custom CL Image
@@ -87,16 +90,17 @@ jobs:
           fi
       - name: Check if image exists
         id: check-image
-        uses: smartcontractkit/chainlink-github-actions/docker/image-exists@ad22fbd6f4d108b82aaf49b527bcf40f32babea8 # v2.2.1
+        uses: smartcontractkit/chainlink-github-actions/docker/image-exists@e29366cdecfe6befff9ab8c3cfe4825218505d58 # v2.3.16
         with:
           repository: chainlink
           tag: solana.${{ env.CUSTOM_CORE_REF || github.event.inputs.cl_branch_ref || github.sha }}
           AWS_REGION: ${{ secrets.QA_AWS_REGION }}
           AWS_ROLE_TO_ASSUME: ${{ secrets.QA_AWS_ROLE_TO_ASSUME }}
       - name: Build Image
         if: steps.check-image.outputs.exists == 'false'
-        uses: smartcontractkit/chainlink-github-actions/chainlink-testing-framework/build-image@d5ab9fe53da374dd789b5d9ef10f3282197e088d # we will want to switch to this once cosmos settles back down 336617ae6d70fec60c15cc3382e17a4d2615a801 # v2.2.0
+        uses: smartcontractkit/chainlink-github-actions/chainlink-testing-framework/build-image@e29366cdecfe6befff9ab8c3cfe4825218505d58 # v2.3.16
         with:
+          should_checkout: true
           cl_repo: smartcontractkit/chainlink
           cl_ref: ${{ env.CUSTOM_CORE_REF || github.event.inputs.cl_branch_ref }}
           dep_solana_sha: ${{ github.event.pull_request.head.sha }}
@@ -127,8 +131,9 @@ jobs:
     steps:
       - name: Collect Metrics
         id: collect-gha-metrics
-        uses: smartcontractkit/push-gha-metrics-action@0281b09807758be1dcc41651e44e62b353808c47 # v2.1.0
+        uses: smartcontractkit/push-gha-metrics-action@dea9b546553cb4ca936607c2267a09c004e4ab3f # v3.0.0
         with:
+          id: e2e_custom_run_smoke_tests
           org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }}
           basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }}
           hostname: ${{ secrets.GRAFANA_INTERNAL_HOST }}
@@ -144,9 +149,9 @@ jobs:
             echo "CUSTOM_CORE_REF=${core_ref}" >> "${GITHUB_ENV}"
           fi
       - name: Checkout the repo
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
       - name: Download Artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
         with:
           name: artifacts
           path: ${{ env.CONTRACT_ARTIFACTS_PATH }}
@@ -167,7 +172,7 @@ jobs:
           # shellcheck disable=SC2086
           echo "BASE64_CONFIG_OVERRIDE=$BASE64_CONFIG_OVERRIDE" >> $GITHUB_ENV
       - name: Run Tests
-        uses: smartcontractkit/chainlink-github-actions/chainlink-testing-framework/run-tests@eccde1970eca69f079d3efb3409938a72ade8497 # v2.2.13
+        uses: smartcontractkit/chainlink-github-actions/chainlink-testing-framework/run-tests@e29366cdecfe6befff9ab8c3cfe4825218505d58 # v2.3.16
         with:
           test_command_to_run: cd ./integration-tests && go test -timeout 24h -count=1 -run TestSolanaOCRV2Smoke -json $(args) ./smoke 2>&1 | tee /tmp/gotest.log | gotestfmt
           test_download_vendor_packages_command: cd ./integration-tests && go mod download