Skip to content

Commit

Permalink
update build-publish for ccip prod
Browse files Browse the repository at this point in the history
  • Loading branch information
@momentmaker
momentmaker committed Sep 18, 2024
1 parent 8c13341 commit d76dd1a
Show file tree
Hide file tree
Showing 2 changed files with 251 additions and 10 deletions.
32 changes: 22 additions & 10 deletions .github/workflows/build-publish.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,15 +98,27 @@ jobs:
mask-aws-account-id: true
role-session-name: goreleaser-build-sign-publish-chainlink

- name: Set build configs
shell: bash
id: set-build-configs
run: |
if [[ ${{ github.ref_name }} =~ "-ccip" ]]; then
echo "ECR_IMAGE_NAME=chainlink/ccip" | tee -a $GITHUB_OUTPUT
echo "GORELEASER_CONFIG=.goreleaser.ccip.production.yaml" | tee -a $GITHUB_OUTPUT
else
echo "ECR_IMAGE_NAME=chainlink/chainlink" | tee -a $GITHUB_OUTPUT
echo "GORELEASER_CONFIG=.goreleaser.production.yaml" | tee -a $GITHUB_OUTPUT
fi
- name: Build, sign, and publish image
id: goreleaser-build-sign-publish
uses: ./.github/actions/goreleaser-build-sign-publish
with:
docker-registry: ${{ env.ECR_HOSTNAME}}
docker-image-name: ${{ env.ECR_IMAGE_NAME }}
docker-image-name: ${{ steps.set-build-configs.outputs.ECR_IMAGE_NAME }}
docker-image-tag: ${{ github.ref_name }}
goreleaser-exec: ./tools/bin/goreleaser_wrapper
goreleaser-config: .goreleaser.production.yaml
goreleaser-config: ${{ steps.set-build-configs.outputs.GORELEASER_CONFIG }}
goreleaser-key: ${{ secrets.GORELEASER_KEY }}
zig-version: 0.11.0
enable-cosign: true
Expand All @@ -124,10 +136,10 @@ jobs:
echo "$line" | tee -a "$GITHUB_STEP_SUMMARY"
done < output.txt
core_amd64_name="${{ env.ECR_HOSTNAME }}/${{ env.ECR_IMAGE_NAME }}:${{ github.ref_name }}-amd64"
plugins_amd64_name="${{ env.ECR_HOSTNAME }}/${{ env.ECR_IMAGE_NAME }}:${{ github.ref_name }}-plugins-amd64"
core_arm64_name="${{ env.ECR_HOSTNAME }}/${{ env.ECR_IMAGE_NAME }}:${{ github.ref_name }}-arm64"
plugins_arm64_name="${{ env.ECR_HOSTNAME }}/${{ env.ECR_IMAGE_NAME }}:${{ github.ref_name }}-plugins-arm64"
core_amd64_name="${{ env.ECR_HOSTNAME }}/${{ steps.set-build-configs.outputs.ECR_IMAGE_NAME }}:${{ github.ref_name }}-amd64"
plugins_amd64_name="${{ env.ECR_HOSTNAME }}/${{ steps.set-build-configs.outputs.ECR_IMAGE_NAME }}:${{ github.ref_name }}-plugins-amd64"
core_arm64_name="${{ env.ECR_HOSTNAME }}/${{ steps.set-build-configs.outputs.ECR_IMAGE_NAME }}:${{ github.ref_name }}-arm64"
plugins_arm64_name="${{ env.ECR_HOSTNAME }}/${{ steps.set-build-configs.outputs.ECR_IMAGE_NAME }}:${{ github.ref_name }}-plugins-arm64"
echo "core_amd64_digest=$(jq -r --arg name "$core_amd64_name" '.[]|select(.type=="Published Docker Image" and .name==$name)|.extra.Digest' ${artifact_path})" | tee -a "$GITHUB_OUTPUT" "$GITHUB_STEP_SUMMARY"
echo "plugins_amd64_digest=$(jq -r --arg name "$plugins_amd64_name" '.[]|select(.type=="Published Docker Image" and .name==$name)|.extra.Digest' ${artifact_path})" | tee -a "$GITHUB_OUTPUT" "$GITHUB_STEP_SUMMARY"
Expand All @@ -143,28 +155,28 @@ jobs:
uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2
with:
subject-digest: ${{ steps.get-image-name-digest.outputs.core_amd64_digest }}
subject-name: ${{ env.ECR_HOSTNAME }}/${{ env.ECR_IMAGE_NAME }}
subject-name: ${{ env.ECR_HOSTNAME }}/${{ steps.set-build-configs.outputs.ECR_IMAGE_NAME }}
push-to-registry: true

