smartcontractkit · erikburt · Aug 15, 2024 · Aug 5, 2024 · Aug 5, 2024 · Aug 5, 2024
@@ -29,10 +29,13 @@ inputs:
     description: The docker registry
     default: localhost:5001
     required: false
-  # snapshot inputs
-  enable-goreleaser-snapshot:
-    description: Enable goreleaser build / release snapshot
-    default: "false"
+  docker-image-name:
+    description: The docker image name
+    default: chainlink
+    required: false
+  docker-image-tag:
+    description: The docker image tag
+    default: develop
     required: false
   # goreleaser inputs
   goreleaser-exec:
@@ -43,6 +46,17 @@ inputs:
     description: "The goreleaser configuration yaml"
     default: ".goreleaser.yaml"
     required: false
+  enable-goreleaser-snapshot:
+    description: Enable goreleaser build / release snapshot
+    default: "false"
+    required: false
+  enable-goreleaser-split:
+    description: Enable goreleaser split and merge builds
+    default: "false"
+    required: false
+  goreleaser-split-arch:
+    description: The architecture to split the goreleaser build
+    required: false
   # signing inputs
   enable-cosign:
     description: Enable signing of docker images
@@ -57,13 +71,6 @@ inputs:
   cosign-password:
     description: The password to decrypt the cosign private key needed to sign the image
     required: false
-outputs:
-  goreleaser-metadata:
-    description: "Build result metadata"
-    value: ${{ steps.goreleaser.outputs.metadata }}
-  goreleaser-artifacts:
-    description: "Build result artifacts"
-    value: ${{ steps.goreleaser.outputs.artifacts }}
 runs:
   using: composite
   steps:
@@ -97,14 +104,22 @@ runs:
       uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
       with:
         registry: ${{ inputs.docker-registry }}
-    - name: Goreleaser release
-      id: goreleaser
+    - name: Set goreleaser split env
+      if: inputs.enable-goreleaser-split == 'true'
+      shell: bash
+      run: |
+        echo "GOOS=linux" | tee -a $GITHUB_ENV
+        echo "GOARCH=${{ inputs.goreleaser-split-arch }}" | tee -a $GITHUB_ENV
+    - name: Run goreleaser release
       shell: bash
       env:
         ENABLE_COSIGN: ${{ inputs.enable-cosign }}
         ENABLE_GORELEASER_SNAPSHOT: ${{ inputs.enable-goreleaser-snapshot }}
+        ENABLE_GORELEASER_SPLIT: ${{ inputs.enable-goreleaser-split }}
         ENABLE_DOCKER_PUBLISH: ${{ inputs.enable-docker-publish }}
         IMAGE_PREFIX: ${{ inputs.docker-registry }}
+        IMAGE_NAME: ${{ inputs.docker-image-name }}
+        IMAGE_TAG: ${{ inputs.docker-image-tag }}
         GORELEASER_EXEC: ${{ inputs.goreleaser-exec }}
         GORELEASER_CONFIG: ${{ inputs.goreleaser-config }}
         COSIGN_PASSWORD: ${{ inputs.cosign-password }}

@@ -4,6 +4,7 @@ set -euo pipefail
 
 ENABLE_COSIGN=${ENABLE_COSIGN:-false}
 ENABLE_GORELEASER_SNAPSHOT=${ENABLE_GORELEASER_SNAPSHOT:-false}
+ENABLE_GORELEASER_SPLIT=${ENABLE_GORELEASER_SPLIT:-false}
 ENABLE_DOCKER_PUBLISH=${ENABLE_DOCKER_PUBLISH:-false}
 COSIGN_PASSWORD=${COSIGN_PASSWORD:-""}
 GORELEASER_EXEC=${GORELEASER_EXEC:-goreleaser}
@@ -27,8 +28,12 @@ _publish_snapshot_manifests() {
   local docker_manifest_extra_args=$DOCKER_MANIFEST_EXTRA_ARGS
   local full_sha=$(git rev-parse HEAD)
   local images=$(docker images --filter "label=org.opencontainers.image.revision=$full_sha" --format "{{.Repository}}:{{.Tag}}" | sort)
-  local arches=(amd64 arm64)
   local raw_manifest_lists=""
+  if [[ $ENABLE_GORELEASER_SPLIT == "true" ]]; then
