diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index a4ada4184f1..00000000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,78 +0,0 @@ -version: 2.1 -jobs: - build-publish-chainlink: - resource_class: 2xlarge - machine: - image: ubuntu-2004:202201-02 - docker_layer_caching: true - steps: - - checkout - - setup-aws-ecr - - run: - name: Docker build - command: | - # If BUILDER is not defined (i.e. the user who submitted the PR is - # probably not on the chainlink team) short circuit this step and - # succed - if [[ -z "$BUILDER" ]]; then - exit 0 - fi - - DOCKER_TAG=circleci BUILDER="${AWS_ECR_URL}/builder" make docker - - run: - name: Docker build non-root - command: | - if [[ -z "$BUILDER" ]]; then - exit 0 - fi - - DOCKER_TAG=circleci-nonroot CHAINLINK_USER=chainlink make docker - - run: - name: Docker push, if applicable - command: | - if [[ -z "$BUILDER" ]]; then - exit 0 - fi - - tools/ci/push_chainlink "${CIRCLE_BRANCH}" "${CIRCLE_TAG}" "${CIRCLE_SHA1}" - -workflows: - version: 2 - test: - jobs: - - build-publish-chainlink: - filters: - tags: - only: /^v.*/ - -commands: - setup-aws-ecr: - description: 'Install aws cli and login to public and private ECR' - steps: - - run: - name: Docker login for ECR using temporary creds - command: | - if [[ -z "$BUILDER" ]]; then - exit 0 - fi - - # Get temporary credentials to access resoures available to specific role - temporaryCredentials=$( - aws sts assume-role \ - --role-arn "${AWS_ROLE_TO_ASSUME}" \ - --role-session-name "cirlceci-${CIRCLE_PROJECT_REPONAME}-${CIRCLE_TAG}" - ) - # Deconstruct json response, extracting aws credentials - accessKeyID=$(echo $temporaryCredentials | jq .Credentials.AccessKeyId | xargs) - secretAccessKey=$(echo $temporaryCredentials | jq .Credentials.SecretAccessKey | xargs) - sessionToken=$(echo $temporaryCredentials | jq .Credentials.SessionToken | xargs) - # Store aws creds in .aws folder - aws configure set aws_access_key_id ${accessKeyID} - aws configure set aws_secret_access_key ${secretAccessKey} - aws configure set aws_session_token ${sessionToken} - # Use temporary keys to get account ID - accountID=$(aws sts get-caller-identity --output text --query 'Account') - # docker cli login to ECR - aws ecr-public get-login-password --region "us-east-1" --profile "default" | docker login --username AWS --password-stdin "public.ecr.aws" - # docker login to private ECR - aws ecr get-login-password --region us-west-2 --profile "default" | docker login --username AWS --password-stdin "${AWS_ECR_URL}" diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml index ddc7aadc741..4bc6dea7300 100644 --- a/.github/workflows/build-publish.yml +++ b/.github/workflows/build-publish.yml @@ -22,7 +22,7 @@ jobs: uses: ./.github/actions/build-sign-publish-chainlink with: publish: true - image-name: test-chainlink + image-name: chainlink aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} diff --git a/.github/workflows/build-unofficial-latest.yml b/.github/workflows/build-unofficial-latest.yml deleted file mode 100644 index dc71f000c23..00000000000 --- a/.github/workflows/build-unofficial-latest.yml +++ /dev/null @@ -1,35 +0,0 @@ -# This builds and publishes a develop.latest image to a private ECR repo. This image is intended only for internal -# testing purposes. -name: Build and Push Unofficial Latest -on: - push: - branches: - - "develop" -jobs: - build-chainlink: - name: Build Chainlink Image - runs-on: ubuntu-latest - steps: - - name: Checkout the repo - uses: actions/checkout@v2 - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ secrets.AWS_REGION }} - role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} - role-duration-seconds: 3600 - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - name: Build and Push - uses: docker/build-push-action@v2 - with: - context: . - file: core/chainlink.Dockerfile - build-args: COMMIT_SHA=${{ github.sha }},ENVIRONMENT=release - tags: 795953128386.