- name: Attest Docker image (plugins-amd64)
uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2
with:
subject-digest: ${{ steps.get-image-name-digest.outputs.plugins_amd64_digest }}
subject-name: ${{ env.ECR_HOSTNAME }}/${{ env.ECR_IMAGE_NAME }}
subject-name: ${{ env.ECR_HOSTNAME }}/${{ steps.set-build-configs.outputs.ECR_IMAGE_NAME }}
push-to-registry: true

- name: Attest Docker image (core-arm64)
uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2
with:
subject-digest: ${{ steps.get-image-name-digest.outputs.core_arm64_digest }}
subject-name: ${{ env.ECR_HOSTNAME }}/${{ env.ECR_IMAGE_NAME }}
subject-name: ${{ env.ECR_HOSTNAME }}/${{ steps.set-build-configs.outputs.ECR_IMAGE_NAME }}
push-to-registry: true

- name: Attest Docker image (plugins-arm64)
uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2
with:
subject-digest: ${{ steps.get-image-name-digest.outputs.plugins_arm64_digest }}
subject-name: ${{ env.ECR_HOSTNAME }}/${{ env.ECR_IMAGE_NAME }}
subject-name: ${{ env.ECR_HOSTNAME }}/${{ steps.set-build-configs.outputs.ECR_IMAGE_NAME }}
push-to-registry: true

- name: Upload SBOMs
Expand Down
229 changes: 229 additions & 0 deletions .goreleaser.ccip.production.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,229 @@
project_name: chainlink

version: 2

env:
- ZIG_EXEC={{ if index .Env "ZIG_EXEC" }}{{ .Env.ZIG_EXEC }}{{ else }}zig{{ end }}
- IMAGE_PREFIX={{ if index .Env "IMAGE_PREFIX" }}{{ .Env.IMAGE_PREFIX }}{{ else }}localhost:5001{{ end }}
- IMAGE_NAME={{ if index .Env "IMAGE_NAME" }}{{ .Env.IMAGE_NAME }}{{ else }}chainlink{{ end }}
- IMAGE_TAG={{ if index .Env "IMAGE_TAG" }}{{ .Env.IMAGE_TAG }}{{ else }}develop{{ end }}
- IMAGE_LABEL_DESCRIPTION="node of the decentralized oracle network, bridging on and off-chain computation"
- IMAGE_LABEL_LICENSES="MIT"
- IMAGE_LABEL_SOURCE="https://github.com/smartcontractkit/{{ .ProjectName }}"

before:
hooks:
- go mod tidy
- ./tools/bin/goreleaser_utils before_hook

# See https://goreleaser.com/customization/build/
builds:
- binary: chainlink
id: linux-arm64
goos:
- linux
goarch:
- arm64
hooks:
post: ./tools/bin/goreleaser_utils build_post_hook {{ dir .Path }} {{ .Os }} {{ .Arch }}
env:
- CGO_ENABLED=1
- CC=$ZIG_EXEC cc -target aarch64-linux-gnu
- CCX=$ZIG_EXEC c++ -target aarch64-linux-gnu
flags:
- -trimpath
- -buildmode=pie
ldflags:
- -s -w -r=$ORIGIN/libs
- -X github.com/smartcontractkit/chainlink/v2/core/static.Version={{ .Env.CHAINLINK_VERSION }}
- -X github.com/smartcontractkit/chainlink/v2/core/static.Sha={{ .FullCommit }}
- binary: chainlink
id: linux-amd64
goos:
- linux
goarch:
- amd64
hooks:
post: ./tools/bin/goreleaser_utils build_post_hook {{ dir .Path }} {{ .Os }} {{ .Arch }}
env:
- CGO_ENABLED=1
- CC=$ZIG_EXEC cc -target x86_64-linux-gnu
- CCX=$ZIG_EXEC c++ -target x86_64-linux-gnu
flags:
- -trimpath
- -buildmode=pie
ldflags:
- -s -w -r=$ORIGIN/libs
- -X github.com/smartcontractkit/chainlink/v2/core/static.Version={{ .Env.CHAINLINK_VERSION }}
- -X github.com/smartcontractkit/chainlink/v2/core/static.Sha={{ .FullCommit }}