+    local arches=(${GOARCH:-""})
+  else
+    local arches=(amd64 arm64)
+  fi
   for image in $images; do
     for arch in "${arches[@]}"; do
       image=${image%"-$arch"}
@@ -51,22 +56,35 @@ _publish_snapshot_manifests() {
 
 # wrapper function to invoke goreleaser release
 goreleaser_release() {
+  goreleaser_flags=()
+
+  # set goreleaser flags
+  if [[ $ENABLE_GORELEASER_SNAPSHOT == "true" ]]; then
+    goreleaser_flags+=("--snapshot")
+    goreleaser_flags+=("--clean")
+  fi
+  if [[ $ENABLE_GORELEASER_SPLIT == "true" ]]; then
+    goreleaser_flags+=("--split")
+  fi
+  flags=$(printf "%s " "${goreleaser_flags[@]}")
+  flags=$(echo "$flags" | sed 's/ *$//')
+
   if [[ $ENABLE_COSIGN == "true" ]]; then
     echo "$COSIGN_PUBLIC_KEY" > cosign.pub
     echo "$COSIGN_PRIVATE_KEY" > cosign.key
   fi
+
   if [[ -n $MACOS_SDK_DIR ]]; then
     MACOS_SDK_DIR=$(echo "$(cd "$(dirname "$MACOS_SDK_DIR")" || exit; pwd)/$(basename "$MACOS_SDK_DIR")")
   fi
-  if [[ $ENABLE_GORELEASER_SNAPSHOT == "true" ]]; then
-    $GORELEASER_EXEC release --snapshot --clean --config "$GORELEASER_CONFIG" "$@"
-    if [[ $ENABLE_DOCKER_PUBLISH == "true" ]]; then
+
+  $GORELEASER_EXEC release ${flags} --config "$GORELEASER_CONFIG" "$@"
+
+  if [[ $ENABLE_DOCKER_PUBLISH == "true" ]]; then
       _publish_snapshot_images
       _publish_snapshot_manifests
-    fi
-  else
-    $GORELEASER_EXEC release --clean --config "$GORELEASER_CONFIG" "$@"
   fi
+
   if [[ $ENABLE_COSIGN == "true" ]]; then
     rm -rf cosign.pub
     rm -rf cosign.key

@@ -0,0 +1,98 @@
+name: "Build and Publish Chainlink"
+
+on:
+  pull_request:
+    types:
+      - labeled
+  push:
+    branches:
+      - develop
+      - "release/**"
+
+jobs:
+  goreleaser-build-publish-chainlink:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    strategy:
+      matrix:
+        goarch: [amd64, arm64]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+
+      - name: Get image tag
+        id: get-image-tag
+        run: |
+          short_sha=$(git rev-parse --short HEAD)
+          echo "build-publish=false" | tee -a $GITHUB_OUTPUT
+          if [[ ${{ github.event_name }} == 'push' ]]; then
+            if [[ ${{ github.ref_name }} == 'release/'* ]]; then
+              echo "image-tag=release-${short_sha}" | tee -a $GITHUB_OUTPUT
+              echo "build-publish=true" | tee -a $GITHUB_OUTPUT
+            else
+              echo "image-tag=develop-${short_sha}" | tee -a $GITHUB_OUTPUT
+              echo "build-publish=true" | tee -a $GITHUB_OUTPUT
+            fi
+          else
+            if [[ ${{ github.event.label.name }} == 'build-publish' ]]; then
+              echo "image-tag=pr-${{ github.event.number }}-${short_sha}" | tee -a $GITHUB_OUTPUT
+              echo "build-publish=true" | tee -a $GITHUB_OUTPUT
+            fi
+          fi
+
+      - name: Configure aws credentials
+        if: steps.get-image-tag.outputs.build-publish == 'true'
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+        with:
+          role-to-assume: ${{ secrets.AWS_OIDC_IAM_ROLE_BUILD_PUBLISH_DEVELOP_PR }}
+          aws-region: ${{ secrets.AWS_REGION }}
+          mask-aws-account-id: true
+          role-session-name: goreleaser-build-publish-chainlink
+
+      - name: Build and publish images
+        if: steps.get-image-tag.outputs.build-publish == 'true'
+        uses: ./.github/actions/goreleaser-build-sign-publish
+        with:
+          enable-docker-publish: "true"
