-
Notifications
You must be signed in to change notification settings - Fork 51
167 lines (151 loc) · 5.83 KB
/
build-publish-develop-pr.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
name: "Build and Publish GoReleaser"
on:
pull_request:
# The default types are opened, synchronize, and reopened
# See https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#pull_request
# We add a label trigger too, since when the build-publish label is added to a PR, we want to build and publish
types:
- opened
- synchronize
- reopened
- labeled
push:
branches:
- develop
workflow_dispatch:
inputs:
git_ref:
description: "The git ref to check out"
required: true
build-publish:
description: "Whether to build and publish - defaults to just build"
required: false
default: "false"
env:
GIT_REF: ${{ github.event.inputs.git_ref || github.ref }}
jobs:
merge:
runs-on: ubuntu-latest
needs: [split, image-tag]
if: ${{ needs.image-tag.outputs.release-type == 'nightly' }}
permissions:
id-token: write
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
ref: ${{ env.GIT_REF }}
- name: Configure aws credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: ${{ secrets.AWS_OIDC_IAM_ROLE_PUBLISH_PR_ARN }}
aws-region: ${{ secrets.AWS_REGION }}
mask-aws-account-id: true
role-session-name: "merge"
- uses: actions/cache/restore@v4
with:
path: dist/linux_amd64_v1
key: chainlink-amd64-${{ github.sha }}
fail-on-cache-miss: true
- uses: actions/cache/restore@v4
with:
path: dist/linux_arm64
key: chainlink-arm64-${{ github.sha }}
fail-on-cache-miss: true
- name: Merge images for both architectures
uses: ./.github/actions/goreleaser-build-sign-publish
with:
docker-registry: ${{ secrets.AWS_SDLC_ECR_HOSTNAME }}
docker-image-tag: ${{ needs.image-tag.outputs.image-tag }}
goreleaser-release-type: "merge"
goreleaser-config: .goreleaser.develop.yaml
goreleaser-key: ${{ secrets.GORELEASER_KEY }}
split:
name: "split-${{ matrix.goarch }}"
needs: image-tag
runs-on: ${{ matrix.runner }}
permissions:
id-token: write
contents: read
strategy:
fail-fast: false
matrix:
include:
- runner: ubuntu-latest
goarch: amd64
dist_name: linux_amd64_v1
- runner: ubuntu-24.04-4cores-16GB-ARM
goarch: arm64
dist_name: linux_arm64
steps:
- name: Checkout repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
ref: ${{ env.GIT_REF }}
fetch-depth: 0
- name: Configure aws credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: ${{ secrets.AWS_OIDC_IAM_ROLE_PUBLISH_PR_ARN }}
aws-region: ${{ secrets.AWS_REGION }}
mask-aws-account-id: true
role-session-name: "split-${{ matrix.goarch }}"
- id: cache
uses: actions/cache@v4
with:
path: dist/${{ matrix.dist_name }}
key: chainlink-${{ matrix.goarch }}-${{ github.sha }}
- name: Build images for ${{ matrix.goarch }}
uses: ./.github/actions/goreleaser-build-sign-publish
if: steps.cache.outputs.cache-hit != 'true'
with:
docker-registry: ${{ secrets.AWS_SDLC_ECR_HOSTNAME }}
docker-image-tag: ${{ needs.image-tag.outputs.image-tag }}
goreleaser-release-type: ${{ needs.image-tag.outputs.release-type }}
goreleaser-config: .goreleaser.develop.yaml
goreleaser-key: ${{ secrets.GORELEASER_KEY }}
- name: Collect Metrics
if: always()
id: collect-gha-metrics
uses: smartcontractkit/push-gha-metrics-action@d9da21a2747016b3e13de58c7d4115a3d5c97935 # v3.0.1
with:
id: goreleaser-build-publish
org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }}
basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }}
hostname: ${{ secrets.GRAFANA_INTERNAL_HOST }}
this-job-name: "split-${{ matrix.goarch }}"
continue-on-error: true
image-tag:
runs-on: ubuntu-latest
outputs:
image-tag: ${{ steps.get-image-tag.outputs.image-tag }}
release-type: ${{ steps.get-image-tag.outputs.release-type }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
ref: ${{ env.GIT_REF }}
- name: Get image tag
id: get-image-tag
run: |
short_sha=$(git rev-parse --short HEAD)
echo "release-type=snapshot" | tee -a $GITHUB_OUTPUT
if [[ ${{ github.event_name }} == 'push' ]]; then
echo "image-tag=develop" | tee -a $GITHUB_OUTPUT
echo "release-type=nightly" | tee -a $GITHUB_OUTPUT
elif [[ ${{ github.event_name }} == 'workflow_dispatch' ]]; then
echo "image-tag=${short_sha}" | tee -a $GITHUB_OUTPUT
if [[ "${{ inputs.build-publish }}" == 'false' ]]; then
echo "release-type=snapshot" | tee -a $GITHUB_OUTPUT
else
echo "release-type=nightly" | tee -a $GITHUB_OUTPUT
fi
else
if [[ ${{ github.event_name }} == "pull_request" ]]; then
echo "image-tag=pr-${{ github.event.number }}-${short_sha}" | tee -a $GITHUB_OUTPUT
if [[ ${{ contains(github.event.pull_request.labels.*.name, 'build-publish') }} == "true" ]]; then
echo "release-type=nightly" | tee -a $GITHUB_OUTPUT
fi
fi
fi