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/chainlink:develop.latest - push: true diff --git a/GNUmakefile b/GNUmakefile index 750155d2ee2..d5bdae56e30 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -1,20 +1,11 @@ .DEFAULT_GOAL := build -ENVIRONMENT ?= release - GOPATH ?= $(HOME)/go -REPO := smartcontract/chainlink COMMIT_SHA ?= $(shell git rev-parse HEAD) VERSION = $(shell cat VERSION) GOBIN ?= $(GOPATH)/bin GO_LDFLAGS := $(shell tools/bin/ldflags) GOFLAGS = -ldflags "$(GO_LDFLAGS)" -DOCKERFILE := core/chainlink.Dockerfile -DOCKER_TAG ?= latest -CHAINLINK_USER ?= root - -TAGGED_REPO := $(REPO):$(DOCKER_TAG) -ECR_REPO := "$(AWS_ECR_URL)/chainlink:$(DOCKER_TAG)" .PHONY: install install: operator-ui-autoinstall install-chainlink-autoinstall ## Install chainlink and all its dependencies. @@ -86,21 +77,6 @@ presubmit: gofmt -w ./core go mod tidy -.PHONY: docker -docker: ## Build the docker image. - docker build \ - -f $(DOCKERFILE) \ - --build-arg ENVIRONMENT=$(ENVIRONMENT) \ - --build-arg COMMIT_SHA=$(COMMIT_SHA) \ - --build-arg CHAINLINK_USER=$(CHAINLINK_USER) \ - -t $(TAGGED_REPO) \ - . - -.PHONY: dockerpush -dockerpush: ## Push the docker image to ecr - docker push $(ECR_REPO) - docker push $(ECR_REPO)-nonroot - .PHONY: mockery mockery: $(mockery) go install github.com/vektra/mockery/v2@v2.8.0 diff --git a/tools/ci/branch2tag b/tools/ci/branch2tag deleted file mode 100755 index edffa879e04..00000000000 --- a/tools/ci/branch2tag +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env bash - -set -e - -# Extracts a docker tag from a passed in git branch name -# branch2tag -# ie: -# branch2tag develop -> develop -# branch2tag master -> master -# branch2tag release/explorer -> candidate-explorer -# branch2tag release/explorer-0.1.0 -> candidate-0.1.0 -# branch2tag release/explorer-0.1.0-rc1 -> candidate-0.1.0-rc1 -# branch2tag release/chainlink -> candidate-chainlink -# branch2tag release/0.42.1 -> candidate-0.42.1 -# branch2tag release/0.42.1-rc1 -> candidate-0.42.1-rc1 -# branch2tag hello -> "" - -branch=`echo $1 | awk '{print tolower($0)}'` -if [ "${branch}" = "develop" ]; then - echo develop -elif [ "${branch}" = "master" ]; then - echo latest -elif [[ "${branch}" =~ ^release(s)?\/([^-]+-)?(.+)$ ]]; then - if [ "${BASH_REMATCH[2]}" = "explorer-" ]; then - echo "candidate-${BASH_REMATCH[3]}" - else - echo "candidate-${BASH_REMATCH[2]}${BASH_REMATCH[3]}" - fi -else - echo "" -fi diff --git a/tools/ci/gittag2dockertag b/tools/ci/gittag2dockertag deleted file mode 100755 index 479eed741dc..00000000000 --- a/tools/ci/gittag2dockertag +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/env bash - -set -e - -# Extracts version numbers from a passed in git tag. -# Handles both chainlink and explorer style git tags. -# gittag2dockertag -# i.e: -# gittag2dockertag v0.7.1 -> 0.7.1 -# gittag2dockertag explorer-v0.7.1 -> 0.7.1 - -if [ -z "$1" ] -then - exit 0 # No tag, skip. -fi - -gittag=`echo $1 | awk '{print tolower($0)}'` - -# Extract version from git tags for chainlink releases -# e.g v0.7.1 -> 0.7.1 -if [[ "${gittag}" =~ ^v([a-zA-Z0-9.]+) ]]; then - echo ${BASH_REMATCH[1]} -# Extract version from git tags for explorer releases -# e.g. explorer-v0.7.1 -> 0.7.1 -elif [[ "${gittag}" =~ ^explorer-v([a-zA-Z0-9.]+) ]]; then - echo "${BASH_REMATCH[1]}" -else - echo "unable to deduce docker tag from git tag ${gittag}" - exit 1 -fi diff --git a/tools/ci/push_chainlink b/tools/ci/push_chainlink deleted file mode 100755 index 2318d0494fe..00000000000 --- a/tools/ci/push_chainlink +++ /dev/null @@ -1,72 +0,0 @@ -#!