 if [[ $ENABLE_DOCKER_PUBLISH == "true" ]]; then 
     _publish_snapshot_images 
     _publish_snapshot_manifests 
 fi 
           else 
             if [[ ${{ github.event.label.name }} == 'build-publish' ]]; then 
               echo "image-tag=pr-${{ github.event.number }}-${short_sha}" | tee -a $GITHUB_OUTPUT 
               echo "build-publish=true" | tee -a $GITHUB_OUTPUT 
             fi 
           fi 
           echo "build-publish=false" | tee -a $GITHUB_OUTPUT 
 workflow_dispatch: 
   inputs: 
     git_ref: 
       description: "The git ref to check out" 
       required: true 
     build-publish: 
       description: "Whether to build and publish - defaults to just build" 
       required: false 
       default: "false" 
 if [[ $ENABLE_DOCKER_PUBLISH == "true" ]]; then 
     _publish_snapshot_images 
     _publish_snapshot_manifests 
 fi 
           else 
             if [[ ${{ github.event.label.name }} == 'build-publish' ]]; then 
               echo "image-tag=pr-${{ github.event.number }}-${short_sha}" | tee -a $GITHUB_OUTPUT 
               echo "build-publish=true" | tee -a $GITHUB_OUTPUT 
             fi 
           fi 
           echo "build-publish=false" | tee -a $GITHUB_OUTPUT 
 workflow_dispatch: 
   inputs: 
     git_ref: 
       description: "The git ref to check out" 
       required: true 
     build-publish: 
       description: "Whether to build and publish - defaults to just build" 
       required: false 
       default: "false" 
+          docker-registry: ${{ secrets.AWS_SDLC_ECR_HOSTNAME }}
+          docker-image-name: chainlink
+          docker-image-tag: ${{ steps.get-image-tag.outputs.image-tag }}
+          enable-goreleaser-snapshot: "true"
+          enable-goreleaser-split: "true"
+          goreleaser-split-arch: ${{ matrix.goarch }}
+          goreleaser-exec: ./tools/bin/goreleaser_wrapper
+          goreleaser-config: .goreleaser.develop.yaml
+          goreleaser-key: ${{ secrets.GORELEASER_KEY }}
+          zig-version: 0.11.0
+
+      - name: Output image name and digest
+        if: steps.get-image-tag.outputs.build-publish == 'true'
+        shell: bash
+        run: |
+          # need to check if artifacts.json exists because goreleaser splits the build
+          if [[ -f dist/artifacts.json ]]; then
+            artifact_path="dist/artifacts.json"
+          else
+            artifact_path="dist/linux_${{ matrix.goarch }}/artifacts.json"
+            cat dist/linux_${{ matrix.goarch }}/artifacts.json
+          fi
+          echo "### Docker Images" | tee -a "$GITHUB_STEP_SUMMARY"
+          jq -r '.[] | select(.type == "Docker Image") | "`\(.goarch)-image`: \(.name)"' ${artifact_path} >> output.txt
+          jq -r '.[] | select(.type == "Archive") | "`\(.goarch)-digest`: \(.extra.Checksum)"' ${artifact_path} >> output.txt
+          while read -r line; do
+            echo "$line" | tee -a "$GITHUB_STEP_SUMMARY"
+          done < output.txt
+
+      - name: Collect Metrics
+        if: always()
+        id: collect-gha-metrics
+        uses: smartcontractkit/push-gha-metrics-action@d9da21a2747016b3e13de58c7d4115a3d5c97935 # v3.0.1
+        with:
+          id: goreleaser-build-publish
+          org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }}
+          basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }}
+          hostname: ${{ secrets.GRAFANA_INTERNAL_HOST }}
+          this-job-name: goreleaser-build-publish-chainlink (${{ matrix.goarch }})
+        continue-on-error: true