# See https://goreleaser.com/customization/docker/
dockers:
- id: linux-amd64
dockerfile: core/chainlink.goreleaser.Dockerfile
use: buildx
goos: linux
goarch: amd64
extra_files:
- tmp/linux_amd64/libs
- tools/bin/ldd_fix
- ccip/config
build_flag_templates:
- "--platform=linux/amd64"
- "--pull"
- "--build-arg=CHAINLINK_USER=chainlink"
- "--build-arg=COMMIT_SHA={{ .FullCommit }}"
- "--build-arg=CL_CHAIN_DEFAULTS=/chainlink/ccip-config"
- "--label=org.opencontainers.image.created={{ .Date }}"
- "--label=org.opencontainers.image.description={{ .Env.IMAGE_LABEL_DESCRIPTION }}"
- "--label=org.opencontainers.image.licenses={{ .Env.IMAGE_LABEL_LICENSES }}"
- "--label=org.opencontainers.image.revision={{ .FullCommit }}"
- "--label=org.opencontainers.image.source={{ .Env.IMAGE_LABEL_SOURCE }}"
- "--label=org.opencontainers.image.title={{ .ProjectName }}"
- "--label=org.opencontainers.image.version={{ .Env.CHAINLINK_VERSION }}"
- "--label=org.opencontainers.image.url={{ .Env.IMAGE_LABEL_SOURCE }}"
image_templates:
- "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:{{ .Env.IMAGE_TAG }}-amd64"
- "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:sha-{{ .ShortCommit }}-amd64"
- id: linux-arm64
dockerfile: core/chainlink.goreleaser.Dockerfile
use: buildx
goos: linux
goarch: arm64
extra_files:
- tmp/linux_arm64/libs
- tools/bin/ldd_fix
- ccip/config
build_flag_templates:
- "--platform=linux/arm64"
- "--pull"
- "--build-arg=CHAINLINK_USER=chainlink"
- "--build-arg=COMMIT_SHA={{ .FullCommit }}"
- "--build-arg=CL_CHAIN_DEFAULTS=/chainlink/ccip-config"
- "--label=org.opencontainers.image.created={{ .Date }}"
- "--label=org.opencontainers.image.description={{ .Env.IMAGE_LABEL_DESCRIPTION }}"
- "--label=org.opencontainers.image.licenses={{ .Env.IMAGE_LABEL_LICENSES }}"
- "--label=org.opencontainers.image.revision={{ .FullCommit }}"
- "--label=org.opencontainers.image.source={{ .Env.IMAGE_LABEL_SOURCE }}"
- "--label=org.opencontainers.image.title={{ .ProjectName }}"
- "--label=org.opencontainers.image.version={{ .Env.CHAINLINK_VERSION }}"
- "--label=org.opencontainers.image.url={{ .Env.IMAGE_LABEL_SOURCE }}"
image_templates:
- "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:{{ .Env.IMAGE_TAG }}-arm64"
- "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:sha-{{ .ShortCommit }}-arm64"
- id: linux-amd64-plugins
dockerfile: core/chainlink.goreleaser.Dockerfile
use: buildx
goos: linux
goarch: amd64
extra_files:
- tmp/linux_amd64/libs
- tmp/linux_amd64/plugins
- tools/bin/ldd_fix
- ccip/config
build_flag_templates:
- "--platform=linux/amd64"
- "--pull"
- "--build-arg=CHAINLINK_USER=chainlink"
- "--build-arg=COMMIT_SHA={{ .FullCommit }}"
- "--build-arg=CL_MEDIAN_CMD=chainlink-feeds"
- "--build-arg=CL_MERCURY_CMD=chainlink-mercury"
- "--build-arg=CL_SOLANA_CMD=chainlink-solana"
- "--build-arg=CL_STARKNET_CMD=chainlink-starknet"
- "--build-arg=CL_CHAIN_DEFAULTS=/chainlink/ccip-config"
- "--label=org.opencontainers.image.created={{ .Date }}"
- "--label=org.opencontainers.image.description={{ .Env.IMAGE_LABEL_DESCRIPTION }}"
- "--label=org.opencontainers.image.licenses={{ .Env.IMAGE_LABEL_LICENSES }}"
- "--label=org.opencontainers.image.revision={{ .FullCommit }}"
- "--label=org.opencontainers.image.source={{ .Env.IMAGE_LABEL_SOURCE }}"
- "--label=org.opencontainers.image.title={{ .ProjectName }}"
- "--label=org.opencontainers.image.version={{ .Env.CHAINLINK_VERSION }}"
- "--label=org.opencontainers.image.url={{ .Env.IMAGE_LABEL_SOURCE }}"
image_templates:
- "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:{{ .Env.IMAGE_TAG }}-plugins-amd64"
- "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:sha-{{ .ShortCommit }}-plugins-amd64"
- id: linux-arm64-plugins
dockerfile: core/chainlink.goreleaser.Dockerfile
use: buildx
goos: linux
goarch: arm64
extra_files:
- tmp/linux_arm64/libs
- tmp/linux_arm64/plugins
- tools/bin/ldd_fix
- ccip/config
build_flag_templates:
- "--platform=linux/arm64"
- "--pull"
- "--build-arg=CHAINLINK_USER=chainlink"
- "--build-arg=COMMIT_SHA={{ .FullCommit }}"
- "--build-arg=CL_MEDIAN_CMD=chainlink-feeds"
- "--build-arg=CL_MERCURY_CMD=chainlink-mercury"
- "--build-arg=CL_SOLANA_CMD=chainlink-solana"
- "--build-arg=CL_STARKNET_CMD=chainlink-starknet"
- "--build-arg=CL_CHAIN_DEFAULTS=/chainlink/ccip-config"
- "--label=org.opencontainers.image.created={{ .Date }}"
- "--label=org.opencontainers.image.description={{ .Env.IMAGE_LABEL_DESCRIPTION }}"
- "--label=org.opencontainers.image.licenses={{ .Env.IMAGE_LABEL_LICENSES }}"
- "--label=org.opencontainers.image.revision={{ .FullCommit }}"
- "--label=org.opencontainers.image.source={{ .Env.IMAGE_LABEL_SOURCE }}"
- "--label=org.opencontainers.image.title={{ .ProjectName }}"
- "--label=org.opencontainers.image.version={{ .Env.CHAINLINK_VERSION }}"
- "--label=org.opencontainers.image.url={{ .Env.IMAGE_LABEL_SOURCE }}"
image_templates:
- "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:{{ .Env.IMAGE_TAG }}-plugins-arm64"
- "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:sha-{{ .ShortCommit }}-plugins-arm64"