/usr/bin/env bash - -set -ex - -# -# Pushes smartcontract/chainlink:circleci to relevant location based on passed args: -# push_chainlink -# ie: -# push_chainlink master 0.6.9 -# push_chainlink develop -# push_chainlink release/0.6.9 -# -# Ignores anything not matching above. -# Key assumption: local version of smartcontract/chainlink:circleci is the image -# to work with. -# - -# Our registry, hosted on Public ECR. -AWS_ECR_URL=public.ecr.aws/z0b1w9r9 - -if [ -z "$DOCKERHUB_PASS" ]; then - echo "Cannot push to dockerhub, credentials are missing." - exit 1 -fi - -circle_branch="$1" -circle_tag="$2" -circle_sha1="$3" - -PROJECT_ROOT=$(git rev-parse --show-toplevel) -pushd $PROJECT_ROOT >/dev/null - -tag_and_push() { - # ie: docker tag and push smartcontract/chainlink:0.9.1, since DOCKER_TAG=0.9.1 - export DOCKER_TAG=$1 - ( - set -x - docker tag smartcontract/chainlink:circleci smartcontract/chainlink:${DOCKER_TAG} - docker tag smartcontract/chainlink:circleci-nonroot "smartcontract/chainlink:${DOCKER_TAG}-nonroot" - ) - ( - set -x - docker tag smartcontract/chainlink:circleci "${AWS_ECR_URL}/chainlink:${DOCKER_TAG}" - docker tag smartcontract/chainlink:circleci-nonroot "${AWS_ECR_URL}/chainlink:${DOCKER_TAG}-nonroot" - ) - make dockerpush -} - -branch_tag=$(tools/ci/branch2tag ${circle_branch}) # ie: develop, latest, candidate-*, etc. -version_tag=$(tools/ci/gittag2dockertag ${circle_tag}) # aka GIT_TAG. v0.9.1 -> 0.9.1 - -# version tag takes precedence. -if [ -n "${version_tag}" ]; then - # Only if we don't have an explorer tag - if [[ "${circle_tag}" =~ ^explorer-v([a-zA-Z0-9.]+) ]]; then - echo "Skipping publishing for this branch/tag." - else - tag_and_push "$version_tag" - # if version tag, also push latest. - # ie: after pushing smartcontract/chainlink:0.6.9, also update smartcontract/chainlink:latest - tag_and_push "latest.$circle_sha1" - fi -elif [ -n "$branch_tag" ]; then - # Only if we're not on explorer branch - if [[ "${circle_branch}" =~ ^release(s)?\/explorer-(.+)$ ]]; then - echo "Skipping publishing for this branch/tag." - else - tag_and_push "$branch_tag.$circle_sha1" - fi -else - echo "Skipping publishing for this branch/tag." -fi diff --git a/tools/ci/push_image b/tools/ci/push_image deleted file mode 100755 index bd50783475e..00000000000 --- a/tools/ci/push_image +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env bash - -set -ex - -# -# Generic Docker image pusher that follows the same push logic found in push_chainlink -# -# Pushes smartcontract/:circleci to relevant location based on passed args: -# push_image -# ie: -# push_image develop echo_server -# -# Ignores anything not matching above. -# Key assumption: local version of smartcontract/:circleci is the image -# to work with. -# -# Argument is likely one of the following: -# test-external-adapter -# - -if [ -z "$DOCKERHUB_PASS" ] -then - echo "Cannot push to dockerhub, credentials are missing." - exit 1 -fi - -circle_branch="$1" -circle_tag="$2" -image_name="$3" - -tag_and_push() { - # ie: docker tag and push smartcontract/:0.9.1, since DOCKER_TAG=0.9.1 - docker_tag=$1 - docker tag smartcontract/${image_name}:circleci smartcontract/${image_name}:${docker_tag} - docker push smartcontract/${image_name}:${docker_tag} -} - -branch_tag=`tools/ci/branch2tag ${circle_branch}` # ie: develop, latest, candidate-*, etc. -version_tag=`tools/ci/gittag2dockertag ${circle_tag}` # aka GIT_TAG. v0.9.1 -> 0.9.1 - -# version tag takes precedence. -if [ -n "${version_tag}" ]; then - # Only if we don't have an explorer tag - if [[ "${circle_tag}" =~ ^explorer-v([a-zA-Z0-9.]+) ]]; then - echo "Skipping publishing for this branch/tag." - else - tag_and_push "$version_tag" - # if version tag, also push latest. - # ie: after pushing smartcontract/:0.6.9, also update smartcontract/:latest - tag_and_push latest - fi -elif [ -n "$branch_tag" ]; then - # Only if we're not on explorer branch - if [[ "${circle_branch}" =~ ^release(s)?\/explorer-(.+)$ ]]; then - echo "Skipping publishing for this branch/tag." - else - tag_and_push "$branch_tag" - fi -else - echo "Skipping publishing for this branch/tag." -fi