# See https://goreleaser.com/customization/docker_manifest/
docker_manifests:
- name_template: "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:{{ .Env.IMAGE_TAG }}"
image_templates:
- "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:{{ .Env.IMAGE_TAG }}-amd64"
- "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:{{ .Env.IMAGE_TAG }}-arm64"
- name_template: "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:sha-{{ .ShortCommit }}"
image_templates:
- "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:sha-{{ .ShortCommit }}-amd64"
- "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:sha-{{ .ShortCommit }}-arm64"
- name_template: "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:{{ .Env.IMAGE_TAG }}-plugins"
image_templates:
- "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:{{ .Env.IMAGE_TAG }}-plugins-amd64"
- "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:{{ .Env.IMAGE_TAG }}-plugins-arm64"
- name_template: "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:sha-{{ .ShortCommit }}-plugins"
image_templates:
- "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:sha-{{ .ShortCommit }}-plugins-amd64"
- "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:sha-{{ .ShortCommit }}-plugins-arm64"

# See https://goreleaser.com/customization/docker_sign/
docker_signs:
- artifacts: all
args:
- "sign"
- "${artifact}"
- "--yes"

checksum:
name_template: "checksums.txt"

# See https://goreleaser.com/customization/sbom
sboms:
- artifacts: archive

snapshot:
version_template: "{{ .Env.CHAINLINK_VERSION }}-{{ .ShortCommit }}"

partial:
by: target

# See https://goreleaser.com/customization/release/
release:
disable: true

changelog:
sort: asc
filters:
exclude:
- "^docs:"
- "^test:"
# modelines, feel free to remove those if you don't want/use them:
# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
# vim: set ts=2 sw=2 tw=0 fo=cnqoj

0 comments on commit d76dd1a

Please sign in to comment.